From 450272e558b4f0d4a8f7d93e9f66003c5c4a9af6 Mon Sep 17 00:00:00 2001 From: Sebastian Nallar Date: Tue, 4 Feb 2025 16:57:43 -0300 Subject: [PATCH 1/3] fix: we should favor a better naming convention for our resources. In this case we favor 'user_role' --- docs/data-sources/dimension.md | 2 +- docs/resources/dimension.md | 36 +++++ docs/resources/dimension_value.md | 40 +++++ docs/resources/link_specification.md | 149 ------------------ docs/resources/technology_template.md | 86 ++++++++++ docs/resources/user_role.md | 70 ++++++++ .../resource.tf | 0 .../resource.tf | 0 .../nullplatform_user_role/resource.tf | 26 +++ nullplatform/provider.go | 3 +- nullplatform/provider_test.go | 1 + nullplatform/resource_authz_grant.go | 2 + nullplatform/resource_user_role.go | 39 +++++ templates/resources/user_role.md.tmpl | 25 +++ 14 files changed, 328 insertions(+), 151 deletions(-) create mode 100644 docs/resources/technology_template.md create mode 100644 docs/resources/user_role.md rename examples/resources/{resource_dimension => nullplatform_dimension}/resource.tf (100%) rename examples/resources/{resource_dimension_value => nullplatform_dimension_value}/resource.tf (100%) create mode 100644 examples/resources/nullplatform_user_role/resource.tf create mode 100644 nullplatform/resource_user_role.go create mode 100644 templates/resources/user_role.md.tmpl diff --git a/docs/data-sources/dimension.md b/docs/data-sources/dimension.md index c246055..742e8db 100644 --- a/docs/data-sources/dimension.md +++ b/docs/data-sources/dimension.md @@ -66,7 +66,7 @@ output "by_slug" { Read-Only: -- `id` (Number) The ID of this resource. +- `id` (Number) - `name` (String) - `nrn` (String) - `slug` (String) diff --git a/docs/resources/dimension.md b/docs/resources/dimension.md index 0f54798..d433b2d 100644 --- a/docs/resources/dimension.md +++ b/docs/resources/dimension.md @@ -10,7 +10,43 @@ description: |- The dimension resource allows you to configure a Nullplatform Dimension +## Example Usage +```terraform +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + } + } +} + +provider "nullplatform" { +} + +resource "nullplatform_dimension" "ordered_dimension" { + name = "RegionTest" + order = 2 + nrn = "organization=1255165411:account=95118862:namespace=1991443329:application=213260358" +} + +resource "nullplatform_dimension" "component_dimension" { + name = "DepartmentTest" + account = "kwik-e-mart-main" + namespace = "services-day-dic-2024" + order = 3 +} + +output "dimension_slug" { + description = "The generated slug for the dimension" + value = nullplatform_dimension.ordered_dimension.slug +} + +output "dimension_status" { + description = "The current status of the dimension" + value = nullplatform_dimension.component_dimension.status +} +``` ## Schema diff --git a/docs/resources/dimension_value.md b/docs/resources/dimension_value.md index 644cfa2..26e4f64 100644 --- a/docs/resources/dimension_value.md +++ b/docs/resources/dimension_value.md @@ -10,7 +10,47 @@ description: |- The dimension_value resource allows you to configure a Nullplatform Dimension Value +## Example Usage +```terraform +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + } + } +} + +provider "nullplatform" {} + +resource "nullplatform_dimension_value" "prod_env" { + dimension_id = 12345 + name = "Production" + nrn = "organization=1234567890:account=987654321:namespace=1122334455:value=prod" +} + +resource "nullplatform_dimension_value" "staging_env" { + dimension_id = 12345 + name = "Staging" + organization = "1234567890" + account = "my-account" + namespace = "platform-config" +} + +resource "nullplatform_dimension_value" "dev_env" { + dimension_id = data.nullplatform_dimension.env_dimension.id + name = "Development" + nrn = "${data.nullplatform_dimension.env_dimension.nrn}:value=dev" +} + +output "prod_env_slug" { + value = nullplatform_dimension_value.prod_env.slug +} + +output "prod_env_status" { + value = nullplatform_dimension_value.prod_env.status +} +``` ## Schema diff --git a/docs/resources/link_specification.md b/docs/resources/link_specification.md index a2ad343..7185e52 100644 --- a/docs/resources/link_specification.md +++ b/docs/resources/link_specification.md @@ -46,155 +46,6 @@ resource "nullplatform_link_specification" "redis_link_spec" { sub_category = "In-memory Database Integration" } } - -# Resource: Action Specification -resource "nullplatform_action_specification" "create_redis_action" { - name = "Create Redis Instance" - type = "create" # Options: "custom", "create", "update", "delete" - service_specification_id = nullplatform_service_specification.redis_service_spec.id - retryable = false - - parameters = jsonencode({ - schema = { - type = "object" - properties = { - size = { - type = "string" - enum = ["small", "medium", "large"] - default = "small" - } - vpc_id = { - type = "string" - config = "aws.vpcId" - readOnly = true - } - } - required = ["size"] - additionalProperties = false - } - values = { - size = "medium" - } - }) - - results = jsonencode({ - schema = { - type = "object" - properties = { - redis_arn = { type = "string" } - redis_endpoint = { type = "string", target = "endpoint" } - redis_port = { type = "number", target = "port" } - } - additionalProperties = false - } - values = {} - }) -} - -# Resource: Action Specification for Updating Redis -resource "nullplatform_action_specification" "update_redis_action" { - name = "Update Redis Instance" - type = "update" - service_specification_id = nullplatform_service_specification.redis_service_spec.id - retryable = true - - parameters = jsonencode({ - schema = { - type = "object" - properties = { - size = { - type = "string" - enum = ["small", "medium", "large"] - } - } - required = ["size"] - additionalProperties = false - } - values = {} - }) - - results = jsonencode({ - schema = { - type = "object" - properties = { - redis_arn = { type = "string" } - redis_endpoint = { type = "string", target = "endpoint" } - redis_port = { type = "number", target = "port" } - } - additionalProperties = false - } - values = {} - }) -} - -# Resource: Action Specification for Deleting Redis -resource "nullplatform_action_specification" "delete_redis_action" { - name = "Delete Redis Instance" - type = "delete" - service_specification_id = nullplatform_service_specification.redis_service_spec.id - retryable = true - - parameters = jsonencode({ - schema = { - type = "object" - properties = {} - additionalProperties = false - } - values = {} - }) - - results = jsonencode({ - schema = { - type = "object" - properties = {} - additionalProperties = false - } - values = {} - }) -} - -# Resource: Link between Redis Service and Application -resource "nullplatform_link" "redis_link" { - name = "Redis Application Link" - service_id = nullplatform_service_specification.redis_service_spec.id - specification_id = nullplatform_link_specification.redis_link_spec.id - entity_nrn = data.nullplatform_application.app.nrn - linkable_to = [data.nullplatform_application.app.nrn] - - dimensions = jsonencode({ - environment = "development" - country = "argentina" - }) - - attributes = jsonencode({ - schema = {} - values = {} - }) -} - -# Output the Redis Service Specification details -output "redis_service_spec" { - description = "Details of the Redis Service Specification" - value = nullplatform_service_specification.redis_service_spec -} - -# Output the Redis Link Specification details -output "redis_link_spec" { - description = "Details of the Redis Link Specification" - value = nullplatform_link_specification.redis_link_spec -} - -# Output the Create Redis Action Specification details -output "create_redis_action_spec" { - description = "Details of the Create Redis Action Specification" - value = nullplatform_action_specification.create_redis_action -} - -# Output the Redis Link details -output "redis_link" { - description = "Details of the Redis Link" - value = nullplatform_link.redis_link -} ``` diff --git a/docs/resources/technology_template.md b/docs/resources/technology_template.md new file mode 100644 index 0000000..1b30185 --- /dev/null +++ b/docs/resources/technology_template.md @@ -0,0 +1,86 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "nullplatform_technology_template Resource - nullplatform" +subcategory: "" +description: |- + The technology_template resource allows you to manage nullplatform Technology Templates +--- + +# nullplatform_technology_template (Resource) + +The technology_template resource allows you to manage nullplatform Technology Templates + +## Example Usage + +```terraform +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + } + } +} + +provider "nullplatform" {} + +# Example Technology Template - Golang 1.17.9 +resource "nullplatform_technology_template" "golang_1_17" { + name = "Golang 1.17.9" + url = "https://github.com/nullplatform/technology-templates-golang" + + provider_config = { + repository = "technology-templates-golang" + } + + components { + type = "language" + id = "google" + version = "1.17" + metadata = jsonencode({ + "version": "1.17.9" + }) + } + + tags = [ + "golang", + "backend" + ] + + metadata = jsonencode({}) + rules = jsonencode({}) +} +``` + + +## Schema + +### Required + +- `components` (Block List, Min: 1) List of components that make up the template (see [below for