diff --git a/docs/data-sources/identity_project_v3.md b/docs/data-sources/identity_project_v3.md index 8c37964c..a5137c2d 100644 --- a/docs/data-sources/identity_project_v3.md +++ b/docs/data-sources/identity_project_v3.md @@ -18,20 +18,19 @@ data "flexibleengine_identity_project_v3" "project_1" { The following arguments are supported: -* `name` - (Optional) The name of the project. +* `name` - (Optional, String) The name of the project. -* `domain_id` - (Optional) The domain this project belongs to. +* `domain_id` - (Optional, String) The domain this project belongs to. -* `parent_id` - (Optional) The parent of this project. +* `parent_id` - (Optional, String) The parent of this project. -## Attributes Reference +* `enabled` - (Optional, Bool) The enabling status of this project. + +* `is_domain` - (Optional, Bool) Indicates whether the user calling the API is a tenant. + +## Attribute Reference `id` is set to the ID of the found project. In addition, the following attributes are exported: -* `name` - See Argument Reference above. -* `domain_id` - See Argument Reference above. -* `parent_id` - See Argument Reference above. * `description` - The description of the project. -* `enabled` - Whether the project is available. -* `is_domain` - Whether this project is a domain. diff --git a/docs/resources/identity_agency_v3.md b/docs/resources/identity_agency_v3.md index b9aa24d6..f21d0931 100644 --- a/docs/resources/identity_agency_v3.md +++ b/docs/resources/identity_agency_v3.md @@ -54,32 +54,33 @@ resource "flexibleengine_identity_agency_v3" "agency" { The following arguments are supported: -* `name` - (Required) Specifies the name of agency. The name is a string of 1 to 64 characters. - Changing this will create a new agency. +* `name` - (Required, String, ForceNew) Specifies the name of agency. The name is a string of 1 to 64 characters. + Changing this will create a new agency. -* `description` - (Optional) Specifies the supplementary information about the agency. - The value is a string of 0 to 255 characters. +* `description` - (Optional, String) Specifies the supplementary information about the agency. + The value is a string of 0 to 255 characters. -* `delegated_domain_name` - (Optional) Specifies the name of delegated user domain. - This parameter and `delegated_service_name` are alternative. +* `delegated_domain_name` - (Optional, String) Specifies the name of delegated user domain. + This parameter and `delegated_service_name` are alternative. -* `delegated_service_name` - (Optional) Specifies the name of delegated cloud service. - This parameter and `delegated_domain_name` are alternative. +* `delegated_service_name` - (Optional, String) Specifies the name of delegated cloud service. + This parameter and `delegated_domain_name` are alternative. -* `duration` - (Optional) Specifies the validity period of an agency. - The valid value are *ONEDAY* and *FOREVER*, defaults to *FOREVER*. +* `duration` - (Optional, String) Specifies the validity period of an agency. + The valid value are *ONEDAY* and *FOREVER*, defaults to *FOREVER*. -* `project_role` - (Optional) Specifies an array of one or more roles and projects which are used to grant - permissions to agency on project. The structure is documented below. +* `project_role` - (Optional, List) Specifies an array of one or more roles and projects which are used to grant + permissions to agency on project. The [project_role](#identity_project_role) object structure is documented below. -* `domain_roles` - (optional) Specifies an array of one or more role names which stand for the permissionis to - be granted to agency on domain. +* `domain_roles` - (Optional, List) Specifies an array of one or more role names which stand for the permissions to + be granted to agency on domain. + The `project_role` block supports: -* `project` - (Required) Specifies the name of project. +* `project` - (Required, String) Specifies the name of project. -* `roles` - (Required) Specifies an array of role names. +* `roles` - (Required, List) Specifies an array of role names. -> **NOTE** - At least one of `project_role` and `domain_roles` must be specified when creating an agency. @@ -87,14 +88,24 @@ The `project_role` block supports: [FlexibleEngine](https://docs.prod-cloud-ocb.orange-business.com/permissions/index.html) or [data.flexibleengine_identity_role_v3](https://registry.terraform.io/providers/FlexibleEngineCloud/flexibleengine/latest/docs/data-sources/identity_role_v3). -## Attributes Reference +## Attribute Reference In addition to all arguments above, the following attributes are exported: * `id` - The agency ID. + * `expire_time` - The expiration time of agency. + * `create_time` - The time when the agency was created. +## Timeouts + +This resource provides the following timeouts configuration options: + +* `create` - Default is 10 minutes. +* `update` - Default is 10 minutes. +* `delete` - Default is 5 minutes. + ## Import Agencies can be imported using the `id`, e.g. diff --git a/docs/resources/identity_group_membership_v3.md b/docs/resources/identity_group_membership_v3.md index 20482c3f..13a353be 100644 --- a/docs/resources/identity_group_membership_v3.md +++ b/docs/resources/identity_group_membership_v3.md @@ -43,14 +43,18 @@ resource "flexibleengine_identity_group_membership_v3" "membership_1" { The following arguments are supported: -* `group` - (Required) The group ID of this membership. +* `group` - (Required, String, ForceNew) The group ID of this membership. Changing this will create a new resource. -* `users` - (Required) A List of user IDs to associate to the group. +* `users` - (Required, List) A List of user IDs to associate to the group. -## Attributes Reference +## Attribute Reference -The following attributes are exported: +All the arguments above can also be exported attributes. -* `group` - See Argument Reference above. +## Import -* `users` - See Argument Reference above. +IAM group membership can be imported using the group membership ID, e.g. + +```shell +terraform import flexibleengine_identity_group_membership_v3.membership_1 89c60255-9bd6-460c-822a-e2b959ede9d2 +``` diff --git a/docs/resources/identity_group_v3.md b/docs/resources/identity_group_v3.md index c960a84e..4386f93c 100644 --- a/docs/resources/identity_group_v3.md +++ b/docs/resources/identity_group_v3.md @@ -23,17 +23,15 @@ resource "flexibleengine_identity_group_v3" "group_1" { The following arguments are supported: -* `name` - (Required) The name of the group. The length is less than or equal to 64 bytes. +* `name` - (Required, String) The name of the group. The length is less than or equal to 64 bytes. -* `description` - (Optional) A description of the group. +* `description` - (Optional, String) A description of the group. -* `domain_id` - (Optional) The domain this group belongs to. +* `domain_id` - (Optional, String) The domain this group belongs to. -## Attributes Reference +## Attribute Reference -The following attributes are exported: - -* `domain_id` - See Argument Reference above. +All the arguments above can also be exported attributes. ## Import diff --git a/docs/resources/identity_project_v3.md b/docs/resources/identity_project_v3.md index 1e9fe0dd..1ada30ae 100644 --- a/docs/resources/identity_project_v3.md +++ b/docs/resources/identity_project_v3.md @@ -25,12 +25,12 @@ resource "flexibleengine_identity_project_v3" "project_1" { The following arguments are supported: -* `name` - (Required) The name of the project. The length is less than or equal - to 64 bytes. Name mut be prefixed with a valid region name (eg. eu-west-0_project_1). +* `name` - (Required, String) The name of the project. The length is less than or equal + to 64 bytes. Name mut be prefixed with a valid region name (eg. eu-west-0_project_1). -* `description` - (Optional) A description of the project. +* `description` - (Optional, String) A description of the project. -## Atribute Reference +## Attribute Reference In addition to all arguments above, the following attributes are exported: @@ -40,6 +40,16 @@ In addition to all arguments above, the following attributes are exported: * `enabled` - Enabling status of this project. +* `domain_id` - The domain this project belongs to. + +## Timeouts + +This resource provides the following timeouts configuration options: + +* `create` - Default is 10 minutes. +* `update` - Default is 10 minutes. +* `delete` - Default is 10 minutes. + ## Import Projects can be imported using the `id`, e.g. diff --git a/docs/resources/identity_provider.md b/docs/resources/identity_provider.md index 8a2f8bd8..c22bb014 100644 --- a/docs/resources/identity_provider.md +++ b/docs/resources/identity_provider.md @@ -66,7 +66,7 @@ The following arguments are supported: Valid values are *saml* and *oidc*. Changing this creates a new resource. -* `enabled` - (Optional, Bool) Specifies the status for the identity provider. Defaults to true. +* `enabled` - (Optional, Bool) Specifies the status for the identity provider. Defaults to **true**. * `description` - (Optional, String) Specifies the description of the identity provider. @@ -77,14 +77,16 @@ The following arguments are supported: The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm. -> **NOTE:** - The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. - It is usually stored in a file. In the TF script, you can import the metafile through the **file** function, - for example: -
`metadata = file("/usr/local/data/files/metadata.txt")` + The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. + It is usually stored in a file. In the TF script, you can import the metafile through the **file** function, + for example: +
`metadata = file("/usr/local/data/files/metadata.txt")` * `openid_connect_config` - (Optional, List) Specifies the description of the identity provider. This field is required only if the protocol is set to *oidc*. + The [openid_connect_config](#IAM_openid_connect_config) object structure is documented below. + The `openid_connect_config` block supports: * `access_type` - (Required, String) Specifies the access type of the identity provider. @@ -114,7 +116,7 @@ The `openid_connect_config` block supports: Valid values is *form_post* and *fragment*, default value is *form_post*. This field is required only if the access type is set to `program_console`. -## Attributes Reference +## Attribute Reference In addition to all arguments above, the following attributes are exported: @@ -125,21 +127,24 @@ In addition to all arguments above, the