feat: support IAM policy resource (#105)

* chore: support all users in project IAM

* feat: support iam resource

* fix: eslint

* fix: eslint

* fix: test

Author: ecmadao

VERSION

@@ -1 +1 @@
-1.0.22
+1.0.23

docs/data-sources/group.md

@@ -24,7 +24,6 @@ The group data source.
 - `description` (String) The group description.
 - `id` (String) The ID of this resource.
 - `members` (Set of Object) The members in the group. (see [below for nested schema](#nestedatt--members))
-- `roles` (Set of String) The group's roles in the workspace level
 - `source` (String) Source means where the group comes from. For now we support Entra ID SCIM sync, so the source could be Entra ID.
 - `title` (String) The group title.
 

docs/data-sources/group_list.md

@@ -28,7 +28,6 @@ Read-Only:
 - `description` (String)
 - `members` (Set of Object) (see [below for nested schema](#nestedobjatt--groups--members))
 - `name` (String)
-- `roles` (Set of String)
 - `source` (String)
 - `title` (String)
 

docs/data-sources/iam_policy.md

@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bytebase_iam_policy Data Source - terraform-provider-bytebase"
+subcategory: ""
+description: |-
+  The IAM policy data source.
+---
+
+# bytebase_iam_policy (Data Source)
+
+The IAM policy data source.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `parent` (String) The IAM policy parent name for the policy, support "projects/{resource id}" or "workspaces/-"
+
+### Optional
+
+- `iam_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--iam_policy))
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--iam_policy"></a>
+### Nested Schema for `iam_policy`
+
+Optional:
+
+- `binding` (Block Set) The binding in the IAM policy. (see [below for nested schema](#nestedblock--iam_policy--binding))
+
+<a id="nestedblock--iam_policy--binding"></a>
+### Nested Schema for `iam_policy.binding`
+
+Optional:
+
+- `condition` (Block Set) Match the condition limit. (see [below for nested schema](#nestedblock--iam_policy--binding--condition))
+- `members` (Set of String) A set of memebers. The value can be "allUsers", "user:{email}" or "group:{email}".
+- `role` (String) The role full name in roles/{id} format.
+
+<a id="nestedblock--iam_policy--binding--condition"></a>
+### Nested Schema for `iam_policy.binding.condition`
+
+Optional:
+
+- `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
+- `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
+- `row_limit` (Number) The export row limit for exporter role
+- `schema` (String) The accessible schema in the database
+- `tables` (Set of String) The accessible table list
+
+

docs/data-sources/project.md

@@ -27,30 +27,9 @@ The project data source.
 - `databases` (Set of String) The databases full name in the resource.
 - `enforce_issue_title` (Boolean) Enforce issue title created by user instead of generated by Bytebase.
 - `id` (String) The ID of this resource.
-- `members` (Set of Object) The members in the project. (see [below for nested schema](#nestedatt--members))
 - `name` (String) The project full name in projects/{resource id} format.
 - `postgres_database_tenant_mode` (Boolean) Whether to enable the database tenant mode for PostgreSQL. If enabled, the issue will be created with the pre-appended "set role <db_owner>" statement.
 - `skip_backup_errors` (Boolean) Whether to skip backup errors and continue the data migration.
 - `title` (String) The project title.
 
-<a id="nestedatt--members"></a>
-### Nested Schema for `members`
-
-Read-Only:
-
-- `condition` (Set of Object) (see [below for nested schema](#nestedobjatt--members--condition))
-- `member` (String)
-- `role` (String)
-
-<a id="nestedobjatt--members--condition"></a>
-### Nested Schema for `members.condition`
-
-Read-Only:
-
-- `database` (String)
-- `expire_timestamp` (String)
-- `row_limit` (Number)
-- `schema` (String)
-- `tables` (Set of String)
-
 

docs/data-sources/project_list.md

@@ -36,31 +36,10 @@ Read-Only:
 - `auto_resolve_issue` (Boolean)
 - `databases` (Set of String)
 - `enforce_issue_title` (Boolean)
-- `members` (Set of Object) (see [below for nested schema](#nestedobjatt--projects--members))
 - `name` (String)
 - `postgres_database_tenant_mode` (Boolean)
 - `resource_id` (String)
 - `skip_backup_errors` (Boolean)
 - `title` (String)
 
-<a id="nestedobjatt--projects--members"></a>
-### Nested Schema for `projects.members`
-
-Read-Only:
-
-- `condition` (Set of Object) (see [below for nested schema](#nestedobjatt--projects--members--condition))
-- `member` (String)
-- `role` (String)
-
-<a id="nestedobjatt--projects--members--condition"></a>
-### Nested Schema for `projects.members.condition`
-
-Read-Only:
-
-- `database` (String)
-- `expire_timestamp` (String)
-- `row_limit` (Number)
-- `schema` (String)
-- `tables` (Set of String)
-
 

docs/data-sources/user.md

@@ -27,7 +27,6 @@ The user data source.
 - `last_login_time` (String) The user last login time.
 - `mfa_enabled` (Boolean) The mfa_enabled flag means if the user has enabled MFA.
 - `phone` (String) The user phone.
-- `roles` (Set of String) The user's roles in the workspace level
 - `source` (String) Source means where the user comes from. For now we support Entra ID SCIM sync, so the source could be Entra ID.
 - `state` (String) The user is deleted or not.
 - `title` (String) The user title.

