Topic sk jcs 13348 fix condition (#207)

Fix one condition in policy

Author: skommala

terraform/main.tf

@@ -223,21 +223,22 @@ module "policies" {
     defined_tags  = local.defined_tags
     freeform_tags = local.free_form_tags
   }
-  atp_db                      = local.atp_db
-  oci_db                      = local.oci_db
-  vcn_id                      = element(concat(module.network-vcn[*].vcn_id, [""]), 0)
-  wls_existing_vcn_id         = var.wls_existing_vcn_id
-  is_idcs_selected            = var.is_idcs_selected
-  idcs_client_secret_id       = var.idcs_client_secret_id
-  use_oci_logging             = var.use_oci_logging
-  use_apm_service             = local.use_apm_service
-  apm_domain_compartment_id   = local.apm_domain_compartment_id
-  use_autoscaling             = var.use_autoscaling
-  ocir_auth_token_id          = var.ocir_auth_token_id
-  add_fss                     = var.add_fss
-  add_load_balancer           = local.add_load_balancer
-  fss_compartment_id          = var.fss_compartment_id == "" ? var.compartment_ocid : var.fss_compartment_id
-  mount_target_compartment_id = var.mount_target_compartment_id == "" ? var.compartment_ocid : var.mount_target_compartment_id
+  atp_db                           = local.atp_db
+  oci_db                           = local.oci_db
+  vcn_id                           = element(concat(module.network-vcn[*].vcn_id, [""]), 0)
+  wls_existing_vcn_id              = var.wls_existing_vcn_id
+  is_idcs_selected                 = var.is_idcs_selected
+  idcs_client_secret_id            = var.idcs_client_secret_id
+  use_oci_logging                  = var.use_oci_logging
+  use_apm_service                  = local.use_apm_service
+  apm_domain_compartment_id        = local.apm_domain_compartment_id
+  use_autoscaling                  = var.use_autoscaling
+  ocir_auth_token_id               = var.ocir_auth_token_id
+  add_fss                          = var.add_fss
+  add_load_balancer                = local.add_load_balancer
+  fss_compartment_id               = var.fss_compartment_id == "" ? var.compartment_ocid : var.fss_compartment_id
+  mount_target_compartment_id      = var.mount_target_compartment_id == "" ? var.compartment_ocid : var.mount_target_compartment_id
+  is_rms_private_endpoint_required = local.is_rms_private_endpoint_required
 }
 
 module "bastion" {

terraform/modules/policies/locals.tf

@@ -75,7 +75,7 @@ locals {
   autoscaling_statement25                       = var.use_autoscaling ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to inspect dynamic-groups in tenancy" : "" : ""
   autoscaling_statement26                       = var.use_autoscaling ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to manage policies in tenancy" : "" : ""
   autoscaling_statement27                       = var.use_autoscaling ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to use tag-namespaces in tenancy" : "" : ""
-  autoscaling_statement28                       = var.use_autoscaling ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to manage orm-family in compartment id ${var.network_compartment_id}" : "" : ""
+  autoscaling_statement28                       = var.use_autoscaling && var.network_compartment_id != var.compartment_id && var.is_rms_private_endpoint_required ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to manage orm-family in compartment id ${var.network_compartment_id}" : "" : ""
   autoscaling_atp_policy_statement              = (var.atp_db.is_atp && var.use_autoscaling) ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to inspect autonomous-transaction-processing-family in compartment id ${var.atp_db.compartment_id}" : "" : ""
   autoscaling_db_policy_statement               = (local.is_oci_db && var.use_autoscaling) ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to inspect database-family in compartment id ${var.oci_db.compartment_id}" : "" : ""
   autoscaling_fss_mount_target_policy_statement = (var.add_fss && var.use_autoscaling) ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to manage mount-targets in compartment id ${var.mount_target_compartment_id}" : "" : ""

terraform/modules/policies/variables.tf

@@ -187,3 +187,8 @@ variable "add_load_balancer" {
   description = "If this variable is true and existing_load_balancer is blank, a new load balancer will be created for the stack. If existing_load_balancer_id is not blank, the specified load balancer will be used"
   default     = false
 }
+
+variable "is_rms_private_endpoint_required" {
+  type        = bool
+  description = "Set resource manager private endpoint"
+}