CB-26595 - Add instructions about how to use the user sync resource

deadcode-output.txt

@@ -0,0 +1,2 @@
+utils/slice.go:26:6: unreachable func: TestPublicFunctionToBeFail
+utils/slice.go:30:6: unreachable func: testPrivateFunctionToBeFail

docs/index.md

@@ -32,8 +32,7 @@ terraform {
   }
 }
 
-provider "cdp" {
-}
+provider "cdp" {}
 
 resource "cdp_environments_aws_credential" "example" {
   name        = "example-cdp-aws-credential"

docs/resources/dw_aws_cluster.md

@@ -0,0 +1,126 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "cdp_dw_aws_cluster Resource - terraform-provider-cdp"
+subcategory: ""
+description: |-
+  Creates an AWS Data Warehouse cluster.
+---
+
+# cdp_dw_aws_cluster (Resource)
+
+Creates an AWS Data Warehouse cluster.
+
+## Example Usage
+
+```terraform
+## Copyright 2024 Cloudera. All Rights Reserved.
+#
+# This file is licensed under the Apache License Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+#
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+# OF ANY KIND, either express or implied. Refer to the License for the specific
+# permissions and limitations governing your use of the file.
+
+resource "cdp_dw_aws_cluster" "example" {
+  crn  = cdp_datalake_aws_datalake.example.crn
+  name = "<value>"
+  cluster_id = "<value>"
+  node_role_cdw_managed_policy_arn = "<value>"
+  database_backup_retention_days = 7
+  custom_registry_options = {
+    registry_type = "ECR"
+    repository_url = "<value>"
+  }
+  custom_subdomain = ""
+  network_settings = {
+    worker_subnet_ids = ["<value>", "<value>", "<value>"]
+    load_balancer_subnet_ids = ["<value>", "<value>", "<value>"]
+    use_overlay_network = false
+    whitelist_k8s_cluster_access_ip_cidrs = ["0.0.0.0/0"]
+    whitelist_workload_access_ip_cidrs = ["0.0.0.0/0"]
+    use_private_load_balancer = true
+    use_public_worker_node = false
+  }
+  instance_settings = {
+    custom_ami_id = ""
+    enable_spot_instances = false
+    compute_instance_types = ["<value>"]
+    additional_instance_types = ["<value>"]
+  }
+}
+
+output "crn" {
+  value = cdp_dw_aws_cluster.example.crn
+}
+
+output "cluster_id" {
+  value = cdp_dw_aws_cluster.example.cluster_id
+}
+
+output "name" {
+  value = cdp_dw_aws_cluster.example.name
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `crn` (String) The cloudera resource name of the environment that the cluster will read from.
+- `network_settings` (Attributes) (see [below for nested schema](#nestedatt--network_settings))
+
+### Optional
+
+- `custom_registry_options` (Attributes) (see [below for nested schema](#nestedatt--custom_registry_options))
+- `custom_subdomain` (String) The custom subdomain to keep compatibility with old URL format.
+- `database_backup_retention_days` (Number) The number of days to retain database backups.
+- `instance_settings` (Attributes) (see [below for nested schema](#nestedatt--instance_settings))
+- `node_role_cdw_managed_policy_arn` (String) The managed policy ARN to be attached to the created node instance role.
+
+### Read-Only
+
+- `cluster_id` (String) The id of the cluster.
+- `id` (String) The ID of this resource.
+- `last_updated` (String) Timestamp of the last Terraform update of the order.
+- `name` (String) The name of the cluster matches the environment name.
+
+<a id="nestedatt--network_settings"></a>
+### Nested Schema for `network_settings`
+
+Required:
+
+- `load_balancer_subnet_ids` (List of String) The list of subnet IDs for the load balancer.
+- `use_overlay_network` (Boolean) Whether to use overlay network.
+- `use_private_load_balancer` (Boolean) Whether to use private IP addresses for the load balancer. Determines workload endpoint access.
+- `use_public_worker_node` (Boolean) Whether to use public IP addresses for worker nodes.
+- `worker_subnet_ids` (List of String) The list of subnet IDs for worker nodes.
+
+Optional:
+
+- `whitelist_k8s_cluster_access_ip_cidrs` (List of String) The list of IP CIDRs to allow access for kubernetes cluster API endpoint.
+- `whitelist_workload_access_ip_cidrs` (List of String) The list of IP CIDRs to allow access for workload endpoints.
+
+
+<a id="nestedatt--custom_registry_options"></a>
+### Nested Schema for `custom_registry_options`
+
+Required:
+
+- `registry_type` (String) Registry type, supported values are ECR or ACR.
+- `repository_url` (String) The URL of the registry.
+
+
+<a id="nestedatt--instance_settings"></a>
+### Nested Schema for `instance_settings`
+
+Optional:
+
+- `additional_instance_types` (List of String) The additional instance types that the environment is allowed to use, listed in their priority order. They will be used instead of the primary compute instance type in case it is unavailable. You cannot include any instance type that was already indicated in computeInstanceTypes.
+- `compute_instance_types` (List of String) The compute instance types that the environment is restricted to use. This affects the creation of virtual warehouses where this restriction will apply. Select an instance type that meets your computing, memory, networking, or storage needs. As of now, only a single instance type can be listed.
+- `custom_ami_id` (String) The custom AMI ID to use for worker nodes.
+- `enable_spot_instances` (Boolean) Whether to use spot instances for worker nodes.
+
+

