-
Notifications
You must be signed in to change notification settings - Fork 26
/
main.yml
89 lines (80 loc) · 3.23 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
---
# Copyright 2021 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Vars for platform
plat__aws_policy_urls_default_root: "{{ common__aws_policy_urls_default_root }}"
plat__aws_policy_urls_default:
log: "{{ plat__aws_policy_urls_default_root }}/aws-cdp-log-policy.json"
ranger_audit_s3: "{{ plat__aws_policy_urls_default_root }}/aws-cdp-ranger-audit-s3-policy.json"
datalake_admin_s3: "{{ plat__aws_policy_urls_default_root }}/aws-cdp-datalake-admin-s3-policy.json"
bucket_access: "{{ plat__aws_policy_urls_default_root }}/aws-cdp-bucket-access-policy.json"
plat__gcp_roles:
storage_admin: roles/storage.admin
storage_object_admin: roles/storage.objectAdmin
iam_workload_identity_user: roles/iam.workloadIdentityUser
iam_service_account_user: roles/iam.workloadIdentityUser
iam_service_account_token_creator: roles/iam.serviceAccountTokenCreator
plat__cdp_iam_identities:
namespace: "crn:altus:iam:us-west-1:altus"
role_suffix: role
resource_role_suffix: resourceRole
env_admin: EnvironmentAdmin
env_user: EnvironmentUser
dw_admin: DWAdmin
dw_user: DWUser
ml_admin: MLAdmin
ml_user: MLUser
df_admin: DFAdmin
df_flow_admin: DFFlowAdmin
df_flow_user: DFFlowUser
de_admin: DEAdmin
de_user: DEUser
plat__cdp_iam_admin_group_resource_roles_default:
- "{{ plat__cdp_iam_identities.env_admin }}"
- "{{ plat__cdp_iam_identities.env_user }}"
- "{{ plat__cdp_iam_identities.dw_admin }}"
- "{{ plat__cdp_iam_identities.dw_user }}"
- "{{ plat__cdp_iam_identities.ml_admin }}"
- "{{ plat__cdp_iam_identities.ml_user }}"
- "{{ plat__cdp_iam_identities.df_admin }}"
- "{{ plat__cdp_iam_identities.df_flow_admin }}"
- "{{ plat__cdp_iam_identities.df_flow_user }}"
- "{{ plat__cdp_iam_identities.de_admin }}"
- "{{ plat__cdp_iam_identities.de_user }}"
plat__cdp_iam_user_group_resource_roles_default:
- "{{ plat__cdp_iam_identities.env_user }}"
- "{{ plat__cdp_iam_identities.dw_user }}"
- "{{ plat__cdp_iam_identities.ml_user }}"
- "{{ plat__cdp_iam_identities.df_flow_admin }}"
- "{{ plat__cdp_iam_identities.df_flow_user }}"
- "{{ plat__cdp_iam_identities.de_user }}"
plat__gcp_xaccount_policy_bindings_default:
- "roles/compute.instanceAdmin.v1"
- "roles/compute.networkAdmin"
- "roles/compute.securityAdmin"
- "roles/compute.imageUser"
- "roles/compute.storageAdmin"
- "roles/runtimeconfig.admin"
- "roles/cloudkms.admin"
- "roles/owner"
plat__gcp_log_policy_bindings_default:
- 'storage.buckets.get'
- 'storage.buckets.create'
plat__azure_roles:
vmcnt: 'Virtual Machine Contributor'
miop: 'Managed Identity Operator'
storown: 'Storage Blob Data Owner'
storcnt: 'Storage Blob Data Contributor'
contrib: 'Contributor'
owner: 'Owner'