scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-11-01 18:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bf1ee7fa02cd89b63085b0dc3d201cf9692454f8
terraform-talos/oracle/init/account.tf
Serge Logvinov 36b55101a3 Permission based on tags
2022-01-06 22:59:01 +02:00

61 lines
2.1 KiB
HCL
Raw Blame History

resource "oci_identity_compartment" "project" {
name = var.project
description = "Compartment created for ${var.project} project"
compartment_id = var.tenancy_ocid
enable_delete = false
}
resource "oci_identity_group" "operator" {
name = "operator"
description = "group created by terraform for operators"
compartment_id = var.tenancy_ocid
}
resource "oci_identity_group" "terraform" {
name = "terraform"
description = "group created by terraform for terraform"
compartment_id = var.tenancy_ocid
}
resource "oci_identity_user" "terraform" {
name = "terraform"
description = "user created by terraform for terraform"
compartment_id = var.tenancy_ocid
}
resource "oci_identity_user_group_membership" "terraform" {
compartment_id = var.tenancy_ocid
user_id = oci_identity_user.terraform.id
group_id = oci_identity_group.terraform.id
}
resource "oci_identity_user_capabilities_management" "terraform" {
user_id = oci_identity_user.terraform.id
can_use_api_keys = true
can_use_auth_tokens = false
can_use_console_password = false
can_use_customer_secret_keys = false
can_use_smtp_credentials = false
}
resource "null_resource" "terraform_key" {
provisioner "local-exec" {
command = "openssl genrsa -out ~/.oci/oci_${var.project}_terraform.pem 2048 && openssl rsa -pubout -in ~/.oci/oci_${var.project}_terraform.pem -out ~/.oci/oci_${var.project}_terraform_public.pem"
}
}
resource "oci_identity_api_key" "terraform" {
user_id = oci_identity_user.terraform.id
key_value = file(pathexpand("~/.oci/oci_${var.project}_terraform_public.pem"))
depends_on = [null_resource.terraform_key]
}
resource "oci_identity_dynamic_group" "ccm" {
compartment_id = var.tenancy_ocid
name = "oci-ccm"
description = "dynamic group created by terraform for oci-cloud-controller-manager"
matching_rule = "ALL {instance.compartment.id = '${oci_identity_compartment.project.id}', tag.Kubernetes.Role.value = 'contolplane'}"
}
Reference in New Issue View Git Blame Copy Permalink