Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(IAM): fix docs issues #1015

Merged
merged 1 commit into from
Oct 16, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 8 additions & 9 deletions docs/data-sources/identity_project_v3.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,19 @@ data "flexibleengine_identity_project_v3" "project_1" {

The following arguments are supported:

* `name` - (Optional) The name of the project.
* `name` - (Optional, String) The name of the project.

* `domain_id` - (Optional) The domain this project belongs to.
* `domain_id` - (Optional, String) The domain this project belongs to.

* `parent_id` - (Optional) The parent of this project.
* `parent_id` - (Optional, String) The parent of this project.

## Attributes Reference
* `enabled` - (Optional, Bool) The enabling status of this project.

* `is_domain` - (Optional, Bool) Indicates whether the user calling the API is a tenant.

## Attribute Reference

`id` is set to the ID of the found project. In addition, the following attributes
are exported:

* `name` - See Argument Reference above.
* `domain_id` - See Argument Reference above.
* `parent_id` - See Argument Reference above.
* `description` - The description of the project.
* `enabled` - Whether the project is available.
* `is_domain` - Whether this project is a domain.
45 changes: 28 additions & 17 deletions docs/resources/identity_agency_v3.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,47 +54,58 @@ resource "flexibleengine_identity_agency_v3" "agency" {

The following arguments are supported:

* `name` - (Required) Specifies the name of agency. The name is a string of 1 to 64 characters.
Changing this will create a new agency.
* `name` - (Required, String, ForceNew) Specifies the name of agency. The name is a string of 1 to 64 characters.
Changing this will create a new agency.

* `description` - (Optional) Specifies the supplementary information about the agency.
The value is a string of 0 to 255 characters.
* `description` - (Optional, String) Specifies the supplementary information about the agency.
The value is a string of 0 to 255 characters.

* `delegated_domain_name` - (Optional) Specifies the name of delegated user domain.
This parameter and `delegated_service_name` are alternative.
* `delegated_domain_name` - (Optional, String) Specifies the name of delegated user domain.
This parameter and `delegated_service_name` are alternative.

* `delegated_service_name` - (Optional) Specifies the name of delegated cloud service.
This parameter and `delegated_domain_name` are alternative.
* `delegated_service_name` - (Optional, String) Specifies the name of delegated cloud service.
This parameter and `delegated_domain_name` are alternative.

* `duration` - (Optional) Specifies the validity period of an agency.
The valid value are *ONEDAY* and *FOREVER*, defaults to *FOREVER*.
* `duration` - (Optional, String) Specifies the validity period of an agency.
The valid value are *ONEDAY* and *FOREVER*, defaults to *FOREVER*.

* `project_role` - (Optional) Specifies an array of one or more roles and projects which are used to grant
permissions to agency on project. The structure is documented below.
* `project_role` - (Optional, List) Specifies an array of one or more roles and projects which are used to grant
permissions to agency on project. The [project_role](#identity_project_role) object structure is documented below.

* `domain_roles` - (optional) Specifies an array of one or more role names which stand for the permissionis to
be granted to agency on domain.
* `domain_roles` - (Optional, List) Specifies an array of one or more role names which stand for the permissions to
be granted to agency on domain.

<a name="identity_project_role"></a>
The `project_role` block supports:

* `project` - (Required) Specifies the name of project.
* `project` - (Required, String) Specifies the name of project.

* `roles` - (Required) Specifies an array of role names.
* `roles` - (Required, List) Specifies an array of role names.

-> **NOTE**
- At least one of `project_role` and `domain_roles` must be specified when creating an agency.
- We can get all **System-Defined Roles** from
[FlexibleEngine](https://docs.prod-cloud-ocb.orange-business.com/permissions/index.html) or
[data.flexibleengine_identity_role_v3](https://registry.terraform.io/providers/FlexibleEngineCloud/flexibleengine/latest/docs/data-sources/identity_role_v3).

## Attributes Reference
## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The agency ID.

* `expire_time` - The expiration time of agency.

* `create_time` - The time when the agency was created.

## Timeouts

This resource provides the following timeouts configuration options:

* `create` - Default is 10 minutes.
* `update` - Default is 10 minutes.
* `delete` - Default is 5 minutes.

## Import

Agencies can be imported using the `id`, e.g.
Expand Down
16 changes: 10 additions & 6 deletions docs/resources/identity_group_membership_v3.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,18 @@ resource "flexibleengine_identity_group_membership_v3" "membership_1" {

The following arguments are supported:

* `group` - (Required) The group ID of this membership.
* `group` - (Required, String, ForceNew) The group ID of this membership. Changing this will create a new resource.

