-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #13 from quantum-sec/feature/XDR-5902
XDR-5902: Add lighthouse delegation support for GCC tenant
- Loading branch information
Showing
2 changed files
with
67 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| terraform { | ||
| required_version = ">= 1.2" | ||
|
|
||
| required_providers { | ||
| azurerm = { | ||
| source = "hashicorp/azurerm" | ||
| version = "3.34.0" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "azurerm_lighthouse_definition" "definition" { | ||
| name = var.name | ||
| description = var.description | ||
| managing_tenant_id = var.managing_tenant_id | ||
|
|
||
| # This name may be misleading. Currently operating on an assumption based on its usage within the provider. | ||
| # See https://github.com/terraform-providers/terraform-provider-azurerm/issues/10120 | ||
| scope = var.subscription_id | ||
|
|
||
| dynamic "authorization" { | ||
| for_each = var.authorizations | ||
| content { | ||
| principal_id = authorization.value.principal_id | ||
| role_definition_id = authorization.value.role_definition_id | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "azurerm_lighthouse_assignment" "assignment" { | ||
| for_each = var.scopes | ||
|
|
||
| scope = each.value | ||
| lighthouse_definition_id = azurerm_lighthouse_definition.definition.id | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| variable "name" { | ||
| description = "The name of the Lighthouse delegation." | ||
| type = string | ||
| } | ||
|
|
||
| variable "description" { | ||
| description = "The description of the Lighthouse delegation." | ||
| type = string | ||
| } | ||
|
|
||
| variable "managing_tenant_id" { | ||
| description = "The tenant ID of the managing partner." | ||
| type = string | ||
| } | ||
|
|
||
| variable "authorizations" { | ||
| description = "A list of authorizations request by this Lighthouse delegation. Each contains a `principal_id` defining who should have access to the delegated resources and a `role_definition_id` that describes level of access the specified principal should have." | ||
| type = set(object({ | ||
| principal_id = string, | ||
| role_definition_id = string, | ||
| })) | ||
| } | ||
|
|
||
| variable "subscription_id" { | ||
| description = "The ID of the subscription in which this resource is being provisioned." | ||
| type = string | ||
| } | ||
|
|
||
| variable "scopes" { | ||
| description = "A list of scopes that will be delegated. These should be fully qualified descriptors such as `/subscriptions/00000000-0000-0000-0000-000000000000/` or `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-resource-group-name`." | ||
| type = set(string) | ||
| } |