generated from oracle-quickstart/oci-quickstart-template
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathidentity.tf
21 lines (19 loc) · 1.1 KB
/
identity.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# ------ Create Dynamic Group to Support Palo Alto Networks HA
resource "oci_identity_dynamic_group" "pan_dynamic_group" {
# provider = oci.home_region
compartment_id = var.tenancy_ocid
name = var.dynamic_group_name
description = var.dynamic_group_description
matching_rule = "Any {instance.id = '${oci_core_instance.ha-vms[0].id}', instance.id = '${oci_core_instance.ha-vms[1].id}'}"
}
# ------ Create Dynamic Group Policies to Support Palo Alto Networks HA (fix this)
resource "oci_identity_policy" "pan_firewall_ha_policy" {
# provider = oci.home_region
compartment_id = var.network_compartment_ocid
description = var.dynamic_group_policy_description
name = var.dynamic_group_policy_name
statements = [
"Allow dynamic-group ${oci_identity_dynamic_group.pan_dynamic_group.name} to use virtual-network-family in compartment ${data.oci_identity_compartment.network_compartment.name}",
"Allow dynamic-group ${oci_identity_dynamic_group.pan_dynamic_group.name} use instance-family in compartment ${data.oci_identity_compartment.network_compartment.name}",
]
}