* `users` - (Required) A List of user IDs to associate to the group.
* `users` - (Required, List) A List of user IDs to associate to the group.

## Attributes Reference
## Attribute Reference

The following attributes are exported:
All the arguments above can also be exported attributes.

* `group` - See Argument Reference above.
## Import

* `users` - See Argument Reference above.
IAM group membership can be imported using the group membership ID, e.g.

```shell
terraform import flexibleengine_identity_group_membership_v3.membership_1 89c60255-9bd6-460c-822a-e2b959ede9d2
```
12 changes: 5 additions & 7 deletions docs/resources/identity_group_v3.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,17 +23,15 @@ resource "flexibleengine_identity_group_v3" "group_1" {

The following arguments are supported:

* `name` - (Required) The name of the group. The length is less than or equal to 64 bytes.
* `name` - (Required, String) The name of the group. The length is less than or equal to 64 bytes.

* `description` - (Optional) A description of the group.
* `description` - (Optional, String) A description of the group.

* `domain_id` - (Optional) The domain this group belongs to.
* `domain_id` - (Optional, String) The domain this group belongs to.

## Attributes Reference
## Attribute Reference

The following attributes are exported:

* `domain_id` - See Argument Reference above.
All the arguments above can also be exported attributes.

## Import

Expand Down
18 changes: 14 additions & 4 deletions docs/resources/identity_project_v3.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@ resource "flexibleengine_identity_project_v3" "project_1" {

The following arguments are supported:

* `name` - (Required) The name of the project. The length is less than or equal
to 64 bytes. Name mut be prefixed with a valid region name (eg. eu-west-0_project_1).
* `name` - (Required, String) The name of the project. The length is less than or equal
to 64 bytes. Name mut be prefixed with a valid region name (eg. eu-west-0_project_1).

* `description` - (Optional) A description of the project.
* `description` - (Optional, String) A description of the project.

## Atribute Reference
## Attribute Reference

In addition to all arguments above, the following attributes are exported:

Expand All @@ -40,6 +40,16 @@ In addition to all arguments above, the following attributes are exported:

* `enabled` - Enabling status of this project.

* `domain_id` - The domain this project belongs to.

## Timeouts

This resource provides the following timeouts configuration options:

* `create` - Default is 10 minutes.
* `update` - Default is 10 minutes.
* `delete` - Default is 10 minutes.

## Import

Projects can be imported using the `id`, e.g.
Expand Down
25 changes: 15 additions & 10 deletions docs/resources/identity_provider.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ The following arguments are supported:
Valid values are *saml* and *oidc*.
Changing this creates a new resource.

* `enabled` - (Optional, Bool) Specifies the status for the identity provider. Defaults to true.
* `enabled` - (Optional, Bool) Specifies the status for the identity provider. Defaults to **true**.

* `description` - (Optional, String) Specifies the description of the identity provider.

Expand All @@ -77,14 +77,16 @@ The following arguments are supported:
The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.

-> **NOTE:**
The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard.
It is usually stored in a file. In the TF script, you can import the metafile through the **file** function,
for example:
<br/>`metadata = file("/usr/local/data/files/metadata.txt")`
The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard.
It is usually stored in a file. In the TF script, you can import the metafile through the **file** function,
for example:
<br/>`metadata = file("/usr/local/data/files/metadata.txt")`

* `openid_connect_config` - (Optional, List) Specifies the description of the identity provider.
This field is required only if the protocol is set to *oidc*.
The [openid_connect_config](#IAM_openid_connect_config) object structure is documented below.

<a name="IAM_openid_connect_config"></a>
The `openid_connect_config` block supports:

* `access_type` - (Required, String) Specifies the access type of the identity provider.
Expand Down Expand Up @@ -114,7 +116,7 @@ The `openid_connect_config` block supports:
Valid values is *form_post* and *fragment*, default value is *form_post*.
This field is required only if the access type is set to `program_console`.

## Attributes Reference
## Attribute Reference

In addition to all arguments above, the following attributes are exported:

Expand All @@ -125,21 +127,24 @@ In addition to all arguments above, the following attributes are exported:
* `sso_type` - The single sign-on type of the identity provider.

* `conversion_rules` - The identity conversion rules of the identity provider.
The [object](#conversion_rules) structure is documented below
The [conversion_rules](#IAM_conversion_rules) object structure is documented below.

