VPC SC module refactor (#3062)

* Remove bridge perimeters * Update FAST stages * Allow project ids in perimeter definitions * Preserve order order for ingress/egress policies * Use CAI * Use CAI * Fix tests
2025-05-09 14:37:03 +02:00
parent ac2193082d
commit 7ceb814986
14 changed files with 276 additions and 296 deletions
--- a/tests/modules/vpc_sc/examples/factory.yaml
+++ b/tests/modules/vpc_sc/examples/factory.yaml
@@ -73,7 +73,25 @@ values:
            service_name: storage.googleapis.com
          resources:
          - projects/123456789
+          roles: []
+        title: gcs-sa-foo
      ingress_policies:
+      - ingress_from:
+        - identities:
+          - serviceAccount:test-tf@myproject.iam.gserviceaccount.com
+          identity_type: null
+          sources:
+          - resource: null
+        ingress_to:
+        - operations:
+          - method_selectors: []
+            service_name: '*'
+          resources:
+          - projects/1234567890
+          - projects/321
+          - projects/654
+          roles: []
+        title: sa-tf-test-geo
      - ingress_from:
        - identities:
          - serviceAccount:test-tf-0@myproject.iam.gserviceaccount.com
@@ -92,20 +110,8 @@ values:
            service_name: compute.googleapis.com
          resources:
          - '*'
-      - ingress_from:
-        - identities:
-          - serviceAccount:test-tf@myproject.iam.gserviceaccount.com
-          identity_type: null
-          sources:
-          - resource: null
-        ingress_to:
-        - operations:
-          - method_selectors: []
-            service_name: '*'
-          resources:
-          - projects/1234567890
-          - projects/321
-          - projects/654
+          roles: []
+        title: sa-tf-test
      resources:
      - projects/1111
      - projects/2222
--- a/tests/modules/vpc_sc/examples/regular.yaml
+++ b/tests/modules/vpc_sc/examples/regular.yaml
@@ -75,22 +75,6 @@ values:
          roles: null
        title: gcs-sa-foo
      ingress_policies:
-      - ingress_from:
-        - identities:
-          - serviceAccount:test-tf-2@myproject.iam.gserviceaccount.com
-          identity_type: null
-          sources:
-          - access_level: '*'
-            resource: null
-        ingress_to:
-        - operations:
-          - method_selectors: []
-            service_name: '*'
-          resources:
-          - '*'
-          roles:
-          - roles/storage.objectViewer
-        title: sa-roles
      - ingress_from:
        - identities:
          - serviceAccount:test-tf-0@myproject.iam.gserviceaccount.com
@@ -107,6 +91,22 @@ values:
          - '*'
          roles: null
        title: sa-tf-test
+      - ingress_from:
+        - identities:
+          - serviceAccount:test-tf-2@myproject.iam.gserviceaccount.com
+          identity_type: null
+          sources:
+          - access_level: '*'
+            resource: null
+        ingress_to:
+        - operations:
+          - method_selectors: []
+            service_name: '*'
+          resources:
+          - '*'
+          roles:
+          - roles/storage.objectViewer
+        title: sa-roles
      resources:
      - projects/1111
      - projects/2222