# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from cdktf_cdktf_provider_google.access_context_manager_access_policy import ( AccessContextManagerAccessPolicy, ) from imports.sc_access_level import ScAccessLevel from imports.sc_perimeter import ScPerimeter from imports.sc_perimeter_bridge import ScPerimeterBridge from cdktf_cdktf_provider_null.resource import Resource from cdktf_cdktf_provider_null.provider import NullProvider from cdktf import LocalExecProvisioner def create_null_resource(self, depends_on): """creates null resource""" NullProvider(self, "null") self.created["null"]["wait_for_members"] = Resource( self, "wait_for_members", provisioners=[LocalExecProvisioner(type="local-exec", command="sleep 60")], ) self.created["null"]["wait_for_members"].add_override( "depends_on", [name for name in depends_on] ) def create_sc_policy(self, data): """creates sc policy""" name = data["title"] data["parent"] = f'organizations/{self.tf_ref("organization", "")}' scopes = data.get("scopes", []) new_scopes = [] for scope in scopes: tf_scope = self.tf_ref("projects/number", scope) if tf_scope == scope: tf_scope = self.tf_ref("folder", scope) new_scopes.append(tf_scope) if new_scopes: data["scopes"] = new_scopes self.created["sc_policy"][name] = AccessContextManagerAccessPolicy( self, f"sc_policy_{name}", **data ) def create_sc_access_level(self, data): """creates sc access level""" name = data["name"] data["policy"] = self.tf_ref("sc_policy", data["policy"]) self.created["sc_access_level"][name] = ScAccessLevel( self, f"sc_access_level_{name}", **data ) def create_sc_perimeter(self, data): """creates sc perimeter""" name = data["perimeter_name"] data["policy"] = self.tf_ref("sc_policy", data["policy"]) data["description"] = ( f'regular perimeter {name} {self.created["null"]["wait_for_members"].id}' ) perimeter_al = [] for al in data.get("access_levels", []): tf_al = self.tf_ref("sc_access_level_name", al) perimeter_al.append(tf_al) if perimeter_al: data["access_levels"] = perimeter_al for policy in data.get("ingress_policies", []): ingress_from_resources = [] ingress_from_al = [] for resources in policy.get("from", {}).get("sources", {}).get("resources", []): tf_resources = self.tf_ref("projects/number", resources) ingress_from_resources.append(tf_resources) if ingress_from_resources: policy["from"]["sources"]["resources"] = ingress_from_resources for al in policy.get("from", {}).get("sources", {}).get("access_levels", []): tf_al = self.tf_ref("sc_access_level_name", al) ingress_from_al.append(tf_al) if ingress_from_al: policy["from"]["sources"]["access_levels"] = ingress_from_al for policy_name in ["ingress_policies", "egress_policies"]: for policy in data.get(policy_name, []): to_resources = [] for resources in policy.get("to", {}).get("resources", []): tf_resources = self.tf_ref("projects/number", resources) to_resources.append(tf_resources) if to_resources: policy["to"]["resources"] = to_resources ScPerimeter(self, f"sc_perimiter_{name}", **data) def create_sc_perimeter_bridge(self, data): """creates sc perimeter bridge""" name = data["perimeter_name"] data["description"] = ( f'regular perimeter {name} {self.created["null"]["wait_for_members"].id}' ) data["policy"] = self.tf_ref("sc_policy", data["policy"]) ScPerimeterBridge(self, f"sc_bridge_{name}", **data) def generate_sc_policy(self, my_resource, resource): """creates sc policy""" for data in self.eztf_config.get(my_resource, []): create_sc_policy(self, data) def generate_sc_access_level(self, my_resource, resource): """creates sc access level""" depends_on = [] for data in self.eztf_config.get(my_resource, []): create_sc_access_level(self, data) depends_on.append(f'${{module.sc_access_level_{data["name"]}}}') create_null_resource(self, depends_on) def generate_sc_perimeter(self, my_resource, resource): """creates sc perimeter""" for data in self.eztf_config.get(my_resource, []): create_sc_perimeter(self, data) def generate_sc_perimeter_bridge(self, my_resource, resource): """creates sc perimeter bridge""" for data in self.eztf_config.get(my_resource, []): create_sc_perimeter_bridge(self, data)