https://github.com/terraform-ibm-modules/terraform-ibm-trusted-profile
Create Trusted profile on IBM Cloud
https://github.com/terraform-ibm-modules/terraform-ibm-trusted-profile
core-team ibm-cloud stable supported terraform terraform-module trusted-profile
Last synced: about 2 months ago
JSON representation
Create Trusted profile on IBM Cloud
- Host: GitHub
- URL: https://github.com/terraform-ibm-modules/terraform-ibm-trusted-profile
- Owner: terraform-ibm-modules
- License: apache-2.0
- Created: 2023-10-26T09:55:01.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-12-26T06:40:35.000Z (5 months ago)
- Last Synced: 2024-12-26T15:04:11.959Z (5 months ago)
- Topics: core-team, ibm-cloud, stable, supported, terraform, terraform-module, trusted-profile
- Language: HCL
- Size: 335 KB
- Stars: 0
- Watchers: 15
- Forks: 1
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# Terraform IBM Trusted Profile
[-green)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
[](https://github.com/terraform-ibm-modules/terraform-ibm-trusted-profile/releases/latest)
[](https://github.com/pre-commit/pre-commit)
[](https://renovatebot.com/)
[](https://github.com/semantic-release/semantic-release)
This module creates a trusted profile, a set of policies given to the profile, a set of claim rules for the profile, and a set of infrastructure links to the profile.
## Overview
* [terraform-ibm-trusted-profile](#terraform-ibm-trusted-profile)
* [Examples](./examples)
* [Basic example](./examples/basic)
* [Complete example](./examples/complete)
* [Contributing](#contributing)
## terraform-ibm-trusted-profile
### Usage
```hcl
module "trusted_profile {
source = "terraform-ibm-modules/trusted-profile/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
trusted_profile_name = "example-profile"
trusted_profile_description = "Example Trusted Profile"
trusted_profile_policies = [{
roles = ["Reader", "Viewer"]
resources = [{
service = "kms"
}]
}]
trusted_profile_claim_rules = [{
conditions = [{
claim = "Group"
operator = "CONTAINS"
value = "\"Admin\""
}]
type = "Profile-CR"
cr_type = "VSI"
}]
trusted_profile_links = [{
cr_type = "VSI"
links = [{
crn = ibm_is_instance.vsi.crn # Existing Infrastructure CRN
}]
}]
}
```
#### Using the variables
The 3 variables `trusted_profile_policies`, `trusted_profile_claim_rules`, and `trusted_profile_links` are lists of objects whose fields are mapped out to match the arguments for the provider, for more information on the variables visit the following provider documentation:
* [trusted_profile_policies](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile_policy)
* [trusted_profile_claim_rules](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile_claim_rule)
* [trusted_profile_links](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile_link)
### Required IAM access policies
You need the following permissions to run this module.
- Account Management
- **IAM Identity** service
- `Administrator` platform access
You will also need `Administrator` access for any service which you are creating a policy for in the trusted profile. Lastly, your account must have authentication from an external identity provider enabled; see [this documentation](https://cloud.ibm.com/docs/account?topic=account-idp-integration) for more information.
### Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.0 |
| [ibm](#requirement\_ibm) | >= 1.76.1, < 2.0.0 |
### Modules
No modules.
### Resources
| Name | Type |
|------|------|
| [ibm_iam_trusted_profile.profile](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile) | resource |
| [ibm_iam_trusted_profile_claim_rule.claim_rule](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile_claim_rule) | resource |
| [ibm_iam_trusted_profile_link.link](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile_link) | resource |
| [ibm_iam_trusted_profile_policy.policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_trusted_profile_policy) | resource |
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [trusted\_profile\_claim\_rules](#input\_trusted\_profile\_claim\_rules) | A list of Trusted Profile Claim Rule objects that are applied to the Trusted Profile created by the module. |
list(object({
# required arguments
conditions = list(object({
claim = string
operator = string
value = string
}))
type = string
# optional arguments
cr_type = optional(string)
expiration = optional(number)
name = optional(string)
realm_name = optional(string)
})) | `null` | no |
| [trusted\_profile\_description](#input\_trusted\_profile\_description) | Description of the trusted profile. | `string` | `null` | no |
| [trusted\_profile\_links](#input\_trusted\_profile\_links) | A list of Trusted Profile Link objects that are applied to the Trusted Profile created by the module. | list(object({
# required arguments
cr_type = string
links = list(object({
crn = string
namespace = optional(string)
name = optional(string)
}))
# optional arguments
name = optional(string)
})) | `null` | no |
| [trusted\_profile\_name](#input\_trusted\_profile\_name) | Name of the trusted profile. | `string` | n/a | yes |
| [trusted\_profile\_policies](#input\_trusted\_profile\_policies) | A list of Trusted Profile Policy objects that are applied to the Trusted Profile created by the module. | list(object({
roles = list(string)
account_management = optional(bool)
description = optional(string)
resources = optional(list(object({
service = optional(string)
service_type = optional(string)
resource_instance_id = optional(string)
region = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
service_group_id = optional(string)
attributes = optional(map(any))
})), null)
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
resource_tags = optional(list(object({
name = string
value = string
operator = optional(string)
})))
rule_conditions = optional(list(object({
key = string
operator = string
value = list(any)
})))
rule_operator = optional(string)
pattern = optional(string)
})) | n/a | yes |
### Outputs
| Name | Description |
|------|-------------|
| [trusted\_profile](#output\_trusted\_profile) | Output of the Trusted Profile |
| [trusted\_profile\_claim\_rules](#output\_trusted\_profile\_claim\_rules) | Output of the Trusted Profile Claim Rules |
| [trusted\_profile\_links](#output\_trusted\_profile\_links) | Output of the Trusted Profile Links |
| [trusted\_profile\_policies](#output\_trusted\_profile\_policies) | Output of the Trusted Profile Policies |
## Contributing
You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).
To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.