zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/vpc-sc/README.md

225 lines
13 KiB
Markdown
Raw Normal View History

New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
# VPC Service Controls
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
This module offers a unified interface to manage VPC Service Controls [Access Policy](https://cloud.google.com/access-context-manager/docs/create-access-policy), [Access Levels](https://cloud.google.com/access-context-manager/docs/manage-access-levels), and [Service Perimeters](https://cloud.google.com/vpc-service-controls/docs/service-perimeters).
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
Given the complexity of the underlying resources, the module intentionally mimics their interfaces to make it easier to map their documentation onto its variables, and reduce the internal complexity.
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
If you are using [Application Default Credentials](https://cloud.google.com/sdk/gcloud/reference/auth/application-default) with Terraform and run into permissions issues, make sure to check out the recommended provider configuration in the [VPC SC resources documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/access_context_manager_access_level).
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
## Examples
### Access policy
By default, the module is configured to use an existing policy, passed in by name in the `access_policy` variable:
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
```hcl
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
module "test" {
Test documentation examples in the examples/ folder
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/vpc-sc"
Update README.md
2022-02-13 07:14:24 -08:00
access_policy = "12345678"
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
}
Align tftest syntax with tdoc This commit changes the token separator for inline examples from a semicolon to a space
2022-01-28 11:15:35 -08:00
# tftest modules=0 resources=0
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
```
If you need the module to create the policy for you, use the `access_policy_create` variable, and set `access_policy` to `null`:
```hcl
module "test" {
Test documentation examples in the examples/ folder
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/vpc-sc"
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
access_policy = null
access_policy_create = {
parent = "organizations/123456"
title = "vpcsc-policy"
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
}
}
Align tftest syntax with tdoc This commit changes the token separator for inline examples from a semicolon to a space
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=1
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
```
First commit
2023-01-17 04:39:28 -08:00
If you need the module to create a scoped policy for you, specify 'scopes' of the policy in the `access_policy_create` variable:
```hcl
module "test" {
source = "./fabric/modules/vpc-sc"
access_policy = null
access_policy_create = {
parent = "organizations/123456"
title = "vpcsc-policy"
scopes = ["folders/456789"]
}
}
# tftest modules=1 resources=1
```
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
### Access levels
As highlighted above, the `access_levels` type replicates the underlying resource structure.
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
```hcl
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
module "test" {
Test documentation examples in the examples/ folder
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/vpc-sc"
VPC-SC: Fix README (#462) * fix VPC-SC README. * fix VPC-SC README. * Update README.md Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2022-01-27 23:44:07 -08:00
access_policy = "12345678"
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
access_levels = {
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
a1 = {
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
conditions = [
{ members = ["user:user1@example.com"] }
]
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
}
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
a2 = {
combining_function = "OR"
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
conditions = [
{ regions = ["IT", "FR"] },
{ ip_subnetworks = ["101.101.101.0/24"] }
]
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
}
}
}
Align tftest syntax with tdoc This commit changes the token separator for inline examples from a semicolon to a space
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=2
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
```
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
### Service perimeters
Update README.md
2021-12-31 06:14:33 -08:00
Bridge and regular service perimeters use two separate variables, as bridge perimeters only accept a limited number of arguments, and can leverage a much simpler interface.
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
The regular perimeters variable exposes all the complexity of the underlying resource, use [its documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/access_context_manager_service_perimeter) as a reference about the possible values and configurations.
Interpolate access levels by key in vpc sc module (#414) * interpolate access levels by key * fix access level reference * fix num resources in last README test
2022-01-04 04:02:38 -08:00
If you need to refer to access levels created by the same module in regular service perimeters, you can either use the module's outputs in the provided variables, or the key used to identify the relevant access level. The example below shows how to do this in practice.
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
remove lifecycle block from vpc sc perimeters (#412)
2022-01-03 06:27:00 -08:00
/*
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
Resources for both perimeters have a `lifecycle` block that ignores changes to `spec` and `status` resources (projects), to allow using the additive resource `google_access_context_manager_service_perimeter_resource` at project creation. If this is not needed, the `lifecycle` blocks can be safely commented in the code.
