Skip to Main Content

Identity & Platform

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Terraform dynamic group matching rule for OSMH instance group- aargh

Craig SilvaNov 26 2024 — edited Nov 26 2024

I can enable OSMH using policy advisor but we are developing terraform landing zone deployments and getting the matching rule to work is currently beyond me (and each pull request failure is driving others a bit nuts). my current attempts pass a terraform plan but fail on apply.

/*

osmh_dynamic_group = {

dynamic\_group\_name        = "osmh-instances-dg"

dynamic\_group\_description = "OCI ELZ OSMH Dynamic Group"

general\_matching\_rule = \[

  "ANY {instance.compartment.id='${var.tenancy\_ocid}', instance.compartment.id='ocid1.compartment.oc1..xxxxxxxxxx', instance.compartment.id='ocid1.compartment.oc1..xxxxxxxxx1xxx'}",

  "ALL {resource.type='managementagent', resource.compartment.id='${var.tenancy\_ocid}'}",

  "ALL {resource.type='managementagent', resource.compartment.id='ocid1.compartment.oc1..xxxxxxxxxx'}",

  "ALL {resource.type='managementagent', resource.compartment.id='ocid1.compartment.oc1..xxxxxxxxx1xxx'}"

\]

}

*/

Any suggestion appreciated

Comments
Post Details
Added on Nov 26 2024
0 comments
20 views