Skip to content

Latest commit

 

History

History
41 lines (30 loc) · 5.11 KB

SPEC.md

File metadata and controls

41 lines (30 loc) · 5.11 KB

Requirements

Name Version
terraform >= 1.3.0

Providers

Name Version
oci n/a

Modules

No modules.

Resources

Name Type
oci_identity_policy.these resource
oci_identity_region_subscriptions.these data source
oci_identity_tenancy.this data source

Inputs

Name Description Type Default Required
compartments_dependency A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type. 
map(object({
    id = string
  }))
 null no
enable_debug Whether Terraform should enable module debug information. bool false no
enable_output Whether Terraform should enable module output. bool true no
module_name The module name. string "iam-policies" no
policies_configuration Policies configuration 
object({
    enable_cis_benchmark_checks = optional(bool) # Whether to check policies for CIS Foundations Benchmark recommendations. Default is true.
    supplied_policies = optional(map(object({ # A map of directly supplied policies. Use this to suplement or override the template policies.
      name             = string
      description      = string
      compartment_id   = string
      statements       = list(string)
      defined_tags     = optional(map(string))
      freeform_tags    = optional(map(string))
    })))
    template_policies = optional(object({ # An object describing the template policies. In this mode, policies are derived according to tenancy_level_settings and compartment_level_settings.
      tenancy_level_settings = optional(object({ # Settings for tenancy level (Root compartment) policies generation.
        groups_with_tenancy_level_roles = optional(list(object({ # A list of group names and their roles at the tenancy level. Template policies are granted to each group in the Root compartment.
          name = string
          roles = string
        })))
        oci_services = optional(object({
          enable_all_policies = optional(bool)
          enable_scanning_policies = optional(bool)
          enable_cloud_guard_policies = optional(bool)
          enable_os_management_policies = optional(bool)
          enable_block_storage_policies = optional(bool)
          enable_file_storage_policies = optional(bool)
          enable_oke_policies = optional(bool)
          enable_streaming_policies = optional(bool)
          enable_object_storage_policies = optional(bool)
        }))
        policy_name_prefix = optional(string) # A prefix to Root compartment policy names.
      }))
      compartment_level_settings = optional(object({ # Settings for compartment (non Root) level policies generation.
        supplied_compartments = optional(map(object({ # List of compartments that are policy targets.
          name = string # The compartment name
          id   = string # The compartment id
          cislz_metadata = map(string) # The compartment metadata. See module README.md for details.
        })))
        #policy_name_prefix = optional(string) # A prefix to compartment policy names.
      }))
    }))
    policy_name_prefix = optional(string) # A prefix to all policy names.
    policy_name_suffix = optional(string) # A suffix to all policy names.
    defined_tags = optional(map(string)) # Any defined tags to apply on the template (pre-configured) policies.
    freeform_tags = optional(map(string)) # Any freeform tags to apply on the template (pre-configured) policies.
  })
 null no
tenancy_ocid The tenancy OCID. string n/a yes

Outputs

Name Description
policies The policies. Enabled if enable_output attribute is true.
template_target_compartments An internal map driving the assignment of template policies according to compartment metadata. Enabled if enable_debug attribute is true.