From d32fafe7ee605221fadc411dd8f6d3192340ec6b Mon Sep 17 00:00:00 2001 From: uturunku1 Date: Wed, 19 Jul 2023 09:05:50 -0700 Subject: [PATCH 1/3] Rebased onto a local branch From 1dda9363076e65505be4120a122ca1b5d2a25e3f Mon Sep 17 00:00:00 2001 From: uturunku1 Date: Mon, 7 Aug 2023 13:41:38 -0700 Subject: [PATCH 2/3] prep for release 0.48.0 --- CHANGELOG.md | 5 +++-- README.md | 4 ++-- website/docs/cdktf/csharp/index.html.markdown | 6 +++--- website/docs/cdktf/go/index.html.markdown | 6 +++--- website/docs/cdktf/java/index.html.markdown | 6 +++--- website/docs/cdktf/python/index.html.markdown | 6 +++--- website/docs/cdktf/typescript/index.html.markdown | 6 +++--- website/docs/index.html.markdown | 6 +++--- 8 files changed, 23 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b8a6ccda5..1fa211b3b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ## Unreleased +## v0.48.0 (August 7, 2023) + BUG FIXES: * `r/tfe_workspace`: Fix panic when updating `trigger_patterns` attribute, by @liamstevens [969](https://github.com/hashicorp/terraform-provider-tfe/pull/969) * `r/tfe_admin_organization_settings`: Allow reprovisioning when the parent organization has been deleted, by @ctrombley [982](https://github.com/hashicorp/terraform-provider-tfe/pull/982) @@ -14,8 +16,7 @@ various customizable permissions options to apply to a project and all of the wo * `d/team_project_access`: Add a `custom` option to the `access` attribute as well as `project_access` and `workspace_access` attributes, by @rberecka [983](https://github.com/hashicorp/terraform-provider-tfe/pull/983) NOTES: -* The provider is now using go-tfe [v1.30.0](https://github.com/hashicorp/go-tfe/releases/tag/v1.30.0), by @karvounis-form3 [970](https://github.com/hashicorp/terraform-provider-tfe/pull/970) - +* The provider is now using go-tfe [v1.32.0](https://github.com/hashicorp/go-tfe/releases/tag/v1.32.0) ## v0.47.0 (July 18, 2023) FEATURES: diff --git a/README.md b/README.md index d87454c57..08a591e39 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Declare the provider in your configuration and `terraform init` will automatical terraform { required_providers { tfe = { - version = "~> 0.46.0" + version = "~> 0.48.0" } } } @@ -45,7 +45,7 @@ The above snippet using `required_providers` is for Terraform 0.13+; if you are ```hcl provider "tfe" { - version = "~> 0.46.0" + version = "~> 0.48.0" ... } ``` diff --git a/website/docs/cdktf/csharp/index.html.markdown b/website/docs/cdktf/csharp/index.html.markdown index ada9e0e4c..bb644401b 100644 --- a/website/docs/cdktf/csharp/index.html.markdown +++ b/website/docs/cdktf/csharp/index.html.markdown @@ -75,7 +75,7 @@ automatically installed by `terraform init` in the future: terraform { required_providers { tfe = { - version = "~> 0.46.0" + version = "~> 0.48.0" } } } @@ -88,7 +88,7 @@ The above snippet using `RequiredProviders` is for Terraform 0.13+; if you are u ```hcl provider "tfe" { - version = "~> 0.46.0" + version = "~> 0.48.0" ... } ``` @@ -101,7 +101,7 @@ For more information on provider installation and constraining provider versions provider "tfe" { hostname = var.hostname # Optional, defaults to Terraform Cloud `AppTerraformIo` token = var.token - version = "~> 0.46.0" + version = "~> 0.48.0" } # Create an organization diff --git a/website/docs/cdktf/go/index.html.markdown b/website/docs/cdktf/go/index.html.markdown index ada9e0e4c..bb644401b 100644 --- a/website/docs/cdktf/go/index.html.markdown +++ b/website/docs/cdktf/go/index.html.markdown @@ -75,7 +75,7 @@ automatically installed by `terraform init` in the future: terraform { required_providers { tfe = { - version = "~> 0.46.0" + version = "~> 0.48.0" } } } @@ -88,7 +88,7 @@ The above snippet using `RequiredProviders` is for Terraform 0.13+; if you are u ```hcl provider "tfe" { - version = "~> 0.46.0" + version = "~> 0.48.0" ... } ``` @@ -101,7 +101,7 @@ For more information on provider installation and constraining provider versions provider "tfe" { hostname = var.hostname # Optional, defaults to Terraform Cloud `AppTerraformIo` token = var.token - version = "~> 0.46.0" + version = "~> 0.48.0" } # Create an organization diff --git a/website/docs/cdktf/java/index.html.markdown b/website/docs/cdktf/java/index.html.markdown index 15cc8fe26..34c2e580c 100644 --- a/website/docs/cdktf/java/index.html.markdown +++ b/website/docs/cdktf/java/index.html.markdown @@ -75,7 +75,7 @@ automatically installed by `terraform init` in the future: terraform { required_providers { tfe = { - version = "~> 0.46.0" + version = "~> 0.48.0" } } } @@ -88,7 +88,7 @@ The above snippet using `requiredProviders` is for Terraform 0.13+; if you are u ```hcl provider "tfe" { - version = "~> 0.46.0" + version = "~> 0.48.0" ... } ``` @@ -101,7 +101,7 @@ For more information on provider installation and constraining provider versions provider "tfe" { hostname = var.hostname # Optional, defaults to Terraform Cloud `appTerraformIo` token = var.token - version = "~> 0.46.0" + version = "~> 0.48.0" } # Create an organization diff --git a/website/docs/cdktf/python/index.html.markdown b/website/docs/cdktf/python/index.html.markdown index 216ea6ea9..9e74ddffb 100644 --- a/website/docs/cdktf/python/index.html.markdown +++ b/website/docs/cdktf/python/index.html.markdown @@ -75,7 +75,7 @@ automatically installed by `terraform init` in the future: terraform { required_providers { tfe = { - version = "~> 0.46.0" + version = "~> 0.48.0" } } } @@ -88,7 +88,7 @@ The above snippet using `required_providers` is for Terraform 0.13+; if you are ```hcl provider "tfe" { - version = "~> 0.46.0" + version = "~> 0.48.0" ... } ``` @@ -101,7 +101,7 @@ For more information on provider installation and constraining provider versions provider "tfe" { hostname = var.hostname # Optional, defaults to Terraform Cloud `app.terraform.io` token = var.token - version = "~> 0.46.0" + version = "~> 0.48.0" } # Create an organization diff --git a/website/docs/cdktf/typescript/index.html.markdown b/website/docs/cdktf/typescript/index.html.markdown index 15cc8fe26..34c2e580c 100644 --- a/website/docs/cdktf/typescript/index.html.markdown +++ b/website/docs/cdktf/typescript/index.html.markdown @@ -75,7 +75,7 @@ automatically installed by `terraform init` in the future: terraform { required_providers { tfe = { - version = "~> 0.46.0" + version = "~> 0.48.0" } } } @@ -88,7 +88,7 @@ The above snippet using `requiredProviders` is for Terraform 0.13+; if you are u ```hcl provider "tfe" { - version = "~> 0.46.0" + version = "~> 0.48.0" ... } ``` @@ -101,7 +101,7 @@ For more information on provider installation and constraining provider versions provider "tfe" { hostname = var.hostname # Optional, defaults to Terraform Cloud `appTerraformIo` token = var.token - version = "~> 0.46.0" + version = "~> 0.48.0" } # Create an organization diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 2d8c93949..6657cc99c 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -75,7 +75,7 @@ automatically installed by `terraform init` in the future: terraform { required_providers { tfe = { - version = "~> 0.46.0" + version = "~> 0.48.0" } } } @@ -88,7 +88,7 @@ The above snippet using `required_providers` is for Terraform 0.13+; if you are ```hcl provider "tfe" { - version = "~> 0.46.0" + version = "~> 0.48.0" ... } ``` @@ -101,7 +101,7 @@ For more information on provider installation and constraining provider versions provider "tfe" { hostname = var.hostname # Optional, defaults to Terraform Cloud `app.terraform.io` token = var.token - version = "~> 0.46.0" + version = "~> 0.48.0" } # Create an organization From 8a140d1c88b06f61fcb945055b3a3f959ee00f18 Mon Sep 17 00:00:00 2001 From: uturunku1 Date: Mon, 7 Aug 2023 20:58:07 +0000 Subject: [PATCH 3/3] cdktf: update documentation --- .../cdktf/csharp/d/policy_set.html.markdown | 5 +- .../csharp/d/saml_settings.html.markdown | 67 +++++++++++++ website/docs/cdktf/csharp/index.html.markdown | 4 +- .../csharp/r/project_policy_set.html.markdown | 60 ++++++++++++ .../csharp/r/saml_settings.html.markdown | 67 +++++++++++++ .../r/team_project_access.html.markdown | 81 +++++++++++++++- .../docs/cdktf/go/d/policy_set.html.markdown | 5 +- .../cdktf/go/d/saml_settings.html.markdown | 67 +++++++++++++ website/docs/cdktf/go/index.html.markdown | 4 +- .../go/r/project_policy_set.html.markdown | 60 ++++++++++++ .../cdktf/go/r/saml_settings.html.markdown | 67 +++++++++++++ .../go/r/team_project_access.html.markdown | 94 ++++++++++++++++++- .../cdktf/java/d/policy_set.html.markdown | 5 +- .../cdktf/java/d/saml_settings.html.markdown | 67 +++++++++++++ website/docs/cdktf/java/index.html.markdown | 4 +- .../java/r/project_policy_set.html.markdown | 60 ++++++++++++ .../cdktf/java/r/saml_settings.html.markdown | 67 +++++++++++++ .../java/r/team_project_access.html.markdown | 80 +++++++++++++++- .../cdktf/python/d/policy_set.html.markdown | 5 +- .../python/d/saml_settings.html.markdown | 67 +++++++++++++ website/docs/cdktf/python/index.html.markdown | 4 +- .../python/r/project_policy_set.html.markdown | 60 ++++++++++++ .../python/r/saml_settings.html.markdown | 67 +++++++++++++ .../r/team_project_access.html.markdown | 80 +++++++++++++++- .../typescript/d/policy_set.html.markdown | 5 +- .../typescript/d/saml_settings.html.markdown | 67 +++++++++++++ .../docs/cdktf/typescript/index.html.markdown | 4 +- .../r/project_policy_set.html.markdown | 60 ++++++++++++ .../typescript/r/saml_settings.html.markdown | 67 +++++++++++++ .../r/team_project_access.html.markdown | 85 ++++++++++++++++- 30 files changed, 1413 insertions(+), 22 deletions(-) create mode 100644 website/docs/cdktf/csharp/d/saml_settings.html.markdown create mode 100644 website/docs/cdktf/csharp/r/project_policy_set.html.markdown create mode 100644 website/docs/cdktf/csharp/r/saml_settings.html.markdown create mode 100644 website/docs/cdktf/go/d/saml_settings.html.markdown create mode 100644 website/docs/cdktf/go/r/project_policy_set.html.markdown create mode 100644 website/docs/cdktf/go/r/saml_settings.html.markdown create mode 100644 website/docs/cdktf/java/d/saml_settings.html.markdown create mode 100644 website/docs/cdktf/java/r/project_policy_set.html.markdown create mode 100644 website/docs/cdktf/java/r/saml_settings.html.markdown create mode 100644 website/docs/cdktf/python/d/saml_settings.html.markdown create mode 100644 website/docs/cdktf/python/r/project_policy_set.html.markdown create mode 100644 website/docs/cdktf/python/r/saml_settings.html.markdown create mode 100644 website/docs/cdktf/typescript/d/saml_settings.html.markdown create mode 100644 website/docs/cdktf/typescript/r/project_policy_set.html.markdown create mode 100644 website/docs/cdktf/typescript/r/saml_settings.html.markdown diff --git a/website/docs/cdktf/csharp/d/policy_set.html.markdown b/website/docs/cdktf/csharp/d/policy_set.html.markdown index 8e750a49c..3dc0b6cb5 100644 --- a/website/docs/cdktf/csharp/d/policy_set.html.markdown +++ b/website/docs/cdktf/csharp/d/policy_set.html.markdown @@ -5,6 +5,8 @@ description: |- Get information on organization policy sets. --- + + # Data Source: tfe_policy_set This data source is used to retrieve a policy set defined in a specified organization. @@ -48,6 +50,7 @@ The following arguments are supported: * `Kind` - The policy-as-code framework for the policy. Valid values are "sentinel" and "opa". * `Overridable` - Whether users can override this policy when it fails during a run. Only valid for OPA policies. * `WorkspaceIds` - IDs of the workspaces that use the policy set. +* `ProjectIds` - IDs of the projects that use the policy set. * `PolicyIds` - IDs of the policies attached to the policy set. * `PoliciesPath` - The sub-path within the attached VCS repository when using `VcsRepo`. * `VcsRepo` - Settings for the workspace's VCS repository. @@ -63,4 +66,4 @@ The `VcsRepo` block contains: * `OauthTokenId` - OAuth token ID of the configured VCS connection. - \ No newline at end of file + \ No newline at end of file diff --git a/website/docs/cdktf/csharp/d/saml_settings.html.markdown b/website/docs/cdktf/csharp/d/saml_settings.html.markdown new file mode 100644 index 000000000..6e5ac822e --- /dev/null +++ b/website/docs/cdktf/csharp/d/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Get information on SAML Settings. +--- + + + +# Data Source: tfe_saml_settings + +Use this data source to get information about SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + + +## Example Usage + +Basic usage: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.token +} + +provider "tfe" { + alias = "admin" + hostname = var.hostname + token = var.admin_token +} + +data "tfe_saml_settings" "foo" { + provider = tfe.admin +} +``` + +## Argument Reference + +No arguments are required for this data source. + +## Attributes Reference + +The following attributes are exported: + +* `Id` - It is always `Saml`. +* `Enabled` - Whether SAML single sign-on is enabled. +* `Debug` - Whether debug mode is enabled, which means that the SAMLResponse XML will be displayed on the login page. +* `TeamManagementEnabled` - Whether Terraform Enterprise is set to manage team membership. +* `AuthnRequestsSigned` - Whether `` messages are signed. +* `WantAssertionsSigned` - Whether `` elements are signed. +* `IdpCert` - PEM encoded X.509 Certificate as provided by the IdP configuration. +* `OldIdpCert` - Previous version of the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `SloEndpointUrl` - Single Log Out URL. +* `SsoEndpointUrl` - Single Sign On URL. +* `AttrUsername` - Name of the SAML attribute that determines the user's username. +* `AttrGroups` - Name of the SAML attribute that determines team membership. +* `AttrSiteAdmin` - Site admin access role. +* `SiteAdminRole` - Site admin access role. +* `SsoApiTokenSessionTimeout` - Single Sign On session timeout in seconds. +* `AcsConsumerUrl` - ACS Consumer (Recipient) URL. +* `MetadataUrl` - Metadata (Audience) URL. +* `Certificate` - Request and assertion signing certificate. +* `Certificate` - Request and assertion signing certificate. +* `PrivateKey` - The private key used for request and assertion signing. +* `SignatureSigningMethod` - Signature Signing Method. +* `SignatureDigestMethod` - Signature Digest Method. + + \ No newline at end of file diff --git a/website/docs/cdktf/csharp/index.html.markdown b/website/docs/cdktf/csharp/index.html.markdown index bb644401b..dd0c0d541 100644 --- a/website/docs/cdktf/csharp/index.html.markdown +++ b/website/docs/cdktf/csharp/index.html.markdown @@ -5,6 +5,8 @@ description: |- Provision Terraform Cloud or Terraform Enterprise - with Terraform! Management of organizations, workspaces, teams, variables, run triggers, policy sets, and more. Maintained by the Terraform Cloud team at HashiCorp. --- + + # Terraform Cloud/Enterprise Provider This provider is used to interact with the many resources supported by @@ -127,4 +129,4 @@ The following arguments are supported: arguments. Ensure that the organization already exists prior to using this argument. This can also be specified using the `TfeOrganization` environment variable. - + \ No newline at end of file diff --git a/website/docs/cdktf/csharp/r/project_policy_set.html.markdown b/website/docs/cdktf/csharp/r/project_policy_set.html.markdown new file mode 100644 index 000000000..c0d5afba0 --- /dev/null +++ b/website/docs/cdktf/csharp/r/project_policy_set.html.markdown @@ -0,0 +1,60 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_project_policy_set" +description: |- + Add a policy set to a project +--- + + + +# tfe_project_policy_set + +Adds and removes policy sets from a project + +## Example Usage + +Basic usage: + +```hcl +resource "tfe_organization" "test" { + name = "my-org-name" + email = "admin@company.com" +} + +resource "tfe_project" "test" { + name = "my-project-name" + organization = tfe_organization.test.name +} + +resource "tfe_policy_set" "test" { + name = "my-policy-set" + description = "Some description." + organization = tfe_organization.test.name +} + +resource "tfe_project_policy_set" "test" { + policy_set_id = tfe_policy_set.test.id + project_id = tfe_project.test.id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `PolicySetId` - (Required) ID of the policy set. +* `ProjectId` - (Required) Project ID to add the policy set to. + +## Attributes Reference + +* `Id` - The ID of the policy set attachment. ID format: `_` + +## Import + +Project Policy Sets can be imported; use `//`. For example: + +```shell +terraform import tfe_project_policy_set.test 'my-org-name/project/policy-set-name' +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/csharp/r/saml_settings.html.markdown b/website/docs/cdktf/csharp/r/saml_settings.html.markdown new file mode 100644 index 000000000..70438791b --- /dev/null +++ b/website/docs/cdktf/csharp/r/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Manages SAML Settings. +--- + + + +# tfe_saml_settings + +Use this resource to create, update and destroy SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + +## Example Usage + +Basic usage for SAML Settings: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.admin_token +} + +resource "tfe_saml_settings" "this" { + idp_cert = "foobarCertificate" + slo_endpoint_url = "https://example.com/slo_endpoint_url" + sso_endpoint_url = "https://example.com/sso_endpoint_url" + } +``` + +## Argument Reference + +The following arguments are supported: + +* `IdpCert` - (Required) Identity Provider Certificate specifies the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `SloEndpointUrl` - (Required) Single Log Out URL specifies the HTTPS endpoint on your IdP for single logout requests. This value is provided by the IdP configuration. +* `SsoEndpointUrl` - (Required) Single Sign On URL specifies the HTTPS endpoint on your IdP for single sign-on requests. This value is provided by the IdP configuration. +* `Debug` - (Optional) When sign-on fails and this is enabled, the SAMLResponse XML will be displayed on the login page. +* `AuthnRequestsSigned` - (Optional) Whether to ensure that `` messages are signed. +* `WantAssertionsSigned` - (Optional) Whether to ensure that `` elements are signed. +* `TeamManagementEnabled` - (Optional) Set it to false if you would rather use Terraform Enterprise to manage team membership. +* `AttrUsername` - (Optional) Username Attribute Name specifies the name of the SAML attribute that determines the user's username. +* `AttrSiteAdmin` - (Optional) Specifies the role for site admin access. Overrides the `Site Admin Role` method. +* `AttrGroups` - (Optional) Team Attribute Name specifies the name of the SAML attribute that determines team membership. +* `SiteAdminRole` - (Optional) Specifies the role for site admin access, provided in the list of roles sent in the Team Attribute Name attribute. +* `SsoApiTokenSessionTimeout` - (Optional) Specifies the Single Sign On session timeout in seconds. Defaults to 14 days. +* `Certificate` - (Optional) The certificate used for request and assertion signing. +* `PrivateKey` - (Optional) The private key used for request and assertion signing. +* `SignatureSigningMethod` - (Optional) Signature Signing Method. Must be either `Sha1` or `Sha256`. Defaults to `Sha256`. +* `SignatureDigestMethod` - (Optional) Signature Digest Method. Must be either `Sha1` or `Sha256`. Defaults to `Sha256`. + +## Attributes Reference + +* `Id` - The ID of the SAML Settings. Always `Saml`. +* `AcsConsumerUrl` - ACS Consumer (Recipient) URL. +* `MetadataUrl` - Metadata (Audience) URL. +* `OldIdpCert` - Value of the old IDP Certificate. + +## Import + +SAML Settings can be imported. + +```shell +terraform import tfe_saml_settings.this saml +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/csharp/r/team_project_access.html.markdown b/website/docs/cdktf/csharp/r/team_project_access.html.markdown index e5958ac93..834c8e8b5 100644 --- a/website/docs/cdktf/csharp/r/team_project_access.html.markdown +++ b/website/docs/cdktf/csharp/r/team_project_access.html.markdown @@ -5,6 +5,8 @@ description: |- Associate a team to permissions on a project. --- + + # tfe_team_project_access Associate a team to permissions on a project. @@ -49,7 +51,82 @@ The following arguments are supported: * `TeamId` - (Required) ID of the team to add to the project. * `ProjectId` - (Required) ID of the project to which the team will be added. -* `Access` - (Required) Type of fixed access to grant. Valid values are `Admin`, `Maintain`, `Write`, or `Read`. +* `Access` - (Required) Type of fixed access to grant. Valid values are `Admin`, `Maintain`, `Write`, `Read`, or `Custom`. + +## Custom Access + +If using `Custom` for `Access`, you can set the levels of individual permissions +that affect the project itself and all workspaces in the project, by using `ProjectAccess` and `WorkspaceAccess` arguments and their associated permission attributes. When using custom access, if attributes are not set they will be given a default value. Some permissions have values that are specific "strings" that denote the level of the permission, while other permissions are simple booleans. + +The following permissions apply to the project itself. + +| project-access | Description, Default, Valid Values | +|---------------------|---------------------------------------------| +| `Settings` | The permission to grant for the project's settings. Default: `Read`. Valid strings: `Read`, `Update`, or `Delete` | +| `Teams` | The permission to grant for the project's teams. Default: `None`, Valid strings: `None`, `Read`, or `Manage` | + + + + + +The following permissions apply to all workpsaces (and future workspaces) in the project. + +| workspace-access | Description, Default, Valid Values | +|----------------------|-------------------------------------------------------| +| `Runs` | The permission to grant project's workspaces' runs. Default: `Read`. Valid strings: `Read`, `Plan`, or `Apply`. | +| `SentinelMocks` | The permission to grant project's workspaces' Sentinel mocks. Default: `None`. Valid strings: `None`, or `Read`. | +| `StateVersions` | The permission to grant project's workspaces' state versions. Default: `None` Valid strings: `None`, `ReadOutputs`, `Read`, or `Write`.| +| `Variables` | The permission to grant project's workspaces' variables. Default `None`. Valid strings: `None`, `Read`, or `Write`. | +| `Create` | The permission to create project's workspaces in the project. Default: `False`. Valid booleans `True`, `False` | +| `Locking` | The permission to manually lock or unlock the project's workspaces. Default `False`. Valid booleans `True`, `False` | +| `Delete` | The permission to delete the project's workspaces. Default: `False`. Valid booleans: `True`, `False` | +| `Move` | This permission to move workspaces into and out of the project. The team must also have permissions to the project(s) receiving the the workspace(s). Default: `False`. Valid booleans: `True`, `False` | +| `RunTasks` | The permission to manage run tasks within the project's workspaces. Default `False`. Valid booleans: `True`, `False` | + + +## Example Usage with Custom Project Permissions + +```csharp +using Constructs; +using HashiCorp.Cdktf; +/*Provider bindings are generated by running cdktf get. +See https://cdk.tf/provider-generation for more details.*/ +using Gen.Providers.Tfe; +class MyConvertedCode : TerraformStack +{ + public MyConvertedCode(Construct scope, string name) : base(scope, name) + { + var tfeProjectTest = new Project.Project(this, "test", new ProjectConfig { + Name = "myproject", + Organization = "my-org-name" + }); + var tfeTeamDev = new Team.Team(this, "dev", new TeamConfig { + Name = "my-dev-team", + Organization = "my-org-name" + }); + new TeamProjectAccess.TeamProjectAccess(this, "custom", new TeamProjectAccessConfig { + Access = "custom", + ProjectAccess = new [] { new Struct { + Settings = "read", + Teams = "none" + } }, + ProjectId = Token.AsString(tfeProjectTest.Id), + TeamId = Token.AsString(tfeTeamDev.Id), + WorkspaceAccess = new [] { new Struct { + Create = true, + Delete = false, + Locking = true, + Move = false, + RunTasks = false, + Runs = "apply", + SentinelMocks = "none", + StateVersions = "write", + Variables = "write" + } } + }); + } +} +``` ## Attributes Reference @@ -64,4 +141,4 @@ example: terraform import tfe_team_project_access.admin tprj-2pmtXpZa4YzVMTPi ``` - \ No newline at end of file + \ No newline at end of file diff --git a/website/docs/cdktf/go/d/policy_set.html.markdown b/website/docs/cdktf/go/d/policy_set.html.markdown index 4e69e3e4d..7f8b92d21 100644 --- a/website/docs/cdktf/go/d/policy_set.html.markdown +++ b/website/docs/cdktf/go/d/policy_set.html.markdown @@ -5,6 +5,8 @@ description: |- Get information on organization policy sets. --- + + # Data Source: tfe_policy_set This data source is used to retrieve a policy set defined in a specified organization. @@ -51,6 +53,7 @@ The following arguments are supported: * `Kind` - The policy-as-code framework for the policy. Valid values are "sentinel" and "opa". * `Overridable` - Whether users can override this policy when it fails during a run. Only valid for OPA policies. * `WorkspaceIds` - IDs of the workspaces that use the policy set. +* `ProjectIds` - IDs of the projects that use the policy set. * `PolicyIds` - IDs of the policies attached to the policy set. * `PoliciesPath` - The sub-path within the attached VCS repository when using `VcsRepo`. * `VcsRepo` - Settings for the workspace's VCS repository. @@ -66,4 +69,4 @@ The `VcsRepo` block contains: * `OauthTokenId` - OAuth token ID of the configured VCS connection. - \ No newline at end of file + \ No newline at end of file diff --git a/website/docs/cdktf/go/d/saml_settings.html.markdown b/website/docs/cdktf/go/d/saml_settings.html.markdown new file mode 100644 index 000000000..6e5ac822e --- /dev/null +++ b/website/docs/cdktf/go/d/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Get information on SAML Settings. +--- + + + +# Data Source: tfe_saml_settings + +Use this data source to get information about SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + + +## Example Usage + +Basic usage: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.token +} + +provider "tfe" { + alias = "admin" + hostname = var.hostname + token = var.admin_token +} + +data "tfe_saml_settings" "foo" { + provider = tfe.admin +} +``` + +## Argument Reference + +No arguments are required for this data source. + +## Attributes Reference + +The following attributes are exported: + +* `Id` - It is always `Saml`. +* `Enabled` - Whether SAML single sign-on is enabled. +* `Debug` - Whether debug mode is enabled, which means that the SAMLResponse XML will be displayed on the login page. +* `TeamManagementEnabled` - Whether Terraform Enterprise is set to manage team membership. +* `AuthnRequestsSigned` - Whether `` messages are signed. +* `WantAssertionsSigned` - Whether `` elements are signed. +* `IdpCert` - PEM encoded X.509 Certificate as provided by the IdP configuration. +* `OldIdpCert` - Previous version of the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `SloEndpointUrl` - Single Log Out URL. +* `SsoEndpointUrl` - Single Sign On URL. +* `AttrUsername` - Name of the SAML attribute that determines the user's username. +* `AttrGroups` - Name of the SAML attribute that determines team membership. +* `AttrSiteAdmin` - Site admin access role. +* `SiteAdminRole` - Site admin access role. +* `SsoApiTokenSessionTimeout` - Single Sign On session timeout in seconds. +* `AcsConsumerUrl` - ACS Consumer (Recipient) URL. +* `MetadataUrl` - Metadata (Audience) URL. +* `Certificate` - Request and assertion signing certificate. +* `Certificate` - Request and assertion signing certificate. +* `PrivateKey` - The private key used for request and assertion signing. +* `SignatureSigningMethod` - Signature Signing Method. +* `SignatureDigestMethod` - Signature Digest Method. + + \ No newline at end of file diff --git a/website/docs/cdktf/go/index.html.markdown b/website/docs/cdktf/go/index.html.markdown index bb644401b..dd0c0d541 100644 --- a/website/docs/cdktf/go/index.html.markdown +++ b/website/docs/cdktf/go/index.html.markdown @@ -5,6 +5,8 @@ description: |- Provision Terraform Cloud or Terraform Enterprise - with Terraform! Management of organizations, workspaces, teams, variables, run triggers, policy sets, and more. Maintained by the Terraform Cloud team at HashiCorp. --- + + # Terraform Cloud/Enterprise Provider This provider is used to interact with the many resources supported by @@ -127,4 +129,4 @@ The following arguments are supported: arguments. Ensure that the organization already exists prior to using this argument. This can also be specified using the `TfeOrganization` environment variable. - + \ No newline at end of file diff --git a/website/docs/cdktf/go/r/project_policy_set.html.markdown b/website/docs/cdktf/go/r/project_policy_set.html.markdown new file mode 100644 index 000000000..c0d5afba0 --- /dev/null +++ b/website/docs/cdktf/go/r/project_policy_set.html.markdown @@ -0,0 +1,60 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_project_policy_set" +description: |- + Add a policy set to a project +--- + + + +# tfe_project_policy_set + +Adds and removes policy sets from a project + +## Example Usage + +Basic usage: + +```hcl +resource "tfe_organization" "test" { + name = "my-org-name" + email = "admin@company.com" +} + +resource "tfe_project" "test" { + name = "my-project-name" + organization = tfe_organization.test.name +} + +resource "tfe_policy_set" "test" { + name = "my-policy-set" + description = "Some description." + organization = tfe_organization.test.name +} + +resource "tfe_project_policy_set" "test" { + policy_set_id = tfe_policy_set.test.id + project_id = tfe_project.test.id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `PolicySetId` - (Required) ID of the policy set. +* `ProjectId` - (Required) Project ID to add the policy set to. + +## Attributes Reference + +* `Id` - The ID of the policy set attachment. ID format: `_` + +## Import + +Project Policy Sets can be imported; use `//`. For example: + +```shell +terraform import tfe_project_policy_set.test 'my-org-name/project/policy-set-name' +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/go/r/saml_settings.html.markdown b/website/docs/cdktf/go/r/saml_settings.html.markdown new file mode 100644 index 000000000..70438791b --- /dev/null +++ b/website/docs/cdktf/go/r/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Manages SAML Settings. +--- + + + +# tfe_saml_settings + +Use this resource to create, update and destroy SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + +## Example Usage + +Basic usage for SAML Settings: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.admin_token +} + +resource "tfe_saml_settings" "this" { + idp_cert = "foobarCertificate" + slo_endpoint_url = "https://example.com/slo_endpoint_url" + sso_endpoint_url = "https://example.com/sso_endpoint_url" + } +``` + +## Argument Reference + +The following arguments are supported: + +* `IdpCert` - (Required) Identity Provider Certificate specifies the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `SloEndpointUrl` - (Required) Single Log Out URL specifies the HTTPS endpoint on your IdP for single logout requests. This value is provided by the IdP configuration. +* `SsoEndpointUrl` - (Required) Single Sign On URL specifies the HTTPS endpoint on your IdP for single sign-on requests. This value is provided by the IdP configuration. +* `Debug` - (Optional) When sign-on fails and this is enabled, the SAMLResponse XML will be displayed on the login page. +* `AuthnRequestsSigned` - (Optional) Whether to ensure that `` messages are signed. +* `WantAssertionsSigned` - (Optional) Whether to ensure that `` elements are signed. +* `TeamManagementEnabled` - (Optional) Set it to false if you would rather use Terraform Enterprise to manage team membership. +* `AttrUsername` - (Optional) Username Attribute Name specifies the name of the SAML attribute that determines the user's username. +* `AttrSiteAdmin` - (Optional) Specifies the role for site admin access. Overrides the `Site Admin Role` method. +* `AttrGroups` - (Optional) Team Attribute Name specifies the name of the SAML attribute that determines team membership. +* `SiteAdminRole` - (Optional) Specifies the role for site admin access, provided in the list of roles sent in the Team Attribute Name attribute. +* `SsoApiTokenSessionTimeout` - (Optional) Specifies the Single Sign On session timeout in seconds. Defaults to 14 days. +* `Certificate` - (Optional) The certificate used for request and assertion signing. +* `PrivateKey` - (Optional) The private key used for request and assertion signing. +* `SignatureSigningMethod` - (Optional) Signature Signing Method. Must be either `Sha1` or `Sha256`. Defaults to `Sha256`. +* `SignatureDigestMethod` - (Optional) Signature Digest Method. Must be either `Sha1` or `Sha256`. Defaults to `Sha256`. + +## Attributes Reference + +* `Id` - The ID of the SAML Settings. Always `Saml`. +* `AcsConsumerUrl` - ACS Consumer (Recipient) URL. +* `MetadataUrl` - Metadata (Audience) URL. +* `OldIdpCert` - Value of the old IDP Certificate. + +## Import + +SAML Settings can be imported. + +```shell +terraform import tfe_saml_settings.this saml +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/go/r/team_project_access.html.markdown b/website/docs/cdktf/go/r/team_project_access.html.markdown index 778d3b25e..e12a99221 100644 --- a/website/docs/cdktf/go/r/team_project_access.html.markdown +++ b/website/docs/cdktf/go/r/team_project_access.html.markdown @@ -5,6 +5,8 @@ description: |- Associate a team to permissions on a project. --- + + # tfe_team_project_access Associate a team to permissions on a project. @@ -39,8 +41,8 @@ func newMyConvertedCode(scope construct, name *string) *myConvertedCode { tfeTeamProjectAccessAdmin := teamProjectAccess.NewTeamProjectAccess(this, jsii.String("admin_2"), &teamProjectAccessConfig{ access: jsii.String("admin"), - projectId: cdktf.*token_AsString(tfeProjectTest.id), - teamId: cdktf.*token_*AsString(tfeTeamAdmin.id), + projectId: cdktf.Token_AsString(tfeProjectTest.id), + teamId: cdktf.Token_*AsString(tfeTeamAdmin.id), }) /*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/ tfeTeamProjectAccessAdmin.OverrideLogicalId(jsii.String("admin")) @@ -54,7 +56,91 @@ The following arguments are supported: * `TeamId` - (Required) ID of the team to add to the project. * `ProjectId` - (Required) ID of the project to which the team will be added. -* `Access` - (Required) Type of fixed access to grant. Valid values are `Admin`, `Maintain`, `Write`, or `Read`. +* `Access` - (Required) Type of fixed access to grant. Valid values are `Admin`, `Maintain`, `Write`, `Read`, or `Custom`. + +## Custom Access + +If using `Custom` for `Access`, you can set the levels of individual permissions +that affect the project itself and all workspaces in the project, by using `ProjectAccess` and `WorkspaceAccess` arguments and their associated permission attributes. When using custom access, if attributes are not set they will be given a default value. Some permissions have values that are specific "strings" that denote the level of the permission, while other permissions are simple booleans. + +The following permissions apply to the project itself. + +| project-access | Description, Default, Valid Values | +|---------------------|---------------------------------------------| +| `Settings` | The permission to grant for the project's settings. Default: `Read`. Valid strings: `Read`, `Update`, or `Delete` | +| `Teams` | The permission to grant for the project's teams. Default: `None`, Valid strings: `None`, `Read`, or `Manage` | + + + + + +The following permissions apply to all workpsaces (and future workspaces) in the project. + +| workspace-access | Description, Default, Valid Values | +|----------------------|-------------------------------------------------------| +| `Runs` | The permission to grant project's workspaces' runs. Default: `Read`. Valid strings: `Read`, `Plan`, or `Apply`. | +| `SentinelMocks` | The permission to grant project's workspaces' Sentinel mocks. Default: `None`. Valid strings: `None`, or `Read`. | +| `StateVersions` | The permission to grant project's workspaces' state versions. Default: `None` Valid strings: `None`, `ReadOutputs`, `Read`, or `Write`.| +| `Variables` | The permission to grant project's workspaces' variables. Default `None`. Valid strings: `None`, `Read`, or `Write`. | +| `Create` | The permission to create project's workspaces in the project. Default: `False`. Valid booleans `True`, `False` | +| `Locking` | The permission to manually lock or unlock the project's workspaces. Default `False`. Valid booleans `True`, `False` | +| `Delete` | The permission to delete the project's workspaces. Default: `False`. Valid booleans: `True`, `False` | +| `Move` | This permission to move workspaces into and out of the project. The team must also have permissions to the project(s) receiving the the workspace(s). Default: `False`. Valid booleans: `True`, `False` | +| `RunTasks` | The permission to manage run tasks within the project's workspaces. Default `False`. Valid booleans: `True`, `False` | + + +## Example Usage with Custom Project Permissions + +```go +import constructs "github.com/aws/constructs-go/constructs" +import "github.com/hashicorp/terraform-cdk-go/cdktf" +/*Provider bindings are generated by running cdktf get. +See https://cdk.tf/provider-generation for more details.*/ +import "github.com/aws-samples/dummy/gen/providers/tfe/project" +import "github.com/aws-samples/dummy/gen/providers/tfe/team" +import "github.com/aws-samples/dummy/gen/providers/tfe/teamProjectAccess" +type myConvertedCode struct { + terraformStack +} + +func newMyConvertedCode(scope construct, name *string) *myConvertedCode { + this := &myConvertedCode{} + cdktf.NewTerraformStack_Override(this, scope, name) + tfeProjectTest := project.NewProject(this, jsii.String("test"), &projectConfig{ + name: jsii.String("myproject"), + organization: jsii.String("my-org-name"), + }) + tfeTeamDev := team.NewTeam(this, jsii.String("dev"), &teamConfig{ + name: jsii.String("my-dev-team"), + organization: jsii.String("my-org-name"), + }) + teamProjectAccess.NewTeamProjectAccess(this, jsii.String("custom"), &teamProjectAccessConfig{ + access: jsii.String("custom"), + projectAccess: []map[string]*string{ + map[string]*string{ + "settings": jsii.String("read"), + "teams": jsii.String("none"), + }, + }, + projectId: cdktf.Token_AsString(tfeProjectTest.id), + teamId: cdktf.Token_*AsString(tfeTeamDev.id), + workspaceAccess: []map[string]interface{}{ + map[string]interface{}{ + "create": jsii.Boolean(true), + "delete": jsii.Boolean(false), + "locking": jsii.Boolean(true), + "move": jsii.Boolean(false), + "runTasks": jsii.Boolean(false), + "runs": jsii.String("apply"), + "sentinelMocks": jsii.String("none"), + "stateVersions": jsii.String("write"), + "variables": jsii.String("write"), + }, + }, + }) + return this +} +``` ## Attributes Reference @@ -69,4 +155,4 @@ example: terraform import tfe_team_project_access.admin tprj-2pmtXpZa4YzVMTPi ``` - \ No newline at end of file + \ No newline at end of file diff --git a/website/docs/cdktf/java/d/policy_set.html.markdown b/website/docs/cdktf/java/d/policy_set.html.markdown index fb122bd9f..14b749010 100644 --- a/website/docs/cdktf/java/d/policy_set.html.markdown +++ b/website/docs/cdktf/java/d/policy_set.html.markdown @@ -5,6 +5,8 @@ description: |- Get information on organization policy sets. --- + + # Data Source: tfe_policy_set This data source is used to retrieve a policy set defined in a specified organization. @@ -47,6 +49,7 @@ The following arguments are supported: * `kind` - The policy-as-code framework for the policy. Valid values are "sentinel" and "opa". * `overridable` - Whether users can override this policy when it fails during a run. Only valid for OPA policies. * `workspaceIds` - IDs of the workspaces that use the policy set. +* `projectIds` - IDs of the projects that use the policy set. * `policyIds` - IDs of the policies attached to the policy set. * `policiesPath` - The sub-path within the attached VCS repository when using `vcsRepo`. * `vcsRepo` - Settings for the workspace's VCS repository. @@ -62,4 +65,4 @@ The `vcsRepo` block contains: * `oauthTokenId` - OAuth token ID of the configured VCS connection. - \ No newline at end of file + \ No newline at end of file diff --git a/website/docs/cdktf/java/d/saml_settings.html.markdown b/website/docs/cdktf/java/d/saml_settings.html.markdown new file mode 100644 index 000000000..eac1110a0 --- /dev/null +++ b/website/docs/cdktf/java/d/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Get information on SAML Settings. +--- + + + +# Data Source: tfe_saml_settings + +Use this data source to get information about SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + + +## Example Usage + +Basic usage: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.token +} + +provider "tfe" { + alias = "admin" + hostname = var.hostname + token = var.admin_token +} + +data "tfe_saml_settings" "foo" { + provider = tfe.admin +} +``` + +## Argument Reference + +No arguments are required for this data source. + +## Attributes Reference + +The following attributes are exported: + +* `id` - It is always `saml`. +* `enabled` - Whether SAML single sign-on is enabled. +* `debug` - Whether debug mode is enabled, which means that the SAMLResponse XML will be displayed on the login page. +* `teamManagementEnabled` - Whether Terraform Enterprise is set to manage team membership. +* `authnRequestsSigned` - Whether `` messages are signed. +* `wantAssertionsSigned` - Whether `` elements are signed. +* `idpCert` - PEM encoded X.509 Certificate as provided by the IdP configuration. +* `oldIdpCert` - Previous version of the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `sloEndpointUrl` - Single Log Out URL. +* `ssoEndpointUrl` - Single Sign On URL. +* `attrUsername` - Name of the SAML attribute that determines the user's username. +* `attrGroups` - Name of the SAML attribute that determines team membership. +* `attrSiteAdmin` - Site admin access role. +* `siteAdminRole` - Site admin access role. +* `ssoApiTokenSessionTimeout` - Single Sign On session timeout in seconds. +* `acsConsumerUrl` - ACS Consumer (Recipient) URL. +* `metadataUrl` - Metadata (Audience) URL. +* `certificate` - Request and assertion signing certificate. +* `certificate` - Request and assertion signing certificate. +* `privateKey` - The private key used for request and assertion signing. +* `signatureSigningMethod` - Signature Signing Method. +* `signatureDigestMethod` - Signature Digest Method. + + \ No newline at end of file diff --git a/website/docs/cdktf/java/index.html.markdown b/website/docs/cdktf/java/index.html.markdown index 34c2e580c..6d6c898ab 100644 --- a/website/docs/cdktf/java/index.html.markdown +++ b/website/docs/cdktf/java/index.html.markdown @@ -5,6 +5,8 @@ description: |- Provision Terraform Cloud or Terraform Enterprise - with Terraform! Management of organizations, workspaces, teams, variables, run triggers, policy sets, and more. Maintained by the Terraform Cloud team at HashiCorp. --- + + # Terraform Cloud/Enterprise Provider This provider is used to interact with the many resources supported by @@ -127,4 +129,4 @@ The following arguments are supported: arguments. Ensure that the organization already exists prior to using this argument. This can also be specified using the `tfeOrganization` environment variable. - + \ No newline at end of file diff --git a/website/docs/cdktf/java/r/project_policy_set.html.markdown b/website/docs/cdktf/java/r/project_policy_set.html.markdown new file mode 100644 index 000000000..596bb5179 --- /dev/null +++ b/website/docs/cdktf/java/r/project_policy_set.html.markdown @@ -0,0 +1,60 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_project_policy_set" +description: |- + Add a policy set to a project +--- + + + +# tfe_project_policy_set + +Adds and removes policy sets from a project + +## Example Usage + +Basic usage: + +```hcl +resource "tfe_organization" "test" { + name = "my-org-name" + email = "admin@company.com" +} + +resource "tfe_project" "test" { + name = "my-project-name" + organization = tfe_organization.test.name +} + +resource "tfe_policy_set" "test" { + name = "my-policy-set" + description = "Some description." + organization = tfe_organization.test.name +} + +resource "tfe_project_policy_set" "test" { + policy_set_id = tfe_policy_set.test.id + project_id = tfe_project.test.id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `policySetId` - (Required) ID of the policy set. +* `projectId` - (Required) Project ID to add the policy set to. + +## Attributes Reference + +* `id` - The ID of the policy set attachment. ID format: `_` + +## Import + +Project Policy Sets can be imported; use `//`. For example: + +```shell +terraform import tfe_project_policy_set.test 'my-org-name/project/policy-set-name' +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/java/r/saml_settings.html.markdown b/website/docs/cdktf/java/r/saml_settings.html.markdown new file mode 100644 index 000000000..430a810e7 --- /dev/null +++ b/website/docs/cdktf/java/r/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Manages SAML Settings. +--- + + + +# tfe_saml_settings + +Use this resource to create, update and destroy SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + +## Example Usage + +Basic usage for SAML Settings: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.admin_token +} + +resource "tfe_saml_settings" "this" { + idp_cert = "foobarCertificate" + slo_endpoint_url = "https://example.com/slo_endpoint_url" + sso_endpoint_url = "https://example.com/sso_endpoint_url" + } +``` + +## Argument Reference + +The following arguments are supported: + +* `idpCert` - (Required) Identity Provider Certificate specifies the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `sloEndpointUrl` - (Required) Single Log Out URL specifies the HTTPS endpoint on your IdP for single logout requests. This value is provided by the IdP configuration. +* `ssoEndpointUrl` - (Required) Single Sign On URL specifies the HTTPS endpoint on your IdP for single sign-on requests. This value is provided by the IdP configuration. +* `debug` - (Optional) When sign-on fails and this is enabled, the SAMLResponse XML will be displayed on the login page. +* `authnRequestsSigned` - (Optional) Whether to ensure that `` messages are signed. +* `wantAssertionsSigned` - (Optional) Whether to ensure that `` elements are signed. +* `teamManagementEnabled` - (Optional) Set it to false if you would rather use Terraform Enterprise to manage team membership. +* `attrUsername` - (Optional) Username Attribute Name specifies the name of the SAML attribute that determines the user's username. +* `attrSiteAdmin` - (Optional) Specifies the role for site admin access. Overrides the `Site Admin Role` method. +* `attrGroups` - (Optional) Team Attribute Name specifies the name of the SAML attribute that determines team membership. +* `siteAdminRole` - (Optional) Specifies the role for site admin access, provided in the list of roles sent in the Team Attribute Name attribute. +* `ssoApiTokenSessionTimeout` - (Optional) Specifies the Single Sign On session timeout in seconds. Defaults to 14 days. +* `certificate` - (Optional) The certificate used for request and assertion signing. +* `privateKey` - (Optional) The private key used for request and assertion signing. +* `signatureSigningMethod` - (Optional) Signature Signing Method. Must be either `sha1` or `sha256`. Defaults to `sha256`. +* `signatureDigestMethod` - (Optional) Signature Digest Method. Must be either `sha1` or `sha256`. Defaults to `sha256`. + +## Attributes Reference + +* `id` - The ID of the SAML Settings. Always `saml`. +* `acsConsumerUrl` - ACS Consumer (Recipient) URL. +* `metadataUrl` - Metadata (Audience) URL. +* `oldIdpCert` - Value of the old IDP Certificate. + +## Import + +SAML Settings can be imported. + +```shell +terraform import tfe_saml_settings.this saml +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/java/r/team_project_access.html.markdown b/website/docs/cdktf/java/r/team_project_access.html.markdown index fb9d280f0..55f5dda87 100644 --- a/website/docs/cdktf/java/r/team_project_access.html.markdown +++ b/website/docs/cdktf/java/r/team_project_access.html.markdown @@ -5,6 +5,8 @@ description: |- Associate a team to permissions on a project. --- + + # tfe_team_project_access Associate a team to permissions on a project. @@ -50,7 +52,81 @@ The following arguments are supported: * `teamId` - (Required) ID of the team to add to the project. * `projectId` - (Required) ID of the project to which the team will be added. -* `access` - (Required) Type of fixed access to grant. Valid values are `admin`, `maintain`, `write`, or `read`. +* `access` - (Required) Type of fixed access to grant. Valid values are `admin`, `maintain`, `write`, `read`, or `custom`. + +## Custom Access + +If using `custom` for `access`, you can set the levels of individual permissions +that affect the project itself and all workspaces in the project, by using `projectAccess` and `workspaceAccess` arguments and their associated permission attributes. When using custom access, if attributes are not set they will be given a default value. Some permissions have values that are specific "strings" that denote the level of the permission, while other permissions are simple booleans. + +The following permissions apply to the project itself. + +| project-access | Description, Default, Valid Values | +|---------------------|---------------------------------------------| +| `settings` | The permission to grant for the project's settings. Default: `read`. Valid strings: `read`, `update`, or `delete` | +| `teams` | The permission to grant for the project's teams. Default: `none`, Valid strings: `none`, `read`, or `manage` | + + + + + +The following permissions apply to all workpsaces (and future workspaces) in the project. + +| workspace-access | Description, Default, Valid Values | +|----------------------|-------------------------------------------------------| +| `runs` | The permission to grant project's workspaces' runs. Default: `read`. Valid strings: `read`, `plan`, or `apply`. | +| `sentinelMocks` | The permission to grant project's workspaces' Sentinel mocks. Default: `none`. Valid strings: `none`, or `read`. | +| `stateVersions` | The permission to grant project's workspaces' state versions. Default: `none` Valid strings: `none`, `readOutputs`, `read`, or `write`.