ENG-12558: add AuthType to the repo conf auth payload (#450)

* ENG-12558: add AuthType to the repo conf auth payload

* Fix docs

* Use string values for auth type

README.md

@@ -61,6 +61,8 @@ pre-commit run --show-diff-on-failure --color=always --all-files
 find docs -exec sudo chown <your_username> {} \;
 ```
 
+> The `make docker-compose/docs` command can sometimes fail. If this is your case, you can use the `tfplugindocs generate` command, which will do the same as `make docker-compose/docs`. You can get the binary from [this link](https://github.com/hashicorp/terraform-plugin-docs)
+
 ### Test Instructions
 
 The test framework requires basic configuration before it can be executed as follows:

cyral/resource_cyral_repository_conf_auth.go

@@ -10,13 +10,16 @@ import (
 	"github.com/cyralinc/terraform-provider-cyral/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
 const (
 	repositoryConfAuthURLFormat = "https://%s/v1/repos/%s/conf/auth"
 
 	defaultClientTLS = "disable"
 	defaultRepoTLS   = "disable"
+
+	defaultAuthType = "ACCESS_TOKEN"
 )
 
 type RepositoryConfAuthData struct {
@@ -25,6 +28,7 @@ type RepositoryConfAuthData struct {
 	ClientTLS        string  `json:"clientTLS"`
 	IdentityProvider string  `json:"identityProvider"`
 	RepoTLS          string  `json:"repoTLS"`
+	AuthType         string  `json:"authType"`
 }
 
 func (data RepositoryConfAuthData) WriteToSchema(d *schema.ResourceData) error {
@@ -48,6 +52,8 @@ func (data RepositoryConfAuthData) WriteToSchema(d *schema.ResourceData) error {
 
 	d.Set("repo_tls", data.RepoTLS)
 
+	d.Set("auth_type", data.AuthType)
+
 	return nil
 }
 
@@ -58,6 +64,7 @@ func (data *RepositoryConfAuthData) ReadFromSchema(d *schema.ResourceData) error
 	}
 
 	data.AllowNativeAuth = d.Get("allow_native_auth").(bool)
+	data.AuthType = d.Get("auth_type").(string)
 	data.ClientTLS = d.Get("client_tls").(string)
 	data.IdentityProvider = d.Get("identity_provider").(string)
 	data.RepoTLS = d.Get("repo_tls").(string)
@@ -169,6 +176,11 @@ func DeleteConfAuthConfig() ResourceOperationConfig {
 	}
 }
 
+var authTypes = []string{
+	"ACCESS_TOKEN",
+	"AWS_IAM",
+}
+
 func repositoryConfAuthResourceSchemaV0() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
@@ -204,6 +216,14 @@ func repositoryConfAuthResourceSchemaV0() *schema.Resource {
 				Optional:    true,
 				Default:     defaultRepoTLS,
 			},
+			"auth_type": {
+				Description: "Authentication type for this repository. List of supported types: " +
+					supportedTypesMarkdown(authTypes),
+				Type:         schema.TypeString,
+				Optional:     true,
+				Default:      defaultAuthType,
+				ValidateFunc: validation.StringInSlice(authTypes, false),
+			},
 		},
 	}
 }

cyral/resource_cyral_repository_conf_auth_test.go

@@ -36,6 +36,7 @@ func update1RepositoryConfAuthConfig() RepositoryConfAuthData {
 		AllowNativeAuth: true,
 		ClientTLS:       "enable",
 		RepoTLS:         "disable",
+		AuthType:        "AWS_IAM",
 	}
 }
 
@@ -44,6 +45,7 @@ func update2RepositoryConfAuthConfig() RepositoryConfAuthData {
 		AllowNativeAuth: false,
 		ClientTLS:       "enable",
 		RepoTLS:         "disable",
+		AuthType:        "ACCESS_TOKEN",
 	}
 }
 
@@ -130,11 +132,15 @@ func setupRepositoryConfAuthCheck(resName string, repositoryConf RepositoryConfA
 	resourceFullName := fmt.Sprintf("cyral_repository_conf_auth.%s", resName)
 	return resource.ComposeTestCheckFunc(
 		resource.TestCheckResourceAttr(resourceFullName,
-			"allow_native_auth", fmt.Sprintf("%t", repositoryConf.AllowNativeAuth)),
+			"allow_native_auth", fmt.Sprintf("%t", repositoryConf.AllowNativeAuth),
+		),
 		resource.TestCheckResourceAttr(resourceFullName,
 			"client_tls", repositoryConf.ClientTLS),
 		resource.TestCheckResourceAttr(resourceFullName,
 			"repo_tls", repositoryConf.RepoTLS),
+		resource.TestCheckResourceAttr(resourceFullName,
+			"auth_type", repositoryConf.AuthType,
+		),
 	)
 }
 
@@ -150,6 +156,7 @@ func formatRepositoryConfAuthDataIntoConfig(
 		client_tls = "%s"
 		identity_provider = "tf_test_conf_auth_okta"
 		repo_tls = "%s"
+		auth_type = "%s"
 	}`, resName, repositoryID, data.AllowNativeAuth, data.ClientTLS,
-		data.RepoTLS)
+		data.RepoTLS, data.AuthType)
 }

docker-compose.yaml

@@ -5,8 +5,8 @@ services:
     image: golang:1.19
     container_name: terraform_provider_cyral
     volumes:
-      - .:/go/src/cyral
-    working_dir: /go/src/cyral
+      - .:/go/src/terraform-provider-cyral
+    working_dir: /go/src/terraform-provider-cyral
 
   build:
