-
Notifications
You must be signed in to change notification settings - Fork 70
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: add org level permissions example
- Loading branch information
1 parent
0d23cf3
commit 0825dc0
Showing
3 changed files
with
77 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 37 additions & 4 deletions
41
examples/resources/aiven_organization_permission/resource.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,24 +1,57 @@ | ||
resource "aiven_organization_permission" "example_permissions" { | ||
# Grant access to a specific project | ||
resource "aiven_organization_permission" "example_project_permissions" { | ||
organization_id = data.aiven_organization.main.id | ||
resource_id = data.aiven_project.example_project.id | ||
resource_type = "project" | ||
permissions { | ||
# Grant the operator role and permission to read service logs to a user | ||
# Grant a user the operator role and | ||
# permission to read service logs | ||
permissions = [ | ||
"operator", | ||
"service:logs:read" | ||
] | ||
principal_id = "u123a456b7890c" | ||
principal_type = "user" | ||
} | ||
# Grant write project integrations and read project networking permissions, and the developer role to a group | ||
# Grant a group the write project integrations | ||
# permission and the developer role | ||
permissions { | ||
permissions = [ | ||
"project:integrations:write", | ||
"project:networking:read", | ||
"developer" | ||
] | ||
principal_id = data.aiven_organization_user_group.example_group.group_id | ||
principal_type = "user_group" | ||
} | ||
} | ||
|
||
# Organization-level permissions | ||
resource "aiven_organization_permission" "example_org_permissions" { | ||
organization_id = data.aiven_organization.main.id | ||
resource_id = data.aiven_organization.main.id | ||
resource_type = "organization" | ||
|
||
# Grant a user permission to manage application | ||
# users and view all project audit logs | ||
permissions { | ||
permissions = [ | ||
"organization:app_users:write", | ||
"project:audit_logs:read" | ||
] | ||
principal_id = "u123a456b7890c" | ||
principal_type = "user" | ||
} | ||
|
||
# Grant a group permission to manage users, | ||
# groups, domains, and identity providers | ||
permissions { | ||
permissions = [ | ||
"organization:users:write", | ||
"organization:groups:write", | ||
"organization:domains:write", | ||
"organization:idps:write" | ||
] | ||
principal_id = aiven_organization_user_group.example_group.group_id | ||
principal_type = "user_group" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters