allow setting identities in egress policies (#1394)
This commit is contained in:
parent
00cac9148a
commit
4aa99ea829
|
@ -0,0 +1,88 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
- accessapproval.googleapis.com
|
||||||
|
- adsdatahub.googleapis.com
|
||||||
|
- aiplatform.googleapis.com
|
||||||
|
- alpha-documentai.googleapis.com
|
||||||
|
- apigee.googleapis.com
|
||||||
|
- apigeeconnect.googleapis.com
|
||||||
|
- artifactregistry.googleapis.com
|
||||||
|
- assuredworkloads.googleapis.com
|
||||||
|
- automl.googleapis.com
|
||||||
|
- bigquery.googleapis.com
|
||||||
|
- bigquerydatatransfer.googleapis.com
|
||||||
|
- bigtable.googleapis.com
|
||||||
|
- binaryauthorization.googleapis.com
|
||||||
|
- cloudasset.googleapis.com
|
||||||
|
- cloudbuild.googleapis.com
|
||||||
|
- cloudfunctions.googleapis.com
|
||||||
|
- cloudkms.googleapis.com
|
||||||
|
- cloudprofiler.googleapis.com
|
||||||
|
- cloudresourcemanager.googleapis.com
|
||||||
|
- cloudsearch.googleapis.com
|
||||||
|
- cloudtrace.googleapis.com
|
||||||
|
- composer.googleapis.com
|
||||||
|
- compute.googleapis.com
|
||||||
|
- connectgateway.googleapis.com
|
||||||
|
- contactcenterinsights.googleapis.com
|
||||||
|
- container.googleapis.com
|
||||||
|
- containeranalysis.googleapis.com
|
||||||
|
- containerregistry.googleapis.com
|
||||||
|
- containerthreatdetection.googleapis.com
|
||||||
|
- datacatalog.googleapis.com
|
||||||
|
- dataflow.googleapis.com
|
||||||
|
- datafusion.googleapis.com
|
||||||
|
- dataproc.googleapis.com
|
||||||
|
- datastream.googleapis.com
|
||||||
|
- dialogflow.googleapis.com
|
||||||
|
- dlp.googleapis.com
|
||||||
|
- dns.googleapis.com
|
||||||
|
- documentai.googleapis.com
|
||||||
|
- eventarc.googleapis.com
|
||||||
|
- file.googleapis.com
|
||||||
|
- gameservices.googleapis.com
|
||||||
|
- gkeconnect.googleapis.com
|
||||||
|
- gkehub.googleapis.com
|
||||||
|
- healthcare.googleapis.com
|
||||||
|
- iam.googleapis.com
|
||||||
|
- iaptunnel.googleapis.com
|
||||||
|
- language.googleapis.com
|
||||||
|
- lifesciences.googleapis.com
|
||||||
|
- logging.googleapis.com
|
||||||
|
- managedidentities.googleapis.com
|
||||||
|
- memcache.googleapis.com
|
||||||
|
- meshca.googleapis.com
|
||||||
|
- metastore.googleapis.com
|
||||||
|
- ml.googleapis.com
|
||||||
|
- monitoring.googleapis.com
|
||||||
|
- networkconnectivity.googleapis.com
|
||||||
|
- networkmanagement.googleapis.com
|
||||||
|
- networksecurity.googleapis.com
|
||||||
|
- networkservices.googleapis.com
|
||||||
|
- notebooks.googleapis.com
|
||||||
|
- opsconfigmonitoring.googleapis.com
|
||||||
|
- osconfig.googleapis.com
|
||||||
|
- oslogin.googleapis.com
|
||||||
|
- privateca.googleapis.com
|
||||||
|
- pubsub.googleapis.com
|
||||||
|
- pubsublite.googleapis.com
|
||||||
|
- recaptchaenterprise.googleapis.com
|
||||||
|
- recommender.googleapis.com
|
||||||
|
- redis.googleapis.com
|
||||||
|
- run.googleapis.com
|
||||||
|
- secretmanager.googleapis.com
|
||||||
|
- servicecontrol.googleapis.com
|
||||||
|
- servicedirectory.googleapis.com
|
||||||
|
- spanner.googleapis.com
|
||||||
|
- speakerid.googleapis.com
|
||||||
|
- speech.googleapis.com
|
||||||
|
- sqladmin.googleapis.com
|
||||||
|
- storage.googleapis.com
|
||||||
|
- storagetransfer.googleapis.com
|
||||||
|
- texttospeech.googleapis.com
|
||||||
|
- tpu.googleapis.com
|
||||||
|
- trafficdirector.googleapis.com
|
||||||
|
- transcoder.googleapis.com
|
||||||
|
- translate.googleapis.com
|
||||||
|
- videointelligence.googleapis.com
|
||||||
|
- vision.googleapis.com
|
||||||
|
- vpcaccess.googleapis.com
|
|
@ -90,7 +90,7 @@ variable "egress_policies" {
|
||||||
condition = alltrue([
|
condition = alltrue([
|
||||||
for k, v in var.egress_policies : contains([
|
for k, v in var.egress_policies : contains([
|
||||||
"IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY",
|
"IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY",
|
||||||
"ANY_USER", "ANY_SERVICE_ACCOUNT"
|
"ANY_USER", "ANY_SERVICE_ACCOUNT", ""
|
||||||
], v.from.identity_type)
|
], v.from.identity_type)
|
||||||
])
|
])
|
||||||
error_message = "Invalid `from.identity_type` value in egress policy."
|
error_message = "Invalid `from.identity_type` value in egress policy."
|
||||||
|
|
Loading…
Reference in New Issue