Skip to content

Commit

Permalink
upgrade tf provider
Browse files Browse the repository at this point in the history
  • Loading branch information
lionelmace committed Jul 15, 2024
1 parent 0ac0db7 commit c60c514
Show file tree
Hide file tree
Showing 4 changed files with 103 additions and 6 deletions.
7 changes: 6 additions & 1 deletion terraform/iam/account-rg.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,9 @@ resource "ibm_resource_group" "group" {

output "resource_group_name" {
value = ibm_resource_group.group.name
}
}

resource "ibm_resource_group" "rg-vmware-lab" {
name = "vmware-lab"
tags = var.tags
}
67 changes: 67 additions & 0 deletions terraform/iam/iam-ag-vmware-lab.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
resource "ibm_iam_access_group" "ag-vmware-lab" {
name = "ag-vmware-lab"
tags = var.tags
}

# Add visibility to the Resource Group
resource "ibm_iam_access_group_policy" "rg-vmware-lab-visibility" {
access_group_id = ibm_iam_access_group.ag-vmware-lab.id
roles = ["Viewer"]
resources {
resource_type = "resource-group"
resource = ibm_resource_group.rg-vmware-lab.id
}
}

# Service: VCF as a Service
#
# Platform Roles: Viewer
# Service Roles: Reader, Viewer, VCFaaS Director Console User,
# VCFaaS Director Backup User, VCFaaS Director Security Admin,
# VCFaaS Director Network Admin, VCFaaS Director Catalog Author,
# VCFaaS Director vApp User, VCFaaS Director vApp Author,
# VCFaaS Director Full Viewer
resource "ibm_iam_access_group_policy" "policy-vcf-vmware-all" {
access_group_id = ibm_iam_access_group.ag-vmware-lab.id
resource_attributes {
name = "serviceName"
operator = "stringEquals"
value = "vmware"
}
roles = ["Reader", "Viewer", "VCFaaS Director Console User", "VCFaaS Director Backup User", "VCFaaS Director Security Admin", "VCFaaS Director Network Admin", "VCFaaS Director Catalog Author", "VCFaaS Director vApp User", "VCFaaS Director vApp Author", "VCFaaS Director Full Viewer"]
}

# Service: VCF as a Service
resource "ibm_iam_access_group_policy" "policy-vcf-vmware-rg" {
access_group_id = ibm_iam_access_group.ag-vmware-lab.id
resource_attributes {
name = "serviceName"
operator = "stringEquals"
value = "vmware"
}
resource_attributes {
name = "resourceGroupId"
operator = "stringEquals"
value = ibm_resource_group.rg-vmware-lab.id
}
roles = ["Viewer", "Administrator", "Editor", "Operator", "Service Configuration Reader", "Key Manager"]
}

# Service: VMware Solutions
#
# Platform Roles: Viewer
# Service Roles: Reader
resource "ibm_iam_access_group_policy" "policy-vmware-solutions" {
access_group_id = ibm_iam_access_group.ag-vmware-lab.id
resource_attributes {
name = "serviceName"
operator = "stringEquals"
value = "vmware-solutions"
}
resource_attributes {
name = "resourceGroupId"
operator = "stringEquals"
value = ibm_resource_group.rg-vmware-lab.id
}
roles = ["Viewer", "Reader"]
}
31 changes: 28 additions & 3 deletions terraform/iam/iam-users.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,31 @@

# invite the users in the account and attach them to their access group
# resource "ibm_iam_user_invite" "invite_user" {
# users = ["[email protected]"]
# access_groups = [ibm_iam_access_group.ag-test.id]
resource "ibm_iam_user_invite" "invite_user" {
users = ["[email protected]"]
access_groups = [ibm_iam_access_group.ag-vmware-lab.id]
}


# Update the policies of existing users
# Assign Access Group to an existing user
resource "ibm_iam_access_group_members" "assign-vmware-ag-to-user" {
access_group_id = ibm_iam_access_group.ag-vmware-lab.id
ibm_ids = ["[email protected]"]
}

resource "ibm_iam_user_invite" "assign-existing-user-to-classic-infra" {
users = ["[email protected]"]
classic_infra_roles {
# permission_set = "superuser"
permission_set = "noacess"
}
}

# Not supported by Terraform yet
# resource "ibm_iam_user_policy" "policy" {
# ibm_ids = ["[email protected]"]
# classic_infra_roles {
# # permission_set = "superuser"
# permission_set = "noacess"
# }
# }
4 changes: 2 additions & 2 deletions terraform/iam/provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@
##############################################################################

terraform {
required_version = ">=1.5, < 1.6"
required_version = ">=1.6"
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
version = "1.66.0"
version = "1.67.1"
}
}
}
Expand Down

0 comments on commit c60c514

Please sign in to comment.