scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-11-01 10:48:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b74ab73aba1ef61b354d6f1f0cf619b95fa8bc14
terraform-talos/oracle/init/policy.tf
Serge Logvinov b74ab73aba Add predefined tags
2022-01-04 00:12:06 +02:00

44 lines
2.8 KiB
HCL
Raw Blame History

resource "oci_identity_policy" "terraform" {
name = "terraform"
description = "policy created by terraform for terraform"
compartment_id = oci_identity_compartment.project.id
statements = [
"Allow group ${oci_identity_group.terraform.name} to use tag-namespaces in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage virtual-network-family in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage dns in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage compute-management-family in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage instances in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage instance-family in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage compute-image-capability-schema in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to read objectstorage-namespaces in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage buckets in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage objects in compartment ${oci_identity_compartment.project.name}",
]
}
resource "oci_identity_policy" "ccm" {
name = "ccm"
description = "policy created by terraform for ccm"
compartment_id = oci_identity_compartment.project.id
# https://github.com/oracle/oci-cloud-controller-manager/blob/master/manifests/provider-config-example.yaml
statements = [
"Allow dynamic-group ${oci_identity_dynamic_group.ccm.name} to read instance-family in compartment ${oci_identity_compartment.project.name}",
"Allow dynamic-group ${oci_identity_dynamic_group.ccm.name} to read virtual-network-family in compartment ${oci_identity_compartment.project.name}"
# "Allow dynamic-group ${oci_identity_dynamic_group.ccm.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}"
]
}
resource "oci_identity_policy" "operator" {
name = "operator"
description = "policy created by terraform for operators"
compartment_id = oci_identity_compartment.project.id
statements = [
"Allow group ${oci_identity_group.operator.name} to use instance-pools in compartment ${oci_identity_compartment.project.name}",
]
}
Reference in New Issue View Git Blame Copy Permalink