zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/tests/modules/vpc_sc/fixture/main.tf

147 lines
4.3 KiB
Terraform
Raw Normal View History

New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
/**
Copyright bump (#410)
2022-01-01 06:52:31 -08:00
* Copyright 2022 Google LLC
New vpc-sc module implementation (#406) * first implementation * minimal output * split service perimeters in regular and bridge * tests and fixes * new vpc-sc implementation * remove providers file used for testing * remove provider used during development
2021-12-31 04:29:22 -08:00
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "access_policy" {
description = "Access Policy name, leave null to use auto-created one."
type = string
default = null
}
variable "access_policy_create" {
description = "Access Policy configuration, fill in to create. Parent is in 'organizations/123456' format."
type = object({
parent = string
title = string
})
default = {
parent = "organizations/123456"
title = "vpcsc-policy"
}
}
module "test" {
source = "../../../../modules/vpc-sc"
access_policy = var.access_policy
access_policy_create = var.access_policy_create
access_levels = {
a1 = {
combining_function = null
conditions = [
{
device_policy = null
ip_subnetworks = null
members = ["user:ludomagno@google.com"]
negate = null
regions = null
required_access_levels = null
}
]
}
a2 = {
combining_function = "OR"
conditions = [
{
device_policy = null
ip_subnetworks = null
members = null
negate = null
regions = ["IT", "FR"]
required_access_levels = null
},
{
device_policy = null
ip_subnetworks = null
members = null
negate = null
regions = ["US"]
required_access_levels = null
}
]
}
}
service_perimeters_bridge = {
b1 = {
status_resources = ["projects/111110", "projects/111111"]
spec_resources = null
use_explicit_dry_run_spec = false
}
b2 = {
status_resources = ["projects/111110", "projects/222220"]
spec_resources = ["projects/111110", "projects/222220"]
use_explicit_dry_run_spec = true
}
}
service_perimeters_regular = {
r1 = {
spec = null
status = {
access_levels = [module.test.access_level_names["a1"]]
resources = ["projects/11111", "projects/111111"]
restricted_services = ["storage.googleapis.com"]
egress_policies = null
ingress_policies = null
vpc_accessible_services = {
allowed_services = ["compute.googleapis.com"]
enable_restriction = true
}
}
use_explicit_dry_run_spec = false
}
r2 = {
spec = null
status = {
access_levels = [module.test.access_level_names["a1"]]
resources = ["projects/222220", "projects/222221"]
restricted_services = ["storage.googleapis.com"]
egress_policies = [
{
egress_from = {
identity_type = null
identities = ["user:foo@example.com"]
}
egress_to = {
operations = null
resources = ["projects/333330"]
}
}
]
ingress_policies = [
{
ingress_from = {
identity_type = null
identities = null
source_access_levels = [module.test.access_level_names["a2"]]
source_resources = ["projects/333330"]
}
ingress_to = {
operations = [{
method_selectors = null
service_name = "compute.googleapis.com"
}]
resources = ["projects/222220"]
}
}
]
vpc_accessible_services = {
allowed_services = ["compute.googleapis.com"]
enable_restriction = true
}
}
use_explicit_dry_run_spec = false
}
}
}