From 2d248d4fb9325689efdd040962f2dede74de6565 Mon Sep 17 00:00:00 2001 From: delores-hashicorp Date: Thu, 25 Apr 2024 11:53:54 +0200 Subject: [PATCH 1/2] Fix documentation template --- .../vault_secrets_app_iam_binding.md | 34 ++++++++++--- .../resources/vault_secrets_app_iam_policy.md | 49 ++++++++++++++++--- ... => vault_secrets_app_iam_binding.md.tmpl} | 0 ...d => vault_secrets_app_iam_policy.md.tmpl} | 0 4 files changed, 70 insertions(+), 13 deletions(-) rename templates/resources/{vault_secrets_app_iam_binding.md => vault_secrets_app_iam_binding.md.tmpl} (100%) rename templates/resources/{vault_secrets_app_iam_policy.md => vault_secrets_app_iam_policy.md.tmpl} (100%) diff --git a/docs/resources/vault_secrets_app_iam_binding.md b/docs/resources/vault_secrets_app_iam_binding.md index bcfcec4b0..9af34853b 100644 --- a/docs/resources/vault_secrets_app_iam_binding.md +++ b/docs/resources/vault_secrets_app_iam_binding.md @@ -1,19 +1,41 @@ --- -page_title: "{{.Type}} {{.Name}} - {{.ProviderName}}" +page_title: "Resource hcp_vault_secrets_app_iam_binding - terraform-provider-hcp" subcategory: "Cloud Platform" description: |- -{{ .Description | plainmarkdown | trimspace | prefixlines " " }} + Updates the Vault Secrets App IAM policy to bind a role to a new member. Existing bindings are preserved. --- -# {{.Name}} ({{.Type}}) +# hcp_vault_secrets_app_iam_binding (Resource) -{{ .Description | trimspace }} +Updates the Vault Secrets App IAM policy to bind a role to a new member. Existing bindings are preserved. ~> **Note:** `hcp_vault_secrets_app_iam_binding` cannot be used in conjunction with `hcp_vault_secrets_app_iam_policy`. ## Example Usage -{{ tffile "examples/resources/hcp_vault_secrets_app_iam_binding/resource.tf" }} +```terraform +resource "hcp_service_principal" "sp" { + name = "example-sp" +} -{{ .SchemaMarkdown | trimspace }} +resource "hcp_vault_secrets_app" "example" { + app_name = "example-app-name" + description = "My new app!" +} + +resource "hcp_vault_secrets_app_iam_binding" "example" { + resource_name = hcp_vault_secrets_app.example.resource_name + principal_id = hcp_service_principal.sp.resource_id + role = "roles/secrets.app-secret-reader" +} +``` + + +## Schema + +### Required + +- `principal_id` (String) The principal to bind to the given role. +- `resource_name` (String) The app's resource name in the format secrets/project//app/. +- `role` (String) The role name to bind to the given principal. diff --git a/docs/resources/vault_secrets_app_iam_policy.md b/docs/resources/vault_secrets_app_iam_policy.md index 4997eaadd..b9c55ab32 100644 --- a/docs/resources/vault_secrets_app_iam_policy.md +++ b/docs/resources/vault_secrets_app_iam_policy.md @@ -1,11 +1,11 @@ --- -page_title: "{{.Type}} {{.Name}} - {{.ProviderName}}" +page_title: "Resource hcp_vault_secrets_app_iam_policy - terraform-provider-hcp" subcategory: "Cloud Platform" description: |- -{{ .Description | plainmarkdown | trimspace | prefixlines " " }} + Sets the Vault Secrets App IAM policy and replaces any existing policy. --- -# {{.Name}} ({{.Type}}) +# hcp_vault_secrets_app_iam_policy (Resource) !> **Be Careful!** You can accidentally lock yourself out of your vault secrets app using this resource. Deleting a hcp_vault_secrets_app_iam_policy removes access from anyone @@ -14,19 +14,54 @@ If you are trying to additively give permissions to the app, prefer using `hcp_vault_secrets_app_iam_binding`. If you do use this resource, it is recommended to import the policy before applying the change. -{{ .Description | trimspace }} +Sets the Vault Secrets App IAM policy and replaces any existing policy. ~> **Note:** `hcp_vault_secrets_app_iam_policy` can not be used in conjunction with `hcp_vault_secrets_app_iam_binding`. ## Example Usage -{{ tffile "examples/resources/hcp_project_iam_policy/resource.tf" }} +```terraform +data "hcp_iam_policy" "example" { + bindings = [ + { + role = "roles/contributor" + principals = [ + "example-user-id-1", + "example-group-id-1", + "example-sp-1" + ] + }, + ] +} -{{ .SchemaMarkdown | trimspace }} +resource "hcp_project" "my_project" { + name = "example" +} + +resource "hcp_project_iam_policy" "project_policy" { + project_id = hcp_project.my_project.resource_id + policy_data = data.hcp_iam_policy.example.policy_data +} +``` + + +## Schema + +### Required + +- `policy_data` (String) The policy to apply. +- `resource_name` (String) The app's resource name in the format secrets/project//app/. + +### Read-Only + +- `etag` (String) The etag captures the existing state of the policy. ## Import Import is supported using the following syntax: -{{ codefile "shell" "examples/resources/hcp_vault_secrets_app_iam_policy/import.sh" }} \ No newline at end of file +```shell +# Vault Secrets App IAM Policy can be imported by specifying the resource name of the app +terraform import hcp_vault_secrets_app_iam_policy.example secrets/project/41d107a7-eea6-4b5e-8481-508ab29e2b07/app/example-app-name +``` \ No newline at end of file diff --git a/templates/resources/vault_secrets_app_iam_binding.md b/templates/resources/vault_secrets_app_iam_binding.md.tmpl similarity index 100% rename from templates/resources/vault_secrets_app_iam_binding.md rename to templates/resources/vault_secrets_app_iam_binding.md.tmpl diff --git a/templates/resources/vault_secrets_app_iam_policy.md b/templates/resources/vault_secrets_app_iam_policy.md.tmpl similarity index 100% rename from templates/resources/vault_secrets_app_iam_policy.md rename to templates/resources/vault_secrets_app_iam_policy.md.tmpl From 9d1f0bc87f5827aa0bab1a4cd47f52d13c762a0e Mon Sep 17 00:00:00 2001 From: delores-hashicorp Date: Thu, 25 Apr 2024 11:57:54 +0200 Subject: [PATCH 2/2] Add changelog --- .changelog/825.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .changelog/825.txt diff --git a/.changelog/825.txt b/.changelog/825.txt new file mode 100644 index 000000000..802dbed9c --- /dev/null +++ b/.changelog/825.txt @@ -0,0 +1,4 @@ +```release-note:bug +Fix documentation of hcp_vault_secrets_app_iam_binding and hcp_vault_secrets_app_iam_policy + +``` \ No newline at end of file