From 589d6f1c12b91fbc5e17a5f4e15891d780211bca Mon Sep 17 00:00:00 2001 From: HARI K ARLA Date: Tue, 29 Aug 2023 15:41:51 +0530 Subject: [PATCH] remove account_id changes --- .../ibm-iam-accessgroups-templates/README.md | 37 ++--- .../ibm-iam-accessgroups-templates/main.tf | 3 - .../variables.tf | 15 -- .../d/iam_access_group_template.html.markdown | 141 ++++++------------ ...ss_group_template_assignment.html.markdown | 48 ++---- ...cess_group_template_versions.html.markdown | 133 +++++++---------- .../r/iam_access_group_template.html.markdown | 53 +++++-- ...ss_group_template_assignment.html.markdown | 15 +- ...ccess_group_template_version.html.markdown | 56 +++++-- 9 files changed, 224 insertions(+), 277 deletions(-) diff --git a/examples/ibm-iam-accessgroups-templates/README.md b/examples/ibm-iam-accessgroups-templates/README.md index 6ed7d77624..d10b61c9f9 100644 --- a/examples/ibm-iam-accessgroups-templates/README.md +++ b/examples/ibm-iam-accessgroups-templates/README.md @@ -30,7 +30,6 @@ resource "iam_access_group_template" "iam_access_group_template_instance" { transaction_id = var.iam_access_group_template_transaction_id name = var.iam_access_group_template_name description = var.iam_access_group_template_description - account_id = var.iam_access_group_template_account_id group = var.iam_access_group_template_group policy_template_references = var.iam_access_group_template_policy_template_references } @@ -65,7 +64,6 @@ ibm_iam_access_group_template data source: ```hcl data "iam_access_group_template" "iam_access_group_template_instance" { - account_id = var.iam_access_group_template_account_id transaction_id = var.iam_access_group_template_transaction_id verbose = var.iam_access_group_template_verbose } @@ -81,7 +79,6 @@ ibm_iam_access_group_template_assignment data source: ```hcl data "iam_access_group_template_assignment" "iam_access_group_template_assignment_instance" { - account_id = var.iam_access_group_template_assignment_account_id template_id = var.iam_access_group_template_assignment_template_id template_version = var.iam_access_group_template_assignment_template_version target = var.iam_access_group_template_assignment_target @@ -112,44 +109,42 @@ data "iam_access_group_template_assignment" "iam_access_group_template_assignmen ## Inputs +ibm_iam_access_group_template input: + | Name | Description | Type | Required | |------|-------------|------|---------| | ibmcloud\_api\_key | IBM Cloud API key | `string` | true | | transaction_id | An optional transaction id for the request. | `string` | false | | name | The name of the access group template. | `string` | true | | description | The description of the access group template. | `string` | false | -| account_id | The ID of the account to which the access group template is assigned. | `string` | true | | group | Access Group Component. | `` | false | | policy_template_references | References to policy templates assigned to the access group template. | `list()` | false | + +ibm_iam_access_group_template_version input: + +| Name | Description | Type | Required | +|------|-------------|------|---------| | template_id | ID of the template that you want to create a new version of. | `string` | true | | transaction_id | An optional transaction id for the request. | `string` | false | | name | The name of the access group template. | `string` | false | -| description | The description of the access group template. | `string` | false | +| description | The description of the access group template version. | `string` | false | | group | Access Group Component. | `` | false | -| policy_template_references | References to policy templates assigned to the access group template. | `list()` | false | +| policy_template_references | References to policy templates assigned to the access group template version. | `list()` | false | + +ibm_iam_access_group_template_assignment input: + +| Name | Description | Type | Required | +|------|-------------|------|---------| | transaction_id | An optional transaction id for the request. | `string` | false | | template_id | The ID of the template that the assignment is based on. | `string` | true | | template_version | The version of the template that the assignment is based on. | `string` | true | | target_type | The type of the entity that the assignment applies to. | `string` | true | | target | The ID of the entity that the assignment applies to. | `string` | true | -| account_id | Enterprise account ID. | `string` | true | -| transaction_id | An optional transaction id for the request. | `string` | false | -| verbose | If `verbose=true`, IAM resource details are returned. If performance is a concern, leave the `verbose` parameter off so that details are not retrieved. | `bool` | false | -| template_id | ID of the template that you want to list all versions of. | `string` | true | -| account_id | Enterprise account ID. | `string` | true | -| template_id | Filter results by Template Id. | `string` | false | -| template_version | Filter results by Template Version. | `string` | false | -| target | Filter results by the assignment target. | `string` | false | -| status | Filter results by the assignment status. | `string` | false | -| transaction_id | An optional transaction id for the request. | `string` | false | ## Outputs | Name | Description | |------|-------------| -| iam_access_group_template | iam_access_group_template object | -| iam_access_group_template_version | iam_access_group_template_version object | -| iam_access_group_template_assignment | iam_access_group_template_assignment object | -| iam_access_group_template | iam_access_group_template object | +| ibm_iam_access_group_template | ibm_iam_access_group_template object | | ibm_iam_access_group_template_version | ibm_iam_access_group_template_version object | -| iam_access_group_template_assignment | iam_access_group_template_assignment object | +| ibm_iam_access_group_template_assignment | ibm_iam_access_group_template_assignment object | diff --git