kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ceb814986d02a8d1e2167d6c892bcb752962d05
hunfabric/modules/vpc-sc/main.tf
Julio Castillo 7ceb814986 VPC SC module refactor (#3062) 
* Remove bridge perimeters

* Update FAST stages

* Allow project ids in perimeter definitions

* Preserve order order for ingress/egress policies

* Use CAI

* Use CAI

* Fix tests
2025-05-09 14:37:03 +02:00

82 lines
2.3 KiB
HCL
Raw Blame History

/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
access_policy = try(
google_access_context_manager_access_policy.default[0].name,
var.access_policy
)
cai_query = join(" OR ",
formatlist(
"\"//cloudresourcemanager.googleapis.com/projects/%s\"",
local._project_ids
)
)
do_cai_query = (
var.project_id_search_scope == null
? false
: length(local._project_ids) > 0
)
# collect project ids and convert them to numbers
_all_project_identifiers = distinct(flatten([
for k, v in local.perimeters : [
try(v.status.resources, []),
try(v.spec.resources, []),
[
for _, vv in local.ingress_policies : [
try(vv.from.resources, []),
try(vv.to.resources, [])
]
],
[
for _, vv in local.egress_policies : [
try(vv.from.resources, []),
try(vv.to.resources, [])
]
],
]
]))
_project_ids = [
for x in local._all_project_identifiers :
trimprefix(x, "projects/")
if can(regex("^projects/[a-z]", x))
]
project_number = (local.do_cai_query
? {
for x in data.google_cloud_asset_search_all_resources.projects[0].results :
(trimprefix(x.name, "//cloudresourcemanager.googleapis.com/")) => x.project
}
: {}
)
}
resource "google_access_context_manager_access_policy" "default" {
count = var.access_policy_create != null ? 1 : 0
parent = var.access_policy_create.parent
title = var.access_policy_create.title
scopes = var.access_policy_create.scopes
}
data "google_cloud_asset_search_all_resources" "projects" {
count = local.do_cai_query ? 1 : 0
scope = var.project_id_search_scope
asset_types = [
"cloudresourcemanager.googleapis.com/Project"
]
query = "name=${local.cai_query}"
}
Reference in New Issue View Git Blame Copy Permalink