-
Notifications
You must be signed in to change notification settings - Fork 164
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(identitycenter): add resource identitycenter provision permissio…
…n set
- Loading branch information
1 parent
905a902
commit 45574cc
Showing
4 changed files
with
401 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
--- | ||
subcategory: "IAM Identity Center" | ||
layout: "huaweicloud" | ||
page_title: "HuaweiCloud: huaweicloud_identitycenter_provision_permission_set" | ||
description: |- | ||
Manages an Identity Center provision permission set resource within HuaweiCloud. | ||
--- | ||
|
||
# huaweicloud_identitycenter_provision_permission_set | ||
|
||
Manages an Identity Center provision permission set resource within HuaweiCloud. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
variable "instance_id" {} | ||
variable "permission_set_id" {} | ||
variable "target_type" {} | ||
variable "account_id" {} | ||
resource "huaweicloud_identitycenter_provision_permission_set" "test" { | ||
instance_id = var.instance_id | ||
permission_set_id = var.permission_set_id | ||
account_id = var.account_id | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
* `region` - (Optional, String) Specifies the region in which to query the resource. | ||
If omitted, the provider-level region will be used. | ||
|
||
* `instance_id` - (Required, String, NonUpdatable) Specifies the ID of an IAM Identity Center instance. | ||
|
||
* `permission_set_id` - (Required, String, NonUpdatable) Specifies the ID of a permission set. | ||
|
||
* `account_id` - (Required, String, NonUpdatable) Specifies the account ID. | ||
|
||
## Attribute Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
* `id` - The resource ID. | ||
|
||
* `status` - The authorization status of a permission set. | ||
|
||
## Timeouts | ||
|
||
This resource provides the following timeouts configuration options: | ||
|
||
* `create` - Default is 10 minutes. | ||
|
||
## Import | ||
|
||
The Identity Center provision permission set can be imported using the `instance_id` and `id`(request ID) | ||
separated by a slash, e.g. | ||
|
||
```bash | ||
$ terraform import huaweicloud_identitycenter_system_identity_policy_attachment.test <instance_id>/<id> | ||
``` | ||
|
||
Note that the imported state may not be identical to your resource definition, due to some attributes missing from the | ||
API response, security or some other reason. The missing attributes include: `permission_set_id` and `account_id`. It is | ||
generally recommended running `terraform plan` after importing an IdentityCenter provision permission set. You can then | ||
decide if changes should be applied to the IdentityCenter provision permission set, or the resource definition should be | ||
updated to align with the instance. Also, you can ignore changes as below. | ||
|
||
```hcl | ||
resource "huaweicloud_identitycenter_provision_permission_set" "test" { | ||
... | ||
lifecycle { | ||
ignore_changes = [ | ||
permission_set_id, account_id | ||
] | ||
} | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
...tance/identitycenter/resource_huaweicloud_identitycenter_provision_permission_set_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
package identitycenter | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform" | ||
|
||
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance" | ||
) | ||
|
||
func TestAccProvisionPermissionSet_basic(t *testing.T) { | ||
name := acceptance.RandomAccResourceName() | ||
rName := "huaweicloud_identitycenter_provision_permission_set.test" | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: func() { | ||
acceptance.TestAccPreCheck(t) | ||
acceptance.TestAccPreCheckMultiAccount(t) | ||
}, | ||
ProviderFactories: acceptance.TestAccProviderFactories, | ||
CheckDestroy: nil, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testProvisionPermissionSet_basic(name), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr(rName, "status", "SUCCEEDED"), | ||
), | ||
}, | ||
{ | ||
ResourceName: rName, | ||
ImportState: true, | ||
ImportStateIdFunc: testProvisionPermissionSetImportState(rName), | ||
ImportStateVerifyIgnore: []string{"permission_set_id", "account_id"}, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testProvisionPermissionSetImportState(name string) resource.ImportStateIdFunc { | ||
return func(s *terraform.State) (string, error) { | ||
rs, ok := s.RootModule().Resources[name] | ||
if !ok { | ||
return "", fmt.Errorf("resource (%s) not found: %s", name, rs) | ||
} | ||
|
||
instanceID := rs.Primary.Attributes["instance_id"] | ||
if instanceID == "" { | ||
return "", fmt.Errorf("attribute (instance_id) of resource (%s) not found: %s", name, rs) | ||
} | ||
|
||
return instanceID + "/" + rs.Primary.ID, nil | ||
} | ||
} | ||
|
||
func testProvisionPermissionSet_basic(name string) string { | ||
return fmt.Sprintf(` | ||
%[1]s | ||
resource "huaweicloud_identitycenter_user" "test" { | ||
identity_store_id = data.huaweicloud_identitycenter_instance.test.identity_store_id | ||
user_name = "%[2]s" | ||
password_mode = "OTP" | ||
family_name = "test_family_name" | ||
given_name = "test_given_name" | ||
display_name = "test_display_name" | ||
email = "[email protected]" | ||
} | ||
resource "huaweicloud_identitycenter_provision_permission_set" "test" { | ||
instance_id = data.huaweicloud_identitycenter_instance.system.id | ||
permission_set_id = huaweicloud_identitycenter_permission_set.test.id | ||
account_id = huaweicloud_identitycenter_user.test.id | ||
target_type = "ACCOUNT" | ||
} | ||
`, testPermissionSet_basic(name), name) | ||
} |
Oops, something went wrong.