remove lifecycle block from vpc sc perimeters (#412)
2022-01-03 06:27:00 -08:00
*/
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
#### Bridge type
Fix VPC-SC module, add example (#387)
2021-12-13 02:26:09 -08:00
```hcl
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
module "test" {
Test documentation examples in the examples/ folder
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/vpc-sc"
VPC-SC: Fix README (#462) * fix VPC-SC README. * fix VPC-SC README. * Update README.md Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2022-01-27 23:44:07 -08:00
access_policy = "12345678"
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
service_perimeters_bridge = {
b1 = {
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
status_resources = ["projects/111110", "projects/111111"]
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
}
b2 = {
spec_resources = ["projects/222220", "projects/222221"]
use_explicit_dry_run_spec = true
Fix VPC-SC module, add example (#387)
2021-12-13 02:26:09 -08:00
}
}
}
Align tftest syntax with tdoc This commit changes the token separator for inline examples from a semicolon to a space
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=2
Fix VPC-SC module, add example (#387)
2021-12-13 02:26:09 -08:00
```
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
#### Regular type
Enable multiple vpc-sc perimeters over multiple modules
2021-07-22 00:19:10 -07:00
```hcl
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
module "test" {
Test documentation examples in the examples/ folder
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/vpc-sc"
VPC-SC: Fix README (#462) * fix VPC-SC README. * fix VPC-SC README. * Update README.md Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2022-01-27 23:44:07 -08:00
access_policy = "12345678"
Update README.md
2021-09-03 09:53:30 -07:00
access_levels = {
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
a1 = {
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
conditions = [
{ members = ["user:user1@example.com"] }
]
Interpolate access levels by key in vpc sc module (#414) * interpolate access levels by key * fix access level reference * fix num resources in last README test
2022-01-04 04:02:38 -08:00
}
a2 = {
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
conditions = [
{ members = ["user:user2@example.com"] }
]
}
}
egress_policies = {
# allow writing to external GCS bucket from a specific SA
gcs-sa-foo = {
from = {
identities = [
"serviceAccount:foo@myproject.iam.gserviceaccount.com"
]
}
to = {
operations = [{
method_selectors = ["*"]
Enforce terraform fmt in examples
2022-12-16 03:53:56 -08:00
service_name = "storage.googleapis.com"
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
}]
resources = ["projects/123456789"]
}
}
}
ingress_policies = {
# allow management from external automation SA
sa-tf-test = {
from = {
identities = [
"serviceAccount:test-tf@myproject.iam.gserviceaccount.com",
Fix variable name
2023-02-20 05:37:33 -08:00
]
access_levels = ["*"]
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
}
to = {
operations = [{ service_name = "*" }]
resources = ["*"]
}
Update README.md
2021-09-03 09:53:30 -07:00
}
}
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
service_perimeters_regular = {
r1 = {
status = {
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
access_levels = ["a1", "a2"]
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
resources = ["projects/11111", "projects/111111"]
restricted_services = ["storage.googleapis.com"]
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
egress_policies = ["gcs-sa-foo"]
ingress_policies = ["sa-tf-test"]
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
vpc_accessible_services = {
VPC-SC: Fix README (#462) * fix VPC-SC README. * fix VPC-SC README. * Update README.md Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2022-01-27 23:44:07 -08:00
allowed_services = ["storage.googleapis.com"]
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
enable_restriction = true
}
Update README.md
2021-09-03 09:53:30 -07:00
}
}
}
}
Align tftest syntax with tdoc This commit changes the token separator for inline examples from a semicolon to a space
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=3
Enable multiple vpc-sc perimeters over multiple modules
2021-07-22 00:19:10 -07:00
```
VPC-SC: Fix README (#462) * fix VPC-SC README. * fix VPC-SC README. * Update README.md Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2022-01-27 23:44:07 -08:00
## Notes
add egress / ingress policy example (#768)
2022-08-04 08:00:14 -07:00
- To remove an access level, first remove the binding between perimeter and the access level in `status` and/or `spec` without removing the access level itself. Once you have run `terraform apply`, you'll then be able to remove the access level and run `terraform apply` again.
VPC-SC: Fix README (#462) * fix VPC-SC README. * fix VPC-SC README. * Update README.md Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2022-01-27 23:44:07 -08:00
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
## TODO
- [ ] implement support for the `google_access_context_manager_gcp_user_access_binding` resource
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
<!-- TFDOC OPTS files:1 -->
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
<!-- BEGIN TFDOC -->
New tfdoc version (#396) * update tfdoc * rewrite check docs, refactor tfdoc replace, regenerate modules READMEs * remove dead code from check docs * do not fail on missing variable files in check docs * fix typos
2021-12-20 23:51:51 -08:00
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
## Files
| name | description | resources |
|---|---|---|
| [access-levels.tf](./access-levels.tf) | Access level resources. | <code>google_access_context_manager_access_level</code> |
| [main.tf](./main.tf) | Module-level locals and resources. | <code>google_access_context_manager_access_policy</code> |
| [outputs.tf](./outputs.tf) | Module outputs. | |
| [service-perimeters-bridge.tf](./service-perimeters-bridge.tf) | Bridge service perimeter resources. | <code>google_access_context_manager_service_perimeter</code> |
| [service-perimeters-regular.tf](./service-perimeters-regular.tf) | Regular service perimeter resources. | <code>google_access_context_manager_service_perimeter</code> |
