├── README.md ├── .gitignore ├── CHANGELOG.md ├── modules ├── signers │ └── main.tf ├── external_system_type_pool_entry │ └── main.tf ├── account_roles │ └── main.tf ├── assets │ └── main.tf ├── account_rules │ ├── default_asset.tf │ ├── kyc_asset.tf │ ├── main.tf │ └── security_asset.tf ├── signer_roles │ └── main.tf ├── signer_rules │ └── main.tf └── key_values │ └── main.tf ├── LICENSE └── main.tf /README.md: -------------------------------------------------------------------------------- 1 | # terraform-tokend-vanilla -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # .tfvars files 9 | *.tfvars 10 | 11 | .idea/ 12 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 6 | 7 | ## 1 -------------------------------------------------------------------------------- /modules/signers/main.tf: -------------------------------------------------------------------------------- 1 | variable "license_signer_role" { 2 | type = string 3 | } 4 | 5 | resource tokend_account_signer "license_signer" { 6 | public_key = "GAEOJ3TZ2HI2FNFLMS7KLYZXRX5YZKC5UBMXUH2B5O2KSJ7ALZQALHH3" 7 | weight = 1000 8 | identity = 0 9 | role_id = "${var.license_signer_role}" 10 | } -------------------------------------------------------------------------------- /modules/external_system_type_pool_entry/main.tf: -------------------------------------------------------------------------------- 1 | resource tokend_key_value "external_system_type_stellar" { 2 | key = "external_system_type:stellar" 3 | value_type = "uint32" 4 | value = "1" 5 | } 6 | 7 | resource tokend_key_value "external_system_type_ethereum" { 8 | key = "external_system_type:ethereum" 9 | value_type = "uint32" 10 | value = "2" 11 | } 12 | 13 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 TokenD 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /modules/account_roles/main.tf: -------------------------------------------------------------------------------- 1 | variable unverified_rules { 2 | type = list 3 | } 4 | 5 | variable general_rules { 6 | type = list 7 | } 8 | 9 | variable syndicate_rules { 10 | type = list 11 | } 12 | 13 | variable blocked_rules { 14 | type = list 15 | } 16 | 17 | variable us_verified { 18 | type = list 19 | } 20 | 21 | variable us_accredited { 22 | type = list 23 | } 24 | 25 | resource tokend_account_role "unverified" { 26 | rules = "${var.unverified_rules}" 27 | } 28 | 29 | resource tokend_account_role "general" { 30 | rules = "${var.general_rules}" 31 | } 32 | 33 | resource tokend_account_role "syndicate" { 34 | rules = "${var.syndicate_rules}" 35 | } 36 | 37 | resource tokend_account_role "blocked" { 38 | rules = "${var.blocked_rules}" 39 | } 40 | 41 | resource tokend_account_role "us_accredited" { 42 | rules = "${var.us_accredited}" 43 | } 44 | 45 | resource tokend_account_role "us_verified" { 46 | rules = "${var.us_verified}" 47 | } 48 | 49 | resource tokend_key_value "unverified" { 50 | key = "account_role:unverified" 51 | value_type = "uint32" 52 | value = "${tokend_account_role.unverified.id}" 53 | } 54 | 55 | resource tokend_key_value "general" { 56 | key = "account_role:general" 57 | value_type = "uint32" 58 | value = "${tokend_account_role.general.id}" 59 | } 60 | 61 | resource tokend_key_value "syndicate" { 62 | key = "account_role:corporate" 63 | value_type = "uint32" 64 | value = "${tokend_account_role.syndicate.id}" 65 | } 66 | 67 | resource tokend_key_value "blocked" { 68 | key = "account_role:blocked" 69 | value_type = "uint32" 70 | value = "${tokend_account_role.blocked.id}" 71 | } 72 | 73 | resource tokend_key_value "us_verified" { 74 | key = "account_role:us_verified" 75 | value_type = "uint32" 76 | value = "${tokend_account_role.us_verified.id}" 77 | } 78 | 79 | resource tokend_key_value "us_accredited" { 80 | key = "account_role:us_accredited" 81 | value_type = "uint32" 82 | value = "${tokend_account_role.us_accredited.id}" 83 | } 84 | -------------------------------------------------------------------------------- /modules/assets/main.tf: -------------------------------------------------------------------------------- 1 | resource tokend_asset "USD" { 2 | code = "USD" 3 | max_issuance_amount = "9223372036853" 4 | initial_pre_issuance_amount = "9223372036853" 5 | pre_issuance_signer = "GBA4EX43M25UPV4WIE6RRMQOFTWXZZRIPFAI5VPY6Z2ZVVXVWZ6NEOOB" 6 | trailing_digits_count = 6 7 | 8 | details = { 9 | name = "US Dollar" 10 | } 11 | 12 | policies = [ 13 | "transferable", 14 | "base_asset", 15 | "stats_quote_asset", 16 | ] 17 | } 18 | 19 | resource tokend_asset "BTC" { 20 | code = "BTC" 21 | max_issuance_amount = "21000000" 22 | initial_pre_issuance_amount = "21000000" 23 | pre_issuance_signer = "GBA4EX43M25UPV4WIE6RRMQOFTWXZZRIPFAI5VPY6Z2ZVVXVWZ6NEOOB" 24 | trailing_digits_count = 6 25 | 26 | details = { 27 | name = "Bitcoin" 28 | } 29 | 30 | policies = [ 31 | "transferable", 32 | "base_asset", 33 | ] 34 | } 35 | 36 | resource tokend_asset "EUR" { 37 | code = "EUR" 38 | max_issuance_amount = "9223372036853" 39 | initial_pre_issuance_amount = "9223372036853" 40 | pre_issuance_signer = "GBA4EX43M25UPV4WIE6RRMQOFTWXZZRIPFAI5VPY6Z2ZVVXVWZ6NEOOB" 41 | trailing_digits_count = 6 42 | 43 | details = { 44 | name = "Euro" 45 | } 46 | 47 | policies = [ 48 | "transferable", 49 | ] 50 | } 51 | 52 | resource tokend_asset "CHF" { 53 | code = "CHF" 54 | max_issuance_amount = "9223372036853" 55 | initial_pre_issuance_amount = "9223372036853" 56 | pre_issuance_signer = "GBA4EX43M25UPV4WIE6RRMQOFTWXZZRIPFAI5VPY6Z2ZVVXVWZ6NEOOB" 57 | trailing_digits_count = 6 58 | 59 | details = { 60 | name = "Swiss franc" 61 | } 62 | 63 | policies = [ 64 | "transferable", 65 | ] 66 | } 67 | 68 | resource tokend_asset_pair "BTC_USD" { 69 | base = "${tokend_asset.BTC.id}" 70 | quote = "${tokend_asset.USD.id}" 71 | price = "11757" 72 | } 73 | 74 | resource tokend_asset_pair "EUR_USD" { 75 | base = "${tokend_asset.EUR.id}" 76 | quote = "${tokend_asset.USD.id}" 77 | price = "1.1" 78 | } 79 | 80 | resource tokend_asset_pair "CHF_USD" { 81 | base = "${tokend_asset.CHF.id}" 82 | quote = "${tokend_asset.USD.id}" 83 | price = "1.02459" 84 | } 85 | -------------------------------------------------------------------------------- /modules/account_rules/default_asset.tf: -------------------------------------------------------------------------------- 1 | resource tokend_account_rule "sender" { 2 | action = "send" 3 | entry_type = "asset" 4 | 5 | entry = { 6 | asset_type = "${var.asset_type_default}" 7 | asset_code = "*" 8 | } 9 | } 10 | 11 | resource tokend_account_rule "payment_receiver" { 12 | action = "receive_payment" 13 | entry_type = "asset" 14 | 15 | entry = { 16 | asset_type = "${var.asset_type_default}" 17 | asset_code = "*" 18 | } 19 | } 20 | 21 | resource tokend_account_rule "atomic_swap_receiver" { 22 | action = "receive_atomic_swap" 23 | entry_type = "asset" 24 | 25 | entry = { 26 | asset_type = "${var.asset_type_default}" 27 | asset_code = "*" 28 | } 29 | } 30 | 31 | resource tokend_account_rule "withdrawer" { 32 | action = "withdraw" 33 | entry_type = "asset" 34 | 35 | entry = { 36 | asset_type = "${var.asset_type_default}" 37 | asset_code = "*" 38 | } 39 | } 40 | 41 | 42 | resource tokend_account_rule "default_for_default_buy_offer_creator" { 43 | action = "create" 44 | entry_type = "offer" 45 | entry = { 46 | is_buy = true 47 | quote_asset_type = "${var.asset_type_default}" 48 | base_asset_type = "${var.asset_type_default}" 49 | } 50 | } 51 | 52 | resource tokend_account_rule "default_for_default_sell_offer_creator" { 53 | action = "create" 54 | entry_type = "offer" 55 | entry = { 56 | is_buy = false 57 | quote_asset_type = "${var.asset_type_default}" 58 | base_asset_type = "${var.asset_type_default}" 59 | } 60 | } 61 | 62 | resource tokend_account_rule "issuance_receiver" { 63 | action = "receive_issuance" 64 | entry_type = "asset" 65 | 66 | entry = { 67 | asset_type = "${var.asset_type_default}" 68 | asset_code = "*" 69 | } 70 | } 71 | 72 | output "default_for_default_buy_offer_creator" { 73 | value = "${tokend_account_rule.default_for_default_buy_offer_creator.id}" 74 | } 75 | 76 | output "default_for_default_sell_offer_creator" { 77 | value = "${tokend_account_rule.default_for_default_sell_offer_creator.id}" 78 | } 79 | 80 | output "sender" { 81 | value = "${tokend_account_rule.sender.id}" 82 | } 83 | 84 | output "atomic_swap_receiver" { 85 | value = "${tokend_account_rule.atomic_swap_receiver.id}" 86 | } 87 | 88 | output "payment_receiver" { 89 | value = "${tokend_account_rule.payment_receiver.id}" 90 | } 91 | 92 | output "withdrawer" { 93 | value = "${tokend_account_rule.withdrawer.id}" 94 | } 95 | 96 | output "issuance_receiver" { 97 | value = "${tokend_account_rule.issuance_receiver.id}" 98 | } 99 | -------------------------------------------------------------------------------- /modules/signer_roles/main.tf: -------------------------------------------------------------------------------- 1 | variable "default_rules" { 2 | type = list 3 | } 4 | 5 | variable "kyc_aml_admin" { 6 | type = list 7 | } 8 | 9 | variable "license_admin" { 10 | type = list 11 | } 12 | 13 | variable "create_kyc" { 14 | type = list 15 | } 16 | 17 | variable "issuance_signer" { 18 | type = list 19 | } 20 | 21 | resource tokend_signer_role "issuance_signer" { 22 | rules = "${var.issuance_signer}" 23 | details = { 24 | admin_role = false 25 | name = "Issuance" 26 | description = "Role allows signer only to send create issuance requests" 27 | } 28 | } 29 | 30 | resource tokend_signer_role "create_kyc_recovery" { 31 | rules = "${var.create_kyc}" 32 | details = { 33 | admin_role = false 34 | name = "KYC Recovery creator" 35 | description = "Use ID of role as value in kv by kyc_recovery_signer_role key" 36 | } 37 | } 38 | 39 | resource tokend_signer_role "super_admin" { 40 | rules = [ 41 | "1", 42 | ] 43 | 44 | details = { 45 | admin_role = true 46 | name = "Super Administrator" 47 | description = "Have full access to system administration functionality" 48 | } 49 | } 50 | 51 | resource tokend_signer_role "kyc_aml_admin" { 52 | rules = "${var.kyc_aml_admin}" 53 | 54 | details = { 55 | admin_role = true 56 | name = "KYC/AML" 57 | description = "Responsible for reviewing users requests including KYC, asset/sale creation etc" 58 | } 59 | } 60 | 61 | resource tokend_signer_role "license_admin" { 62 | rules = "${var.license_admin}" 63 | details = { 64 | admin_role = true 65 | name = "License Admin" 66 | description = "Able to manage system licenses" 67 | } 68 | } 69 | 70 | 71 | // users operational signer role 72 | resource tokend_signer_role "default" { 73 | rules = [ 74 | "1", 75 | ] 76 | } 77 | 78 | // KV for Identity Storage 79 | resource tokend_key_value "default" { 80 | key = "signer_role:default" 81 | value_type = "uint32" 82 | value = "${tokend_signer_role.default.id}" 83 | } 84 | 85 | resource tokend_key_value "create_kyc_recovery_role" { 86 | key = "kyc_recovery_signer_role" 87 | value_type = "uint64" 88 | value = "${tokend_signer_role.create_kyc_recovery.id}" 89 | } 90 | 91 | resource tokend_key_value "issuance_signer_role" { 92 | key = "signer_role:issuance" 93 | value_type = "uint32" 94 | value = "${tokend_signer_role.issuance_signer.id}" 95 | } 96 | 97 | resource tokend_key_value "license_admin_role" { 98 | key = "license_admin_signer_role" 99 | value_type = "uint64" 100 | value = "${tokend_signer_role.license_admin.id}" 101 | } 102 | 103 | output "license_signer_role" { 104 | value = "${tokend_signer_role.license_admin.id}" 105 | } 106 | -------------------------------------------------------------------------------- /modules/signer_rules/main.tf: -------------------------------------------------------------------------------- 1 | resource tokend_signer_rule "issuance_creator" { 2 | action = "create" 3 | entry_type = "reviewable_request" 4 | entry = { 5 | request_type = "create_issuance" 6 | asset_code = "*" 7 | asset_type = "*" 8 | } 9 | } 10 | 11 | resource tokend_signer_rule "kyc_recovery_creator" { 12 | action = "create" 13 | entry_type = "reviewable_request" 14 | entry = { 15 | request_type = "kyc_recovery" 16 | } 17 | } 18 | 19 | resource tokend_signer_rule "tx_sender" { 20 | action = "send" 21 | entry_type = "transaction" 22 | } 23 | 24 | resource tokend_signer_rule "request_reviewer" { 25 | action = "review" 26 | entry_type = "reviewable_request" 27 | entry = { 28 | request_type = "*" 29 | } 30 | } 31 | 32 | resource tokend_signer_rule "aml_alert_reviewer" { 33 | action = "review" 34 | entry_type = "reviewable_request" 35 | entry = { 36 | request_type = "create_aml_alert" 37 | } 38 | } 39 | 40 | resource tokend_signer_rule "kyc_request_reviewer" { 41 | action = "review" 42 | entry_type = "reviewable_request" 43 | entry = { 44 | request_type = "change_role" 45 | } 46 | } 47 | 48 | resource tokend_signer_rule "sale_checker" { 49 | action = "check" 50 | entry_type = "sale" 51 | entry = { 52 | sale_id = "*" 53 | sale_type = "*" 54 | } 55 | } 56 | 57 | resource tokend_signer_rule "kv_manager" { 58 | action = "manage" 59 | entry_type = "key_value" 60 | } 61 | 62 | resource tokend_signer_rule "limits_manager" { 63 | action = "manage" 64 | entry_type = "limits" 65 | } 66 | 67 | resource tokend_signer_rule "fee_manager" { 68 | action = "manage" 69 | entry_type = "fee" 70 | } 71 | 72 | resource tokend_signer_rule "license_creator" { 73 | action = "create" 74 | entry_type = "license" 75 | } 76 | 77 | resource tokend_signer_rule "stamp_creator" { 78 | action = "create" 79 | entry_type = "stamp" 80 | } 81 | 82 | output "aml_alert_reviewer" { 83 | value = "${tokend_signer_rule.aml_alert_reviewer.id}" 84 | } 85 | 86 | output "kyc_request_reviewer" { 87 | value = "${tokend_signer_rule.kyc_request_reviewer.id}" 88 | } 89 | 90 | output "issuance_creator" { 91 | value = "${tokend_signer_rule.issuance_creator.id}" 92 | } 93 | 94 | output "tx_sender" { 95 | value = "${tokend_signer_rule.tx_sender.id}" 96 | } 97 | 98 | output "request_reviewer" { 99 | value = "${tokend_signer_rule.request_reviewer.id}" 100 | } 101 | 102 | output "sale_checker" { 103 | value = "${tokend_signer_rule.sale_checker.id}" 104 | } 105 | 106 | output "kv_manager" { 107 | value = "${tokend_signer_rule.kv_manager.id}" 108 | } 109 | 110 | output "limits_manager" { 111 | value = "${tokend_signer_rule.limits_manager.id}" 112 | } 113 | 114 | output "fee_manager" { 115 | value = "${tokend_signer_rule.fee_manager.id}" 116 | } 117 | 118 | output "license_creator" { 119 | value = "${tokend_signer_rule.license_creator.id}" 120 | } 121 | 122 | output "stamp_creator" { 123 | value = "${tokend_signer_rule.stamp_creator.id}" 124 | } 125 | 126 | output "kyc_recovery_creator" { 127 | value = "${tokend_signer_rule.kyc_recovery_creator.id}" 128 | } 129 | -------------------------------------------------------------------------------- /modules/account_rules/kyc_asset.tf: -------------------------------------------------------------------------------- 1 | resource tokend_account_rule "kyc_sender" { 2 | action = "send" 3 | entry_type = "asset" 4 | 5 | entry = { 6 | asset_type = "${var.asset_type_kyc}" 7 | asset_code = "*" 8 | } 9 | } 10 | 11 | resource tokend_account_rule "kyc_payment_receiver" { 12 | action = "receive_payment" 13 | entry_type = "asset" 14 | 15 | entry = { 16 | asset_type = "${var.asset_type_kyc}" 17 | asset_code = "*" 18 | } 19 | } 20 | 21 | resource tokend_account_rule "kyc_atomic_swap_receiver" { 22 | action = "receive_atomic_swap" 23 | entry_type = "asset" 24 | 25 | entry = { 26 | asset_type = "${var.asset_type_kyc}" 27 | asset_code = "*" 28 | } 29 | } 30 | 31 | resource tokend_account_rule "kyc_withdrawer" { 32 | action = "withdraw" 33 | entry_type = "asset" 34 | 35 | entry = { 36 | asset_type = "${var.asset_type_kyc}" 37 | asset_code = "*" 38 | } 39 | } 40 | 41 | resource tokend_account_rule "kyc_for_kyc_buy_offer_creator" { 42 | action = "create" 43 | entry_type = "offer" 44 | entry = { 45 | is_buy = true 46 | quote_asset_type = "${var.asset_type_kyc}" 47 | base_asset_type = "${var.asset_type_kyc}" 48 | } 49 | } 50 | 51 | resource tokend_account_rule "kyc_for_kyc_sell_offer_creator" { 52 | action = "create" 53 | entry_type = "offer" 54 | entry = { 55 | is_buy = false 56 | quote_asset_type = "${var.asset_type_kyc}" 57 | base_asset_type = "${var.asset_type_kyc}" 58 | } 59 | } 60 | 61 | 62 | resource tokend_account_rule "default_for_kyc_buy_offer_creator" { 63 | action = "create" 64 | entry_type = "offer" 65 | entry = { 66 | is_buy = true 67 | quote_asset_type = "${var.asset_type_kyc}" 68 | base_asset_type = "${var.asset_type_default}" 69 | } 70 | } 71 | 72 | resource tokend_account_rule "default_for_kyc_sell_offer_creator" { 73 | action = "create" 74 | entry_type = "offer" 75 | entry = { 76 | is_buy = false 77 | quote_asset_type = "${var.asset_type_kyc}" 78 | base_asset_type = "${var.asset_type_default}" 79 | } 80 | } 81 | 82 | resource tokend_account_rule "kyc_for_default_buy_offer_creator" { 83 | action = "create" 84 | entry_type = "offer" 85 | entry = { 86 | is_buy = true 87 | quote_asset_type = "${var.asset_type_default}" 88 | base_asset_type = "${var.asset_type_kyc}" 89 | } 90 | } 91 | 92 | resource tokend_account_rule "kyc_for_default_sell_offer_creator" { 93 | action = "create" 94 | entry_type = "offer" 95 | entry = { 96 | is_buy = false 97 | quote_asset_type = "${var.asset_type_default}" 98 | base_asset_type = "${var.asset_type_kyc}" 99 | } 100 | } 101 | 102 | 103 | resource tokend_account_rule "kyc_issuance_receiver" { 104 | action = "receive_issuance" 105 | entry_type = "asset" 106 | 107 | entry = { 108 | asset_type = "${var.asset_type_kyc}" 109 | asset_code = "*" 110 | } 111 | } 112 | 113 | output "kyc_for_default_buy_offer_creator" { 114 | value = "${tokend_account_rule.kyc_for_default_buy_offer_creator.id}" 115 | } 116 | 117 | output "kyc_for_default_sell_offer_creator" { 118 | value = "${tokend_account_rule.kyc_for_default_sell_offer_creator.id}" 119 | } 120 | 121 | output "kyc_for_kyc_buy_offer_creator" { 122 | value = "${tokend_account_rule.kyc_for_kyc_buy_offer_creator.id}" 123 | } 124 | 125 | output "kyc_for_kyc_sell_offer_creator" { 126 | value = "${tokend_account_rule.kyc_for_kyc_sell_offer_creator.id}" 127 | } 128 | 129 | output "default_for_kyc_buy_offer_creator" { 130 | value = "${tokend_account_rule.default_for_kyc_buy_offer_creator.id}" 131 | } 132 | 133 | output "default_for_kyc_sell_offer_creator" { 134 | value = "${tokend_account_rule.default_for_kyc_sell_offer_creator.id}" 135 | } 136 | 137 | output "kyc_sender" { 138 | value = "${tokend_account_rule.kyc_sender.id}" 139 | } 140 | 141 | output "kyc_atomic_swap_receiver" { 142 | value = "${tokend_account_rule.kyc_atomic_swap_receiver.id}" 143 | } 144 | 145 | output "kyc_payment_receiver" { 146 | value = "${tokend_account_rule.kyc_payment_receiver.id}" 147 | } 148 | 149 | output "kyc_withdrawer" { 150 | value = "${tokend_account_rule.kyc_withdrawer.id}" 151 | } 152 | 153 | output "kyc_issuance_receiver" { 154 | value = "${tokend_account_rule.kyc_issuance_receiver.id}" 155 | } 156 | -------------------------------------------------------------------------------- /modules/key_values/main.tf: -------------------------------------------------------------------------------- 1 | variable "restricted_poll_type" { 2 | type = string 3 | } 4 | 5 | variable "unrestricted_poll_type" { 6 | type = string 7 | } 8 | 9 | variable "asset_type_kyc" { 10 | type = string 11 | } 12 | 13 | variable "asset_type_security" { 14 | type = string 15 | } 16 | 17 | variable "asset_type_default" { 18 | type = string 19 | } 20 | 21 | variable "default_change_role_tasks" { 22 | type = string 23 | default = "1" 24 | } 25 | 26 | resource tokend_key_value "poll_type_restricted" { 27 | key = "poll_type:restricted" 28 | value_type = "uint32" 29 | value = "${var.restricted_poll_type}" 30 | } 31 | 32 | resource tokend_key_value "poll_type_unrestricted" { 33 | key = "poll_type:unrestricted" 34 | value_type = "uint32" 35 | value = "${var.unrestricted_poll_type}" 36 | } 37 | 38 | resource tokend_key_value "asset_type_kyc_required" { 39 | key = "asset_type:kyc_required" 40 | value_type = "uint32" 41 | value = "${var.asset_type_kyc}" 42 | } 43 | 44 | resource tokend_key_value "asset_type_security" { 45 | key = "asset_type:security" 46 | value_type = "uint32" 47 | value = "${var.asset_type_security}" 48 | } 49 | 50 | resource tokend_key_value "asset_type_default" { 51 | key = "asset_type:default" 52 | value_type = "uint32" 53 | value = "${var.asset_type_default}" 54 | } 55 | 56 | resource tokend_key_value "change_role_task-submit_auto_verification" { 57 | key = "change_role_task:submit_auto_verification" 58 | value_type = "uint32" 59 | value = "1024" 60 | } 61 | 62 | resource tokend_key_value "change_role_task-complete_auto_verification" { 63 | key = "change_role_task:complete_auto_verification" 64 | value_type = "uint32" 65 | value = "2048" 66 | } 67 | 68 | resource tokend_key_value "change_role_task-manual_review_required" { 69 | key = "change_role_task:manual_review_required" 70 | value_type = "uint32" 71 | value = "4096" 72 | } 73 | 74 | resource tokend_key_value "default_withdraw_tasks" { 75 | key = "withdrawal_tasks:*" 76 | value_type = "uint32" 77 | value = "2048" 78 | } 79 | 80 | resource tokend_key_value "default_change_role_tasks" { 81 | key = "change_role_tasks:*:*" 82 | value_type = "uint32" 83 | value = "${var.default_change_role_tasks}" 84 | } 85 | 86 | resource tokend_key_value "asset_create_tasks" { 87 | key = "asset_create_tasks" 88 | value_type = "uint32" 89 | value = "1" 90 | } 91 | 92 | resource tokend_key_value "limits_update_tasks" { 93 | key = "limits_update_tasks" 94 | value_type = "uint32" 95 | value = "1" 96 | } 97 | 98 | resource tokend_key_value "asset_update_default" { 99 | key = "asset_update_tasks:*" 100 | value_type = "uint32" 101 | value = "1" 102 | } 103 | 104 | resource tokend_key_value "asset_update_task" { 105 | key = "asset_update_tasks" 106 | value_type = "uint32" 107 | value = "1" 108 | } 109 | 110 | resource tokend_key_value "sale_create_tasks" { 111 | key = "sale_create_tasks:*" 112 | value_type = "uint32" 113 | value = "2" 114 | } 115 | 116 | resource tokend_key_value "issuance_tasks_default" { 117 | key = "issuance_tasks:*" 118 | value_type = "uint32" 119 | value = "0" 120 | } 121 | 122 | resource tokend_key_value "preissuance_tasks_default" { 123 | key = "preissuance_tasks:*" 124 | value_type = "uint32" 125 | value = "0" 126 | } 127 | 128 | resource tokend_key_value "kyc_recovery_enabled" { 129 | key = "kyc_recovery_enabled" 130 | value_type = "uint32" 131 | value = "1" 132 | } 133 | 134 | resource tokend_key_value "create_kyc_recovery_tasks" { 135 | key = "create_kyc_recovery_tasks" 136 | value_type = "uint32" 137 | value = "1" 138 | } 139 | 140 | resource tokend_key_value "create_poll_tasks" { 141 | key = "create_poll_tasks:*" 142 | value_type = "uint32" 143 | value = "1" 144 | } 145 | 146 | resource tokend_key_value "atomic_swap_ask_tasks" { 147 | key = "atomic_swap_ask_tasks" 148 | value_type = "uint32" 149 | value = "0" 150 | } 151 | 152 | resource tokend_key_value "atomic_swap_bid_tasks" { 153 | key = "atomic_swap_bid_tasks:*" 154 | value_type = "uint32" 155 | value = "1" 156 | } 157 | 158 | resource tokend_key_value "bridges_enabled" { 159 | key = "bridges_enabled" 160 | value_type = "uint32" 161 | value = "1" 162 | } 163 | -------------------------------------------------------------------------------- /modules/account_rules/main.tf: -------------------------------------------------------------------------------- 1 | variable "asset_type_default" { 2 | type = string 3 | } 4 | 5 | variable "asset_type_kyc" { 6 | type = string 7 | } 8 | 9 | variable "asset_type_security" { 10 | type =string 11 | } 12 | 13 | variable restricted_poll_type { 14 | type = string 15 | } 16 | 17 | 18 | resource tokend_account_rule "signer_manager" { 19 | action = "*" 20 | entry_type = "signer" 21 | } 22 | 23 | resource tokend_account_rule "role_updater" { 24 | action = "create" 25 | entry_type = "reviewable_request" 26 | entry = { 27 | request_type = "change_role" 28 | } 29 | } 30 | 31 | resource tokend_account_rule "balance_creator" { 32 | action = "create" 33 | entry_type = "balance" 34 | } 35 | 36 | resource tokend_account_rule "tx_sender" { 37 | action = "send" 38 | entry_type = "transaction" 39 | } 40 | 41 | resource tokend_account_rule "asset_creator" { 42 | action = "create" 43 | entry_type = "asset" 44 | entry = { 45 | asset_type = "*" 46 | asset_code = "*" 47 | } 48 | } 49 | 50 | resource tokend_account_rule "asset_remover" { 51 | action = "remove" 52 | entry_type = "asset" 53 | entry = { 54 | asset_type = "*" 55 | asset_code = "*" 56 | } 57 | } 58 | 59 | resource tokend_account_rule "asset_withdrawer" { 60 | action = "withdraw" 61 | entry_type = "asset" 62 | entry = { 63 | asset_type = "*" 64 | asset_code = "*" 65 | } 66 | } 67 | 68 | 69 | resource tokend_account_rule "reviewable_request_creator" { // TODO shrink scope to specific requests 70 | action = "create" 71 | entry_type = "reviewable_request" 72 | entry = { 73 | request_type = "*" 74 | } 75 | } 76 | 77 | 78 | 79 | resource tokend_account_rule "sale_participant" { 80 | action = "participate" 81 | entry_type = "sale" 82 | 83 | entry = { 84 | sale_type = "*" 85 | sale_id = "*" 86 | } 87 | } 88 | 89 | resource tokend_account_rule "external_binder" { 90 | action = "bind" 91 | entry_type = "external_system_account_id_pool_entry" 92 | } 93 | 94 | resource tokend_account_rule "vote_creator" { 95 | action = "create" 96 | entry_type = "vote" 97 | 98 | entry = { 99 | poll_id = "*" 100 | permission_type = "*" 101 | } 102 | } 103 | 104 | resource tokend_account_rule "vote_remover" { 105 | action = "remove" 106 | entry_type = "vote" 107 | 108 | entry = { 109 | poll_id = "*" 110 | permission_type = "*" 111 | } 112 | } 113 | 114 | resource tokend_account_rule "forbid_restricted_vote_remove" { 115 | action = "remove" 116 | entry_type = "vote" 117 | forbids = true 118 | 119 | entry = { 120 | poll_id = "*" 121 | permission_type = "${var.restricted_poll_type}" 122 | } 123 | } 124 | 125 | resource tokend_account_rule "poll_closer" { 126 | action = "close" 127 | entry_type = "poll" 128 | 129 | entry = { 130 | poll_id = "*" 131 | permission_type = "*" 132 | } 133 | } 134 | 135 | resource tokend_account_rule "poll_end_time_updater" { 136 | action = "update_end_time" 137 | entry_type = "poll" 138 | 139 | entry = { 140 | poll_id = "*" 141 | permission_type = "*" 142 | } 143 | } 144 | 145 | resource tokend_account_rule "poll_canceler" { 146 | action = "cancel" 147 | entry_type = "poll" 148 | 149 | entry = { 150 | poll_id = "*" 151 | permission_type = "*" 152 | } 153 | } 154 | 155 | resource tokend_account_rule "kyc_recovery_creator" { 156 | action = "create" 157 | entry_type = "reviewable_request" 158 | entry = { 159 | request_type = "kyc_recovery" 160 | } 161 | } 162 | 163 | resource tokend_account_rule "atomic_swap_ask_creator" { 164 | action = "create" 165 | entry_type = "atomic_swap_ask" 166 | 167 | entry = { 168 | asset_type = "*" 169 | asset_code = "*" 170 | } 171 | } 172 | 173 | output "external_binder" { 174 | value = "${tokend_account_rule.external_binder.id}" 175 | } 176 | 177 | output "sale_participant" { 178 | value = "${tokend_account_rule.sale_participant.id}" 179 | } 180 | 181 | 182 | output "reviewable_request_creator" { 183 | value = "${tokend_account_rule.reviewable_request_creator.id}" 184 | } 185 | 186 | output "signer_manager" { 187 | value = "${tokend_account_rule.signer_manager.id}" 188 | } 189 | 190 | output "role_updater" { 191 | value = "${tokend_account_rule.role_updater.id}" 192 | } 193 | 194 | output "tx_sender" { 195 | value = "${tokend_account_rule.tx_sender.id}" 196 | } 197 | 198 | output "balance_creator" { 199 | value = "${tokend_account_rule.balance_creator.id}" 200 | } 201 | 202 | output "asset_creator" { 203 | value = "${tokend_account_rule.asset_creator.id}" 204 | } 205 | 206 | output "asset_remover" { 207 | value = "${tokend_account_rule.asset_remover.id}" 208 | } 209 | 210 | output "asset_withdrawer" { 211 | value = "${tokend_account_rule.asset_withdrawer.id}" 212 | } 213 | 214 | output "vote_creator" { 215 | value = "${tokend_account_rule.vote_creator.id}" 216 | } 217 | 218 | output "vote_remover" { 219 | value = "${tokend_account_rule.vote_remover.id}" 220 | } 221 | 222 | output "forbid_restricted_vote_remove" { 223 | value = "${tokend_account_rule.forbid_restricted_vote_remove.id}" 224 | } 225 | 226 | output "poll_closer" { 227 | value = "${tokend_account_rule.poll_closer.id}" 228 | } 229 | 230 | output "poll_end_time_updater" { 231 | value = "${tokend_account_rule.poll_end_time_updater.id}" 232 | } 233 | 234 | output "poll_canceler" { 235 | value = "${tokend_account_rule.poll_canceler.id}" 236 | } 237 | 238 | output "kyc_recovery_creator" { 239 | value = "${tokend_account_rule.kyc_recovery_creator.id}" 240 | } 241 | 242 | output "atomic_swap_ask_creator" { 243 | value = "${tokend_account_rule.atomic_swap_ask_creator.id}" 244 | } 245 | -------------------------------------------------------------------------------- /modules/account_rules/security_asset.tf: -------------------------------------------------------------------------------- 1 | resource tokend_account_rule "security_sender" { 2 | action = "send" 3 | entry_type = "asset" 4 | 5 | entry = { 6 | asset_type = "${var.asset_type_security}" 7 | asset_code = "*" 8 | } 9 | } 10 | 11 | resource tokend_account_rule "security_payment_receiver" { 12 | action = "receive_payment" 13 | entry_type = "asset" 14 | 15 | entry = { 16 | asset_type = "${var.asset_type_security}" 17 | asset_code = "*" 18 | } 19 | } 20 | 21 | resource tokend_account_rule "security_atomic_swap_receiver" { 22 | action = "receive_atomic_swap" 23 | entry_type = "asset" 24 | 25 | entry = { 26 | asset_type = "${var.asset_type_security}" 27 | asset_code = "*" 28 | } 29 | } 30 | 31 | resource tokend_account_rule "security_withdrawer" { 32 | action = "withdraw" 33 | entry_type = "asset" 34 | 35 | entry = { 36 | asset_type = "${var.asset_type_security}" 37 | asset_code = "*" 38 | } 39 | } 40 | 41 | resource tokend_account_rule "security_for_security_buy_offer_creator" { 42 | action = "create" 43 | entry_type = "offer" 44 | entry = { 45 | is_buy = true 46 | quote_asset_type = "${var.asset_type_kyc}" 47 | base_asset_type = "${var.asset_type_kyc}" 48 | } 49 | } 50 | 51 | resource tokend_account_rule "security_for_security_sell_offer_creator" { 52 | action = "create" 53 | entry_type = "offer" 54 | entry = { 55 | is_buy = false 56 | quote_asset_type = "${var.asset_type_kyc}" 57 | base_asset_type = "${var.asset_type_kyc}" 58 | } 59 | } 60 | 61 | resource tokend_account_rule "security_for_kyc_sell_offer_creator" { 62 | action = "create" 63 | entry_type = "offer" 64 | entry = { 65 | is_buy = false 66 | quote_asset_type = "${var.asset_type_kyc}" 67 | base_asset_type = "${var.asset_type_security}" 68 | } 69 | } 70 | 71 | resource tokend_account_rule "security_for_kyc_buy_offer_creator" { 72 | action = "create" 73 | entry_type = "offer" 74 | entry = { 75 | is_buy = true 76 | quote_asset_type = "${var.asset_type_kyc}" 77 | base_asset_type = "${var.asset_type_security}" 78 | } 79 | } 80 | 81 | resource tokend_account_rule "security_for_default_buy_offer_creator" { 82 | action = "create" 83 | entry_type = "offer" 84 | entry = { 85 | is_buy = true 86 | quote_asset_type = "${var.asset_type_default}" 87 | base_asset_type = "${var.asset_type_security}" 88 | } 89 | } 90 | 91 | resource tokend_account_rule "security_for_default_sell_offer_creator" { 92 | action = "create" 93 | entry_type = "offer" 94 | entry = { 95 | is_buy = false 96 | quote_asset_type = "${var.asset_type_default}" 97 | base_asset_type = "${var.asset_type_security}" 98 | } 99 | } 100 | 101 | resource tokend_account_rule "kyc_for_security_buy_offer_creator" { 102 | action = "create" 103 | entry_type = "offer" 104 | entry = { 105 | is_buy = true 106 | quote_asset_type = "${var.asset_type_security}" 107 | base_asset_type = "${var.asset_type_kyc}" 108 | } 109 | } 110 | 111 | resource tokend_account_rule "kyc_for_security_sell_offer_creator" { 112 | action = "create" 113 | entry_type = "offer" 114 | entry = { 115 | is_buy = false 116 | quote_asset_type = "${var.asset_type_security}" 117 | base_asset_type = "${var.asset_type_kyc}" 118 | } 119 | } 120 | 121 | resource tokend_account_rule "default_for_security_sell_offer_creator" { 122 | action = "create" 123 | entry_type = "offer" 124 | entry = { 125 | is_buy = false 126 | quote_asset_type = "${var.asset_type_security}" 127 | base_asset_type = "${var.asset_type_default}" 128 | } 129 | } 130 | 131 | resource tokend_account_rule "default_for_security_buy_offer_creator" { 132 | action = "create" 133 | entry_type = "offer" 134 | entry = { 135 | is_buy = true 136 | quote_asset_type = "${var.asset_type_security}" 137 | base_asset_type = "${var.asset_type_default}" 138 | } 139 | } 140 | 141 | 142 | resource tokend_account_rule "security_issuance_receiver" { 143 | action = "receive_issuance" 144 | entry_type = "asset" 145 | 146 | entry = { 147 | asset_type = "${var.asset_type_security}" 148 | asset_code = "*" 149 | } 150 | } 151 | 152 | output "security_for_security_buy_offer_creator" { 153 | value = "${tokend_account_rule.security_for_security_buy_offer_creator.id}" 154 | } 155 | 156 | output "security_for_security_sell_offer_creator" { 157 | value = "${tokend_account_rule.security_for_security_sell_offer_creator.id}" 158 | } 159 | 160 | output "security_for_default_buy_offer_creator" { 161 | value = "${tokend_account_rule.security_for_default_buy_offer_creator.id}" 162 | } 163 | 164 | output "security_for_default_sell_offer_creator" { 165 | value = "${tokend_account_rule.security_for_default_sell_offer_creator.id}" 166 | } 167 | 168 | output "security_for_kyc_buy_offer_creator" { 169 | value = "${tokend_account_rule.security_for_kyc_buy_offer_creator.id}" 170 | } 171 | 172 | output "security_for_kyc_sell_offer_creator" { 173 | value = "${tokend_account_rule.security_for_kyc_sell_offer_creator.id}" 174 | } 175 | 176 | output "default_for_security_buy_offer_creator" { 177 | value = "${tokend_account_rule.default_for_security_buy_offer_creator.id}" 178 | } 179 | 180 | output "default_for_security_sell_offer_creator" { 181 | value = "${tokend_account_rule.default_for_security_sell_offer_creator.id}" 182 | } 183 | 184 | 185 | output "kyc_for_security_buy_offer_creator" { 186 | value = "${tokend_account_rule.kyc_for_security_buy_offer_creator.id}" 187 | } 188 | 189 | output "kyc_for_security_sell_offer_creator" { 190 | value = "${tokend_account_rule.kyc_for_security_sell_offer_creator.id}" 191 | } 192 | 193 | output "security_sender" { 194 | value = "${tokend_account_rule.security_sender.id}" 195 | } 196 | 197 | output "security_atomic_swap_receiver" { 198 | value = "${tokend_account_rule.security_atomic_swap_receiver.id}" 199 | } 200 | 201 | output "security_payment_receiver" { 202 | value = "${tokend_account_rule.security_payment_receiver.id}" 203 | } 204 | 205 | output "security_withdrawer" { 206 | value = "${tokend_account_rule.security_withdrawer.id}" 207 | } 208 | 209 | output "security_issuance_receiver" { 210 | value = "${tokend_account_rule.security_issuance_receiver.id}" 211 | } 212 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | variable restricted_poll_type { 2 | type = string 3 | default = "3" 4 | } 5 | 6 | variable unrestricted_poll_type { 7 | type = string 8 | default = "4" 9 | } 10 | 11 | variable asset_type_default { 12 | type = string 13 | default = "0" 14 | } 15 | 16 | variable default_change_role_tasks { 17 | type = string 18 | default = "1" 19 | } 20 | 21 | variable asset_type_kyc { 22 | type = string 23 | default = "1" 24 | } 25 | 26 | variable asset_type_security { 27 | type = string 28 | default = "2" 29 | } 30 | 31 | // creates basic account rules 32 | module "account_rules" { 33 | source = "./modules/account_rules" 34 | restricted_poll_type = "${var.restricted_poll_type}" 35 | asset_type_default = "${var.asset_type_default}" 36 | asset_type_kyc = "${var.asset_type_kyc}" 37 | asset_type_security = "${var.asset_type_security}" 38 | } 39 | 40 | // create default account roles 41 | module "account_roles" { 42 | source = "./modules/account_roles" 43 | 44 | unverified_rules = [ 45 | "${module.account_rules.balance_creator}", 46 | "${module.account_rules.sender}", 47 | "${module.account_rules.payment_receiver}", 48 | "${module.account_rules.atomic_swap_receiver}", 49 | "${module.account_rules.issuance_receiver}", 50 | "${module.account_rules.tx_sender}", 51 | "${module.account_rules.role_updater}", 52 | "${module.account_rules.signer_manager}", 53 | "${module.account_rules.default_for_default_sell_offer_creator}", 54 | "${module.account_rules.default_for_default_buy_offer_creator}", 55 | "${module.account_rules.sale_participant}", 56 | "${module.account_rules.external_binder}", 57 | "${module.account_rules.vote_creator}", 58 | "${module.account_rules.vote_remover}", 59 | "${module.account_rules.forbid_restricted_vote_remove}", 60 | "${module.account_rules.kyc_recovery_creator}", 61 | ] 62 | 63 | general_rules = [ 64 | "${module.account_rules.balance_creator}", 65 | "${module.account_rules.sender}", 66 | "${module.account_rules.payment_receiver}", 67 | "${module.account_rules.atomic_swap_receiver}", 68 | "${module.account_rules.issuance_receiver}", 69 | "${module.account_rules.tx_sender}", 70 | "${module.account_rules.role_updater}", 71 | "${module.account_rules.signer_manager}", 72 | "${module.account_rules.default_for_default_sell_offer_creator}", 73 | "${module.account_rules.default_for_default_buy_offer_creator}", 74 | "${module.account_rules.default_for_kyc_buy_offer_creator}", 75 | "${module.account_rules.default_for_kyc_sell_offer_creator}", 76 | "${module.account_rules.kyc_for_kyc_buy_offer_creator}", 77 | "${module.account_rules.kyc_for_kyc_sell_offer_creator}", 78 | "${module.account_rules.kyc_for_default_buy_offer_creator}", 79 | "${module.account_rules.kyc_for_default_sell_offer_creator}", 80 | "${module.account_rules.security_for_default_buy_offer_creator}", 81 | "${module.account_rules.security_for_default_sell_offer_creator}", 82 | "${module.account_rules.security_for_kyc_buy_offer_creator}", 83 | "${module.account_rules.security_for_kyc_sell_offer_creator}", 84 | "${module.account_rules.security_for_security_buy_offer_creator}", 85 | "${module.account_rules.security_for_security_sell_offer_creator}", 86 | "${module.account_rules.default_for_security_buy_offer_creator}", 87 | "${module.account_rules.default_for_security_sell_offer_creator}", 88 | "${module.account_rules.kyc_for_security_buy_offer_creator}", 89 | "${module.account_rules.kyc_for_security_sell_offer_creator}", 90 | "${module.account_rules.kyc_sender}", 91 | "${module.account_rules.kyc_atomic_swap_receiver}", 92 | "${module.account_rules.kyc_payment_receiver}", 93 | "${module.account_rules.kyc_withdrawer}", 94 | "${module.account_rules.kyc_issuance_receiver}", 95 | "${module.account_rules.reviewable_request_creator}", 96 | "${module.account_rules.sale_participant}", 97 | "${module.account_rules.asset_withdrawer}", 98 | "${module.account_rules.external_binder}", 99 | "${module.account_rules.vote_creator}", 100 | "${module.account_rules.vote_remover}", 101 | "${module.account_rules.forbid_restricted_vote_remove}", 102 | "${module.account_rules.kyc_recovery_creator}", 103 | ] 104 | 105 | syndicate_rules = [ 106 | "${module.account_rules.balance_creator}", 107 | "${module.account_rules.sender}", 108 | "${module.account_rules.payment_receiver}", 109 | "${module.account_rules.atomic_swap_receiver}", 110 | "${module.account_rules.issuance_receiver}", 111 | "${module.account_rules.tx_sender}", 112 | "${module.account_rules.role_updater}", 113 | "${module.account_rules.signer_manager}", 114 | "${module.account_rules.asset_creator}", 115 | "${module.account_rules.asset_remover}", 116 | "${module.account_rules.default_for_default_sell_offer_creator}", 117 | "${module.account_rules.default_for_default_buy_offer_creator}", 118 | "${module.account_rules.default_for_kyc_buy_offer_creator}", 119 | "${module.account_rules.default_for_kyc_sell_offer_creator}", 120 | "${module.account_rules.kyc_for_kyc_buy_offer_creator}", 121 | "${module.account_rules.kyc_for_kyc_sell_offer_creator}", 122 | "${module.account_rules.kyc_for_default_buy_offer_creator}", 123 | "${module.account_rules.kyc_for_default_sell_offer_creator}", 124 | "${module.account_rules.security_for_default_buy_offer_creator}", 125 | "${module.account_rules.security_for_default_sell_offer_creator}", 126 | "${module.account_rules.security_for_kyc_buy_offer_creator}", 127 | "${module.account_rules.security_for_kyc_sell_offer_creator}", 128 | "${module.account_rules.security_for_security_buy_offer_creator}", 129 | "${module.account_rules.security_for_security_sell_offer_creator}", 130 | "${module.account_rules.default_for_security_buy_offer_creator}", 131 | "${module.account_rules.default_for_security_sell_offer_creator}", 132 | "${module.account_rules.kyc_for_security_buy_offer_creator}", 133 | "${module.account_rules.kyc_for_security_sell_offer_creator}", 134 | "${module.account_rules.kyc_sender}", 135 | "${module.account_rules.kyc_atomic_swap_receiver}", 136 | "${module.account_rules.kyc_payment_receiver}", 137 | "${module.account_rules.kyc_withdrawer}", 138 | "${module.account_rules.kyc_issuance_receiver}", 139 | "${module.account_rules.reviewable_request_creator}", 140 | "${module.account_rules.sale_participant}", 141 | "${module.account_rules.asset_withdrawer}", 142 | "${module.account_rules.external_binder}", 143 | "${module.account_rules.vote_creator}", 144 | "${module.account_rules.vote_remover}", 145 | "${module.account_rules.forbid_restricted_vote_remove}", 