Skip to content

feat: Add scopes, update directional rules variable definition and dry-run lifecycle ignore_changes #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Jun 3, 2025
Merged

feat: Add scopes, update directional rules variable definition and dry-run lifecycle ignore_changes #199

merged 16 commits into from
Jun 3, 2025

Conversation

daniel-cit
Copy link
Contributor

@daniel-cit daniel-cit commented May 30, 2025
edited
Loading

This PR Adds supports for scopes in the access policy and fixes two issues:

  1. directional rules variable definition did not allow for structurally diferente rules in the same list
│   57:   ingress_policies = [
│   58:     {
│   59:       "from" = {
│   60:         "sources" = {
│   61:           access_levels = ["*"] # Allow Access from everywhere
│   62:         },
│   63:         "identities" = var.read_bucket_identities
│   64:       }
│   65:       "to" = {
│   66:         "resources" = [
│   67:           "*"
│   68:         ]
│   69:         "operations" = {
│   70:           "storage.googleapis.com" = {
│   71:             "methods" = [
│   72:               "google.storage.objects.get",
│   73:               "google.storage.objects.list"
│   74:             ]
│   75:           }
│   76:         }
│   77:       }
│   78:     },
│   79:         {
│   80:       "from" = {
│   81:         "identities" = var.read_bucket_identities
│   82:       }
│   83:       "to" = {
│   84:         "resources" = [
│   85:           "*"
│   86:         ]
│   87:         "operations" = {
│   88:           "storage.googleapis.com" = {
│   89:             "methods" = [
│   90:               "google.storage.objects.get",
│   91:               "google.storage.objects.list"
│   92:             ]
│   93:           }
│   94:         }
│   95:       }
│   96:     },
│   97:   ]

│ The given value is not suitable for module.regular_service_perimeter_1.var.ingress_policies declared at
│ .terraform/modules/regular_service_perimeter_1/modules/regular_service_perimeter/variables.tf:92,1-28: cannot find a common base
│ type for all elements.
  1. spec version of resources, ingress_policies, and egress_policies were not in the lifecycle.ignore_changes configuration causing conflict with usage of google_access_context_manager_service_perimeter_dry_run_egress_policy and google_access_context_manager_service_perimeter_dry_run_ingress_policy

@daniel-cit daniel-cit marked this pull request as ready for review May 30, 2025 02:34
@daniel-cit daniel-cit requested review from imrannayer and a team as code owners May 30, 2025 02:34
@daniel-cit daniel-cit changed the title fix: update directional rules variable definition and dry-run lifecycle ignore_changes [DONT MERGE] fix: update directional rules variable definition and dry-run lifecycle ignore_changes May 30, 2025
@daniel-cit
Copy link
Contributor Author

Need to add the golang tests to the integration build

@daniel-cit daniel-cit changed the title [DONT MERGE] fix: update directional rules variable definition and dry-run lifecycle ignore_changes feat: Add scopes, update directional rules variable definition and dry-run lifecycle ignore_changes Jun 2, 2025
apeabody
apeabody requested changes Jun 3, 2025
View reviewed changes
Copy link
Contributor

@apeabody apeabody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @daniel-cit! Two minor notes

apeabody
apeabody reviewed Jun 3, 2025
View reviewed changes
apeabody
apeabody reviewed Jun 3, 2025
View reviewed changes
apeabody
apeabody approved these changes Jun 3, 2025
View reviewed changes
Copy link
Contributor

@apeabody apeabody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @daniel-cit!

@apeabody apeabody merged commit 8b14973 into terraform-google-modules:main Jun 3, 2025
4 checks passed
@apeabody apeabody self-assigned this Jun 3, 2025
@release-please release-please bot mentioned this pull request Jun 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apeabody apeabody apeabody approved these changes

@amandakarina amandakarina amandakarina approved these changes

@imrannayer imrannayer Awaiting requested review from imrannayer imrannayer is a code owner

Assignees

@apeabody apeabody

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@daniel-cit @apeabody @amandakarina