-
Notifications
You must be signed in to change notification settings - Fork 696
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New org policies #283
New org policies #283
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
overall LGTM
/cc @rjerrems
@@ -49,6 +49,18 @@ variable "domains_to_allow" { | |||
type = list(string) | |||
} | |||
|
|||
variable "enable_shielded_vm_policy" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@daniel-cit can we document the caveats for enabling each of these as well (i.e GKE issue with os login and dataflow/composer with Shielded VMs) so that the user is aware.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think its best to link to public docs as @daniel-cit has done, so that they can be the source of truth for any limitations
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(we should try to get docs updated where they are lacking)
So the plan is turn these on by default now? We should have some documentation for how to add exceptions to the policy for workloads that don't work well with these policies I think before we make it the default |
@rjerrems off by default and +1 for docs.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This PR adds two new org policies:
with a toggle for each one