Reorder org policy rules
This commit is contained in:
parent
0380c1004b
commit
065b1471a8
|
@ -95,23 +95,6 @@ resource "google_org_policy_policy" "default" {
|
||||||
inherit_from_parent = each.value.inherit_from_parent
|
inherit_from_parent = each.value.inherit_from_parent
|
||||||
reset = each.value.reset
|
reset = each.value.reset
|
||||||
|
|
||||||
rules {
|
|
||||||
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
|
||||||
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
|
||||||
enforce = (
|
|
||||||
each.value.is_boolean_policy && each.value.enforce != null
|
|
||||||
? upper(tostring(each.value.enforce))
|
|
||||||
: null
|
|
||||||
)
|
|
||||||
dynamic "values" {
|
|
||||||
for_each = each.value.has_values ? [1] : []
|
|
||||||
content {
|
|
||||||
allowed_values = try(each.value.allow.values, null)
|
|
||||||
denied_values = try(each.value.deny.values, null)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
dynamic "rules" {
|
dynamic "rules" {
|
||||||
for_each = each.value.rules
|
for_each = each.value.rules
|
||||||
iterator = rule
|
iterator = rule
|
||||||
|
@ -138,5 +121,22 @@ resource "google_org_policy_policy" "default" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rules {
|
||||||
|
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
||||||
|
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
||||||
|
enforce = (
|
||||||
|
each.value.is_boolean_policy && each.value.enforce != null
|
||||||
|
? upper(tostring(each.value.enforce))
|
||||||
|
: null
|
||||||
|
)
|
||||||
|
dynamic "values" {
|
||||||
|
for_each = each.value.has_values ? [1] : []
|
||||||
|
content {
|
||||||
|
allowed_values = try(each.value.allow.values, null)
|
||||||
|
denied_values = try(each.value.deny.values, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,23 +95,6 @@ resource "google_org_policy_policy" "default" {
|
||||||
inherit_from_parent = each.value.inherit_from_parent
|
inherit_from_parent = each.value.inherit_from_parent
|
||||||
reset = each.value.reset
|
reset = each.value.reset
|
||||||
|
|
||||||
rules {
|
|
||||||
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
|
||||||
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
|
||||||
enforce = (
|
|
||||||
each.value.is_boolean_policy && each.value.enforce != null
|
|
||||||
? upper(tostring(each.value.enforce))
|
|
||||||
: null
|
|
||||||
)
|
|
||||||
dynamic "values" {
|
|
||||||
for_each = each.value.has_values ? [1] : []
|
|
||||||
content {
|
|
||||||
allowed_values = try(each.value.allow.values, null)
|
|
||||||
denied_values = try(each.value.deny.values, null)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
dynamic "rules" {
|
dynamic "rules" {
|
||||||
for_each = each.value.rules
|
for_each = each.value.rules
|
||||||
iterator = rule
|
iterator = rule
|
||||||
|
@ -138,6 +121,23 @@ resource "google_org_policy_policy" "default" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rules {
|
||||||
|
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
||||||
|
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
||||||
|
enforce = (
|
||||||
|
each.value.is_boolean_policy && each.value.enforce != null
|
||||||
|
? upper(tostring(each.value.enforce))
|
||||||
|
: null
|
||||||
|
)
|
||||||
|
dynamic "values" {
|
||||||
|
for_each = each.value.has_values ? [1] : []
|
||||||
|
content {
|
||||||
|
allowed_values = try(each.value.allow.values, null)
|
||||||
|
denied_values = try(each.value.deny.values, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
depends_on = [
|
depends_on = [
|
||||||
|
|
|
@ -95,23 +95,6 @@ resource "google_org_policy_policy" "default" {
|
||||||
inherit_from_parent = each.value.inherit_from_parent
|
inherit_from_parent = each.value.inherit_from_parent
|
||||||
reset = each.value.reset
|
reset = each.value.reset
|
||||||
|
|
||||||
rules {
|
|
||||||
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
|
||||||
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
|
||||||
enforce = (
|
|
||||||
each.value.is_boolean_policy && each.value.enforce != null
|
|
||||||
? upper(tostring(each.value.enforce))
|
|
||||||
: null
|
|
||||||
)
|
|
||||||
dynamic "values" {
|
|
||||||
for_each = each.value.has_values ? [1] : []
|
|
||||||
content {
|
|
||||||
allowed_values = try(each.value.allow.values, null)
|
|
||||||
denied_values = try(each.value.deny.values, null)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
dynamic "rules" {
|
dynamic "rules" {
|
||||||
for_each = each.value.rules
|
for_each = each.value.rules
|
||||||
iterator = rule
|
iterator = rule
|
||||||
|
@ -138,5 +121,22 @@ resource "google_org_policy_policy" "default" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rules {
|
||||||
|
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
||||||
|
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
||||||
|
enforce = (
|
||||||
|
each.value.is_boolean_policy && each.value.enforce != null
|
||||||
|
? upper(tostring(each.value.enforce))
|
||||||
|
: null
|
||||||
|
)
|
||||||
|
dynamic "values" {
|
||||||
|
for_each = each.value.has_values ? [1] : []
|
||||||
|
content {
|
||||||
|
allowed_values = try(each.value.allow.values, null)
|
||||||
|
denied_values = try(each.value.deny.values, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,11 +33,6 @@ values:
|
||||||
- inherit_from_parent: null
|
- inherit_from_parent: null
|
||||||
reset: null
|
reset: null
|
||||||
rules:
|
rules:
|
||||||
- allow_all: null
|
|
||||||
condition: []
|
|
||||||
deny_all: null
|
|
||||||
enforce: 'FALSE'
|
|
||||||
values: []
|
|
||||||
- allow_all: null
|
- allow_all: null
|
||||||
condition:
|
condition:
|
||||||
- description: test condition
|
- description: test condition
|
||||||
|
@ -47,6 +42,11 @@ values:
|
||||||
deny_all: null
|
deny_all: null
|
||||||
enforce: 'TRUE'
|
enforce: 'TRUE'
|
||||||
values: []
|
values: []
|
||||||
|
- allow_all: null
|
||||||
|
condition: []
|
||||||
|
deny_all: null
|
||||||
|
enforce: 'FALSE'
|
||||||
|
values: []
|
||||||
timeouts: null
|
timeouts: null
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
|
|
|
@ -20,14 +20,6 @@ values:
|
||||||
- inherit_from_parent: null
|
- inherit_from_parent: null
|
||||||
reset: null
|
reset: null
|
||||||
rules:
|
rules:
|
||||||
- allow_all: null
|
|
||||||
condition: []
|
|
||||||
deny_all: null
|
|
||||||
enforce: null
|
|
||||||
values:
|
|
||||||
- allowed_values: null
|
|
||||||
denied_values:
|
|
||||||
- in:EXTERNAL
|
|
||||||
- allow_all: null
|
- allow_all: null
|
||||||
condition:
|
condition:
|
||||||
- description: test condition
|
- description: test condition
|
||||||
|
@ -49,6 +41,14 @@ values:
|
||||||
deny_all: null
|
deny_all: null
|
||||||
enforce: null
|
enforce: null
|
||||||
values: []
|
values: []
|
||||||
|
- allow_all: null
|
||||||
|
condition: []
|
||||||
|
deny_all: null
|
||||||
|
enforce: null
|
||||||
|
values:
|
||||||
