Skip to content

Commit

Permalink
chore(): refactor iam policy docs to include warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
@newtonnthiga
newtonnthiga committed Apr 30, 2024
1 parent 1da461b commit e0ec15e
Show file tree
Hide file tree
Showing 18 changed files with 306 additions and 92 deletions.
24 changes: 20 additions & 4 deletions docs/resources/google_bigtable_table_iam_binding.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@
page_title: "alis_google_bigtable_table_iam_binding Resource - alis"
subcategory: ""
description: |-
Authoritative for a given role. Updates the IAM policy to grant a role to a list of members.
Other roles within the IAM policy for the table are preserved.
---

# alis_google_bigtable_table_iam_binding (Resource)


Authoritative for a given role. Updates the IAM policy to grant a role to a list of members.
Other roles within the IAM policy for the table are preserved.

## Example Usage

Expand Down Expand Up @@ -41,13 +43,27 @@ output "test_iam" {
}
```

> [!WARNING]
> `alis_google_bigtable_table_iam_policy` cannot be used in conjunction with `alis_google_bigtable_table_iam_binding` and `alis_google_bigtable_table_iam_member` or they will fight over what your policy should be.
> In addition, be careful not to accidentally unset ownership of the table as google_bigtable_table_iam_policy replaces the entire policy.
> [!WARNING]
> `alis_google_bigtable_table_iam_binding` resources can be used in conjunction with `alis_google_bigtable_table_iam_member` resources only if they do not grant privilege to the same role.
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `instance` (String) The Bigtable instance ID.
- `members` (List of String)
- `members` (List of String) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
- allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:{emailId}: An email address that represents a specific Google account.
- serviceAccount:{emailId}: An email address that represents a service account.
- group:{emailId}: An email address that represents a Google group.
- domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- `project` (String) The Google Cloud project ID.
- `role` (String)
- `role` (String) The role that should be applied. Only one `alis_google_bigtable_table_iam_binding` can be used per role.
Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`
- `table` (String) The Bigtable table ID.
22 changes: 18 additions & 4 deletions docs/resources/google_bigtable_table_iam_member.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@
page_title: "alis_google_bigtable_table_iam_member Resource - alis"
subcategory: ""
description: |-
Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.
---

# alis_google_bigtable_table_iam_member (Resource)


Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.

## Example Usage

Expand Down Expand Up @@ -39,13 +39,27 @@ output "test_iam" {
}
```

> [!WARNING]
> `alis_google_bigtable_table_iam_policy` cannot be used in conjunction with `alis_google_bigtable_table_iam_binding` and `alis_google_bigtable_table_iam_member` or they will fight over what your policy should be.
> In addition, be careful not to accidentally unset ownership of the table as google_bigtable_table_iam_policy replaces the entire policy.
> [!WARNING]
> `alis_google_bigtable_table_iam_binding` resources can be used in conjunction with `alis_google_bigtable_table_iam_member` resources only if they do not grant privilege to the same role.
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `instance` (String) The Bigtable instance ID.
- `member` (String)
- `member` (String) Identity that will be granted the privilege in `role`. Can have one of the following values:
- allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
- allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:{emailId}: An email address that represents a specific Google account.
- serviceAccount:{emailId}: An email address that represents a service account.
- group:{emailId}: An email address that represents a Google group.
- domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- `project` (String) The Google Cloud project ID.
- `role` (String)
- `role` (String) The role that should be applied.
Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`
- `table` (String) The Bigtable table ID.
24 changes: 19 additions & 5 deletions docs/resources/google_bigtable_table_iam_policy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@
page_title: "alis_google_bigtable_table_iam_policy Resource - alis"
subcategory: ""
description: |-
Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.
---

# alis_google_bigtable_table_iam_policy (Resource)


Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.

## Example Usage

Expand Down Expand Up @@ -45,12 +45,19 @@ output "test_iam" {
}
```

> [!WARNING]
> `alis_google_bigtable_table_iam_policy` cannot be used in conjunction with `alis_google_bigtable_table_iam_binding` and `alis_google_bigtable_table_iam_member` or they will fight over what your policy should be.
> In addition, be careful not to accidentally unset ownership of the table as google_bigtable_table_iam_policy replaces the entire policy.
> [!WARNING]
> `alis_google_bigtable_table_iam_binding` resources can be used in conjunction with `alis_google_bigtable_table_iam_member` resources only if they do not grant privilege to the same role.
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `bindings` (Attributes List) (see [below for nested schema](#nestedatt--bindings))
- `bindings` (Attributes List) IAM policy bindings to be set on the table. (see [below for nested schema](#nestedatt--bindings))
- `instance` (String) The Bigtable instance ID.
- `project` (String) The Google Cloud project ID.
- `table` (String) The Bigtable table ID.
Expand All @@ -60,5 +67,12 @@ output "test_iam" {

Required:

- `members` (List of String)
- `role` (String)
- `members` (List of String) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
- allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:{emailId}: An email address that represents a specific Google account.
- serviceAccount:{emailId}: An email address that represents a service account.
- group:{emailId}: An email address that represents a Google group.
- domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- `role` (String) The role that should be applied. Only one `alis_google_bigtable_table_iam_binding` can be used per role.
Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`
24 changes: 20 additions & 4 deletions docs/resources/google_spanner_database_iam_binding.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@
page_title: "alis_google_spanner_database_iam_binding Resource - alis"
subcategory: ""
description: |-
Authoritative for a given role. Updates the IAM policy to grant a role to a list of members.
Other roles within the IAM policy for the database are preserved.
---

# alis_google_spanner_database_iam_binding (Resource)


Authoritative for a given role. Updates the IAM policy to grant a role to a list of members.
Other roles within the IAM policy for the database are preserved.

## Example Usage

Expand Down Expand Up @@ -41,13 +43,27 @@ output "test_iam" {
}
```

