70 lines
2.1 KiB
HCL
70 lines
2.1 KiB
HCL
resource "oci_identity_group" "administrators" {
|
|
compartment_id = var.tenancy_id
|
|
name = join("", [var.prefix, "administrators"])
|
|
description = local.common_description
|
|
freeform_tags = local.freeform_tags
|
|
}
|
|
|
|
resource "oci_identity_policy" "administrators" {
|
|
compartment_id = oci_identity_compartment.compartment.id
|
|
name = join("", [var.prefix, "administrators"])
|
|
description = local.common_description
|
|
statements = [
|
|
"ALLOW group ${oci_identity_group.administrators.name} TO manage all-resources IN compartment ${oci_identity_compartment.compartment.name}"
|
|
]
|
|
freeform_tags = local.freeform_tags
|
|
}
|
|
|
|
resource "oci_identity_user" "admin" {
|
|
compartment_id = var.tenancy_id
|
|
name = join("", [var.prefix, "admin"])
|
|
description = local.common_description
|
|
freeform_tags = local.freeform_tags
|
|
}
|
|
|
|
resource "oci_identity_user_group_membership" "admin" {
|
|
group_id = oci_identity_group.administrators.id
|
|
user_id = oci_identity_user.admin.id
|
|
}
|
|
|
|
resource "oci_identity_customer_secret_key" "admin" {
|
|
count = var.admin_create_credentials.customer_key ? 1 : 0
|
|
|
|
display_name = join("", [var.prefix, "admin"])
|
|
user_id = oci_identity_user.admin.id
|
|
}
|
|
|
|
resource "oci_identity_ui_password" "admin_initial" {
|
|
count = var.admin_create_credentials.password ? 1 : 0
|
|
|
|
user_id = oci_identity_user.admin.id
|
|
}
|
|
|
|
resource "oci_identity_auth_token" "admin" {
|
|
count = var.admin_create_credentials.auth_token ? 1 : 0
|
|
|
|
user_id = oci_identity_user.admin.id
|
|
description = local.common_description
|
|
}
|
|
|
|
resource "oci_identity_smtp_credential" "admin" {
|
|
count = var.admin_create_credentials.smtp ? 1 : 0
|
|
|
|
description = "default smtp credentials"
|
|
user_id = oci_identity_user.admin.id
|
|
}
|
|
|
|
resource "tls_private_key" "admin_api_key" {
|
|
count = var.admin_create_credentials.api_key ? 1 : 0
|
|
|
|
algorithm = "RSA"
|
|
rsa_bits = 2048
|
|
}
|
|
|
|
resource "oci_identity_api_key" "admin" {
|
|
count = var.admin_create_credentials.api_key ? 1 : 0
|
|
|
|
user_id = oci_identity_user.admin.id
|
|
key_value = trimspace(tls_private_key.admin_api_key[0].public_key_pem)
|
|
}
|