zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Project Module: add VPC-SC support (#212) 

* Add VPC-SC support for Regions, device policy and access policy dependency.

* fix compute mig module test

* Fixes

* Fix example

* Add VPC-SC support in the project module.

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
This commit is contained in:
lcaggio 2021-03-19 20:12:29 +01:00 committed by GitHub
parent 404d7efcaa
commit 2916f4e078
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/project/README.md
View File

@ -176,6 +176,8 @@ module "project-host" {
| *prefix* | Prefix used to generate project id and name. | <code title="">string</code> | | <code title="">null</code> |
| *project_create* | Create project. When set to false, uses a data source to reference existing project. | <code title="">bool</code> | | <code title="">true</code> |
| *service_config* | Configure service API activation. | <code title="object&#40;&#123;&#10;disable_on_destroy &#61; bool&#10;disable_dependent_services &#61; bool&#10;&#125;&#41;">object({...})</code> | | <code title="&#123;&#10;disable_on_destroy &#61; true&#10;disable_dependent_services &#61; true&#10;&#125;">...</code> |
| *service_perimeter_bridges* | Name of VPC-SC Bridge perimeters to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | <code title="list&#40;string&#41;">list(string)</code> | | <code title="">null</code> |
| *service_perimeter_standard* | Name of VPC-SC Standard perimeter to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | <code title="">string</code> | | <code title="">null</code> |
| *services* | Service APIs to enable. | <code title="list&#40;string&#41;">list(string)</code> | | <code title="">[]</code> |
| *shared_vpc_host_config* | Configures this project as a Shared VPC host project (mutually exclusive with shared_vpc_service_project). | <code title="object&#40;&#123;&#10;enabled &#61; bool&#10;service_projects &#61; list&#40;string&#41;&#10;&#125;&#41;">object({...})</code> | | <code title="&#123;&#10;enabled &#61; false&#10;service_projects &#61; &#91;&#93;&#10;&#125;">...</code> |
| *shared_vpc_service_config* | Configures this project as a Shared VPC service project (mutually exclusive with shared_vpc_host_config). | <code title="object&#40;&#123;&#10;attach &#61; bool&#10;host_project &#61; string&#10;&#125;&#41;">object({...})</code> | | <code title="&#123;&#10;attach &#61; false&#10;host_project &#61; &#34;&#34;&#10;&#125;">...</code> |

18
modules/project/main.tf
View File

@ -316,3 +316,21 @@ resource "google_essential_contacts_contact" "contact" {
language_tag = "en"
notification_category_subscriptions = each.value
}
resource "google_access_context_manager_service_perimeter_resource" "service-perimeter-resource-standard" {
count = var.service_perimeter_standard != null ? 1 : 0
# If used, remember to uncomment 'lifecycle' block in the
# modules/vpc-sc/google_access_context_manager_service_perimeter resource.
perimeter_name = var.service_perimeter_standard
resource = "projects/${local.project.number}"
}
resource "google_access_context_manager_service_perimeter_resource" "service-perimeter-resource-bridges" {
for_each = toset(var.service_perimeter_bridges != null ? var.service_perimeter_bridges : [])
# If used, remember to uncomment 'lifecycle' block in the
# modules/vpc-sc/google_access_context_manager_service_perimeter resource.
perimeter_name = each.value
resource = "projects/${local.project.number}"
}

13
modules/project/variables.tf
View File

@ -192,3 +192,16 @@ variable "contacts" {
type = map(list(string))
default = {}
}
variable "service_perimeter_standard" {
description = "Name of VPC-SC Standard perimeter to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'."
type = string
default = null
}
variable "service_perimeter_bridges" {
description = "Name of VPC-SC Bridge perimeters to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'."
type = list(string)
default = null
}