> [!WARNING]
> `alis_google_spanner_database_iam_policy` cannot be used in conjunction with `alis_google_spanner_database_iam_binding` and `alis_google_spanner_database_iam_member` or they will fight over what your policy should be.
> In addition, be careful not to accidentally unset ownership of the table as google_bigtable_table_iam_policy replaces the entire policy.
> [!WARNING]
> `alis_google_spanner_database_iam_binding` resources can be used in conjunction with `alis_google_spanner_database_iam_member` resources only if they do not grant privilege to the same role.
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `database` (String)
- `instance` (String)
- `members` (List of String)
- `members` (List of String) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
- allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:{emailId}: An email address that represents a specific Google account.
- serviceAccount:{emailId}: An email address that represents a service account.
- group:{emailId}: An email address that represents a Google group.
- domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- `project` (String)
- `role` (String)
- `role` (String) The role that should be applied. Only one `alis_google_spanner_database_iam_binding` can be used per role.
Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`
22 changes: 18 additions & 4 deletions docs/resources/google_spanner_database_iam_member.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@
page_title: "alis_google_spanner_database_iam_member Resource - alis"
subcategory: ""
description: |-
Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.
---

# alis_google_spanner_database_iam_member (Resource)


Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.

## Example Usage

Expand Down Expand Up @@ -39,13 +39,27 @@ output "test_iam" {
}
```

> [!WARNING]
> `alis_google_spanner_database_iam_policy` cannot be used in conjunction with `alis_google_spanner_database_iam_binding` and `alis_google_spanner_database_iam_member` or they will fight over what your policy should be.
> In addition, be careful not to accidentally unset ownership of the table as google_bigtable_table_iam_policy replaces the entire policy.
> [!WARNING]
> `alis_google_spanner_database_iam_binding` resources can be used in conjunction with `alis_google_spanner_database_iam_member` resources only if they do not grant privilege to the same role.
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `database` (String)
- `instance` (String)
- `member` (String)
- `member` (String) Identity that will be granted the privilege in `role`. Can have one of the following values:
- allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
- allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:{emailId}: An email address that represents a specific Google account.
- serviceAccount:{emailId}: An email address that represents a service account.
- group:{emailId}: An email address that represents a Google group.
- domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- `project` (String)
- `role` (String)
- `role` (String) The role that should be applied. Only one `alis_google_spanner_database_iam_binding` can be used per role.
Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`
30 changes: 22 additions & 8 deletions docs/resources/google_spanner_database_iam_policy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@
page_title: "alis_google_spanner_database_iam_policy Resource - alis"
subcategory: ""
description: |-
Authoritative. Sets the IAM policy for the databases and replaces any existing policy already attached.
---

# alis_google_spanner_database_iam_policy (Resource)


Authoritative. Sets the IAM policy for the databases and replaces any existing policy already attached.

## Example Usage

Expand Down Expand Up @@ -45,20 +45,34 @@ output "test_iam" {
}
```

> [!WARNING]
> `alis_google_spanner_database_iam_policy` cannot be used in conjunction with `alis_google_spanner_database_iam_binding` and `alis_google_spanner_database_iam_member` or they will fight over what your policy should be.
> In addition, be careful not to accidentally unset ownership of the table as google_bigtable_table_iam_policy replaces the entire policy.
> [!WARNING]
> `alis_google_spanner_database_iam_binding` resources can be used in conjunction with `alis_google_spanner_database_iam_member` resources only if they do not grant privilege to the same role.
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `bindings` (Attributes List) (see [below for nested schema](#nestedatt--bindings))
- `database` (String)
- `instance` (String)
- `project` (String)
- `bindings` (Attributes List) IAM policy bindings to be set on the database. (see [below for nested schema](#nestedatt--bindings))
- `database` (String) The Spanner database ID.
- `instance` (String) The Spanner instance ID.
- `project` (String) The Google Cloud project ID.

<a id="nestedatt--bindings"></a>
### Nested Schema for `bindings`

Required:

- `members` (List of String)
- `role` (String)
- `members` (List of String) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
- allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:{emailId}: An email address that represents a specific Google account.
- serviceAccount:{emailId}: An email address that represents a service account.
- group:{emailId}: An email address that represents a Google group.
- domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- `role` (String) The role that should be applied. Only one `alis_google_spanner_database_iam_binding` can be used per role.
Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`
Loading

0 comments on commit e0ec15e

Please sign in to comment.