used dynamic block to handle lack of device policy #31
Conversation
|
One of the checks failed. However, I am unable to view the reason for failure. when I press "Details" it asks me to log into GCP. I do log into my own GCP and I get this error: There was an error while loading /cloud-build/builds/8242826b-f5eb-4b3e-aa6c-113348253201?project=2843445864. You are missing at least one of the following required permissions: cloudbuild.builds.get |
|
@rajcheval thanks for the contribution. There was a problem with the CI setup on our end that was fixed in #32. Could you rebase and try again? |
|
LGTM |
|
Is there any ETA on when this pull request will be reviewed? |
modules/access_level/main.tf
Outdated
| allowed_encryption_statuses = var.allowed_encryption_statuses | ||
| allowed_device_management_levels = var.allowed_device_management_levels | ||
| dynamic "device_policy" { | ||
| for_each = var.device_policy_enabled ? [{}] : [] |
There was a problem hiding this comment.
Instead of introducing a new variable, I think we can compute this value.
Ex:
require_screen_lock || length(allowed_encryption_statuses) >= 0 || length(allowed_device_management_levels) >= 0 || minimum_version != "" || os_type != "OS_UNSPECIFIED
There was a problem hiding this comment.
I made the change you had suggested. I had to make a few minor changes. I tested it locally. It seems to be working however some integration tests seem to be failing. I don't have any visibility into why the tests are failing. Let me know if I need to make any more changes. Thanks
There was a problem hiding this comment.
FYI you should be able to run the integration tests locally, but I'll take a look.
There was a problem hiding this comment.
@morgante I went through the contribution guide to run the integration tests locally. It required using a service account with folder level permissions. It also has access. context manager policy admin permissions.
When I run
make docker_test_perpare
Error: error creating project ci-project-policy-test-0-dbc5 (ci-project-policy-test-0): googleapi: Error 409: Requested entity already exists, alreadyExists. If you received a 403 error, make sure you have the roles/resourcemanager.projectCreator permission
on .terraform/modules/project-vpc-service-controls-policy-0/modules/core_project_factory/main.tf line 126, in resource "google_project" "main":
126: resource "google_project" "main" {
I did give the service account "Project Creator" Project Creator Permissions before running the make command.
I will keep on debugging this error.
Thanks for your help
|
I am not sure why the tests were failing yesterday and now they have passed. I am hoping that we will get this merged after review. Thanks |
|
Looks like it was a temporary failure due to quota. Thank you for the contribution and patience! |
I am trying to fix this issue
#26
This issue prevents me from creating access_level if I am not creating a device policy.