| [variables.tf](./variables.tf) | Module variables. | |
| [versions.tf](./versions.tf) | Version pins. | |
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
## Variables
| name | description | type | required | default |
New tfdoc version (#396) * update tfdoc * rewrite check docs, refactor tfdoc replace, regenerate modules READMEs * remove dead code from check docs * do not fail on missing variable files in check docs * fix typos
2021-12-20 23:51:51 -08:00
|---|---|:---:|:---:|:---:|
Refactor vps-sc module for Terraform 1.3 (#963) * wip * example tests * module tests * streamline example * fast * tfdoc * use collections.Counter in tests
2022-11-10 10:34:45 -08:00
| [access_policy](variables.tf#L56) | Access Policy name, set to null if creating one. | <code>string</code> | ✓ | |
| [access_levels](variables.tf#L17) | Access level definitions. | <code title="map&#40;object&#40;&#123;&#10; combining_function &#61; optional&#40;string&#41;&#10; conditions &#61; optional&#40;list&#40;object&#40;&#123;&#10; device_policy &#61; optional&#40;object&#40;&#123;&#10; allowed_device_management_levels &#61; optional&#40;list&#40;string&#41;&#41;&#10; allowed_encryption_statuses &#61; optional&#40;list&#40;string&#41;&#41;&#10; require_admin_approval &#61; bool&#10; require_corp_owned &#61; bool&#10; require_screen_lock &#61; optional&#40;bool&#41;&#10; os_constraints &#61; optional&#40;list&#40;object&#40;&#123;&#10; os_type &#61; string&#10; minimum_version &#61; optional&#40;string&#41;&#10; require_verified_chrome_os &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; ip_subnetworks &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; members &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; negate &#61; optional&#40;bool&#41;&#10; regions &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; required_access_levels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
First commit
2023-01-17 04:39:28 -08:00
| [access_policy_create](variables.tf#L61) | Access Policy configuration, fill in to create. Parent is in 'organizations/123456' format, scopes are in 'folders/456789' or 'projects/project_id' format. | <code title="object&#40;&#123;&#10; parent &#61; string&#10; title &#61; string&#10; scopes &#61; optional&#40;list&#40;string&#41;, null&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [egress_policies](variables.tf#L71) | Egress policy definitions that can be referenced in perimeters. | <code title="map&#40;object&#40;&#123;&#10; from &#61; object&#40;&#123;&#10; identity_type &#61; optional&#40;string, &#34;ANY_IDENTITY&#34;&#41;&#10; identities &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#10; to &#61; object&#40;&#123;&#10; operations &#61; optional&#40;list&#40;object&#40;&#123;&#10; method_selectors &#61; optional&#40;list&#40;string&#41;&#41;&#10; service_name &#61; string&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; resource_type_external &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [ingress_policies](variables.tf#L100) | Ingress policy definitions that can be referenced in perimeters. | <code title="map&#40;object&#40;&#123;&#10; from &#61; object&#40;&#123;&#10; access_levels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; identity_type &#61; optional&#40;string&#41;&#10; identities &#61; optional&#40;list&#40;string&#41;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#10; to &#61; object&#40;&#123;&#10; operations &#61; optional&#40;list&#40;object&#40;&#123;&#10; method_selectors &#61; optional&#40;list&#40;string&#41;&#41;&#10; service_name &#61; string&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_perimeters_bridge](variables.tf#L131) | Bridge service perimeters. | <code title="map&#40;object&#40;&#123;&#10; spec_resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; status_resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; use_explicit_dry_run_spec &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_perimeters_regular](variables.tf#L141) | Regular service perimeters. | <code title="map&#40;object&#40;&#123;&#10; spec &#61; optional&#40;object&#40;&#123;&#10; access_levels &#61; optional&#40;list&#40;string&#41;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; restricted_services &#61; optional&#40;list&#40;string&#41;&#41;&#10; egress_policies &#61; optional&#40;list&#40;string&#41;&#41;&#10; ingress_policies &#61; optional&#40;list&#40;string&#41;&#41;&#10; vpc_accessible_services &#61; optional&#40;object&#40;&#123;&#10; allowed_services &#61; list&#40;string&#41;&#10; enable_restriction &#61; bool&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; status &#61; optional&#40;object&#40;&#123;&#10; access_levels &#61; optional&#40;list&#40;string&#41;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; restricted_services &#61; optional&#40;list&#40;string&#41;&#41;&#10; egress_policies &#61; optional&#40;list&#40;string&#41;&#41;&#10; ingress_policies &#61; optional&#40;list&#40;string&#41;&#41;&#10; vpc_accessible_services &#61; optional&#40;object&#40;&#123;&#10; allowed_services &#61; list&#40;string&#41;&#10; enable_restriction &#61; bool&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; use_explicit_dry_run_spec &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
## Outputs
| name | description | sensitive |
|---|---|:---:|
Link vars and outputs from README
2022-01-22 04:34:35 -08:00
| [access_level_names](outputs.tf#L17) | Access level resources. | |
| [access_levels](outputs.tf#L25) | Access level resources. | |
| [access_policy](outputs.tf#L30) | Access policy resource, if autocreated. | |
| [access_policy_name](outputs.tf#L35) | Access policy name. | |
| [service_perimeters_bridge](outputs.tf#L40) | Bridge service perimeter resources. | |
| [service_perimeters_regular](outputs.tf#L45) | Regular service perimeter resources. | |
New tfdoc version (#396) * update tfdoc * rewrite check docs, refactor tfdoc replace, regenerate modules READMEs * remove dead code from check docs * do not fail on missing variable files in check docs * fix typos
2021-12-20 23:51:51 -08:00
Move VPC-SC to a separate module.
2020-07-07 01:23:26 -07:00
<!-- END TFDOC -->