<a name="conversion_rules"></a>
<a name="IAM_conversion_rules"></a>
The `conversion_rules` block supports:

* `local` - The federated user information on the cloud platform.
* `local` - The federated user information on the cloud platform. The [local](#IAM_local) object structure is
documented below.

* `remote` - The description of the identity provider.
* `remote` - The description of the identity provider. The [remote](#IAM_remote) object structure is documented below.

<a name="IAM_local"></a>
The `local` block supports:

* `username` - The name of a federated user on the cloud platform.

* `group` - The user group to which the federated user belongs on the cloud platform.

<a name="IAM_remote"></a>
The `remote` block supports:

* `attribute` - The attribute in the IDP assertion.
Expand Down
20 changes: 12 additions & 8 deletions docs/resources/identity_provider_conversion.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,26 +47,30 @@ The following arguments are supported:
* `conversion_rules` - (Required, List) Specifies the identity conversion rules of the identity provider.
You can use identity conversion rules to map the identities of existing users to FlexibleEngine and manage their access
to cloud resources.
The [object](#conversion_rules) structure is documented below.
The [conversion_rules](#IAM_conversion_rules) object structure is documented below.

<a name="conversion_rules"></a>
<a name="IAM_conversion_rules"></a>
The `conversion_rules` block supports:

* `local` - (Required, List) Specifies the federated user information on the cloud platform.
* `local` - (Required, List) Specifies the federated user information on the cloud platform. The [local](#IAM_local)
object structure is documented below.

* `remote` - (Required, List) Specifies Federated user information in the IDP system.
* `remote` - (Required, List) Specifies Federated user information in the IDP system. The [remote](#IAM_remote) object
structure is documented below.

-> **NOTE:**
If the protocol of identity provider is SAML, this field is an expression consisting of assertion
attributes and operators.
If the protocol of identity provider is OIDC, the value of this field is determined by the ID token.
If the protocol of identity provider is SAML, this field is an expression consisting of assertion
attributes and operators.
If the protocol of identity provider is OIDC, the value of this field is determined by the ID token.

<a name="IAM_local"></a>
The `local` block supports:

* `username` - (Required, String) Specifies the name of a federated user on the cloud platform.

* `group` - (Optional, String) Specifies the user group to which the federated user belongs on the cloud platform.

<a name="IAM_remote"></a>
The `remote` block supports:

* `attribute` - (Required, String) Specifies the attribute in the IDP assertion.
Expand All @@ -78,7 +82,7 @@ The `remote` block supports:

* `value` - (Optional, List) Specifies the rule is matched only if the specified strings appear in the attribute type.

## Attributes Reference
## Attribute Reference

In addition to all arguments above, the following attributes are exported:

Expand Down
26 changes: 15 additions & 11 deletions docs/resources/identity_role_assignment_v3.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,26 +54,30 @@ resource "flexibleengine_identity_role_assignment_v3" "role_assignment_1" {
domain_id = var.domain_id
role_id = data.flexibleengine_identity_role_v3.role_1.id
}

```

## Argument Reference

The following arguments are supported:

* `role_id` - (Required) The role to assign.
* `role_id` - (Required, String, ForceNew) The role to assign. Changing this will create a new resource.

* `group_id` - (Required, String, ForceNew) The group to assign the role in. Changing this will create a new resource.

* `group_id` - (Required) The group to assign the role in.
* `domain_id` - (Optional, String, ForceNew) The domain to assign the role in.
It is **Required** if `project_id` is empty. Changing this will create a new resource.

* `domain_id` - (Optional; Required if `project_id` is empty) The domain to assign the role in.
* `project_id` - (Optional, String, ForceNew) The project to assign the role in.
It is **Required** if `domain_id` is empty. Changing this will create a new resource.

* `project_id` - (Optional; Required if `domain_id` is empty) The project to assign the role in.
## Attribute Reference

## Attributes Reference
All the arguments above can also be exported attributes.

The following attributes are exported:
## Import

* `group_id` - See Argument Reference above.
* `role_id` - See Argument Reference above.
* `domain_id` - See Argument Reference above.
* `project_id` - See Argument Reference above.
IAM role assignment can be imported using the role assignment ID, e.g.

```shell
terraform import flexibleengine_identity_role_assignment_v3.assignment_1 89c60255-9bd6-460c-822a-e2b959ede9d2
```
Loading