diff --git a/go.mod b/go.mod index c4e53b2d0da..3c217e3a20a 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/IBM/event-notifications-go-admin-sdk v0.6.1 github.com/IBM/eventstreams-go-sdk v1.4.0 github.com/IBM/go-sdk-core/v3 v3.2.4 - github.com/IBM/go-sdk-core/v5 v5.17.3 + github.com/IBM/go-sdk-core/v5 v5.17.4 github.com/IBM/ibm-cos-sdk-go v1.10.3 github.com/IBM/ibm-cos-sdk-go-config/v2 v2.1.0 github.com/IBM/ibm-hpcs-tke-sdk v0.0.0-20211109141421-a4b61b05f7d1 @@ -26,7 +26,7 @@ require ( github.com/IBM/keyprotect-go-client v0.14.0 github.com/IBM/logs-go-sdk v0.3.0 github.com/IBM/networking-go-sdk v0.47.1 - github.com/IBM/platform-services-go-sdk v0.62.11 + github.com/IBM/platform-services-go-sdk v0.64.3 github.com/IBM/project-go-sdk v0.3.5 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 github.com/IBM/scc-go-sdk/v5 v5.1.6 diff --git a/go.sum b/go.sum index beef1742b2f..8ad87a2ca0e 100644 --- a/go.sum +++ b/go.sum @@ -155,6 +155,8 @@ github.com/IBM/go-sdk-core/v5 v5.9.5/go.mod h1:YlOwV9LeuclmT/qi/LAK2AsobbAP42veV github.com/IBM/go-sdk-core/v5 v5.10.2/go.mod h1:WZPFasUzsKab/2mzt29xPcfruSk5js2ywAPwW4VJjdI= github.com/IBM/go-sdk-core/v5 v5.17.3 h1:CZSVCKzhQc/hRQZOtuEmi9dlNtWMnxJvOsPtQKP7cZ4= github.com/IBM/go-sdk-core/v5 v5.17.3/go.mod h1:GatGZpxlo1KaxiRN6E10/rNgWtUtx1hN/GoHSCaSPKA= +github.com/IBM/go-sdk-core/v5 v5.17.4 h1:VGb9+mRrnS2HpHZFM5hy4J6ppIWnwNrw0G+tLSgcJLc= +github.com/IBM/go-sdk-core/v5 v5.17.4/go.mod h1:KsAAI7eStAWwQa4F96MLy+whYSh39JzNjklZRbN/8ns= github.com/IBM/ibm-cos-sdk-go v1.10.3 h1:YfZSLqMiCrqDPbr3r+amY2sicIXlrd+3L5pok6QRXIQ= github.com/IBM/ibm-cos-sdk-go v1.10.3/go.mod h1:T9x7pC47DUd5jD/TMFzlvly39P6EdW5wOemA78XEo2g= github.com/IBM/ibm-cos-sdk-go-config/v2 v2.1.0 h1:U7EmXSfv7jtugRpTpOkPUmgS/xiNKtGfKVH3BGyC1hg= @@ -174,8 +176,10 @@ github.com/IBM/networking-go-sdk v0.47.1 h1:Zqqu9CrZ86jkjMyuIJtBLLOE0D7YtirxnlFy github.com/IBM/networking-go-sdk v0.47.1/go.mod h1:yF4XStkswGgVwQVqPUk6b4YTP0dVap52q8HDYwY4gXQ= github.com/IBM/platform-services-go-sdk v0.62.11 h1:EGsiY90bM9M9sSdBVgpsX4QK1z99JZzedVDlrY2gzmc= github.com/IBM/platform-services-go-sdk v0.62.11/go.mod h1:M26dloj9C48k9AjfMcKGsgH/acEjaUvxjVS8z41Q8dg= -github.com/IBM/project-go-sdk v0.3.5 h1:L+YClFUa14foS0B/hOOY9n7sIdsT5/XQicnXOyJSpyM= -github.com/IBM/project-go-sdk v0.3.5/go.mod h1:FOJM9ihQV3EEAY6YigcWiTNfVCThtdY8bLC/nhQHFvo= +github.com/IBM/platform-services-go-sdk v0.64.3 h1:AKDrLXjybG09i5MyqptY0UpyejeiYrTbdylDC7FQM1k= +github.com/IBM/platform-services-go-sdk v0.64.3/go.mod h1:6rYd3stLSnotYmZlxclw45EJPaQuLmh5f7c+Mg7rOg4= +github.com/IBM/project-go-sdk v0.3.4 h1:VJqGdrWZLlb+f5/fH5mcSpt8t0QoYEq4QgFWVnn8mCs= +github.com/IBM/project-go-sdk v0.3.4/go.mod h1:FOJM9ihQV3EEAY6YigcWiTNfVCThtdY8bLC/nhQHFvo= github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 h1:NPUhkoOCRuv3OFWt19PmwjXGGTKlvmbuPg9fUrBUNe4= github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5/go.mod h1:b07XHUVh0XYnQE9s2mqgjYST1h9buaQNqN4EcKhOsX0= github.com/IBM/sarama v1.41.2 h1:ZDBZfGPHAD4uuAtSv4U22fRZBgst0eEwGFzLj0fb85c= diff --git a/ibm/service/iampolicy/data_source_ibm_iam_policy_assignment.go b/ibm/service/iampolicy/data_source_ibm_iam_policy_assignment.go index 2aaef64f9eb..768c996f988 100644 --- a/ibm/service/iampolicy/data_source_ibm_iam_policy_assignment.go +++ b/ibm/service/iampolicy/data_source_ibm_iam_policy_assignment.go @@ -207,50 +207,6 @@ func DataSourceIBMIAMPolicyAssignment() *schema.Resource { }, }, }, - "options": { - Type: schema.TypeList, - Computed: true, - Description: "The set of properties required for a policy assignment.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "root": { - Type: schema.TypeList, - Computed: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "requester_id": { - Type: schema.TypeString, - Computed: true, - }, - "assignment_id": { - Type: schema.TypeString, - Computed: true, - Description: "Passed in value to correlate with other assignments.", - }, - "template": { - Type: schema.TypeList, - Computed: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "id": { - Type: schema.TypeString, - Computed: true, - Description: "The template id where this policy is being assigned from.", - }, - "version": { - Type: schema.TypeString, - Computed: true, - Description: "The template version where this policy is being assigned from.", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, "account_id": { Type: schema.TypeString, Computed: true, @@ -301,13 +257,6 @@ func dataSourceIBMIAMPolicyAssignmentRead(context context.Context, d *schema.Res return diag.FromErr(fmt.Errorf("error setting template: %s", err)) } } - optionsMap, err := ResourceIBMPolicyAssignmentPolicyAssignmentV1OptionsToMap(policyAssignmentRecord.Options) - if err != nil { - return diag.FromErr(err) - } - if err = d.Set("options", []map[string]interface{}{optionsMap}); err != nil { - return diag.FromErr(fmt.Errorf("error setting options: %s", err)) - } if err = d.Set("href", policyAssignmentRecord.Href); err != nil { return diag.FromErr(fmt.Errorf("error setting href: %s", err)) @@ -317,18 +266,10 @@ func dataSourceIBMIAMPolicyAssignmentRead(context context.Context, d *schema.Res return diag.FromErr(fmt.Errorf("error setting created_at: %s", err)) } - if err = d.Set("created_by_id", policyAssignmentRecord.CreatedByID); err != nil { - return diag.FromErr(fmt.Errorf("error setting created_by_id: %s", err)) - } - if err = d.Set("last_modified_at", flex.DateTimeToString(policyAssignmentRecord.LastModifiedAt)); err != nil { return diag.FromErr(fmt.Errorf("error setting last_modified_at: %s", err)) } - if err = d.Set("last_modified_by_id", policyAssignmentRecord.LastModifiedByID); err != nil { - return diag.FromErr(fmt.Errorf("error setting last_modified_by_id: %s", err)) - } - if err = d.Set("account_id", policyAssignmentRecord.AccountID); err != nil { return diag.FromErr(fmt.Errorf("error setting account_id: %s", err)) } @@ -474,45 +415,6 @@ func ResourceIBMPolicyAssignmentPolicyAssignmentV1ResourcesToMap(model *iampolic } return modelMap, nil } -func ResourceIBMPolicyAssignmentPolicyAssignmentV1OptionsRootTemplateToMap(model *iampolicymanagementv1.PolicyAssignmentV1OptionsRootTemplate) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - if model.ID != nil { - modelMap["id"] = *model.ID - } - if model.Version != nil { - modelMap["version"] = *model.Version - } - return modelMap, nil -} - -func ResourceIBMPolicyAssignmentPolicyAssignmentV1OptionsRootToMap(model *iampolicymanagementv1.PolicyAssignmentV1OptionsRoot) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - if model.RequesterID != nil { - modelMap["requester_id"] = *model.RequesterID - } - if model.AssignmentID != nil { - modelMap["assignment_id"] = *model.AssignmentID - } - if model.Template != nil { - templateMap, err := ResourceIBMPolicyAssignmentPolicyAssignmentV1OptionsRootTemplateToMap(model.Template) - if err != nil { - return modelMap, err - } - modelMap["template"] = []map[string]interface{}{templateMap} - } - return modelMap, nil -} - -func ResourceIBMPolicyAssignmentPolicyAssignmentV1OptionsToMap(model *iampolicymanagementv1.PolicyAssignmentV1Options) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - rootMap, err := ResourceIBMPolicyAssignmentPolicyAssignmentV1OptionsRootToMap(model.Root) - if err != nil { - return modelMap, err - } - modelMap["root"] = []map[string]interface{}{rootMap} - return modelMap, nil -} - func DataSourceIBMPolicyAssignmentPolicyAssignmentV1Subject(model *iampolicymanagementv1.GetPolicyAssignmentResponseSubject) (map[string]interface{}, error) { modelMap := make(map[string]interface{}) if model.ID != nil { diff --git a/ibm/service/iampolicy/data_source_ibm_iam_policy_assignments.go b/ibm/service/iampolicy/data_source_ibm_iam_policy_assignments.go index d3cb74ae4a2..eeb0bbc7650 100644 --- a/ibm/service/iampolicy/data_source_ibm_iam_policy_assignments.go +++ b/ibm/service/iampolicy/data_source_ibm_iam_policy_assignments.go @@ -58,50 +58,6 @@ func DataSourceIBMIAMPolicyAssignments() *schema.Resource { Type: schema.TypeString, }, }, - "options": { - Type: schema.TypeList, - Computed: true, - Description: "The set of properties required for a policy assignment.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "root": { - Type: schema.TypeList, - Computed: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "requester_id": { - Type: schema.TypeString, - Computed: true, - }, - "assignment_id": { - Type: schema.TypeString, - Computed: true, - Description: "Passed in value to correlate with other assignments.", - }, - "template": { - Type: schema.TypeList, - Computed: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "id": { - Type: schema.TypeString, - Computed: true, - Description: "The template id where this policy is being assigned from.", - }, - "version": { - Type: schema.TypeString, - Computed: true, - Description: "The template version where this policy is being assigned from.", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, "id": { Type: schema.TypeString, Computed: true, @@ -370,7 +326,7 @@ func ResourceIBMPolicyAssignmentAssignmentTargetDetailsToMap(model *iampolicyman func ResourceIBMPolicyAssignmentResourceTargetDetailsToMap(model *iampolicymanagementv1.AssignmentTargetDetails) (map[string]interface{}, error) { modelMap := make(map[string]interface{}) if model.Type != nil { - modelMap["version"] = *model.Type + modelMap["type"] = *model.Type } if model.ID != nil { modelMap["id"] = *model.ID @@ -394,13 +350,6 @@ func DataSourceIBMPolicyAssignmentPolicyTemplateAssignmentItemsToMap(model iampo } modelMap["target"] = targetMap } - if model.Options != nil { - optionsMap, err := DataSourceIBMPolicyAssignmentPolicyAssignmentV1OptionsToMap(model.Options) - if err != nil { - return modelMap, err - } - modelMap["options"] = []map[string]interface{}{optionsMap} - } if model.ID != nil { modelMap["id"] = *model.ID } @@ -476,45 +425,6 @@ func DataSourceIBMPolicyAssignmentAssignmentTargetDetailsToMap(model *iampolicym return modelMap, nil } -func DataSourceIBMPolicyAssignmentPolicyAssignmentV1OptionsToMap(model *iampolicymanagementv1.PolicyAssignmentV1Options) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - rootMap, err := DataSourceIBMPolicyAssignmentPolicyAssignmentV1OptionsRootToMap(model.Root) - if err != nil { - return modelMap, err - } - modelMap["root"] = []map[string]interface{}{rootMap} - return modelMap, nil -} - -func DataSourceIBMPolicyAssignmentPolicyAssignmentV1OptionsRootToMap(model *iampolicymanagementv1.PolicyAssignmentV1OptionsRoot) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - if model.RequesterID != nil { - modelMap["requester_id"] = *model.RequesterID - } - if model.AssignmentID != nil { - modelMap["assignment_id"] = *model.AssignmentID - } - if model.Template != nil { - templateMap, err := DataSourceIBMPolicyAssignmentPolicyAssignmentV1OptionsRootTemplateToMap(model.Template) - if err != nil { - return modelMap, err - } - modelMap["template"] = []map[string]interface{}{templateMap} - } - return modelMap, nil -} - -func DataSourceIBMPolicyAssignmentPolicyAssignmentV1OptionsRootTemplateToMap(model *iampolicymanagementv1.PolicyAssignmentV1OptionsRootTemplate) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - if model.ID != nil { - modelMap["id"] = *model.ID - } - if model.Version != nil { - modelMap["version"] = *model.Version - } - return modelMap, nil -} - func DataSourceIBMPolicyAssignmentPolicyAssignmentV1ResourcesToMap(model *iampolicymanagementv1.PolicyAssignmentV1Resources) (map[string]interface{}, error) { modelMap := make(map[string]interface{}) if model.Target != nil { @@ -665,17 +575,6 @@ func DataSourceIBMPolicyAssignmentPolicyTemplateAssignmentItemsPolicyAssignmentT if model.Target != nil { modelMap["target"] = *model.Target } - if model.Options != nil { - options := []map[string]interface{}{} - for _, optionsItem := range model.Options { - optionsItemMap, err := DataSourceIBMPolicyAssignmentPolicyAssignmentOptionsToMap(&optionsItem) - if err != nil { - return modelMap, err - } - options = append(options, optionsItemMap) - } - modelMap["options"] = options - } if model.ID != nil { modelMap["id"] = *model.ID } @@ -714,20 +613,6 @@ func DataSourceIBMPolicyAssignmentPolicyTemplateAssignmentItemsPolicyAssignmentT return modelMap, nil } -func DataSourceIBMPolicyAssignmentPolicyAssignmentOptionsToMap(model *iampolicymanagementv1.PolicyAssignmentOptions) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - modelMap["subject_type"] = *model.SubjectType - modelMap["subject_id"] = *model.SubjectID - modelMap["root_requester_id"] = *model.RootRequesterID - if model.RootTemplateID != nil { - modelMap["root_template_id"] = *model.RootTemplateID - } - if model.RootTemplateVersion != nil { - modelMap["root_template_version"] = *model.RootTemplateVersion - } - return modelMap, nil -} - func DataSourceIBMPolicyAssignmentPolicyAssignmentResourcesToMap(model *iampolicymanagementv1.PolicyAssignmentResources) (map[string]interface{}, error) { modelMap := make(map[string]interface{}) if model.Target != nil { diff --git a/ibm/service/iampolicy/resource_ibm_iam_policy_assignment.go b/ibm/service/iampolicy/resource_ibm_iam_policy_assignment.go index 1c165585510..9072c9f76d9 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_policy_assignment.go +++ b/ibm/service/iampolicy/resource_ibm_iam_policy_assignment.go @@ -66,54 +66,6 @@ func ResourceIBMIAMPolicyAssignment() *schema.Resource { }, }, }, - "options": { - Type: schema.TypeList, - MinItems: 1, - MaxItems: 1, - Required: true, - Description: "The set of properties required for a policy assignment.