|
- allowed_values: null
|
||||||
|
denied_values:
|
||||||
|
- in:EXTERNAL
|
||||||
timeouts: null
|
timeouts: null
|
||||||
google_org_policy_policy.default["compute.vmExternalIpAccess"]:
|
google_org_policy_policy.default["compute.vmExternalIpAccess"]:
|
||||||
name: organizations/1234567890/policies/compute.vmExternalIpAccess
|
name: organizations/1234567890/policies/compute.vmExternalIpAccess
|
||||||
|
|
|
@ -99,11 +99,6 @@ values:
|
||||||
- inherit_from_parent: null
|
- inherit_from_parent: null
|
||||||
reset: null
|
reset: null
|
||||||
rules:
|
rules:
|
||||||
- allow_all: null
|
|
||||||
condition: []
|
|
||||||
deny_all: null
|
|
||||||
enforce: 'FALSE'
|
|
||||||
values: []
|
|
||||||
- allow_all: null
|
- allow_all: null
|
||||||
condition:
|
condition:
|
||||||
- description: test condition
|
- description: test condition
|
||||||
|
@ -113,6 +108,11 @@ values:
|
||||||
deny_all: null
|
deny_all: null
|
||||||
enforce: 'TRUE'
|
enforce: 'TRUE'
|
||||||
values: []
|
values: []
|
||||||
|
- allow_all: null
|
||||||
|
condition: []
|
||||||
|
deny_all: null
|
||||||
|
enforce: 'FALSE'
|
||||||
|
values: []
|
||||||
module.project.google_project.project[0]:
|
module.project.google_project.project[0]:
|
||||||
billing_account: 123456-123456-123456
|
billing_account: 123456-123456-123456
|
||||||
folder_id: '1234567890'
|
folder_id: '1234567890'
|
||||||
|
|
|
@ -33,11 +33,6 @@ values:
|
||||||
- inherit_from_parent: null
|
- inherit_from_parent: null
|
||||||
reset: null
|
reset: null
|
||||||
rules:
|
rules:
|
||||||
- allow_all: null
|
|
||||||
condition: []
|
|
||||||
deny_all: null
|
|
||||||
enforce: 'FALSE'
|
|
||||||
values: []
|
|
||||||
- allow_all: null
|
- allow_all: null
|
||||||
condition:
|
condition:
|
||||||
- description: test condition
|
- description: test condition
|
||||||
|
@ -47,6 +42,11 @@ values:
|
||||||
deny_all: null
|
deny_all: null
|
||||||
enforce: 'TRUE'
|
enforce: 'TRUE'
|
||||||
values: []
|
values: []
|
||||||
|
- allow_all: null
|
||||||
|
condition: []
|
||||||
|
deny_all: null
|
||||||
|
enforce: 'FALSE'
|
||||||
|
values: []
|
||||||
timeouts: null
|
timeouts: null
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
|
|
|
@ -20,14 +20,6 @@ values:
|
||||||
- inherit_from_parent: null
|
- inherit_from_parent: null
|
||||||
reset: null
|
reset: null
|
||||||
rules:
|
rules:
|
||||||
- allow_all: null
|
|
||||||
condition: []
|
|
||||||
deny_all: null
|
|
||||||
enforce: null
|
|
||||||
values:
|
|
||||||
- allowed_values: null
|
|
||||||
denied_values:
|
|
||||||
- in:EXTERNAL
|
|
||||||
- allow_all: null
|
- allow_all: null
|
||||||
condition:
|
condition:
|
||||||
- description: test condition
|
- description: test condition
|
||||||
|
@ -49,6 +41,14 @@ values:
|
||||||
deny_all: null
|
deny_all: null
|
||||||
enforce: null
|
enforce: null
|
||||||
values: []
|
values: []
|
||||||
|
- allow_all: null
|
||||||
|
condition: []
|
||||||
|
deny_all: null
|
||||||
|
enforce: null
|
||||||
|
values:
|
||||||
|
- allowed_values: null
|
||||||
|
denied_values:
|
||||||
|
- in:EXTERNAL
|
||||||
timeouts: null
|
timeouts: null
|
||||||
google_org_policy_policy.default["compute.vmExternalIpAccess"]:
|
google_org_policy_policy.default["compute.vmExternalIpAccess"]:
|
||||||
name: projects/my-project/policies/compute.vmExternalIpAccess
|
name: projects/my-project/policies/compute.vmExternalIpAccess
|
||||||
|
|
Loading…
Reference in New Issue