From 1661dbea6b551546da7d1a71accee4111a3b4f2b Mon Sep 17 00:00:00 2001 From: The Magician Date: Fri, 20 Oct 2023 15:16:23 -0700 Subject: [PATCH] Vgm vpc subseg (#9298) (#1627) * First commit for VPC sub-segmentation feature. All relevant resources and tests updated. * Adding access levels instead of using a fake access level name. Also moving a VPC network to the top level instead of (incorrectly) inside another resource. * Fixing conflict between ip_subnetworks and vpc_ip_subnetworks * Undoing changes to access level condition test * Undoing changes to access level condition test * Ran gofmt * Re-adding access level conditions tests * Changing resource names to camel case to match what the HTTP response from the API returns. Also removing the 'resource' field because it's behind an allowlist. * Parameterizing the names of VPC networks created in tests * Fixing access level condition test * Fixed formatting with gofmt * Added missing fields in egress_from for service perimeter test. * Added "required: true" for AccessLevel.VpcNetworkSource.network field to match description. * Added egress source changes to test data in: example_access_context_manager_service_perimeter.tfplan.json * Add Egress Source/source restriction changes to example_access_context_manager_service_perimeter.tf * Attempt to fix example_access_context_manager_service_perimeter.tfplan.json to make it parse correctly * Add Egress Source to expected tcg test result data * Fixing expected output format in example_access_context_manager_service_perimeter.json * Fix Access Level format in expected output in example_access_context_manager_service_perimeter.json --------- [upstream:d30384c9aa2002c56102ce4c8f0c76c77706b923] Signed-off-by: Modular Magician --- .../accesscontextmanager_access_level.go | 63 +++++++++++++ .../accesscontextmanager_access_levels.go | 63 +++++++++++++ .../accesscontextmanager_service_perimeter.go | 88 +++++++++++++++++++ ...accesscontextmanager_service_perimeters.go | 88 +++++++++++++++++++ ...ess_context_manager_service_perimeter.json | 8 +- ...ccess_context_manager_service_perimeter.tf | 4 + ...text_manager_service_perimeter.tfplan.json | 35 +++++++- 7 files changed, 344 insertions(+), 5 deletions(-) diff --git a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_access_level.go b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_access_level.go index b24e2ebf5..31d594a3f 100644 --- a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_access_level.go +++ b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_access_level.go @@ -189,6 +189,13 @@ func expandAccessContextManagerAccessLevelBasicConditions(v interface{}, d tpgre transformed["regions"] = transformedRegions } + transformedVpcNetworkSources, err := expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSources(original["vpc_network_sources"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedVpcNetworkSources); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["vpcNetworkSources"] = transformedVpcNetworkSources + } + req = append(req, transformed) } return req, nil @@ -336,6 +343,62 @@ func expandAccessContextManagerAccessLevelBasicConditionsRegions(v interface{}, return v, nil } +func expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSources(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + req := make([]interface{}, 0, len(l)) + for _, raw := range l { + if raw == nil { + continue + } + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedVpcSubnetwork, err := expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetwork(original["vpc_subnetwork"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedVpcSubnetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["vpcSubnetwork"] = transformedVpcSubnetwork + } + + req = append(req, transformed) + } + return req, nil +} + +func expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedNetwork, err := expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkNetwork(original["network"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedNetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["network"] = transformedNetwork + } + + transformedVpcIpSubnetworks, err := expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(original["vpc_ip_subnetworks"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedVpcIpSubnetworks); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["vpcIpSubnetworks"] = transformedVpcIpSubnetworks + } + + return transformed, nil +} + +func expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkNetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + func expandAccessContextManagerAccessLevelCustom(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { diff --git a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_access_levels.go b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_access_levels.go index 8acd7bc69..26cbceee5 100644 --- a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_access_levels.go +++ b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_access_levels.go @@ -211,6 +211,13 @@ func expandAccessContextManagerAccessLevelsAccessLevelsBasicConditions(v interfa transformed["regions"] = transformedRegions } + transformedVpcNetworkSources, err := expandAccessContextManagerAccessLevelsAccessLevelsBasicConditionsVpcNetworkSources(original["vpc_network_sources"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedVpcNetworkSources); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["vpcNetworkSources"] = transformedVpcNetworkSources + } + req = append(req, transformed) } return req, nil @@ -347,6 +354,62 @@ func expandAccessContextManagerAccessLevelsAccessLevelsBasicConditionsRegions(v return v, nil } +func expandAccessContextManagerAccessLevelsAccessLevelsBasicConditionsVpcNetworkSources(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + req := make([]interface{}, 0, len(l)) + for _, raw := range l { + if raw == nil { + continue + } + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedVpcSubnetwork, err := expandAccessContextManagerAccessLevelsAccessLevelsBasicConditionsVpcNetworkSourcesVpcSubnetwork(original["vpc_subnetwork"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedVpcSubnetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["vpcSubnetwork"] = transformedVpcSubnetwork + } + + req = append(req, transformed) + } + return req, nil +} + +func expandAccessContextManagerAccessLevelsAccessLevelsBasicConditionsVpcNetworkSourcesVpcSubnetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedNetwork, err := expandAccessContextManagerAccessLevelsAccessLevelsBasicConditionsVpcNetworkSourcesVpcSubnetworkNetwork(original["network"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedNetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["network"] = transformedNetwork + } + + transformedVpcIpSubnetworks, err := expandAccessContextManagerAccessLevelsAccessLevelsBasicConditionsVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(original["vpc_ip_subnetworks"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedVpcIpSubnetworks); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["vpcIpSubnetworks"] = transformedVpcIpSubnetworks + } + + return transformed, nil +} + +func expandAccessContextManagerAccessLevelsAccessLevelsBasicConditionsVpcNetworkSourcesVpcSubnetworkNetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandAccessContextManagerAccessLevelsAccessLevelsBasicConditionsVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + func expandAccessContextManagerAccessLevelsAccessLevelsCustom(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { diff --git a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeter.go b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeter.go index eaab17047..18b732d52 100644 --- a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeter.go +++ b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeter.go @@ -483,6 +483,20 @@ func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFrom(v transformed["identityType"] = transformedIdentityType } + transformedSources, err := expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSources(original["sources"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedSources); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["sources"] = transformedSources + } + + transformedSourceRestriction, err := expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSourceRestriction(original["source_restriction"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedSourceRestriction); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["sourceRestriction"] = transformedSourceRestriction + } + transformedIdentities, err := expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromIdentities(original["identities"], d, config) if err != nil { return nil, err @@ -497,6 +511,36 @@ func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromIde return v, nil } +func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSources(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + req := make([]interface{}, 0, len(l)) + for _, raw := range l { + if raw == nil { + continue + } + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedAccessLevel, err := expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSourcesAccessLevel(original["access_level"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedAccessLevel); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["accessLevel"] = transformedAccessLevel + } + + req = append(req, transformed) + } + return req, nil +} + +func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSourcesAccessLevel(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSourceRestriction(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromIdentities(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { v = v.(*schema.Set).List() return v, nil @@ -973,6 +1017,20 @@ func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFrom(v in transformed["identityType"] = transformedIdentityType } + transformedSources, err := expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSources(original["sources"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedSources); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["sources"] = transformedSources + } + + transformedSourceRestriction, err := expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSourceRestriction(original["source_restriction"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedSourceRestriction); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["sourceRestriction"] = transformedSourceRestriction + } + transformedIdentities, err := expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromIdentities(original["identities"], d, config) if err != nil { return nil, err @@ -987,6 +1045,36 @@ func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromIdent return v, nil } +func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSources(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + req := make([]interface{}, 0, len(l)) + for _, raw := range l { + if raw == nil { + continue + } + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedAccessLevel, err := expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSourcesAccessLevel(original["access_level"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedAccessLevel); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["accessLevel"] = transformedAccessLevel + } + + req = append(req, transformed) + } + return req, nil +} + +func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSourcesAccessLevel(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSourceRestriction(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromIdentities(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { v = v.