Merge pull request #1509 from GoogleCloudPlatform/jccb/constraints-output
Add output to org module with custom constraint details and depends_on
This commit is contained in:
commit
d16b616821
|
@ -162,6 +162,8 @@ module "org" {
|
||||||
# tftest modules=1 resources=2 inventory=custom-constraints.yaml
|
# tftest modules=1 resources=2 inventory=custom-constraints.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
You can use the `id` or `custom_constraint_ids` outputs to prevent race conditions between the creation of a custom constraint and an organization policy using that constraint. Both of these outputs depend on the actual constraint, which would make any resource referring to them to wait for the creation of the constraint.
|
||||||
|
|
||||||
### Organization Policy Custom Constraints Factory
|
### Organization Policy Custom Constraints Factory
|
||||||
|
|
||||||
Org policy custom constraints can be loaded from a directory containing YAML files where each file defines one or more custom constraints. The structure of the YAML files is exactly the same as the `org_policy_custom_constraints` variable.
|
Org policy custom constraints can be loaded from a directory containing YAML files where each file defines one or more custom constraints. The structure of the YAML files is exactly the same as the `org_policy_custom_constraints` variable.
|
||||||
|
@ -569,16 +571,17 @@ module "org" {
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [custom_role_id](outputs.tf#L17) | Map of custom role IDs created in the organization. | |
|
| [custom_constraint_ids](outputs.tf#L17) | Map of CUSTOM_CONSTRAINTS => ID in the organization. | |
|
||||||
| [custom_roles](outputs.tf#L30) | Map of custom roles resources created in the organization. | |
|
| [custom_role_id](outputs.tf#L22) | Map of custom role IDs created in the organization. | |
|
||||||
| [firewall_policies](outputs.tf#L35) | Map of firewall policy resources created in the organization. | |
|
| [custom_roles](outputs.tf#L35) | Map of custom roles resources created in the organization. | |
|
||||||
| [firewall_policy_id](outputs.tf#L40) | Map of firewall policy ids created in the organization. | |
|
| [firewall_policies](outputs.tf#L40) | Map of firewall policy resources created in the organization. | |
|
||||||
| [id](outputs.tf#L45) | Fully qualified organization id. | |
|
| [firewall_policy_id](outputs.tf#L45) | Map of firewall policy ids created in the organization. | |
|
||||||
| [network_tag_keys](outputs.tf#L61) | Tag key resources. | |
|
| [id](outputs.tf#L50) | Fully qualified organization id. | |
|
||||||
| [network_tag_values](outputs.tf#L70) | Tag value resources. | |
|
| [network_tag_keys](outputs.tf#L67) | Tag key resources. | |
|
||||||
| [organization_id](outputs.tf#L80) | Organization id dependent on module resources. | |
|
| [network_tag_values](outputs.tf#L76) | Tag value resources. | |
|
||||||
| [sink_writer_identities](outputs.tf#L96) | Writer identities created for each sink. | |
|
| [organization_id](outputs.tf#L86) | Organization id dependent on module resources. | |
|
||||||
| [tag_keys](outputs.tf#L104) | Tag key resources. | |
|
| [sink_writer_identities](outputs.tf#L103) | Writer identities created for each sink. | |
|
||||||
| [tag_values](outputs.tf#L113) | Tag value resources. | |
|
| [tag_keys](outputs.tf#L111) | Tag key resources. | |
|
||||||
|
| [tag_values](outputs.tf#L120) | Tag value resources. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* Copyright 2022 Google LLC
|
* Copyright 2023 Google LLC
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -14,6 +14,11 @@
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
output "custom_constraint_ids" {
|
||||||
|
description = "Map of CUSTOM_CONSTRAINTS => ID in the organization."
|
||||||
|
value = { for k, v in google_org_policy_custom_constraint.constraint : k => v.id }
|
||||||
|
}
|
||||||
|
|
||||||
output "custom_role_id" {
|
output "custom_role_id" {
|
||||||
description = "Map of custom role IDs created in the organization."
|
description = "Map of custom role IDs created in the organization."
|
||||||
value = {
|
value = {
|
||||||
|
@ -46,11 +51,12 @@ output "id" {
|
||||||
description = "Fully qualified organization id."
|
description = "Fully qualified organization id."
|
||||||
value = var.organization_id
|
value = var.organization_id
|
||||||
depends_on = [
|
depends_on = [
|
||||||
|
google_org_policy_custom_constraint.constraint,
|
||||||
|
google_org_policy_policy.default,
|
||||||
google_organization_iam_binding.authoritative,
|
google_organization_iam_binding.authoritative,
|
||||||
google_organization_iam_custom_role.roles,
|
google_organization_iam_custom_role.roles,
|
||||||
google_organization_iam_member.additive,
|
google_organization_iam_member.additive,
|
||||||
google_organization_iam_policy.authoritative,
|
google_organization_iam_policy.authoritative,
|
||||||
google_org_policy_policy.default,
|
|
||||||
google_tags_tag_key.default,
|
google_tags_tag_key.default,
|
||||||
google_tags_tag_key_iam_binding.default,
|
google_tags_tag_key_iam_binding.default,
|
||||||
google_tags_tag_value.default,
|
google_tags_tag_value.default,
|
||||||
|
@ -81,11 +87,12 @@ output "organization_id" {
|
||||||
description = "Organization id dependent on module resources."
|
description = "Organization id dependent on module resources."
|
||||||
value = var.organization_id
|
value = var.organization_id
|
||||||
depends_on = [
|
depends_on = [
|
||||||
|
google_org_policy_custom_constraint.constraint,
|
||||||
|
google_org_policy_policy.default,
|
||||||
google_organization_iam_binding.authoritative,
|
google_organization_iam_binding.authoritative,
|
||||||
google_organization_iam_custom_role.roles,
|
google_organization_iam_custom_role.roles,
|
||||||
google_organization_iam_member.additive,
|
google_organization_iam_member.additive,
|
||||||
google_organization_iam_policy.authoritative,
|
google_organization_iam_policy.authoritative,
|
||||||
google_org_policy_policy.default,
|
|
||||||
google_tags_tag_key.default,
|
google_tags_tag_key.default,
|
||||||
google_tags_tag_key_iam_binding.default,
|
google_tags_tag_key_iam_binding.default,
|
||||||
google_tags_tag_value.default,
|
google_tags_tag_value.default,
|
||||||
|
|
Loading…
Reference in New Issue