Skip to content

feat: support IAM policy resource #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Apr 24, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.0.22
1.0.23
1 change: 0 additions & 1 deletion docs/data-sources/group.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ The group data source.
- `description` (String) The group description.
- `id` (String) The ID of this resource.
- `members` (Set of Object) The members in the group. (see [below for nested schema](#nestedatt--members))
- `roles` (Set of String) The group's roles in the workspace level
- `source` (String) Source means where the group comes from. For now we support Entra ID SCIM sync, so the source could be Entra ID.
- `title` (String) The group title.

Expand Down
1 change: 0 additions & 1 deletion docs/data-sources/group_list.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ Read-Only:
- `description` (String)
- `members` (Set of Object) (see [below for nested schema](#nestedobjatt--groups--members))
- `name` (String)
- `roles` (Set of String)
- `source` (String)
- `title` (String)

Expand Down
57 changes: 57 additions & 0 deletions docs/data-sources/iam_policy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "bytebase_iam_policy Data Source - terraform-provider-bytebase"
subcategory: ""
description: |-
The IAM policy data source.
---

# bytebase_iam_policy (Data Source)

The IAM policy data source.



<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `parent` (String) The IAM policy parent name for the policy, support "projects/{resource id}" or "workspaces/-"

### Optional

- `iam_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--iam_policy))

### Read-Only

- `id` (String) The ID of this resource.

<a id="nestedblock--iam_policy"></a>
### Nested Schema for `iam_policy`

Optional:

- `binding` (Block Set) The binding in the IAM policy. (see [below for nested schema](#nestedblock--iam_policy--binding))

<a id="nestedblock--iam_policy--binding"></a>
### Nested Schema for `iam_policy.binding`

Optional:

- `condition` (Block Set) Match the condition limit. (see [below for nested schema](#nestedblock--iam_policy--binding--condition))
- `members` (Set of String) A set of memebers. The value can be "allUsers", "user:{email}" or "group:{email}".
- `role` (String) The role full name in roles/{id} format.

<a id="nestedblock--iam_policy--binding--condition"></a>
### Nested Schema for `iam_policy.binding.condition`

Optional:

- `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
- `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
- `row_limit` (Number) The export row limit for exporter role
- `schema` (String) The accessible schema in the database
- `tables` (Set of String) The accessible table list


21 changes: 0 additions & 21 deletions docs/data-sources/project.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,30 +27,9 @@ The project data source.
- `databases` (Set of String) The databases full name in the resource.
- `enforce_issue_title` (Boolean) Enforce issue title created by user instead of generated by Bytebase.
- `id` (String) The ID of this resource.
- `members` (Set of Object) The members in the project. (see [below for nested schema](#nestedatt--members))
- `name` (String) The project full name in projects/{resource id} format.
- `postgres_database_tenant_mode` (Boolean) Whether to enable the database tenant mode for PostgreSQL. If enabled, the issue will be created with the pre-appended "set role <db_owner>" statement.
- `skip_backup_errors` (Boolean) Whether to skip backup errors and continue the data migration.
- `title` (String) The project title.

<a id="nestedatt--members"></a>
### Nested Schema for `members`

Read-Only:

- `condition` (Set of Object) (see [below for nested schema](#nestedobjatt--members--condition))
- `member` (String)
- `role` (String)

<a id="nestedobjatt--members--condition"></a>
### Nested Schema for `members.condition`

Read-Only:

- `database` (String)
- `expire_timestamp` (String)
- `row_limit` (Number)
- `schema` (String)
- `tables` (Set of String)


21 changes: 0 additions & 21 deletions docs/data-sources/project_list.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,31 +36,10 @@ Read-Only:
- `auto_resolve_issue` (Boolean)
- `databases` (Set of String)
- `enforce_issue_title` (Boolean)
- `members` (Set of Object) (see [below for nested schema](#nestedobjatt--projects--members))
- `name` (String)
- `postgres_database_tenant_mode` (Boolean)
- `resource_id` (String)
- `skip_backup_errors` (Boolean)
- `title` (String)

<a id="nestedobjatt--projects--members"></a>
### Nested Schema for `projects.members`

Read-Only:

- `condition` (Set of Object) (see [below for nested schema](#nestedobjatt--projects--members--condition))
- `member` (String)
- `role` (String)

<a id="nestedobjatt--projects--members--condition"></a>
### Nested Schema for `projects.members.condition`

Read-Only:

- `database` (String)
- `expire_timestamp` (String)
- `row_limit` (Number)
- `schema` (String)
- `tables` (Set of String)


1 change: 0 additions & 1 deletion docs/data-sources/user.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ The user data source.
- `last_login_time` (String) The user last login time.
- `mfa_enabled` (Boolean) The mfa_enabled flag means if the user has enabled MFA.
- `phone` (String) The user phone.
- `roles` (Set of String) The user's roles in the workspace level
- `source` (String) Source means where the user comes from. For now we support Entra ID SCIM sync, so the source could be Entra ID.
- `state` (String) The user is deleted or not.
- `title` (String) The user title.
Expand Down
1 change: 0 additions & 1 deletion docs/data-sources/user_list.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ Read-Only:
- `mfa_enabled` (Boolean)
- `name` (String)
- `phone` (String)
- `roles` (Set of String)
- `source` (String)
- `state` (String)
- `title` (String)
Expand Down
1 change: 0 additions & 1 deletion docs/resources/group.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ The group resource. Workspace domain is required for creating groups.
### Optional

- `description` (String) The group description.
- `roles` (Set of String) The group's roles in the workspace level

### Read-Only

Expand Down
57 changes: 57 additions & 0 deletions docs/resources/iam_policy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "bytebase_iam_policy Resource - terraform-provider-bytebase"
subcategory: ""
description: |-
The IAM policy resource.
---

# bytebase_iam_policy (Resource)

The IAM policy resource.



<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `parent` (String) The IAM policy parent name for the policy, support "projects/{resource id}" or "workspaces/-"

### Optional

- `iam_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--iam_policy))

### Read-Only

- `id` (String) The ID of this resource.

<a id="nestedblock--iam_policy"></a>
### Nested Schema for `iam_policy`

Optional:

- `binding` (Block Set) The binding in the IAM policy. (see [below for nested schema](#nestedblock--iam_policy--binding))

<a id="nestedblock--iam_policy--binding"></a>
### Nested Schema for `iam_policy.binding`

Optional:

- `condition` (Block Set) Match the condition limit. (see [below for nested schema](#nestedblock--iam_policy--binding--condition))
- `members` (Set of String) A set of memebers. The value can be "allUsers", "user:{email}" or "group:{email}".
- `role` (String) The role full name in roles/{id} format.

<a id="nestedblock--iam_policy--binding--condition"></a>
### Nested Schema for `iam_policy.binding.condition`

Optional:

- `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
- `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
- `row_limit` (Number) The export row limit for exporter role
- `schema` (String) The accessible schema in the database
- `tables` (Set of String) The accessible table list


21 changes: 0 additions & 21 deletions docs/resources/project.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ The project resource.
- `auto_resolve_issue` (Boolean) Enable auto resolve issue.
- `databases` (Set of String) The databases full name in the resource.
- `enforce_issue_title` (Boolean) Enforce issue title created by user instead of generated by Bytebase.
- `members` (Block Set) The members in the project. (see [below for nested schema](#nestedblock--members))
- `postgres_database_tenant_mode` (Boolean) Whether to enable the database tenant mode for PostgreSQL. If enabled, the issue will be created with the pre-appended "set role <db_owner>" statement.
- `skip_backup_errors` (Boolean) Whether to skip backup errors and continue the data migration.

Expand All @@ -36,24 +35,4 @@ The project resource.
- `id` (String) The ID of this resource.
- `name` (String) The project full name in projects/{resource id} format.

<a id="nestedblock--members"></a>
### Nested Schema for `members`

Optional:

- `condition` (Block Set) Match the condition limit. (see [below for nested schema](#nestedblock--members--condition))
- `member` (String) The member in user:{email} or group:{email} format.
- `role` (String) The role full name in roles/{id} format.