nested schema](#nestedblock--components)) +- `name` (String) Name of the technology template +- `provider_config` (Map of String) Provider configuration for the template +- `url` (String) URL of the template repository + +### Optional + +- `account` (String) Account ID the template belongs to. If not specified, it will be a global template +- `metadata` (String) JSON string containing template metadata +- `rules` (String) JSON string containing template rules +- `tags` (List of String) List of tags associated with the template + +### Read-Only + +- `id` (String) The ID of this resource. + + +### Nested Schema for `components` + +Required: + +- `id` (String) Identifier of the component +- `type` (String) Type of the component (e.g., language, framework) +- `version` (String) Version of the component + +Optional: + +- `metadata` (String) JSON string containing component metadata diff --git a/docs/resources/user_role.md b/docs/resources/user_role.md new file mode 100644 index 0000000..e6e5bac --- /dev/null +++ b/docs/resources/user_role.md @@ -0,0 +1,70 @@ +--- +page_title: "nullplatform_user_role Resource - nullplatform" +subcategory: "" +description: |- + The user_role resource allows you to manage user role assignments in nullplatform. +--- + +# nullplatform_user_role (Resource) + +The user_role resource allows you to manage user role assignments in nullplatform. Roles determine what actions users can perform on specific resources. For a comprehensive list of available roles and their permissions, please refer to the [nullplatform Roles Documentation](https://docs.nullplatform.io/docs/authorization/roles). + +## Example Usage + +### Basic Example + +```terraform +resource "nullplatform_user" "admin" { + email = "admin@example.com" + first_name = "Jane" + last_name = "Admin" +} + +# Grant organization admin role +resource "nullplatform_user_role" "org_admin" { + user_id = nullplatform_user.admin.id + role_slug = "organization:admin" + nrn = "organization=1234567890" +} + +# Grant account developer role +resource "nullplatform_user_role" "account_dev" { + user_id = nullplatform_user.admin.id + role_slug = "account:developer" + nrn = "organization=1234567890:account=9876543210" +} + +# Grant namespace operations role +resource "nullplatform_user_role" "namespace_ops" { + user_id = nullplatform_user.admin.id + role_slug = "namespace:ops" + nrn = "organization=1234567890:account=9876543210:namespace=5555555555" +} +``` + +The example above demonstrates: +* Assigning an organization admin role +* Granting account developer access +* Setting namespace operations permissions + +For details on available roles and their capabilities, see the [authorization documentation](https://docs.nullplatform.io/docs/authorization/roles). + + +## Schema + +### Required + +- `role_slug` (String) The slug of the role to grant. +- `user_id` (Number) The ID of the user to grant permissions to. + +### Optional + +- `account` (String) The slug of the account NRN component. +- `application` (String) The slug of the application NRN component. +- `namespace` (String) The slug of the namespace NRN component. +- `nrn` (String) A system-wide unique ID representing the resource. +- `scope` (String) The slug of the scope NRN component. + +### Read-Only + +- `id` (String) The ID of this resource. diff --git a/examples/resources/resource_dimension/resource.tf b/examples/resources/nullplatform_dimension/resource.tf similarity index 100% rename from examples/resources/resource_dimension/resource.tf rename to examples/resources/nullplatform_dimension/resource.tf diff --git a/examples/resources/resource_dimension_value/resource.tf b/examples/resources/nullplatform_dimension_value/resource.tf similarity index 100% rename from examples/resources/resource_dimension_value/resource.tf rename to examples/resources/nullplatform_dimension_value/resource.tf diff --git a/examples/resources/nullplatform_user_role/resource.tf b/examples/resources/nullplatform_user_role/resource.tf new file mode 100644 index 0000000..f4f080d --- /dev/null +++ b/examples/resources/nullplatform_user_role/resource.tf @@ -0,0 +1,26 @@ +resource "nullplatform_user" "admin" { + email = "admin@example.com" + first_name = "Jane" + last_name = "Admin" +} + +# Grant organization admin role +resource "nullplatform_user_role" "org_admin" { + user_id = nullplatform_user.admin.id + role_slug = "organization:admin" + nrn = "organization=1234567890" +} + +# Grant account developer role +resource "nullplatform_user_role" "account_dev" { + user_id = nullplatform_user.admin.id + role_slug = "account:developer" + nrn = "organization=1234567890:account=9876543210" +} + +# Grant