Terraform IBM Trusted Profile

This module creates a trusted profile, a set of policies given to the profile, a set of claim rules for the profile, and a set of infrastructure links to the profile.

Overview

terraform-ibm-trusted-profile

Usage

module "trusted_profile {
  source                      = "terraform-ibm-modules/trusted-profile/ibm"
  version                     = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  trusted_profile_name        = "example-profile"
  trusted_profile_description = "Example Trusted Profile"

  trusted_profile_policies = [{
    roles = ["Reader", "Viewer"]
    resources = [{
      service           = "kms"
    }]
  }]

  trusted_profile_claim_rules = [{
    conditions = [{
      claim    = "Group"
      operator = "CONTAINS"
      value    = "\"Admin\""
    }]

    type    = "Profile-CR"
    cr_type = "VSI"
  }]

  trusted_profile_links = [{
    cr_type = "VSI"
    links = [{
      crn = ibm_is_instance.vsi.crn # Existing Infrastructure CRN
    }]
  }]
}

Using the variables

The 3 variables trusted_profile_policies, trusted_profile_claim_rules, and trusted_profile_links are lists of objects whose fields are mapped out to match the arguments for the provider, for more information on the variables visit the following provider documentation:

Required IAM access policies

You need the following permissions to run this module.

Account Management
- IAM Identity service
  - Administrator platform access

You will also need Administrator access for any service which you are creating a policy for in the trusted profile. Lastly, your account must have authentication from an external identity provider enabled; see this documentation for more information.

Requirements

Name	Version
terraform	>= 1.3.0
ibm	>= 1.53.0, < 2.0.0

Modules

No modules.

Resources

Name	Type
ibm_iam_trusted_profile.profile	resource
ibm_iam_trusted_profile_claim_rule.claim_rule	resource
ibm_iam_trusted_profile_link.link	resource
ibm_iam_trusted_profile_policy.policy	resource

Inputs

Name	Description	Type	Default	Required
trusted_profile_claim_rules	A list of Trusted Profile Claim Rule objects that are applied to the Trusted Profile created by the module.	list(object({ # required arguments conditions = list(object({ claim = string operator = string value = string })) type = string # optional arguments cr_type = optional(string) expiration = optional(number) name = optional(string) realm_name = optional(string) }))	`null`	no
trusted_profile_description	Description of the trusted profile.	`string`	`null`	no
trusted_profile_links	A list of Trusted Profile Link objects that are applied to the Trusted Profile created by the module.	list(object({ # required arguments cr_type = string links = list(object({ crn = string namespace = optional(string) name = optional(string) })) # optional arguments name = optional(string) }))	`null`	no
trusted_profile_name	Name of the trusted profile.	`string`	n/a	yes
trusted_profile_policies	A list of Trusted Profile Policy objects that are applied to the Trusted Profile created by the module.	list(object({ roles = list(string) account_management = optional(bool) description = optional(string) resources = optional(list(object({ service = optional(string) service_type = optional(string) resource_instance_id = optional(string) region = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) service_group_id = optional(string) attributes = optional(map(any)) })), null) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) resource_tags = optional(list(object({ name = string value = string operator = optional(string) }))) rule_conditions = optional(list(object({ key = string operator = string value = list(any) }))) rule_operator = optional(string) pattern = optional(string) }))	n/a	yes

Outputs

Name	Description
trusted_profile	Output of the Trusted Profile
trusted_profile_claim_rules	Output of the Trusted Profile Claim Rules
trusted_profile_links	Output of the Trusted Profile Links
trusted_profile_policies	Output of the Trusted Profile Policies

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

Name		Name	Last commit message	Last commit date
Latest commit History 75 Commits
.github		.github
common-dev-assets @ 247369d		common-dev-assets @ 247369d
examples		examples
tests		tests
.gitignore		.gitignore
.gitmodules		.gitmodules
.pre-commit-config.yaml		.pre-commit-config.yaml
.releaserc		.releaserc
.secrets.baseline		.secrets.baseline
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
ci		ci
commitlint.config.js		commitlint.config.js
cra-config.yaml		cra-config.yaml
cra-tf-validate-ignore-rules.json		cra-tf-validate-ignore-rules.json
main.tf		main.tf
module-metadata.json		module-metadata.json
outputs.tf		outputs.tf
renovate.json		renovate.json
variables.tf		variables.tf
version.tf		version.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Terraform IBM Trusted Profile

Overview

terraform-ibm-trusted-profile

Usage

Using the variables

Required IAM access policies

Requirements

Modules

Resources

Inputs

Outputs

Contributing

About

Releases 5

Packages

Contributors 7

Languages

License

terraform-ibm-modules/terraform-ibm-trusted-profile

Folders and files

Latest commit

History

Repository files navigation

Terraform IBM Trusted Profile

Overview

terraform-ibm-trusted-profile

Usage

Using the variables

Required IAM access policies

Requirements

Modules

Resources

Inputs

Outputs

Contributing

About

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases 5

Packages 0

Contributors 7

Languages

Packages