-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add blueprint permissions management
- Loading branch information
Showing
12 changed files
with
1,722 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,366 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "port_blueprint_permissions Resource - terraform-provider-port-labs" | ||
| subcategory: "" | ||
| description: |- | ||
| Blueprint Permissions resource | ||
| Docs about blueprint permissions can be found here https://docs.getport.io/build-your-software-catalog/set-catalog-rbac/examples/#setting-blueprint-permissions | ||
| Example Usage | ||
| Allow access to all members: | ||
| hcl | ||
| resource "port_blueprint_permissions" "microservices_permissions" { | ||
| blueprint_identifier = "my_blueprint_identifier" | ||
| entities= { | ||
| "register" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| "unregister" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| "update" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": ["[email protected]"], | ||
| "teams": [] | ||
| }, | ||
| "update_metadata_properties" = { | ||
| "icon" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| "identifier" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": ["Team Spiderman"] | ||
| }, | ||
| "team" = { | ||
| "roles": [ | ||
| "Admin", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| "title" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| }, | ||
| } | ||
| NOTE: | ||
| You always need to explicity set register|unregister|update|update_metadata_propertiesproperties | ||
| Allow update myStringProperty` for admins and a specific user and team: | ||
| hcl | ||
| resource "port_blueprint_permissions" "microservices_permissions" { | ||
| blueprint_identifier = "my_blueprint_identifier" | ||
| entities = { | ||
| # all properties from the previous example... | ||
| "update_properties" = { | ||
| "myStringProperty" = { | ||
| "roles": [ | ||
| "Admin", | ||
| ], | ||
| "users": ["[email protected]"], | ||
| "teams": ["Team Spiderman"], | ||
| } | ||
| } | ||
| } | ||
| } | ||
| Allow update relations for a specific team for admins and a specific user and team: | ||
| hcl | ||
| resource "port_blueprint_permissions" "microservices_permissions" { | ||
| blueprint_identifier = "my_blueprint_identifier" | ||
| entities = { | ||
| # all properties from the first example... | ||
| "update_relations" = { | ||
| "myRelations" = { | ||
| "roles": [ | ||
| "Admin", | ||
| ], | ||
| "users": ["[email protected]"], | ||
| "teams": ["Team Spiderman"], | ||
| } | ||
| } | ||
| } | ||
| } | ||
| ``` | ||
| Disclaimer | ||
| Blueprint permissions are created by default when blueprint is first created, this means that you should use this resource when you want to change the default permissions of a blueprint.When deleting a blueprint permissions resource using terraform, the blueprint permissions will not be deleted from Port, as they are required for the action to work, instead, the blueprint permissions will be removed from the terraform state. | ||
| --- | ||
|
|
||
| # port_blueprint_permissions (Resource) | ||
|
|
||
| # Blueprint Permissions resource | ||
|
|
||
| Docs about blueprint permissions can be found [here](https://docs.getport.io/build-your-software-catalog/set-catalog-rbac/examples/#setting-blueprint-permissions) | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ### Allow access to all members: | ||
|
|
||
| ```hcl | ||
| resource "port_blueprint_permissions" "microservices_permissions" { | ||
| blueprint_identifier = "my_blueprint_identifier" | ||
| entities= { | ||
| "register" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| "unregister" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| "update" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": ["[email protected]"], | ||
| "teams": [] | ||
| }, | ||
| "update_metadata_properties" = { | ||
| "icon" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| "identifier" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": ["Team Spiderman"] | ||
| }, | ||
| "team" = { | ||
| "roles": [ | ||
| "Admin", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| "title" = { | ||
| "roles": [ | ||
| "Member", | ||
| ], | ||
| "users": [], | ||
| "teams": [] | ||
| }, | ||
| }, | ||
| } | ||
| ``` | ||
|
|
||
| #### NOTE: | ||
|
|
||
| You always need to explicity set `register|unregister|update|update_metadata_properties`properties | ||
|
|
||
| ### Allow update `myStringProperty`` for admins and a specific user and team: | ||
|
|
||
| ```hcl | ||
| resource "port_blueprint_permissions" "microservices_permissions" { | ||
| blueprint_identifier = "my_blueprint_identifier" | ||
| entities = { | ||
| # all properties from the previous example... | ||
| "update_properties" = { | ||
| "myStringProperty" = { | ||
| "roles": [ | ||
| "Admin", | ||
| ], | ||
| "users": ["[email protected]"], | ||
| "teams": ["Team Spiderman"], | ||
| } | ||
| } | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| ### Allow update relations for a specific team for admins and a specific user and team: | ||
|
|
||
| ```hcl | ||
| resource "port_blueprint_permissions" "microservices_permissions" { | ||
| blueprint_identifier = "my_blueprint_identifier" | ||
| entities = { | ||
| # all properties from the first example... | ||
| "update_relations" = { | ||
| "myRelations" = { | ||
| "roles": [ | ||
| "Admin", | ||
| ], | ||
| "users": ["[email protected]"], | ||
| "teams": ["Team Spiderman"], | ||
| } | ||
| } | ||
| } | ||
| } | ||
| ``` | ||
| ``` | ||
| ## Disclaimer | ||
| - Blueprint permissions are created by default when blueprint is first created, this means that you should use this resource when you want to change the default permissions of a blueprint. | ||
| - When deleting a blueprint permissions resource using terraform, the blueprint permissions will not be deleted from Port, as they are required for the action to work, instead, the blueprint permissions will be removed from the terraform state. | ||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
| ### Required | ||
| - `blueprint_identifier` (String) | ||
| - `entities` (Attributes) Entities permissions to read the blueprint (see [below for nested schema](#nestedatt--entities)) | ||
| ### Read-Only | ||
| - `id` (String) The ID of this resource. | ||
| <a id="nestedatt--entities"></a> | ||
| ### Nested Schema for `entities` | ||
| Required: | ||
| - `register` (Attributes) Enable permissions to register entities of the blueprint (see [below for nested schema](#nestedatt--entities--register)) | ||
| - `unregister` (Attributes) Enable permissions to unregister entities of the blueprint (see [below for nested schema](#nestedatt--entities--unregister)) | ||
| - `update` (Attributes) Enable permissions to update entities of the blueprint (see [below for nested schema](#nestedatt--entities--update)) | ||
| - `update_metadata_properties` (Attributes) Manage permissions to the metadata properties (`$icon|$title|$team|$identifier`) | ||
| These are translated to the updateProperties in the Port Api, proxied since we can't have Terraform properties starting with `$`signs. | ||
| See [here](https://docs.getport.io/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/meta-properties/) for more details. (see [below for nested schema](#nestedatt--entities--update_metadata_properties)) | ||
| Optional: | ||
| - `update_properties` (Attributes Map) Enable permissions to update the entity properties (see [below for nested schema](#nestedatt--entities--update_properties)) | ||
| - `update_relations` (Attributes Map) Enable permissions to update the entity relations (see [below for nested schema](#nestedatt--entities--update_relations)) | ||
| <a id="nestedatt--entities--register"></a> | ||
| ### Nested Schema for `entities.register` | ||
| Optional: | ||
| - `owned_by_team` (Boolean) Owned by team | ||
| - `roles` (List of String) Roles with register permissions | ||
| - `teams` (List of String) Teams with register permissions | ||
| - `users` (List of String) Users with register permissions | ||
| <a id="nestedatt--entities--unregister"></a> | ||
| ### Nested Schema for `entities.unregister` | ||
| Optional: | ||
| - `owned_by_team` (Boolean) Owned by team | ||
