zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix variable

This commit is contained in:
lcaggio 2021-05-17 18:38:46 +02:00
parent f306f01fbc
commit 4ecd13225a
2 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/vpc-sc/README.md
View File

@ -39,12 +39,10 @@ module "vpc-sc" {
}
ingress_to = {
resources = ["*"]
operations = [
{
"storage.googleapis.com" = [{ method = "google.storage.objects.create" }]
"bigquery.googleapis.com" = [{ method = "BigQueryStorage.ReadRows" }]
}
]
operations = {
"storage.googleapis.com" = [{ method = "google.storage.objects.create" }]
"bigquery.googleapis.com" = [{ method = "BigQueryStorage.ReadRows" }]
}
}
}
}
@ -61,12 +59,10 @@ module "vpc-sc" {
}
egress_to = {
resources = ["*"]
operations = [
{
"storage.googleapis.com" = [{ method = "google.storage.objects.create" }],
"bigquery.googleapis.com" = [{ method = "BigQueryStorage.ReadRows" },{ method = "TableService.ListTables" }, { permission = "bigquery.jobs.get" }]
}
]
operations = {
"storage.googleapis.com" = [{ method = "google.storage.objects.create" }],
"bigquery.googleapis.com" = [{ method = "BigQueryStorage.ReadRows" },{ method = "TableService.ListTables" }, { permission = "bigquery.jobs.get" }]
}
}
}
}

8
modules/vpc-sc/main.tf
View File

@ -113,7 +113,7 @@ resource "google_access_context_manager_service_perimeter" "standard" {
resources = try(var.egress_policies[egress_policies.value].egress_to.resources, null)
dynamic "operations" {
for_each = try(var.egress_policies[egress_policies.value].egress_to.operations[0], [])
for_each = try(var.egress_policies[egress_policies.value].egress_to.operations, [])
content {
service_name = try(operations.key, null)
@ -161,7 +161,7 @@ resource "google_access_context_manager_service_perimeter" "standard" {
resources = try(var.ingress_policies[ingress_policies.value].ingress_to.resources, null)
dynamic "operations" {
for_each = try(var.ingress_policies[ingress_policies.value].ingress_to.operations[0], [])
for_each = try(var.ingress_policies[ingress_policies.value].ingress_to.operations, [])
content {
service_name = try(operations.key, null)
@ -226,7 +226,7 @@ resource "google_access_context_manager_service_perimeter" "standard" {
resources = try(var.egress_policies[egress_policies.value].egress_to.resources, null)
dynamic "operations" {
for_each = try(var.egress_policies[egress_policies.value].egress_to.operations[0], [])
for_each = try(var.egress_policies[egress_policies.value].egress_to.operations, [])
content {
service_name = try(operations.key, null)
@ -274,7 +274,7 @@ resource "google_access_context_manager_service_perimeter" "standard" {
resources = try(var.ingress_policies[ingress_policies.value].ingress_to.resources, null)
dynamic "operations" {
for_each = try(var.ingress_policies[ingress_policies.value].ingress_to.operations[0], [])
for_each = try(var.ingress_policies[ingress_policies.value].ingress_to.operations, [])
content {
service_name = try(operations.key, null)