refactor DRS org policy
This commit is contained in:
parent
2d27d20f1a
commit
00f24698d0
|
@ -104,15 +104,13 @@ module "organization" {
|
||||||
local.list_allow, { values = ["in:INTERNAL"] }
|
local.list_allow, { values = ["in:INTERNAL"] }
|
||||||
)
|
)
|
||||||
"constraints/compute.vmExternalIpAccess" = local.list_deny
|
"constraints/compute.vmExternalIpAccess" = local.list_deny
|
||||||
"constraints/iam.allowedPolicyMemberDomains" = {
|
"constraints/iam.allowedPolicyMemberDomains" = merge(
|
||||||
inherit_from_parent = false
|
local.list_allow, {
|
||||||
suggested_value = null
|
values = concat(
|
||||||
status = true
|
[var.organization.customer_id],
|
||||||
values = concat(
|
try(local.policy_configs.allowed_policy_member_domains, [])
|
||||||
[var.organization.customer_id],
|
)
|
||||||
try(local.policy_configs.allowed_policy_member_domains, [])
|
})
|
||||||
)
|
|
||||||
}
|
|
||||||
"constraints/run.allowedIngress" = merge(
|
"constraints/run.allowedIngress" = merge(
|
||||||
local.list_allow, { values = ["is:internal"] }
|
local.list_allow, { values = ["is:internal"] }
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in New Issue