-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature: temporalcloud_user_namespace_access
This PR addresses #119, #116, and #115 by decoupling the definition of user accesses from the user itself, via a new resource: `temporalcloud_user_namespace_access`. This resource is intended to provide a many-to-many mapping between namespaces and users. Under the hood, this resource is manipulating a single User object via the API (as the underlying data model stashes all namespaces accesses on the user object), while also preserving the invariant that adding or removing a single user from a single namespace won't obliterate the list of permissions that a user has. I do intend to write some more tests but I wanted to get this out quickly for review for some fast feedback before I write a bunch of tests that exercise things that might change in review.
- Loading branch information
1 parent
cab53e3
commit 678da87
Showing
9 changed files
with
543 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "temporalcloud_user_namespace_access Resource - terraform-provider-temporalcloud" | ||
subcategory: "" | ||
description: |- | ||
--- | ||
|
||
# temporalcloud_user_namespace_access (Resource) | ||
|
||
|
||
|
||
## Example Usage | ||
|
||
```terraform | ||
terraform { | ||
required_providers { | ||
temporalcloud = { | ||
source = "temporalio/temporalcloud" | ||
} | ||
} | ||
} | ||
provider "temporalcloud" { | ||
} | ||
resource "temporalcloud_namespace" "terraform" { | ||
name = "terraform-users" | ||
regions = ["aws-us-east-1"] | ||
accepted_client_ca = base64encode(file("${path.module}/ca.pem")) | ||
retention_days = 14 | ||
} | ||
resource "temporalcloud_namespace" "second_ns" { | ||
name = "terraform-users-2" | ||
regions = ["aws-us-east-1"] | ||
accepted_client_ca = base64encode(file("${path.module}/ca.pem")) | ||
retention_days = 14 | ||
} | ||
resource "temporalcloud_user" "namespace_admin" { | ||
email = "[email protected]" | ||
account_access = "developer" | ||
} | ||
resource "temporalcloud_user" "namespace_write" { | ||
email = "[email protected]" | ||
account_access = "developer" | ||
} | ||
resource "temporalcloud_user" "namespace_read" { | ||
email = "[email protected]" | ||
account_access = "developer" | ||
} | ||
resource "temporalcloud_user_namespace_access" "admin" { | ||
user_id = temporalcloud_user.namespace_admin.id | ||
namespace_id = temporalcloud_namespace.terraform.id | ||
permission = "admin" | ||
} | ||
resource "temporalcloud_user_namespace_access" "write" { | ||
user_id = temporalcloud_user.namespace_write.id | ||
namespace_id = temporalcloud_namespace.terraform.id | ||
permission = "write" | ||
} | ||
resource "temporalcloud_user_namespace_access" "read" { | ||
user_id = temporalcloud_user.namespace_read.id | ||
namespace_id = temporalcloud_namespace.terraform.id | ||
permission = "read" | ||
} | ||
resource "temporalcloud_user_namespace_access" "read_second_ns" { | ||
user_id = temporalcloud_user.namespace_read.id | ||
namespace_id = temporalcloud_namespace.second_ns.id | ||
permission = "read" | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `namespace_id` (String) The ID of the namespace to which this user should be given the requested role | ||
- `permission` (String) The permission to grant the user in the namespace | ||
- `user_id` (String) The ID of the user to which this namespace access should be granted | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The unique identifier for the user namespace access. | ||
|
||
## Import | ||
|
||
Import is supported using the following syntax: | ||
|
||
```shell | ||
terraform import temporalcloud_user_namespace_access myuserid/terraform.badf00d | ||
``` |
12 changes: 12 additions & 0 deletions
12
examples/resources/temporalcloud_user_namespace_access/ca.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIBxjCCAU2gAwIBAgIRAlyZ5KUmunPLeFAupDwGL8AwCgYIKoZIzj0EAwMwEjEQ | ||
MA4GA1UEChMHdGVzdGluZzAeFw0yNDA4MTMyMzQ2NThaFw0yNTA4MTMyMzQ3NTha | ||
MBIxEDAOBgNVBAoTB3Rlc3RpbmcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARG+EuL | ||
uKRsNWs7Rbz6ciaJQB7QINTRLmTgGGE8H/wAs+KjvctjPdDdqFPZrxShRY3PUdk2 | ||
pgQKRugMTe3N52pxBx4Iablz8felfdv4kyLQbdsJzY9XmCYX3D68/9Hxsl2jZzBl | ||
MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSYC5/u | ||
K78bK1M8Fv1M6ELMjF2ZMDAjBgNVHREEHDAaghhjbGllbnQucm9vdC50ZXN0aW5n | ||
LjBycDUwCgYIKoZIzj0EAwMDZwAwZAIwSycjxxmYTgV5eSJbaGMINr5LQgyKQUHQ | ||
ryBKSGLKASa/e2ntyhsqRhj77gJ8DmkZAjAIlpDacF+Sq1kpZ5tMV7ZLElcujzj4 | ||
US8pEmNuIiCguEGwi+pb5CWfabETEHApxmo= | ||
-----END CERTIFICATE----- |
1 change: 1 addition & 0 deletions
1
examples/resources/temporalcloud_user_namespace_access/import.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
terraform import temporalcloud_user_namespace_access myuserid/terraform.badf00d |
63 changes: 63 additions & 0 deletions
63
examples/resources/temporalcloud_user_namespace_access/resource.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
terraform { | ||
required_providers { | ||
temporalcloud = { | ||
source = "temporalio/temporalcloud" | ||
} | ||
} | ||
} | ||
|
||
provider "temporalcloud" { | ||
} | ||
|
||
resource "temporalcloud_namespace" "terraform" { | ||
name = "terraform-users" | ||
regions = ["aws-us-east-1"] | ||
accepted_client_ca = base64encode(file("${path.module}/ca.pem")) | ||
retention_days = 14 | ||
} | ||
|
||
resource "temporalcloud_namespace" "second_ns" { | ||
name = "terraform-users-2" | ||
regions = ["aws-us-east-1"] | ||
accepted_client_ca = base64encode(file("${path.module}/ca.pem")) | ||
retention_days = 14 | ||
} | ||
|
||
resource "temporalcloud_user" "namespace_admin" { | ||
email = "[email protected]" | ||
account_access = "developer" | ||
} | ||
|
||
resource "temporalcloud_user" "namespace_write" { | ||
email = "[email protected]" | ||
account_access = "developer" | ||
} | ||
|
||
resource "temporalcloud_user" "namespace_read" { | ||
email = "[email protected]" | ||
account_access = "developer" | ||
} | ||
|
||
resource "temporalcloud_user_namespace_access" "admin" { | ||
user_id = temporalcloud_user.namespace_admin.id | ||
namespace_id = temporalcloud_namespace.terraform.id | ||
permission = "admin" | ||
} | ||
|
||
resource "temporalcloud_user_namespace_access" "write" { | ||
user_id = temporalcloud_user.namespace_write.id | ||
namespace_id = temporalcloud_namespace.terraform.id | ||
permission = "write" | ||
} | ||
|
||
resource "temporalcloud_user_namespace_access" "read" { | ||
user_id = temporalcloud_user.namespace_read.id | ||
namespace_id = temporalcloud_namespace.terraform.id | ||
permission = "read" | ||
} | ||
|
||
resource "temporalcloud_user_namespace_access" "read_second_ns" { | ||
user_id = temporalcloud_user.namespace_read.id | ||
namespace_id = temporalcloud_namespace.second_ns.id | ||
permission = "read" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.