This module provides ability to create and manage users with groups and polices in oracle cloud (OCI).
Provison and manage the following resources in OCI:
- Users.
- Groups.
- Policies.
- API Keys.
- Customer Secret Keys (for S3).
- Persistence of authentication secrets in
Vaultsecrets.
module "local-users" {
source = "abarrak/users/oci"
version = "1.0.0"
tenancy_id = var.tenancy_id
compartment_id = var.compartment_id
local_svc_account_users = [
{
username = "rclone-sa",
group = "rclone-sa-group",
description = "A service account for rclone."
policy = [
"Allow group rclone-group to read buckets in compartment A",
"Allow group rclone-group to use buckets in compartment A"
]
}
]
}| Name | Version |
|---|---|
| terraform | ~> 1.3 |
| oci | >= 5.9.0 |
| Name | Version |
|---|---|
| oci | 6.21.0 |
| Name | Type |
|---|---|
| oci_kms_keys.compartment_keys | data source |
| oci_kms_vaults.compartment_vaults | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| compartment_id | The OCID of compartment to provison resources in (except tenancy-level resources). | string |
n/a | yes |
| local_svc_account_users | A list of local users or service accounts to provision including group name and policy statements list. | list(object({ username = string, group = string, description = string, policy = list(string) })) |
[] |
no |
| tags | (Optional) tags to attach to the provisioned resources. | map(any) |
n/a | yes |
| tenancy_id | The OCID of tenancy. | string |
n/a | yes |
| Name | Description |
|---|---|
| local_group_ids | The ocid value for the local svc-account user groups. |
| local_policies_ids | The ocid value for the local svc-account user policies. |
| local_user_statuses | The status for the local svc-account users. |
| local_users_ids | The ocid values for the local svc-account users. |
MIT.