Remove Project level VPC-SC handling. The configuration option is too
limited (for example: no dry_run mode supported).
This commit is contained in:
parent
39d2d90bcd
commit
31ac6ee094
|
@ -103,8 +103,6 @@ module "project" {
|
|||
| *project_create* | Create project. When set to false, uses a data source to reference existing project. | <code title="">bool</code> | | <code title="">true</code> |
|
||||
| *service_config* | Configure service API activation. | <code title="object({ disable_on_destroy = bool disable_dependent_services = bool })">object({...})</code> | | <code title="{ disable_on_destroy = true disable_dependent_services = true }">...</code> |
|
||||
| *services* | Service APIs to enable. | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
| *vpc_sc_perimeter* | None | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *vpc_sc_perimeter_bridges* | None | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -212,18 +212,3 @@ resource "google_project_organization_policy" "list" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_access_context_manager_service_perimeter_resource" "standard" {
|
||||
for_each = toset([var.vpc_sc_perimeter])
|
||||
perimeter_name = each.key
|
||||
resource = "projects/${google_project.project.number}"
|
||||
}
|
||||
|
||||
resource "google_access_context_manager_service_perimeter_resource" "bridges" {
|
||||
for_each = toset(var.vpc_sc_perimeter_bridges)
|
||||
perimeter_name = each.key
|
||||
resource = "projects/${google_project.project.number}"
|
||||
depends_on = [
|
||||
google_access_context_manager_service_perimeter_resource.standard,
|
||||
]
|
||||
}
|
||||
|
|
|
@ -138,25 +138,3 @@ variable "service_config" {
|
|||
disable_dependent_services = true
|
||||
}
|
||||
}
|
||||
|
||||
variable "vpc_sc_perimeter" {
|
||||
description = <<EOF
|
||||
Name of the VPC-SC perimeter the project belongs to. Must be of the form accessPolicies/{policy_id}/servicePerimeters/{short_name}.
|
||||
If this resource is used alongside a `google_access_context_manager_service_perimeter` resource,
|
||||
the service perimeter resource must have a lifecycle block with ignore_changes = [status[0].resources]
|
||||
so they don't fight over which resources should be in the policy.
|
||||
EOF
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpc_sc_perimeter_bridges" {
|
||||
description = <<EOF
|
||||
List of VPC-SC perimeter bridges the project belongs to. Must be of the form accessPolicies/{policy_id}/servicePerimeters/{short_name}.
|
||||
If this resource is used alongside a `google_access_context_manager_service_perimeter` resource,
|
||||
the service perimeter resource must have a lifecycle block with ignore_changes = [status[0].resources]
|
||||
so they don't fight over which resources should be in the policy.
|
||||
EOF
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
Loading…
Reference in New Issue