feat(scw): add iam policy

hoverkraft-tech · May 8, 2023 · 090b193 · 090b193
1 parent 608ebca
commit 090b193
Show file tree

Hide file tree

Showing 8 changed files with 178 additions and 0 deletions.
diff --git a/scw/iam-policy/.terraform.lock.hcl b/scw/iam-policy/.terraform.lock.hcl
diff --git a/scw/iam-policy/.tflint.hcl b/scw/iam-policy/.tflint.hcl
diff --git a/scw/iam-policy/README.md b/scw/iam-policy/README.md
@@ -0,0 +1,49 @@
+# SCW IAM policy
+
+Create an IAM policy in scaleway
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
+| <a name="requirement_scaleway"></a> [scaleway](#requirement\_scaleway) | ~> 2.17.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_scaleway"></a> [scaleway](#provider\_scaleway) | ~> 2.17.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [scaleway_iam_policy.policy](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_policy) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_application_id"></a> [application\_id](#input\_application\_id) | The ID of the application the policy is associated with | `string` | `null` | no |
+| <a name="input_customer"></a> [customer](#input\_customer) | Customer for the current deployment | `string` | `""` | no |
+| <a name="input_description"></a> [description](#input\_description) | The description of the iam application | `string` | `null` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Environment for the current deployment | `string` | `""` | no |
+| <a name="input_group_id"></a> [group\_id](#input\_group\_id) | The ID of the group the policy is associated with | `string` | `null` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the bucket | `string` | n/a | yes |
+| <a name="input_no_principal"></a> [no\_principal](#input\_no\_principal) | If true, the policy will not be associated with any principal | `bool` | `null` | no |
+| <a name="input_organization_id"></a> [organization\_id](#input\_organization\_id) | The ID of the organization the application is associated with | `string` | `null` | no |
+| <a name="input_rules"></a> [rules](#input\_rules) | The list of rules to apply to the policy | `any` | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Default tags to add to resources | `map(any)` | `{}` | no |
+| <a name="input_user_id"></a> [user\_id](#input\_user\_id) | The ID of the user the policy is associated with | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The ID of the application |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/scw/iam-policy/main.tf b/scw/iam-policy/main.tf
@@ -0,0 +1,8 @@
+locals {
+  # tflint-ignore: terraform_unused_declarations
+  interpolated_tags = merge(
+    { "Customer" = var.customer },
+    { "Environment" = var.environment },
+    var.tags
+  )
+}
diff --git a/scw/iam-policy/outputs.tf b/scw/iam-policy/outputs.tf
@@ -0,0 +1,4 @@
+output "id" {
+  description = "The ID of the application"
+  value       = scaleway_iam_policy.policy.id
+}
diff --git a/scw/iam-policy/policy.tf b/scw/iam-policy/policy.tf
@@ -0,0 +1,18 @@
+resource "scaleway_iam_policy" "policy" {
+  name            = var.name
+  description     = var.description
+  organization_id = var.organization_id
+  application_id  = var.application_id
+  user_id         = var.user_id
+  group_id        = var.group_id
+  no_principal    = var.no_principal
+
+  dynamic "rule" {
+    for_each = var.rules
+    content {
+      organization_id      = rule.value.organization_id
+      project_ids          = rule.value.project_ids
+      permission_set_names = rule.value.permission_set_names
+    }
+  }
+}
diff --git a/scw/iam-policy/providers.tf b/scw/iam-policy/providers.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    scaleway = {
+      source  = "scaleway/scaleway"
+      version = "~> 2.17.0"
+    }
+  }
+  required_version = "~> 1.3"
+}
diff --git a/scw/iam-policy/variables.tf b/scw/iam-policy/variables.tf
@@ -0,0 +1,66 @@
+variable "name" {
+  description = "Name of the bucket"
+  type        = string
+}
+
+variable "customer" {
+  description = "Customer for the current deployment"
+  type        = string
+  default     = ""
+}
+
+variable "environment" {
+  description = "Environment for the current deployment"
+  type        = string
+  default     = ""
+}
+
+variable "tags" {
+  description = "Default tags to add to resources"
+  type        = map(any)
+  default     = {}
+}
+
+# module specific variables
+
+variable "description" {
+  type        = string
+  description = "The description of the iam application"
+  default     = null
+}
+
+variable "organization_id" {
+  type        = string
+  description = "The ID of the organization the application is associated with"
+  default     = null
+}
+
+variable "application_id" {
+  type        = string
+  description = "The ID of the application the policy is associated with"
+  default     = null
+}
+
+variable "user_id" {
+  type        = string
+  description = "The ID of the user the policy is associated with"
+  default     = null
+}
+
+variable "group_id" {
+  type        = string
+  description = "The ID of the group the policy is associated with"
+  default     = null
+}
+
+variable "no_principal" {
+  type        = bool
+  description = "If true, the policy will not be associated with any principal"
+  default     = null
+}
+
+variable "rules" {
+  type        = any
+  description = "The list of rules to apply to the policy"
+  default     = []
+}