feat: networking rbac policy template (!18) · Merge requests · cloud / g2-openstack / common-cloud-entities

Josef Němec requested to merge feat/networking-rbac-template into master Sep 23, 2024

https://gitlab.ics.muni.cz/cloud/internal-wiki/-/issues/1782

acls:
  flavors:
  - c2.8core-30ram
  networks:
  - external-ipv4-cerit-fi-public-147_251_91_192
  user-role-mappings: []

renders as:

# non-public flavors access from the project

  
resource "openstack_compute_flavor_access_v2" "einfra_cz_meta_acc2_c2_8core_30ram" {
  tenant_id = "${openstack_identity_project_v3.einfra_cz_meta_acc2.id}"
  flavor_id = "${openstack_compute_flavor_v2.c2_8core_30ram.id}"
}
    
  


# access to dedicated external networks for the project

  
resource "openstack_networking_rbac_policy_v2" "einfra_cz_meta_acc2_external_ipv4_cerit_fi_public_147_251_91_192" {
  action        = "access_as_external"
  object_id     = "${openstack_networking_network_v2.external_ipv4_cerit_fi_public_147_251_91_192.id}"
  object_type   = "network"
  target_tenant = "${openstack_identity_project_v3.einfra_cz_meta_acc2.id}"
}

Networking rbac terraform was tested on personal project and access to given network was granted.

feat: networking rbac policy template

Merge request reports