Add dry run mode support
This commit is contained in:
parent
35571096ca
commit
96808b89ff
|
@ -53,7 +53,34 @@ resource "google_access_context_manager_service_perimeter" "standard" {
|
||||||
perimeter_type = each.value.type
|
perimeter_type = each.value.type
|
||||||
status {
|
status {
|
||||||
resources = formatlist("projects/%s", lookup(var.vpc_sc_perimeters_projects, each.key, []))
|
resources = formatlist("projects/%s", lookup(var.vpc_sc_perimeters_projects, each.key, []))
|
||||||
restricted_services = each.value.restricted_services
|
restricted_services = each.value.enforced_config.restricted_services
|
||||||
|
|
||||||
|
dynamic "vpc_accessible_services" {
|
||||||
|
for_each = each.value.enforced_config.vpc_accessible_services != [] ? [""] : []
|
||||||
|
|
||||||
|
content {
|
||||||
|
enable_restriction = true
|
||||||
|
allowed_services = each.value.enforced_config.vpc_accessible_services
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
use_explicit_dry_run_spec = each.value.dry_run_config != [] ? true : false
|
||||||
|
dynamic "spec" {
|
||||||
|
for_each = each.value.dry_run_config != [] ? [""] : []
|
||||||
|
|
||||||
|
content {
|
||||||
|
resources = formatlist("projects/%s", lookup(var.vpc_sc_perimeters_projects, each.key, []))
|
||||||
|
restricted_services = try(each.value.dry_run_config.restricted_services, null)
|
||||||
|
|
||||||
|
dynamic "vpc_accessible_services" {
|
||||||
|
for_each = try(each.value.dry_run_config.vpc_accessible_services != [] ? [""] : [],[])
|
||||||
|
|
||||||
|
content {
|
||||||
|
enable_restriction = true
|
||||||
|
allowed_services = try(each.value.dry_run_config.vpc_accessible_services, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Uncomment if used alongside `google_access_context_manager_service_perimeter_resource`,
|
# Uncomment if used alongside `google_access_context_manager_service_perimeter_resource`,
|
||||||
|
@ -71,7 +98,6 @@ resource "google_access_context_manager_service_perimeter" "bridge" {
|
||||||
perimeter_type = each.value.type
|
perimeter_type = each.value.type
|
||||||
status {
|
status {
|
||||||
resources = formatlist("projects/%s", lookup(var.vpc_sc_perimeters_projects, each.key, []))
|
resources = formatlist("projects/%s", lookup(var.vpc_sc_perimeters_projects, each.key, []))
|
||||||
restricted_services = each.value.restricted_services
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Uncomment if used alongside `google_access_context_manager_service_perimeter_resource`,
|
# Uncomment if used alongside `google_access_context_manager_service_perimeter_resource`,
|
||||||
|
|
|
@ -80,8 +80,17 @@ variable "policy_list" {
|
||||||
variable "vpc_sc_perimeters" {
|
variable "vpc_sc_perimeters" {
|
||||||
description = "Set of Perimeters."
|
description = "Set of Perimeters."
|
||||||
type = map(object({
|
type = map(object({
|
||||||
type = string
|
type = string
|
||||||
restricted_services = list(string)
|
dry_run_config = object({
|
||||||
|
access_levels = list(string)
|
||||||
|
restricted_services = list(string)
|
||||||
|
vpc_accessible_services = list(string)
|
||||||
|
})
|
||||||
|
enforced_config = object({
|
||||||
|
access_levels = list(string)
|
||||||
|
restricted_services = list(string)
|
||||||
|
vpc_accessible_services = list(string)
|
||||||
|
})
|
||||||
}))
|
}))
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue