Documentation
¶
Index ¶
- Variables
- func ActionPermissionsSchema() map[string]schema.Attribute
- func NewActionPermissionsResource() resource.Resource
- type ActionPermissionsModel
- type ActionPermissionsResource
- func (r *ActionPermissionsResource) Configure(ctx context.Context, req resource.ConfigureRequest, ...)
- func (r *ActionPermissionsResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse)
- func (r *ActionPermissionsResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse)
- func (r *ActionPermissionsResource) ImportState(ctx context.Context, req resource.ImportStateRequest, ...)
- func (r *ActionPermissionsResource) Metadata(ctx context.Context, req resource.MetadataRequest, ...)
- func (r *ActionPermissionsResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse)
- func (r *ActionPermissionsResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse)
- func (r *ActionPermissionsResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse)
- type ApproveModel
- type ExecuteModel
- type PermissionsModel
Constants ¶
This section is empty.
Variables ¶
View Source
var ActionPermissionsResourceMarkdownDescription = `
# Action Permissions resource
Docs for the Action Permissions resource can be found [here](https://docs.getport.io/actions-and-automations/create-self-service-experiences/set-self-service-actions-rbac/?config-method=terraform).
## Example Usage
` + "```hcl" + `
resource "port_action_permissions" "restart_microservice_permissions" {
action_identifier = port_action.restart_microservice.identifier
permissions = {
"execute" : {
"roles" : [
"admin"
],
"users" : [],
"teams" : [],
"owned_by_team" : true
},
"approve" : {
"roles" : ["member", "admin"],
"users" : [],
"teams" : []
}
}
}` + "\n```" + `
## Example Usage with Policy
Port allows setting dynamic permissions for executing and/or approving execution of self-service actions, based on any properties/relations of an action's corresponding blueprint.
Docs about the Policy language can be found [here](https://docs.getport.io/create-self-service-experiences/set-self-service-actions-rbac/dynamic-permissions#configuring-permissions).
Policy is expected to be passed as a JSON string and not as an object, this means that the evaluation of the policy will be done by Port and not by Terraform.
To pass a JSON string to Terraform, you can use the [jsonencode](https://developer.hashicorp.com/terraform/language/functions/jsonencode) function.
` + "```hcl" + `
resource "port_action_permissions" "restart_microservice_permissions" {
action_identifier = port_action.restart_microservice.identifier
permissions = {
"execute" : {
"roles" : [
"Admin"
],
"users" : [],
"teams" : [],
"owned_by_team" : true
},
"approve" : {
"roles" : ["Member", "Admin"],
"users" : [],
"teams" : []
# Terraform's "jsonencode" function converts a
# Terraform expression result to valid JSON syntax.
"policy" : jsonencode(
{
queries : {
executingUser : {
rules : [
{
value : "user",
operator : "=",
property : "$blueprint"
},
{
value : "true",
operator : "=",
property : "$owned_by_team"
}
],
combinator : "and"
}
},
conditions : [
"true"]
}
)
}
}
}` + "\n```" + `
## Disclaimer
- Action permissions are created by default when creating a new action, this means that you should use this resource when you want to change the default permissions of an action.
- When deleting an action permissions resource using terraform, the action permissions will not be deleted from Port, as they are required for the action to work, instead, the action permissions will be removed from the terraform state.
- All the permission lists (roles, users, teams) are managed by Port in a sorted manner, this means that if your ` + "`" + `.tf` + "`" + ` has for example roles defined out of order, your state will be invalid
E.g:
` + "```hcl" + `
resource "port_action_permissions" "restart_microservice_permissions" {
action_identifier = port_action.restart_microservice.identifier
permissions = {
# invalid
"execute" : {
"roles" : [
"member",
"admin",
],
...
},
# valid
"approve" : {
"roles" : [
"admin",
"member",
],
}
}
}` + "\n```"
Functions ¶
func ActionPermissionsSchema ¶
Types ¶
type ActionPermissionsModel ¶
type ActionPermissionsResource ¶
type ActionPermissionsResource struct {
// contains filtered or unexported fields
}
func (*ActionPermissionsResource) Configure ¶
func (r *ActionPermissionsResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse)
func (*ActionPermissionsResource) Create ¶
func (r *ActionPermissionsResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse)
func (*ActionPermissionsResource) Delete ¶
func (r *ActionPermissionsResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse)
func (*ActionPermissionsResource) ImportState ¶
func (r *ActionPermissionsResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse)
func (*ActionPermissionsResource) Metadata ¶
func (r *ActionPermissionsResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse)
func (*ActionPermissionsResource) Read ¶
func (r *ActionPermissionsResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse)
func (*ActionPermissionsResource) Schema ¶
func (r *ActionPermissionsResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse)
func (*ActionPermissionsResource) Update ¶
func (r *ActionPermissionsResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse)
type ApproveModel ¶
type ExecuteModel ¶
type PermissionsModel ¶
type PermissionsModel struct {
Execute *ExecuteModel `tfsdk:"execute"`
Approve *ApproveModel `tfsdk:"approve"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.