Skip to content

Commit

Permalink
feat(identitycenter): add resource identitycenter provision permissio…
Browse files Browse the repository at this point in the history
…n set
  • Loading branch information
luoping-12345 committed Dec 24, 2024
1 parent 905a902 commit 45574cc
Show file tree
Hide file tree
Showing 4 changed files with 401 additions and 0 deletions.
80 changes: 80 additions & 0 deletions docs/resources/identitycenter_provision_permission_set.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
---
subcategory: "IAM Identity Center"
layout: "huaweicloud"
page_title: "HuaweiCloud: huaweicloud_identitycenter_provision_permission_set"
description: |-
Manages an Identity Center provision permission set resource within HuaweiCloud.
---

# huaweicloud_identitycenter_provision_permission_set

Manages an Identity Center provision permission set resource within HuaweiCloud.

## Example Usage

```hcl
variable "instance_id" {}
variable "permission_set_id" {}
variable "target_type" {}
variable "account_id" {}
resource "huaweicloud_identitycenter_provision_permission_set" "test" {
instance_id = var.instance_id
permission_set_id = var.permission_set_id
account_id = var.account_id
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String) Specifies the region in which to query the resource.
If omitted, the provider-level region will be used.

* `instance_id` - (Required, String, NonUpdatable) Specifies the ID of an IAM Identity Center instance.

* `permission_set_id` - (Required, String, NonUpdatable) Specifies the ID of a permission set.

* `account_id` - (Required, String, NonUpdatable) Specifies the account ID.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The resource ID.

* `status` - The authorization status of a permission set.

## Timeouts

This resource provides the following timeouts configuration options:

* `create` - Default is 10 minutes.

## Import

The Identity Center provision permission set can be imported using the `instance_id` and `id`(request ID)
separated by a slash, e.g.

```bash
$ terraform import huaweicloud_identitycenter_system_identity_policy_attachment.test <instance_id>/<id>
```

Note that the imported state may not be identical to your resource definition, due to some attributes missing from the
API response, security or some other reason. The missing attributes include: `permission_set_id` and `account_id`. It is
generally recommended running `terraform plan` after importing an IdentityCenter provision permission set. You can then
decide if changes should be applied to the IdentityCenter provision permission set, or the resource definition should be
updated to align with the instance. Also, you can ignore changes as below.

```hcl
resource "huaweicloud_identitycenter_provision_permission_set" "test" {
...
lifecycle {
ignore_changes = [
permission_set_id, account_id
]
}
}
```
1 change: 1 addition & 0 deletions huaweicloud/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -1799,6 +1799,7 @@ func Provider() *schema.Provider {
"huaweicloud_identitycenter_custom_policy_attachment": identitycenter.ResourceCustomPolicyAttachment(),
"huaweicloud_identitycenter_custom_role_attachment": identitycenter.ResourceCustomRoleAttachment(),
"huaweicloud_identitycenter_access_control_attribute_configuration": identitycenter.ResourceAccessControlAttributeConfiguration(),
"huaweicloud_identitycenter_provision_permission_set": identitycenter.ResourceProvisionPermissionSet(),

"huaweicloud_iec_eip": iec.ResourceEip(),
"huaweicloud_iec_keypair": iec.ResourceKeypair(),
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
package identitycenter

import (
"fmt"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"

"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
)

func TestAccProvisionPermissionSet_basic(t *testing.T) {
name := acceptance.RandomAccResourceName()
rName := "huaweicloud_identitycenter_provision_permission_set.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
acceptance.TestAccPreCheck(t)
acceptance.TestAccPreCheckMultiAccount(t)
},
ProviderFactories: acceptance.TestAccProviderFactories,
CheckDestroy: nil,
Steps: []resource.TestStep{
{
Config: testProvisionPermissionSet_basic(name),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(rName, "status", "SUCCEEDED"),
),
},
{
ResourceName: rName,
ImportState: true,
ImportStateIdFunc: testProvisionPermissionSetImportState(rName),
ImportStateVerifyIgnore: []string{"permission_set_id", "account_id"},
ImportStateVerify: true,
},
},
})
}

func testProvisionPermissionSetImportState(name string) resource.ImportStateIdFunc {
return func(s *terraform.State) (string, error) {
rs, ok := s.RootModule().Resources[name]
if !ok {
return "", fmt.Errorf("resource (%s) not found: %s", name, rs)
}

instanceID := rs.Primary.Attributes["instance_id"]
if instanceID == "" {
return "", fmt.Errorf("attribute (instance_id) of resource (%s) not found: %s", name, rs)
}

return instanceID + "/" + rs.Primary.ID, nil
}
}

func testProvisionPermissionSet_basic(name string) string {
return fmt.Sprintf(`
%[1]s
resource "huaweicloud_identitycenter_user" "test" {
identity_store_id = data.huaweicloud_identitycenter_instance.test.identity_store_id
user_name = "%[2]s"
password_mode = "OTP"
family_name = "test_family_name"
given_name = "test_given_name"
display_name = "test_display_name"
email = "[email protected]"
}
resource "huaweicloud_identitycenter_provision_permission_set" "test" {
instance_id = data.huaweicloud_identitycenter_instance.system.id
permission_set_id = huaweicloud_identitycenter_permission_set.test.id
account_id = huaweicloud_identitycenter_user.test.id
target_type = "ACCOUNT"
}
`, testPermissionSet_basic(name), name)
}
Loading

0 comments on commit 45574cc

Please sign in to comment.