feat: add jaas resource docs and simplify imports

- Simplify imports by eliminating the need for users to provide the resource type
juju · Sep 25, 2024 · 5f7b9c0 · 5f7b9c0
1 parent 8b01a16
commit 5f7b9c0
Show file tree

Hide file tree

Showing 30 changed files with 470 additions and 35 deletions.
diff --git a/docs/index.md b/docs/index.md
@@ -8,7 +8,8 @@ description: |-
 
 # Juju Provider
 
-The provider can be used to interact with [Juju][0] - an open source orchestration engine by Canonical.
+The provider can be used to interact with [Juju][0] - an open source orchestration engine by Canonical.  
+Additionally, the provider supports interactions with [JAAS][1] - an orchestrator of Juju controllers.
 
 The provider only interacts with a single controller at a time.
 
@@ -282,3 +283,4 @@ resource "juju_integration" "wp_to_percona" {
 
 
 [0]: https://juju.is "Juju | An open source application orchestration engine"
+[1]: https://canonical-jaas-documentation.readthedocs-hosted.com/en/latest/ "JAAS | An enterprise gateway into your Juju estate"
diff --git a/docs/resources/jaas_access_cloud.md b/docs/resources/jaas_access_cloud.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_access_cloud Resource - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A resource that represents access to a cloud when using JAAS.
+---
+
+# juju_jaas_access_cloud (Resource)
+
+A resource that represents access to a cloud when using JAAS.
+
+## Example Usage
+
+```terraform
+resource "juju_jaas_access_cloud" "development" {
+  cloud_name       = "aws"
+  access           = "can_addmodel"
+  users            = ["[email protected]"]
+  groups           = [juju_jaas_group.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `access` (String) Level of access to grant. Changing this value will replace the Terraform resource. Valid access levels are described at https://canonical-jaas-documentation.readthedocs-hosted.com/en/latest/reference/authorisation_model/#valid-relations
+- `cloud_name` (String) The name of the cloud for access management. If this is changed the resource will be deleted and a new resource will be created.
+
+### Optional
+
+- `groups` (Set of String) List of groups to grant access.
+- `service_accounts` (Set of String) List of service accounts to grant access.
+- `users` (Set of String) List of users to grant access.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# JAAS cloud access can be imported using the cloud name and access level
+$ terraform import juju_jaas_access_cloud.development aws:can_addmodel
+```
diff --git a/docs/resources/jaas_access_controller.md b/docs/resources/jaas_access_controller.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_access_controller Resource - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A resource that represents direct access the JAAS controller.
+---
+
+# juju_jaas_access_controller (Resource)
+
+A resource that represents direct access the JAAS controller.
+
+## Example Usage
+
+```terraform
+resource "juju_jaas_access_controller" "development" {
+  access           = "administrator"
+  users            = ["[email protected]"]
+  groups           = [juju_jaas_group.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `access` (String) Level of access to grant. Changing this value will replace the Terraform resource. Valid access levels are described at https://canonical-jaas-documentation.readthedocs-hosted.com/en/latest/reference/authorisation_model/#valid-relations
+
+### Optional
+
+- `groups` (Set of String) List of groups to grant access.
+- `service_accounts` (Set of String) List of service accounts to grant access.
+- `users` (Set of String) List of users to grant access.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# JAAS controller access can be imported using the fixed JAAS controller name and access level
+# I.e. in this case jimm is the only valid controller name.
+$ terraform import juju_jaas_access_cloud.development jimm:administrator
+```
diff --git a/docs/resources/jaas_access_group.md b/docs/resources/jaas_access_group.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_access_group Resource - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A resource that represents access to a group when using JAAS.
+---
+
+# juju_jaas_access_group (Resource)
+
+A resource that represents access to a group when using JAAS.
+
+## Example Usage
+
+```terraform
+resource "juju_jaas_access_group" "development" {
+  group_uuid       = juju_jaas_group.target-group.uuid
+  access           = "member"
+  users            = ["[email protected]"]
