Closed daniel-cit closed 3 years ago
Thanks @daniel-cit. Overall LGTM. Can we test this by modifying one of the existing examples?
I think they will need to be new tests so not to conflict with current tests.
I can do a negative regions test if we set the region in the access level to some region without a gcp location like for example PN
. It should always fail in the tests
I don't think we will be able to test require_corp_owned
because the organization that owns the access level must have an MDM license and we would need a device to be used in the test to originate request to resources inside the perimeter
I can do a negative regions test if we set the region in the access level to some region without a gcp location like for example PN. It should always fail in the tests
Not a blocker, but can't we modify one of the existing tests to include regions and then just assert via gcloud access-context-manager levels describe POLICY_NAME
that it applies to that same list like "CH", "IT", "US",
?
I don't think we will be able to test require_corp_owned because the organization that owns the access level must have an MDM license and we would need a device to be used in the test to originate request to resources inside the perimeter
Thanks for checking, sgtm.
This PR adds support for:
in the the access level module.