parent
2ddfaad4bc
commit
dda715670c
|
@ -13,7 +13,7 @@ The Use of this module requires credentials with the [correct permissions](https
|
|||
```hcl
|
||||
module "vpc-sc" {
|
||||
source = "./modules/vpc-sc"
|
||||
org_id = 112233
|
||||
organization_id = "organizations/112233"
|
||||
access_policy_title = "My Access Policy"
|
||||
access_levels = {
|
||||
my_trusted_proxy = {
|
||||
|
@ -53,7 +53,7 @@ module "vpc-sc" {
|
|||
```hcl
|
||||
module "vpc-sc" {
|
||||
source = "./modules/vpc-sc"
|
||||
org_id = 112233
|
||||
organization_id = "organizations/112233"
|
||||
access_policy_title = "My Access Policy"
|
||||
access_levels = {
|
||||
my_trusted_proxy = {
|
||||
|
@ -99,7 +99,7 @@ module "vpc-sc" {
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---: |:---:|:---:|
|
||||
| access_policy_title | Access Policy title to be created. | <code title="">string</code> | ✓ | |
|
||||
| org_id | Organization id in nnnnnn format. | <code title="">number</code> | ✓ | |
|
||||
| organization_id | Organization id in organizations/nnnnnn format. | <code title="">string</code> | ✓ | |
|
||||
| *access_level_perimeters* | Enforced mode -> Access Level -> Perimeters mapping. Enforced mode can be 'enforced' or 'dry_run' | <code title="map(map(list(string)))">map(map(list(string)))</code> | | <code title="">{}</code> |
|
||||
| *access_levels* | Access Levels. | <code title="map(object({ combining_function = string conditions = list(object({ ip_subnetworks = list(string) members = list(string) negate = string })) }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *perimeter_projects* | Perimeter -> Enforced Mode -> Projects Number mapping. Enforced mode can be 'enforced' or 'dry_run'. | <code title="map(map(list(number)))">map(map(list(number)))</code> | | <code title="">{}</code> |
|
||||
|
@ -111,7 +111,7 @@ module "vpc-sc" {
|
|||
|---|---|:---:|
|
||||
| access_levels | Access Levels. | |
|
||||
| access_policy_name | Access Policy resource | |
|
||||
| org_id | Organization id dependent on module resources. | |
|
||||
| organization_id | Organization id dependent on module resources. | |
|
||||
| perimeters_bridge | VPC-SC bridge perimeter resources. | |
|
||||
| perimeters_standard | VPC-SC standard perimeter resources. | |
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -32,7 +32,7 @@ locals {
|
|||
}
|
||||
|
||||
resource "google_access_context_manager_access_policy" "default" {
|
||||
parent = "organizations/${var.org_id}"
|
||||
parent = var.organization_id
|
||||
title = var.access_policy_title
|
||||
}
|
||||
|
||||
|
@ -115,11 +115,11 @@ resource "google_access_context_manager_service_perimeter" "standard" {
|
|||
}
|
||||
}
|
||||
|
||||
# Uncomment if used alongside `google_access_context_manager_service_perimeter_resource`,
|
||||
# Uncomment if used alongside `google_access_context_manager_service_perimeter_resource`,
|
||||
# so they don't fight over which resources should be in the policy.
|
||||
# lifecycle {
|
||||
# ignore_changes = [status[0].resources]
|
||||
# }
|
||||
# }
|
||||
|
||||
depends_on = [
|
||||
google_access_context_manager_access_level.default,
|
||||
|
@ -152,11 +152,11 @@ resource "google_access_context_manager_service_perimeter" "bridge" {
|
|||
}
|
||||
}
|
||||
|
||||
# Uncomment if used alongside `google_access_context_manager_service_perimeter_resource`,
|
||||
# Uncomment if used alongside `google_access_context_manager_service_perimeter_resource`,
|
||||
# so they don't fight over which resources should be in the policy.
|
||||
# lifecycle {
|
||||
# ignore_changes = [status[0].resources]
|
||||
# }
|
||||
# }
|
||||
|
||||
depends_on = [
|
||||
google_access_context_manager_service_perimeter.standard,
|
||||
|
|
|
@ -14,20 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "org_id" {
|
||||
description = "Organization id dependent on module resources."
|
||||
value = var.org_id
|
||||
# FIXME(jccb): these deps don't exist (??)
|
||||
# depends_on = [
|
||||
# google_organization_iam_audit_config,
|
||||
# google_organization_iam_binding.authoritative,
|
||||
# google_organization_iam_custom_role.roles,
|
||||
# google_organization_iam_member.additive,
|
||||
# google_organization_policy.boolean,
|
||||
# google_organization_policy.list
|
||||
# ]
|
||||
}
|
||||
|
||||
output "access_policy_name" {
|
||||
description = "Access Policy resource"
|
||||
value = local.access_policy_name
|
||||
|
@ -41,6 +27,14 @@ output "access_levels" {
|
|||
}
|
||||
}
|
||||
|
||||
output "organization_id" {
|
||||
description = "Organization id dependent on module resources."
|
||||
value = var.organization_id
|
||||
depends_on = [
|
||||
google_access_context_manager_access_policy.default
|
||||
]
|
||||
}
|
||||
|
||||
output "perimeters_standard" {
|
||||
description = "VPC-SC standard perimeter resources."
|
||||
value = {
|
||||
|
|
|
@ -38,9 +38,9 @@ variable "access_policy_title" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "org_id" {
|
||||
description = "Organization id in nnnnnn format."
|
||||
type = number
|
||||
variable "organization_id" {
|
||||
description = "Organization id in organizations/nnnnnn format."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "perimeters" {
|
||||
|
|
Loading…
Reference in New Issue