Simplify conditional expressions
This commit is contained in:
parent
a8de9088c6
commit
3935867d92
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
locals {
|
||||
gclb_create = var.custom_domain == null ? false : true
|
||||
}
|
||||
|
@ -100,7 +100,7 @@ module "glb" {
|
|||
|
||||
# Cloud Armor configuration
|
||||
resource "google_compute_security_policy" "policy" {
|
||||
count = local.gclb_create ? (var.security_policy.enabled ? 1 : 0) : 0
|
||||
count = local.gclb_create && var.security_policy.enabled ? 1 : 0
|
||||
name = "cloud-run-policy"
|
||||
project = module.project.project_id
|
||||
rule {
|
||||
|
@ -147,7 +147,7 @@ resource "google_compute_security_policy" "policy" {
|
|||
# Destroying a Terraform-managed Brand will remove it from state but
|
||||
# will not delete it from Google Cloud.
|
||||
resource "google_iap_brand" "iap_brand" {
|
||||
count = local.gclb_create ? (var.iap.enabled ? 1 : 0) : 0
|
||||
count = local.gclb_create && var.iap.enabled ? 1 : 0
|
||||
project = module.project.project_id
|
||||
# Support email displayed on the OAuth consent screen. The caller must be
|
||||
# the user with the associated email address, or if a group email is
|
||||
|
@ -164,7 +164,7 @@ resource "google_iap_brand" "iap_brand" {
|
|||
# Warning:
|
||||
# All arguments including secret will be stored in the raw state as plain-text.
|
||||
resource "google_iap_client" "iap_client" {
|
||||
count = local.gclb_create ? (var.iap.enabled ? 1 : 0) : 0
|
||||
count = local.gclb_create && var.iap.enabled ? 1 : 0
|
||||
display_name = var.iap.oauth2_client_name
|
||||
brand = google_iap_brand.iap_brand[0].name
|
||||
}
|
||||
|
@ -172,7 +172,7 @@ resource "google_iap_client" "iap_client" {
|
|||
# IAM policy for IAP
|
||||
# For simplicity we use the same email as support_email and authorized member
|
||||
resource "google_iap_web_iam_member" "iap_iam" {
|
||||
count = local.gclb_create ? (var.iap.enabled ? 1 : 0) : 0
|
||||
count = local.gclb_create && var.iap.enabled ? 1 : 0
|
||||
project = module.project.project_id
|
||||
role = "roles/iap.httpsResourceAccessor"
|
||||
member = "user:${var.iap.email}"
|
||||
|
|
Loading…
Reference in New Issue