-
Notifications
You must be signed in to change notification settings - Fork 1
/
role.tf
56 lines (41 loc) · 2.51 KB
/
role.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
resource "kubernetes_role" "instance" {
depends_on = [null_resource.module_depends_on]
for_each = local.role.applications
dynamic "metadata" { # Nesting Mode: list Min Items : 1 Max Items : 1
for_each = contains(keys(each.value), "metadata") ? {item = each.value["metadata"]} : {}
content {
annotations = lookup(metadata.value, "annotations", null)
# Type: ['map', 'string'] Optional
# An unstructured key value map stored with the role that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations
generate_name = lookup(metadata.value, "generateName", null)
# Type: string Optional
# Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency
labels = lookup(metadata.value, "labels", null)
# Type: ['map', 'string'] Optional
# Map of string keys and values that can be used to organize and categorize (scope and select) the role. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
name = lookup(metadata.value, "name", null)
# Type: string Optional Computed
# Name of the role, must be unique. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
namespace = var.namespace != "" ? var.namespace : lookup(metadata.value, "namespace", null)
# Type: string Optional
# Namespace defines the space within which name of the role must be unique.
}
}
dynamic "rule" { # Nesting Mode: list Min Items : 1
for_each = lookup(each.value, "rules", {})
content {
api_groups = lookup(rule.value, "apiGroups", null)
# Type: ['set', 'string'] Required
# Name of the APIGroup that contains the resources
resource_names = lookup(rule.value, "resourceNames", null)
# Type: ['set', 'string'] Optional
# White list of names that the rule applies to
resources = lookup(rule.value, "resources", null)
# Type: ['set', 'string'] Required
# List of resources that the rule applies to
verbs = lookup(rule.value, "verbs", null)
# Type: ['set', 'string'] Required
# List of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule
}
}
}