{% set BASE_NAME = properties['baseName'] + '-' + env['name'] %}

resources:
- name: {{ BASE_NAME }}
  type: compute.v1.network
  properties:
    IPv4Range: 10.240.0.0/16

- name: {{ BASE_NAME }}-allow-http
  type: compute.v1.firewall
  properties:
    network: $(ref.{{ BASE_NAME }}.selfLink)
    priority: 1000
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["80"]
    targetTags:
    - http-server

{%- if properties['enableHttps'] %}
- name: {{ BASE_NAME }}-allow-https
  type: compute.v1.firewall
  properties:
    network: $(ref.{{ BASE_NAME }}.selfLink)
    priority: 1000
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["443"]
    targetTags:
    - https-server
{%- endif %}

- name: {{ BASE_NAME }}-allow-ssh
  type: compute.v1.firewall
  properties:
    network: $(ref.{{ BASE_NAME }}.selfLink)
    priority: 65534
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["22"]
    targetTags:
    - ssh-server

outputs:
  - name: name
    value: $(ref.{{ BASE_NAME }}.name)