add directional policies titles

mariammartins · mariammartins · commit 5c2f8c6faec9 · 2025-09-03T19:24:00.000-03:00
diff --git a/1-org/envs/shared/service_control.tf b/1-org/envs/shared/service_control.tf
@@ -212,9 +212,9 @@ locals {
     [for p in local.projects : "${p}"]
   )
 
-  ingress_policies_keys_dry_run = var.required_ingress_rules_app_infra_dry_run ? concat(["cicd_to_app_infra", "cicd_to_seed_app_infra", "cicd_to_net_env", "billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys_dry_run) : concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys_dry_run)
+  ingress_policies_keys_dry_run = var.required_ingress_rules_app_infra_dry_run ? concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed", "cicd_to_app_infra", "cicd_to_seed_app_infra", "cicd_to_net_env"], var.ingress_policies_keys_dry_run) : concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys_dry_run)
   egress_policies_keys_dry_run  = var.required_egress_rules_app_infra_dry_run ? concat(["seed_to_cicd", "org_sa_to_scc", "app_infra_to_cicd"], var.egress_policies_keys_dry_run) : concat(["seed_to_cicd", "org_sa_to_scc"], var.egress_policies_keys_dry_run)
-  ingress_policies_keys         = var.required_ingress_rules_app_infra ? concat(["cicd_to_app_infra", "cicd_to_seed_app_infra", "cicd_to_net_env", "billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys) : concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys)
+  ingress_policies_keys         = var.required_ingress_rules_app_infra ? concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed", "cicd_to_app_infra", "cicd_to_seed_app_infra", "cicd_to_net_env"], var.ingress_policies_keys) : concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys)
   egress_policies_keys          = var.required_egress_rules_app_infra ? concat(["seed_to_cicd", "org_sa_to_scc", "app_infra_to_cicd"], var.egress_policies_keys) : concat(["seed_to_cicd", "org_sa_to_scc"], var.egress_policies_keys)
 
   ingress_policies_map_dry_run = var.required_ingress_rules_app_infra_dry_run ? zipmap(
@@ -706,6 +706,7 @@ locals {
 
   required_egress_rules = [
     {
+      title = "ER seed -> cicd"
       from = {
         identities = [
           "serviceAccount:${local.cloudbuild_project_number}@cloudbuild.gserviceaccount.com",
@@ -728,6 +729,7 @@ locals {
       }
     },
     {
+      title = "ER cicd -> scc"
       from = {
         identities = [
           "serviceAccount:${local.organization_service_account}",

Original file line number	Diff line number	Diff line change
`@@ -212,9 +212,9 @@ locals {`
`212`	`212`	`[for p in local.projects : "${p}"]`
`213`	`213`	`)`
`214`	`214`
`215`		`- ingress_policies_keys_dry_run = var.required_ingress_rules_app_infra_dry_run ? concat(["cicd_to_app_infra", "cicd_to_seed_app_infra", "cicd_to_net_env", "billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys_dry_run) : concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys_dry_run)`
	`215`	`+ ingress_policies_keys_dry_run = var.required_ingress_rules_app_infra_dry_run ? concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed", "cicd_to_app_infra", "cicd_to_seed_app_infra", "cicd_to_net_env"], var.ingress_policies_keys_dry_run) : concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys_dry_run)`
`216`	`216`	`egress_policies_keys_dry_run = var.required_egress_rules_app_infra_dry_run ? concat(["seed_to_cicd", "org_sa_to_scc", "app_infra_to_cicd"], var.egress_policies_keys_dry_run) : concat(["seed_to_cicd", "org_sa_to_scc"], var.egress_policies_keys_dry_run)`
`217`		`- ingress_policies_keys = var.required_ingress_rules_app_infra ? concat(["cicd_to_app_infra", "cicd_to_seed_app_infra", "cicd_to_net_env", "billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys) : concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys)`
	`217`	`+ ingress_policies_keys = var.required_ingress_rules_app_infra ? concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed", "cicd_to_app_infra", "cicd_to_seed_app_infra", "cicd_to_net_env"], var.ingress_policies_keys) : concat(["billing_sa_to_prj", "sinks_sa_to_logs", "service_cicd_to_seed", "cicd_to_seed"], var.ingress_policies_keys)`
`218`	`218`	`egress_policies_keys = var.required_egress_rules_app_infra ? concat(["seed_to_cicd", "org_sa_to_scc", "app_infra_to_cicd"], var.egress_policies_keys) : concat(["seed_to_cicd", "org_sa_to_scc"], var.egress_policies_keys)`
`219`	`219`
`220`	`220`	`ingress_policies_map_dry_run = var.required_ingress_rules_app_infra_dry_run ? zipmap(`
`@@ -706,6 +706,7 @@ locals {`
`706`	`706`
`707`	`707`	`required_egress_rules = [`
`708`	`708`	`{`
	`709`	`+ title = "ER seed -> cicd"`
`709`	`710`	`from = {`
`710`	`711`	`identities = [`
`711`	`712`	`"serviceAccount:${local.cloudbuild_project_number}@cloudbuild.gserviceaccount.com",`
`@@ -728,6 +729,7 @@ locals {`
`728`	`729`	`}`
`729`	`730`	`},`
`730`	`731`	`{`
	`732`	`+ title = "ER cicd -> scc"`
`731`	`733`	`from = {`
`732`	`734`	`identities = [`
`733`	`735`	`"serviceAccount:${local.organization_service_account}",`