following attributes are exported: * `sso_type` - The single sign-on type of the identity provider. * `conversion_rules` - The identity conversion rules of the identity provider. - The [object](#conversion_rules) structure is documented below + The [conversion_rules](#IAM_conversion_rules) object structure is documented below. - + The `conversion_rules` block supports: -* `local` - The federated user information on the cloud platform. +* `local` - The federated user information on the cloud platform. The [local](#IAM_local) object structure is + documented below. -* `remote` - The description of the identity provider. +* `remote` - The description of the identity provider. The [remote](#IAM_remote) object structure is documented below. + The `local` block supports: * `username` - The name of a federated user on the cloud platform. * `group` - The user group to which the federated user belongs on the cloud platform. + The `remote` block supports: * `attribute` - The attribute in the IDP assertion. diff --git a/docs/resources/identity_provider_conversion.md b/docs/resources/identity_provider_conversion.md index 76f920d6..af3f6112 100644 --- a/docs/resources/identity_provider_conversion.md +++ b/docs/resources/identity_provider_conversion.md @@ -47,26 +47,30 @@ The following arguments are supported: * `conversion_rules` - (Required, List) Specifies the identity conversion rules of the identity provider. You can use identity conversion rules to map the identities of existing users to FlexibleEngine and manage their access to cloud resources. - The [object](#conversion_rules) structure is documented below. + The [conversion_rules](#IAM_conversion_rules) object structure is documented below. - + The `conversion_rules` block supports: -* `local` - (Required, List) Specifies the federated user information on the cloud platform. +* `local` - (Required, List) Specifies the federated user information on the cloud platform. The [local](#IAM_local) + object structure is documented below. -* `remote` - (Required, List) Specifies Federated user information in the IDP system. +* `remote` - (Required, List) Specifies Federated user information in the IDP system. The [remote](#IAM_remote) object + structure is documented below. -> **NOTE:** - If the protocol of identity provider is SAML, this field is an expression consisting of assertion - attributes and operators. - If the protocol of identity provider is OIDC, the value of this field is determined by the ID token. + If the protocol of identity provider is SAML, this field is an expression consisting of assertion + attributes and operators. + If the protocol of identity provider is OIDC, the value of this field is determined by the ID token. + The `local` block supports: * `username` - (Required, String) Specifies the name of a federated user on the cloud platform. * `group` - (Optional, String) Specifies the user group to which the federated user belongs on the cloud platform. + The `remote` block supports: * `attribute` - (Required, String) Specifies the attribute in the IDP assertion. @@ -78,7 +82,7 @@ The `remote` block supports: * `value` - (Optional, List) Specifies the rule is matched only if the specified strings appear in the attribute type. -## Attributes Reference +## Attribute Reference In addition to all arguments above, the following attributes are exported: diff --git a/docs/resources/identity_role_assignment_v3.md b/docs/resources/identity_role_assignment_v3.md index 515a7125..a1d1f363 100644 --- a/docs/resources/identity_role_assignment_v3.md +++ b/docs/resources/identity_role_assignment_v3.md @@ -54,26 +54,30 @@ resource "flexibleengine_identity_role_assignment_v3" "role_assignment_1" { domain_id = var.domain_id role_id = data.flexibleengine_identity_role_v3.role_1.id } - ``` ## Argument Reference The following arguments are supported: -* `role_id` - (Required) The role to assign. +* `role_id` - (Required, String, ForceNew) The role to assign. Changing this will create a new resource. + +* `group_id` - (Required, String, ForceNew) The group to assign the role in. Changing this will create a new resource. -* `group_id` - (Required) The group to assign the role in. +* `domain_id` - (Optional, String, ForceNew) The domain to assign the role in. + It is **Required** if `project_id` is empty. Changing this will create a new resource. -* `domain_id` - (Optional; Required if `project_id` is empty) The domain to assign the role in. +* `project_id` - (Optional, String, ForceNew) The project to assign the role in. + It is **Required** if `domain_id` is empty. Changing this will create a new resource. -* `project_id` - (Optional; Required if `domain_id` is empty) The project to assign the role in. +## Attribute Reference -## Attributes Reference +All the arguments above can also be exported attributes. -The following attributes are exported: +## Import -* `group_id` - See Argument Reference above. -* `role_id` - See Argument Reference above. -* `domain_id` - See Argument Reference above. -* `project_id` - See Argument Reference above. +IAM role assignment can be imported using the role assignment ID, e.g. + +```shell +terraform import flexibleengine_identity_role_assignment_v3.assignment_1 89c60255-9bd6-460c-822a-e2b959ede9d2 +```