| - `roles` (List of String) Roles with unregister permissions | ||
| - `teams` (List of String) Teams with unregister permissions | ||
| - `users` (List of String) Users with unregister permissions | ||
| <a id="nestedatt--entities--update"></a> | ||
| ### Nested Schema for `entities.update` | ||
| Optional: | ||
| - `owned_by_team` (Boolean) Owned by team | ||
| - `roles` (List of String) Roles with update permissions | ||
| - `teams` (List of String) Teams with update permissions | ||
| - `users` (List of String) Users with update permissions | ||
| <a id="nestedatt--entities--update_metadata_properties"></a> | ||
| ### Nested Schema for `entities.update_metadata_properties` | ||
| Required: | ||
| - `icon` (Attributes) The entity's icon (see [below for nested schema](#nestedatt--entities--update_metadata_properties--icon)) | ||
| - `identifier` (Attributes) Unique Entity identifier, used for API calls, programmatic access and distinguishing between different entities (see [below for nested schema](#nestedatt--entities--update_metadata_properties--identifier)) | ||
| - `team` (Attributes) The team this entity belongs to (see [below for nested schema](#nestedatt--entities--update_metadata_properties--team)) | ||
| - `title` (Attributes) A human-readable name for the entity (see [below for nested schema](#nestedatt--entities--update_metadata_properties--title)) | ||
| <a id="nestedatt--entities--update_metadata_properties--icon"></a> | ||
| ### Nested Schema for `entities.update_metadata_properties.icon` | ||
| Optional: | ||
| - `owned_by_team` (Boolean) Owned by team | ||
| - `roles` (List of String) Roles with update $icon metadata permissions | ||
| - `teams` (List of String) Teams with update $icon metadata permissions | ||
| - `users` (List of String) Users with update $icon metadata permissions | ||
| <a id="nestedatt--entities--update_metadata_properties--identifier"></a> | ||
| ### Nested Schema for `entities.update_metadata_properties.identifier` | ||
| Optional: | ||
| - `owned_by_team` (Boolean) Owned by team | ||
| - `roles` (List of String) Roles with update $identifier metadata permissions | ||
| - `teams` (List of String) Teams with update $identifier metadata permissions | ||
| - `users` (List of String) Users with update $identifier metadata permissions | ||
| <a id="nestedatt--entities--update_metadata_properties--team"></a> | ||
| ### Nested Schema for `entities.update_metadata_properties.team` | ||
| Optional: | ||
| - `owned_by_team` (Boolean) Owned by team | ||
| - `roles` (List of String) Roles with update $team metadata permissions | ||
| - `teams` (List of String) Teams with update $team metadata permissions | ||
| - `users` (List of String) Users with update $team metadata permissions | ||
| <a id="nestedatt--entities--update_metadata_properties--title"></a> | ||
| ### Nested Schema for `entities.update_metadata_properties.title` | ||
| Optional: | ||
| - `owned_by_team` (Boolean) Owned by team | ||
| - `roles` (List of String) Roles with update $title metadata permissions | ||
| - `teams` (List of String) Teams with update $title metadata permissions | ||
| - `users` (List of String) Users with update $title metadata permissions | ||
| <a id="nestedatt--entities--update_properties"></a> | ||
| ### Nested Schema for `entities.update_properties` | ||
| Optional: | ||
| - `owned_by_team` (Boolean) Owned by team | ||
| - `roles` (List of String) Roles with update specific property permissions | ||
| - `teams` (List of String) Teams with update specific property permissions | ||
| - `users` (List of String) Users with update specific property permissions | ||
| <a id="nestedatt--entities--update_relations"></a> | ||
| ### Nested Schema for `entities.update_relations` | ||
| Optional: | ||
| - `owned_by_team` (Boolean) Owned by team | ||
| - `roles` (List of String) Roles with update specific relation permissions | ||
| - `teams` (List of String) Teams with update specific relation permissions | ||
| - `users` (List of String) Users with update specific relation permissions |
Oops, something went wrong.