Kezdőlap Felfedezés Súgó
Bejelentkezés
bat9go
/
Ycsecurity
tükrözi: https://github.com/yandex-cloud/yc-solution-library-for-security
Figyelés 1
Kedvenc 0
Másolás 0
Fájlok Problémák 0 Wiki
Branch: master
Branch-ok Tag-ek
Ycsecurity
/
auth_and_access
/
org_iac_iam
/
terraform_tfvars

terraform_tfvars 2.6 KB
Állandó hivatkozás Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. ORG_ID       = "" #example bpfi6o0mvliepdcf1610
    2. 

  2. BA_ID        = "" #example fsddn24jqt9dfb2gu8d9j
    3. 

  3. KEYCLOAK     = "true"
    4. 

  4. ORG_ADMIN_FOLDER_ID = "" #example b1g1ed753v5gkvaoivs23
    5. 

  5. ORG_ADMIN_CLOUD_ID = "" #example 234b1g45th6hthg77e0n
    6. 

  6. DNS_ZONE_NAME = "" #example mirt2est
    7. 

  7. KC_FQDN = "" #example kc.mirt2est.net
    8. 

  8. 

  9. #List of cloud that you want to create
    10. 

  10. CLOUD-LIST = [
    11. 

  11.     { 
    12. 

  12.         name = "web-app",
    13. 

  13.         descr = "web-app cloud",
    14. 

  14.         admin = "user1@example.com"
    15. 

  15.         folders = ["network", "prod", "nonprod", "dev"]
    16. 

  16.     },
    17. 

  17.     { 
    18. 

  18.         name = "mobile-app",
    19. 

  19.         descr = "mobile-app cloud",
    20. 

  20.         admin = "user2@example.com"
    21. 

  21.         folders = ["network", "prod", "nonprod", "dev"]
    22. 

  22.     },
    23. 

  23.     { 
    24. 

  24.         name = "security",
    25. 

  25.         descr = "security cloud",
    26. 

  26.         admin = "user3@example.com"
    27. 

  27.         folders = [""]
    28. 

  28.     }
    29. 

  29. ]
    30. 

  30. 

  31. #List of Groups that you want to pre-create for your clouds
    32. 

  32. NETWORK-CLOUD_GROUPS = [
    33. 

  33.     { 
    34. 

  34.         name = "network-viewer",
    35. 

  35.         descr = "admin who can view and monitor network",
    36. 

  36.         roles = ["vpc.viewer", "monitoring.admin"]
    37. 

  37.     },
    38. 

  38.     { 
    39. 

  39.         name = "gitlab-admin",
    40. 

  40.         descr = "admin who can administrate gitlab",
    41. 

  41.         roles = ["gitlab.admin"]
    42. 

  42.     }
    43. 

  43. ]
    44. 

  44. 

  45. PROD-CLOUD_GROUPS = [
    46. 

  46.     { 
    47. 

  47.         name = "prod-devops",
    48. 

  48.         descr = "devops prod",
    49. 

  49.         roles = ["k8s.viewer", "container-registry.viewer", "alb.viewer", "k8s.cluster-api.viewer", "vpc.user", "load-balancer.viewer", ]
    50. 

  50.     },
    51. 

  51.     { 
    52. 

  52.         name = "prod-sre",
    53. 

  53.         descr = "sre prod",
    54. 

  54.         roles = ["compute.viewer", "loadtesting.viewer", "storage.configViewer", "alb.viewer"]
    55. 

  55.     },
    56. 

  56.     { 
    57. 

  57.         name = "prod-dba",
    58. 

  58.         descr = "dba prod",
    59. 

  59.         roles = ["mdb.viewer", "ydb.viewer"]
    60. 

  60.     }
    61. 

  61. ]
    62. 

  62. 

  63. NONPROD-CLOUD_GROUPS = [
    64. 

  64.     { 
    65. 

  65.         name = "nonprod-devops",
    66. 

  66.         descr = "devops nonprod",
    67. 

  67.         roles = ["k8s.editor", "container-registry.editor", "alb.editor", "k8s.cluster-api.editor", "vpc.user", "load-balancer.admin", ]
    68. 

  68.     },
    69. 

  69.     { 
    70. 

  70.         name = "nonprod-sre",
    71. 

  71.         descr = "sre nonprod",
    72. 

  72.         roles = ["compute.operator", "loadtesting.editor", "storage.editor", "alb.editor"]
    73. 

  73.     },
    74. 

  74.     { 
    75. 

  75.         name = "nonprod-dba",
    76. 

  76.         descr = "dba nonprod",
    77. 

  77.         roles = ["mdb.admin", "ydb.editor"]
    78. 

  78.     }
    79. 

  79. ]
    80. 

  80. 

  81. DEV-CLOUD_GROUPS = [
    82. 

  82.     { 
    83. 

  83.         name = "dev-network",
    84. 

  84.         descr = "network dev",
    85. 

  85.         roles = ["vpc.admin", "monitoring.admin"]
    86. 

  86.     },
    87. 

  87.     { 
    88. 

  88.         name = "dev-devops",
    89. 

  89.         descr = "dev devops",
    90. 

  90.         roles = ["k8s.admin", "container-registry.admin", "alb.admin", "k8s.cluster-api.cluster-admin", "vpc.user", "iam.serviceAccounts.user"]
    91. 

  91.     }
    92. 

  92. ]
    93. 

  93.