docs/resources/environments_user_sync.md

@@ -9,6 +9,15 @@ description: |-
 
 Synchronizes environments with all users and groups state with CDP.
 
+### About syncing users to environments
+Changes in CDP User Management are enforced immediately in the Management Console, but are not automatically propagated to all workload environments. Therefore, creates, deletes and updates of users, machine users, groups as well as role, resource role and group assignments of users will only be effective for data access and services once these have been synchronized with environments.
+This is possible via UI and CLI. This resource allows users to control the sync behaviour also via Terraform.
+
+### How should this resource be used
+When this resource is created, the provider will initiate the https://cloudera.github.io/cdp-dev-docs/cli-docs/environments/sync-all-users.html command, syncing all users to the environment specified in the resources's environment_name attribute. The create method of this resource will implement a polling, so the resource creation will only be completed, when the sync has successfully finished.
+When a machine user, user-group or user-role assignment resource has been updated (due to password rotation, group membership or role assignment changes), the "environment_user_sync" resource needs to be re-created. This can be enforced by explicitly setting up a dependency relationship between this sync resource and the machines user, etc resources using the "replace_triggered_by" (see https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#replace_triggered_by). Using this ensures that whenever a machine user resource changes, Terraform also triggers the replacement / re-creation of the user_sync resource, effectively triggering a complete user sync to the specified environment.
+This approach allows a fine-grain control of the sync operation.
+
 ## Example Usage
 
 ```terraform

docs/resources/opdb_operational_database.md

@@ -253,6 +253,8 @@ Required:
 
 Optional:
 
+- `async` (Boolean) Boolean value that specifies if Terraform should wait for resource creation/deletion.
+- `call_failure_threshold` (Number) Threshold value that specifies how many times should a single call failure happen before giving up the polling.
 - `polling_timeout` (Number) Timeout value in minutes that specifies for how long should the polling go for resource creation/deletion.
 
 

docs/resources/vw_hive.md

@@ -0,0 +1,28 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "cdp_vw_hive Resource - terraform-provider-cdp"
+subcategory: ""
+description: |-
+
+---
+
+# cdp_vw_hive (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cluster_id` (String) The id of the CDW Cluster which the Hive Virtual Warehouse is attached to.
+- `database_catalog_id` (String) The id of the Database Catalog which the Hive Virtual Warehouse is attached to.
+- `name` (String) The name of the Hive Virtual Warehouse.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

templates/resources/environments_user_sync.md.tmpl

@@ -9,6 +9,15 @@ description: |-
 
 {{ .Description | trimspace }}
 
+### About syncing users to environments
+Changes in CDP User Management are enforced immediately in the Management Console, but are not automatically propagated to all workload environments. Therefore, creates, deletes and updates of users, machine users, groups as well as role, resource role and group assignments of users will only be effective for data access and services once these have been synchronized with environments.
+This is possible via UI and CLI. This resource allows users to control the sync behaviour also via Terraform.
+
+### How should this resource be used
+When this resource is created, the provider will initiate the https://cloudera.github.io/cdp-dev-docs/cli-docs/environments/sync-all-users.html command, syncing all users to the environment specified in the resources's environment_name attribute. The create method of this resource will implement a polling, so the resource creation will only be completed, when the sync has successfully finished.
+When a machine user, user-group or user-role assignment resource has been updated (due to password rotation, group membership or role assignment changes), the "environment_user_sync" resource needs to be re-created. This can be enforced by explicitly setting up a dependency relationship between this sync resource and the machines user, etc resources using the "replace_triggered_by" (see https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#replace_triggered_by). Using this ensures that whenever a machine user resource changes, Terraform also triggers the replacement / re-creation of the user_sync resource, effectively triggering a complete user sync to the specified environment.
+This approach allows a fine-grain control of the sync operation.
+
 {{ if .HasExample -}}
 ## Example Usage