[OPAL-11487] Add request configuration annotations (#85)

* re-add annotations that were nuked * re-add nonemptyplan annotation
opalsecurity · Aug 15, 2024 · 5967d42 · 5967d42
1 parent 5c2767c
commit 5967d42
Show file tree

Hide file tree

Showing 29 changed files with 126 additions and 99 deletions.
diff --git a/.speakeasy/gen.lock b/.speakeasy/gen.lock
@@ -1,12 +1,12 @@
 lockVersion: 2.0.0
 id: b5c8bf75-06e1-47c8-b9ae-ce49ba56069d
 management:
-  docChecksum: 566c7094b91b4157f60932e21989a753
+  docChecksum: f07d631add307c6fc854a72bbbf69e84
   docVersion: "1.0"
-  speakeasyVersion: 1.357.4
-  generationVersion: 2.390.6
-  releaseVersion: 0.24.3
-  configChecksum: 3506768c881a76f07146b4202083b72f
+  speakeasyVersion: 1.368.0
+  generationVersion: 2.399.0
+  releaseVersion: 0.24.5
+  configChecksum: 1bb7b65eb95cc3235b412dffab6f60ae
   repoURL: https://github.com/opalsecurity/terraform-provider-opal.git
   repoSubDirectory: .
   published: true
@@ -15,7 +15,7 @@ features:
     additionalDependencies: 0.1.0
     additionalProperties: 0.1.2
     constsAndDefaults: 0.1.4
-    core: 3.24.6
+    core: 3.24.7
     deprecations: 2.81.1
     envVarSecurityUsage: 0.1.0
     globalSecurity: 2.81.8
@@ -26,7 +26,7 @@ features:
     retries: 2.81.1
     serverIDs: 2.81.1
     sets: 0.1.2
-    unions: 2.81.15
+    unions: 2.81.16
 generatedFiles:
   - internal/sdk/apps.go
   - internal/sdk/configurationtemplates.go

diff --git a/.speakeasy/workflow.lock b/.speakeasy/workflow.lock
@@ -1,17 +1,17 @@
-speakeasyVersion: 1.357.4
+speakeasyVersion: 1.368.0
 sources:
     opal-terraform-provider:
         sourceNamespace: opal-terraform-provider
-        sourceRevisionDigest: sha256:a5402afe3d72ea40dddda35177864b38e043d838b93f6cb7d327a9a9b971681d
-        sourceBlobDigest: sha256:157a8d073ccf351059966422dbcf28db16da022355912581cdaf9b31a81e90fe
+        sourceRevisionDigest: sha256:4e6742c3f42eaffcdd164b09707a6d2292675e1d3082dfe0492dec76433b071a
+        sourceBlobDigest: sha256:4c81bf8e31fddbb38a7c84f672313677283c2c0e9d43fff0d20db43659644259
         tags:
             - latest
 targets:
     terraform:
         source: opal-terraform-provider
         sourceNamespace: opal-terraform-provider
-        sourceRevisionDigest: sha256:a5402afe3d72ea40dddda35177864b38e043d838b93f6cb7d327a9a9b971681d
-        sourceBlobDigest: sha256:157a8d073ccf351059966422dbcf28db16da022355912581cdaf9b31a81e90fe
+        sourceRevisionDigest: sha256:4e6742c3f42eaffcdd164b09707a6d2292675e1d3082dfe0492dec76433b071a
+        sourceBlobDigest: sha256:4c81bf8e31fddbb38a7c84f672313677283c2c0e9d43fff0d20db43659644259
         outLocation: .
 workflow:
     workflowVersion: 1.0.0

diff --git a/docs/data-sources/group.md b/docs/data-sources/group.md
@@ -38,7 +38,7 @@ data "opal_group" "my_group" {
 - `oncall_schedules` (Attributes) The on call schedules attached to the group. (see [below for nested schema](#nestedatt--oncall_schedules))
 - `remote_info` (Attributes) Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. (see [below for nested schema](#nestedatt--remote_info))
 - `remote_name` (String) The name of the remote.
-- `request_configurations` (Attributes List) A list of request configurations for this group. (see [below for nested schema](#nestedatt--request_configurations))
+- `request_configurations` (Attributes Set) A list of request configurations for this group. (see [below for nested schema](#nestedatt--request_configurations))
 - `require_mfa_to_approve` (Boolean) A bool representing whether or not to require MFA for reviewers to approve requests for this group.
 - `visibility` (String) The visibility level of the entity. must be one of ["GLOBAL", "LIMITED"]
 - `visibility_group_ids` (Set of String)

diff --git a/docs/data-sources/group_list.md b/docs/data-sources/group_list.md
@@ -52,7 +52,7 @@ Read-Only:
 - `name` (String) The name of the group.
 - `remote_info` (Attributes) Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. (see [below for nested schema](#nestedatt--results--remote_info))
 - `remote_name` (String) The name of the remote.
-- `request_configurations` (Attributes List) A list of request configurations for this group. (see [below for nested schema](#nestedatt--results--request_configurations))
+- `request_configurations` (Attributes Set) A list of request configurations for this group. (see [below for nested schema](#nestedatt--results--request_configurations))
 - `require_mfa_to_approve` (Boolean) A bool representing whether or not to require MFA for reviewers to approve requests for this group.
 
 <a id="nestedatt--results--remote_info"></a>

diff --git a/docs/data-sources/resource.md b/docs/data-sources/resource.md
@@ -33,7 +33,7 @@ data "opal_resource" "my_resource" {
 - `name` (String) The name of the resource.
 - `parent_resource_id` (String) The ID of the parent resource.
 - `remote_info` (Attributes) Information that defines the remote resource. This replaces the deprecated remote_id and metadata fields. (see [below for nested schema](#nestedatt--remote_info))
-- `request_configurations` (Attributes List) A list of configurations for requests to this resource. (see [below for nested schema](#nestedatt--request_configurations))
+- `request_configurations` (Attributes Set) A list of configurations for requests to this resource. (see [below for nested schema](#nestedatt--request_configurations))
 - `require_mfa_to_approve` (Boolean) A bool representing whether or not to require MFA for reviewers to approve requests for this resource.
 - `require_mfa_to_connect` (Boolean) A bool representing whether or not to require MFA to connect to this resource.
 - `resource_type` (String) The type of the resource. must be one of ["AWS_IAM_ROLE", "AWS_EC2_INSTANCE", "AWS_EKS_CLUSTER", "AWS_RDS_POSTGRES_INSTANCE", "AWS_RDS_MYSQL_INSTANCE", "AWS_ACCOUNT", "AWS_SSO_PERMISSION_SET", "CUSTOM", "GCP_BUCKET", "GCP_COMPUTE_INSTANCE", "GCP_FOLDER", "GCP_GKE_CLUSTER", "GCP_PROJECT", "GCP_CLOUD_SQL_POSTGRES_INSTANCE", "GCP_CLOUD_SQL_MYSQL_INSTANCE", "GIT_HUB_REPO", "GIT_LAB_PROJECT", "GOOGLE_WORKSPACE_ROLE", "MONGO_INSTANCE", "MONGO_ATLAS_INSTANCE", "OKTA_APP", "OKTA_ROLE", "OPAL_ROLE", "PAGERDUTY_ROLE", "TAILSCALE_SSH", "SALESFORCE_PERMISSION_SET", "SALESFORCE_PROFILE", "SALESFORCE_ROLE", "WORKDAY_ROLE", "MYSQL_INSTANCE", "MARIADB_INSTANCE", "TELEPORT_ROLE"]