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "root": { - Type: schema.TypeList, - MinItems: 1, - MaxItems: 1, - Required: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "requester_id": { - Type: schema.TypeString, - Required: true, - }, - "assignment_id": { - Type: schema.TypeString, - Optional: true, - Description: "Passed in value to correlate with other assignments.", - }, - "template": { - Type: schema.TypeList, - Optional: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "id": { - Type: schema.TypeString, - Optional: true, - Description: "The template id where this policy is being assigned from.", - }, - "version": { - Type: schema.TypeString, - Optional: true, - Description: "The template version where this policy is being assigned from.", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, "account_id": { Type: schema.TypeString, Computed: true, @@ -304,11 +256,6 @@ func resourceIBMPolicyAssignmentCreate(context context.Context, d *schema.Resour return diag.FromErr(err) } createPolicyTemplateAssignmentOptions.SetTarget(targetModel) - optionsModel, err := ResourceIBMPolicyAssignmentMapToPolicyAssignmentV1Options(d.Get("options.0").(map[string]interface{})) - if err != nil { - return diag.FromErr(err) - } - createPolicyTemplateAssignmentOptions.SetOptions(optionsModel) var templates []iampolicymanagementv1.AssignmentTemplateDetails for _, v := range d.Get("templates").([]interface{}) { value := v.(map[string]interface{}) @@ -368,13 +315,6 @@ func resourceIBMPolicyAssignmentRead(context context.Context, d *schema.Resource if err = d.Set("target", targetMap); err != nil { return diag.FromErr(fmt.Errorf("error setting target: %s", err)) } - optionsMap, err := ResourceIBMPolicyAssignmentPolicyAssignmentV1OptionsToMap(assignmentDetails.Options) - if err != nil { - return diag.FromErr(err) - } - if err = d.Set("options", []map[string]interface{}{optionsMap}); err != nil { - return diag.FromErr(fmt.Errorf("error setting options: %s", err)) - } if !core.IsNil(assignmentDetails.AccountID) { if err = d.Set("account_id", assignmentDetails.AccountID); err != nil { return diag.FromErr(fmt.Errorf("error setting account_id: %s", err)) @@ -516,45 +456,6 @@ func ResourceIBMPolicyAssignmentMapToAssignmentTargetDetails(modelMap map[string return model, nil } -func ResourceIBMPolicyAssignmentMapToPolicyAssignmentV1Options(modelMap map[string]interface{}) (*iampolicymanagementv1.PolicyAssignmentV1Options, error) { - model := &iampolicymanagementv1.PolicyAssignmentV1Options{} - RootModel, err := ResourceIBMPolicyAssignmentMapToPolicyAssignmentV1OptionsRoot(modelMap["root"].([]interface{})[0].(map[string]interface{})) - if err != nil { - return model, err - } - model.Root = RootModel - return model, nil -} - -func ResourceIBMPolicyAssignmentMapToPolicyAssignmentV1OptionsRoot(modelMap map[string]interface{}) (*iampolicymanagementv1.PolicyAssignmentV1OptionsRoot, error) { - model := &iampolicymanagementv1.PolicyAssignmentV1OptionsRoot{} - if modelMap["requester_id"] != nil && modelMap["requester_id"].(string) != "" { - model.RequesterID = core.StringPtr(modelMap["requester_id"].(string)) - } - if modelMap["assignment_id"] != nil && modelMap["assignment_id"].(string) != "" { - model.AssignmentID = core.StringPtr(modelMap["assignment_id"].(string)) - } - if modelMap["template"] != nil && len(modelMap["template"].([]interface{})) > 0 { - TemplateModel, err := ResourceIBMPolicyAssignmentMapToPolicyAssignmentV1OptionsRootTemplate(modelMap["template"].([]interface{})[0].(map[string]interface{})) - if err != nil { - return model, err - } - model.Template = TemplateModel - } - return model, nil -} - -func ResourceIBMPolicyAssignmentMapToPolicyAssignmentV1OptionsRootTemplate(modelMap map[string]interface{}) (*iampolicymanagementv1.PolicyAssignmentV1OptionsRootTemplate, error) { - model := &iampolicymanagementv1.PolicyAssignmentV1OptionsRootTemplate{} - if modelMap["id"] != nil && modelMap["id"].(string) != "" { - model.ID = core.StringPtr(modelMap["id"].(string)) - } - if modelMap["version"] != nil && modelMap["version"].(string) != "" { - model.Version = core.StringPtr(modelMap["version"].(string)) - } - return model, nil -} - func ResourceIBMPolicyAssignmentMapToAssignmentTemplateDetails(modelMap map[string]interface{}) (*iampolicymanagementv1.AssignmentTemplateDetails, error) { model := &iampolicymanagementv1.AssignmentTemplateDetails{} if modelMap["id"] != nil && modelMap["id"].(string) != "" { diff --git a/ibm/service/iampolicy/resource_ibm_iam_policy_assignment_test.go b/ibm/service/iampolicy/resource_ibm_iam_policy_assignment_test.go index aa01ea03ad3..925fe756b10 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_policy_assignment_test.go +++ b/ibm/service/iampolicy/resource_ibm_iam_policy_assignment_test.go @@ -46,6 +46,30 @@ func TestAccIBMPolicyAssignmentBasic(t *testing.T) { }) } +func TestAccIBMPolicyAssignmentS2SBasic(t *testing.T) { + var conf iampolicymanagementv1.GetPolicyAssignmentResponse + var name string = fmt.Sprintf("TerraformTemplateTest%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMPolicyAssignmentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPolicyAssignmentS2SConfigBasic(name, acc.TargetAccountId), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMPolicyAssignmentExists("ibm_iam_policy_assignment.policy_assignment", conf), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_s2s_template", "name", name), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_s2s_template", "policy.0.resource.0.attributes.0.value", "is"), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_s2s_template", "policy.0.resource.0.attributes.1.value", "true"), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_s2s_template", "policy.0.subject.0.attributes.0.value", "is"), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_s2s_template", "policy.0.subject.0.attributes.1.value", "backup-policy"), + ), + }, + }, + }) +} + func