+  groups           = [juju_jaas_group.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `access` (String) Level of access to grant. Changing this value will replace the Terraform resource. Valid access levels are described at https://canonical-jaas-documentation.readthedocs-hosted.com/en/latest/reference/authorisation_model/#valid-relations
+- `group_id` (String) The ID of the group for access management. If this is changed the resource will be deleted and a new resource will be created.
+
+### Optional
+
+- `groups` (Set of String) List of groups to grant access.
+- `service_accounts` (Set of String) List of service accounts to grant access.
+- `users` (Set of String) List of users to grant access.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# JAAS group access can be imported using the group UUID and access level
+$ terraform import juju_jaas_access_group.development UUID:member
+```
diff --git a/docs/resources/jaas_access_model.md b/docs/resources/jaas_access_model.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_access_model Resource - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A resource that represent access to a model when using JAAS.
+---
+
+# juju_jaas_access_model (Resource)
+
+A resource that represent access to a model when using JAAS.
+
+## Example Usage
+
+```terraform
+resource "juju_jaas_access_model" "development" {
+  model_uuid       = juju_model.development.id
+  access           = "administrator"
+  users            = ["[email protected]"]
+  groups           = [juju_jaas_group.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `access` (String) Level of access to grant. Changing this value will replace the Terraform resource. Valid access levels are described at https://canonical-jaas-documentation.readthedocs-hosted.com/en/latest/reference/authorisation_model/#valid-relations
+- `model_uuid` (String) The uuid of the model for access management. If this is changed the resource will be deleted and a new resource will be created.
+
+### Optional
+
+- `groups` (Set of String) List of groups to grant access.
+- `service_accounts` (Set of String) List of service accounts to grant access.
+- `users` (Set of String) List of users to grant access.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# JAAS model access can be imported using the model name and access level
+$ terraform import juju_jaas_access_model.development development:can_addmodel
+```
diff --git a/docs/resources/jaas_access_offer.md b/docs/resources/jaas_access_offer.md
@@ -0,0 +1,54 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_access_offer Resource - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A resource that represent access to an offer when using JAAS.
+---
+
+# juju_jaas_access_offer (Resource)
+
+A resource that represent access to an offer when using JAAS.
+
+## Example Usage
+
+```terraform
+resource "juju_jaas_access_offer" "development" {
+  offer_url        = juju_offer.myoffer.url
+  access           = "consumer"
+  users            = ["[email protected]"]
+  groups           = [juju_jaas_group.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `access` (String) Level of access to grant. Changing this value will replace the Terraform resource. Valid access levels are described at https://canonical-jaas-documentation.readthedocs-hosted.com/en/latest/reference/authorisation_model/#valid-relations
+- `offer_url` (String) The url of the offer for access management. If this is changed the resource will be deleted and a new resource will be created.
+
+### Optional
+
+- `groups` (Set of String) List of groups to grant access.
+- `service_accounts` (Set of String) List of service accounts to grant access.
+- `users` (Set of String) List of users to grant access.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# JAAS offer access can be imported by using the URL as in the juju show-offers output and the access level.
+# Example:
+# $ juju show-offer mysql
+# Store            URL             Access  Description                                    Endpoint  Interface  Role
+# mycontroller     admin/db.mysql  admin   MariaDB Server is one of the most ...          mysql     mysql      provider
+$ terraform import juju_jaas_access_offer.db admin/db.mysql:consumer
+```
diff --git a/docs/resources/jaas_access_service_account.md b/docs/resources/jaas_access_service_account.md
@@ -0,0 +1,51 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_access_service_account Resource - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A resource that represents access to a service account when using JAAS.
+---
+
+# juju_jaas_access_service_account (Resource)
+
+A resource that represents access to a service account when using JAAS.
+
+## Example Usage
+
+```terraform
+resource "juju_jaas_access_service_account" "development" {
+  service_account_id = "Client-ID"
+  access             = "administrator"
+  users              = ["[email protected]"]
+  groups             = [juju_jaas_group.development.uuid]
+  service_accounts   = ["Client-ID-1", "Client-ID-2"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `access` (String) Level of access to grant. Changing this value will replace the Terraform resource. Valid access levels are described at https://canonical-jaas-documentation.readthedocs-hosted.com/en/latest/reference/authorisation_model/#valid-relations
+- `service_account_id` (String) The ID of the service account for access management. If this is changed the resource will be deleted and a new resource will be created.
+
+### Optional
+
+- `groups` (Set of String) List of groups to grant access.
+- `service_accounts` (Set of String) List of service accounts to grant access.
+- `users` (Set of String) List of users to grant access.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# JAAS service account access can be imported using the service account ID 
+# (normally referred to as a client ID) and access level.
+$ terraform import juju_jaas_access_service_account.development ClientID:administrator
+```
diff --git a/docs/resources/jaas_group.md b/docs/resources/jaas_group.md
@@ -0,0 +1,30 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_group Resource - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A resource that represents a group in JAAS
+---
+
+# juju_jaas_group (Resource)
+
+A resource that represents a group in JAAS
+
+## Example Usage
+
+```terraform
+resource "juju_jaas_group" "development" {
+  name = "devops-team"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of the group
+
+### Read-Only
+
+- `uuid` (String) UUID of the group
diff --git a/examples/resources/juju_jaas_access_cloud/import.sh b/examples/resources/juju_jaas_access_cloud/import.sh
@@ -0,0 +1,2 @@
+# JAAS cloud access can be imported using the cloud name and access level
+$ terraform import juju_jaas_access_cloud.development aws:can_addmodel
diff --git a/examples/resources/juju_jaas_access_cloud/resource.tf b/examples/resources/juju_jaas_access_cloud/resource.tf
@@ -0,0 +1,7 @@
+resource "juju_jaas_access_cloud" "development" {
+  cloud_name       = "aws"
+  access           = "can_addmodel"
+  users            = ["[email protected]"]
+  groups           = [juju_jaas_group.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
diff --git a/examples/resources/juju_jaas_access_controller/import.sh b/examples/resources/juju_jaas_access_controller/import.sh
@@ -0,0 +1,3 @@
+# JAAS controller access can be imported using the fixed JAAS controller name and access level
+# I.e. in this case jimm is the only valid controller name.
+$ terraform import juju_jaas_access_cloud.development jimm:administrator
diff --git a/examples/resources/juju_jaas_access_controller/resource.tf b/examples/resources/juju_jaas_access_controller/resource.tf
@@ -0,0 +1,6 @@
+resource "juju_jaas_access_controller" "development" {
+  access           = "administrator"
+  users            = ["[email protected]"]
+  groups           = [juju_jaas_group.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
diff --git a/examples/resources/juju_jaas_access_group/import.sh b/examples/resources/juju_jaas_access_group/import.sh
@@ -0,0 +1,2 @@
+# JAAS group access can be imported using the group UUID and access level
+$ terraform import juju_jaas_access_group.development UUID:member
diff --git a/examples/resources/juju_jaas_access_group/resource.tf b/examples/resources/juju_jaas_access_group/resource.tf
@@ -0,0 +1,7 @@
+resource "juju_jaas_access_group" "development" {
+  group_uuid       = juju_jaas_group.target-group.uuid
+  access           = "member"
+  users            = ["[email protected]"]
+  groups           = [juju_jaas_group.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
diff --git a/examples/resources/juju_jaas_access_model/import.sh b/examples/resources/juju_jaas_access_model/import.sh
@@ -0,0 +1,2 @@
+# JAAS model access can be imported using the model name and access level
+$ terraform import juju_jaas_access_model.development development:can_addmodel
diff --git a/examples/resources/juju_jaas_access_model/resource.tf b/examples/resources/juju_jaas_access_model/resource.tf
@@ -0,0 +1,7 @@
+resource "juju_jaas_access_model" "development" {
+  model_uuid       = juju_model.development.id
+  access           = "administrator"
+  users            = ["[email protected]"]
+  groups           = [juju_jaas_group.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}