zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove device_policy, it requires BeyondCorp Enterprise Premium. we will implement it in future iterations. (#215)

This commit is contained in:
lcaggio 2021-03-29 12:17:11 +02:00 committed by GitHub
parent 6ee1638f36
commit eee06bd5dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 2 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/vpc-sc/README.md
View File

@ -23,7 +23,6 @@ module "vpc-sc" {
required_access_levels = null
members = []
negate = false
device_policy = null
regions = null
}]
}
@ -66,7 +65,6 @@ module "vpc-sc" {
required_access_levels = null
members = []
negate = false
device_policy = null
regions = null
}]
}
@ -107,7 +105,7 @@ module "vpc-sc" {
| access_policy_title | Access Policy title to be created. | <code title="">string</code> | ✓ | |
| organization_id | Organization id in organizations/nnnnnn format. | <code title="">string</code> | ✓ | |
| *access_level_perimeters* | Enforced mode -> Access Level -> Perimeters mapping. Enforced mode can be 'enforced' or 'dry_run' | <code title="map&#40;map&#40;list&#40;string&#41;&#41;&#41;">map(map(list(string)))</code> | | <code title="">{}</code> |
| *access_levels* | Map of Access Levels to be created. For each Access Level you can specify 'ip_subnetworks, required_access_levels, members, negate, device_policy or regions'. | <code title="map&#40;object&#40;&#123;&#10;combining_function &#61; string&#10;conditions &#61; list&#40;object&#40;&#123;&#10;ip_subnetworks &#61; list&#40;string&#41;&#10;required_access_levels &#61; list&#40;string&#41;&#10;members &#61; list&#40;string&#41;&#10;negate &#61; string&#10;device_policy &#61; object&#40;&#123;&#10;require_screen_lock &#61; bool&#10;allowed_encryption_statuses &#61; string&#10;allowed_device_management_levels &#61; string&#10;require_admin_approval &#61; bool&#10;require_corp_owned &#61; bool&#10;&#125;&#41;&#10;regions &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="">{}</code> |
| *access_levels* | Map of Access Levels to be created. For each Access Level you can specify 'ip_subnetworks, required_access_levels, members, negate or regions'. | <code title="map&#40;object&#40;&#123;&#10;combining_function &#61; string&#10;conditions &#61; list&#40;object&#40;&#123;&#10;ip_subnetworks &#61; list&#40;string&#41;&#10;required_access_levels &#61; list&#40;string&#41;&#10;members &#61; list&#40;string&#41;&#10;negate &#61; string&#10;regions &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="">{}</code> |
| *perimeter_projects* | Perimeter -> Enforced Mode -> Projects Number mapping. Enforced mode can be 'enforced' or 'dry_run'. | <code title="map&#40;map&#40;list&#40;number&#41;&#41;&#41;">map(map(list(number)))</code> | | <code title="">{}</code> |
| *perimeters* | Set of Perimeters. | <code title="map&#40;object&#40;&#123;&#10;type &#61; string&#10;dry_run_config &#61; object&#40;&#123;&#10;restricted_services &#61; list&#40;string&#41;&#10;vpc_accessible_services &#61; list&#40;string&#41;&#10;&#125;&#41;&#10;enforced_config &#61; object&#40;&#123;&#10;restricted_services &#61; list&#40;string&#41;&#10;vpc_accessible_services &#61; list&#40;string&#41;&#10;&#125;&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="">{}</code> |

7
modules/vpc-sc/main.tf
View File

@ -53,13 +53,6 @@ resource "google_access_context_manager_access_level" "default" {
required_access_levels = try(condition.value.required_access_levels, null)
members = try(condition.value.members, null)
negate = try(condition.value.negate, null)
device_policy {
require_screen_lock = try(condition.value.device_policy.require_screen_lock, null)
allowed_encryption_statuses = try(condition.value.device_policy.allowed_encryption_statuses, null)
allowed_device_management_levels = try(condition.value.device_policy.allowed_device_management_levels, null)
require_admin_approval = try(condition.value.device_policy.require_admin_approval, null)
require_corp_owned = try(condition.value.device_policy.require_corp_owned, null)
}
regions = try(condition.value.regions, null)
}
}

9
modules/vpc-sc/variables.tf
View File

@ -15,7 +15,7 @@
*/
variable "access_levels" {
description = "Map of Access Levels to be created. For each Access Level you can specify 'ip_subnetworks, required_access_levels, members, negate, device_policy or regions'."
description = "Map of Access Levels to be created. For each Access Level you can specify 'ip_subnetworks, required_access_levels, members, negate or regions'."
type = map(object({
combining_function = string
conditions = list(object({
@ -23,13 +23,6 @@ variable "access_levels" {
required_access_levels = list(string)
members = list(string)
negate = string
device_policy = object({
require_screen_lock = bool
allowed_encryption_statuses = string
allowed_device_management_levels = string
require_admin_approval = bool
require_corp_owned = bool
})
regions = list(string)
}))
}))