namespace operations role +resource "nullplatform_user_role" "namespace_ops" { + user_id = nullplatform_user.admin.id + role_slug = "namespace:ops" + nrn = "organization=1234567890:account=9876543210:namespace=5555555555" +} \ No newline at end of file diff --git a/nullplatform/provider.go b/nullplatform/provider.go index 68f2a69..4962428 100644 --- a/nullplatform/provider.go +++ b/nullplatform/provider.go @@ -66,8 +66,9 @@ func Provider() *schema.Provider { "nullplatform_service_specification": resourceServiceSpecification(), "nullplatform_action_specification": resourceActionSpecification(), "nullplatform_link_specification": resourceLinkSpecification(), - "nullplatform_authz_grant": resourceAuthzGrant(), + "nullplatform_authz_grant": resourceAuthzGrant(), // This resource is deprecated in favor of the user_role resource "nullplatform_user": resourceUser(), + "nullplatform_user_role": resourceUserRole(), "nullplatform_technology_template": resourceTechnologyTemplate(), "nullplatform_metadata": resourceMetadata(), }, diff --git a/nullplatform/provider_test.go b/nullplatform/provider_test.go index 3e0cf4f..d23dd63 100644 --- a/nullplatform/provider_test.go +++ b/nullplatform/provider_test.go @@ -53,6 +53,7 @@ func TestProvider_HasChildResources(t *testing.T) { "nullplatform_user", "nullplatform_technology_template", "nullplatform_metadata", + "nullplatform_user_role", } resources := nullplatform.Provider().ResourcesMap diff --git a/nullplatform/resource_authz_grant.go b/nullplatform/resource_authz_grant.go index 40de451..3fff5bc 100644 --- a/nullplatform/resource_authz_grant.go +++ b/nullplatform/resource_authz_grant.go @@ -13,6 +13,8 @@ func resourceAuthzGrant() *schema.Resource { return &schema.Resource{ Description: "The authz_grant resource allows you to manage authorization grants in nullplatform", + DeprecationMessage: "This resource is deprecated and will be removed in a future version. Please use the `nullplatform_user_role` resource instead.", + CreateContext: CreateAuthzGrant, ReadContext: ReadAuthzGrant, DeleteContext: DeleteAuthzGrant, diff --git a/nullplatform/resource_user_role.go b/nullplatform/resource_user_role.go new file mode 100644 index 0000000..c9e35b4 --- /dev/null +++ b/nullplatform/resource_user_role.go @@ -0,0 +1,39 @@ +package nullplatform + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceUserRole() *schema.Resource { + return &schema.Resource{ + Description: "The authz_grant resource allows you to manage authorization grants in nullplatform", + + CreateContext: CreateAuthzGrant, + ReadContext: ReadAuthzGrant, + DeleteContext: DeleteAuthzGrant, + + Importer: &schema.ResourceImporter{ + StateContext: func(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + d.Set("id", d.Id()) + return []*schema.ResourceData{d}, nil + }, + }, + + Schema: AddNRNSchema(map[string]*schema.Schema{ + "user_id": { + Type: schema.TypeInt, + Required: true, + ForceNew: true, + Description: "The ID of the user to grant permissions to.", + }, + "role_slug": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: "The slug of the role to grant.", + }, + }), + } +} diff --git a/templates/resources/user_role.md.tmpl b/templates/resources/user_role.md.tmpl new file mode 100644 index 0000000..8baea6f --- /dev/null +++ b/templates/resources/user_role.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} Resource - {{.ProviderName}}" +subcategory: "" +description: |- + The user_role resource allows you to manage user role assignments in nullplatform. +--- + +# {{.Name}} (Resource) + +The user_role resource allows you to manage user role assignments in nullplatform. Roles determine what actions users can perform on specific resources. For a comprehensive list of available roles and their permissions, please refer to the [nullplatform Roles Documentation](https://docs.nullplatform.io/docs/authorization/roles). + +## Example Usage + +### Basic Example + +{{ tffile "examples/resources/nullplatform_user_role/resource.tf" }} + +The example above demonstrates: +* Assigning an organization admin role +* Granting account developer access +* Setting namespace operations permissions + +For details on available roles and their capabilities, see the [authorization documentation](https://docs.nullplatform.io/docs/authorization/roles). + +{{ .SchemaMarkdown | trimspace }} From 810457ae8e01c887342036afc004c576beac9b50 Mon Sep 17 00:00:00 2001 From: Sebastian Nallar Date: Tue, 4 Feb 2025 17:16:36 -0300 Subject: [PATCH 2/3] Remove authz grant docs --- docs/resources/authz_grant.md | 60 ------------------- .../nullplatform_authz_grant/resource.tf | 23 ------- templates/resources/authz_grant.md.tmpl | 18 ------ 3 files changed, 101 deletions(-) delete mode 100644 docs/resources/authz_grant.md delete mode 100644 examples/resources/nullplatform_authz_grant/resource.tf delete mode 100644 templates/resources/authz_grant.md.tmpl diff --git a/docs/resources/authz_grant.md b/docs/resources/authz_grant.md deleted file mode 100644 index 9859b3c..0000000 --- a/docs/resources/authz_grant.