kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
779f585d1d71bf5bdb3da821c2f567b9b9066a69
hunfabric/modules/folder
History

README.md

Google Cloud Folder Module

This module allows the creation and management of folders together with their individual IAM bindings and organization policies.

Examples

IAM bindings

module "folder" {
  source = "./modules/folder"
  parent = "organizations/1234567890"
  name  = "Folder name"
  iam = {
    "roles/owner" = ["group:users@example.com"]
  }
}
# tftest:modules=1:resources=2

Organization policies

module "folder" {
  source = "./modules/folder"
  parent = "organizations/1234567890"
  name  = "Folder name"
  policy_boolean = {
    "constraints/compute.disableGuestAttributesAccess" = true
    "constraints/compute.skipDefaultNetworkCreation" = true
  }
  policy_list = {
    "constraints/compute.trustedImageProjects" = {
      inherit_from_parent = null
      suggested_value = null
      status = true
      values = ["projects/my-project"]
    }
  }
}
# tftest:modules=1:resources=4

Hierarchical firewall policies

module "folder1" {
  source = "./modules/folder"
  parent = var.organization_id
  name   = "policy-container"

  firewall_policies = {
    iap-policy = {
      allow-iap-ssh = {
        description = "Always allow ssh from IAP"
        direction   = "INGRESS"
        action      = "allow"
        priority    = 100
        ranges      = ["35.235.240.0/20"]
        ports = {
          tcp = ["22"]
        }
        target_service_accounts = null
        target_resources        = null
        logging                 = false
      }
    }
  }
  firewall_policy_attachments = {
    iap-policy = module.folder1.firewall_policy_id["iap-policy"]
  }
}

module "folder2" {
  source = "./modules/folder"
  parent = var.organization_id
  name   = "hf2"
  firewall_policy_attachments = {
    iap-policy = module.folder1.firewall_policy_id["iap-policy"]
  }
}
# tftest:modules=2:resources=6

Variables

name description type required default
name Folder name. string
parent Parent in folders/folder_id or organizations/org_id format. string
firewall_policies Hierarchical firewall policies to create in this folder. map(map(object({...}))) {}
firewall_policy_attachments List of hierarchical firewall policy IDs to attach to this folder. set(string) []
iam IAM bindings in {ROLE => [MEMBERS]} format. map(set(string)) {}
policy_boolean Map of boolean org policies and enforcement value, set value to null for policy restore. map(bool) {}
policy_list Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. map(object({...})) {}

Outputs

name description sensitive
firewall_policies Map of firewall policy resources created in this folder.
firewall_policy_id Map of firewall policy ids created in this folder.
folder Folder resource.
id Folder id.
name Folder name.