testAccCheckIBMPolicyAssignmentConfigBasic(name string, targetId string) string { return fmt.Sprintf(` resource "ibm_iam_policy_template" "policy_s2s_template" { @@ -77,23 +101,66 @@ func testAccCheckIBMPolicyAssignmentConfigBasic(name string, targetId string) st type = "Account" id = "%s" } + templates{ + id = ibm_iam_policy_template.policy_s2s_template.template_id + version = ibm_iam_policy_template.policy_s2s_template.version + } + }`, name, targetId) +} - options { - root { - requester_id = "orchestrator" - assignment_id = "test" +func testAccCheckIBMPolicyAssignmentS2SConfigBasic(name string, targetId string) string { + return fmt.Sprintf(` + resource "ibm_iam_policy_template" "policy_s2s_template" { + name = "%s" + policy { + type = "authorization" + description = "Test terraform enterprise S2S" + resource { + attributes { + key = "serviceName" + operator = "stringEquals" + value = "is" + } + attributes { + key = "volumeId" + operator = "stringExists" + value = "true" + } + } + subject { + attributes { + key = "serviceName" + operator = "stringEquals" + value = "is" + } + attributes { + key = "resourceType" + operator = "stringEquals" + value = "backup-policy" + } } + roles = ["Operator"] + } + committed=true + } + resource "ibm_iam_policy_assignment" "policy_assignment" { + version = "1.0" + target ={ + type = "Account" + id = "%s" } templates{ id = ibm_iam_policy_template.policy_s2s_template.template_id version = ibm_iam_policy_template.policy_s2s_template.version } - }`, name, targetId) + } + + `, name, targetId) } func testAccCheckIBMPolicyAssignmentConfigUpdate(name string, targetId string) string { return fmt.Sprintf(` - resource "ibm_iam_policy_template" "policy_s2s_template" { + resource "ibm_iam_policy_template" "policy_s2stemplate" { name = "%s" policy { type = "authorization" @@ -147,17 +214,10 @@ func testAccCheckIBMPolicyAssignmentConfigUpdate(name string, targetId string) s id = "%s" } - options { - root { - requester_id = "orchestrator" - assignment_id = "test" - } - } templates{ - id = ibm_iam_policy_template.policy_s2s_template.template_id - version = ibm_iam_policy_template.policy_s2s_template.version + id = ibm_iam_policy_template.policy_s2stemplate.template_id + version = ibm_iam_policy_template.policy_s2stemplate.version } - template_version=ibm_iam_policy_template_version.template_version.version }`, name, targetId) } diff --git a/ibm/service/iampolicy/resource_ibm_iam_policy_template.go b/ibm/service/iampolicy/resource_ibm_iam_policy_template.go index b43d37ca6a6..a00617d4e6b 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_policy_template.go +++ b/ibm/service/iampolicy/resource_ibm_iam_policy_template.go @@ -55,7 +55,7 @@ func ResourceIBMIAMPolicyTemplate() *schema.Resource { }, "resource": { Type: schema.TypeList, - Required: true, + Optional: true, Description: "The resource attributes to which the policy grants access.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -173,7 +173,7 @@ func ResourceIBMIAMPolicyTemplate() *schema.Resource { }, "roles": { Type: schema.TypeList, - Required: true, + Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, Description: "Role names of the policy definition", }, @@ -310,6 +310,7 @@ func resourceIBMIAMPolicyTemplateCreate(context context.Context, d *schema.Resou } func generateTemplatePolicy(d *schema.ResourceData, iamPolicyManagementClient *iampolicymanagementv1.IamPolicyManagementV1) (*iampolicymanagementv1.TemplatePolicy, error) { + var sourceServiceName, targetServiceName, serviceGroupID string model := &iampolicymanagementv1.TemplatePolicy{} modelMap := d.Get("policy.0").(map[string]interface{}) model.Type = core.StringPtr(modelMap["type"].(string)) @@ -317,19 +318,125 @@ func generateTemplatePolicy(d *schema.ResourceData, iamPolicyManagementClient *i if modelMap["description"] != nil && modelMap["description"].(string) != "" { model.Description = core.StringPtr(modelMap["description"].(string)) } - ResourceModel, roleList, err := generateTemplatePolicyResource(modelMap["resource"].([]interface{})[0].(map[string]interface{}), iamPolicyManagementClient) + var roleList *iampolicymanagementv1.RoleCollection + listRoleOptions := &iampolicymanagementv1.ListRolesOptions{} + var err error + if _, ok := d.GetOk("policy.0.resource"); ok { + modelMap := modelMap["resource"].([]interface{})[0].(map[string]interface{}) + modelResource := &iampolicymanagementv1.V2PolicyResource{} + attributes := []iampolicymanagementv1.V2PolicyResourceAttribute{} + for _, attributesItem := range modelMap["attributes"].([]interface{}) { + attributesItemModel := &iampolicymanagementv1.V2PolicyResourceAttribute{} + attributesItemModel.Key = core.StringPtr(attributesItem.(map[string]interface{})["key"].(string)) + attributesItemModel.Operator = core.StringPtr(attributesItem.(map[string]interface{})["operator"].(string)) + attributesItemModel.Value = attributesItem.(map[string]interface{})["value"].(string) + + if *attributesItemModel.Key == "serviceName" && + (*attributesItemModel.Operator == "stringMatch" || + *attributesItemModel.Operator == "stringEquals") { + targetServiceName = fmt.Sprintf("%v", attributesItemModel.Value) + } + + if *attributesItemModel.Key == "service_group_id" && (*attributesItemModel.Operator == "stringMatch" || + *attributesItemModel.Operator == "stringEquals") { + serviceGroupID = fmt.Sprintf("%v", attributesItemModel.Value) + } + + if *attributesItemModel.Key == "serviceType" && attributesItemModel.Value.