a/examples/ibm-iam-accessgroups-templates/main.tf b/examples/ibm-iam-accessgroups-templates/main.tf index a8e30bbd1c..30dd7a2b6d 100644 --- a/examples/ibm-iam-accessgroups-templates/main.tf +++ b/examples/ibm-iam-accessgroups-templates/main.tf @@ -7,7 +7,6 @@ resource "ibm_iam_access_group_template" "iam_access_group_template_instance" { transaction_id = var.iam_access_group_template_transaction_id name = var.iam_access_group_template_name description = var.iam_access_group_template_description - account_id = var.iam_access_group_template_account_id group { name = "name" description = "description" @@ -116,7 +115,6 @@ resource "ibm_iam_access_group_template_assignment" "iam_access_group_template_a /* // Create iam_access_group_template data source data "ibm_iam_access_group_template" "iam_access_group_template_instance" { - account_id = var.iam_access_group_template_account_id transaction_id = var.iam_access_group_template_transaction_id verbose = var.iam_access_group_template_verbose } @@ -136,7 +134,6 @@ data "ibm_ibm_iam_access_group_template_version" "ibm_iam_access_group_template_ /* // Create iam_access_group_template_assignment data source data "ibm_iam_access_group_template_assignment" "iam_access_group_template_assignment_instance" { - account_id = var.iam_access_group_template_assignment_account_id template_id = var.iam_access_group_template_assignment_template_id template_version = var.iam_access_group_template_assignment_template_version target = var.iam_access_group_template_assignment_target diff --git a/examples/ibm-iam-accessgroups-templates/variables.tf b/examples/ibm-iam-accessgroups-templates/variables.tf index 927bf3e7a9..ee851b13a1 100644 --- a/examples/ibm-iam-accessgroups-templates/variables.tf +++ b/examples/ibm-iam-accessgroups-templates/variables.tf @@ -19,11 +19,6 @@ variable "iam_access_group_template_description" { type = string default = "This access group template allows admin access to all IAM platform services in the account." } -variable "iam_access_group_template_account_id" { - description = "The ID of the account to which the access group template is assigned." - type = string - default = "accountID-123" -} // Resource arguments for iam_access_group_template_version variable "iam_access_group_template_version_template_id" { @@ -75,11 +70,6 @@ variable "iam_access_group_template_assignment_target" { } // Data source arguments for iam_access_group_template -variable "iam_access_group_template_account_id" { - description = "Enterprise account ID." - type = string - default = "accountID-123" -} variable "iam_access_group_template_transaction_id" { description = "An optional transaction id for the request." type = string @@ -99,11 +89,6 @@ variable "ibm_iam_access_group_template_version_template_id" { } // Data source arguments for iam_access_group_template_assignment -variable "iam_access_group_template_assignment_account_id" { - description = "Enterprise account ID." - type = string - default = "accountID-123" -} variable "iam_access_group_template_assignment_template_id" { description = "Filter results by Template Id." type = string diff --git a/website/docs/d/iam_access_group_template.html.markdown b/website/docs/d/iam_access_group_template.html.markdown index 94e5146239..b1b6b8c7b6 100644 --- a/website/docs/d/iam_access_group_template.html.markdown +++ b/website/docs/d/iam_access_group_template.html.markdown @@ -14,7 +14,6 @@ Provides a read-only data source to retrieve information about an iam_access_gro ```hcl data "ibm_iam_access_group_template" "iam_access_group_template" { - account_id = "accountID-123" verbose = true } ``` @@ -23,8 +22,6 @@ data "ibm_iam_access_group_template" "iam_access_group_template" { You can specify the following arguments for this data source. -* `account_id` - (Required, String) Enterprise account ID. - * Constraints: The maximum length is `50` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. * `transaction_id` - (Optional, String) An optional transaction id for the request. * Constraints: The maximum length is `50` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. * `verbose` - (Optional, Boolean) If `verbose=true`, IAM resource details are returned. If performance is a concern, leave the `verbose` parameter off so that details are not retrieved. @@ -34,92 +31,52 @@ You can specify the following arguments for this data source. After your data source is created, you can read values from the following attributes. * `id` - The unique identifier of the iam_access_group_template. -* `first` - (List) A link object. -Nested schema for **first**: - * `href` - (String) A string containing the link’s URL. - -* `group_templates` - (List) A list of access group templates. - * Constraints: The maximum length is `50` items. The minimum length is `0` items. -Nested schema for **group_templates**: - * `committed` - (Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts. - * `created_at` - (String) The date and time when the access group template was created. - * `created_by_id` - (String) The ID of the user who created the access group template. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `description` - (String) The description of the access group template. - * Constraints: The maximum length is `250` characters. The minimum length is `0` characters. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `group` - (List) Access Group Component. - Nested schema for **group**: - * `action_controls` - (List) Access group action controls component. - Nested schema for **action_controls**: - * `access` - (List) Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. - Nested schema for **access**: - * `add` - (Boolean) Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it. - * `assertions` - (List) Assertions Input Component. - Nested schema for **assertions**: - * `action_controls` - (List) Control whether or not access group administrators in child accounts can add, remove, and update dynamic rules for the enterprise-managed access group in their account. The inner level RuleActionControls override these `remove` and `update` action controls. - Nested schema for **action_controls**: - * `add` - (Boolean) Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it. - * `remove` - (Boolean) Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group. - * `update` - (Boolean) Action control for updating enterprise-managed dynamic rules in an enterprise-managed access group. - * `rules` - (List) Dynamic rules to automatically add federated users to access groups based on specific identity attributes. - * Constraints: The maximum length is `50` items. The minimum length is `0` items. - Nested schema for **rules**: - * `action_controls` - (List) Control whether or not access group administrators in child accounts can update and remove this dynamic rule in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls. - Nested schema for **action_controls**: - * `remove` - (Boolean) Action control for removing this enterprise-managed dynamic rule. - * `update` - (Boolean) Action control for updating this enterprise-managed dynamic rule. - * `conditions` - (List) Conditions of membership. You can think of this as a key:value pair. - * Constraints: The maximum length is `50` items. The minimum length is `0` items. - Nested schema for **conditions**: - * `claim` - (String) The key in the key:value pair. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. - * `operator` - (String) Compares the claim and the value. - * Constraints: The maximum length is `10` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z-]+$/`. - * `value` - (String) The value in the key:value pair. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. - * `expiration` - (Integer) Session duration in hours. Access group membership is revoked after this time period expires. Users must log back in to refresh their access group membership. - * `name` - (String) Dynamic rule name. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `realm_name` - (String) The identity provider (IdP) URL. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `description` - (String) Access group description. This is shown in child accounts. - * Constraints: The maximum length is `250` characters. The minimum length is `0` characters. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `members` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. - Nested schema for **members**: - * `action_controls` - (List) Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. - Nested schema for **action_controls**: - * `add` - (Boolean) Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them. - * `remove` - (Boolean) Action control for removing enterprise-managed members from an enterprise-managed access group. - * `services` - (List) Array of service IDs to add to the template. - * Constraints: The list items must match regular expression `/^[a-zA-Z0-9_-]+$/`. The maximum length is `50` items. The minimum length is `0` items. - * `users` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. - * Constraints: The list items must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. The maximum length is `50` items. The minimum length is `0` items. - * `name` - (String) Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `href` - (String) The URL of the access group template resource. - * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `id` - (String) The ID of the access group template. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. - * `last_modified_at` - (String) The date and time when the access group template was last modified. - * `last_modified_by_id` - (String) The ID of the user who last modified the access group template. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `name` - (String) The name of the access group template. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `policy_template_references` - (List) References to policy templates assigned to the access group template. - * Constraints: The maximum length is `100` items. The minimum length is `0` items. - Nested schema for **policy_template_references**: - * `id` - (String) Policy template ID. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. - * `version` - (String) Policy template version. - * Constraints: The maximum length is `2` characters. The minimum length is `1` character. The value must match regular expression `/^[0-9]+$/`. - * `version` - (String) The version of the access group template. - * Constraints: The maximum length is `2` characters. The minimum length is `1` character. The value must match regular expression `/^[0-9]+$/`. - -* `last` - (List) A link object. -Nested schema for **last**: - * `href` - (String) A string containing the link’s URL. - -* `previous` - (List) A link object. -Nested schema for **previous**: - * `href` - (String) A string containing the link’s URL. - +* `name` - (String) The name of the access group template. +* `description` - (String) The description of the access group template. +* `account_id` - (String) Enterprise account id. +* `version` - (String) The version of the access group template. +* `committed` - (Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts. +* `group` - (List) Access Group Component. +Nested schema for **group**: + * `name` - (String) Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts. + * `description` - (String) Access group description. This is shown in child accounts. + * `members` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. + Nested schema for **members**: + * `users` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. + * `services` - (List) Array of service IDs to add to the template. + * `action_controls` - (List) Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. + Nested schema for **action_controls**: + * `add` - (Boolean) Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them. + * `remove` - (Boolean) Action control for removing enterprise-managed members from an enterprise-managed access group. + * `assertions` - (List) Assertions Input Component. + Nested