diff --git a/docs/data-sources/resources_list.md b/docs/data-sources/resources_list.md
@@ -55,7 +55,7 @@ Read-Only:
 - `name` (String) The name of the resource.
 - `parent_resource_id` (String) The ID of the parent resource.
 - `remote_info` (Attributes) Information that defines the remote resource. This replaces the deprecated remote_id and metadata fields. (see [below for nested schema](#nestedatt--results--remote_info))
-- `request_configurations` (Attributes List) A list of configurations for requests to this resource. (see [below for nested schema](#nestedatt--results--request_configurations))
+- `request_configurations` (Attributes Set) A list of configurations for requests to this resource. (see [below for nested schema](#nestedatt--results--request_configurations))
 - `require_mfa_to_approve` (Boolean) A bool representing whether or not to require MFA for reviewers to approve requests for this resource.
 - `require_mfa_to_connect` (Boolean) A bool representing whether or not to require MFA to connect to this resource.
 - `resource_type` (String) The type of the resource. must be one of ["AWS_IAM_ROLE", "AWS_EC2_INSTANCE", "AWS_EKS_CLUSTER", "AWS_RDS_POSTGRES_INSTANCE", "AWS_RDS_MYSQL_INSTANCE", "AWS_ACCOUNT", "AWS_SSO_PERMISSION_SET", "CUSTOM", "GCP_BUCKET", "GCP_COMPUTE_INSTANCE", "GCP_FOLDER", "GCP_GKE_CLUSTER", "GCP_PROJECT", "GCP_CLOUD_SQL_POSTGRES_INSTANCE", "GCP_CLOUD_SQL_MYSQL_INSTANCE", "GIT_HUB_REPO", "GIT_LAB_PROJECT", "GOOGLE_WORKSPACE_ROLE", "MONGO_INSTANCE", "MONGO_ATLAS_INSTANCE", "OKTA_APP", "OKTA_ROLE", "OPAL_ROLE", "PAGERDUTY_ROLE", "TAILSCALE_SSH", "SALESFORCE_PERMISSION_SET", "SALESFORCE_PROFILE", "SALESFORCE_ROLE", "WORKDAY_ROLE", "MYSQL_INSTANCE", "MARIADB_INSTANCE", "TELEPORT_ROLE"]

diff --git a/docs/index.md b/docs/index.md
@@ -17,7 +17,7 @@ terraform {
   required_providers {
     opal = {
       source  = "opalsecurity/opal"
-      version = "0.24.3"
+      version = "0.24.5"
     }
   }
 }

diff --git a/docs/resources/configuration_template.md b/docs/resources/configuration_template.md
@@ -103,14 +103,23 @@ Required:
 - `priority` (Number) The priority of the request configuration.
 - `require_mfa_to_request` (Boolean) A bool representing whether or not to require MFA for requesting access to this resource.
 - `require_support_ticket` (Boolean) A bool representing whether or not access requests to the resource require an access ticket.
-- `reviewer_stages` (Attributes List) The list of reviewer stages for the request configuration. (see [below for nested schema](#nestedatt--request_configurations--reviewer_stages))
 
 Optional:
 
 - `condition` (Attributes) (see [below for nested schema](#nestedatt--request_configurations--condition))
 - `max_duration` (Number) The maximum duration for which the resource can be requested (in minutes).
 - `recommended_duration` (Number) The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.
 - `request_template_id` (String) The ID of the associated request template.
+- `reviewer_stages` (Attributes List) The list of reviewer stages for the request configuration. (see [below for nested schema](#nestedatt--request_configurations--reviewer_stages))
+
+<a id="nestedatt--request_configurations--condition"></a>
+### Nested Schema for `request_configurations.condition`
+
+Optional:
+
+- `group_ids` (Set of String) The list of group IDs to match.
+- `role_remote_ids` (Set of String) The list of role remote IDs to match.
+
 
 <a id="nestedatt--request_configurations--reviewer_stages"></a>
 ### Nested Schema for `request_configurations.reviewer_stages`
@@ -126,15 +135,6 @@ Optional:
 - `require_admin_approval` (Boolean) Whether this reviewer stage should require admin approval.
 
 
-<a id="nestedatt--request_configurations--condition"></a>
-### Nested Schema for `request_configurations.condition`
-
-Optional:
-
-- `group_ids` (Set of String) The list of group IDs to match.
-- `role_remote_ids` (Set of String) The list of role remote IDs to match.
-
-
 
 <a id="nestedatt--ticket_propagation"></a>
 ### Nested Schema for `ticket_propagation`

diff --git a/docs/resources/group.md b/docs/resources/group.md
@@ -25,7 +25,7 @@ resource "opal_group" "my_group" {
             on_call_schedule_ids = {
         "1053f385-d17c-4e27-958f-256147d92ea2",
     }
-            request_configurations = [
+            request_configurations = {
         {
             allow_requests = true
             auto_approval = false
@@ -54,7 +54,7 @@ resource "opal_group" "my_group" {
                 },
             ]
         },
-    ]
+    }
             require_mfa_to_approve = false
             visibility = "GLOBAL"
         }
@@ -70,7 +70,7 @@ resource "opal_group" "my_group" {
 - `message_channel_ids` (Set of String)
 - `name` (String) The name of the remote group.
 - `on_call_schedule_ids` (Set of String)
-- `request_configurations` (Attributes List) The request configuration list of the configuration template. If not provided, the default request configuration will be used. (see [below for nested schema](#nestedatt--request_configurations))
+- `request_configurations` (Attributes Set) The request configuration list of the configuration template. If not provided, the default request configuration will be used. (see [below for nested schema](#nestedatt--request_configurations))
 - `visibility` (String) The visibility level of the entity. must be one of ["GLOBAL", "LIMITED"]
 
 ### Optional
@@ -104,7 +104,7 @@ Optional:
 - `request_template_id` (String) The ID of the associated request template.
 - `require_mfa_to_request` (Boolean) A bool representing whether or not to require MFA for requesting access to this resource. Not Null
 - `require_support_ticket` (Boolean) A bool representing whether or not access requests to the resource require an access ticket. Not Null
-- `reviewer_stages` (Attributes List) The list of reviewer stages for the request configuration. Not Null (see [below for nested schema](#nestedatt--request_configurations--reviewer_stages))
+- `reviewer_stages` (Attributes List) The list of reviewer stages for the request configuration. (see [below for nested schema](#nestedatt--request_configurations--reviewer_stages))
 
 <a id="nestedatt--request_configurations--condition"></a>
 ### Nested Schema for `request_configurations.condition`

diff --git a/docs/resources/resource.md b/docs/resources/resource.md
@@ -18,7 +18,7 @@ resource "opal_resource" "my_resource" {
             app_id = "f454d283-ca87-4a8a-bdbb-df212eca5353"
             description = "This resource represents AWS IAM role \"SupportUser\"."
             name = "my-mongo-db"
-            request_configurations = [
+            request_configurations = {
         {
             allow_requests = true
             auto_approval = false
@@ -47,7 +47,7 @@ resource "opal_resource" "my_resource" {
                 },
             ]
         },
-    ]
+    }
             require_mfa_to_approve = false
             require_mfa_to_connect = false
             resource_type = "AWS_IAM_ROLE"
@@ -65,7 +65,7 @@ resource "opal_resource" "my_resource" {
 
 - `app_id` (String) The ID of the app for the resource. Requires replacement if changed.
 - `name` (String) The name of the remote resource.
-- `request_configurations` (Attributes List) A list of configurations for requests to this resource. If not provided, the default request configuration will be used. (see [below for nested schema](#nestedatt--request_configurations))
+- `request_configurations` (Attributes Set) A list of configurations for requests to this resource. If not provided, the default request configuration will be used. (see [below for nested schema](#nestedatt--request_configurations))
 - `resource_type` (String) The type of the resource. Requires replacement if changed. ; must be one of ["AWS_IAM_ROLE", "AWS_EC2_INSTANCE", "AWS_EKS_CLUSTER", "AWS_RDS_POSTGRES_INSTANCE", "AWS_RDS_MYSQL_INSTANCE", "AWS_ACCOUNT", "AWS_SSO_PERMISSION_SET", "CUSTOM", "GCP_BUCKET", "GCP_COMPUTE_INSTANCE", "GCP_FOLDER", "GCP_GKE_CLUSTER", "GCP_PROJECT", "GCP_CLOUD_SQL_POSTGRES_INSTANCE", "GCP_CLOUD_SQL_MYSQL_INSTANCE", "GIT_HUB_REPO", "GIT_LAB_PROJECT", "GOOGLE_WORKSPACE_ROLE", "MONGO_INSTANCE", "MONGO_ATLAS_INSTANCE", "OKTA_APP", "OKTA_ROLE", "OPAL_ROLE", "PAGERDUTY_ROLE", "TAILSCALE_SSH", "SALESFORCE_PERMISSION_SET", "SALESFORCE_PROFILE", "SALESFORCE_ROLE", "WORKDAY_ROLE", "MYSQL_INSTANCE", "MARIADB_INSTANCE", "TELEPORT_ROLE"]
 - `visibility` (String) The visibility level of the entity. must be one of ["GLOBAL", "LIMITED"]
 
@@ -98,7 +98,7 @@ Optional:
 - `request_template_id` (String) The ID of the associated request template.
 - `require_mfa_to_request` (Boolean) A bool representing whether or not to require MFA for requesting access to this resource. Not Null
 - `require_support_ticket` (Boolean) A bool representing whether or not access requests to the resource require an access ticket. Not Null
-- `reviewer_stages` (Attributes List) The list of reviewer stages for the request configuration. Not Null (see [below for nested schema](#nestedatt--request_configurations--reviewer_stages))
+- `reviewer_stages` (Attributes List) The list of reviewer stages for the request configuration. (see [below for nested schema](#nestedatt--request_configurations--reviewer_stages))
 
 <a id="nestedatt--request_configurations--condition"></a>
 ### Nested Schema for `request_configurations.condition`

diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     opal = {
       source  = "opalsecurity/opal"
-      version = "0.24.3"
+      version = "0.24.5"
     }
   }
 }

diff --git a/examples/resources/opal_group/resource.tf b/examples/resources/opal_group/resource.tf
@@ -10,7 +10,7 @@ resource "opal_group" "my_group" {
             on_call_schedule_ids = {
         "1053f385-d17c-4e27-958f-256147d92ea2",
     }
-            request_configurations = [
+            request_configurations = {
         {
             allow_requests = true
             auto_approval = false
@@ -39,7 +39,7 @@ resource "opal_group" "my_group" {
                 },
             ]
         },
-    ]
+    }
             require_mfa_to_approve = false
             visibility = "GLOBAL"
         }
diff --git a/examples/resources/opal_resource/resource.tf b/examples/resources/opal_resource/resource.tf
@@ -3,7 +3,7 @@ resource "opal_resource" "my_resource" {
             app_id = "f454d283-ca87-4a8a-bdbb-df212eca5353"
             description = "This resource represents AWS IAM role \"SupportUser\"."
             name = "my-mongo-db"
-            request_configurations = [
+            request_configurations = {
         {
             allow_requests = true
             auto_approval = false
@@ -32,7 +32,7 @@ resource "opal_resource" "my_resource" {
                 },
             ]
         },
-    ]
+    }
             require_mfa_to_approve = false
             require_mfa_to_connect = false
             resource_type = "AWS_IAM_ROLE"

diff --git a/gen.yaml b/gen.yaml
@@ -11,7 +11,7 @@ generation:
     oAuth2ClientCredentialsEnabled: false
   flattenGlobalSecurity: true
 terraform:
-  version: 0.24.3
+  version: 0.24.5
   additionalDataSources: []
   additionalDependencies: {}
   additionalResources: []

diff --git a/go.mod b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/hashicorp/terraform-plugin-framework v1.10.0
 	github.com/hashicorp/terraform-plugin-framework-validators v0.13.0
 	github.com/hashicorp/terraform-plugin-go v0.23.0
-	github.com/hashicorp/terraform-plugin-testing v1.9.0
+	github.com/hashicorp/terraform-plugin-testing v1.10.0
 	github.com/pkg/errors v0.9.1
 )
 
@@ -38,9 +38,10 @@ require (
 	github.com/hashicorp/go-hclog v1.6.3 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.6.0 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
-	github.com/hashicorp/hc-install v0.7.0 // indirect
+	github.com/hashicorp/hc-install v0.8.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.21.0 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/terraform-exec v0.21.0 // indirect
@@ -69,15 +70,15 @@ require (
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/yuin/goldmark v1.7.1 // indirect
 	github.com/yuin/goldmark-meta v1.1.0 // indirect
-	github.com/zclconf/go-cty v1.14.4 // indirect
+	github.com/zclconf/go-cty v1.15.0 // indirect
 	go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect
-	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
 	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
-	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/net v0.25.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect