Skip to content

Commit

Permalink
feat: split resources into separate resource to allow out-of-module a…
Browse files Browse the repository at this point in the history
…dditions (#61)
  • Loading branch information
aweberlopes authored Jan 10, 2022
1 parent 54ee979 commit 03e86e3
Show file tree
Hide file tree
Showing 8 changed files with 44 additions and 14 deletions.
2 changes: 1 addition & 1 deletion modules/access_level/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {

google = {
source = "hashicorp/google"
version = "~> 3.53"
version = ">= 3.50, < 5.0"
}
}

Expand Down
11 changes: 9 additions & 2 deletions modules/bridge_service_perimeter/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,14 @@ resource "google_access_context_manager_service_perimeter" "bridge_service_perim
name = "accessPolicies/${var.policy}/servicePerimeters/${var.perimeter_name}"
title = var.perimeter_name

status {
resources = formatlist("projects/%s", var.resources)
lifecycle {
ignore_changes = [status[0].resources]
}
}


resource "google_access_context_manager_service_perimeter_resource" "service_perimeter_resource" {
for_each = toset(formatlist("projects/%s", var.resources))
perimeter_name = google_access_context_manager_service_perimeter.bridge_service_perimeter.name
resource = each.key
}
4 changes: 4 additions & 0 deletions modules/bridge_service_perimeter/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,8 @@
output "resources" {
description = "A list of GCP resources that are inside of the service perimeter. Currently only projects are allowed."
value = var.resources
depends_on = [
google_access_context_manager_service_perimeter.bridge_service_perimeter,
google_access_context_manager_service_perimeter_resource.service_perimeter_resource
]
}
2 changes: 1 addition & 1 deletion modules/bridge_service_perimeter/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {

google = {
source = "hashicorp/google"
version = "~> 3.53"
version = ">= 3.50, < 5.0"
}
}

Expand Down
20 changes: 15 additions & 5 deletions modules/regular_service_perimeter/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ resource "google_access_context_manager_service_perimeter" "regular_service_peri

status {
restricted_services = var.restricted_services
resources = formatlist("projects/%s", var.resources)
access_levels = formatlist(
"accessPolicies/${var.policy}/accessLevels/%s",
var.access_levels
Expand Down Expand Up @@ -58,9 +57,9 @@ resource "google_access_context_manager_service_perimeter" "regular_service_peri
content {
service_name = operations.key
dynamic "method_selectors" {
for_each = merge(
for_each = operations.key != "*" ? merge(
{ for k, v in lookup(operations.value, "methods", {}) : v => "method" },
{ for k, v in lookup(operations.value, "permissions", {}) : v => "permission" })
{ for k, v in lookup(operations.value, "permissions", {}) : v => "permission" }) : {}
content {
method = method_selectors.value == "method" ? method_selectors.key : null
permission = method_selectors.value == "permission" ? method_selectors.key : ""
Expand All @@ -85,9 +84,9 @@ resource "google_access_context_manager_service_perimeter" "regular_service_peri
content {
service_name = operations.key
dynamic "method_selectors" {
for_each = merge(
for_each = operations.key != "*" ? merge(
{ for k, v in lookup(operations.value, "methods", {}) : v => "method" },
{ for k, v in lookup(operations.value, "permissions", {}) : v => "permission" })
{ for k, v in lookup(operations.value, "permissions", {}) : v => "permission" }) : {}
content {
method = method_selectors.value == "method" ? method_selectors.key : ""
permission = method_selectors.value == "permission" ? method_selectors.key : ""
Expand Down Expand Up @@ -178,4 +177,15 @@ resource "google_access_context_manager_service_perimeter" "regular_service_peri
}
}
use_explicit_dry_run_spec = local.dry_run

lifecycle {
ignore_changes = [status[0].resources]
}
}


resource "google_access_context_manager_service_perimeter_resource" "service_perimeter_resource" {
for_each = toset(formatlist("projects/%s", var.resources))
perimeter_name = google_access_context_manager_service_perimeter.regular_service_perimeter.name
resource = each.key
}
15 changes: 12 additions & 3 deletions modules/regular_service_perimeter/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,26 @@
output "shared_resources" {
description = "A map of lists of resources to share in a Bridge perimeter module. Each list should contain all or a subset of the perimeters resources"
value = var.shared_resources
depends_on = [google_access_context_manager_service_perimeter.regular_service_perimeter]
depends_on = [
google_access_context_manager_service_perimeter.regular_service_perimeter,
google_access_context_manager_service_perimeter_resource.service_perimeter_resource
]
}

output "resources" {
description = "A list of GCP resources that are inside of the service perimeter. Currently only projects are allowed."
value = var.resources
depends_on = [google_access_context_manager_service_perimeter.regular_service_perimeter]
depends_on = [
google_access_context_manager_service_perimeter.regular_service_perimeter,
google_access_context_manager_service_perimeter_resource.service_perimeter_resource
]
}

output "perimeter_name" {
description = "The perimeter's name."
value = var.perimeter_name
depends_on = [google_access_context_manager_service_perimeter.regular_service_perimeter]
depends_on = [
google_access_context_manager_service_perimeter.regular_service_perimeter,
google_access_context_manager_service_perimeter_resource.service_perimeter_resource
]
}
2 changes: 1 addition & 1 deletion modules/regular_service_perimeter/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {

google = {
source = "hashicorp/google"
version = "~> 3.82"
version = ">= 3.50, < 5.0"
}
}

Expand Down
2 changes: 1 addition & 1 deletion versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {

google = {
source = "hashicorp/google"
version = "~> 3.82"
version = ">= 3.50, < 5.0"
}
}

Expand Down

0 comments on commit 03e86e3

Please sign in to comment.