| +| `variables` | The permission to grant project's workspaces' variables. Default `none`. Valid strings: `none`, `read`, or `write`. | +| `create` | The permission to create project's workspaces in the project. Default: `false`. Valid booleans `true`, `false` | +| `locking` | The permission to manually lock or unlock the project's workspaces. Default `false`. Valid booleans `true`, `false` | +| `delete` | The permission to delete the project's workspaces. Default: `false`. Valid booleans: `true`, `false` | +| `move` | This permission to move workspaces into and out of the project. The team must also have permissions to the project(s) receiving the the workspace(s). Default: `false`. Valid booleans: `true`, `false` | +| `runTasks` | The permission to manage run tasks within the project's workspaces. Default `false`. Valid booleans: `true`, `false` | + + +## Example Usage with Custom Project Permissions + +```java +import software.constructs.*; +import com.hashicorp.cdktf.*; +/*Provider bindings are generated by running cdktf get. +See https://cdk.tf/provider-generation for more details.*/ +import gen.providers.tfe.project.*; +import gen.providers.tfe.team.*; +import gen.providers.tfe.teamProjectAccess.*; +public class MyConvertedCode extends TerraformStack { + public MyConvertedCode(Construct scope, String name) { + super(scope, name); + Project tfeProjectTest = new Project(this, "test", new ProjectConfig() + .name("myproject") + .organization("my-org-name") + ); + Team tfeTeamDev = new Team(this, "dev", new TeamConfig() + .name("my-dev-team") + .organization("my-org-name") + ); + new TeamProjectAccess(this, "custom", new TeamProjectAccessConfig() + .access("custom") + .projectAccess(List.of(Map.of( + "settings", "read", + "teams", "none"))) + .projectId(Token.asString(tfeProjectTest.getId())) + .teamId(Token.asString(tfeTeamDev.getId())) + .workspaceAccess(List.of(Map.of( + "create", true, + "delete", false, + "locking", true, + "move", false, + "runTasks", false, + "runs", "apply", + "sentinelMocks", "none", + "stateVersions", "write", + "variables", "write"))) + ); + } +} +``` ## Attributes Reference @@ -65,4 +141,4 @@ example: terraform import tfe_team_project_access.admin tprj-2pmtXpZa4YzVMTPi ``` - \ No newline at end of file + \ No newline at end of file diff --git a/website/docs/cdktf/python/d/policy_set.html.markdown b/website/docs/cdktf/python/d/policy_set.html.markdown index 9c6c32d1b..c08868008 100644 --- a/website/docs/cdktf/python/d/policy_set.html.markdown +++ b/website/docs/cdktf/python/d/policy_set.html.markdown @@ -5,6 +5,8 @@ description: |- Get information on organization policy sets. --- + + # Data Source: tfe_policy_set This data source is used to retrieve a policy set defined in a specified organization. @@ -45,6 +47,7 @@ The following arguments are supported: * `kind` - The policy-as-code framework for the policy. Valid values are "sentinel" and "opa". * `overridable` - Whether users can override this policy when it fails during a run. Only valid for OPA policies. * `workspace_ids` - IDs of the workspaces that use the policy set. +* `project_ids` - IDs of the projects that use the policy set. * `policy_ids` - IDs of the policies attached to the policy set. * `policies_path` - The sub-path within the attached VCS repository when using `vcs_repo`. * `vcs_repo` - Settings for the workspace's VCS repository. @@ -60,4 +63,4 @@ The `vcs_repo` block contains: * `oauth_token_id` - OAuth token ID of the configured VCS connection. - \ No newline at end of file + \ No newline at end of file diff --git a/website/docs/cdktf/python/d/saml_settings.html.markdown b/website/docs/cdktf/python/d/saml_settings.html.markdown new file mode 100644 index 000000000..338f92bfc --- /dev/null +++ b/website/docs/cdktf/python/d/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Get information on SAML Settings. +--- + + + +# Data Source: tfe_saml_settings + +Use this data source to get information about SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + + +## Example Usage + +Basic usage: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.token +} + +provider "tfe" { + alias = "admin" + hostname = var.hostname + token = var.admin_token +} + +data "tfe_saml_settings" "foo" { + provider = tfe.admin +} +``` + +## Argument Reference + +No arguments are required for this data source. + +## Attributes Reference + +The following attributes are exported: + +* `id` - It is always `saml`. +* `enabled` - Whether SAML single sign-on is enabled. +* `debug` - Whether debug mode is enabled, which means that the SAMLResponse XML will be displayed on the login page. +* `team_management_enabled` - Whether Terraform Enterprise is set to manage team membership. +* `authn_requests_signed` - Whether `` messages are signed. +* `want_assertions_signed` - Whether `` elements are signed. +* `idp_cert` - PEM encoded X.509 Certificate as provided by the IdP configuration. +* `old_idp_cert` - Previous version of the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `slo_endpoint_url` - Single Log Out URL. +* `sso_endpoint_url` - Single Sign On URL. +* `attr_username` - Name of the SAML attribute that determines the user's username. +* `attr_groups` - Name of the SAML attribute that determines team membership. +* `attr_site_admin` - Site admin access role. +* `site_admin_role` - Site admin access role. +* `sso_api_token_session_timeout` - Single Sign On session timeout in seconds. +* `acs_consumer_url` - ACS Consumer (Recipient) URL. +* `metadata_url` - Metadata (Audience) URL. +* `certificate` - Request and assertion signing certificate. +* `certificate` - Request and assertion signing certificate. +* `private_key` - The private key used for request and assertion signing. +* `signature_signing_method` - Signature Signing Method. +* `signature_digest_method` - Signature Digest Method. + + \ No newline at end of file diff --git a/website/docs/cdktf/python/index.html.markdown b/website/docs/cdktf/python/index.html.markdown index 9e74ddffb..450afa353 100644 --- a/website/docs/cdktf/python/index.html.markdown +++ b/website/docs/cdktf/python/index.html.markdown @@ -5,6 +5,8 @@ description: |- Provision Terraform Cloud or Terraform Enterprise - with Terraform! Management of organizations, workspaces, teams, variables, run triggers, policy sets, and more. Maintained by the Terraform Cloud team at HashiCorp. --- + + # Terraform Cloud/Enterprise Provider This provider is used to interact with the many resources supported by @@ -127,4 +129,4 @@ The following arguments are supported: arguments. Ensure that the organization already exists prior to using this argument. This can also be specified using the `TFE_ORGANIZATION` environment variable. - + \ No newline at end of file diff --git a/website/docs/cdktf/python/r/project_policy_set.html.markdown b/website/docs/cdktf/python/r/project_policy_set.html.markdown new file mode 100644 index 000000000..fda2dad7a --- /dev/null +++ b/website/docs/cdktf/python/r/project_policy_set.html.markdown @@ -0,0 +1,60 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_project_policy_set" +description: |- + Add a policy set to a project +--- + + + +# tfe_project_policy_set + +Adds and removes policy sets from a project + +## Example Usage + +Basic usage: + +```hcl +resource "tfe_organization" "test" { + name = "my-org-name" + email = "admin@company.com" +} + +resource "tfe_project" "test" { + name = "my-project-name" + organization = tfe_organization.test.name +} + +resource "tfe_policy_set" "test" { + name = "my-policy-set" + description = "Some description." + organization = tfe_organization.test.name +} + +resource "tfe_project_policy_set" "test" { + policy_set_id = tfe_policy_set.test.id + project_id = tfe_project.test.id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `policy_set_id` - (Required) ID of the policy set. +* `project_id` - (Required) Project ID to add the policy set to. + +## Attributes Reference + +* `id` - The ID of the policy set attachment. ID format: `_` + +## Import + +Project Policy Sets can be imported; use `//`. For example: + +```shell +terraform import tfe_project_policy_set.test 'my-org-name/project/policy-set-name' +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/python/r/saml_settings.html.markdown b/website/docs/cdktf/python/r/saml_settings.html.markdown new file mode 100644 index 000000000..0fa49386c --- /dev/null +++ b/website/docs/cdktf/python/r/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Manages SAML Settings. +--- + + + +# tfe_saml_settings + +Use this resource to create, update and destroy SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + +## Example Usage + +Basic usage for SAML Settings: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.admin_token +} + +resource "tfe_saml_settings" "this" { + idp_cert = "foobarCertificate" + slo_endpoint_url = "https://example.com/slo_endpoint_url" + sso_endpoint_url = "https://example.com/sso_endpoint_url" + } +``` + +## Argument Reference + +The following arguments are supported: + +* `idp_cert` - (Required) Identity Provider Certificate specifies the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `slo_endpoint_url` - (Required) Single Log Out URL specifies the HTTPS endpoint on your IdP for single logout requests. This value is provided by the IdP configuration. +* `sso_endpoint_url` - (Required) Single Sign On URL specifies the HTTPS endpoint on your IdP for single sign-on requests. This value is provided by the IdP configuration. +* `debug` - (Optional) When sign-on fails and this is enabled, the SAMLResponse XML will be displayed on the login page. +* `authn_requests_signed` - (Optional) Whether to ensure that `` messages are signed. +* `want_assertions_signed` - (Optional) Whether to ensure that `` elements are signed. +* `team_management_enabled` - (Optional) Set it to false if you would rather use Terraform Enterprise to manage team membership. +* `attr_username` - (Optional) Username Attribute Name specifies the name of the SAML attribute that determines the user's username. +* `attr_site_admin` - (Optional) Specifies the role for site admin access. Overrides the `Site Admin Role` method. +* `attr_groups` - (Optional) Team Attribute Name specifies the name of the SAML attribute that determines team membership. +* `site_admin_role` - (Optional) Specifies the role for site admin access, provided in the list of roles sent in the Team Attribute Name attribute. +* `sso_api_token_session_timeout` - (Optional) Specifies the Single Sign On session timeout in seconds. Defaults to 14 days. +* `certificate` - (Optional) The certificate used for request and assertion signing. +* `private_key` - (Optional) The private key used for request and assertion signing. +* `signature_signing_method` - (Optional) Signature Signing Method. Must be either `SHA1` or `SHA256`. Defaults to `SHA256`. +* `signature_digest_method` - (Optional) Signature Digest Method. Must be either `SHA1` or `SHA256`. Defaults to `SHA256`. + +## Attributes Reference + +* `id` - The ID of the SAML Settings. Always `saml`. +* `acs_consumer_url` - ACS Consumer (Recipient) URL. +* `metadata_url` - Metadata (Audience) URL. +* `old_idp_cert` - Value of the old IDP Certificate. + +## Import + +SAML Settings can be imported. + +```shell +terraform import tfe_saml_settings.this saml +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/python/r/team_project_access.html.markdown b/website/docs/cdktf/python/r/team_project_access.html.markdown index 3522b868b..9c3043f63 100644 --- a/website/docs/cdktf/python/r/team_project_access.html.markdown +++ b/website/docs/cdktf/python/r/team_project_access.html.markdown @@ -5,6 +5,8 @@ description: |- Associate a team to permissions on a project. --- + + # tfe_team_project_access Associate a team to permissions on a project. @@ -46,7 +48,81 @@ The following arguments are supported: * `team_id` - (Required) ID of the team to add to the project. * `project_id` - (Required) ID of the project to which the team will be added. -* `access` - (Required) Type of fixed access to grant. Valid values are `admin`, `maintain`, `write`, or `read`. +* `access` - (Required) Type of fixed access to grant. Valid values are `admin`, `maintain`, `write`, `read`, or `custom`. + +## Custom Access + +If using `custom` for `access`, you can set the levels of individual permissions +that affect the project itself and all workspaces in the project, by using `project_access` and `workspace_access` arguments and their associated permission attributes. When using custom access, if attributes are not set they will be given a default value. Some permissions have values that are specific "strings" that denote the level of the permission, while other permissions are simple booleans. + +The following permissions apply to the project itself. + +| project-access | Description, Default, Valid Values | +|---------------------|---------------------------------------------| +| `settings` | The permission to grant for the project's settings. Default: `read`. Valid strings: `read`, `update`, or `delete` | +| `teams` | The permission to grant for the project's teams. Default: `none`, Valid strings: `none`, `read`, or `manage` | + + + + + +The following permissions apply to all workpsaces (and future workspaces) in the project. + +| workspace-access | Description, Default, Valid Values | +|----------------------|-------------------------------------------------------| +| `runs` | The permission to grant project's workspaces' runs. Default: `read`. Valid strings: `read`, `plan`, or `apply`. | +| `sentinel-mocks` | The permission to grant project's workspaces' Sentinel mocks. Default: `none`. Valid strings: `none`, or `read`. | +| `state-versions` | The permission to grant project's workspaces' state versions. Default: `none` Valid strings: `none`, `read-outputs`, `read`, or `write`.| +| `variables` | The permission to grant project's workspaces' variables. Default `none`. Valid strings: `none`, `read`, or `write`. | +| `create` | The permission to create project's workspaces in the project. Default: `false`. Valid booleans `true`, `false` | +| `locking` | The permission to manually lock or unlock the project's workspaces. Default `false`. Valid booleans `true`, `false` | +| `delete` | The permission to delete the project's workspaces. Default: `false`. Valid booleans: `true`, `false` | +| `move` | This permission to move workspaces into and out of the project. The team must also have permissions to the project(s) receiving the the workspace(s). Default: `false`. Valid booleans: `true`, `false` | +| `run-tasks` | The permission to manage run tasks within the project's workspaces. Default `false`. Valid booleans: `true`, `false` | + + +## Example Usage with Custom Project Permissions + +```python +import constructs as constructs +import cdktf as cdktf +# Provider bindings are generated by running cdktf get. +# See https://cdk.tf/provider-generation for more details. +import ...gen.providers.tfe as tfe +class MyConvertedCode(cdktf.TerraformStack): + def __init__(self, scope, name): + super().__init__(scope, name) + tfe_project_test = tfe.project.Project(self, "test", + name="myproject", + organization="my-org-name" + ) + tfe_team_dev = tfe.team.Team(self, "dev", + name="my-dev-team", + organization="my-org-name" + ) + tfe.team_project_access.TeamProjectAccess(self, "custom", + access="custom", + project_access=[{ + "settings": "read", + "teams": "none" + } + ], + project_id=cdktf.Token.as_string(tfe_project_test.id), + team_id=cdktf.Token.as_string(tfe_team_dev.id), + workspace_access=[{ + "create": True, + "delete": False, + "locking": True, + "move": False, + "run_tasks": False, + "runs": "apply", + "sentinel_mocks": "none", + "state_versions": "write", + "variables": "write" + } + ] + ) +``` ## Attributes Reference @@ -61,4 +137,4 @@ example: terraform import tfe_team_project_access.admin tprj-2pmtXpZa4YzVMTPi ``` - \ No newline at end of file + \ No newline at end of file diff --git a/website/docs/cdktf/typescript/d/policy_set.html.markdown b/website/docs/cdktf/typescript/d/policy_set.html.markdown index 6ab3c968e..6dd36caef 100644 --- a/website/docs/cdktf/typescript/d/policy_set.html.markdown +++ b/website/docs/cdktf/typescript/d/policy_set.html.markdown @@ -5,6 +5,8 @@ description: |- Get information on organization policy sets. --- + + # Data Source: tfe_policy_set This data source is used to retrieve a policy set defined in a specified organization. @@ -48,6 +50,7 @@ The following arguments are supported: * `kind` - The policy-as-code framework for the policy. Valid values are "sentinel" and "opa". * `overridable` - Whether users can override this policy when it fails during a run. Only valid for OPA policies. * `workspaceIds` - IDs of the workspaces that use the policy set. +* `projectIds` - IDs of the projects that use the policy set. * `policyIds` - IDs of the policies attached to the policy set. * `policiesPath` - The sub-path within the attached VCS repository when using `vcsRepo`. * `vcsRepo` - Settings for the workspace's VCS repository. @@ -63,4 +66,4 @@ The `vcsRepo` block contains: * `oauthTokenId` - OAuth token ID of the configured VCS connection. - \ No newline at end of file + \ No newline at end of file diff --git a/website/docs/cdktf/typescript/d/saml_settings.html.markdown b/website/docs/cdktf/typescript/d/saml_settings.html.markdown new file mode 100644 index 000000000..eac1110a0 --- /dev/null +++ b/website/docs/cdktf/typescript/d/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Get information on SAML Settings. +--- + + + +# Data Source: tfe_saml_settings + +Use this data source to get information about SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + + +## Example Usage + +Basic usage: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.token +} + +provider "tfe" { + alias = "admin" + hostname = var.hostname + token = var.admin_token +} + +data "tfe_saml_settings" "foo" { + provider = tfe.admin +} +``` + +## Argument Reference + +No arguments are required for this data source. + +## Attributes Reference + +The following attributes are exported: + +* `id` - It is always `saml`. +* `enabled` - Whether SAML single sign-on is enabled. +* `debug` - Whether debug mode is enabled, which means that the SAMLResponse XML will be displayed on the login page. +* `teamManagementEnabled` - Whether Terraform Enterprise is set to manage team membership. +* `authnRequestsSigned` - Whether `` messages are signed. +* `wantAssertionsSigned` - Whether `` elements are signed. +* `idpCert` - PEM encoded X.509 Certificate as provided by the IdP configuration. +* `oldIdpCert` - Previous version of the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `sloEndpointUrl` - Single Log Out URL. +* `ssoEndpointUrl` - Single Sign On URL. +* `attrUsername` - Name of the SAML attribute that determines the user's username. +* `attrGroups` - Name of the SAML attribute that determines team membership. +* `attrSiteAdmin` - Site admin access role. +* `siteAdminRole` - Site admin access role. +* `ssoApiTokenSessionTimeout` - Single Sign On session timeout in seconds. +* `acsConsumerUrl` - ACS Consumer (Recipient) URL. +* `metadataUrl` - Metadata (Audience) URL. +* `certificate` - Request and assertion signing certificate. +* `certificate` - Request and assertion signing certificate. +* `privateKey` - The private key used for request and assertion signing. +* `signatureSigningMethod` - Signature Signing Method. +* `signatureDigestMethod` - Signature Digest Method. + + \ No newline at end of file diff --git a/website/docs/cdktf/typescript/index.html.markdown b/website/docs/cdktf/typescript/index.html.markdown index 34c2e580c..6d6c898ab 100644 --- a/website/docs/cdktf/typescript/index.html.markdown +++ b/website/docs/cdktf/typescript/index.html.markdown @@ -5,6 +5,8 @@ description: |- Provision Terraform Cloud or Terraform Enterprise - with Terraform! Management of organizations, workspaces, teams, variables, run triggers, policy sets, and more. Maintained by the Terraform Cloud team at HashiCorp. --- + + # Terraform Cloud/Enterprise Provider This provider is used to interact with the many resources supported by @@ -127,4 +129,4 @@ The following arguments are supported: arguments. Ensure that the organization already exists prior to using this argument. This can also be specified using the `tfeOrganization` environment variable. - + \ No newline at end of file diff --git a/website/docs/cdktf/typescript/r/project_policy_set.html.markdown b/website/docs/cdktf/typescript/r/project_policy_set.html.markdown new file mode 100644 index 000000000..596bb5179 --- /dev/null +++ b/website/docs/cdktf/typescript/r/project_policy_set.html.markdown @@ -0,0 +1,60 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_project_policy_set" +description: |- + Add a policy set to a project +--- + + + +# tfe_project_policy_set + +Adds and removes policy sets from a project + +## Example Usage + +Basic usage: + +```hcl +resource "tfe_organization" "test" { + name = "my-org-name" + email = "admin@company.com" +} + +resource "tfe_project" "test" { + name = "my-project-name" + organization = tfe_organization.test.name +} + +resource "tfe_policy_set" "test" { + name = "my-policy-set" + description = "Some description." + organization = tfe_organization.test.name +} + +resource "tfe_project_policy_set" "test" { + policy_set_id = tfe_policy_set.test.id + project_id = tfe_project.test.id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `policySetId` - (Required) ID of the policy set. +* `projectId` - (Required) Project ID to add the policy set to. + +## Attributes Reference + +* `id` - The ID of the policy set attachment. ID format: `_` + +## Import + +Project Policy Sets can be imported; use `//`. For example: + +```shell +terraform import tfe_project_policy_set.test 'my-org-name/project/policy-set-name' +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/typescript/r/saml_settings.html.markdown b/website/docs/cdktf/typescript/r/saml_settings.html.markdown new file mode 100644 index 000000000..430a810e7 --- /dev/null +++ b/website/docs/cdktf/typescript/r/saml_settings.html.markdown @@ -0,0 +1,67 @@ +--- +layout: "tfe" +page_title: "Terraform Enterprise: tfe_saml_settings" +description: |- + Manages SAML Settings. +--- + + + +# tfe_saml_settings + +Use this resource to create, update and destroy SAML Settings. It applies only to Terraform Enterprise and requires admin token configuration. See example usage for incorporating an admin token in your provider config. + +## Example Usage + +Basic usage for SAML Settings: + +```hcl +provider "tfe" { + hostname = var.hostname + token = var.admin_token +} + +resource "tfe_saml_settings" "this" { + idp_cert = "foobarCertificate" + slo_endpoint_url = "https://example.com/slo_endpoint_url" + sso_endpoint_url = "https://example.com/sso_endpoint_url" + } +``` + +## Argument Reference + +The following arguments are supported: + +* `idpCert` - (Required) Identity Provider Certificate specifies the PEM encoded X.509 Certificate as provided by the IdP configuration. +* `sloEndpointUrl` - (Required) Single Log Out URL specifies the HTTPS endpoint on your IdP for single logout requests. This value is provided by the IdP configuration. +* `ssoEndpointUrl` - (Required) Single Sign On URL specifies the HTTPS endpoint on your IdP for single sign-on requests. This value is provided by the IdP configuration. +* `debug` - (Optional) When sign-on fails and this is enabled, the SAMLResponse XML will be displayed on the login page. +* `authnRequestsSigned` - (Optional) Whether to ensure that `` messages are signed. +* `wantAssertionsSigned` - (Optional) Whether to ensure that `` elements are signed. +* `teamManagementEnabled` - (Optional) Set it to false if you would rather use Terraform Enterprise to manage team membership. +* `attrUsername` - (Optional) Username Attribute Name specifies the name of the SAML attribute that determines the user's username. +* `attrSiteAdmin` - (Optional) Specifies the role for site admin access. Overrides the `Site Admin Role` method. +* `attrGroups` - (Optional) Team Attribute Name specifies the name of the SAML attribute that determines team membership. +* `siteAdminRole` - (Optional) Specifies the role for site admin access, provided in the list of roles sent in the Team Attribute Name attribute. +* `ssoApiTokenSessionTimeout` - (Optional) Specifies the Single Sign On session timeout in seconds. Defaults to 14 days. +* `certificate` - (Optional) The certificate used for request and assertion signing. +* `privateKey` - (Optional) The private key used for request and assertion signing. +* `signatureSigningMethod` - (Optional) Signature Signing Method. Must be either `sha1` or `sha256`. Defaults to `sha256`. +* `signatureDigestMethod` - (Optional) Signature Digest Method. Must be either `sha1` or `sha256`. Defaults to `sha256`. + +## Attributes Reference + +* `id` - The ID of the SAML Settings. Always `saml`. +* `acsConsumerUrl` - ACS Consumer (Recipient) URL. +* `metadataUrl` - Metadata (Audience) URL. +* `oldIdpCert` - Value of the old IDP Certificate. + +## Import + +SAML Settings can be imported. + +```shell +terraform import tfe_saml_settings.this saml +``` + + \ No newline at end of file diff --git a/website/docs/cdktf/typescript/r/team_project_access.html.markdown b/website/docs/cdktf/typescript/r/team_project_access.html.markdown index 2c7e0e36a..74cee1ae9 100644 --- a/website/docs/cdktf/typescript/r/team_project_access.html.markdown +++ b/website/docs/cdktf/typescript/r/team_project_access.html.markdown @@ -5,6 +5,8 @@ description: |- Associate a team to permissions on a project. --- + + # tfe_team_project_access Associate a team to permissions on a project. @@ -49,7 +51,86 @@ The following arguments are supported: * `teamId` - (Required) ID of the team to add to the project. * `projectId` - (Required) ID of the project to which the team will be added. -* `access` - (Required) Type of fixed access to grant. Valid values are `admin`, `maintain`, `write`, or `read`. +* `access` - (Required) Type of fixed access to grant. Valid values are `admin`, `maintain`, `write`, `read`, or `custom`. + +## Custom Access + +If using `custom` for `access`, you can set the levels of individual permissions +that affect the project itself and all workspaces in the project, by using `projectAccess` and `workspaceAccess` arguments and their associated permission attributes. When using custom access, if attributes are not set they will be given a default value. Some permissions have values that are specific "strings" that denote the level of the permission, while other permissions are simple booleans. + +The following permissions apply to the project itself. + +| project-access | Description, Default, Valid Values | +|---------------------|---------------------------------------------| +| `settings` | The permission to grant for the project's settings. Default: `read`. Valid strings: `read`, `update`, or `delete` | +| `teams` | The permission to grant for the project's teams. Default: `none`, Valid strings: `none`, `read`, or `manage` | + + + + + +The following permissions apply to all workpsaces (and future workspaces) in the project. + +| workspace-access | Description, Default, Valid Values | +|----------------------|-------------------------------------------------------| +| `runs` | The permission to grant project's workspaces' runs. Default: `read`. Valid strings: `read`, `plan`, or `apply`. | +| `sentinelMocks` | The permission to grant project's workspaces' Sentinel mocks. Default: `none`. Valid strings: `none`, or `read`. | +| `stateVersions` | The permission to grant project's workspaces' state versions. Default: `none` Valid strings: `none`, `readOutputs`, `read`, or `write`.| +| `variables` | The permission to grant project's workspaces' variables. Default `none`. Valid strings: `none`, `read`, or `write`. | +| `create` | The permission to create project's workspaces in the project. Default: `false`. Valid booleans `true`, `false` | +| `locking` | The permission to manually lock or unlock the project's workspaces. Default `false`. Valid booleans `true`, `false` | +| `delete` | The permission to delete the project's workspaces. Default: `false`. Valid booleans: `true`, `false` | +| `move` | This permission to move workspaces into and out of the project. The team must also have permissions to the project(s) receiving the the workspace(s). Default: `false`. Valid booleans: `true`, `false` | +| `runTasks` | The permission to manage run tasks within the project's workspaces. Default `false`. Valid booleans: `true`, `false` | + + +## Example Usage with Custom Project Permissions + +```typescript +import * as constructs from "constructs"; +import * as cdktf from "cdktf"; +/*Provider bindings are generated by running cdktf get. +See https://cdk.tf/provider-generation for more details.*/ +import * as tfe from "./.gen/providers/tfe"; +class MyConvertedCode extends cdktf.TerraformStack { + constructor(scope: constructs.Construct, name: string) { + super(scope, name); + const tfeProjectTest = new tfe.project.Project(this, "test", { + name: "myproject", + organization: "my-org-name", + }); + const tfeTeamDev = new tfe.team.Team(this, "dev", { + name: "my-dev-team", + organization: "my-org-name", + }); + new tfe.teamProjectAccess.TeamProjectAccess(this, "custom", { + access: "custom", + projectAccess: [ + { + settings: "read", + teams: "none", + }, + ], + projectId: cdktf.Token.asString(tfeProjectTest.id), + teamId: cdktf.Token.asString(tfeTeamDev.id), + workspaceAccess: [ + { + create: true, + delete: false, + locking: true, + move: false, + runTasks: false, + runs: "apply", + sentinelMocks: "none", + stateVersions: "write", + variables: "write", + }, + ], + }); + } +} + +``` ## Attributes Reference @@ -64,4 +145,4 @@ example: terraform import tfe_team_project_access.admin tprj-2pmtXpZa4YzVMTPi ``` - \ No newline at end of file + \ No newline at end of file