Skip to content

Commit

Permalink
docs(resources): iam_group documentation and examples (#60)
Browse files Browse the repository at this point in the history
  • Loading branch information
ndopj authored Oct 31, 2023
1 parent de430fe commit a8c40ba
Show file tree
Hide file tree
Showing 2 changed files with 117 additions and 0 deletions.
96 changes: 96 additions & 0 deletions docs/resources/iam_group.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
---
page_title: "montecarlo_iam_group Resource - terraform-provider-montecarlo"
subcategory: ""
description: |-
A named resource which lets you define Monte Carlo authorization group responsible for assigning roles to the users.
---

# montecarlo_iam_group (Resource)

Represents a named resource which lets you define _Monte Carlo_ **authorization group** responsible for assigning roles to the users. An authorization group policy is made up of three primary parts:

- a list of permissions
- a list of group members (not set by this resource)
- optionally, one or more Monte Carlo domains to restrict the group to

The list of permissions/roles specifies **what can be done** (such as access or edit monitors), and the domain restrictions specify what parts of your data/metadata those users **may access under given permissions**.

To get more information about _Monte Carlo_ **authorization groups**, see:
- [API documentation](https://apidocs.getmontecarlo.com/#definition-AuthorizationGroupOutput)
- How-to Guides
- [Authorization](https://docs.getmontecarlo.com/docs/authorization)



## Example Usage

```terraform
resource "montecarlo_iam_group" "example" {
name = "name"
description = "description"
role = "mcd/viewer"
domains = ["domainUUID"] # restricting to selected domains
sso_group = "sso_group" # automatical mapping to SSO group
}
```



<!-- schema generated by tfplugindocs -->
## Schema

### Required

<a id="attr--name"></a>
- `name` (String) ID of the authorization group. Must be unique per _Monte Carlo_ account. Authorization group **name within the UI** is not value of this attribute, instead `label` is used ([see bellow](#attr--label)).

- `role` (String) Used to define the specific role or permissions that are assigned to the _Monte Carlo_ authorization group.
Allowed roles:

- **mcd/owner**
- **mcd/domains-manager**
- **mcd/responder**
- **mcd/editor**
- **mcd/viewer**
- **mcd/asset-viewer**
- **mcd/asset-editor**

### Optional

- `description` (String, _default:_ `""`) Description of the authorization group. Usually can be used to document for what the authorization group is responsible for.

- `domains` (Set of Strings, _default:_ `[]`) Set of **domain UUIDs** that this authorization group should be restricted to. By default, if this attribute is not set, the authorization group permissions will be applied globally.

- `sso_group` (String, _default:_ `null`) Automatically assignes all of the users from the provided **SSO group** to the authorization group.

- if set, users cannot be assigned to the authorization group directly

- if set, when authorization group already exists, all of the previous user assignments will be destroyed.

### Read-Only

<a id="attr--label"></a>
- `label` (String) Authorization group **label/name** as it should be presented in the _Monte Carlo_ UI. Implementation of this resource will always set this attribute to the same value as the `name` attribute ([see above](#attr--name)) to avoid confusion.



## Import

This resource can be imported using the import ID with following format:

* `{{group_name}}`

In **Terraform v1.5.0** and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import a _Transactional Warehouse_ using one of the formats above. For example:

```terraform
import {
id = "{{group_name}}"
to = montecarlo_iam_group.default
}
```

When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), _Authorization Group_ can be imported using one of the formats above. For example:

```
$ terraform import montecarlo_iam_group.default {{group_name}}
```
21 changes: 21 additions & 0 deletions examples/resources/montecarlo_iam_group/resource.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
## Allowed roles:
## "mcd/owner"
## "mcd/domains-manager"
## "mcd/responder"
## "mcd/editor"
## "mcd/viewer"
## "mcd/asset-viewer"
## "mcd/asset-editor"

resource "montecarlo_iam_group" "example_thin" {
name = "name"
role = "mcd/viewer"
}

resource "montecarlo_iam_group" "example_thick" {
name = "name"
description = "description"
role = "mcd/viewer"
domains = ["domainUUID"] # restricting to selecting domains
sso_group = "sso_group" # automatical mapping to SSO group
}

0 comments on commit a8c40ba

Please sign in to comment.