schema for **assertions**: + * `action_controls` - (List) Control whether or not access group administrators in child accounts can add, remove, and update dynamic rules for the enterprise-managed access group in their account. The inner level RuleActionControls override these `remove` and `update` action controls. + Nested schema for **action_controls**: + * `add` - (Boolean) Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it. + * `remove` - (Boolean) Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group. + * `update` - (Boolean) Action control for updating enterprise-managed dynamic rules in an enterprise-managed access group. + * `rules` - (List) Dynamic rules to automatically add federated users to access groups based on specific identity attributes. + Nested schema for **rules**: + * `action_controls` - (List) Control whether or not access group administrators in child accounts can update and remove this dynamic rule in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls. + Nested schema for **action_controls**: + * `remove` - (Boolean) Action control for removing this enterprise-managed dynamic rule. + * `update` - (Boolean) Action control for updating this enterprise-managed dynamic rule. + * `conditions` - (List) Conditions of membership. You can think of this as a key:value pair. + Nested schema for **conditions**: + * `claim` - (String) The key in the key:value pair. + * `operator` - (String) Compares the claim and the value. + * `value` - (String) The value in the key:value pair. + * `action_controls` - (List) Access group action controls component. + Nested schema for **action_controls**: + * `access` - (List) Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. + Nested schema for **access**: + * `add` - (Boolean) Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it. +* `policy_template_references` - (List) References to policy templates assigned to the access group template. +Nested schema for **policy_template_references**: + * `id` - (String) Policy template ID. + * `version` - (String) Policy template version. +* `href` - (String) The URL of the access group template resource. +* `created_at` - (String) The date and time when the access group template was created. +* `created_by_id` - (String) The ID of the user who created the access group template. +* `last_modified_at` - (String) The date and time when the access group template was last modified. +* `last_modified_by_id` - (String) The ID of the user who last modified the access group template. diff --git a/website/docs/d/iam_access_group_template_assignment.html.markdown b/website/docs/d/iam_access_group_template_assignment.html.markdown index e835ce20ee..a9c7727182 100644 --- a/website/docs/d/iam_access_group_template_assignment.html.markdown +++ b/website/docs/d/iam_access_group_template_assignment.html.markdown @@ -14,7 +14,6 @@ Provides a read-only data source to retrieve information about an iam_access_gro ```hcl data "ibm_iam_access_group_template_assignment" "iam_access_group_template_assignment" { - account_id = ibm_iam_access_group_template_assignment.iam_access_group_template_assignment.account_id } ``` @@ -22,8 +21,6 @@ data "ibm_iam_access_group_template_assignment" "iam_access_group_template_assig You can specify the following arguments for this data source. -* `account_id` - (Required, String) Enterprise account ID. - * Constraints: The maximum length is `50` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. * `status` - (Optional, String) Filter results by the assignment status. * Constraints: Allowable values are: `accepted`, `in_progress`, `succeeded`, `failed`. * `target` - (Optional, String) Filter results by the assignment target. @@ -40,37 +37,16 @@ You can specify the following arguments for this data source. After your data source is created, you can read values from the following attributes. * `id` - The unique identifier of the iam_access_group_template_assignment. -* `assignments` - (List) List of template assignments. - * Constraints: The maximum length is `100` items. The minimum length is `0` items. -Nested schema for **assignments**: - * `account_id` - (String) The ID of the account that the assignment belongs to. - * `created_at` - (String) The date and time when the assignment was created. - * `created_by_id` - (String) The user or system that created the assignment. - * `href` - (String) The URL of the assignment resource. - * `id` - (String) The ID of the assignment. - * `last_modified_at` - (String) The date and time when the assignment was last updated. - * `last_modified_by_id` - (String) The user or system that last updated the assignment. - * `operation` - (String) The operation that the assignment applies to (e.g. 'assign', 'update', 'remove'). - * Constraints: Allowable values are: `assign`, `update`, `remove`. - * `status` - (String) The status of the assignment (e.g. 'accepted', 'in_progress', 'succeeded', 'failed', 'superseded'). - * Constraints: Allowable values are: `accepted`, `in_progress`, `succeeded`, `failed`, `superseded`. - * `target` - (String) The ID of the entity that the assignment applies to. - * `target_type` - (String) The type of the entity that the assignment applies to. - * Constraints: Allowable values are: `Account`, `AccountGroup`. - * `template_id` - (String) The ID of the template that the assignment is based on. - * `template_version` - (String) The version of the template that the assignment is based on. - -* `first` - (List) A link object. -Nested schema for **first**: - * `href` - (String) A string containing the link’s URL. - -* `last` - (List) A link object. -Nested schema for **last**: - * `href` - (String) A string containing the link’s URL. - -* `limit` - (Integer) Maximum number of items returned in the response. - -* `offset` - (Integer) Index of the first item returned in the response. - -* `total_count` - (Integer) Total number of items matching the query. +* `account_id` - (String) Enterprise account id. +* `template_id` - (String) The ID of the template that the assignment is based on. +* `template_version` - (String) The version of the template that the assignment is based on. +* `target` - (String) The ID of the entity that the assignment applies to. +* `target_type` - (String) The type of the entity that the assignment applies to. +* `operation` - (String) The operation that the assignment applies to (e.g. 'assign', 'update', 'remove'). +* `status` - (String) The status of the assignment (e.g. 'accepted', 'in_progress', 'succeeded', 'failed', 'superseded'). +* `href` - (String) The URL of the assignment resource. +* `created_at` - (String) The date and time when the assignment was created. +* `created_by_id` - (String) The user or system that created the assignment. +* `last_modified_at` - (String) The date and time when the assignment was last updated. +* `last_modified_by_id` - (String) The user or system that last updated the assignment. diff --git a/website/docs/d/iam_access_group_template_versions.html.markdown b/website/docs/d/iam_access_group_template_versions.html.markdown index 590cda192c..25a9254bd2 100644 --- a/website/docs/d/iam_access_group_template_versions.html.markdown +++ b/website/docs/d/iam_access_group_template_versions.html.markdown @@ -29,86 +29,53 @@ You can specify the following arguments for this data source. After your data source is created, you can read values from the following attributes. -* `id` - The unique identifier of the ibm_iam_access_group_template_versions. -* `first` - (List) A link object. -Nested schema for **first**: - * `href` - (String) A string containing the link’s URL. - -* `group_template_versions` - (List) A list of access group template versions. - * Constraints: The maximum length is `50` items. The minimum length is `0` items. -Nested schema for **group_template_versions**: - * `account_id` - (String) The ID of the account associated with the template. - * `committed` - (Boolean) A boolean indicating whether the template is committed or not. - * `created_at` - (String) The date and time the template was created. - * `created_by_id` - (String) The ID of the user who created the template. - * `description` - (String) The description of the template. - * `group` - (List) Access Group Component. - Nested schema for **group**: - * `action_controls` - (List) Access group action controls component. - Nested schema for **action_controls**: - * `access` - (List) Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. - Nested schema for **access**: - * `add` - (Boolean) Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it. - * `assertions` - (List) Assertions Input Component. - Nested schema for **assertions**: - * `action_controls` - (List) Control whether or not access group administrators in child accounts can add, remove, and update dynamic rules for the enterprise-managed access group in their account. The inner level RuleActionControls override these `remove` and `update` action controls. - Nested schema for **action_controls**: - * `add` - (Boolean) Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it. - * `remove` - (Boolean) Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group. - * `update` - (Boolean) Action control for updating enterprise-managed dynamic rules in an enterprise-managed access group. - * `rules` - (List) Dynamic rules to automatically add federated users to access groups based on specific identity attributes. - * Constraints: The maximum length is `50` items. The minimum length is `0` items. - Nested schema for **rules**: - * `action_controls` - (List) Control whether or not access group administrators in child accounts can update and remove this dynamic rule in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls. - Nested schema for **action_controls**: - * `remove` - (Boolean) Action control for removing this enterprise-managed dynamic rule. - * `update` - (Boolean) Action control for updating this enterprise-managed dynamic rule. - * `conditions` - (List) Conditions of membership. You can think of this as a key:value pair. - * Constraints: The maximum length is `50` items. The minimum length is `0` items. - Nested schema for **conditions**: - * `claim` - (String) The key in the key:value pair. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. - * `operator` - (String) Compares the claim and the value. - * Constraints: The maximum length is `10` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z-]+$/`. - * `value` - (String) The value in the key:value pair. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. - * `expiration` - (Integer) Session duration in hours. Access group membership is revoked after this time period expires. Users must log back in to refresh their access group membership. - * `name` - (String) Dynamic rule name. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `realm_name` - (String) The identity provider (IdP) URL. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `description` - (String) Access group description. This is shown in child accounts. - * Constraints: The maximum length is `250` characters. The minimum length is `0` characters. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `members` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. - Nested schema for **members**: - * `action_controls` - (List) Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. - Nested schema for **action_controls**: - * `add` - (Boolean) Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them. - * `remove` - (Boolean) Action control for removing enterprise-managed members from an enterprise-managed access group. - * `services` - (List) Array of service IDs to add to the template. - * Constraints: The list items must match regular expression `/^[a-zA-Z0-9_-]+$/`. The maximum length is `50` items. The minimum length is `0` items. - * `users` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. - * Constraints: The list items must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. The maximum length is `50` items. The minimum length is `0` items. - * `name` - (String) Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. - * `href` - (String) The URL to the template resource. - * `last_modified_at` - (String) The date and time the template was last modified. - * `last_modified_by_id` - (String) The ID of the user who last modified the template. - * `name` - (String) The name of the template. - * `policy_template_references` - (List) A list of policy templates associated with the template. - * Constraints: The maximum length is `50` items. The minimum length is `0` items. - Nested schema for **policy_template_references**: - * `id` - (String) Policy template ID. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. - * `version` - (String) Policy template version. - * Constraints: The maximum length is `2` characters. The minimum length is `1` character. The value must match regular expression `/^[0-9]+$/`. - * `version` - (String) The version number of the template. - -* `last` - (List) A link object. -Nested schema for **last**: - * `href` - (String) A string containing the link’s URL. - -* `previous` - (List) A link object. -Nested schema for **previous**: - * `href` - (String) A string containing the link’s URL. - +* `id` - The unique identifier of the iam_access_group_template. +* `name` - (String) The name of the access group template. +* `description` - (String) The description of the access group template. +* `account_id` - (String) Enterprise account id. +* `version` - (String) The version of the access group template. +* `committed` - (Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts. +* `group` - (List) Access Group Component. +Nested schema for **group**: + * `name` - (String) Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts. + * `description` - (String) Access group description. This is shown in child accounts. + * `members` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. + Nested schema for **members**: + * `users` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. + * `services` - (List) Array of service IDs to add to the template. + * `action_controls` - (List) Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. + Nested schema for **action_controls**: + * `add` - (Boolean) Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them. + * `remove` - (Boolean) Action control for removing enterprise-managed members from an enterprise-managed access group. + * `assertions` - (List) Assertions Input Component. + Nested schema for **assertions**: + * `action_controls` - (List) Control whether or not access group administrators in child accounts can add, remove, and update dynamic rules for the enterprise-managed access group in their account. The inner level RuleActionControls override these `remove` and `update` action controls. + Nested schema for **action_controls**: + * `add` - (Boolean) Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it. + * `remove` - (Boolean) Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group. + * `update` - (Boolean) Action control for updating enterprise-managed dynamic rules in an enterprise-managed access group. + * `rules` - (List) Dynamic rules to automatically add federated users to access groups based on specific identity attributes. + Nested schema for **rules**: + * `action_controls` - (List) Control whether or not access group administrators in child accounts can update and remove this dynamic rule in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls. + Nested schema for **action_controls**: + * `remove` - (Boolean) Action control for removing this enterprise-managed dynamic rule. + * `update` - (Boolean) Action control for updating this enterprise-managed dynamic rule. + * `conditions` - (List) Conditions of membership. You can think of this as a key:value pair. + Nested schema for **conditions**: + * `claim` - (String) The key in the key:value pair. + * `operator` - (String) Compares the claim and the value. + * `value` - (String) The value in the key:value pair. + * `action_controls` - (List) Access group action controls component. + Nested schema for **action_controls**: + * `access` - (List) Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. + Nested schema for **access**: + * `add` - (Boolean) Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it. +* `policy_template_references` - (List) References to policy templates assigned to the access group template. +Nested schema for **policy_template_references**: + * `id` - (String) Policy template ID. + * `version` - (String) Policy template version. +* `href` - (String) The URL of the access group template resource. +* `created_at` - (String) The date and time when the access group template was created. +* `created_by_id` - (String) The ID of the user who created the access group template. +* `last_modified_at` - (String) The date and time when the access group template was last modified. +* `last_modified_by_id` - (String) The ID of the user who last modified the access group template. diff --git a/website/docs/r/iam_access_group_template.html.markdown b/website/docs/r/iam_access_group_template.html.markdown index 1c6bb01651..ec3bd548c4 100644 --- a/website/docs/r/iam_access_group_template.html.markdown +++ b/website/docs/r/iam_access_group_template.html.markdown @@ -14,7 +14,6 @@ Create, update, and delete iam_access_group_templates with this resource. ```hcl resource "ibm_iam_access_group_template" "iam_access_group_template_instance" { - account_id = "accountID-123" description = "This access group template allows admin access to all IAM platform services in the account." group { name = "name" @@ -72,8 +71,6 @@ You can specify the following arguments for this resource. **Note:** "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name * `description` - (Optional, String) The description of the access group template. * Constraints: The maximum length is `250` characters. The minimum length is `0` characters. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. -* `account_id` - (Required, String) The ID of the account to which the access group template is assigned. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. * `group` - (Optional, List) Access Group Component. Nested schema for **group**: * `action_controls` - (Optional, List) Access group action controls component. @@ -138,17 +135,55 @@ Nested schema for **policy_template_references**: After your resource is created, you can read values from the listed arguments and the following attributes. * `id` - The unique identifier of the iam_access_group_template. +* `name` - (String) The name of the access group template. +* `description` - (String) The description of the access group template. +* `account_id` - (String) Enterprise account id. +* `version` - (String) The version of the access group template. * `committed` - (Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts. +* `group` - (List) Access Group Component. +Nested schema for **group**: + * `name` - (String) Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts. + * `description` - (String) Access group description. This is shown in child accounts. + * `members` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. + Nested schema for **members**: + * `users` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. + * `services` - (List) Array of service IDs to add to the template. + * `action_controls` - (List) Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. + Nested schema for **action_controls**: + * `add` - (Boolean) Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them. + * `remove` - (Boolean) Action control for removing enterprise-managed members from an enterprise-managed access group. + * `assertions` - (List) Assertions Input Component. + Nested schema for **assertions**: + * `action_controls` - (List) Control whether or not access group administrators in child accounts can add, remove, and update dynamic rules for the enterprise-managed access group in their account. The inner level RuleActionControls override these `remove` and `update` action controls. + Nested schema for **action_controls**: + * `add` - (Boolean) Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it. + * `remove` - (Boolean) Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group. + * `update` - (Boolean) Action control for updating enterprise-managed dynamic rules in an enterprise-managed access group. + * `rules` - (List) Dynamic rules to automatically add federated users to access groups based on specific identity attributes. + Nested schema for **rules**: + * `action_controls` - (List) Control whether or not access group administrators in child accounts can update and remove this dynamic rule in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls. + Nested schema for **action_controls**: + * `remove` - (Boolean) Action control for removing this enterprise-managed dynamic rule. + * `update` - (Boolean) Action control for updating this enterprise-managed dynamic rule. + * `conditions` - (List) Conditions of membership. You can think of this as a key:value pair. + Nested schema for **conditions**: + * `claim` - (String) The key in the key:value pair. + * `operator` - (String) Compares the claim and the value. + * `value` - (String) The value in the key:value pair. + * `action_controls` - (List) Access group action controls component. + Nested schema for **action_controls**: + * `access` - (List) Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. + Nested schema for **access**: + * `add` - (Boolean) Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it. +* `policy_template_references` - (List) References to policy templates assigned to the access group template. +Nested schema for **policy_template_references**: + * `id` - (String) Policy template ID. + * `version` - (String) Policy template version. +* `href` - (String) The URL of the access group template resource. * `created_at` - (String) The date and time when the access group template was created. * `created_by_id` - (String) The ID of the user who created the access group template. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. -* `href` - (String) The URL of the access group template resource. - * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. * `last_modified_at` - (String) The date and time when the access group template was last modified. * `last_modified_by_id` - (String) The ID of the user who last modified the access group template. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. -* `version` - (String) The version of the access group template. - * Constraints: The maximum length is `2` characters. The minimum length is `1` character. The value must match regular expression `/^[0-9]+$/`. ## Import diff --git a/website/docs/r/iam_access_group_template_assignment.html.markdown b/website/docs/r/iam_access_group_template_assignment.html.markdown index ea9b207cd6..d0ee5650b4 100644 --- a/website/docs/r/iam_access_group_template_assignment.html.markdown +++ b/website/docs/r/iam_access_group_template_assignment.html.markdown @@ -38,17 +38,18 @@ You can specify the following arguments for this resource. After your resource is created, you can read values from the listed arguments and the following attributes. * `id` - The unique identifier of the iam_access_group_template_assignment. -* `account_id` - (String) The ID of the account that the assignment belongs to. +* `account_id` - (String) Enterprise account id. +* `template_id` - (String) The ID of the template that the assignment is based on. +* `template_version` - (String) The version of the template that the assignment is based on. +* `target` - (String) The ID of the entity that the assignment applies to. +* `target_type` - (String) The type of the entity that the assignment applies to. +* `operation` - (String) The operation that the assignment applies to (e.g. 'assign', 'update', 'remove'). +* `status` - (String) The status of the assignment (e.g. 