Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/memes/terraform-google-f5-bigip-cfe-role
Terraform role to create a custom IAM role for F5 BIG-IP CFE use.
https://github.com/memes/terraform-google-f5-bigip-cfe-role
Last synced: 7 days ago
JSON representation
Terraform role to create a custom IAM role for F5 BIG-IP CFE use.
- Host: GitHub
- URL: https://github.com/memes/terraform-google-f5-bigip-cfe-role
- Owner: memes
- License: apache-2.0
- Created: 2022-09-08T21:46:02.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-29T17:05:27.000Z (3 months ago)
- Last Synced: 2024-10-29T18:29:14.676Z (3 months ago)
- Language: HCL
- Size: 154 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# F5 BIG-IP CFE Role Terraform module
[](CODE_OF_CONDUCT.md)
This Terraform module is a helper to create a custom IAM role that has the
minimal permissions required for Cloud Failover Extension to function correctly.
The role will be created in the specified project by default, but can be created
as an *Organization role* if preferred, for reuse across projects.
Unless a specific identifier is provided in the `id` variable, a semi-random
identifier will be generated of the form `bigip_cfe_xxxxxxxxxx` to avoid unique
identifier collisions during the time after a custom role is deleted but before
it is purged from the project or organization.
> **NOTE:** This module is unsupported and not an official F5 product. If you
> require assistance please join our
> [Slack GCP channel](https://f5cloudsolutions.slack.com/messages/gcp) and ask!
## Examples
### Create the custom role at the project, and assign to an existing BIG-IP service account
See [Simple project role](examples/simple_project_role/) example for more details.
```hcl
module "cfe_role" {
source = "memes/f5-bigip-cfe-role/google"
version = "1.0.4"
target_id = "my-project-id"
members = ["serviceAccount:[email protected]"]
}
```
### Create the custom role for entire org, but do not explicitly assign membership
See [Simple org role](examples/simple_org_role/) example for more details.
```hcl
module "cfe_org_role" {
source = "memes/f5-bigip-cfe-role/google"
version = "1.0.4"
target_type = "org"
target_id = "my-org-id"
}
```
### Create the custom role in the project with a fixed id, and assign to a BIG-IP service account
See [Fixed id](examples/fixed_id/) example for more details.
```hcl
module "cfe_role" {
source = "memes/f5-bigip-cfe-role/google"
version = "1.0.4"
id = "my_custom_role"
target_id = "my-project-id"
title = "An example CFE custom role for F5 BIG-IP instances"
members = ["serviceAccount:[email protected]"]
}
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
| [google](#requirement\_google) | >= 3.53, < 7.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [cfe\_role](#module\_cfe\_role) | terraform-google-modules/iam/google//modules/custom_role_iam | 8.0.0 |
## Resources
| Name | Type |
|------|------|
| [random_id.role_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [target\_id](#input\_target\_id) | Sets the target for role creation; must be either an organization ID (target\_type = 'org'),
or project ID (target\_type = 'project'). | `string` | n/a | yes |
| [id](#input\_id) | An identifier to use for the new role; default is an empty string which will
generate a unique identifier. If a value is provided, it must be unique at the
organization or project level depending on value of target\_type respectively.
E.g. multiple projects can all have a 'bigip\_cfe' role defined,
but an organization level role must be uniquely named. | `string` | `null` | no |
| [members](#input\_members) | An optional list of accounts that will be assigned the custom role. Default is
an empty list. | `list(string)` | `[]` | no |
| [random\_id\_prefix](#input\_random\_id\_prefix) | The prefix to use when generating random role identifier for the new role; default
is 'bigip\_cfe' which will generate a unique role identifier of the form
'bigip\_cfe\_XXXX', where XXXX is a random hex string. | `string` | `"bigip_cfe"` | no |
| [target\_type](#input\_target\_type) | Determines if the CFE role is to be created for the whole organization ('org')
or at a 'project' level. Default is 'project'. | `string` | `"project"` | no |
| [title](#input\_title) | The human-readable title to assign to the custom CFE role. Default is 'Custom BIG-IP CFE role'. | `string` | `"Custom F5 BIG-IP CFE role"` | no |
## Outputs
| Name | Description |
|------|-------------|
| [qualified\_role\_id](#output\_qualified\_role\_id) | The qualified role-id for the custom CFE role. |