<a id="nestedblock--members--condition"></a>
### Nested Schema for `members.condition`

Optional:

- `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
- `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
- `row_limit` (Number) The export row limit for exporter role
- `schema` (String) The accessible schema in the database
- `tables` (Set of String) The accessible table list


1 change: 0 additions & 1 deletion docs/resources/user.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ The user resource.

- `password` (String, Sensitive) The user login password.
- `phone` (String) The user phone.
- `roles` (Set of String) The user's roles in the workspace level
- `type` (String) The user type.

### Read-Only
Expand Down
2 changes: 1 addition & 1 deletion examples/database/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
terraform {
required_providers {
bytebase = {
version = "1.0.22"
version = "1.0.23"
# For local development, please use "terraform.local/bytebase/bytebase" instead
source = "registry.terraform.io/bytebase/bytebase"
}
Expand Down
2 changes: 1 addition & 1 deletion examples/environments/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
terraform {
required_providers {
bytebase = {
version = "1.0.22"
version = "1.0.23"
# For local development, please use "terraform.local/bytebase/bytebase" instead
source = "registry.terraform.io/bytebase/bytebase"
}
Expand Down
2 changes: 1 addition & 1 deletion examples/groups/main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
terraform {
required_providers {
bytebase = {
version = "1.0.22"
version = "1.0.23"
# For local development, please use "terraform.local/bytebase/bytebase" instead
source = "registry.terraform.io/bytebase/bytebase"
}
Expand Down
34 changes: 34 additions & 0 deletions examples/iamPolicy/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
terraform {
required_providers {
bytebase = {
version = "1.0.23"
# For local development, please use "terraform.local/bytebase/bytebase" instead
source = "registry.terraform.io/bytebase/bytebase"
}
}
}

provider "bytebase" {
# You need to replace the account and key with your Bytebase service account.
service_account = "[email protected]"
service_key = "bbs_BxVIp7uQsARl8nR92ZZV"
# The Bytebase service URL. You can use the external URL in production.
# Check the docs about external URL: https://www.bytebase.com/docs/get-started/install/external-url
url = "https://bytebase.example.com"
}

data "bytebase_iam_policy" "workspace_iam" {
parent = "workspaces/-"
}

output "workspace_iam" {
value = data.bytebase_iam_policy.workspace_iam
}

data "bytebase_iam_policy" "project_iam" {
parent = "projects/project-sample"
}

output "project_iam" {
value = data.bytebase_iam_policy.project_iam
}
2 changes: 1 addition & 1 deletion examples/instances/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
terraform {
required_providers {
bytebase = {
version = "1.0.22"
version = "1.0.23"
# For local development, please use "terraform.local/bytebase/bytebase" instead
source = "registry.terraform.io/bytebase/bytebase"
}
Expand Down
5 changes: 3 additions & 2 deletions examples/policies/main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
terraform {
required_providers {
bytebase = {
version = "1.0.22"
version = "1.0.23"
# For local development, please use "terraform.local/bytebase/bytebase" instead
source = "registry.terraform.io/bytebase/bytebase"
}
Expand All @@ -27,7 +27,8 @@ output "masking_exception_policy" {
}

data "bytebase_policy" "global_masking_policy" {
type = "MASKING_RULE"
parent = "workspaces/-"
type = "MASKING_RULE"
}

output "global_masking_policy" {
Expand Down
2 changes: 1 addition & 1 deletion examples/projects/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
terraform {
required_providers {
bytebase = {
version = "1.0.22"
version = "1.0.23"
# For local development, please use "terraform.local/bytebase/bytebase" instead
source = "registry.terraform.io/bytebase/bytebase"
}
Expand Down
2 changes: 1 addition & 1 deletion examples/roles/main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
terraform {
required_providers {
bytebase = {
version = "1.0.22"
version = "1.0.23"
# For local development, please use "terraform.local/bytebase/bytebase" instead
source = "registry.terraform.io/bytebase/bytebase"
}
Expand Down
2 changes: 1 addition & 1 deletion examples/settings/main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
terraform {
required_providers {
bytebase = {
version = "1.0.22"
version = "1.0.23"
# For local development, please use "terraform.local/bytebase/bytebase" instead
source = "registry.terraform.io/bytebase/bytebase"
}
Expand Down
Loading