objectscale_iam_policy_attachment (Resource)

This resource attaches an IAM policy to a target principal (user, group, or role) in Dell ObjectScale.

Example Usage

/*
Copyright (c) 2025 Dell Inc., or its subsidiaries. All Rights Reserved.

Licensed under the Mozilla Public License Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://mozilla.org/MPL/2.0/


Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

# Available actions: Create, Update, Delete and Import
# Before running `terraform apply`, ensure that the specified user/group/role exists in the ObjectScale
# Running `terraform apply` will set the specified policy arns for that user/group/role in the ObjectScale
resource "objectscale_iam_policy_attachment" "example" {
  # Namespace to which the IAM entity belongs must be provided
  namespace = "ns1"

  # Exactly one of username, groupname, or rolename must be provided
  username = "userTest1"
  # groupname = "groupTest1"
  # rolename  = "roleTest1"

  # List of policy arns to be set on the specified IAM entity must be provided
  policy_arns = [
    "urn:ecs:iam:::policy/ECSS3ReadOnlyAccess",
    "urn:ecs:iam:::policy/IAMReadOnlyAccess"
  ]
}

Schema

Required

namespace (String) Namespace to which the IAM entity belongs.
policy_arns (Set of String) List of policy arns to associate with the entity.

Optional

groupname (String) Name of the group. Exactly one of username, groupname, or rolename must be set.
rolename (String) Name of the role. Exactly one of username, groupname, or rolename must be set.
username (String) Name of the user. Exactly one of username, groupname, or rolename must be set.

Read-Only

id (String) Unique identifier for the IAM policy attachment resource.

Unless specified otherwise, all fields of this resource can be updated.

Import

Import is supported using the following syntax:

# Copyright (c) 2025 Dell Inc., or its subsidiaries. All Rights Reserved.

# Licensed under the Mozilla Public License Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://mozilla.org/MPL/2.0/


# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# The command is
# terraform import objectscale_iam_policy_attachment.example <namespace>:<entity_type>:<entity_name>
# <namespace>: Namespace to which the IAM entity belongs.
# <entity_type>: One of user, group, or role.
# <entity_name>: The name of the user, group, or role.
# Examples:
# Import policy attachments for a user
# terraform import objectscale_iam_policy_attachment.example ns1:user:userTest1
# Import policy attachments for a group
# terraform import objectscale_iam_policy_attachment.example ns1:group:groupTest1
# Import policy attachments for a role
# terraform import objectscale_iam_policy_attachment.example ns1:role:roleTest1

# after running this command, populate the policy_arns field and other required parameters in the config file to start managing this resource.
# Note: running "terraform show" after importing shows the current config/state of the resource. You can copy/paste that config to make it easier to manage the resource.