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -page_title: "nullplatform_authz_grant Resource - nullplatform" -subcategory: "" -description: |- - The authz_grant resource allows you to manage authorization grants in nullplatform. ---- - -# nullplatform_authz_grant (Resource) - -The authz_grant resource allows you to manage authorization grants in nullplatform. Grants give users access to resources with specific roles. - -## Example Usage - -### Basic Example - -```terraform -resource "nullplatform_user" "admin" { - email = "admin@example.com" - first_name = "Jane" - last_name = "Admin" -} - -resource "nullplatform_authz_grant" "org_admin" { - user_id = nullplatform_user.admin.id - role_slug = "organization:admin" - nrn = "organization=1234567890" -} - -resource "nullplatform_authz_grant" "account_dev" { - user_id = nullplatform_user.admin.id - role_slug = "account:developer" - nrn = "organization=1234567890:account=9876543210" -} - -resource "nullplatform_authz_grant" "namespace_ops" { - user_id = nullplatform_user.admin.id - role_slug = "namespace:ops" - nrn = "organization=1234567890:account=9876543210:namespace=5555555555" -} -``` - - -## Schema - -### Required - -- `role_slug` (String) The slug of the role to grant. -- `user_id` (Number) The ID of the user to grant permissions to. - -### Optional - -- `account` (String) The slug of the account NRN component. -- `application` (String) The slug of the application NRN component. -- `namespace` (String) The slug of the namespace NRN component. -- `nrn` (String) A system-wide unique ID representing the resource. -- `scope` (String) The slug of the scope NRN component. - -### Read-Only - -- `id` (String) The ID of this resource. diff --git a/examples/resources/nullplatform_authz_grant/resource.tf b/examples/resources/nullplatform_authz_grant/resource.tf deleted file mode 100644 index a318992..0000000 --- a/examples/resources/nullplatform_authz_grant/resource.tf +++ /dev/null @@ -1,23 +0,0 @@ -resource "nullplatform_user" "admin" { - email = "admin@example.com" - first_name = "Jane" - last_name = "Admin" -} - -resource "nullplatform_authz_grant" "org_admin" { - user_id = nullplatform_user.admin.id - role_slug = "organization:admin" - nrn = "organization=1234567890" -} - -resource "nullplatform_authz_grant" "account_dev" { - user_id = nullplatform_user.admin.id - role_slug = "account:developer" - nrn = "organization=1234567890:account=9876543210" -} - -resource "nullplatform_authz_grant" "namespace_ops" { - user_id = nullplatform_user.admin.id - role_slug = "namespace:ops" - nrn = "organization=1234567890:account=9876543210:namespace=5555555555" -} \ No newline at end of file diff --git a/templates/resources/authz_grant.md.tmpl b/templates/resources/authz_grant.md.tmpl deleted file mode 100644 index bfa890c..0000000 --- a/templates/resources/authz_grant.md.tmpl +++ /dev/null @@ -1,18 +0,0 @@ ---- -page_title: "{{.Name}} Resource - {{.ProviderName}}" -subcategory: "" -description: |- - The authz_grant resource allows you to manage authorization grants in nullplatform. ---- - -# {{.Name}} (Resource) - -The authz_grant resource allows you to manage authorization grants in nullplatform. Grants give users access to resources with specific roles. - -## Example Usage - -### Basic Example - -{{ tffile "examples/resources/nullplatform_authz_grant/resource.tf" }} - -{{ .SchemaMarkdown | trimspace }} From b9102aab1ad19354fc1d8e45bfb7a62ec8241b32 Mon Sep 17 00:00:00 2001 From: Sebastian Nallar Date: Wed, 5 Feb 2025 09:35:22 -0300 Subject: [PATCH 3/3] fix: description user role instead of authz grant --- nullplatform/resource_user_role.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nullplatform/resource_user_role.go b/nullplatform/resource_user_role.go index c9e35b4..f01f494 100644 --- a/nullplatform/resource_user_role.go +++ b/nullplatform/resource_user_role.go @@ -8,7 +8,7 @@ import ( func resourceUserRole() *schema.Resource { return &schema.Resource{ - Description: "The authz_grant resource allows you to manage authorization grants in nullplatform", + Description: "The user_role resource allows you to manage authorization grants in nullplatform", CreateContext: CreateAuthzGrant, ReadContext: ReadAuthzGrant,