feat(oci): add admin policy

tf/oci_compartment_bootstrap/group.tf

@@ -0,0 +1,6 @@
+resource "oci_identity_group" "this" {
+  compartment_id = var.tenancy_ocid
+
+  name = "terraform"
+  description = "terraform"
+}

tf/oci_compartment_bootstrap/group_membership.tf

@@ -0,0 +1,4 @@
+resource "oci_identity_user_group_membership" "this" {
+  user_id = oci_identity_user.this.id
+  group_id = oci_identity_group.this.id
+}

tf/oci_compartment_bootstrap/policy.tf

@@ -0,0 +1,21 @@
+locals {
+  policy_multi_line_statement = <<EOF
+Allow group ${oci_identity_group.this.name} to manage vcns in compartment id ${var.tenancy_ocid} where ALL {
+ANY { request.operation = 'CreateNetworkSecurityGroup', request.operation = 'DeleteNetworkSecurityGroup' }
+}
+  EOF
+
+}
+
+resource "oci_identity_policy" "terraform-admin" {
+  compartment_id = var.tenancy_ocid
+
+  name = "terraform-admin"
+  description = "terraform-admin"
+
+  statements = [
+    "Allow group ${oci_identity_group.this.name} to manage all-resources in compartment id ${local.child_compartment_id}",
+    "Allow group ${oci_identity_group.this.name} to read virtual-network-family in compartment id ${var.tenancy_ocid}",
+    local.policy_multi_line_statement,
+  ]
+}