80 lines
3.1 KiB
HCL
80 lines
3.1 KiB
HCL
/**
|
|
* Copyright 2022 Google LLC
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
# TODO(ludomagno): add a second variable and resource for custom access levels
|
|
|
|
# this code implements "additive" access levels, if "authoritative"
|
|
# access levels are needed, switch to the
|
|
# google_access_context_manager_access_levels resource
|
|
|
|
resource "google_access_context_manager_access_level" "basic" {
|
|
for_each = var.access_levels == null ? {} : var.access_levels
|
|
parent = "accessPolicies/${local.access_policy}"
|
|
name = "accessPolicies/${local.access_policy}/accessLevels/${each.key}"
|
|
title = each.key
|
|
basic {
|
|
combining_function = each.value.combining_function
|
|
dynamic "conditions" {
|
|
for_each = toset(
|
|
each.value.conditions == null ? [] : each.value.conditions
|
|
)
|
|
iterator = condition
|
|
content {
|
|
# uncomment here and in the variable type to enable
|
|
# dynamic "device_policy" {
|
|
# for_each = toset(
|
|
# condition.key.device_policy == null ? [] : [condition.key.device_policy]
|
|
# )
|
|
# iterator = device_policy
|
|
# content {
|
|
# dynamic "os_constraints" {
|
|
# for_each = toset(
|
|
# device_policy.key.os_constraints == null ? [] : device_policy.key.os_constraints
|
|
# )
|
|
# iterator = os_constraint
|
|
# content {
|
|
# minimum_version = os_constraint.key.minimum_version
|
|
# os_type = os_constraint.key.os_type
|
|
# require_verified_chrome_os = os_constraint.key.require_verified_chrome_os
|
|
# }
|
|
# }
|
|
# allowed_encryption_statuses = device_policy.key.allowed_encryption_statuses
|
|
# allowed_device_management_levels = device_policy.key.allowed_device_management_levels
|
|
# require_admin_approval = device_policy.key.require_admin_approval
|
|
# require_corp_owned = device_policy.key.require_corp_owned
|
|
# require_screen_lock = device_policy.key.require_screen_lock
|
|
# }
|
|
# }
|
|
ip_subnetworks = (
|
|
condition.key.ip_subnetworks == null ? [] : condition.key.ip_subnetworks
|
|
)
|
|
members = (
|
|
condition.key.members == null ? [] : condition.key.members
|
|
)
|
|
negate = condition.key.negate
|
|
regions = (
|
|
condition.key.regions == null ? [] : condition.key.regions
|
|
)
|
|
required_access_levels = (
|
|
condition.key.required_access_levels == null
|
|
? []
|
|
: condition.key.required_access_levels
|
|
)
|
|
}
|
|
}
|
|
}
|
|
}
|