-
Notifications
You must be signed in to change notification settings - Fork 57
/
roles.tf
31 lines (26 loc) · 991 Bytes
/
roles.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
resource "opensearch_role" "role" {
for_each = local.roles
role_name = each.key
description = try(each.value.description, "")
cluster_permissions = try(each.value.cluster_permissions, [])
dynamic "index_permissions" {
for_each = try([each.value.index_permissions], [])
content {
index_patterns = try(index_permissions.value.index_patterns, [])
allowed_actions = try(index_permissions.value.allowed_actions, [])
document_level_security = try(index_permissions.value.document_level_security, "")
}
}
dynamic "tenant_permissions" {
for_each = try([each.value.tenant_permissions], [])
content {
tenant_patterns = try(tenant_permissions.value.tenant_patterns, [])
allowed_actions = try(tenant_permissions.value.allowed_actions, [])
}
}
depends_on = [
opensearch_roles_mapping.master_user_arn,
opensearch_roles_mapping.master_user_name,
aws_route53_record.opensearch
]
}