kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor vpc-sc support in project module, add support for dry run (#2229)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2024-04-22 10:28:01 +03:00
committed by GitHub
parent 0454fd681d
commit 309792c559
9 changed files with 162 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
modules/project/vpc-sc.tf
View File

@@ -16,30 +16,28 @@
# tfdoc:file:description VPC-SC project-level perimeter configuration.
moved {
from = google_access_context_manager_service_perimeter_resource.service-perimeter-resource-standard
to = google_access_context_manager_service_perimeter_resource.standard
locals {
vpc_sc_perimeters = compact(concat(
[try(var.vpc_sc.perimeter_name, null)],
try(var.vpc_sc.perimeter_bridges, [])
))
vpc_sc_dry_run = try(var.vpc_sc.is_dry_run, false) == true
}
resource "google_access_context_manager_service_perimeter_resource" "standard" {
count = var.service_perimeter_standard != null ? 1 : 0
# this needs an additional lifecycle block in the vpc module on the
# google_access_context_manager_service_perimeter resource
perimeter_name = var.service_perimeter_standard
resource = "projects/${local.project.number}"
}
# use only if the vpc-sc module has a lifecycle block to ignore resources
moved {
from = google_access_context_manager_service_perimeter_resource.service-perimeter-resource-bridges
to = google_access_context_manager_service_perimeter_resource.bridge
}
resource "google_access_context_manager_service_perimeter_resource" "bridge" {
resource "google_access_context_manager_service_perimeter_resource" "default" {
for_each = toset(
var.service_perimeter_bridges != null ? var.service_perimeter_bridges : []
local.vpc_sc_dry_run ? [] : local.vpc_sc_perimeters
)
# this needs an additional lifecycle block in the vpc module on the
# google_access_context_manager_service_perimeter resource
perimeter_name = each.value
perimeter_name = each.key
resource = "projects/${local.project.number}"
}
resource "google_access_context_manager_service_perimeter_dry_run_resource" "default" {
for_each = toset(
local.vpc_sc_dry_run ? local.vpc_sc_perimeters : []
)
perimeter_name = each.key
resource = "projects/${local.project.number}"
}