Merge pull request #201 from terraform-google-modules/jccb/essential-contacts
Add support for essential contacts
This commit is contained in:
commit
c6cf4a00a6
|
@ -144,6 +144,7 @@ module "folder2" {
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---: |:---:|:---:|
|
|---|---|:---: |:---:|:---:|
|
||||||
|
| *contacts* | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||||
| *firewall_policies* | Hierarchical firewall policies to *create* in this folder. | <code title="map(map(object({ description = string direction = string action = string priority = number ranges = list(string) ports = map(list(string)) target_service_accounts = list(string) target_resources = list(string) logging = bool })))">map(map(object({...})))</code> | | <code title="">{}</code> |
|
| *firewall_policies* | Hierarchical firewall policies to *create* in this folder. | <code title="map(map(object({ description = string direction = string action = string priority = number ranges = list(string) ports = map(list(string)) target_service_accounts = list(string) target_resources = list(string) logging = bool })))">map(map(object({...})))</code> | | <code title="">{}</code> |
|
||||||
| *firewall_policy_attachments* | List of hierarchical firewall policy IDs to *attach* to this folder. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
| *firewall_policy_attachments* | List of hierarchical firewall policy IDs to *attach* to this folder. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||||
| *folder_create* | Create folder. When set to false, uses id to reference an existing folder. | <code title="">bool</code> | | <code title="">true</code> |
|
| *folder_create* | Create folder. When set to false, uses id to reference an existing folder. | <code title="">bool</code> | | <code title="">true</code> |
|
||||||
|
|
|
@ -71,7 +71,7 @@ resource "google_folder_organization_policy" "boolean" {
|
||||||
folder = local.folder.name
|
folder = local.folder.name
|
||||||
constraint = each.key
|
constraint = each.key
|
||||||
|
|
||||||
dynamic boolean_policy {
|
dynamic "boolean_policy" {
|
||||||
for_each = each.value == null ? [] : [each.value]
|
for_each = each.value == null ? [] : [each.value]
|
||||||
iterator = policy
|
iterator = policy
|
||||||
content {
|
content {
|
||||||
|
@ -79,7 +79,7 @@ resource "google_folder_organization_policy" "boolean" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic restore_policy {
|
dynamic "restore_policy" {
|
||||||
for_each = each.value == null ? [""] : []
|
for_each = each.value == null ? [""] : []
|
||||||
content {
|
content {
|
||||||
default = true
|
default = true
|
||||||
|
@ -92,13 +92,13 @@ resource "google_folder_organization_policy" "list" {
|
||||||
folder = local.folder.name
|
folder = local.folder.name
|
||||||
constraint = each.key
|
constraint = each.key
|
||||||
|
|
||||||
dynamic list_policy {
|
dynamic "list_policy" {
|
||||||
for_each = each.value.status == null ? [] : [each.value]
|
for_each = each.value.status == null ? [] : [each.value]
|
||||||
iterator = policy
|
iterator = policy
|
||||||
content {
|
content {
|
||||||
inherit_from_parent = policy.value.inherit_from_parent
|
inherit_from_parent = policy.value.inherit_from_parent
|
||||||
suggested_value = policy.value.suggested_value
|
suggested_value = policy.value.suggested_value
|
||||||
dynamic allow {
|
dynamic "allow" {
|
||||||
for_each = policy.value.status ? [""] : []
|
for_each = policy.value.status ? [""] : []
|
||||||
content {
|
content {
|
||||||
values = (
|
values = (
|
||||||
|
@ -113,7 +113,7 @@ resource "google_folder_organization_policy" "list" {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
dynamic deny {
|
dynamic "deny" {
|
||||||
for_each = policy.value.status ? [] : [""]
|
for_each = policy.value.status ? [] : [""]
|
||||||
content {
|
content {
|
||||||
values = (
|
values = (
|
||||||
|
@ -131,7 +131,7 @@ resource "google_folder_organization_policy" "list" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic restore_policy {
|
dynamic "restore_policy" {
|
||||||
for_each = each.value.status == null ? [true] : []
|
for_each = each.value.status == null ? [true] : []
|
||||||
content {
|
content {
|
||||||
default = true
|
default = true
|
||||||
|
@ -224,3 +224,12 @@ resource "google_logging_folder_exclusion" "logging-exclusion" {
|
||||||
description = "${each.key} (Terraform-managed)"
|
description = "${each.key} (Terraform-managed)"
|
||||||
filter = each.value
|
filter = each.value
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_essential_contacts_contact" "contact" {
|
||||||
|
provider = google-beta
|
||||||
|
for_each = var.contacts
|
||||||
|
parent = local.folder.name
|
||||||
|
email = each.key
|
||||||
|
language_tag = "en"
|
||||||
|
notification_category_subscriptions = each.value
|
||||||
|
}
|
||||||
|
|
|
@ -104,3 +104,9 @@ variable "id" {
|
||||||
type = string
|
type = string
|
||||||
default = null
|
default = null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "contacts" {
|
||||||
|
description = "List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES"
|
||||||
|
type = map(list(string))
|
||||||
|
default = {}
|
||||||
|
}
|
||||||
|
|
|
@ -16,4 +16,7 @@
|
||||||
|
|
||||||
terraform {
|
terraform {
|
||||||
required_version = ">= 0.13.0"
|
required_version = ">= 0.13.0"
|
||||||
|
required_providers {
|
||||||
|
google = "~> 3.57"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -121,6 +121,7 @@ module "org" {
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---: |:---:|:---:|
|
|---|---|:---: |:---:|:---:|
|
||||||
| organization_id | Organization id in organizations/nnnnnn format. | <code title="string validation { condition = can(regex("^organizations/[0-9]+", var.organization_id)) error_message = "The organization_id must in the form organizations/nnn." }">string</code> | ✓ | |
|
| organization_id | Organization id in organizations/nnnnnn format. | <code title="string validation { condition = can(regex("^organizations/[0-9]+", var.organization_id)) error_message = "The organization_id must in the form organizations/nnn." }">string</code> | ✓ | |
|
||||||
|
| *contacts* | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||||
| *custom_roles* | Map of role name => list of permissions to create in this project. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
| *custom_roles* | Map of role name => list of permissions to create in this project. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||||
| *firewall_policies* | Hierarchical firewall policies to *create* in the organization. | <code title="map(map(object({ description = string direction = string action = string priority = number ranges = list(string) ports = map(list(string)) target_service_accounts = list(string) target_resources = list(string) logging = bool })))">map(map(object({...})))</code> | | <code title="">{}</code> |
|
| *firewall_policies* | Hierarchical firewall policies to *create* in the organization. | <code title="map(map(object({ description = string direction = string action = string priority = number ranges = list(string) ports = map(list(string)) target_service_accounts = list(string) target_resources = list(string) logging = bool })))">map(map(object({...})))</code> | | <code title="">{}</code> |
|
||||||
| *firewall_policy_attachments* | List of hierarchical firewall policy IDs to *attach* to the organization | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
| *firewall_policy_attachments* | List of hierarchical firewall policy IDs to *attach* to the organization | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||||
|
|
|
@ -120,7 +120,7 @@ resource "google_organization_iam_audit_config" "config" {
|
||||||
for_each = var.iam_audit_config
|
for_each = var.iam_audit_config
|
||||||
org_id = local.organization_id_numeric
|
org_id = local.organization_id_numeric
|
||||||
service = each.key
|
service = each.key
|
||||||
dynamic audit_log_config {
|
dynamic "audit_log_config" {
|
||||||
for_each = each.value
|
for_each = each.value
|
||||||
iterator = config
|
iterator = config
|
||||||
content {
|
content {
|
||||||
|
@ -135,7 +135,7 @@ resource "google_organization_policy" "boolean" {
|
||||||
org_id = local.organization_id_numeric
|
org_id = local.organization_id_numeric
|
||||||
constraint = each.key
|
constraint = each.key
|
||||||
|
|
||||||
dynamic boolean_policy {
|
dynamic "boolean_policy" {
|
||||||
for_each = each.value == null ? [] : [each.value]
|
for_each = each.value == null ? [] : [each.value]
|
||||||
