Merge pull request #55 from raito-io/grant-categories

Grant categories data soruce
raito-io · Dec 10, 2024 · 8fb6a16 · 8fb6a16
2 parents c34246d + fc990fe
commit 8fb6a16
Show file tree

Hide file tree

Showing 23 changed files with 1,751 additions and 633 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -67,14 +67,12 @@ jobs:
       matrix:
         # list whatever Terraform versions here you would like to support
         terraform:
-          - '1.1.*'
-          - '1.2.*'
-          - '1.3.*'
-          - '1.4.*'
           - '1.5.*'
           - '1.6.*'
           - '1.7.*'
           - '1.8.*'
+          - '1.9.*'
+          - '1.10.*'
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5

diff --git a/.golangci.yml b/.golangci.yml
@@ -24,7 +24,7 @@ linters-settings:
       - paramTypeCombine
 
   govet:
-    check-shadowing: true
+    shadow: true
 
   revive:
     rules:
@@ -91,6 +91,7 @@ linters:
     - asasalint
     - asciicheck
     - bodyclose
+    - copyloopvar
     - cyclop
     #- depguard #We should create a correct config to enabe depguard
     - dogsled
@@ -101,7 +102,6 @@ linters:
     - errchkjson
     - errname
     - errorlint
-    - exportloopref
     - exhaustive
     - forbidigo
     - goconst
@@ -144,9 +144,10 @@ run:
   tests: false
 
 output:
-  path-prefix: ""
+  path-prefix: ''
   sort-results: true
-  format: tab
-  print-issued-lines: false
+  formats:
+    - format: colored-line-number
+  print-issued-lines: true
   print-linter-name: true
   uniq-by-line: false
diff --git a/docs/data-sources/grant_category.md b/docs/data-sources/grant_category.md
@@ -0,0 +1,67 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "raito_grant_category Data Source - terraform-provider-raito"
+subcategory: ""
+description: |-
+  Find a grant category by name
+---
+
+# raito_grant_category (Data Source)
+
+Find a grant category by name
+
+## Example Usage
+
+```terraform
+data "raito_grant_category" "example" {
+  name = "Purpose"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the requested grant category
+
+### Read-Only
+
+- `allow_duplicate_names` (Boolean) Indicates if duplicate names are allowed for grants of this category
+- `allowed_what_items` (Attributes) Allowed WHAT items for the grant category (see [below for nested schema](#nestedatt--allowed_what_items))
+- `allowed_who_items` (Attributes) Allowed WHO items for the grant category (see [below for nested schema](#nestedatt--allowed_who_items))
+- `can_create` (Boolean) Indicates if grants of this category can be created
+- `default_type_per_data_source` (Attributes Set) List of data sources and types for which the grant category is the default (see [below for nested schema](#nestedatt--default_type_per_data_source))
+- `description` (String) The description of the grant category
+- `id` (String) The ID of the requested grant category
+- `is_default` (Boolean) Indicates if the grant category is the default category
+- `is_system` (Boolean) Indicates if the grant category is a system category
+- `multi_data_source` (Boolean) Indicates if APs of this category can have multiple data sources
+
+<a id="nestedatt--allowed_what_items"></a>
+### Nested Schema for `allowed_what_items`
+
+Read-Only:
+
+- `data_object` (Boolean) Indicates if a data object is allowed as a WHAT item
+
+
+<a id="nestedatt--allowed_who_items"></a>
+### Nested Schema for `allowed_who_items`
+
+Read-Only:
+
+- `categories` (Set of String) List of grant category IDs that are allowed as WHO items
+- `group` (Boolean) Indicates if a group is allowed as a WHO item
+- `inheritance` (Boolean) Indicates if inheritance is allowed as a WHO item
+- `self` (Boolean) Indicates if self is allowed as a WHO item
+- `user` (Boolean) Indicates if a user is allowed as a WHO item
+
+
+<a id="nestedatt--default_type_per_data_source"></a>
+### Nested Schema for `default_type_per_data_source`
+
+Read-Only:
+
+- `data_source` (String) Data source ID for which the default type is the defined grant category
+- `type` (String) Types for which this grant category is the default for the defined data source
diff --git a/docs/resources/grant.md b/docs/resources/grant.md
@@ -30,8 +30,13 @@ resource "raito_grant" "grant1" {
       promise_duration : 604800
     }
   ]
-  type        = "role"
-  data_source = raito_datasource.ds.id
+  type = "role"
+  data_source = [
+    {
+      data_source : raito_datasource.ds.id
+      type : "role"
+    }
+  ]
   what_data_objects = {
     data_object : [
       {
@@ -47,16 +52,22 @@ resource "raito_grant" "grant1" {
   }
 }
 
