fix(policy): add policy on tenant level (#4)

jose-pablo-camacho · web-flow · commit cf1751379e57 · 2024-12-11T13:48:16.000-06:00
diff --git a/modules/config-posture/main.tf b/modules/config-posture/main.tf
@@ -29,10 +29,7 @@ resource "oci_identity_policy" "admit_cspm_policy" {
   statements = [
     "Define tenancy sysdigTenancy as ${data.sysdig_secure_trusted_oracle_app.config_posture.tenancy_ocid}",
     "Define group configPostureGroup as ${data.sysdig_secure_trusted_oracle_app.config_posture.group_ocid}",
-      var.compartment_ocid != "" ?
-      "Admit group configPostureGroup of tenancy sysdigTenancy to read all-resources in compartment ${data.oci_identity_compartment.compartment[0].name}"
-      :
-      "Admit group configPostureGroup of tenancy sysdigTenancy to read all-resources in tenancy",
+    "Admit group configPostureGroup of tenancy sysdigTenancy to read all-resources in tenancy",
   ]
 }
 
diff --git a/modules/onboarding/main.tf b/modules/onboarding/main.tf
@@ -36,10 +36,7 @@ resource "oci_identity_policy" "admit_onboarding_policy" {
     "Define tenancy sysdigTenancy as ${data.sysdig_secure_trusted_oracle_app.onboarding.tenancy_ocid}",
     "Define group onboardingGroup as ${data.sysdig_secure_trusted_oracle_app.onboarding.group_ocid}",
     "Admit group onboardingGroup of tenancy sysdigTenancy to inspect tenancies in tenancy",
-      var.compartment_ocid != "" ?
-      "Admit group onboardingGroup of tenancy sysdigTenancy to inspect compartments in compartment ${data.oci_identity_compartment.compartment[0].name}"
-      :
-      "Admit group onboardingGroup of tenancy sysdigTenancy to inspect compartments in tenancy",
+    "Admit group onboardingGroup of tenancy sysdigTenancy to inspect compartments in tenancy",
   ]
 }
 

Original file line number	Diff line number	Diff line change
`@@ -29,10 +29,7 @@ resource "oci_identity_policy" "admit_cspm_policy" {`
`29`	`29`	`statements = [`
`30`	`30`	`"Define tenancy sysdigTenancy as ${data.sysdig_secure_trusted_oracle_app.config_posture.tenancy_ocid}",`
`31`	`31`	`"Define group configPostureGroup as ${data.sysdig_secure_trusted_oracle_app.config_posture.group_ocid}",`
`32`		`- var.compartment_ocid != "" ?`
`33`		`- "Admit group configPostureGroup of tenancy sysdigTenancy to read all-resources in compartment ${data.oci_identity_compartment.compartment[0].name}"`
`34`		`- :`
`35`		`- "Admit group configPostureGroup of tenancy sysdigTenancy to read all-resources in tenancy",`
	`32`	`+ "Admit group configPostureGroup of tenancy sysdigTenancy to read all-resources in tenancy",`
`36`	`33`	`]`
`37`	`34`	`}`
`38`	`35`
Original file line number	Diff line number	Diff line change
`@@ -36,10 +36,7 @@ resource "oci_identity_policy" "admit_onboarding_policy" {`
`36`	`36`	`"Define tenancy sysdigTenancy as ${data.sysdig_secure_trusted_oracle_app.onboarding.tenancy_ocid}",`
`37`	`37`	`"Define group onboardingGroup as ${data.sysdig_secure_trusted_oracle_app.onboarding.group_ocid}",`
`38`	`38`	`"Admit group onboardingGroup of tenancy sysdigTenancy to inspect tenancies in tenancy",`
`39`		`- var.compartment_ocid != "" ?`
`40`		`- "Admit group onboardingGroup of tenancy sysdigTenancy to inspect compartments in compartment ${data.oci_identity_compartment.compartment[0].name}"`
`41`		`- :`
`42`		`- "Admit group onboardingGroup of tenancy sysdigTenancy to inspect compartments in tenancy",`
	`39`	`+ "Admit group onboardingGroup of tenancy sysdigTenancy to inspect compartments in tenancy",`
`43`	`40`	`]`
`44`	`41`	`}`
`45`	`42`