Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: dashboard tenant and opensearch role submodules #36

Merged
merged 1 commit into from
Apr 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions examples/role/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
module "role" {
source = "../../modules/role"

name = "reader"
description = "Opensearch reader role"

cluster_permissions = ["*"]

index_permissions = {
"test-index-*" = {
allowed_actions = ["read"]
}
}

tenant_permissions = {
"test-index-*" = ["read"]
}

backend_roles = [
"arn:aws:iam::999999999999:role/TestReaderRole",
]

users = [
"arn:aws:iam::999999999999:user/TestUser",
]
}
2 changes: 2 additions & 0 deletions examples/role/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
provider "opensearch" {
}
10 changes: 10 additions & 0 deletions examples/role/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.4"

required_providers {
opensearch = {
source = "opensearch-project/opensearch"
version = "~> 2.2.0"
}
}
}
33 changes: 33 additions & 0 deletions modules/dashboard/tenant/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.4 |
| <a name="requirement_opensearch"></a> [opensearch](#requirement\_opensearch) | >= 2.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_opensearch"></a> [opensearch](#provider\_opensearch) | >= 2.0 |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [opensearch_dashboard_tenant.this](https://registry.terraform.io/providers/opensearch-project/opensearch/latest/docs/resources/dashboard_tenant) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_description"></a> [description](#input\_description) | The dashboard tenant description | `string` | `""` | no |
| <a name="input_name"></a> [name](#input\_name) | The dashboard tenant name | `string` | n/a | yes |

## Outputs

No outputs.
4 changes: 4 additions & 0 deletions modules/dashboard/tenant/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
resource "opensearch_dashboard_tenant" "this" {
tenant_name = var.name
description = var.description
}
4 changes: 4 additions & 0 deletions modules/dashboard/tenant/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "id" {
description = "The ID of the dashboard tenant"
value = opensearch_dashboard_tenant.this.id
}
10 changes: 10 additions & 0 deletions modules/dashboard/tenant/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
variable "name" {
description = "Dashboard tenant name"
type = string
}

variable "description" {
description = "Dashboard tenant description"
type = string
default = ""
}
10 changes: 10 additions & 0 deletions modules/dashboard/tenant/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.4"

required_providers {
opensearch = {
source = "opensearch-project/opensearch"
version = ">= 2.0"
}
}
}
41 changes: 41 additions & 0 deletions modules/role/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.4 |
| <a name="requirement_opensearch"></a> [opensearch](#requirement\_opensearch) | >= 2.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_opensearch"></a> [opensearch](#provider\_opensearch) | >= 2.0 |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [opensearch_role.this](https://registry.terraform.io/providers/opensearch-project/opensearch/latest/docs/resources/role) | resource |
| [opensearch_roles_mapping.this](https://registry.terraform.io/providers/opensearch-project/opensearch/latest/docs/resources/roles_mapping) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_backend_roles"></a> [backend\_roles](#input\_backend\_roles) | (Optional) Set of backend roles to map to the Opensearch role | `set(string)` | `[]` | no |
| <a name="input_cluster_permissions"></a> [cluster\_permissions](#input\_cluster\_permissions) | Set of cluster permissions to apply to the role | `set(string)` | n/a | yes |
| <a name="input_description"></a> [description](#input\_description) | Opensearch role description | `string` | `""` | no |
| <a name="input_index_permissions"></a> [index\_permissions](#input\_index\_permissions) | Map of index pattern to permissions to apply to the pattern | <pre>map(object(<br> {<br> allowed_actions = set(string)<br> masked_fields = optional(set(string))<br> document_level_security = optional(string)<br> field_level_security = optional(set(string))<br> }<br> ))</pre> | n/a | yes |
| <a name="input_name"></a> [name](#input\_name) | Opensearch role name | `string` | n/a | yes |
| <a name="input_tenant_permissions"></a> [tenant\_permissions](#input\_tenant\_permissions) | Map of tenant pattern to set of permissions to apply to the pattern | `map(set(string))` | n/a | yes |
| <a name="input_users"></a> [users](#input\_users) | (Optional) Set of users to map to the Opensearch role | `set(string)` | `[]` | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_id"></a> [id](#output\_id) | The ID of the role |
36 changes: 36 additions & 0 deletions modules/role/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
resource "opensearch_role" "this" {
role_name = var.name
description = var.description

cluster_permissions = var.cluster_permissions

dynamic "index_permissions" {
for_each = var.index_permissions

content {
index_patterns = index_permissions.key
allowed_actions = index_permissions.value.allowed_actions
document_level_security = index_permissions.value.document_level_security
field_level_security = index_permissions.value.field_level_security
masked_fields = index_permissions.value.masked_fields
}
}

dynamic "tenant_permissions" {
for_each = var.tenant_permissions
content {
tenant_patterns = tenant_permissions.key
allowed_actions = tenant_permissions.value
}
}
}

resource "opensearch_roles_mapping" "this" {
count = length(setunion(var.backend_roles, var.users)) > 0 ? 1 : 0

role_name = opensearch_role.this.role_name
description = "Role mapping for ${var.name}"

backend_roles = var.backend_roles
users = var.users
}
4 changes: 4 additions & 0 deletions modules/role/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "id" {
description = "The ID of the role"
value = opensearch_role.this.id
}
44 changes: 44 additions & 0 deletions modules/role/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
variable "name" {
description = "Opensearch role name"
type = string
}

variable "description" {
description = "Opensearch role description"
type = string
default = ""
}

variable "cluster_permissions" {
description = "Set of cluster permissions to apply to the role"
type = set(string)
}

variable "index_permissions" {
description = "Map of index pattern to permissions to apply to the pattern"
type = map(object(
{
allowed_actions = set(string)
masked_fields = optional(set(string))
document_level_security = optional(string)
field_level_security = optional(set(string))
}
))
}

variable "tenant_permissions" {
description = "Map of tenant pattern to set of permissions to apply to the pattern"
type = map(set(string))
}

variable "backend_roles" {
description = "(Optional) Set of backend roles to map to the Opensearch role"
type = set(string)
default = []
}

variable "users" {
description = "(Optional) Set of users to map to the Opensearch role"
type = set(string)
default = []
}
10 changes: 10 additions & 0 deletions modules/role/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.4"

required_providers {
opensearch = {
source = "opensearch-project/opensearch"
version = ">= 2.0"
}
}
}
Loading