Improve examples for resources policy and policy_rules (#545)

cyralinc · Jun 6, 2024 · 1cfb4d8 · 1cfb4d8
1 parent e8d106c
commit 1cfb4d8
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 102 deletions.
diff --git a/docs/resources/policy.md b/docs/resources/policy.md
@@ -13,13 +13,12 @@ Manages [policies](https://cyral.com/docs/reference/policy). See also: [Policy R
 ## Example Usage
 
 ```terraform
-resource "cyral_policy" "some_resource_name" {
-  name = ""
-  description = ""
+resource "cyral_policy" "this" {
+  name = "My first policy"
+  description = "This is my first policy"
   enabled = true
-  data = [""]
-  data_label_tags = [""]
-  tags = [""]
+  data = ["EMAIL"]
+  metadata_tags = ["Risk Level 1"]
 }
 ```
 

diff --git a/docs/resources/policy_rule.md b/docs/resources/policy_rule.md
@@ -9,51 +9,31 @@ Manages [policy rules](https://cyral.com/docs/reference/policy/#rules). See also
 ## Example Usage
 
 ```terraform
-resource "cyral_policy_rule" "some_resource_name" {
-    policy_id = ""
-    hosts = [""]
-    identities {
-        db_roles = [""]
-        groups = [""]
-        services = [""]
-        users = [""]
-    }
-    deletes {
-        additional_checks = ""
-        data = [""]
-        dataset_rewrites {
-            dataset = ""
-            repo = ""
-            substitution = ""
-            parameters = [""]
-        }
-        rows = 1
-        severity = "low"
-    }
-    reads {
-        additional_checks = ""
-        data = [""]
-        dataset_rewrites {
-            dataset = ""
-            repo = ""
-            substitution = ""
-            parameters = [""]
-        }
-        rows = 1
-        severity = "low"
-    }
-    updates {
-        additional_checks = ""
-        data = [""]
-        dataset_rewrites {
-            dataset = ""
-            repo = ""
-            substitution = ""
-            parameters = [""]
-        }
-        rows = 1
-        severity = "low"
-    }
+# An example of a policy and a policy rule with a rego policy
+# in `additional_checks`.
+resource "cyral_policy" "this" {
+  name = "My first policy"
+  description = "This is my first policy"
+  enabled = true
+  data = ["EMAIL"]
+  metadata_tags = ["Risk Level 1"]
+}
+
+resource "cyral_policy_rule" "this" {
+  policy_id = cyral_policy.this.id
+  deletes {
+    additional_checks = <<EOT
+is_valid_request {
+  filter := request.filters[_]
+  filter.field == "entity.user.is_real"
+  filter.op == "="
+  filter.value == false
+}
+EOT
+    data = ["EMAIL"]
+    rows = -1
+    severity = "low"
+  }
 }
 ```
 

diff --git a/examples/resources/cyral_policy/resource.tf b/examples/resources/cyral_policy/resource.tf
@@ -1,8 +1,7 @@
-resource "cyral_policy" "some_resource_name" {
-  name = ""
-  description = ""
+resource "cyral_policy" "this" {
+  name = "My first policy"
+  description = "This is my first policy"
   enabled = true
-  data = [""]
-  data_label_tags = [""]
-  tags = [""]
+  data = ["EMAIL"]
+  metadata_tags = ["Risk Level 1"]
 }
diff --git a/examples/resources/cyral_policy_rule/resource.tf b/examples/resources/cyral_policy_rule/resource.tf
@@ -1,46 +1,26 @@
-resource "cyral_policy_rule" "some_resource_name" {
-    policy_id = ""
-    hosts = [""]
-    identities {
-        db_roles = [""]
-        groups = [""]
-        services = [""]
-        users = [""]
-    }
-    deletes {
-        additional_checks = ""
-        data = [""]
-        dataset_rewrites {
-            dataset = ""
-            repo = ""
-            substitution = ""
-            parameters = [""]
-        }
-        rows = 1
-        severity = "low"
-    }
-    reads {
-        additional_checks = ""
-        data = [""]
-        dataset_rewrites {
-            dataset = ""
-            repo = ""
-            substitution = ""
-            parameters = [""]
-        }
-        rows = 1
-        severity = "low"
-    }
-    updates {
-        additional_checks = ""
-        data = [""]
-        dataset_rewrites {
-            dataset = ""
-            repo = ""
-            substitution = ""
-            parameters = [""]
-        }
-        rows = 1
-        severity = "low"
-    }
+# An example of a policy and a policy rule with a rego policy
+# in `additional_checks`.
+resource "cyral_policy" "this" {
+  name = "My first policy"
+  description = "This is my first policy"
+  enabled = true
+  data = ["EMAIL"]
+  metadata_tags = ["Risk Level 1"]
+}
+
+resource "cyral_policy_rule" "this" {
+  policy_id = cyral_policy.this.id
+  deletes {
+    additional_checks = <<EOT
+is_valid_request {
+  filter := request.filters[_]
+  filter.field == "entity.user.is_real"
+  filter.op == "="
+  filter.value == false
+}
+EOT
+    data = ["EMAIL"]
+    rows = -1
+    severity = "low"
+  }
 }