Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New org policies #283

Merged
merged 3 commits into from
Nov 9, 2020
Merged

New org policies #283

merged 3 commits into from
Nov 9, 2020

Conversation

daniel-cit
Copy link
Contributor

This PR adds two new org policies:

  • OS login
  • Shielded VMs

with a toggle for each one

@daniel-cit daniel-cit requested a review from a team as a code owner November 5, 2020 02:57
bharathkkb
bharathkkb reviewed Nov 5, 2020
View reviewed changes
Copy link
Member

@bharathkkb bharathkkb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall LGTM
/cc @rjerrems

1-org/envs/shared/variables.tf
@@ -49,6 +49,18 @@ variable "domains_to_allow" {
type = list(string)
}

variable "enable_shielded_vm_policy" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@daniel-cit can we document the caveats for enabling each of these as well (i.e GKE issue with os login and dataflow/composer with Shielded VMs) so that the user is aware.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think its best to link to public docs as @daniel-cit has done, so that they can be the source of truth for any limitations

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(we should try to get docs updated where they are lacking)

@rjerrems
Copy link
Collaborator

rjerrems commented Nov 5, 2020

So the plan is turn these on by default now? We should have some documentation for how to add exceptions to the policy for workloads that don't work well with these policies I think before we make it the default

@bharathkkb
Copy link
Member

@rjerrems off by default and +1 for docs.

terraform-example-foundation/1-org/envs/shared/variables.tf

Line 55 in 3ce143a

default = false

rjerrems
rjerrems approved these changes Nov 9, 2020
View reviewed changes
Copy link
Collaborator

@rjerrems rjerrems left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rjerrems rjerrems merged commit b90771a into terraform-google-modules:develop Nov 9, 2020
bharathkkb pushed a commit that referenced this pull request Mar 30, 2021
@daniel-cit @bharathkkb
feat: add Shielded VMs & OS Login org policies (#283)
5ec9b74
bharathkkb pushed a commit that referenced this pull request Mar 30, 2021
@daniel-cit @bharathkkb
feat: add Shielded VMs & OS Login org policies (#283)
b1bda6d
bharathkkb pushed a commit that referenced this pull request Mar 30, 2021
@daniel-cit @bharathkkb
feat: add Shielded VMs & OS Login org policies (#283)
c8dd61c
bharathkkb pushed a commit that referenced this pull request Mar 31, 2021
@daniel-cit @bharathkkb
feat: add Shielded VMs & OS Login org policies (#283)
07a201e
@daniel-cit daniel-cit deleted the new-org-policies branch May 20, 2022 00:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rjerrems rjerrems rjerrems approved these changes

@bharathkkb bharathkkb bharathkkb left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@daniel-cit @rjerrems @bharathkkb