docs: update complex example with host resource usage

hashicorp · Aug 28, 2020 · 877ce6e · 877ce6e
1 parent 0fa0c85
commit 877ce6e
Showing 1 changed file with 68 additions and 7 deletions.
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -36,7 +36,7 @@ provider "boundary" {
 }
 
 variable "backend_team" {
-  type = set(string)
+  type    = set(string)
   default = [
     "Jim Lambert",
     "Mike Gaffney",
@@ -45,15 +45,15 @@ variable "backend_team" {
 }
 
 variable "frontend_team" {
-  type = set(string)
+  type    = set(string)
   default = [
     "Randy Morey",
     "Susmitha Girumala",
   ]
 }
 
 variable "leadership_team" {
-  type = set(string)
+  type    = set(string)
   default = [
     "Jeff Mitchell",
     "Pete Pacent",
@@ -62,29 +62,51 @@ variable "leadership_team" {
   ]
 }
 
+variable "web_server_ips" {
+  type    = set(string)
+  default = [
+    "10.0.0.1",
+    "10.0.0.2",
+  ]
+}
+
+variable "backend_server_ips" {
+  type    = set(string)
+  default = [
+    "10.1.0.1",
+    "10.1.0.2",
+  ]
+}
+
+resource "boundary_organization" "corp" {}
+
 resource "boundary_user" "backend" {
   for_each    = var.backend_team
   name        = each.key
   description = "Backend user: ${each.key}"
+  scope_id    = boundary_organization.corp.id
 }
 
 resource "boundary_user" "frontend" {
   for_each    = var.frontend_team
   name        = each.key
   description = "Frontend user: ${each.key}"
+  scope_id    = boundary_organization.corp.id
 }
 
 resource "boundary_user" "leadership" {
   for_each    = var.leadership_team
   name        = each.key
   description = "WARNING: Managers should be read-only"
+  scope_id    = boundary_organization.corp.id
 }
 
 // organiation level group for the leadership team
 resource "boundary_group" "leadership" {
   name        = "leadership_team"
   description = "Organization group for leadership team"
   member_ids  = [for user in boundary_user.leadership : user.id]
+  scope_id    = boundary_organization.corp.id
 }
 
 // add org-level role for readonly access
@@ -93,22 +115,25 @@ resource "boundary_role" "organization_readonly" {
   description = "Read-only role"
   principals  = [boundary_group.leadership.id]
   grants      = ["id=*;actions=read"]
+  scope_id    = boundary_organization.corp.id
 }
 
 // add org-level role for administration access
 resource "boundary_role" "organization_admin" {
   name        = "admin"
   description = "Administrator role"
-  principals = concat(
+  principals  = concat(
     [for user in boundary_user.backend : user.id],
     [for user in boundary_user.frontend : user.id]
   )
-  grants = ["id=*;actions=create,read,update,delete"]
+  grants   = ["id=*;actions=create,read,update,delete"]
+  scope_id = boundary_organization.corp.id
 }
 
 // create a project for core infrastructure
 resource "boundary_project" "core_infra" {
   description = "Core infrastrcture"
+  scope_id    = boundary_organization.corp.id
 }
 
 resource "boundary_group" "backend_core_infra" {
@@ -125,15 +150,51 @@ resource "boundary_group" "frontend_core_infra" {
   scope_id    = boundary_project.core_infra.id
 }
 
+resource "boundary_host" "backend_servers_service" {
+  for_each        = var.backend_server_ips
+  name            = "backend_server_service_${each.value}"
+  description     = "Backend server host for service port"
+  address         = "${each.key}:9200"
+  scope_id        = boundary_project.core_infra.id
+  host_catalog_id = boundary_host_catalog.backend_servers.id 
+}
+
+resource "boundary_host" "backend_servers_ssh" {
+  for_each        = var.backend_server_ips
+  name            = "backend_server_ssh_${each.value}"
+  description     = "Backend server host for SSH port"
+  address         = "${each.key}:22"
+  scope_id        = boundary_project.core_infra.id
+  host_catalog_id = boundary_host_catalog.backend_servers.id
+}
+
+resource "boundary_host" "frontend_servers_console" {
+  for_each        = var.frontend_server_ips
+  name            = "frontend_server_console_${each.value}"
+  description     = "Frontend server host for console port"
+  address         = "${each.key}:443"
+  scope_id        = boundary_project.core_infra.id
+  host_catalog_id = boundary_host_catalog.frontend_servers.id 
+}
+
+resource "boundary_host" "frontend_servers_ssh" {
+  for_each        = var.frontend_server_ips
+  name            = "frontend_server_ssh_${each.value}"
+  description     = "Frontend server host for SSH port"
+  address         = "${each.key}:22"
+  scope_id        = boundary_project.core_infra.id
+  host_catalog_id = boundary_host_catalog.frontend_servers.id 
+}
+
 resource "boundary_host_catalog" "web_servers" {
-  name        = "Web servers"
+  name        = "web_servers"
   description = "Web servers for frontend team"
   type        = "Static"
   scope_id    = boundary_project.core_infra.id
 }
 
 resource "boundary_host_catalog" "backend_servers" {
-  name        = "Backend servers"
+  name        = "backend_servers"
   description = "Web servers for backend team"
   type        = "Static"
   scope_id    = boundary_project.core_infra.id