Merge branch 'master' into alexmeissner/gitlab-template

2022-04-15 09:10:49 +02:00 · 2022-04-15 09:10:49 +02:00 · 53fde432c4
parent d55c0485db 73a9136dc6
commit 53fde432c4
1 changed files with 22 additions and 22 deletions
--- a/fast/stages/01-resman/organization.tf
+++ b/fast/stages/01-resman/organization.tf
@ -82,29 +82,29 @@ module "organization" {
  )
  # sample subset of useful organization policies, edit to suit requirements
  policy_boolean = {
-    "constraints/cloudfunctions.requireVPCConnector"              = true
-    "constraints/compute.disableGuestAttributesAccess"            = true
-    "constraints/compute.disableInternetNetworkEndpointGroup"     = true
-    "constraints/compute.disableNestedVirtualization"             = true
-    "constraints/compute.disableSerialPortAccess"                 = true
+    # "constraints/cloudfunctions.requireVPCConnector"              = true
+    # "constraints/compute.disableGuestAttributesAccess" = true
+    # "constraints/compute.disableInternetNetworkEndpointGroup"     = true
+    # "constraints/compute.disableNestedVirtualization"             = true
+    # "constraints/compute.disableSerialPortAccess"                 = true
    "constraints/compute.requireOsLogin" = true
-    "constraints/compute.restrictXpnProjectLienRemoval"           = true
+    # "constraints/compute.restrictXpnProjectLienRemoval"           = true
    "constraints/compute.skipDefaultNetworkCreation" = true
-    "constraints/compute.setNewProjectDefaultToZonalDNSOnly"      = true
+    # "constraints/compute.setNewProjectDefaultToZonalDNSOnly"      = true
    "constraints/iam.automaticIamGrantsForDefaultServiceAccounts" = true
    "constraints/iam.disableServiceAccountKeyCreation"            = true
-    "constraints/iam.disableServiceAccountKeyUpload"              = true
+    # "constraints/iam.disableServiceAccountKeyUpload"              = true
    "constraints/sql.restrictPublicIp"             = true
    "constraints/sql.restrictAuthorizedNetworks"   = true
    "constraints/storage.uniformBucketLevelAccess" = true
  }
  policy_list = {
-    "constraints/cloudfunctions.allowedIngressSettings" = merge(
-      local.list_allow, { values = ["is:ALLOW_INTERNAL_ONLY"] }
-    )
-    "constraints/cloudfunctions.allowedVpcConnectorEgressSettings" = merge(
-      local.list_allow, { values = ["is:PRIVATE_RANGES_ONLY"] }
-    )
+    # "constraints/cloudfunctions.allowedIngressSettings" = merge(
+    #   local.list_allow, { values = ["is:ALLOW_INTERNAL_ONLY"] }
+    # )
+    # "constraints/cloudfunctions.allowedVpcConnectorEgressSettings" = merge(
+    #   local.list_allow, { values = ["is:PRIVATE_RANGES_ONLY"] }
+    # )
    "constraints/compute.restrictLoadBalancerCreationForTypes" = merge(
      local.list_allow, { values = ["in:INTERNAL"] }
    )
@ -119,9 +119,9 @@ module "organization" {
    "constraints/run.allowedIngress" = merge(
      local.list_allow, { values = ["is:internal"] }
    )
-    "constraints/run.allowedVPCEgress" = merge(
-      local.list_allow, { values = ["is:private-ranges-only"] }
-    )
+    # "constraints/run.allowedVPCEgress" = merge(
+    #   local.list_allow, { values = ["is:private-ranges-only"] }
+    # )
    # "constraints/compute.restrictCloudNATUsage"                      = local.list_deny
    # "constraints/compute.restrictDedicatedInterconnectUsage"         = local.list_deny
    # "constraints/compute.restrictPartnerInterconnectUsage"           = local.list_deny