AWS/Azure/Gcloud Networking - replace defaults with an empty string a…

…nd raise a helpful message for users

edbterraform/data/terraform/aws/modules/security/main.tf

@@ -27,6 +27,11 @@ resource "aws_security_group_rule" "rule" {
       error_message = "${each.key} has type ${each.value.type}. Must be ingress or egress."
     }
 
+    precondition {
+      error_message = "port defaults must be one of: service, public, internal or an empty string ('')"
+      condition = contains(["service", "internal", "public", ""], try(each.value.defaults, ""))
+    }
+
     precondition {
       condition     = each.value.cidrs != null && length(each.value.cidrs) > 0
       error_message = <<-EOT

edbterraform/data/terraform/aws/modules/specification/variables.tf

@@ -38,7 +38,7 @@ variable "spec" {
         cidr = optional(string)
       })), {})
       ports = optional(list(object({
-        defaults     = optional(string, "service")
+        defaults     = optional(string, "")
         port        = optional(number)
         to_port     = optional(number)
         protocol    = string
@@ -55,7 +55,7 @@ variable "spec" {
       region        = string
       ssh_port      = optional(number, 22)
       ports         = optional(list(object({
-        defaults    = optional(string, "internal")
+        defaults    = optional(string, "")
         port        = optional(number)
         to_port     = optional(number)
         protocol    = string

edbterraform/data/terraform/azure/modules/security/main.tf

@@ -39,5 +39,10 @@ resource "azurerm_network_security_rule" "rules" {
       condition     = each.value.type == "ingress" || each.value.type == "egress"
       error_message = "${each.key} has type ${each.value.type}. Must be ingress or egress."
     }
+
+    precondition {
+      error_message = "port defaults must be one of: service, public, internal or an empty string ('')"
+      condition = contains(["service", "internal", "public", ""], try(each.value.defaults, ""))
+    }
   }
 }

edbterraform/data/terraform/azure/modules/specification/variables.tf

@@ -41,7 +41,7 @@ variable "spec" {
         cidr = optional(string)
       })), {})
       ports = optional(list(object({
-        defaults    = optional(string, "service")
+        defaults    = optional(string, "")
         port        = optional(number)
         to_port     = optional(number)
         protocol    = string
@@ -60,7 +60,7 @@ variable "spec" {
       instance_type = string
       ssh_port      = optional(number, 22)
       ports         = optional(list(object({
-        defaults    = optional(string, "internal")
+        defaults    = optional(string, "")
         port        = optional(number)
         to_port     = optional(number)
         protocol    = string

edbterraform/data/terraform/gcloud/modules/security/main.tf

@@ -46,5 +46,10 @@ resource "google_compute_firewall" "rules" {
       condition     = each.value.type == "ingress" || each.value.type == "egress"
       error_message = "${each.key} has type ${each.value.type}. Must be ingress or egress."
     }
+
+    precondition {
+      error_message = "port defaults must be one of: service, public, internal or an empty string ('')"
+      condition = contains(["service", "internal", "public", ""], try(each.value.defaults, ""))
+    }
   }
 }

edbterraform/data/terraform/gcloud/modules/specification/variables.tf

@@ -39,7 +39,7 @@ variable "spec" {
         cidr = optional(string)
       })), {})
       ports = optional(list(object({
-        defaults    = optional(string, "service")
+        defaults    = optional(string, "")
         port        = optional(number)
         to_port     = optional(number)
         protocol    = string
@@ -59,7 +59,7 @@ variable "spec" {
       ip_forward    = optional(bool)
       ssh_port      = optional(number, 22)
       ports         = optional(list(object({
-        defaults      = optional(string, "internal")
+        defaults      = optional(string, "")
         port        = optional(number)
         to_port     = optional(number)
         protocol    = string