-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add granular VPC Service-Control resource #4509
Add granular VPC Service-Control resource #4509
Comments
@danawillow I'd be curious on your thoughts here. This could be a very useful enhancement for VPC-SC management. |
That makes sense to me. If you wouldn't mind filing it internally, I can put it in our Q4 planning. |
@danawillow Done, thanks! |
My team has a similar need which I think would likely already be covered by this ticket but wanted to include here explicitly. In our case, the perimeter projects are managed entirely outside of Terraform, but we still want to manage the other status fields with Terraform (e.g. Ideally we could specify:
but when I last checked the only level of granularity supported for ignoring was |
@calbach I don't think having a fine-grained Just to check, do either of these work?
|
🤦♂️ Thank you @danawillow ! Both of these work as desired:
Admittedly I don't understand why I'm indexing into an apparently non-repeated field, but I'll take it. I suspect this is what tripped me up when I last tried it. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
Community Note
Description
Currently, we have support for VPC Service Controls via the google_access_context_manager_service_perimeter. This work fairly well in small organizations but can be challenging in large ones where project definitions happen across many parts of the Terraform configuration: all those project IDs have to be separately collected and added into this one central resource.
It'd be great if we had a
google_access_context_manager_service_perimeter_resource
resource which acted similarly to our IAM member resources and allowed you to add a single project into an existing perimeter. This would allow us to do things like adding VPC-SC to project factory.We'd also have to update the
google_access_context_manager_service_perimeter
to allow excluding the status.resources parameter.New or Affected Resource(s)
google_access_context_manager_service_perimeter
google_access_context_manager_service_perimeter_resource
Potential Terraform Configuration
The text was updated successfully, but these errors were encountered: