From 77a4696aa6480f0289223243d57e5dcf81a84bb7 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 18 Oct 2023 20:21:16 +0200 Subject: [PATCH] Add gcp org policy constraints file to bootstrap stage (#1775) * add gcp org policy constraints file to bootstrap * make the org policy factories more resilient --- .../0-bootstrap/data/org-policies/gcp.yaml | 19 +++++++++++++++++++ modules/folder/organization-policies.tf | 2 +- modules/organization/organization-policies.tf | 2 +- modules/project/organization-policies.tf | 2 +- 4 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 fast/stages/0-bootstrap/data/org-policies/gcp.yaml diff --git a/fast/stages/0-bootstrap/data/org-policies/gcp.yaml b/fast/stages/0-bootstrap/data/org-policies/gcp.yaml new file mode 100644 index 000000000..5c13020d7 --- /dev/null +++ b/fast/stages/0-bootstrap/data/org-policies/gcp.yaml @@ -0,0 +1,19 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# constraints/gcp.resourceLocations: +# rules: +# - allow: +# values: +# - "in:europe-locations" diff --git a/modules/folder/organization-policies.tf b/modules/folder/organization-policies.tf index 2bf79c4ab..90d45ff01 100644 --- a/modules/folder/organization-policies.tf +++ b/modules/folder/organization-policies.tf @@ -19,7 +19,7 @@ locals { _factory_data_raw = merge([ for f in try(fileset(var.org_policies_data_path, "*.yaml"), []) : - yamldecode(file("${var.org_policies_data_path}/${f}")) + try(yamldecode(file("${var.org_policies_data_path}/${f}")), {}) ]...) # simulate applying defaults to data coming from yaml files diff --git a/modules/organization/organization-policies.tf b/modules/organization/organization-policies.tf index 8d867f668..602e72305 100644 --- a/modules/organization/organization-policies.tf +++ b/modules/organization/organization-policies.tf @@ -19,7 +19,7 @@ locals { _factory_data_raw = merge([ for f in try(fileset(var.org_policies_data_path, "*.yaml"), []) : - yamldecode(file("${var.org_policies_data_path}/${f}")) + try(yamldecode(file("${var.org_policies_data_path}/${f}")), {}) ]...) # simulate applying defaults to data coming from yaml files diff --git a/modules/project/organization-policies.tf b/modules/project/organization-policies.tf index 37e6f2531..e4f10ddaa 100644 --- a/modules/project/organization-policies.tf +++ b/modules/project/organization-policies.tf @@ -19,7 +19,7 @@ locals { _factory_data_raw = merge([ for f in try(fileset(var.org_policies_data_path, "*.yaml"), []) : - yamldecode(file("${var.org_policies_data_path}/${f}")) + try(yamldecode(file("${var.org_policies_data_path}/${f}")), {}) ]...) # simulate applying defaults to data coming from yaml files