(*schema.Set).List() return v, nil diff --git a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeters.go b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeters.go index 19c4e5ecb..da00a5f34 100644 --- a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeters.go +++ b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeters.go @@ -540,6 +540,20 @@ func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPol transformed["identities"] = transformedIdentities } + transformedSources, err := expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressFromSources(original["sources"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedSources); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["sources"] = transformedSources + } + + transformedSourceRestriction, err := expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressFromSourceRestriction(original["source_restriction"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedSourceRestriction); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["sourceRestriction"] = transformedSourceRestriction + } + return transformed, nil } @@ -552,6 +566,36 @@ func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPol return v, nil } +func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressFromSources(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + req := make([]interface{}, 0, len(l)) + for _, raw := range l { + if raw == nil { + continue + } + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedAccessLevel, err := expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressFromSourcesAccessLevel(original["access_level"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedAccessLevel); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["accessLevel"] = transformedAccessLevel + } + + req = append(req, transformed) + } + return req, nil +} + +func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressFromSourcesAccessLevel(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressFromSourceRestriction(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressTo(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { @@ -1030,6 +1074,20 @@ func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPolic transformed["identities"] = transformedIdentities } + transformedSources, err := expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressFromSources(original["sources"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedSources); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["sources"] = transformedSources + } + + transformedSourceRestriction, err := expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressFromSourceRestriction(original["source_restriction"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedSourceRestriction); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["sourceRestriction"] = transformedSourceRestriction + } + return transformed, nil } @@ -1042,6 +1100,36 @@ func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPolic return v, nil } +func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressFromSources(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + req := make([]interface{}, 0, len(l)) + for _, raw := range l { + if raw == nil { + continue + } + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedAccessLevel, err := expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressFromSourcesAccessLevel(original["access_level"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedAccessLevel); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["accessLevel"] = transformedAccessLevel + } + + req = append(req, transformed) + } + return req, nil +} + +func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressFromSourcesAccessLevel(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressFromSourceRestriction(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressTo(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { diff --git a/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.json b/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.json index 4dfc6f748..8e0990e72 100644 --- a/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.json +++ b/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.json @@ -15,7 +15,13 @@ "egressPolicies": [ { "egressFrom": { - "identityType": "ANY_USER_ACCOUNT" + "identityType": "ANY_USER_ACCOUNT", + "sourceRestriction": "SOURCE_RESTRICTION_ENABLED", + "sources": [ + { + "accessLevel": "accessPolicies/987654/accessLevels/restrict_storage" + } + ] } } ], diff --git a/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.tf b/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.tf index f5c7a4bc2..ca8852445 100644 --- a/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.tf +++ b/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.tf @@ -57,6 +57,10 @@ resource "google_access_context_manager_service_perimeter" "service-perimeter" { egress_policies { egress_from { + sources { + access_level = "accessPolicies/987654/accessLevels/restrict_storage" + } + source_restriction = "SOURCE_RESTRICTION_ENABLED" identity_type = "ANY_USER_ACCOUNT" } } diff --git a/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.tfplan.json b/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.tfplan.json index b8f59687a..f3f2736a3 100644 --- a/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.tfplan.json +++ b/tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.tfplan.json @@ -25,7 +25,13 @@ "egress_from": [ { "identities": null, - "identity_type": "ANY_USER_ACCOUNT" + "identity_type": "ANY_USER_ACCOUNT", + "sources": [ + { + "access_level": "accessPolicies/987654/accessLevels/restrict_storage" + } + ], + "source_restriction": "SOURCE_RESTRICTION_ENABLED" } ], "egress_to": [] @@ -110,7 +116,13 @@ "egress_from": [ { "identities": null, - "identity_type": "ANY_USER_ACCOUNT" + "identity_type": "ANY_USER_ACCOUNT", + "sources": [ + { + "access_level": "accessPolicies/987654/accessLevels/restrict_storage" + } + ], + "source_restriction": "SOURCE_RESTRICTION_ENABLED" } ], "egress_to": [] @@ -174,7 +186,11 @@ "egress_policies": [ { "egress_from": [ - {} + { + "sources": [ + {} + ] + } ], "egress_to": [] } @@ -252,6 +268,16 @@ { "identity_type": { "constant_value": "ANY_USER_ACCOUNT" + }, + "sources": [ + { + "access_level":{ + "constant_value": "accessPolicies/987654/accessLevels/restrict_storage" + } + } + ], + "source_restriction": { + "constant_value": "SOURCE_RESTRICTION_ENABLED" } } ] @@ -321,4 +347,5 @@ ] } } -} \ No newline at end of file +} +