remove lifecycle block from vpc sc perimeters (#412)

This commit is contained in:
Ludovico Magnocavallo 2022-01-03 15:27:00 +01:00 committed by GitHub
parent ee25965c89
commit 347a4c6b69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 7 deletions

View File

@ -76,7 +76,9 @@ The regular perimeters variable exposes all the complexity of the underlying res
If you need to refer to access levels created by the same module in regular service perimeters, simply use the module's outputs in the provided variables. The example below shows how to do this in practice.
/*
Resources for both perimeters have a `lifecycle` block that ignores changes to `spec` and `status` resources (projects), to allow using the additive resource `google_access_context_manager_service_perimeter_resource` at project creation. If this is not needed, the `lifecycle` blocks can be safely commented in the code.
*/
#### Bridge type

View File

@ -21,7 +21,7 @@
# google_access_context_manager_access_levels resource
resource "google_access_context_manager_access_level" "basic" {
for_each = var.access_levels
for_each = var.access_levels == null ? {} : var.access_levels
parent = "accessPolicies/${local.access_policy}"
name = "accessPolicies/${local.access_policy}/accessLevels/${each.key}"
title = each.key

View File

@ -31,9 +31,9 @@ resource "google_access_context_manager_service_perimeter" "bridge" {
status {
resources = each.value.status_resources == null ? [] : each.value.status_resources
}
lifecycle {
ignore_changes = [spec[0].resources, status[0].resources]
}
# lifecycle {
# ignore_changes = [spec[0].resources, status[0].resources]
# }
depends_on = [
google_access_context_manager_access_policy.default,
google_access_context_manager_access_level.basic

View File

@ -301,9 +301,9 @@ resource "google_access_context_manager_service_perimeter" "regular" {
# end vpc_accessible_services
}
}
lifecycle {
ignore_changes = [spec[0].resources, status[0].resources]
}
# lifecycle {
# ignore_changes = [spec[0].resources, status[0].resources]
# }
depends_on = [
google_access_context_manager_access_policy.default,
google_access_context_manager_access_level.basic