146 | "${module.account_rules.poll_closer}", 147 | "${module.account_rules.poll_canceler}", 148 | "${module.account_rules.poll_end_time_updater}", 149 | "${module.account_rules.kyc_recovery_creator}", 150 | "${module.account_rules.atomic_swap_ask_creator}", 151 | ] 152 | 153 | us_accredited = [ 154 | "${module.account_rules.balance_creator}", 155 | "${module.account_rules.sender}", 156 | "${module.account_rules.payment_receiver}", 157 | "${module.account_rules.atomic_swap_receiver}", 158 | "${module.account_rules.issuance_receiver}", 159 | "${module.account_rules.tx_sender}", 160 | "${module.account_rules.role_updater}", 161 | "${module.account_rules.signer_manager}", 162 | "${module.account_rules.default_for_default_sell_offer_creator}", 163 | "${module.account_rules.default_for_default_buy_offer_creator}", 164 | "${module.account_rules.default_for_kyc_buy_offer_creator}", 165 | "${module.account_rules.default_for_kyc_sell_offer_creator}", 166 | "${module.account_rules.kyc_for_kyc_buy_offer_creator}", 167 | "${module.account_rules.kyc_for_kyc_sell_offer_creator}", 168 | "${module.account_rules.kyc_for_default_buy_offer_creator}", 169 | "${module.account_rules.kyc_for_default_sell_offer_creator}", 170 | "${module.account_rules.security_for_default_buy_offer_creator}", 171 | "${module.account_rules.security_for_default_sell_offer_creator}", 172 | "${module.account_rules.security_for_kyc_buy_offer_creator}", 173 | "${module.account_rules.security_for_kyc_sell_offer_creator}", 174 | "${module.account_rules.security_for_security_buy_offer_creator}", 175 | "${module.account_rules.security_for_security_sell_offer_creator}", 176 | "${module.account_rules.default_for_security_buy_offer_creator}", 177 | "${module.account_rules.default_for_security_sell_offer_creator}", 178 | "${module.account_rules.kyc_for_security_buy_offer_creator}", 179 | "${module.account_rules.kyc_for_security_sell_offer_creator}", 180 | "${module.account_rules.kyc_sender}", 181 | "${module.account_rules.kyc_atomic_swap_receiver}", 182 | "${module.account_rules.kyc_payment_receiver}", 183 | "${module.account_rules.kyc_withdrawer}", 184 | "${module.account_rules.kyc_issuance_receiver}", 185 | "${module.account_rules.reviewable_request_creator}", 186 | "${module.account_rules.sale_participant}", 187 | "${module.account_rules.asset_withdrawer}", 188 | "${module.account_rules.external_binder}", 189 | "${module.account_rules.vote_creator}", 190 | "${module.account_rules.vote_remover}", 191 | "${module.account_rules.forbid_restricted_vote_remove}", 192 | "${module.account_rules.kyc_recovery_creator}", 193 | ] 194 | 195 | us_verified = [ 196 | "${module.account_rules.balance_creator}", 197 | "${module.account_rules.sender}", 198 | "${module.account_rules.payment_receiver}", 199 | "${module.account_rules.atomic_swap_receiver}", 200 | "${module.account_rules.issuance_receiver}", 201 | "${module.account_rules.tx_sender}", 202 | "${module.account_rules.role_updater}", 203 | "${module.account_rules.signer_manager}", 204 | "${module.account_rules.default_for_default_sell_offer_creator}", 205 | "${module.account_rules.default_for_default_buy_offer_creator}", 206 | "${module.account_rules.default_for_kyc_buy_offer_creator}", 207 | "${module.account_rules.default_for_kyc_sell_offer_creator}", 208 | "${module.account_rules.kyc_for_kyc_buy_offer_creator}", 209 | "${module.account_rules.kyc_for_kyc_sell_offer_creator}", 210 | "${module.account_rules.kyc_for_default_buy_offer_creator}", 211 | "${module.account_rules.kyc_for_default_sell_offer_creator}", 212 | "${module.account_rules.kyc_sender}", 213 | "${module.account_rules.kyc_atomic_swap_receiver}", 214 | "${module.account_rules.kyc_payment_receiver}", 215 | "${module.account_rules.kyc_withdrawer}", 216 | "${module.account_rules.kyc_issuance_receiver}", 217 | "${module.account_rules.reviewable_request_creator}", 218 | "${module.account_rules.sale_participant}", 219 | "${module.account_rules.asset_withdrawer}", 220 | "${module.account_rules.external_binder}", 221 | "${module.account_rules.vote_creator}", 222 | "${module.account_rules.vote_remover}", 223 | "${module.account_rules.forbid_restricted_vote_remove}", 224 | "${module.account_rules.kyc_recovery_creator}", 225 | ] 226 | 227 | blocked_rules = [] 228 | } 229 | 230 | // create defaul signer rules 231 | module "signer_rules" { 232 | source = "./modules/signer_rules" 233 | } 234 | 235 | // create default signer roles 236 | module "signer_roles" { 237 | source = "./modules/signer_roles" 238 | 239 | default_rules = [ 240 | "1", 241 | ] 242 | 243 | kyc_aml_admin = [ 244 | "${module.signer_rules.tx_sender}", 245 | "${module.signer_rules.aml_alert_reviewer}", 246 | "${module.signer_rules.kyc_request_reviewer}", 247 | ] 248 | 249 | license_admin = [ 250 | "${module.signer_rules.tx_sender}", 251 | "${module.signer_rules.license_creator}", 252 | "${module.signer_rules.stamp_creator}", 253 | ] 254 | 255 | issuance_signer = [ 256 | "${module.signer_rules.issuance_creator}" 257 | ] 258 | 259 | create_kyc = [ 260 | "${module.signer_rules.kyc_recovery_creator}", 261 | ] 262 | } 263 | 264 | module "key_values" { 265 | source = "./modules/key_values" 266 | restricted_poll_type = "${var.restricted_poll_type}" 267 | unrestricted_poll_type = "${var.unrestricted_poll_type}" 268 | asset_type_kyc = "${var.asset_type_kyc}" 269 | asset_type_security = "${var.asset_type_security}" 270 | asset_type_default = "${var.asset_type_default}" 271 | default_change_role_tasks = "${var.default_change_role_tasks}" 272 | } 273 | 274 | module "assets" { 275 | source = "./modules/assets" 276 | } 277 | 278 | module "external_system_type_pool_entry" { 279 | source = "./modules/external_system_type_pool_entry" 280 | } 281 | 282 | module "signers" { 283 | source = "./modules/signers" 284 | license_signer_role = "${module.signer_roles.license_signer_role}" 285 | } 286 | --------------------------------------------------------------------------------