Created
July 2, 2021 03:15
-
-
Save dataclouder/202e17a3154505a777186fb362a83fde to your computer and use it in GitHub Desktop.
Release 3.3 sample: roles management
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "vcd" { | |
user = var.adminUser | |
password = var.adminPassword | |
auth_type = "integrated" | |
url = var.url | |
sysorg = var.sysOrg | |
org = var.org | |
allow_unverified_ssl = "true" | |
max_retry_timeout = 600 | |
logging = true | |
logging_file = "go-vcloud-director-provider.log" | |
} | |
// PRE-REQUISITE: | |
// For this script to work correctly, the rights bundle "Defaults Rights Bundle" must be modified | |
// – before running this script – to NOT PUBLISH TO ALL TENANTS, but to publish explicitly to existing tenants only. | |
// Creates a new org | |
resource "vcd_org" "another-org" { | |
name = var.org | |
full_name = "another org" | |
description = "Organization ${var.org}" | |
delete_force = "true" | |
delete_recursive = "true" | |
} | |
// Creates a new user. It is used for the credentials of the tenant script | |
resource "vcd_org_user" "another-user" { | |
org = vcd_org.another-org.name | |
name = var.orgUser | |
password = var.orgPassword | |
role = "Organization Administrator" | |
take_ownership = true | |
} | |
// Gets the data of the defaults rights | |
data "vcd_rights_bundle" "defaults" { | |
name = "Default Rights Bundle" | |
} | |
// Creates a new defaults rights bundle, published only to the new org | |
resource "vcd_rights_bundle" "new-defaults" { | |
name = "new-defaults" | |
description = "new defaults rights" | |
publish_to_all_tenants = false | |
# the tenant will have an extra right | |
rights = setunion( | |
data.vcd_rights_bundle.defaults.rights, # rights from existing rights bundle | |
["API Explorer: View"] # rights to be added | |
) | |
tenants = [vcd_org.another-org.name] | |
} | |
# Gets the existing global role for "vApp Author" | |
data "vcd_global_role" "vapp-author" { | |
name = "vApp Author" | |
} | |
# Gets the existing global role for "Catalog Author" | |
data "vcd_global_role" "catalog-author" { | |
name = "Catalog Author" | |
} | |
// Makes a new global role combining vApp Author and Catalog Author | |
resource "vcd_global_role" "super-vapp-author" { | |
name = "super-vapp-author" | |
description = "A global role from CLI" | |
publish_to_all_tenants = false | |
rights = setunion( | |
data.vcd_global_role.vapp-author.rights, # rights from existing global role | |
data.vcd_global_role.catalog-author.rights, # rights from existing global role | |
["API Explorer: View"], # more rights to be added | |
) | |
tenants = [vcd_org.another-org.name] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "vcd" { | |
user = var.orgUser | |
password = var.orgPassword | |
auth_type = "integrated" | |
url = var.url | |
sysorg = var.org | |
org = var.org | |
allow_unverified_ssl = "true" | |
max_retry_timeout = 600 | |
logging = true | |
logging_file = "go-vcloud-director-org.log" | |
} | |
# Pre requisite: | |
# run the corresponding provider script first | |
// The new role, deriving from the global role, is now available in the organization, as seen by the tenant | |
data "vcd_role" "super-vapp-author" { | |
org = var.org | |
name = "super-vapp-author" | |
} | |
output "org_role" { | |
value = data.vcd_role.super-vapp-author | |
} | |
output "super_vapp_author_rights" { | |
value = length(data.vcd_role.super-vapp-author.rights) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "adminUser" {} | |
variable "adminPassword" {} | |
variable "orgUser" {} | |
variable "orgPassword" {} | |
variable "url" {} | |
variable "sysOrg" {} | |
variable "org" {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment