Add access group template support (#4750)

* Add access group template support * implement review comments * minor changes to assignment * remove account_id changes
IBM-Cloud · Aug 29, 2023 · 6e4bad9 · 6e4bad9
1 parent 8bccb78
commit 6e4bad9
Show file tree

Hide file tree

Showing 22 changed files with 4,907 additions and 7 deletions.
diff --git a/examples/ibm-iam-accessgroups-templates/README.md b/examples/ibm-iam-accessgroups-templates/README.md
@@ -0,0 +1,150 @@
+# Example for IAMAccessGroupsV2
+
+This example illustrates how to use the IAMAccessGroupsV2
+
+The following types of resources are supported:
+
+* ibm_iam_access_group_template
+* ibm_iam_access_group_template_version
+* ibm_iam_access_group_template_assignment
+
+## Usage
+
+To run this example, execute the following commands:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.
+
+
+## IAMAccessGroupsV2 resources
+
+ibm_iam_access_group_template resource:
+
+```hcl
+resource "iam_access_group_template" "iam_access_group_template_instance" {
+  transaction_id = var.iam_access_group_template_transaction_id
+  name = var.iam_access_group_template_name
+  description = var.iam_access_group_template_description
+  group = var.iam_access_group_template_group
+  policy_template_references = var.iam_access_group_template_policy_template_references
+}
+```
+ibm_iam_access_group_template_version resource:
+
+```hcl
+resource "iam_access_group_template_version" "iam_access_group_template_version_instance" {
+  template_id = var.iam_access_group_template_version_template_id
+  transaction_id = var.iam_access_group_template_version_transaction_id
+  name = var.iam_access_group_template_version_name
+  description = var.iam_access_group_template_version_description
+  group = var.iam_access_group_template_version_group
+  policy_template_references = var.iam_access_group_template_version_policy_template_references
+}
+```
+ibm_iam_access_group_template_assignment resource:
+
+```hcl
+resource "iam_access_group_template_assignment" "iam_access_group_template_assignment_instance" {
+  transaction_id = var.iam_access_group_template_assignment_transaction_id
+  template_id = var.iam_access_group_template_assignment_template_id
+  template_version = var.iam_access_group_template_assignment_template_version
+  target_type = var.iam_access_group_template_assignment_target_type
+  target = var.iam_access_group_template_assignment_target
+}
+```
+
+## IamAccessGroupsV2 data sources
+
+ibm_iam_access_group_template data source:
+
+```hcl
+data "iam_access_group_template" "iam_access_group_template_instance" {
+  transaction_id = var.iam_access_group_template_transaction_id
+  verbose = var.iam_access_group_template_verbose
+}
+```
+ibm_iam_access_group_template_versions data source:
+
+```hcl
+data "ibm_iam_access_group_template_version" "ibm_iam_access_group_template_version_instance" {
+  template_id = var.ibm_iam_access_group_template_version_template_id
+}
+```
+ibm_iam_access_group_template_assignment data source:
+
+```hcl
+data "iam_access_group_template_assignment" "iam_access_group_template_assignment_instance" {
+  template_id = var.iam_access_group_template_assignment_template_id
+  template_version = var.iam_access_group_template_assignment_template_version
+  target = var.iam_access_group_template_assignment_target
+  status = var.iam_access_group_template_assignment_status
+  transaction_id = var.iam_access_group_template_assignment_transaction_id
+}
+```
+
+## Assumptions
+
+1. TODO
+
+## Notes
+
+1. TODO
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | ~> 0.12 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| ibm | 1.13.1 |
+
+## Inputs
+
+ibm_iam_access_group_template input:
+
+| Name | Description | Type | Required |
+|------|-------------|------|---------|
+| ibmcloud\_api\_key | IBM Cloud API key | `string` | true |
+| transaction_id | An optional transaction id for the request. | `string` | false |
+| name | The name of the access group template. | `string` | true |
+| description | The description of the access group template. | `string` | false |
+| group | Access Group Component. | `` | false |
+| policy_template_references | References to policy templates assigned to the access group template. | `list()` | false |
+
+ibm_iam_access_group_template_version input:
+
+| Name | Description | Type | Required |
+|------|-------------|------|---------|
+| template_id | ID of the template that you want to create a new version of. | `string` | true |
+| transaction_id | An optional transaction id for the request. | `string` | false |
+| name | The name of the access group template. | `string` | false |
+| description | The description of the access group template version. | `string` | false |
+| group | Access Group Component. | `` | false |
+| policy_template_references | References to policy templates assigned to the access group template version. | `list()` | false |
+
+ibm_iam_access_group_template_assignment input:
+
+| Name | Description | Type | Required |
+|------|-------------|------|---------|
+| transaction_id | An optional transaction id for the request. | `string` | false |
+| template_id | The ID of the template that the assignment is based on. | `string` | true |
+| template_version | The version of the template that the assignment is based on. | `string` | true |
+| target_type | The type of the entity that the assignment applies to. | `string` | true |
+| target | The ID of the entity that the assignment applies to. | `string` | true |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ibm_iam_access_group_template | ibm_iam_access_group_template object |
+| ibm_iam_access_group_template_version | ibm_iam_access_group_template_version object |
+| ibm_iam_access_group_template_assignment | ibm_iam_access_group_template_assignment object |
