objectscale_iam_inline_policy (Resource)

This resource manages IAM inline policies for Dell ObjectScale entities (user, group, or role).

Example Usage

/*
Copyright (c) 2025 Dell Inc., or its subsidiaries. All Rights Reserved.

Licensed under the Mozilla Public License Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://mozilla.org/MPL/2.0/


Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

# Available actions: Create, Update, Delete and Import
# Before running `terraform apply`, ensure that the specified user/group/role exists in the ObjectScale
# Running `terraform apply` will set the specified inline policies for that user/group/role in the ObjectScale
resource "objectscale_iam_inline_policy" "example" {
  # Namespace to which the IAM entity belongs must be provided
  namespace = "ns1"

  # Exactly one of username, groupname, or rolename must be provided
  username = "userTest1"
  # groupname = "groupTest1"
  # rolename  = "roleTest1"

  # List of inline policies to be set on the specified IAM entity must be provided
  # Ensure that you provide a valid JSON for the policy documents
  policies = [
    {
      name = "inlinePolicyTest1"
      document = jsonencode({
        Version = "2012-10-17",
        Statement = [
          {
            Sid    = "VisualEditor0",
            Effect = "Allow",
            Action = [
              "iam:GetPolicyVersion",
              "iam:GetUser",
              "iam:GetPolicy",
              "iam:GetGroupPolicy",
              "iam:GetRole",
              "iam:GetAccessKeyLastUsed",
              "iam:GetGroup",
              "iam:GetUserPolicy",
              "iam:GetSAMLProvider",
              "iam:GetRolePolicy",
              "iam:GetContextKeysForCustomPolicy",
              "iam:GetContextKeysForPrincipalPolicy",
              "iam:SimulateCustomPolicy",
              "iam:SimulatePrincipalPolicy"
            ],
            Resource = "*"
          }
        ]
      })
    },
    {
      name = "inlinePolicyTest2"
      document = jsonencode({
        Version = "2012-10-17",
        Statement = [
          {
            Sid    = "VisualEditor0",
            Effect = "Allow",
            Action = [
              "iam:DeleteAccessKey",
              "iam:UpdateSAMLProvider",
              "iam:CreateRole",
              "iam:RemoveUserFromGroup",
              "iam:AddUserToGroup",
              "iam:UpdateUser",
              "iam:CreateAccessKey",
              "iam:UpdateAccessKey",
              "iam:CreateSAMLProvider",
              "iam:DeleteRole",
              "iam:UpdateRole",
              "iam:DeleteGroup",
              "iam:UpdateGroup",
              "iam:CreateUser",
              "iam:CreateGroup",
              "iam:DeleteSAMLProvider",
              "iam:DeleteUser"
            ],
            Resource = "*"
          }
        ]
      })
    }
  ]
}

Schema

Required

  • namespace (String) Namespace to which the IAM entity belongs.
  • policies (Attributes List) List of IAM inline policies to associate with the entity. (see below for nested schema)

Optional

  • groupname (String) Name of the group. Exactly one of username, groupname, or rolename must be set.
  • rolename (String) Name of the role. Exactly one of username, groupname, or rolename must be set.
  • username (String) Name of the user. Exactly one of username, groupname, or rolename must be set.

Read-Only

  • id (String) Unique identifier for the IAM inline policy resource.

Nested Schema for policies

Required:

  • document (String) Policy document in JSON format.
  • name (String) Name of the IAM inline policy.

Unless specified otherwise, all fields of this resource can be updated.

Import

Import is supported using the following syntax:

# Copyright (c) 2025 Dell Inc., or its subsidiaries. All Rights Reserved.

# Licensed under the Mozilla Public License Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://mozilla.org/MPL/2.0/


# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# The command is
# terraform import objectscale_iam_inline_policy.example <namespace>:<entity_type>:<entity_name>
# <namespace>: Namespace to which the IAM entity belongs.
# <entity_type>: One of user, group, or role.
# <entity_name>: The name of the user, group, or role.
# Examples:
# Import inline policies for a user
# terraform import objectscale_iam_inline_policy.example ns1:user:userTest1
# Import inline policies for a group
# terraform import objectscale_iam_inline_policy.example ns1:group:groupTest1
# Import inline policies for a role
# terraform import objectscale_iam_inline_policy.example ns1:role:roleTest1

# after running this command, populate the policies field and other required parameters in the config file to start managing this resource.
# Note: running "terraform show" after importing shows the current config/state of the resource. You can copy/paste that config to make it easier to manage the resource.