-
-
Notifications
You must be signed in to change notification settings - Fork 81
/
iam.tf
28 lines (25 loc) · 1.3 KB
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
resource "oci_identity_dynamic_group" "compute_dynamic_group" {
compartment_id = var.tenancy_ocid
description = "Dynamic group which contains all instance in this compartment"
matching_rule = "All {instance.compartment.id = '${var.compartment_ocid}'}"
name = var.oci_identity_dynamic_group_name
freeform_tags = {
"provisioner" = "terraform"
"environment" = "${var.environment}"
"${var.unique_tag_key}" = "${var.unique_tag_value}"
}
}
resource "oci_identity_policy" "compute_dynamic_group_policy" {
compartment_id = var.compartment_ocid
description = "Policy to allow dynamic group ${oci_identity_dynamic_group.compute_dynamic_group.name} to read instance-family and compute-management-family in the compartment"
name = var.oci_identity_policy_name
statements = [
"allow dynamic-group ${oci_identity_dynamic_group.compute_dynamic_group.name} to read instance-family in compartment id ${var.compartment_ocid}",
"allow dynamic-group ${oci_identity_dynamic_group.compute_dynamic_group.name} to read compute-management-family in compartment id ${var.compartment_ocid}"
]
freeform_tags = {
"provisioner" = "terraform"
"environment" = "${var.environment}"
"${var.unique_tag_key}" = "${var.unique_tag_value}"
}
}