Skip to content

Commit

Permalink
Add the service_account resource
Browse files Browse the repository at this point in the history
The cockroach_service_account resource allows the creation of service
accounts via terraform.
  • Loading branch information
fantapop committed May 2, 2024
1 parent edff5b1 commit 951ea20
Show file tree
Hide file tree
Showing 12 changed files with 592 additions and 6 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## Added

- The [cockroach_service_account](https://registry.terraform.io/providers/cockroachdb/cockroach/latest/docs/resources/service_account)
resource was added.

- Added `delete_protection` to the Cluster resource and data source. When set
to true, attempts to delete the cluster will fail. Set to false to disable
delete protection.
Expand Down
57 changes: 57 additions & 0 deletions docs/resources/service_account.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "cockroach_service_account Resource - terraform-provider-cockroach"
subcategory: ""
description: |-
CockroachDB Cloud service account. A service account represents a non-person user. By default a service account has no access but it can be accompanied by either a cockroachuserrole_grants user_role_grants resource or any number of cockroachuserrole_grant user_role_grant resources to grant it roles.
---

# cockroach_service_account (Resource)

CockroachDB Cloud service account. A service account represents a non-person user. By default a service account has no access but it can be accompanied by either a [cockroach_user_role_grants](user_role_grants) resource or any number of [cockroach_user_role_grant](user_role_grant) resources to grant it roles.

## Example Usage

```terraform
resource "cockroach_service_account" "prod_sa" {
name = "Prod cluster SA"
description = "A service account used for managing access to the prod cluster"
}
resource "cockroach_user_role_grants" "prod_sa" {
user_id = cockroach_service_account.prod_sa.id
roles = [
{
role_name = "CLUSTER_ADMIN",
resource_type = "CLUSTER",
resource_id = cockroach_cluster.prod.id
}
]
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `name` (String) Name of the service account.

### Optional

- `description` (String) Description of the service account.

### Read-Only

- `created_at` (String) Creation time of the service account.
- `creator_name` (String) Name of the creator of the service account.
- `id` (String) The ID of this resource.

## Import

Import is supported using the following syntax:

```shell
# format <resource> <service account id>
terraform import cockroach_service_account.api_service_account 1f69fdd2-600a-4cfc-a9ba-16995df0d77d
```
4 changes: 2 additions & 2 deletions docs/resources/user_role_grant.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@
page_title: "cockroach_user_role_grant Resource - terraform-provider-cockroach"
subcategory: ""
description: |-
A role grant for a user. This resource is recommended to be used when a user's roles are managed across multiple terraform projects or in conjunction with console UI granted roles. For authoritative management over a user's roles, use the userrolegrants user_role_grants resource.
A role grant for a user. This resource is recommended to be used when a user's roles are managed across multiple terraform projects or in conjunction with console UI granted roles. For authoritative management over a user's roles, use the cockroachuserrole_grants user_role_grants resource.
As with all terraform resources, care must be taken to limit management of the same resource to a single project.
---

# cockroach_user_role_grant (Resource)

A role grant for a user. This resource is recommended to be used when a user's roles are managed across multiple terraform projects or in conjunction with console UI granted roles. For authoritative management over a user's roles, use the [user_role_grants](user_role_grants) resource.
A role grant for a user. This resource is recommended to be used when a user's roles are managed across multiple terraform projects or in conjunction with console UI granted roles. For authoritative management over a user's roles, use the [cockroach_user_role_grants](user_role_grants) resource.

As with all terraform resources, care must be taken to limit management of the same resource to a single project.

Expand Down
4 changes: 2 additions & 2 deletions docs/resources/user_role_grants.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@
page_title: "cockroach_user_role_grants Resource - terraform-provider-cockroach"
subcategory: ""
description: |-
Manage all the role grants for a user. This resource is authoritative. If role grants are added elsewhere, for example, via the console UI or another terraform project, using this resource will try to reset them. Use the userrolegrant user_role_grant resource for non-authoritative role grants.
Manage all the role grants for a user. This resource is authoritative. If role grants are added elsewhere, for example, via the console UI or another terraform project, using this resource will try to reset them. Use the cockroachuserrole_grant user_role_grant resource for non-authoritative role grants.
---

# cockroach_user_role_grants (Resource)

Manage all the role grants for a user. This resource is authoritative. If role grants are added elsewhere, for example, via the console UI or another terraform project, using this resource will try to reset them. Use the [user_role_grant](user_role_grant) resource for non-authoritative role grants.
Manage all the role grants for a user. This resource is authoritative. If role grants are added elsewhere, for example, via the console UI or another terraform project, using this resource will try to reset them. Use the [cockroach_user_role_grant](user_role_grant) resource for non-authoritative role grants.

## Example Usage

Expand Down
2 changes: 2 additions & 0 deletions examples/resources/cockroach_service_account/import.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# format <resource> <service account id>
terraform import cockroach_service_account.api_service_account 1f69fdd2-600a-4cfc-a9ba-16995df0d77d
15 changes: 15 additions & 0 deletions examples/resources/cockroach_service_account/resource.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
resource "cockroach_service_account" "prod_sa" {
name = "Prod cluster SA"
description = "A service account used for managing access to the prod cluster"
}

resource "cockroach_user_role_grants" "prod_sa" {
user_id = cockroach_service_account.prod_sa.id
roles = [
{
role_name = "CLUSTER_ADMIN",
resource_type = "CLUSTER",
resource_id = cockroach_cluster.prod.id
}
]
}
8 changes: 8 additions & 0 deletions internal/provider/models.go
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,14 @@ type IdentityMapEntry struct {
IsRegex types.Bool `tfsdk:"is_regex"`
}

type ServiceAccount struct {
ID types.String `tfsdk:"id"`
Name types.String `tfsdk:"name"`
Description types.String `tfsdk:"description"`
CreatedAt types.String `tfsdk:"created_at"`
CreatorName types.String `tfsdk:"creator_name"`
}

func (e *APIErrorMessage) String() string {
return fmt.Sprintf("%v-%v", e.Code, e.Message)
}
1 change: 1 addition & 0 deletions internal/provider/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ func (p *provider) Resources(_ context.Context) []func() resource.Resource {
NewVersionDeferralResource,
NewFolderResource,
NewApiOidcConfigResource,
NewServiceAccountResource,
}
}

Expand Down
Loading

0 comments on commit 951ea20

Please sign in to comment.