Reorder org policy rules
This commit is contained in:
parent
0380c1004b
commit
065b1471a8
|
@ -95,23 +95,6 @@ resource "google_org_policy_policy" "default" {
|
|||
inherit_from_parent = each.value.inherit_from_parent
|
||||
reset = each.value.reset
|
||||
|
||||
rules {
|
||||
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
||||
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
||||
enforce = (
|
||||
each.value.is_boolean_policy && each.value.enforce != null
|
||||
? upper(tostring(each.value.enforce))
|
||||
: null
|
||||
)
|
||||
dynamic "values" {
|
||||
for_each = each.value.has_values ? [1] : []
|
||||
content {
|
||||
allowed_values = try(each.value.allow.values, null)
|
||||
denied_values = try(each.value.deny.values, null)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "rules" {
|
||||
for_each = each.value.rules
|
||||
iterator = rule
|
||||
|
@ -138,5 +121,22 @@ resource "google_org_policy_policy" "default" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
rules {
|
||||
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
||||
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
||||
enforce = (
|
||||
each.value.is_boolean_policy && each.value.enforce != null
|
||||
? upper(tostring(each.value.enforce))
|
||||
: null
|
||||
)
|
||||
dynamic "values" {
|
||||
for_each = each.value.has_values ? [1] : []
|
||||
content {
|
||||
allowed_values = try(each.value.allow.values, null)
|
||||
denied_values = try(each.value.deny.values, null)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -95,23 +95,6 @@ resource "google_org_policy_policy" "default" {
|
|||
inherit_from_parent = each.value.inherit_from_parent
|
||||
reset = each.value.reset
|
||||
|
||||
rules {
|
||||
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
||||
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
||||
enforce = (
|
||||
each.value.is_boolean_policy && each.value.enforce != null
|
||||
? upper(tostring(each.value.enforce))
|
||||
: null
|
||||
)
|
||||
dynamic "values" {
|
||||
for_each = each.value.has_values ? [1] : []
|
||||
content {
|
||||
allowed_values = try(each.value.allow.values, null)
|
||||
denied_values = try(each.value.deny.values, null)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "rules" {
|
||||
for_each = each.value.rules
|
||||
iterator = rule
|
||||
|
@ -138,6 +121,23 @@ resource "google_org_policy_policy" "default" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
rules {
|
||||
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
||||
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
||||
enforce = (
|
||||
each.value.is_boolean_policy && each.value.enforce != null
|
||||
? upper(tostring(each.value.enforce))
|
||||
: null
|
||||
)
|
||||
dynamic "values" {
|
||||
for_each = each.value.has_values ? [1] : []
|
||||
content {
|
||||
allowed_values = try(each.value.allow.values, null)
|
||||
denied_values = try(each.value.deny.values, null)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
depends_on = [
|
||||
|
|
|
@ -95,23 +95,6 @@ resource "google_org_policy_policy" "default" {
|
|||
inherit_from_parent = each.value.inherit_from_parent
|
||||
reset = each.value.reset
|
||||
|
||||
rules {
|
||||
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
||||
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
||||
enforce = (
|
||||
each.value.is_boolean_policy && each.value.enforce != null
|
||||
? upper(tostring(each.value.enforce))
|
||||
: null
|
||||
)
|
||||
dynamic "values" {
|
||||
for_each = each.value.has_values ? [1] : []
|
||||
content {
|
||||
allowed_values = try(each.value.allow.values, null)
|
||||
denied_values = try(each.value.deny.values, null)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "rules" {
|
||||
for_each = each.value.rules
|
||||
iterator = rule
|
||||
|
@ -138,5 +121,22 @@ resource "google_org_policy_policy" "default" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
rules {
|
||||
allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
|
||||
deny_all = try(each.value.deny.all, null) == true ? "TRUE" : null
|
||||
enforce = (
|
||||
each.value.is_boolean_policy && each.value.enforce != null
|
||||
? upper(tostring(each.value.enforce))
|
||||
: null
|
||||
)
|
||||
dynamic "values" {
|
||||
for_each = each.value.has_values ? [1] : []
|
||||
content {
|
||||
allowed_values = try(each.value.allow.values, null)
|
||||
denied_values = try(each.value.deny.values, null)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -33,11 +33,6 @@ values:
|
|||
- inherit_from_parent: null
|
||||
reset: null
|
||||
rules:
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: 'FALSE'
|
||||
values: []
|
||||
- allow_all: null
|
||||
condition:
|
||||
- description: test condition
|
||||
|
@ -47,6 +42,11 @@ values:
|
|||
deny_all: null
|
||||
enforce: 'TRUE'
|
||||
values: []
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: 'FALSE'
|
||||
values: []
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
|
|
|
@ -20,14 +20,6 @@ values:
|
|||
- inherit_from_parent: null
|
||||
reset: null
|
||||
rules:
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: null
|
||||
values:
|
||||
- allowed_values: null
|
||||
denied_values:
|
||||
- in:EXTERNAL
|
||||
- allow_all: null
|
||||
condition:
|
||||
- description: test condition
|
||||
|
@ -49,6 +41,14 @@ values:
|
|||
deny_all: null
|
||||
enforce: null
|
||||
values: []
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: null
|
||||
values:
|
||||
- allowed_values: null
|
||||
denied_values:
|
||||
- in:EXTERNAL
|
||||
timeouts: null
|
||||
google_org_policy_policy.default["compute.vmExternalIpAccess"]:
|
||||
name: organizations/1234567890/policies/compute.vmExternalIpAccess
|
||||
|
|
|
@ -99,11 +99,6 @@ values:
|
|||
- inherit_from_parent: null
|
||||
reset: null
|
||||
rules:
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: 'FALSE'
|
||||
values: []
|
||||
- allow_all: null
|
||||
condition:
|
||||
- description: test condition
|
||||
|
@ -113,6 +108,11 @@ values:
|
|||
deny_all: null
|
||||
enforce: 'TRUE'
|
||||
values: []
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: 'FALSE'
|
||||
values: []
|
||||
module.project.google_project.project[0]:
|
||||
billing_account: 123456-123456-123456
|
||||
folder_id: '1234567890'
|
||||
|
|
|
@ -33,11 +33,6 @@ values:
|
|||
- inherit_from_parent: null
|
||||
reset: null
|
||||
rules:
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: 'FALSE'
|
||||
values: []
|
||||
- allow_all: null
|
||||
condition:
|
||||
- description: test condition
|
||||
|
@ -47,6 +42,11 @@ values:
|
|||
deny_all: null
|
||||
enforce: 'TRUE'
|
||||
values: []
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: 'FALSE'
|
||||
values: []
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
|
|
|
@ -20,14 +20,6 @@ values:
|
|||
- inherit_from_parent: null
|
||||
reset: null
|
||||
rules:
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: null
|
||||
values:
|
||||
- allowed_values: null
|
||||
denied_values:
|
||||
- in:EXTERNAL
|
||||
- allow_all: null
|
||||
condition:
|
||||
- description: test condition
|
||||
|
@ -49,6 +41,14 @@ values:
|
|||
deny_all: null
|
||||
enforce: null
|
||||
values: []
|
||||
- allow_all: null
|
||||
condition: []
|
||||
deny_all: null
|
||||
enforce: null
|
||||
values:
|
||||
- allowed_values: null
|
||||
denied_values:
|
||||
- in:EXTERNAL
|
||||
timeouts: null
|
||||
google_org_policy_policy.default["compute.vmExternalIpAccess"]:
|
||||
name: projects/my-project/policies/compute.vmExternalIpAccess
|
||||
|
|
Loading…
Reference in New Issue