From e234aa68b4dac517353682db03eee6306d5c1090 Mon Sep 17 00:00:00 2001 From: Roberto Jung Drebes Date: Fri, 6 Jan 2023 13:07:33 +0100 Subject: [PATCH] fix restricted services not being added to the perimeter configurations --- fast/stages/02-security/vpc-sc.tf | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/fast/stages/02-security/vpc-sc.tf b/fast/stages/02-security/vpc-sc.tf index 60767fe5ff..953badf15a 100644 --- a/fast/stages/02-security/vpc-sc.tf +++ b/fast/stages/02-security/vpc-sc.tf @@ -37,11 +37,19 @@ locals { ) } # compute spec/status for each perimeter - vpc_sc_perimeters = { + vpc_sc_perimeters_spec_status = { dev = merge(var.vpc_sc_perimeters.dev, { restricted_services = local._vpc_sc_restricted_services vpc_accessible_services = local._vpc_sc_vpc_accessible_services }) + landing = merge(var.vpc_sc_perimeters.landing, { + restricted_services = local._vpc_sc_restricted_services + vpc_accessible_services = local._vpc_sc_vpc_accessible_services + }) + prod = merge(var.vpc_sc_perimeters.prod, { + restricted_services = local._vpc_sc_restricted_services + vpc_accessible_services = local._vpc_sc_vpc_accessible_services + }) } } @@ -98,13 +106,13 @@ module "vpc-sc" { dev = { spec = ( local.vpc_sc_explicit_dry_run_spec - ? var.vpc_sc_perimeters.dev + ? local.vpc_sc_perimeters_spec_status.dev : null ) status = ( local.vpc_sc_explicit_dry_run_spec ? null - : var.vpc_sc_perimeters.dev + : local.vpc_sc_perimeters_spec_status.dev ) use_explicit_dry_run_spec = local.vpc_sc_explicit_dry_run_spec } @@ -114,13 +122,13 @@ module "vpc-sc" { landing = { spec = ( local.vpc_sc_explicit_dry_run_spec - ? var.vpc_sc_perimeters.landing + ? local.vpc_sc_perimeters_spec_status.landing : null ) status = ( local.vpc_sc_explicit_dry_run_spec ? null - : var.vpc_sc_perimeters.landing + : local.vpc_sc_perimeters_spec_status.landing ) use_explicit_dry_run_spec = local.vpc_sc_explicit_dry_run_spec } @@ -130,13 +138,13 @@ module "vpc-sc" { prod = { spec = ( local.vpc_sc_explicit_dry_run_spec - ? var.vpc_sc_perimeters.prod + ? local.vpc_sc_perimeters_spec_status.prod : null ) status = ( local.vpc_sc_explicit_dry_run_spec ? null - : var.vpc_sc_perimeters.prod + : local.vpc_sc_perimeters_spec_status.prod ) use_explicit_dry_run_spec = local.vpc_sc_explicit_dry_run_spec }