kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix and change variable

Browse Source
This commit is contained in:
lcaggio
2021-05-16 08:31:55 +02:00
parent 628ab41c33
commit f306f01fbc
2 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
modules/vpc-sc/README.md
View File

@@ -32,23 +32,41 @@ module "vpc-sc" {
my_trusted_proxy = ["perimeter"]
}
}
ingress_policies = {
ingress_1 = {
ingress_from = {
identity_type = "ANY_IDENTITY"
}
ingress_to = {
resources = ["*"]
operations = [
{
"storage.googleapis.com" = [{ method = "google.storage.objects.create" }]
"bigquery.googleapis.com" = [{ method = "BigQueryStorage.ReadRows" }]
}
]
}
}
}
ingress_policies_perimeters = {
enforced = {
ingress_1 = ["default"]
}
}
egress_policies = {
egress_1 = {
egress_from = {
identity_type = "ANY_IDENTITY"
identity_type = "ANY_USER_ACCOUNT"
}
egress_to = {
resources = ["*"]
operations = [
{
service_name = "storage.googleapis.com"
method_selectors = { method = "google.storage.objects.create" }
},
{
service_name = "bigquery.googleapis.com"
method_selectors = { method = "BigQueryStorage.ReadRows" }
}
]
resources = ["*"]
operations = [
{
"storage.googleapis.com" = [{ method = "google.storage.objects.create" }],
"bigquery.googleapis.com" = [{ method = "BigQueryStorage.ReadRows" },{ method = "TableService.ListTables" }, { permission = "bigquery.jobs.get" }]
}
]
}
}
}

24
modules/vpc-sc/main.tf
View File

@@ -113,13 +113,13 @@ resource "google_access_context_manager_service_perimeter" "standard" {
resources = try(var.egress_policies[egress_policies.value].egress_to.resources, null)
dynamic "operations" {
for_each = try(var.egress_policies[egress_policies.value].egress_to.operations, [])
for_each = try(var.egress_policies[egress_policies.value].egress_to.operations[0], [])
content {
service_name = try(operations.value.service_name, null)
service_name = try(operations.key, null)
dynamic "method_selectors" {
for_each = try([operations.value.method_selectors], [])
for_each = try(operations.value, [])
content {
method = try(method_selectors.value.method, null)
@@ -161,13 +161,13 @@ resource "google_access_context_manager_service_perimeter" "standard" {
resources = try(var.ingress_policies[ingress_policies.value].ingress_to.resources, null)
dynamic "operations" {
for_each = try(var.ingress_policies[ingress_policies.value].ingress_to.operations, [])
for_each = try(var.ingress_policies[ingress_policies.value].ingress_to.operations[0], [])
content {
service_name = try(operations.value.service_name, null)
service_name = try(operations.key, null)
dynamic "method_selectors" {
for_each = try([operations.value.method_selectors], [])
for_each = try(operations.value, [])
content {
method = try(method_selectors.value.method, null)
@@ -226,13 +226,13 @@ resource "google_access_context_manager_service_perimeter" "standard" {
resources = try(var.egress_policies[egress_policies.value].egress_to.resources, null)
dynamic "operations" {
for_each = try(var.egress_policies[egress_policies.value].egress_to.operations, [])
for_each = try(var.egress_policies[egress_policies.value].egress_to.operations[0], [])
content {
service_name = try(operations.value.service_name, null)
service_name = try(operations.key, null)
dynamic "method_selectors" {
for_each = try([operations.value.method_selectors], [])
for_each = try(operations.value, [])
content {
method = try(method_selectors.value.method, null)
@@ -274,13 +274,13 @@ resource "google_access_context_manager_service_perimeter" "standard" {
resources = try(var.ingress_policies[ingress_policies.value].ingress_to.resources, null)
dynamic "operations" {
for_each = try(var.ingress_policies[ingress_policies.value].ingress_to.operations, [])
for_each = try(var.ingress_policies[ingress_policies.value].ingress_to.operations[0], [])
content {
service_name = try(operations.value.service_name, null)
service_name = try(operations.key, null)
dynamic "method_selectors" {
for_each = try([operations.value.method_selectors], [])
for_each = try(operations.value, [])
content {
method = try(method_selectors.value.method, null)