Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 3 additions & 32 deletions examples/tp-template/main.tf
Original file line number Diff line number Diff line change
@@ -1,28 +1,3 @@
##############################################################################
# Resource Group
##############################################################################

module "resource_group" {
source = "terraform-ibm-modules/resource-group/ibm"
version = "1.2.0"
# if an existing resource group is not set (null) create a new one using prefix
resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null
existing_resource_group_name = var.resource_group
}

##############################################################################
# COS
##############################################################################

module "cos" {
source = "terraform-ibm-modules/cos/ibm"
version = "9.0.4"
resource_group_id = module.resource_group.resource_group_id
cos_instance_name = "${var.prefix}-cos"
cos_tags = var.resource_tags
create_cos_bucket = false
}

##############################################################################
# Create trusted profile template
##############################################################################
Expand All @@ -33,7 +8,7 @@ module "trusted_profile_template" {
template_description = "Minimal example for trusted profile template"
profile_name = "${var.prefix}-profile"
profile_description = "Sample description"
identity_crn = module.cos.cos_instance_crn
identity_crn = "crn:v1:bluemix:public:cloud-object-storage:global:a/888877776665655554444e3333d22221:cosInstanceId::"
policy_templates = [
{
name = "${var.prefix}-cos-reader-access"
Expand All @@ -43,12 +18,8 @@ module "trusted_profile_template" {
key = "serviceName"
value = "cloud-object-storage"
operator = "stringEquals"
},
{
key = "serviceInstance"
value = module.cos.cos_instance_guid
operator = "stringEquals"
}]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed yesterday, the reason we added this was so we did not get policy clashes in our account as tests run. Each test would create a new COS instance meaning the policy attributes would always be unique.
But since you mentioned this config doesn't really make sense lets try to change it in a way where it still wont cause policy clashes in our account. I think you mentioned a unique tag could be used maybe? var.prefix will always be unique in the tests, so if we could use that as part of a tag, it will always be unique

}
]
}
]
account_group_ids_to_assign = var.account_group_ids_to_assign
Expand Down
17 changes: 16 additions & 1 deletion examples/tp-template/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,20 @@ output "all_enterprise_accounts" {

output "trusted_profile_template_id" {
description = "ID of the trusted profile template"
value = split("/", module.trusted_profile_template.trusted_profile_template_id_raw)[0]
value = module.trusted_profile_template.trusted_profile_template_id
}

output "trusted_profile_template_id_raw" {
description = "Full raw ID (including version) of the account settings template"
value = module.trusted_profile_template.trusted_profile_template_id_raw
}

output "trusted_profile_template_version" {
description = "The version of the account settings Template"
value = module.trusted_profile_template.trusted_profile_template_version
}

output "trusted_profile_template_assignment_ids" {
description = "List of assignment IDs to child accounts"
value = module.trusted_profile_template.trusted_profile_template_assignment_ids
}
12 changes: 0 additions & 12 deletions examples/tp-template/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,6 @@ variable "prefix" {
description = "Prefix name for all related resources"
}

variable "resource_tags" {
type = list(string)
description = "Optional list of tags to be added to created resources"
default = []
}

variable "resource_group" {
type = string
description = "An existing resource group name to use for this example, if unset a new resource group will be created"
default = null
}

variable "account_group_ids_to_assign" {
type = list(string)
default = ["all"]
Expand Down
4 changes: 2 additions & 2 deletions modules/trusted-profile-template/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ No modules.
|------|------|
| [ibm_iam_policy_template.profile_template_policies](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_policy_template) | resource |
| [ibm_iam_trusted_profile_template.trusted_profile_template_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile_template) | resource |
| [ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile_template_assignment) | resource |
| [ibm_iam_trusted_profile_template_assignment.trusted_profile_template_assignment_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile_template_assignment) | resource |
| [terraform_data.iam_policy_template_replacement](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
| [ibm_enterprise_account_groups.all_groups](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/enterprise_account_groups) | data source |
| [ibm_enterprise_accounts.all_accounts](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/enterprise_accounts) | data source |
Expand All @@ -95,7 +95,7 @@ No modules.
| Name | Description |
|------|-------------|
| <a name="output_enterprise_account_ids"></a> [enterprise\_account\_ids](#output\_enterprise\_account\_ids) | List of child enterprise account IDs |
| <a name="output_trusted_profile_template_assignment_ids"></a> [trusted\_profile\_template\_assignment\_ids](#output\_trusted\_profile\_template\_assignment\_ids) | The list of assignment IDs to child accounts |
| <a name="output_trusted_profile_template_assignment_ids"></a> [trusted\_profile\_template\_assignment\_ids](#output\_trusted\_profile\_template\_assignment\_ids) | List of assignment IDs to child accounts |
| <a name="output_trusted_profile_template_id"></a> [trusted\_profile\_template\_id](#output\_trusted\_profile\_template\_id) | The ID of the trusted profile template |
| <a name="output_trusted_profile_template_id_raw"></a> [trusted\_profile\_template\_id\_raw](#output\_trusted\_profile\_template\_id\_raw) | Full raw ID (including version) of the trusted profile template |
| <a name="output_trusted_profile_template_version"></a> [trusted\_profile\_template\_version](#output\_trusted\_profile\_template\_version) | The version of the Trusted Profile Template |
Expand Down
2 changes: 1 addition & 1 deletion modules/trusted-profile-template/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ locals {

}

resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
resource "ibm_iam_trusted_profile_template_assignment" "trusted_profile_template_assignment_instance" {
for_each = local.combined_targets

template_id = split("/", ibm_iam_trusted_profile_template.trusted_profile_template_instance.id)[0]
Expand Down
6 changes: 4 additions & 2 deletions modules/trusted-profile-template/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ output "trusted_profile_template_version" {
}

output "trusted_profile_template_assignment_ids" {
description = "The list of assignment IDs to child accounts"
value = split("/", ibm_iam_trusted_profile_template.trusted_profile_template_instance.id)[0]
description = "List of assignment IDs to child accounts"
value = {
for k, v in ibm_iam_trusted_profile_template_assignment.trusted_profile_template_assignment_instance : k => v.id
}
}