iterator = policy
|
iterator = policy
|
||||||
content {
|
content {
|
||||||
|
@ -143,7 +143,7 @@ resource "google_organization_policy" "boolean" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic restore_policy {
|
dynamic "restore_policy" {
|
||||||
for_each = each.value == null ? [""] : []
|
for_each = each.value == null ? [""] : []
|
||||||
content {
|
content {
|
||||||
default = true
|
default = true
|
||||||
|
@ -156,13 +156,13 @@ resource "google_organization_policy" "list" {
|
||||||
org_id = local.organization_id_numeric
|
org_id = local.organization_id_numeric
|
||||||
constraint = each.key
|
constraint = each.key
|
||||||
|
|
||||||
dynamic list_policy {
|
dynamic "list_policy" {
|
||||||
for_each = each.value.status == null ? [] : [each.value]
|
for_each = each.value.status == null ? [] : [each.value]
|
||||||
iterator = policy
|
iterator = policy
|
||||||
content {
|
content {
|
||||||
inherit_from_parent = policy.value.inherit_from_parent
|
inherit_from_parent = policy.value.inherit_from_parent
|
||||||
suggested_value = policy.value.suggested_value
|
suggested_value = policy.value.suggested_value
|
||||||
dynamic allow {
|
dynamic "allow" {
|
||||||
for_each = policy.value.status ? [""] : []
|
for_each = policy.value.status ? [""] : []
|
||||||
content {
|
content {
|
||||||
values = (
|
values = (
|
||||||
|
@ -177,7 +177,7 @@ resource "google_organization_policy" "list" {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
dynamic deny {
|
dynamic "deny" {
|
||||||
for_each = policy.value.status ? [] : [""]
|
for_each = policy.value.status ? [] : [""]
|
||||||
content {
|
content {
|
||||||
values = (
|
values = (
|
||||||
|
@ -195,7 +195,7 @@ resource "google_organization_policy" "list" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic restore_policy {
|
dynamic "restore_policy" {
|
||||||
for_each = each.value.status == null ? [true] : []
|
for_each = each.value.status == null ? [true] : []
|
||||||
content {
|
content {
|
||||||
default = true
|
default = true
|
||||||
|
@ -288,3 +288,12 @@ resource "google_logging_organization_exclusion" "logging-exclusion" {
|
||||||
description = "${each.key} (Terraform-managed)"
|
description = "${each.key} (Terraform-managed)"
|
||||||
filter = each.value
|
filter = each.value
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_essential_contacts_contact" "contact" {
|
||||||
|
provider = google-beta
|
||||||
|
for_each = var.contacts
|
||||||
|
parent = var.organization_id
|
||||||
|
email = each.key
|
||||||
|
language_tag = "en"
|
||||||
|
notification_category_subscriptions = each.value
|
||||||
|
}
|
||||||
|
|
|
@ -133,3 +133,9 @@ variable "logging_exclusions" {
|
||||||
type = map(string)
|
type = map(string)
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "contacts" {
|
||||||
|
description = "List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES"
|
||||||
|
type = map(list(string))
|
||||||
|
default = {}
|
||||||
|
}
|
||||||
|
|
|
@ -16,4 +16,7 @@
|
||||||
|
|
||||||
terraform {
|
terraform {
|
||||||
required_version = ">= 0.12.6"
|
required_version = ">= 0.12.6"
|
||||||
|
required_providers {
|
||||||
|
google = "~> 3.57"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -135,6 +135,7 @@ module "project-host" {
|
||||||
| name | Project name and id suffix. | <code title="">string</code> | ✓ | |
|
| name | Project name and id suffix. | <code title="">string</code> | ✓ | |
|
||||||
| *auto_create_network* | Whether to create the default network for the project | <code title="">bool</code> | | <code title="">false</code> |
|
| *auto_create_network* | Whether to create the default network for the project | <code title="">bool</code> | | <code title="">false</code> |
|
||||||
| *billing_account* | Billing account id. | <code title="">string</code> | | <code title="">null</code> |
|
| *billing_account* | Billing account id. | <code title="">string</code> | | <code title="">null</code> |
|
||||||
|
| *contacts* | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||||
| *custom_roles* | Map of role name => list of permissions to create in this project. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
| *custom_roles* | Map of role name => list of permissions to create in this project. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||||
| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | <code title="map(set(string))">map(set(string))</code> | | <code title="">{}</code> |
|
| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | <code title="map(set(string))">map(set(string))</code> | | <code title="">{}</code> |
|
||||||
| *iam_additive* | IAM additive bindings in {ROLE => [MEMBERS]} format. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
| *iam_additive* | IAM additive bindings in {ROLE => [MEMBERS]} format. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||||
|
|
|
@ -169,7 +169,7 @@ resource "google_project_organization_policy" "boolean" {
|
||||||
project = local.project.project_id
|
project = local.project.project_id
|
||||||
constraint = each.key
|
constraint = each.key
|
||||||
|
|
||||||
dynamic boolean_policy {
|
dynamic "boolean_policy" {
|
||||||
for_each = each.value == null ? [] : [each.value]
|
for_each = each.value == null ? [] : [each.value]
|
||||||
iterator = policy
|
iterator = policy
|
||||||
content {
|
content {
|
||||||
|
@ -177,7 +177,7 @@ resource "google_project_organization_policy" "boolean" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic restore_policy {
|
dynamic "restore_policy" {
|
||||||
for_each = each.value == null ? [""] : []
|
for_each = each.value == null ? [""] : []
|
||||||
content {
|
content {
|
||||||
default = true
|
default = true
|
||||||
|
@ -190,13 +190,13 @@ resource "google_project_organization_policy" "list" {
|
||||||
project = local.project.project_id
|
project = local.project.project_id
|
||||||
constraint = each.key
|
constraint = each.key
|
||||||
|
|
||||||
dynamic list_policy {
|
dynamic "list_policy" {
|
||||||
for_each = each.value.status == null ? [] : [each.value]
|
for_each = each.value.status == null ? [] : [each.value]
|
||||||
iterator = policy
|
iterator = policy
|
||||||
content {
|
content {
|
||||||
inherit_from_parent = policy.value.inherit_from_parent
|
inherit_from_parent = policy.value.inherit_from_parent
|
||||||
suggested_value = policy.value.suggested_value
|
suggested_value = policy.value.suggested_value
|
||||||
dynamic allow {
|
dynamic "allow" {
|
||||||
for_each = policy.value.status ? [""] : []
|
for_each = policy.value.status ? [""] : []
|
||||||
content {
|
content {
|
||||||
values = (
|
values = (
|
||||||
|
@ -211,7 +211,7 @@ resource "google_project_organization_policy" "list" {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
dynamic deny {
|
dynamic "deny" {
|
||||||
for_each = policy.value.status ? [] : [""]
|
for_each = policy.value.status ? [] : [""]
|
||||||
content {
|
content {
|
||||||
values = (
|
values = (
|
||||||
|
@ -229,7 +229,7 @@ resource "google_project_organization_policy" "list" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic restore_policy {
|
dynamic "restore_policy" {
|
||||||
for_each = each.value.status == null ? [true] : []
|
for_each = each.value.status == null ? [true] : []
|
||||||
content {
|
content {
|
||||||
default = true
|
default = true
|
||||||
|
@ -298,3 +298,12 @@ resource "google_logging_project_exclusion" "logging-exclusion" {
|
||||||
description = "${each.key} (Terraform-managed)"
|
description = "${each.key} (Terraform-managed)"
|
||||||
filter = each.value
|
filter = each.value
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_essential_contacts_contact" "contact" {
|
||||||
|
provider = google-beta
|
||||||
|
for_each = var.contacts
|
||||||
|
parent = "projects/${local.project.project_id}"
|
||||||
|
email = each.key
|
||||||
|
language_tag = "en"
|
||||||
|
notification_category_subscriptions = each.value
|
||||||
|
}
|
||||||
|
|
|
@ -182,3 +182,10 @@ variable "logging_exclusions" {
|
||||||
type = map(string)
|
type = map(string)
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
variable "contacts" {
|
||||||
|
description = "List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES"
|
||||||
|
type = map(list(string))
|
||||||
|
default = {}
|
||||||
|
}
|
||||||
|
|
|
@ -16,4 +16,7 @@
|
||||||
|
|
||||||
terraform {
|
terraform {
|
||||||
required_version = ">= 0.13.0"
|
required_version = ">= 0.13.0"
|
||||||
|
required_providers {
|
||||||
|
google = "~> 3.57"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue