Skip to content

Make exclude_folders and exclude_projects use sets and use for_each to avoid unnecessary resource updates #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 14, 2020
Merged

Make exclude_folders and exclude_projects use sets and use for_each to avoid unnecessary resource updates #32

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
57626ca
Make exclude_folders and exclude_projects use sets and use for_each t…
MajorBreakfast Mar 19, 2020
bbed439
Fix default value of exclude_folders and exclude_projects
MajorBreakfast Mar 27, 2020
18591dc
Remove unused locals
MajorBreakfast Mar 27, 2020
43bd043
Merge branch 'master' into exlusion-sets-instead-of-lists
morgante Apr 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ To control module's behavior, change variables' values regarding the following:
| deny | (Only for list constraints) List of values which should be denied | list(string) | `<list>` | no |
| deny\_list\_length | The number of elements in the deny list | number | `"0"` | no |
| enforce | If boolean constraint, whether the policy is enforced at the root; if list constraint, whether to deny all (true) or allow all | bool | `"null"` | no |
| exclude\_folders | List of folders to exclude from the policy | list(string) | `<list>` | no |
| exclude\_projects | List of projects to exclude from the policy | list(string) | `<list>` | no |
| exclude\_folders | Set of folders to exclude from the policy | set(string) | `<list>` | no |
| exclude\_projects | Set of projects to exclude from the policy | set(string) | `<list>` | no |
| folder\_id | The folder id for putting the policy | string | `"null"` | no |
| organization\_id | The organization id for putting the policy | string | `"null"` | no |
| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | string | n/a | yes |
Expand Down
8 changes: 4 additions & 4 deletions boolean_constraints.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,9 @@ resource "google_project_organization_policy" "project_policy_boolean" {
Exclude folders from policy (boolean constraint)
*****************************************/
resource "google_folder_organization_policy" "policy_boolean_exclude_folders" {
count = local.boolean_policy && ! local.project ? local.exclude_folders_list_length : 0
for_each = (local.boolean_policy && ! local.project) ? var.exclude_folders : []

folder = var.exclude_folders[count.index]
folder = each.value
constraint = var.constraint

boolean_policy {
Expand All @@ -74,9 +74,9 @@ resource "google_folder_organization_policy" "policy_boolean_exclude_folders" {
Exclude projects from policy (boolean constraint)
*****************************************/
resource "google_project_organization_policy" "policy_boolean_exclude_projects" {
count = local.boolean_policy && ! local.project ? local.exclude_projects_list_length : 0
for_each = (local.boolean_policy && ! local.project) ? var.exclude_projects : []

project = var.exclude_projects[count.index]
project = each.value
constraint = var.constraint

boolean_policy {
Expand Down
9 changes: 4 additions & 5 deletions list_constraints.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,9 +210,9 @@ resource "google_project_organization_policy" "project_policy_list_allow_values"
Exclude folders from policy (list constraint)
*****************************************/
resource "google_folder_organization_policy" "folder_policy_list_exclude_folders" {
count = local.list_policy && ! local.project ? local.exclude_folders_list_length : 0
for_each = (local.list_policy && ! local.project) ? var.exclude_folders : []

folder = var.exclude_folders[count.index]
folder = each.value
constraint = var.constraint

restore_policy {
Expand All @@ -224,13 +224,12 @@ resource "google_folder_organization_policy" "folder_policy_list_exclude_folders
Exclude projects from policy (list constraint)
*****************************************/
resource "google_project_organization_policy" "project_policy_list_exclude_projects" {
count = local.list_policy && ! local.project ? local.exclude_projects_list_length : 0
for_each = (local.list_policy && ! local.project) ? var.exclude_projects : []

project = var.exclude_projects[count.index]
project = each.value
constraint = var.constraint

restore_policy {
default = true
}
}

8 changes: 4 additions & 4 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,14 @@ variable "deny" {
}

variable "exclude_folders" {
description = "List of folders to exclude from the policy"
type = list(string)
description = "Set of folders to exclude from the policy"
type = set(string)
default = [""]
}

variable "exclude_projects" {
description = "List of projects to exclude from the policy"
type = list(string)
description = "Set of projects to exclude from the policy"
type = set(string)
default = [""]
}

Expand Down