Interpolate egress_to resources in enforced perimeter config (#3127)

2025-05-31 18:11:07 +02:00
parent 6b04ce769d
commit a5b786c2e0
1 changed files with 7 additions and 2 deletions
--- a/modules/vpc-sc/perimeters.tf
+++ b/modules/vpc-sc/perimeters.tf
@@ -289,8 +289,13 @@ resource "google_access_context_manager_service_perimeter" "regular" {
            for_each = policy.value.to == null ? [] : [""]
            content {
              external_resources = policy.value.to.external_resources
-              resources          = policy.value.to.resources
-              roles              = policy.value.to.roles
+              resources = flatten([
+                for r in policy.value.to.resources : try(
+                  var.factories_config.context.resource_sets[r],
+                  [local.project_number[r]], [r]
+                )
+              ])
+              roles = policy.value.to.roles
              dynamic "operations" {
                for_each = toset(policy.value.to.operations)
                iterator = o