-resource "raito_grant" "grant2" {
+resource "raito_grant" "grant_purpose1" {
   name        = "Grant2"
   description = "Grant with inherited who"
+  category    = "purpose"
   state       = "Active"
   who = [
     {
       access_control = raito_grant.grant1.id
     }
   ]
-  data_source = raito_datasource.ds.id
+  data_source = [
+    {
+      data_source : raito_datasource.ds.id
+      type : "role"
+    }
+  ]
 }
 ```
 
@@ -65,16 +76,16 @@ resource "raito_grant" "grant2" {
 
 ### Required
 
-- `data_source` (String) The ID of the data source of the grant
+- `data_source` (Attributes Set) The ID of the data source of the grant (see [below for nested schema](#nestedatt--data_source))
 - `name` (String) The name of the grant
 
 ### Optional
 
+- `category` (String) The ID of the category of the grant
 - `description` (String) The description of the grant
 - `inheritance_locked` (Boolean) Indicates if who should be locked. This should be true if who access providers are set.
 - `owners` (Set of String) User id of the owners of this grant
 - `state` (String) The state of the grant Possible values are: ["Active", "Inactive"]
-- `type` (String) The type of the grant
 - `what_abac_rule` (Attributes) What data object defined by abac rule. Cannot be set when what_data_objects is set. (see [below for nested schema](#nestedatt--what_abac_rule))
 - `what_data_objects` (Attributes Set) The data object what items associated to the grant. When this is not set (nil), the what list will not be overridden. This is typically used when this should be managed from Raito Cloud. (see [below for nested schema](#nestedatt--what_data_objects))
 - `what_locked` (Boolean) Indicates whether it should lock the what. Should be set to true if what_data_objects or what_abac_rule is set.
@@ -86,26 +97,48 @@ resource "raito_grant" "grant2" {
 
 - `id` (String) The ID of the grant
 
+<a id="nestedatt--data_source"></a>
+### Nested Schema for `data_source`
+
+Required:
+
+- `data_source` (String) The ID of the data source of the grant
+
+Optional:
+
+- `type` (String) The implementation type of the grant for this data source
+
+
 <a id="nestedatt--what_abac_rule"></a>
 ### Nested Schema for `what_abac_rule`
 
 Required:
 
 - `do_types` (Set of String) Set of data object types associated to the abac rule
 - `rule` (String) json representation of the abac rule
+- `scope` (Attributes Set) Scope of the defined abac rule (see [below for nested schema](#nestedatt--what_abac_rule--scope))
 
 Optional:
 
 - `global_permissions` (Set of String) Set of global permissions that should be granted on the matching data object. Allowed values are [READ WRITE ADMIN]
 - `permissions` (Set of String) Set of permissions that should be granted on the matching data object
-- `scope` (Set of String) Scope of the defined abac rule
+
+<a id="nestedatt--what_abac_rule--scope"></a>
+### Nested Schema for `what_abac_rule.scope`
+
+Required:
+
+- `data_source` (String) The data source of the data object
+- `fullname` (String) The full name of the data object in the data source
+
 
 
 <a id="nestedatt--what_data_objects"></a>
 ### Nested Schema for `what_data_objects`
 
 Required:
 
+- `data_source` (String) The data source of the data object
 - `fullname` (String) The full name of the data object in the data source
 
 Optional:

diff --git a/docs/resources/grant_category.md b/docs/resources/grant_category.md
@@ -0,0 +1,105 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "raito_grant_category Resource - terraform-provider-raito"
+subcategory: ""
+description: |-
+  The grant category resource allows you to manage grant categories in Raito.
+---
+
+# raito_grant_category (Resource)
+
+The grant category resource allows you to manage grant categories in Raito.
+
+## Example Usage
+
+```terraform
+resource "raito_datasource" "ds" {
+  name = "exampleDS"
+}
+
+resource "raito_grant_category" "example_category" {
+  name                   = "exampleCategory"
+  description            = "A simple category"
+  icon                   = "testIcon"
+  can_create             = true
+  allow_duplicated_names = true
+  multi_data_source      = true
+  default_type_per_data_source = [
+    {
+      data_source : raito_datasource.ds.id
+      type : "table"
+    }
+  ]
+  allowed_who_items = {
+    user        = true
+    group       = true
+    inheritance = true
+    self        = true
+    categories  = ["otherCategoryId"]
+  }
+  allowed_what_items = {
+    data_object = true
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `icon` (String) The icon of the grant category
+- `name` (String) The name of the grant category
+
+### Optional
+
+- `allow_duplicate_names` (Boolean) Whether the user can create grants with duplicate names in this category
+- `allowed_what_items` (Attributes) The allowed WHAT items for the grants of this category (see [below for nested schema](#nestedatt--allowed_what_items))
+- `allowed_who_items` (Attributes) The allowed WHO items for the grants of this category (see [below for nested schema](#nestedatt--allowed_who_items))
+- `can_create` (Boolean) Whether the user can create grants in this category
+- `default_type_per_data_source` (Attributes Set) The default category for each data source, type pair (see [below for nested schema](#nestedatt--default_type_per_data_source))
+- `description` (String) The description of the grant category
+- `multi_data_source` (Boolean) Whether the grant category supports multiple data sources
+
+### Read-Only
+
+- `id` (String) The ID of the grant category
+- `is_default` (Boolean) Whether the grant category is a default category
+- `is_system` (Boolean) Whether the grant category is a system category
+
+<a id="nestedatt--allowed_what_items"></a>
+### Nested Schema for `allowed_what_items`
+
+Optional:
+
+- `data_object` (Boolean) The allowed WHAT items for the grants of this category
+
+
+<a id="nestedatt--allowed_who_items"></a>
+### Nested Schema for `allowed_who_items`
+
+Optional:
+
+- `categories` (Set of String) The allowed WHO items for the grants of this category
+- `group` (Boolean) Whether the group is allowed as WHO item for the grants of this category
+- `inheritance` (Boolean) Whether the inheritance is allowed as WHO item for the grants of this category
+- `self` (Boolean) Whether the self is allowed as WHO item for the grants of this category
+- `user` (Boolean) Whether the user is allowed as WHO item for the grants of this category
+
+
+<a id="nestedatt--default_type_per_data_source"></a>
+### Nested Schema for `default_type_per_data_source`
+
+Required:
+
+- `data_source` (String) The data source for which the default type is set
+- `type` (String) The default type for the data source
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+#Import grant. Not that who and what_data_objects will not be imported
+terraform import raito_grant_category.example GrantCategoryId
+```