-
Notifications
You must be signed in to change notification settings - Fork 56
/
Copy pathrole_mapping.tf
47 lines (39 loc) · 1.56 KB
/
role_mapping.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
resource "opensearch_roles_mapping" "role_mapping" {
for_each = {
for key, value in local.role_mappings :
key => value if !contains(["all_access", "security_manager"], key)
}
role_name = each.key
description = try(each.value.description, "")
backend_roles = try(each.value.backend_roles, [])
hosts = try(each.value.hosts, [])
users = try(each.value.users, [])
depends_on = [
opensearch_role.role,
aws_route53_record.opensearch
]
}
resource "opensearch_roles_mapping" "master_user_arn" {
for_each = var.advanced_security_options_internal_user_database_enabled ? {} : {
for key in ["all_access", "security_manager"] :
key => try(local.role_mappings[key], {})
}
role_name = each.key
description = try(each.value.description, "")
backend_roles = concat(try(each.value.backend_roles, []), [var.master_user_arn])
hosts = try(each.value.hosts, [])
users = try(each.value.users, [])
depends_on = [aws_route53_record.opensearch]
}
resource "opensearch_roles_mapping" "master_user_name" {
for_each = var.advanced_security_options_internal_user_database_enabled ? {
for key in ["all_access", "security_manager"] :
key => try(local.role_mappings[key], {})
} : {}
role_name = each.key
description = try(each.value.description, "")
backend_roles = try(each.value.backend_roles, [])
hosts = try(each.value.hosts, [])
users = concat(try(each.value.users, []), [var.advanced_security_options_master_user_name])
depends_on = [aws_route53_record.opensearch]
}