diff --git a/examples/ibm-iam-accessgroups-templates/main.tf b/examples/ibm-iam-accessgroups-templates/main.tf
@@ -0,0 +1,143 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+}
+
+// Provision iam_access_group_template resource instance
+resource "ibm_iam_access_group_template" "iam_access_group_template_instance" {
+  transaction_id = var.iam_access_group_template_transaction_id
+  name = var.iam_access_group_template_name
+  description = var.iam_access_group_template_description
+  group {
+    name = "name"
+    description = "description"
+    members {
+      users = [ "users" ]
+      services = [ "services" ]
+      action_controls {
+        add = true
+        remove = true
+      }
+    }
+    assertions {
+      rules {
+        name = "name"
+        expiration = 1
+        realm_name = "realm_name"
+        conditions {
+          claim = "claim"
+          operator = "operator"
+          value = "value"
+        }
+        action_controls {
+          remove = true
+          update = true
+        }
+      }
+      action_controls {
+        add = true
+        remove = true
+        update = true
+      }
+    }
+    action_controls {
+      access {
+        add = true
+      }
+    }
+  }
+  policy_template_references {
+    id = "id"
+    version = "version"
+  }
+}
+
+// Provision iam_access_group_template_version resource instance
+resource "ibm_iam_access_group_template_version" "iam_access_group_template_version_instance" {
+  template_id = var.iam_access_group_template_version_template_id
+  transaction_id = var.iam_access_group_template_version_transaction_id
+  name = var.iam_access_group_template_version_name
+  description = var.iam_access_group_template_version_description
+  group {
+    name = "name"
+    description = "description"
+    members {
+      users = [ "users" ]
+      services = [ "services" ]
+      action_controls {
+        add = true
+        remove = true
+      }
+    }
+    assertions {
+      rules {
+        name = "name"
+        expiration = 1
+        realm_name = "realm_name"
+        conditions {
+          claim = "claim"
+          operator = "operator"
+          value = "value"
+        }
+        action_controls {
+          remove = true
+          update = true
+        }
+      }
+      action_controls {
+        add = true
+        remove = true
+        update = true
+      }
+    }
+    action_controls {
+      access {
+        add = true
+      }
+    }
+  }
+  policy_template_references {
+    id = "id"
+    version = "version"
+  }
+}
+
+// Provision iam_access_group_template_assignment resource instance
+resource "ibm_iam_access_group_template_assignment" "iam_access_group_template_assignment_instance" {
+  transaction_id = var.iam_access_group_template_assignment_transaction_id
+  template_id = var.iam_access_group_template_assignment_template_id
+  template_version = var.iam_access_group_template_assignment_template_version
+  target_type = var.iam_access_group_template_assignment_target_type
+  target = var.iam_access_group_template_assignment_target
+}
+
+// Data source is not linked to a resource instance
+// Uncomment if an existing data source instance exists
+/*
+// Create iam_access_group_template data source
+data "ibm_iam_access_group_template" "iam_access_group_template_instance" {
+  transaction_id = var.iam_access_group_template_transaction_id
+  verbose = var.iam_access_group_template_verbose
+}
+*/
+
+// Data source is not linked to a resource instance
+// Uncomment if an existing data source instance exists
+/*
+// Create ibm_iam_access_group_template_version data source
+data "ibm_ibm_iam_access_group_template_version" "ibm_iam_access_group_template_version_instance" {
+  template_id = var.ibm_iam_access_group_template_version_template_id
+}
+*/
+
+// Data source is not linked to a resource instance
+// Uncomment if an existing data source instance exists
+/*
+// Create iam_access_group_template_assignment data source
+data "ibm_iam_access_group_template_assignment" "iam_access_group_template_assignment_instance" {
+  template_id = var.iam_access_group_template_assignment_template_id
+  template_version = var.iam_access_group_template_assignment_template_version
+  target = var.iam_access_group_template_assignment_target
+  status = var.iam_access_group_template_assignment_status
+  transaction_id = var.iam_access_group_template_assignment_transaction_id
+}
+*/
diff --git a/examples/ibm-iam-accessgroups-templates/outputs.tf b/examples/ibm-iam-accessgroups-templates/outputs.tf
@@ -0,0 +1,18 @@
+// This output allows iam_access_group_template data to be referenced by other resources and the terraform CLI
+// Modify this output if only certain data should be exposed
+output "ibm_iam_access_group_template" {
+  value       = ibm_iam_access_group_template.iam_access_group_template_instance
+  description = "iam_access_group_template resource instance"
+}
+// This output allows iam_access_group_template_version data to be referenced by other resources and the terraform CLI
+// Modify this output if only certain data should be exposed
+output "ibm_iam_access_group_template_version" {
+  value       = ibm_iam_access_group_template_version.iam_access_group_template_version_instance
+  description = "iam_access_group_template_version resource instance"
+}
+// This output allows iam_access_group_template_assignment data to be referenced by other resources and the terraform CLI
+// Modify this output if only certain data should be exposed
+output "ibm_iam_access_group_template_assignment" {
+  value       = ibm_iam_access_group_template_assignment.iam_access_group_template_assignment_instance
+  description = "iam_access_group_template_assignment resource instance"
+}