PLT-1866: Added automatic role binding support in platform settings

docs/resources/platform_setting.md

@@ -47,6 +47,7 @@ resource "spectrocloud_platform_setting" "platform_settings" {
 
 ### Optional
 
+- `automatic_cluster_role_binding` (Boolean) Enables automatic cluster role binding for clusters deployed under a tenant or project. Setting it to `false` disables automatic cluster role binding.
 - `cluster_auto_remediation` (Boolean) Enables automatic remediation for unhealthy nodes in Palette-provisioned clusters by replacing them with new nodes. Disabling this feature prevents auto-remediation. Not applicable to `EKS`, `AKS`, or `TKE` clusters.
 - `context` (String) Defines the scope of the platform setting. Valid values are `project` or `tenant`. By default, it is set to `tenant`. If  the `project` context is specified, the project name will sourced from the provider configuration parameter [`project_name`](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs#schema).
 - `enable_auto_remediation` (Boolean) Enables automatic remediation. set only with `project' context

examples/resources/spectrocloud_platform_setting/resource.tf

@@ -1,12 +1,13 @@
 resource "spectrocloud_platform_setting" "platform_settings" {
-  context                  = "tenant"
-  enable_auto_remediation  = true
-  session_timeout          = 230
-  cluster_auto_remediation = false
-  non_fips_addon_pack      = true
-  non_fips_features        = true
-  non_fips_cluster_import  = true
-  pause_agent_upgrades     = "lock"
+  context                        = "tenant"
+  enable_auto_remediation        = true
+  session_timeout                = 230
+  cluster_auto_remediation       = false
+  automatic_cluster_role_binding = false
+  non_fips_addon_pack            = true
+  non_fips_features              = true
+  non_fips_cluster_import        = true
+  pause_agent_upgrades           = "lock"
   login_banner {
     title   = "test"
     message = "test"

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0
 	github.com/robfig/cron v1.2.0
-	github.com/spectrocloud/palette-sdk-go v0.0.0-20250804050913-1ddc51bd0edf
+	github.com/spectrocloud/palette-sdk-go v0.0.0-20250807115924-b2e6484bc259
 	github.com/stretchr/testify v1.10.0
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools v2.2.0+incompatible

go.sum

@@ -597,8 +597,8 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250804050913-1ddc51bd0edf h1:1T3AyqVCWFjz1PHyYFJ4fRZuHDX1qsV7clSQBMjVdqk=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250804050913-1ddc51bd0edf/go.mod h1:wIt8g7I7cmcQvTo5ktwhSF0/bWq6uRdxGBs9dwTpleU=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250807115924-b2e6484bc259 h1:9Z1ZKmmkl5wLNhnMyyXZnslEVPlqRtnxZg7Rgc5zOWY=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250807115924-b2e6484bc259/go.mod h1:wIt8g7I7cmcQvTo5ktwhSF0/bWq6uRdxGBs9dwTpleU=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=

spectrocloud/resource_platform_setting.go

@@ -63,6 +63,12 @@ func resourcePlatformSetting() *schema.Resource {
 				Description: "Enables automatic remediation for unhealthy nodes in Palette-provisioned clusters by replacing them with new nodes. " +
 					"Disabling this feature prevents auto-remediation. Not applicable to `EKS`, `AKS`, or `TKE` clusters.",
 			},
+			"automatic_cluster_role_binding": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Enables automatic cluster role binding for clusters deployed under a tenant or project. Setting it to `false` disables automatic cluster role binding.",
+			},
 			"non_fips_addon_pack": {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -141,6 +147,20 @@ func updatePlatformSettings(d *schema.ResourceData, m interface{}) diag.Diagnost
 			}
 		}
 
+		if automaticClusterRoleBinding, ok := d.GetOk("automatic_cluster_role_binding"); ok {
+			var bindingMode string
+			if automaticClusterRoleBinding.(bool) {
+				bindingMode = "enabled"
+			} else {
+				bindingMode = "disabled"
+			}
+			err = c.UpdateAutomaticClusterRoleBinding(tenantUID,
+				&models.V1TenantClusterRbacSettings{AutomaticClusterRoleBinding: &bindingMode})
+			if err != nil {
+				return diag.FromErr(err)
+			}
+		}
+
 		loginBanner := d.Get("login_banner").([]interface{})
 		// login banner
 		if len(loginBanner) == 1 {
@@ -259,6 +279,17 @@ func resourcePlatformSettingRead(ctx context.Context, d *schema.ResourceData, m
 		if err = d.Set("session_timeout", respSessionTimeout.ExpiryTimeMinutes); err != nil {
 			return diag.FromErr(err)
 		}
+
+		// read automatic cluster role binding
+		var respAutomaticClusterRoleBinding *models.V1TenantClusterRbacSettings
+		respAutomaticClusterRoleBinding, err = c.GetAutomaticClusterRoleBinding(tenantUID)
+		if err != nil {
+			return handleReadError(d, err, diags)
+		}
+		if err = d.Set("automatic_cluster_role_binding", respAutomaticClusterRoleBinding.AutomaticClusterRoleBinding != nil && *respAutomaticClusterRoleBinding.AutomaticClusterRoleBinding == "enabled"); err != nil {
+			return diag.FromErr(err)
+		}
+
 		// read login banner
 		var respLoginBanner *models.V1LoginBannerSettings
 		respLoginBanner, err = c.GetLoginBanner(tenantUID)
@@ -367,6 +398,22 @@ func resourcePlatformSettingUpdate(ctx context.Context, d *schema.ResourceData,
 				}
 			}
 		}
+
+		if ok := d.HasChange("automatic_cluster_role_binding"); ok {
+			automaticClusterRoleBinding := d.Get("automatic_cluster_role_binding")
+			var bindingMode string
+			if automaticClusterRoleBinding.(bool) {
+				bindingMode = "enabled"
+			} else {
+				bindingMode = "disabled"
+			}
+			err = c.UpdateAutomaticClusterRoleBinding(tenantUID,
+				&models.V1TenantClusterRbacSettings{AutomaticClusterRoleBinding: &bindingMode})
+			if err != nil {
+				return diag.FromErr(err)
+			}
+		}
+
 		if d.HasChange("login_banner") {
 			loginBanner := d.Get("login_banner").([]interface{})
 			// login banner
@@ -466,6 +513,13 @@ func updatePlatformSettingsDefault(d *schema.ResourceData, m interface{}) diag.D
 			return diag.FromErr(err)
 		}
 
+		bindingMode := "disabled"
+		err = c.UpdateAutomaticClusterRoleBinding(tenantUID,
+			&models.V1TenantClusterRbacSettings{AutomaticClusterRoleBinding: &bindingMode})
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
 		bannerSetting := &models.V1LoginBannerSettings{
 			Message:   "",
 			IsEnabled: false,