IAM: permissions groups

[fehrnah]

Description

Add support for the now available permissions_groups for the IAM.
This means supporting them in the policies and adding them as datasource and resource.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (improve existing resource(s) or datasource(s))
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• make testacc TESTARGS="-run TestAccIamPerm.*"

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings or issues
• I have added acceptance tests that prove my fix is effective or that my feature works
• New and existing acceptance tests pass locally with my changes
• I ran succesfully go mod vendor if I added or modify go.mod file

[Stoakes]

I found it was a good thing to have at least one example with a wildcard.

That illustrated that this field could take several values.

Thus I would keep at least a mention of wildcard (and thus either change the policy name or add a second one in example)

[Stoakes]

Suggested change

	* `permissions_group` - Set of permissions group that apply to the policy.
	* `permissions_group` - Set of permissions included in the policy. (They are overriden by allow, except & deny fields)

I would also detail how the permission group behaves compared to the allow, except & deny fields in the policy (suggestion between parenthesis above)

[Stoakes]

I find the wording surprising. Especially because a permission group doesn't reference a permission group

What about

Suggested change

	* `deny` - Set of actions that will be denied no matter what permissions group exists.
	* `deny` - Set of actions that will be denied no matter what permissions are defined in the permission group or policies using it.

[Stoakes]

Suggested change

	* `read_only` - Indicates that the permissions group is a default one.
	* `read_only` - Indicates that this is a default permission group, managed by OVHcloud.