iampolicy

package
v0.95.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 29, 2024 License: MPL-2.0 Imports: 24 Imported by: 0

Documentation

Overview

iampolicy is a helper package for creating Terraform resources that modify an HCP Resource's IAM Policy. By implementing a single interface, a resource can provide an authoratative Policy resource and a Binding resource. Using this package simplifies implementation, provides a performance optimized experience, and providers a consistent interface to the provider users.

For examples of how to implement the interface, see hcp_project_iam_policy/binding.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Equal

Equal returns if the passed Policies are equal.

func FromMap

FromMap converts the map generated by ToMap to an IAM Policy object.

func NewResourceIamBinding

func NewResourceIamBinding(
	typeName string,
	parentSpecificSchema schema.Schema,
	importAttrName string,
	newUpdaterFunc NewResourceIamUpdaterFunc,
) resource.Resource

parentSpecificSchema should be a schema that includes a MarkdownDescription and any necessary Attributes to target the specific resource ("project_id", "resource_name", etc)

importAttrName allows specifying the attribute to be set when a user runs `terraform import`. Subsequent calls to SetResourceIamPolicy can use this information to populate the policy.

func NewResourceIamPolicy

func NewResourceIamPolicy(
	typeName string,
	parentSpecificSchema schema.Schema,
	importAttrName string,
	newUpdaterFunc NewResourceIamUpdaterFunc,
) resource.Resource

parentSpecificSchema should be a schema that includes a MarkdownDescription and any necessary Attributes to target the specific resource ("project_id", "resource_name", etc)

importAttrName allows specifying the attribute to be set when a user runs `terraform import`. Subsequent calls to SetResourceIamPolicy can use this information to populate the policy.

func ToMap

ToMap to map converts an IAM policy to a set of maps. The first map is keyed by Role ID, and the second map is keyed by PrincipalID.

Types

type NewResourceIamUpdaterFunc

type NewResourceIamUpdaterFunc func(ctx context.Context, d TerraformResourceData, clients *clients.Client) (ResourceIamUpdater, diag.Diagnostics)

Factory for generating ResourceIamUpdater for given ResourceData resource

type PolicyDataType

type PolicyDataType struct {
	basetypes.StringType
}

PolicyDataType is a custom type for handling marshaled policy_data.

func (PolicyDataType) Equal

func (t PolicyDataType) Equal(o attr.Type) bool

func (PolicyDataType) String

func (t PolicyDataType) String() string

func (PolicyDataType) Validate

func (t PolicyDataType) Validate(ctx context.Context, value tftypes.Value, valuePath path.Path) diag.Diagnostics

Validate will be called whenever a PolicyDataValue is being created. This is helpful to both give the user a better error message but also so the Value type can assume the policy_data is valid.

func (PolicyDataType) ValueFromString

func (PolicyDataType) ValueFromTerraform

func (t PolicyDataType) ValueFromTerraform(ctx context.Context, in tftypes.Value) (attr.Value, error)

func (PolicyDataType) ValueType

func (t PolicyDataType) ValueType(ctx context.Context) attr.Value

type PolicyDataValue

type PolicyDataValue struct {
	basetypes.StringValue
}

func (PolicyDataValue) Equal

func (v PolicyDataValue) Equal(o attr.Value) bool

func (PolicyDataValue) StringSemanticEquals

func (v PolicyDataValue) StringSemanticEquals(ctx context.Context, newValuable basetypes.StringValuable) (bool, diag.Diagnostics)

StringSemanticEquals checks that two policies are semantically equal. This is critical for suppressing planned changes where the only delta is the ordering of bindings or members within a binding.

func (PolicyDataValue) Type

func (v PolicyDataValue) Type(ctx context.Context) attr.Type

type ResourceIamUpdater

type ResourceIamUpdater interface {
	// GetResourceIamPolicy fetches the existing IAM policy attached to a resource.
	GetResourceIamPolicy(context.Context) (*models.HashicorpCloudResourcemanagerPolicy, diag.Diagnostics)

	// SetResourceIamPolicy replaces the existing IAM Policy attached to a resource.
	// If an error occurs, a new custom ErrorHTTPStatusCode should be appended to the diagnostics.
	SetResourceIamPolicy(ctx context.Context, policy *models.HashicorpCloudResourcemanagerPolicy) (*models.HashicorpCloudResourcemanagerPolicy, diag.Diagnostics)

	// GetMutexKey gets the mutex key.
	// A mutex guards against concurrent to call to the SetResourceIamPolicy method.
	// The mutex key should be globally unique.
	GetMutexKey() string
}

The ResourceIamUpdater interface is implemented for each HCP resource supporting IAM policy (Organization/Project/Resource).

Implementations should be created per resource and should keep track of the resource identifier.

type TerraformResourceData

type TerraformResourceData interface {
	GetAttribute(ctx context.Context, path path.Path, target interface{}) diag.Diagnostics
	SetAttribute(ctx context.Context, path path.Path, val interface{}) diag.Diagnostics
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL