Add basic Access Level support
This commit is contained in:
parent
96808b89ff
commit
3e2706be10
|
@ -45,6 +45,26 @@ resource "google_access_context_manager_access_policy" "default" {
|
|||
title = each.key
|
||||
}
|
||||
|
||||
resource "google_access_context_manager_access_level" "access-level" {
|
||||
for_each = var.access_levels
|
||||
parent = "accessPolicies/${local.access_policy_name}"
|
||||
name = "accessPolicies/${local.access_policy_name}/accessLevels/${each.key}"
|
||||
title = each.key
|
||||
|
||||
dynamic "basic" {
|
||||
for_each = try(toset(each.value.conditions), [])
|
||||
|
||||
content {
|
||||
combining_function = try(each.value.combining_function, null)
|
||||
conditions {
|
||||
ip_subnetworks = try(basic.value.ip_subnetworks,null)
|
||||
members = try(basic.value.members,null)
|
||||
negate = try(basic.value.negate,null)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_access_context_manager_service_perimeter" "standard" {
|
||||
for_each = local.standard_perimeters
|
||||
parent = "accessPolicies/${local.access_policy_name}"
|
||||
|
|
|
@ -14,10 +14,23 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "access_levels" {
|
||||
description = "Access Levels."
|
||||
type = map(object({
|
||||
combining_function = string
|
||||
conditions = list(object({
|
||||
ip_subnetworks = list(string)
|
||||
members = list(string)
|
||||
negate = string
|
||||
}))
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "access_policy_title" {
|
||||
description = "Access Policy title to be created."
|
||||
type = string
|
||||
default = ""
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "custom_roles" {
|
||||
|
@ -100,3 +113,9 @@ variable "vpc_sc_perimeters_projects" {
|
|||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "vpc_sc_access_levels_perimeters" {
|
||||
description = "Access Levels -Perimeter mapping."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue