Explicitly add allow_ssh flag and disable for production

This will also ensure any drift is picked up by our infrastructure verification checks Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2026-05-05 08:40:29 -04:00 · 2024-03-13 09:51:41 -04:00
parent f0e66886d2
commit 15f8be7aee
7 changed files with 26 additions and 0 deletions
--- a/terraform/shared/egress_space/main.tf
+++ b/terraform/shared/egress_space/main.tf
@@ -11,6 +11,7 @@ data "cloudfoundry_org" "org" {
 ###

 resource "cloudfoundry_space" "public_egress" {
+  allow_ssh                = var.allow_ssh
  delete_recursive_allowed = var.delete_recursive_allowed
  name                     = "${var.cf_restricted_space_name}-egress"
  org                      = data.cloudfoundry_org.org.id
--- a/terraform/shared/egress_space/variables.tf
+++ b/terraform/shared/egress_space/variables.tf
@@ -9,3 +9,9 @@ variable "delete_recursive_allowed" {
  default     = true
  description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
 }
+
+variable "allow_ssh" {
+  type        = bool
+  default     = true
+  description = "Flag for allowing SSH access in a space - not recommended in production environments"
+}
--- a/terraform/shared/ses/main.tf
+++ b/terraform/shared/ses/main.tf
@@ -15,6 +15,7 @@ data "cloudfoundry_space" "space" {
 # SES Space
 ###
 resource "cloudfoundry_space" "cf_ses_service_space" {
+  allow_ssh                = var.allow_ssh
  delete_recursive_allowed = var.delete_recursive_allowed
  name                     = data.cloudfoundry_space.space.name
  org                      = data.cloudfoundry_org.org.id
--- a/terraform/shared/ses/variables.tf
+++ b/terraform/shared/ses/variables.tf
@@ -40,3 +40,9 @@ variable "delete_recursive_allowed" {
  default     = true
  description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
 }
+
+variable "allow_ssh" {
+  type        = bool
+  default     = true
+  description = "Flag for allowing SSH access in a space - not recommended in production environments"
+}
--- a/terraform/shared/sns/main.tf
+++ b/terraform/shared/sns/main.tf
@@ -15,6 +15,7 @@ data "cloudfoundry_space" "space" {
 # SNS Space
 ###
 resource "cloudfoundry_space" "cf_sns_service_space" {
+  allow_ssh                = var.allow_ssh
  delete_recursive_allowed = var.delete_recursive_allowed
  name                     = data.cloudfoundry_space.space.name
  org                      = data.cloudfoundry_org.org.id
--- a/terraform/shared/sns/variables.tf
+++ b/terraform/shared/sns/variables.tf
@@ -28,3 +28,9 @@ variable "delete_recursive_allowed" {
  default     = true
  description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
 }
+
+variable "allow_ssh" {
+  type        = bool
+  default     = true
+  description = "Flag for allowing SSH access in a space - not recommended in production environments"
+}