-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(resources): iam_group documentation and examples (#60)
- Loading branch information
Showing
2 changed files
with
117 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
--- | ||
page_title: "montecarlo_iam_group Resource - terraform-provider-montecarlo" | ||
subcategory: "" | ||
description: |- | ||
A named resource which lets you define Monte Carlo authorization group responsible for assigning roles to the users. | ||
--- | ||
|
||
# montecarlo_iam_group (Resource) | ||
|
||
Represents a named resource which lets you define _Monte Carlo_ **authorization group** responsible for assigning roles to the users. An authorization group policy is made up of three primary parts: | ||
|
||
- a list of permissions | ||
- a list of group members (not set by this resource) | ||
- optionally, one or more Monte Carlo domains to restrict the group to | ||
|
||
The list of permissions/roles specifies **what can be done** (such as access or edit monitors), and the domain restrictions specify what parts of your data/metadata those users **may access under given permissions**. | ||
|
||
To get more information about _Monte Carlo_ **authorization groups**, see: | ||
- [API documentation](https://apidocs.getmontecarlo.com/#definition-AuthorizationGroupOutput) | ||
- How-to Guides | ||
- [Authorization](https://docs.getmontecarlo.com/docs/authorization) | ||
|
||
|
||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "montecarlo_iam_group" "example" { | ||
name = "name" | ||
description = "description" | ||
role = "mcd/viewer" | ||
domains = ["domainUUID"] # restricting to selected domains | ||
sso_group = "sso_group" # automatical mapping to SSO group | ||
} | ||
``` | ||
|
||
|
||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
<a id="attr--name"></a> | ||
- `name` (String) ID of the authorization group. Must be unique per _Monte Carlo_ account. Authorization group **name within the UI** is not value of this attribute, instead `label` is used ([see bellow](#attr--label)). | ||
|
||
- `role` (String) Used to define the specific role or permissions that are assigned to the _Monte Carlo_ authorization group. | ||
Allowed roles: | ||
|
||
- **mcd/owner** | ||
- **mcd/domains-manager** | ||
- **mcd/responder** | ||
- **mcd/editor** | ||
- **mcd/viewer** | ||
- **mcd/asset-viewer** | ||
- **mcd/asset-editor** | ||
|
||
### Optional | ||
|
||
- `description` (String, _default:_ `""`) Description of the authorization group. Usually can be used to document for what the authorization group is responsible for. | ||
|
||
- `domains` (Set of Strings, _default:_ `[]`) Set of **domain UUIDs** that this authorization group should be restricted to. By default, if this attribute is not set, the authorization group permissions will be applied globally. | ||
|
||
- `sso_group` (String, _default:_ `null`) Automatically assignes all of the users from the provided **SSO group** to the authorization group. | ||
|
||
- if set, users cannot be assigned to the authorization group directly | ||
|
||
- if set, when authorization group already exists, all of the previous user assignments will be destroyed. | ||
|
||
### Read-Only | ||
|
||
<a id="attr--label"></a> | ||
- `label` (String) Authorization group **label/name** as it should be presented in the _Monte Carlo_ UI. Implementation of this resource will always set this attribute to the same value as the `name` attribute ([see above](#attr--name)) to avoid confusion. | ||
|
||
|
||
|
||
## Import | ||
|
||
This resource can be imported using the import ID with following format: | ||
|
||
* `{{group_name}}` | ||
|
||
In **Terraform v1.5.0** and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import a _Transactional Warehouse_ using one of the formats above. For example: | ||
|
||
```terraform | ||
import { | ||
id = "{{group_name}}" | ||
to = montecarlo_iam_group.default | ||
} | ||
``` | ||
|
||
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), _Authorization Group_ can be imported using one of the formats above. For example: | ||
|
||
``` | ||
$ terraform import montecarlo_iam_group.default {{group_name}} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
## Allowed roles: | ||
## "mcd/owner" | ||
## "mcd/domains-manager" | ||
## "mcd/responder" | ||
## "mcd/editor" | ||
## "mcd/viewer" | ||
## "mcd/asset-viewer" | ||
## "mcd/asset-editor" | ||
|
||
resource "montecarlo_iam_group" "example_thin" { | ||
name = "name" | ||
role = "mcd/viewer" | ||
} | ||
|
||
resource "montecarlo_iam_group" "example_thick" { | ||
name = "name" | ||
description = "description" | ||
role = "mcd/viewer" | ||
domains = ["domainUUID"] # restricting to selecting domains | ||
sso_group = "sso_group" # automatical mapping to SSO group | ||
} |