-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmain.tf
104 lines (90 loc) · 3.19 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
locals {
slr_with_service_names = toset(
flatten(
[
for v in var.service_linked_role_with_service_names : lookup(var.service_linked_roles, v, [])
]
)
)
slr_with_role_names = toset(
[
for v in var.service_linked_role_with_role_names : v if contains(keys(local.service_linked_roles), v)
]
)
slr_with_service_names_and_exclude = toset(
[
for v in local.slr_with_service_names : v if !contains(var.exclude_service_linked_role_with_role_names, v)
]
)
sr_with_service_names = toset(
flatten(
[
for v in var.service_role_with_service_names : lookup(var.service_roles, v, [])
]
)
)
sr_with_role_names = toset(
[
for v in var.service_role_with_role_names : v if contains(keys(local.service_roles), v)
]
)
sr_with_self_roles = {
for r in var.service_role_with_self_roles : r.name => r
}
sr_with_service_names_and_exclude = toset(
[
for v in local.sr_with_service_names : v if !contains(var.exclude_service_role_with_role_names, v)
]
)
}
resource "alicloud_ram_role" "sr_with_service_names" {
for_each = local.sr_with_service_names_and_exclude
name = each.key
document = lookup(local.service_roles[each.key], "document")
description = lookup(local.service_roles[each.key], "description")
}
resource "alicloud_ram_role_policy_attachment" "sr_with_service_names" {
for_each = local.sr_with_service_names_and_exclude
policy_name = lookup(local.service_roles[each.key], "policy_name")
policy_type = "System"
role_name = each.key
depends_on = [alicloud_ram_role.sr_with_service_names]
}
resource "alicloud_ram_role" "sr_with_role_names" {
for_each = local.sr_with_role_names
name = each.key
document = lookup(local.service_roles[each.key], "document")
description = lookup(local.service_roles[each.key], "description")
}
resource "alicloud_ram_role_policy_attachment" "sr_with_role_names" {
for_each = local.sr_with_role_names
policy_name = lookup(local.service_roles[each.key], "policy_name")
policy_type = "System"
role_name = each.key
depends_on = [alicloud_ram_role.sr_with_role_names]
}
resource "alicloud_ram_role" "sr_with_self_roles" {
for_each = local.sr_with_self_roles
name = each.value.name
document = each.value.document
description = each.value.description
}
resource "alicloud_ram_role_policy_attachment" "sr_with_self_roles" {
for_each = local.sr_with_self_roles
policy_name = each.value.policy_name
policy_type = each.value.policy_type
role_name = each.value.name
depends_on = [alicloud_ram_role.sr_with_self_roles]
}
resource "alicloud_resource_manager_service_linked_role" "slr_with_service_names" {
for_each = local.slr_with_service_names_and_exclude
service_name = lookup(local.service_linked_roles[each.key], "id")
}
resource "alicloud_resource_manager_service_linked_role" "slr_with_role_names" {
for_each = local.slr_with_role_names
service_name = lookup(local.service_linked_roles[each.key], "id")
}
resource "alicloud_resource_manager_service_linked_role" "slr_with_service_ids" {
for_each = toset(var.service_linked_role_with_service_ids)
service_name = each.key
}