(string) == "service" && (*attributesItemModel.Operator == "stringMatch" || + *attributesItemModel.Operator == "stringEquals") { + listRoleOptions.ServiceName = core.StringPtr("alliamserviceroles") + } + + if *model.Type == "authorization" && *attributesItemModel.Key == "resourceType" && targetServiceName == "" { + targetServiceName = "resource-controller" + } + + if *attributesItemModel.Operator == "stringExists" { + if attributesItemModel.Value == "true" { + attributesItemModel.Value = true + } else if attributesItemModel.Value == "false" { + attributesItemModel.Value = false + } else { + return model, fmt.Errorf("[ERROR] When operator equals stringExists, value should be either \"true\" or \"false\", instead of %s", + attributesItemModel.Value) + } + } + + attributes = append(attributes, *attributesItemModel) + } + modelResource.Attributes = attributes + if modelMap["tags"] != nil { + tags := []iampolicymanagementv1.V2PolicyResourceTag{} + for _, tagsItem := range modelMap["tags"].([]interface{}) { + tagsItemModel, err := generateTemplatePolicyTag(tagsItem.(map[string]interface{})) + if err != nil { + return model, err + } + tags = append(tags, *tagsItemModel) + } + modelResource.Tags = tags + } + model.Resource = modelResource + } + + // check subject only for authorization type + if _, ok := d.GetOk("policy.0.subject"); ok { + modelMap := (modelMap["subject"]).(*schema.Set).List() + modelSubject := &iampolicymanagementv1.V2PolicySubject{} + attributes := []iampolicymanagementv1.V2PolicySubjectAttribute{} + for _, attributesItem := range modelMap { + attribute := (attributesItem.(map[string]interface{}))["attributes"] + for _, item := range (attribute).([]interface{}) { + attributesItemModel := &iampolicymanagementv1.V2PolicySubjectAttribute{} + attributesItemModel.Key = core.StringPtr((item.((map[string]interface{}))["key"].(string))) + attributesItemModel.Operator = core.StringPtr(item.(map[string]interface{})["operator"].(string)) + attributesItemModel.Value = core.StringPtr(item.((map[string]interface{}))["value"].(string)) + if *attributesItemModel.Key == "serviceName" { + sourceServiceName = item.((map[string]interface{}))["value"].(string) + } + if *attributesItemModel.Operator == "stringExists" { + if attributesItemModel.Value == "true" { + attributesItemModel.Value = true + } else if attributesItemModel.Value == "false" { + attributesItemModel.Value = false + } else { + return model, fmt.Errorf("[ERROR] Only values \"true\" and \"false\" are allowed when operator is \"stringExists\". Received %s.", attributesItemModel.Value) + } + } + if *model.Type == "authorization" && *attributesItemModel.Operator == "" && attributesItemModel.Value == "*" && *attributesItemModel.Key == "resourceGroupId" { + attributesItemModel.Value = true + *attributesItemModel.Operator = "stringExists" + } + attributes = append(attributes, *attributesItemModel) + } + } + modelSubject.Attributes = attributes + model.Subject = modelSubject + } + + if targetServiceName != "" { + listRoleOptions.ServiceName = &targetServiceName + } + if serviceGroupID != "" { + listRoleOptions.ServiceGroupID = &serviceGroupID + } + if sourceServiceName != "" { + listRoleOptions.SourceServiceName = &sourceServiceName + listRoleOptions.PolicyType = core.StringPtr("authorization") + } + roles, _, err := iamPolicyManagementClient.ListRoles(listRoleOptions) + roleList = roles if err != nil { return model, err } - model.Resource = ResourceModel - if _, ok := d.GetOk("policy.0.subject"); ok { - subjectModel, err := generateTemplatePolicySubject(((modelMap["subject"]).(*schema.Set).List()), - iamPolicyManagementClient) + if _, ok := d.GetOk("policy.0.roles"); ok && roleList != nil { + controlModel, err := generateTemplatePolicyControl(modelMap["roles"].([]interface{}), roleList) if err != nil { - return model, err + return nil, err } - model.Subject = subjectModel + + model.Control = controlModel } if modelMap["pattern"] != nil && modelMap["pattern"].(string) != "" { @@ -376,83 +483,6 @@ func generateTemplatePolicy(d *schema.ResourceData, iamPolicyManagementClient *i } model.Rule = rule } - - controlModel, err := generateTemplatePolicyControl(modelMap["roles"].([]interface{}), roleList) - if err != nil { - return nil, err - } - - model.Control = controlModel - return model, nil -} - -func generateTemplatePolicyResource(modelMap map[string]interface{}, - iamPolicyManagementClient *iampolicymanagementv1.IamPolicyManagementV1) (*iampolicymanagementv1.V2PolicyResource, *iampolicymanagementv1.RoleCollection, error) { - model := &iampolicymanagementv1.V2PolicyResource{} - attributes := []iampolicymanagementv1.V2PolicyResourceAttribute{} - roleList := &iampolicymanagementv1.RoleCollection{} - listRoleOptions := &iampolicymanagementv1.ListRolesOptions{} - for _, attributesItem := range modelMap["attributes"].([]interface{}) { - attributesItemModel := &iampolicymanagementv1.V2PolicyResourceAttribute{} - attributesItemModel.Key = core.StringPtr(attributesItem.(map[string]interface{})["key"].(string)) - attributesItemModel.Operator = core.StringPtr(attributesItem.(map[string]interface{})["operator"].(string)) - attributesItemModel.Value = attributesItem.(map[string]interface{})["value"].(string) - - if *attributesItemModel.Key == "serviceName" && - (*attributesItemModel.Operator == "stringMatch" || - *attributesItemModel.Operator == "stringEquals") { - listRoleOptions.ServiceName = core.StringPtr(attributesItemModel.Value.(string)) - } - - if *attributesItemModel.Key == "service_group_id" && (*attributesItemModel.Operator == "stringMatch" || - *attributesItemModel.Operator == "stringEquals") { - listRoleOptions.ServiceGroupID = core.StringPtr(attributesItemModel.Value.(string)) - } - - if *attributesItemModel.Key == "serviceType" && attributesItemModel.Value.(string) == "service" && (*attributesItemModel.Operator == "stringMatch" || - *attributesItemModel.Operator == "stringEquals") { - listRoleOptions.ServiceName = core.StringPtr("alliamserviceroles") - } - - roles, _, err := iamPolicyManagementClient.ListRoles(listRoleOptions) - if err != nil { - return model, nil, err - } - - attributes = append(attributes, *attributesItemModel) - roleList = roles - } - model.Attributes = attributes - if modelMap["tags"] != nil { - tags := []iampolicymanagementv1.V2PolicyResourceTag{} - for _, tagsItem := range modelMap["tags"].([]interface{}) { - tagsItemModel, err := generateTemplatePolicyTag(tagsItem.(map[string]interface{})) - if err != nil { - return model, nil, err - } - tags = append(tags, *tagsItemModel) - } - model.Tags = tags - } - return model, roleList, nil -} - -func generateTemplatePolicySubject(modelMap []interface{}, - iamPolicyManagementClient *iampolicymanagementv1.IamPolicyManagementV1) (*iampolicymanagementv1.V2PolicySubject, error) { - model := &iampolicymanagementv1.V2PolicySubject{} - attributes := []iampolicymanagementv1.V2PolicySubjectAttribute{} - for _, attributesItem := range modelMap { - attribute := (attributesItem.(map[string]interface{}))["attributes"] - for _, item := range (attribute).([]interface{}) { - attributesItemModel := &iampolicymanagementv1.V2PolicySubjectAttribute{} - attributesItemModel.Key = core.StringPtr((item.((map[string]interface{}))["key"].(string))) - attributesItemModel.Operator = core.StringPtr(item.(map[string]interface{})["operator"].(string)) - attributesItemModel.Value = core.StringPtr(item.(map[string]interface{})["value"].(string)) - - attributes = append(attributes, *attributesItemModel) - } - } - model.Attributes = attributes return model, nil } @@ -486,34 +516,42 @@ func flattenTemplatePolicy(model *iampolicymanagementv1.TemplatePolicy, iamPolic if model.Description != nil { modelMap["description"] = model.Description } - resourceMap, roleList, err := flattenTemplatePolicyResource(model.Resource, iamPolicyManagementClient) - - if err != nil { - return nil, err - } - + var subjectMap map[string]interface{} + var err error + listRoleOptions := &iampolicymanagementv1.ListRolesOptions{} // Check subject details exists if model.Subject != nil { - subjectMap, err := flattenTemplatePolicySubject(model.Subject, iamPolicyManagementClient) + subjectMap, listRoleOptions, err = flattenTemplatePolicySubject(model.Subject, listRoleOptions) if err != nil { return nil, err } modelMap["subject"] = []map[string]interface{}{subjectMap} } - controlResponse := model.Control - policyRoles := flex.MapRolesToPolicyRoles(controlResponse.Grant.Roles) - roles := flex.MapRoleListToPolicyRoles(*roleList) - - roleNames := []string{} - for _, role := range policyRoles { - role, err := flex.FindRoleByCRN(roles, *role.RoleID) + if *model.Type == "authorization" { + listRoleOptions.SetPolicyType("authorization") + } + if model.Resource != nil { + resourceMap, roleList, err := flattenTemplatePolicyResource(model.Resource, listRoleOptions, iamPolicyManagementClient) if err != nil { return nil, err } - roleNames = append(roleNames, *role.DisplayName) + controlResponse := model.Control + policyRoles := flex.MapRolesToPolicyRoles(controlResponse.Grant.Roles) + + rolesWithCrn := flex.MapRoleListToPolicyRoles(*roleList) + roleNames := []string{} + for _, role := range policyRoles { + role, err := flex.FindRoleByCRN(rolesWithCrn, *role.RoleID) + if err != nil { + return nil, err + } + roleNames = append(roleNames, *role.DisplayName) + } + modelMap["resource"] = []map[string]interface{}{resourceMap} + modelMap["roles"] = roleNames } - modelMap["resource"] = []map[string]interface{}{resourceMap} + if model.Pattern != nil { modelMap["pattern"] = model.Pattern } @@ -523,16 +561,12 @@ func flattenTemplatePolicy(model *iampolicymanagementv1.TemplatePolicy, iamPolic modelMap["rule_operator"] = model.Rule.(*iampolicymanagementv1.V2PolicyRule).Operator } } - modelMap["roles"] = roleNames return modelMap, nil } -func flattenTemplatePolicyResource(model *iampolicymanagementv1.V2PolicyResource, - iamPolicyManagementClient *iampolicymanagementv1.IamPolicyManagementV1) (map[string]interface{}, *iampolicymanagementv1.RoleCollection, error) { +func flattenTemplatePolicyResource(model *iampolicymanagementv1.V2PolicyResource, listRoleOptions *iampolicymanagementv1.ListRolesOptions, iamPolicyManagementClient *iampolicymanagementv1.IamPolicyManagementV1) (map[string]interface{}, *iampolicymanagementv1.RoleCollection, error) { modelMap := make(map[string]interface{}) attributes := []map[string]interface{}{} - listRoleOptions := &iampolicymanagementv1.ListRolesOptions{} - var roles *iampolicymanagementv1.RoleCollection for _, attributesItem := range model.Attributes { if *attributesItem.Key == "serviceName" && @@ -550,17 +584,10 @@ func flattenTemplatePolicyResource(model *iampolicymanagementv1.V2PolicyResource *attributesItem.Operator == "stringEquals") { listRoleOptions.ServiceName = core.StringPtr("alliamserviceroles") } - - roleList, _, err := iamPolicyManagementClient.ListRoles(listRoleOptions) - roles = roleList - if err != nil { - return nil, nil, err - } attributesItemMap := make(map[string]interface{}) attributesItemMap["key"] = *attributesItem.Key attributesItemMap["operator"] = *attributesItem.Operator - attributesItemMap["value"] = *&attributesItem.Value - + attributesItemMap["value"] = fmt.Sprintf("%v", attributesItem.Value) attributes = append(attributes, attributesItemMap) } modelMap["attributes"] = attributes @@ -575,23 +602,27 @@ func flattenTemplatePolicyResource(model *iampolicymanagementv1.V2PolicyResource } modelMap["tags"] = tags } - return modelMap, roles, nil + roleList, _, err := iamPolicyManagementClient.ListRoles(listRoleOptions) + if err != nil { + return nil, nil, err + } + return modelMap, roleList, nil } -func flattenTemplatePolicySubject(model *iampolicymanagementv1.V2PolicySubject, - iamPolicyManagementClient *iampolicymanagementv1.IamPolicyManagementV1) (map[string]interface{}, error) { +func flattenTemplatePolicySubject(model *iampolicymanagementv1.V2PolicySubject, listRoleOptions *iampolicymanagementv1.ListRolesOptions) (map[string]interface{}, *iampolicymanagementv1.ListRolesOptions, error) { modelMap := make(map[string]interface{}) attributes := []map[string]interface{}{} - for _, attributesItem := range model.Attributes { attributesItemMap := make(map[string]interface{}) attributesItemMap["key"] = *attributesItem.Key attributesItemMap["operator"] = *attributesItem.Operator attributesItemMap["value"] = *&attributesItem.Value - + if *attributesItem.Key == "serviceName" { + listRoleOptions.SourceServiceName = core.StringPtr(fmt.Sprintf("%v", attributesItem.Value)) + } attributes = append(attributes, attributesItemMap) } modelMap["attributes"] = attributes - return modelMap, nil + return modelMap, listRoleOptions, nil } diff --git a/ibm/service/iampolicy/resource_ibm_iam_policy_template_test.go b/ibm/service/iampolicy/resource_ibm_iam_policy_template_test.go index 4106668c9af..65e82dae136 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_policy_template_test.go +++ b/ibm/service/iampolicy/resource_ibm_iam_policy_template_test.go @@ -44,6 +44,34 @@ func TestAccIBMIAMPolicyTemplateBasic(t *testing.T) { }) } +func TestAccIBMIAMPolicyTemplateBasicS2SUpdateTest(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMPolicyTemplateDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPolicyS2STemplateUpdateConfigBasicTest(name, "Service ID creator", "iam-identity", "secrets-manager"), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMPolicyTemplateExists("ibm_iam_policy_template.policy_template", conf), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "name", name), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "policy.0.resource.0.attributes.0.value", "iam-identity"), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "policy.0.subject.0.attributes.0.value", "secrets-manager"), + ), + }, + { + Config: testAccCheckIBMPolicyS2STemplateUpdateConfigBasicTest(name, "Operator", "iam-identity", "secrets-manager"), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMPolicyTemplateExists("ibm_iam_policy_template.policy_template", conf), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "name", name), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "policy.0.resource.0.attributes.0.value", "iam-identity"), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "policy.0.subject.0.attributes.0.value", "secrets-manager"), + ), + }, + }, + }) +} + func TestAccIBMIAMPolicyTemplateBasicUpdate(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, @@ -108,6 +136,23 @@ func TestAccIBMIAMPolicyTemplateBasicCommit(t *testing.T) { }) } +func TestAccIBMIAMPolicyTemplateBasicCommitWithPolicyType(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMPolicyTemplateDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPolicyTemplateConfigBasicTest(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMPolicyTemplateExists("ibm_iam_policy_template.policy_template", conf), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "name", name), + ), + }, + }, + }) +} + func TestAccIBMIAMPolicyTemplateBasicS2S(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, @@ -127,6 +172,27 @@ func TestAccIBMIAMPolicyTemplateBasicS2S(t *testing.T) { }) } +func TestAccIBMIAMPolicyTemplateBasicS2STest(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMPolicyTemplateDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPolicyS2STemplateConfigBasicTest("TerraformS2STest", "is", "true", "is", "backup-policy"), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMPolicyTemplateExists("ibm_iam_policy_template.policy_template", conf), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "name", "TerraformS2STest"), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "policy.0.resource.0.attributes.0.value", "is"), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "policy.0.resource.0.attributes.1.value", "true"), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "policy.0.subject.0.attributes.0.value", "is"), + resource.TestCheckResourceAttr("ibm_iam_policy_template.policy_template", "policy.0.subject.0.attributes.1.value", "backup-policy"), + ), + }, + }, + }) +} + func TestAccIBMIAMPolicyTemplateBasicS2SUpdate(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, @@ -241,6 +307,77 @@ func testAccCheckIBMPolicyTemplateConfigBasic(name string, serviceName string) s `, name, serviceName) } +func testAccCheckIBMPolicyS2STemplateUpdateConfigBasicTest(name string, role string, resourceServiceName string, subjectServiceName string) string { + return fmt.Sprintf(` + + resource "ibm_iam_policy_template" "policy_template" { + name = "%s" + policy { + description = "description" + roles = [ + "%s", + ] + type = "authorization" + + resource { + attributes { + key = "serviceName" + operator = "stringEquals" + value = "%s" + } + } + + subject { + attributes { + key = "serviceName" + operator = "stringEquals" + value = "%s" + } + } + } + } + `, name, role, resourceServiceName, subjectServiceName) +} + +func testAccCheckIBMPolicyS2STemplateConfigBasicTest(name string, sourceServiceName string, volumeId string, serviceName string, resourceServiceName string) string { + return fmt.Sprintf(` + + resource "ibm_iam_policy_template" "policy_template" { + name = "%s" + policy { + type = "authorization" + description = "Test terraform enterprise S2S" + resource { + attributes { + key = "serviceName" + operator = "stringEquals" + value = "%s" + } + attributes { + key = "volumeId" + operator = "stringExists" + value = "%s" + } + } + subject { + attributes { + key = "serviceName" + operator = "stringEquals" + value = "%s" + } + attributes { + key = "resourceType" + operator = "stringEquals" + value = "%s" + } + } + roles = ["Operator"] + } + committed=true + } + `, name, sourceServiceName, volumeId, serviceName, resourceServiceName) +} + func testAccCheckIBMPolicyS2STemplateConfigBasic(name string, sourceServiceName string, resourceServiceName string) string { return fmt.Sprintf(` @@ -340,6 +477,19 @@ func testAccCheckIBMPolicyTemplateConfigBasicCommit(name string, serviceName str `, name, serviceName) } +func testAccCheckIBMPolicyTemplateConfigBasicTest(name string) string { + return fmt.Sprintf(` + + resource "ibm_iam_policy_template" "policy_template" { + name = "%s" + policy { + type = "access" + description = "description" + } + } + `, name) +} + func testAccCheckIBMPolicyTemplateConfigBasicWithTags(name string, serviceName string, tagValue string) string { return fmt.Sprintf(` diff --git a/ibm/service/iampolicy/resource_ibm_iam_policy_template_version.go b/ibm/service/iampolicy/resource_ibm_iam_policy_template_version.go index 7cd83aeac1c..f13dbc5a133 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_policy_template_version.go +++ b/ibm/service/iampolicy/resource_ibm_iam_policy_template_version.go @@ -55,7 +55,7 @@ func ResourceIBMIAMPolicyTemplateVersion() *schema.Resource { Type: schema.TypeList, MinItems: 1, MaxItems: 1, - Required: true, + Optional: true, Description: "The resource attributes to which the policy grants access.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -206,7 +206,7 @@ func ResourceIBMIAMPolicyTemplateVersion() *schema.Resource { }, "roles": { Type: schema.TypeList, - Required: true, + Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, Description: "Role names of the policy definition", }, diff --git a/ibm/service/iampolicy/resource_ibm_iam_policy_template_version_test.go b/ibm/service/iampolicy/resource_ibm_iam_policy_template_version_test.go index 28de7a1be63..c12060b51d6 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_policy_template_version_test.go +++ b/ibm/service/iampolicy/resource_ibm_iam_policy_template_version_test.go @@ -36,6 +36,23 @@ func TestAccIBMIAMPolicyTemplateVersionBasic(t *testing.T) { }) } +func TestAccIBMIAMPolicyTemplateVersionBasicWithPolcyType(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMPolicyTemplateDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPolicyTemplateVersionConfigBasicWithPolicyType(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMPolicyTemplateExists("ibm_iam_policy_template.policy_template", conf), + resource.TestCheckResourceAttr("ibm_iam_policy_template_version.template_version", "name", name), + ), + }, + }, + }) +} + func TestAccIBMIAMPolicyTemplateVersionUpdateCommit(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, @@ -149,6 +166,27 @@ func testAccCheckIBMPolicyTemplateVersionConfigBasic(name string, serviceName st `, name, serviceName, updatedService) } +func testAccCheckIBMPolicyTemplateVersionConfigBasicWithPolicyType(name string) string { + return fmt.Sprintf(` + resource "ibm_iam_policy_template" "policy_template" { + name = "%s" + policy { + type = "access" + description = "description" + } + } + + resource "ibm_iam_policy_template_version" "template_version" { + template_id = ibm_iam_policy_template.policy_template.template_id + policy { + type = "access" + description = "template description" + } + description = "Template version" + } + `, name) +} + func testAccCheckIBMPolicyTemplateVersionUpdateCommit(name string, serviceName string, updatedService string) string { return fmt.Sprintf(` resource "ibm_iam_policy_template" "policy_template" { diff --git a/website/docs/d/iam_policy_assignment.html.markdown b/website/docs/d/iam_policy_assignment.html.markdown index 0d7af5d2564..a309ddb4cf0 100644 --- a/website/docs/d/iam_policy_assignment.html.markdown +++ b/website/docs/d/iam_policy_assignment.html.markdown @@ -36,16 +36,6 @@ Nested schema for **assignments**: * `id` - (String) Policy assignment ID. * `last_modified_at` - (String) The UTC timestamp when the policy assignment was last modified. * `last_modified_by_id` - (String) The iam ID of the entity that last modified the policy assignment. - * `options` - (Map) objects with required properties for a policy assignment. - Nested schema for **options**: - * `root` - (Map) Assignment root details - Nested schema for **root**: - * `requester_id` - (String) The policy assignment requester id. - * `assignment_id` - (String) The orchestrator assignment id. - * `template` - (Map) template details - Nested schema for **template**: - * `id` - (String) The policy assignment template id. - * `version` - (String) The orchestrator template version. * `resources` - (List) Object for each account assigned. * Constraints: The minimum length is `1` item. Nested schema for **resources**: diff --git a/website/docs/r/policy_assignment.html.markdown b/website/docs/r/policy_assignment.html.markdown index b8be035ad54..cea35cb8bc6 100644 --- a/website/docs/r/policy_assignment.html.markdown +++ b/website/docs/r/policy_assignment.html.markdown @@ -67,12 +67,6 @@ resource "ibm_iam_policy_assignment" "policy_assignment" { id = "" } - options { - root { - requester_id = "orchestrator" - assignment_id = "test" - } - } templates{ id = ibm_iam_policy_template.policy_s2s_template.template_id version = ibm_iam_policy_template.policy_s2s_template.version @@ -89,25 +83,17 @@ You can specify the following arguments for this resource. * `accept_language` - (Optional, String) Language code for translations* `default` - English* `de` - German (Standard)* `en` - English* `es` - Spanish (Spain)* `fr` - French (Standard)* `it` - Italian (Standard)* `ja` - Japanese* `ko` - Korean* `pt-br` - Portuguese (Brazil)* `zh-cn` - Chinese (Simplified, PRC)* `zh-tw` - (Chinese, Taiwan). * Constraints: The default value is `default`. The minimum length is `1` character. -* `options` - (Required, List) The set of properties required for a policy assignment. -Nested schema for **options**: - * `root` - (Required, List) - Nested schema for **root**: - * `assignment_id` - (Optional, String) Passed in value to correlate with other assignments. - * Constraints: The maximum length is `122` characters. The minimum length is `1` character. - * `requester_id` - (Required, String) - * Constraints: The maximum length is `50` characters. The minimum length is `1` character. The value must match regular expression `/^((IBMid)|(iam-ServiceId)|(AccessGroupId)|(iam-Profile)|(SL)|([a-zA-Z0-9]{3,10}))-/`. - * `template` - (Optional, List) - Nested schema for **template**: - * `id` - (Required, String) The template id where this policy is being assigned from. - * Constraints: The maximum length is `300` characters. The minimum length is `1` character. - * `version` - (Required, String) The template version where this policy is being assigned from. - * Constraints: The maximum length is `2` characters. The minimum length is `1` character. The value must match regular expression `/^[0-9]*$/`. +* `templates` - (Required, List) The set of properties required for a policy assignment. +Nested schema for **templates**: + * `id` - (Required, String) ID of the template. + * Constraints: The maximum length is `51` characters. The minimum length is `1` character. The value must match regular expression `/^policyTemplate-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/`. + * `version` - (Required, String) template version . + * Constraints: The maximum length is `2` characters. The minimum length is `1` character. The value must match regular expression `/^[0-9]*$/`. * `target` - (Required, List) assignment target account and type. Nested schema for **target**: - * `id` - (Optional, String) ID of the target account. + * `id` - (Required, String) ID of the target account. * Constraints: The maximum length is `32` characters. The minimum length is `1` character. The value must match regular expression `/^[A-Za-z0-9-]*$/`. - * `type` - (Optional, String) Assignment target type. + * `type` - (Required, String) Assignment target type. * Constraints: Allowable values are: `Account`. The maximum length is `30` characters. The minimum length is `1` character. * `version` - (Required, String) specify version of response body format. * Constraints: Allowable values are: `1.0`. The minimum length is `1` character.