Remove Project level VPC-SC handling. The configuration option is too

limited (for example: no dry_run mode supported).
2020-07-07 10:49:06 +02:00 · 2020-07-07 10:49:06 +02:00 · 31ac6ee094
parent 39d2d90bcd
commit 31ac6ee094
3 changed files with 0 additions and 39 deletions
--- a/modules/project/README.md
+++ b/modules/project/README.md
@ -103,8 +103,6 @@ module "project" {
 | *project_create* | Create project. When set to false, uses a data source to reference existing project. | <code title="">bool</code> |  | <code title="">true</code> |
 | *service_config* | Configure service API activation. | <code title="object&#40;&#123;&#10;disable_on_destroy         &#61; bool&#10;disable_dependent_services &#61; bool&#10;&#125;&#41;">object({...})</code> |  | <code title="&#123;&#10;disable_on_destroy         &#61; true&#10;disable_dependent_services &#61; true&#10;&#125;">...</code> |
 | *services* | Service APIs to enable. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
-| *vpc_sc_perimeter* | None | <code title="">string</code> |  | <code title="">null</code> |
-| *vpc_sc_perimeter_bridges* | None | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |

 ## Outputs

--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@ -212,18 +212,3 @@ resource "google_project_organization_policy" "list" {
    }
  }
 }
-
-resource "google_access_context_manager_service_perimeter_resource" "standard" {
-  for_each       = toset([var.vpc_sc_perimeter])
-  perimeter_name = each.key
-  resource       = "projects/${google_project.project.number}"
-}
-
-resource "google_access_context_manager_service_perimeter_resource" "bridges" {
-  for_each       = toset(var.vpc_sc_perimeter_bridges)
-  perimeter_name = each.key
-  resource       = "projects/${google_project.project.number}"
-  depends_on = [
-    google_access_context_manager_service_perimeter_resource.standard,
-  ]  
-}
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@ -138,25 +138,3 @@ variable "service_config" {
    disable_dependent_services = true
  }
 }
-
-variable "vpc_sc_perimeter" {
-  description = <<EOF
-    Name of the VPC-SC perimeter the project belongs to. Must be of the form accessPolicies/{policy_id}/servicePerimeters/{short_name}.
-    If this resource is used alongside a `google_access_context_manager_service_perimeter` resource, 
-    the service perimeter resource must have a lifecycle block with ignore_changes = [status[0].resources] 
-    so they don't fight over which resources should be in the policy.
-  EOF
-  type        = string
-  default     = null
-}
-
-variable "vpc_sc_perimeter_bridges" {
-  description = <<EOF
-    List of VPC-SC perimeter bridges the project belongs to. Must be of the form accessPolicies/{policy_id}/servicePerimeters/{short_name}.
-    If this resource is used alongside a `google_access_context_manager_service_perimeter` resource, 
-    the service perimeter resource must have a lifecycle block with ignore_changes = [status[0].resources] 
-    so they don't fight over which resources should be in the policy.
-  EOF
-  type        = list(string)
-  default     = []
-}