-
Notifications
You must be signed in to change notification settings - Fork 1
/
resources.tf
69 lines (61 loc) · 2.5 KB
/
resources.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
locals {
keyspace = "helloastra"
}
# Create the database on AWS
resource "astra_database" "hello_astra_db" {
name = "hello_astra_tf"
keyspace = local.keyspace
cloud_provider = "aws"
region = "us-west-2"
}
# Create the database on Google Cloud Platform.
# resource "astra_database" "hello_astra_db" {
# name = "hello_astra_tf"
# keyspace = local.keyspace
# cloud_provider = "gcp"
# region = "us-west1"
# }
resource "astra_role" "hello_admin" {
role_name = "hello_admin"
description = "Database administrator for the hello_astra database"
effect = "allow"
# Select the resources for which we will create policies
resources = [
# Identify our organization
"drn:astra:org:${var.organization_id}",
# Select the database we want to use
"drn:astra:org:${var.organization_id}:db:${astra_database.hello_astra_db.id}",
# Specify the keyspace to which we need access
"drn:astra:org:${var.organization_id}:db:${astra_database.hello_astra_db.id}:keyspace:${local.keyspace}",
# Select all of the tables in the database/keyspace
"drn:astra:org:${var.organization_id}:db:${astra_database.hello_astra_db.id}:keyspace:${local.keyspace}:table:*"
]
policy = [
# Organization level policies
# "org-audits-read", "org-billing-read", "org-billing-write",
# "org-external-auth-read", "org-external-auth-write",
# "org-notification-write", "org-read", "org-role-delete",
# "org-role-read", "org-role-write", "org-token-read",
# "org-token-write", "org-user-read", "org-user-write",
# "org-write", "accesslist-read", "accesslist-write",
# Database level policies
"db-cql", "db-graphql", "db-rest",
# "org-db-addpeering", "db-manage-privateendpoint",
# "org-db-create", "org-db-expand", "org-db-managemigratorproxy",
# "org-db-passwordreset", "org-db-suspend", "org-db-terminate",
# "org-db-view", "db-manage-region",
# Keyspace
"db-keyspace-alter", "db-keyspace-authorize", "db-keyspace-create",
"db-keyspace-describe", "db-keyspace-drop", "db-keyspace-grant",
"db-keyspace-modify", "db-all-keyspace-create",
"db-all-keyspace-describe",
# Table Access
"db-table-alter", "db-table-authorize", "db-table-create",
"db-table-describe", "db-table-drop", "db-table-grant",
"db-table-modify", "db-table-select",
]
}
# Create a security token for our hello_admin role
resource "astra_token" "api_token" {
roles = [astra_role.hello_admin.role_id]
}