feat: implement firewall priority in iap-tunneling module (#216)

Author: mwielgosz-esky

modules/iap-tunneling/README.md

@@ -89,6 +89,7 @@ the necessary APIs enabled.
 | additional\_ports | A list of additional ports/ranges to open access to on the instances from IAP. | `list(string)` | `[]` | no |
 | create\_firewall\_rule | If we need to create the firewall rule or not. | `bool` | `true` | no |
 | fw\_name\_allow\_ssh\_from\_iap | Firewall rule name for allowing SSH from IAP. | `string` | `"allow-ssh-from-iap-to-tunnel"` | no |
+| fw\_priority | Firewall rule priority for allowing SSH from IAP. | `number` | `null` | no |
 | host\_project | The network host project ID. | `string` | `""` | no |
 | instances | Names and zones of the instances to allow SSH from IAP. | <pre>list(object({<br>    name = string<br>    zone = string<br>  }))</pre> | n/a | yes |
 | members | List of IAM resources to allow using the IAP tunnel. | `list(string)` | n/a | yes |

modules/iap-tunneling/main.tf

@@ -31,6 +31,7 @@ resource "google_compute_firewall" "allow_from_iap_to_instances" {
 
   target_service_accounts = length(var.service_accounts) > 0 ? var.service_accounts : null
   target_tags             = length(var.network_tags) > 0 ? var.network_tags : null
+  priority                = var.fw_priority
 }
 
 resource "google_iap_tunnel_instance_iam_binding" "enable_iap" {

modules/iap-tunneling/variables.tf

@@ -31,6 +31,12 @@ variable "fw_name_allow_ssh_from_iap" {
   default     = "allow-ssh-from-iap-to-tunnel"
 }
 
+variable "fw_priority" {
+  description = "Firewall rule priority for allowing SSH from IAP."
+  type        = number
+  default     = null
+}
+
 variable "network" {
   description = "Self link of the network to attach the firewall to."
   type        = string