Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow reuse of dynamic group for instance_principal #20

Open
hyder opened this issue Nov 9, 2020 · 1 comment
Open

Allow reuse of dynamic group for instance_principal #20

hyder opened this issue Nov 9, 2020 · 1 comment

Comments

@hyder
Copy link
Contributor

hyder commented Nov 9, 2020

Creating a dynamic group requires a lot more privileges than most users have. Consequently, when instance_principal is enabled, and this module creates the dynamic group, it frequently fails because of the lack of privileges.

Instead of getting this repo to create the dynamic group for the operator, we should allow for 1 to be created by an authorised user and allow its reuse. The terraform user would then need only:

  • use level privilege for dynamic groups in order to update it
  • manage level privilege for policies in the compartment where the policies will be created
@kral2
Copy link

kral2 commented Mar 22, 2021
edited
Loading

the dynamic-group creation logic can reuse the iam module for a more decoupled approach.

I can take a look at it.

Note: Currently, the dynamic-group submodule integrates the policy, but that's also something that will need to be split as a separate submodule.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hyder @kral2