allow setting identities in egress policies (#1394)
This commit is contained in:
parent
00cac9148a
commit
4aa99ea829
|
@ -0,0 +1,88 @@
|
|||
# skip boilerplate check
|
||||
- accessapproval.googleapis.com
|
||||
- adsdatahub.googleapis.com
|
||||
- aiplatform.googleapis.com
|
||||
- alpha-documentai.googleapis.com
|
||||
- apigee.googleapis.com
|
||||
- apigeeconnect.googleapis.com
|
||||
- artifactregistry.googleapis.com
|
||||
- assuredworkloads.googleapis.com
|
||||
- automl.googleapis.com
|
||||
- bigquery.googleapis.com
|
||||
- bigquerydatatransfer.googleapis.com
|
||||
- bigtable.googleapis.com
|
||||
- binaryauthorization.googleapis.com
|
||||
- cloudasset.googleapis.com
|
||||
- cloudbuild.googleapis.com
|
||||
- cloudfunctions.googleapis.com
|
||||
- cloudkms.googleapis.com
|
||||
- cloudprofiler.googleapis.com
|
||||
- cloudresourcemanager.googleapis.com
|
||||
- cloudsearch.googleapis.com
|
||||
- cloudtrace.googleapis.com
|
||||
- composer.googleapis.com
|
||||
- compute.googleapis.com
|
||||
- connectgateway.googleapis.com
|
||||
- contactcenterinsights.googleapis.com
|
||||
- container.googleapis.com
|
||||
- containeranalysis.googleapis.com
|
||||
- containerregistry.googleapis.com
|
||||
- containerthreatdetection.googleapis.com
|
||||
- datacatalog.googleapis.com
|
||||
- dataflow.googleapis.com
|
||||
- datafusion.googleapis.com
|
||||
- dataproc.googleapis.com
|
||||
- datastream.googleapis.com
|
||||
- dialogflow.googleapis.com
|
||||
- dlp.googleapis.com
|
||||
- dns.googleapis.com
|
||||
- documentai.googleapis.com
|
||||
- eventarc.googleapis.com
|
||||
- file.googleapis.com
|
||||
- gameservices.googleapis.com
|
||||
- gkeconnect.googleapis.com
|
||||
- gkehub.googleapis.com
|
||||
- healthcare.googleapis.com
|
||||
- iam.googleapis.com
|
||||
- iaptunnel.googleapis.com
|
||||
- language.googleapis.com
|
||||
- lifesciences.googleapis.com
|
||||
- logging.googleapis.com
|
||||
- managedidentities.googleapis.com
|
||||
- memcache.googleapis.com
|
||||
- meshca.googleapis.com
|
||||
- metastore.googleapis.com
|
||||
- ml.googleapis.com
|
||||
- monitoring.googleapis.com
|
||||
- networkconnectivity.googleapis.com
|
||||
- networkmanagement.googleapis.com
|
||||
- networksecurity.googleapis.com
|
||||
- networkservices.googleapis.com
|
||||
- notebooks.googleapis.com
|
||||
- opsconfigmonitoring.googleapis.com
|
||||
- osconfig.googleapis.com
|
||||
- oslogin.googleapis.com
|
||||
- privateca.googleapis.com
|
||||
- pubsub.googleapis.com
|
||||
- pubsublite.googleapis.com
|
||||
- recaptchaenterprise.googleapis.com
|
||||
- recommender.googleapis.com
|
||||
- redis.googleapis.com
|
||||
- run.googleapis.com
|
||||
- secretmanager.googleapis.com
|
||||
- servicecontrol.googleapis.com
|
||||
- servicedirectory.googleapis.com
|
||||
- spanner.googleapis.com
|
||||
- speakerid.googleapis.com
|
||||
- speech.googleapis.com
|
||||
- sqladmin.googleapis.com
|
||||
- storage.googleapis.com
|
||||
- storagetransfer.googleapis.com
|
||||
- texttospeech.googleapis.com
|
||||
- tpu.googleapis.com
|
||||
- trafficdirector.googleapis.com
|
||||
- transcoder.googleapis.com
|
||||
- translate.googleapis.com
|
||||
- videointelligence.googleapis.com
|
||||
- vision.googleapis.com
|
||||
- vpcaccess.googleapis.com
|
|
@ -90,7 +90,7 @@ variable "egress_policies" {
|
|||
condition = alltrue([
|
||||
for k, v in var.egress_policies : contains([
|
||||
"IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY",
|
||||
"ANY_USER", "ANY_SERVICE_ACCOUNT"
|
||||
"ANY_USER", "ANY_SERVICE_ACCOUNT", ""
|
||||
], v.from.identity_type)
|
||||
])
|
||||
error_message = "Invalid `from.identity_type` value in egress policy."
|
||||
|
|
Loading…
Reference in New Issue