'accepted', 'in_progress', 'succeeded', 'failed', 'superseded'). +* `href` - (String) The URL of the assignment resource. * `created_at` - (String) The date and time when the assignment was created. * `created_by_id` - (String) The user or system that created the assignment. -* `href` - (String) The URL of the assignment resource. * `last_modified_at` - (String) The date and time when the assignment was last updated. * `last_modified_by_id` - (String) The user or system that last updated the assignment. -* `operation` - (String) The operation that the assignment applies to (e.g. 'assign', 'update', 'remove'). - * Constraints: Allowable values are: `assign`, `update`, `remove`. -* `status` - (String) The status of the assignment (e.g. 'accepted', 'in_progress', 'succeeded', 'failed', 'superseded'). - * Constraints: Allowable values are: `accepted`, `in_progress`, `succeeded`, `failed`, `superseded`. - * `etag` - ETag identifier for iam_access_group_template_assignment. ## Import diff --git a/website/docs/r/iam_access_group_template_version.html.markdown b/website/docs/r/iam_access_group_template_version.html.markdown index 0810a09b35..2111bccb63 100644 --- a/website/docs/r/iam_access_group_template_version.html.markdown +++ b/website/docs/r/iam_access_group_template_version.html.markdown @@ -135,22 +135,56 @@ Nested schema for **policy_template_references**: After your resource is created, you can read values from the listed arguments and the following attributes. -* `id` - The unique identifier of the iam_access_group_template_version. -* `account_id` - (String) The ID of the account to which the access group template is assigned. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. +* `id` - The unique identifier of the iam_access_group_template. +* `name` - (String) The name of the access group template. +* `description` - (String) The description of the access group template. +* `account_id` - (String) Enterprise account id. +* `version` - (String) The version of the access group template. * `committed` - (Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts. +* `group` - (List) Access Group Component. +Nested schema for **group**: + * `name` - (String) Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts. + * `description` - (String) Access group description. This is shown in child accounts. + * `members` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. + Nested schema for **members**: + * `users` - (List) Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. + * `services` - (List) Array of service IDs to add to the template. + * `action_controls` - (List) Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. + Nested schema for **action_controls**: + * `add` - (Boolean) Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them. + * `remove` - (Boolean) Action control for removing enterprise-managed members from an enterprise-managed access group. + * `assertions` - (List) Assertions Input Component. + Nested schema for **assertions**: + * `action_controls` - (List) Control whether or not access group administrators in child accounts can add, remove, and update dynamic rules for the enterprise-managed access group in their account. The inner level RuleActionControls override these `remove` and `update` action controls. + Nested schema for **action_controls**: + * `add` - (Boolean) Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it. + * `remove` - (Boolean) Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group. + * `update` - (Boolean) Action control for updating enterprise-managed dynamic rules in an enterprise-managed access group. + * `rules` - (List) Dynamic rules to automatically add federated users to access groups based on specific identity attributes. + Nested schema for **rules**: + * `action_controls` - (List) Control whether or not access group administrators in child accounts can update and remove this dynamic rule in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls. + Nested schema for **action_controls**: + * `remove` - (Boolean) Action control for removing this enterprise-managed dynamic rule. + * `update` - (Boolean) Action control for updating this enterprise-managed dynamic rule. + * `conditions` - (List) Conditions of membership. You can think of this as a key:value pair. + Nested schema for **conditions**: + * `claim` - (String) The key in the key:value pair. + * `operator` - (String) Compares the claim and the value. + * `value` - (String) The value in the key:value pair. + * `action_controls` - (List) Access group action controls component. + Nested schema for **action_controls**: + * `access` - (List) Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. + Nested schema for **access**: + * `add` - (Boolean) Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it. +* `policy_template_references` - (List) References to policy templates assigned to the access group template. +Nested schema for **policy_template_references**: + * `id` - (String) Policy template ID. + * `version` - (String) Policy template version. +* `href` - (String) The URL of the access group template resource. * `created_at` - (String) The date and time when the access group template was created. * `created_by_id` - (String) The ID of the user who created the access group template. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. -* `href` - (String) The URL of the access group template resource. - * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. * `last_modified_at` - (String) The date and time when the access group template was last modified. * `last_modified_by_id` - (String) The ID of the user who last modified the access group template. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/`. -* `template_version_response_id` - (String) The ID of the access group template. - * Constraints: The maximum length is `100` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9_-]+$/`. -* `version` - (String) The version of the access group template. - * Constraints: The maximum length is `2` characters. The minimum length is `1` character. The value must match regular expression `/^[0-9]+$/`. ## Import