docs/data-sources/user_list.md

@@ -39,7 +39,6 @@ Read-Only:
 - `mfa_enabled` (Boolean)
 - `name` (String)
 - `phone` (String)
-- `roles` (Set of String)
 - `source` (String)
 - `state` (String)
 - `title` (String)

docs/resources/group.md

@@ -24,7 +24,6 @@ The group resource. Workspace domain is required for creating groups.
 ### Optional
 
 - `description` (String) The group description.
-- `roles` (Set of String) The group's roles in the workspace level
 
 ### Read-Only
 

docs/resources/iam_policy.md

@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bytebase_iam_policy Resource - terraform-provider-bytebase"
+subcategory: ""
+description: |-
+  The IAM policy resource.
+---
+
+# bytebase_iam_policy (Resource)
+
+The IAM policy resource.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `parent` (String) The IAM policy parent name for the policy, support "projects/{resource id}" or "workspaces/-"
+
+### Optional
+
+- `iam_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--iam_policy))
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--iam_policy"></a>
+### Nested Schema for `iam_policy`
+
+Optional:
+
+- `binding` (Block Set) The binding in the IAM policy. (see [below for nested schema](#nestedblock--iam_policy--binding))
+
+<a id="nestedblock--iam_policy--binding"></a>
+### Nested Schema for `iam_policy.binding`
+
+Optional:
+
+- `condition` (Block Set) Match the condition limit. (see [below for nested schema](#nestedblock--iam_policy--binding--condition))
+- `members` (Set of String) A set of memebers. The value can be "allUsers", "user:{email}" or "group:{email}".
+- `role` (String) The role full name in roles/{id} format.
+
+<a id="nestedblock--iam_policy--binding--condition"></a>
+### Nested Schema for `iam_policy.binding.condition`
+
+Optional:
+
+- `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
+- `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
+- `row_limit` (Number) The export row limit for exporter role
+- `schema` (String) The accessible schema in the database
+- `tables` (Set of String) The accessible table list
+
+

docs/resources/project.md

@@ -27,7 +27,6 @@ The project resource.
 - `auto_resolve_issue` (Boolean) Enable auto resolve issue.
 - `databases` (Set of String) The databases full name in the resource.
 - `enforce_issue_title` (Boolean) Enforce issue title created by user instead of generated by Bytebase.
-- `members` (Block Set) The members in the project. (see [below for nested schema](#nestedblock--members))
 - `postgres_database_tenant_mode` (Boolean) Whether to enable the database tenant mode for PostgreSQL. If enabled, the issue will be created with the pre-appended "set role <db_owner>" statement.
 - `skip_backup_errors` (Boolean) Whether to skip backup errors and continue the data migration.
 
@@ -36,24 +35,4 @@ The project resource.
 - `id` (String) The ID of this resource.
 - `name` (String) The project full name in projects/{resource id} format.
 
-<a id="nestedblock--members"></a>
-### Nested Schema for `members`
-
-Optional:
-
-- `condition` (Block Set) Match the condition limit. (see [below for nested schema](#nestedblock--members--condition))
-- `member` (String) The member in user:{email} or group:{email} format.
-- `role` (String) The role full name in roles/{id} format.
-
-<a id="nestedblock--members--condition"></a>
-### Nested Schema for `members.condition`
-
-Optional:
-
-- `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
-- `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
-- `row_limit` (Number) The export row limit for exporter role
-- `schema` (String) The accessible schema in the database
-- `tables` (Set of String) The accessible table list
-
 

docs/resources/user.md

@@ -24,7 +24,6 @@ The user resource.
 
 - `password` (String, Sensitive) The user login password.
 - `phone` (String) The user phone.
-- `roles` (Set of String) The user's roles in the workspace level
 - `type` (String) The user type.
 
 ### Read-Only

examples/database/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.22"
+      version = "1.0.23"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/environments/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.22"
+      version = "1.0.23"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/groups/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.22"
+      version = "1.0.23"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/iamPolicy/main.tf

@@ -0,0 +1,34 @@
+terraform {
+  required_providers {
+    bytebase = {
+      version = "1.0.23"
+      # For local development, please use "terraform.local/bytebase/bytebase" instead
+      source = "registry.terraform.io/bytebase/bytebase"
+    }
+  }
+}
+
+provider "bytebase" {
+  # You need to replace the account and key with your Bytebase service account.
+  service_account = "[email protected]"
+  service_key     = "bbs_BxVIp7uQsARl8nR92ZZV"
+  # The Bytebase service URL. You can use the external URL in production.
+  # Check the docs about external URL: https://www.bytebase.com/docs/get-started/install/external-url
+  url = "https://bytebase.example.com"
+}
+
+data "bytebase_iam_policy" "workspace_iam" {
+  parent = "workspaces/-"
+}
+
+output "workspace_iam" {
+  value = data.bytebase_iam_policy.workspace_iam
+}
+
+data "bytebase_iam_policy" "project_iam" {
+  parent = "projects/project-sample"
+}
+
+output "project_iam" {
+  value = data.bytebase_iam_policy.project_iam
+}

examples/instances/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.22"
+      version = "1.0.23"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/policies/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.22"
+      version = "1.0.23"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }
@@ -27,7 +27,8 @@ output "masking_exception_policy" {
 }
 
 data "bytebase_policy" "global_masking_policy" {
-  type = "MASKING_RULE"
+  parent = "workspaces/-"
+  type   = "MASKING_RULE"
 }
 
 output "global_masking_policy" {

examples/projects/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.22"
+      version = "1.0.23"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/roles/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.22"
+      version = "1.0.23"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/settings/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.22"
+      version = "1.0.23"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }