kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a4ee4654074237281871fdfa2012deeaeba3a704
hunfabric/modules/vpc-sc/factory.tf
Ludovico Magnocavallo 8490df96bf Use context syntax for VPC-SC access levels and policies (#3678) 
* access levels as context

* ingress/egress context in module

* ingress/egress context in module

* update FAST

* tfdoc

* context test
2026-01-26 15:12:26 +00:00

123 lines
4.3 KiB
HCL
Raw Blame History

/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
_data = {
for k, v in local._data_paths : k => {
for f in try(fileset(v, "**/*.yaml"), []) :
trimsuffix(f, ".yaml") => yamldecode(file("${v}/${f}"))
}
}
_data_paths = {
for k in ["access_levels", "egress_policies", "ingress_policies", "perimeters"] : k => (
var.factories_config[k] == null
? null
: pathexpand(var.factories_config[k])
)
}
data = {
access_levels = {
for k, v in local._data.access_levels : k => {
combining_function = try(v.combining_function, null)
conditions = [
for c in try(v.conditions, []) : merge({
device_policy = null
ip_subnetworks = []
members = []
negate = null
regions = []
required_access_levels = []
vpc_subnets = {}
}, c)
]
description = try(v.description, null)
title = try(v.title, null)
}
}
egress_policies = {
for k, v in local._data.egress_policies : "$egress_policies:${k}" => {
title = try(v.title, null)
from = merge({
access_levels = []
identity_type = null
identities = []
resources = []
}, try(v.from, {}))
to = {
external_resources = try(v.to.external_resources, null)
operations = [
for o in try(v.to.operations, []) : merge({
method_selectors = []
permission_selectors = []
service_name = null
}, o)
]
resources = try(v.to.resources, [])
roles = try(v.to.roles, [])
}
}
}
ingress_policies = {
for k, v in local._data.ingress_policies : "$ingress_policies:${k}" => {
title = try(v.title, null)
from = merge({
access_levels = []
identity_type = null
identities = []
resources = []
}, try(v.from, {}))
to = {
operations = [
for o in try(v.to.operations, []) : merge({
method_selectors = []
permission_selectors = []
service_name = null
}, o)
]
resources = try(v.to.resources, [])
roles = try(v.to.roles, [])
}
}
}
perimeters = {
for k, v in local._data.perimeters :
k => {
description = try(v.description, null)
ignore_resource_changes = try(v.ignore_resource_changes, false)
title = try(v.title, null)
spec = !can(v.spec) ? null : merge(v.spec, {
access_levels = try(v.spec.access_levels, [])
egress_policies = try(v.spec.egress_policies, [])
ingress_policies = try(v.spec.ingress_policies, [])
restricted_services = try(v.spec.restricted_services, [])
resources = try(v.spec.resources, [])
vpc_accessible_services = try(v.spec.vpc_accessible_services, null)
})
status = !can(v.status) ? null : merge(v.status, {
access_levels = try(v.status.access_levels, [])
egress_policies = try(v.status.egress_policies, [])
ingress_policies = try(v.status.ingress_policies, [])
restricted_services = try(v.status.restricted_services, [])
resources = try(v.status.resources, [])
vpc_accessible_services = try(v.status.vpc_accessible_services, null)
})
use_explicit_dry_run_spec = try(v.use_explicit_dry_run_spec, false)
}
}
}
# TODO: add checks that emulate the variable validations
}
Reference in New Issue View Git Blame Copy Permalink