Fix status ingress/egress policies in vpc-sc module (#1036)
* fix status ingress/egress policies * fix default status/spec value
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
f97239bd97
commit
67fca1036c
@@ -28,20 +28,21 @@ resource "google_access_context_manager_service_perimeter" "regular" {
|
||||
perimeter_type = "PERIMETER_TYPE_REGULAR"
|
||||
use_explicit_dry_run_spec = each.value.use_explicit_dry_run_spec
|
||||
dynamic "spec" {
|
||||
for_each = each.value.spec == null ? [] : [""]
|
||||
for_each = each.value.spec == null ? [] : [each.value.spec]
|
||||
iterator = spec
|
||||
content {
|
||||
access_levels = (
|
||||
each.value.spec.access_levels == null ? null : [
|
||||
for k in each.value.spec.access_levels :
|
||||
spec.value.access_levels == null ? null : [
|
||||
for k in spec.value.access_levels :
|
||||
try(google_access_context_manager_access_level.basic[k].id, k)
|
||||
]
|
||||
)
|
||||
resources = each.value.spec.resources
|
||||
restricted_services = each.value.spec.restricted_services
|
||||
resources = spec.value.resources
|
||||
restricted_services = spec.value.restricted_services
|
||||
|
||||
dynamic "egress_policies" {
|
||||
for_each = each.value.spec.egress_policies == null ? {} : {
|
||||
for k in each.value.spec.egress_policies :
|
||||
for_each = spec.value.egress_policies == null ? {} : {
|
||||
for k in spec.value.egress_policies :
|
||||
k => lookup(var.egress_policies, k, null)
|
||||
if contains(keys(var.egress_policies), k)
|
||||
}
|
||||
@@ -77,8 +78,8 @@ resource "google_access_context_manager_service_perimeter" "regular" {
|
||||
}
|
||||
|
||||
dynamic "ingress_policies" {
|
||||
for_each = each.value.spec.ingress_policies == null ? {} : {
|
||||
for k in each.value.spec.ingress_policies :
|
||||
for_each = spec.value.ingress_policies == null ? {} : {
|
||||
for k in spec.value.ingress_policies :
|
||||
k => lookup(var.ingress_policies, k, null)
|
||||
if contains(keys(var.ingress_policies), k)
|
||||
}
|
||||
@@ -129,30 +130,31 @@ resource "google_access_context_manager_service_perimeter" "regular" {
|
||||
}
|
||||
|
||||
dynamic "vpc_accessible_services" {
|
||||
for_each = each.value.spec.vpc_accessible_services == null ? {} : { 1 = 1 }
|
||||
for_each = spec.value.vpc_accessible_services == null ? {} : { 1 = 1 }
|
||||
content {
|
||||
allowed_services = each.value.spec.vpc_accessible_services.allowed_services
|
||||
enable_restriction = each.value.spec.vpc_accessible_services.enable_restriction
|
||||
allowed_services = spec.value.vpc_accessible_services.allowed_services
|
||||
enable_restriction = spec.value.vpc_accessible_services.enable_restriction
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
dynamic "status" {
|
||||
for_each = each.value.status == null ? {} : { 1 = 1 }
|
||||
for_each = each.value.status == null ? [] : [each.value.status]
|
||||
iterator = status
|
||||
content {
|
||||
access_levels = (
|
||||
each.value.status.access_levels == null ? null : [
|
||||
for k in each.value.status.access_levels :
|
||||
status.value.access_levels == null ? null : [
|
||||
for k in status.value.access_levels :
|
||||
try(google_access_context_manager_access_level.basic[k].id, k)
|
||||
]
|
||||
)
|
||||
resources = each.value.status.resources
|
||||
restricted_services = each.value.status.restricted_services
|
||||
resources = status.value.resources
|
||||
restricted_services = status.value.restricted_services
|
||||
|
||||
dynamic "egress_policies" {
|
||||
for_each = each.value.spec.egress_policies == null ? {} : {
|
||||
for k in each.value.spec.egress_policies :
|
||||
for_each = status.value.egress_policies == null ? {} : {
|
||||
for k in status.value.egress_policies :
|
||||
k => lookup(var.egress_policies, k, null)
|
||||
if contains(keys(var.egress_policies), k)
|
||||
}
|
||||
@@ -188,8 +190,8 @@ resource "google_access_context_manager_service_perimeter" "regular" {
|
||||
}
|
||||
|
||||
dynamic "ingress_policies" {
|
||||
for_each = each.value.spec.ingress_policies == null ? {} : {
|
||||
for k in each.value.spec.ingress_policies :
|
||||
for_each = status.value.ingress_policies == null ? {} : {
|
||||
for k in status.value.ingress_policies :
|
||||
k => lookup(var.ingress_policies, k, null)
|
||||
if contains(keys(var.ingress_policies), k)
|
||||
}
|
||||
@@ -205,7 +207,8 @@ resource "google_access_context_manager_service_perimeter" "regular" {
|
||||
iterator = s
|
||||
content {
|
||||
access_level = try(
|
||||
google_access_context_manager_access_level.basic[s.value].id, s.value
|
||||
google_access_context_manager_access_level.basic[s.value].id,
|
||||
s.value
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -240,10 +243,10 @@ resource "google_access_context_manager_service_perimeter" "regular" {
|
||||
}
|
||||
|
||||
dynamic "vpc_accessible_services" {
|
||||
for_each = each.value.status.vpc_accessible_services == null ? {} : { 1 = 1 }
|
||||
for_each = status.value.vpc_accessible_services == null ? {} : { 1 = 1 }
|
||||
content {
|
||||
allowed_services = each.value.status.vpc_accessible_services.allowed_services
|
||||
enable_restriction = each.value.status.vpc_accessible_services.enable_restriction
|
||||
allowed_services = status.value.vpc_accessible_services.allowed_services
|
||||
enable_restriction = status.value.vpc_accessible_services.enable_restriction
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user