     build: .

docs/data-sources/datalabel.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_datalabel Data Source - cyral"
+page_title: "cyral_datalabel Data Source - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Retrieve and filter data labels. See also resource cyral_datalabel ../resources/datalabel.md.

docs/data-sources/integration_idp.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_idp Data Source - cyral"
+page_title: "cyral_integration_idp Data Source - terraform-provider-cyral"
 subcategory: ""
 description: |-
   ~> DEPRECATED Use resource and data source cyral_integration_idp_saml instead.

docs/data-sources/integration_idp_saml.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_idp_saml Data Source - cyral"
+page_title: "cyral_integration_idp_saml Data Source - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Retrieve and filter SAML IdP integrations.

docs/data-sources/role.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_role Data Source - cyral"
+page_title: "cyral_role Data Source - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Retrieve and filter roles https://cyral.com/docs/account-administration/acct-manage-cyral-roles/ that exist in the Cyral Control Plane.

docs/data-sources/saml_certificate.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_saml_certificate Data Source - cyral"
+page_title: "cyral_saml_certificate Data Source - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Retrieves a X.509 certificate used for signing SAML requests.

docs/data-sources/saml_configuration.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_saml_configuration Data Source - cyral"
+page_title: "cyral_saml_configuration Data Source - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Parses a SAML metadata URL or a Base64 document into a SAML configuration.

docs/data-sources/sidecar_id.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_sidecar_id Data Source - cyral"
+page_title: "cyral_sidecar_id Data Source - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Given a sidecar name, retrieves the respective sidecar ID.

docs/data-sources/sidecar_instance_ids.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_sidecar_instance_ids Data Source - cyral"
+page_title: "cyral_sidecar_instance_ids Data Source - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Retrieves the IDs of all the current instances of a given sidecar.

docs/data-sources/sidecar_listener.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_sidecar_listener Data Source - cyral"
+page_title: "cyral_sidecar_listener Data Source - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Retrieve and filter sidecar listeners.

docs/resources/datalabel.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_datalabel Resource - cyral"
+page_title: "cyral_datalabel Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages data labels. Data labels are part of the Cyral Data Map https://cyral.com/docs/policy/datamap.

docs/resources/integration_datadog.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_datadog Resource - cyral"
+page_title: "cyral_integration_datadog Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   ~> DEPRECATED If configuring Datadog for logging purposes, use resource cyral_integration_logging instead.

docs/resources/integration_elk.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_elk Resource - cyral"
+page_title: "cyral_integration_elk Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   ~> DEPRECATED Use resource cyral_integration_logging instead.

docs/resources/integration_hc_vault.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_hc_vault Resource - cyral"
+page_title: "cyral_integration_hc_vault Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages integration with Hashicorp Vault to store secrets.

docs/resources/integration_logstash.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_logstash Resource - cyral"
+page_title: "cyral_integration_logstash Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   ~> DEPRECATED Use resource cyral_integration_logging instead.

docs/resources/integration_looker.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_looker Resource - cyral"
+page_title: "cyral_integration_looker Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   ~> DEPRECATED Integration no longer supported.

docs/resources/integration_mfa_duo.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_mfa_duo Resource - cyral"
+page_title: "cyral_integration_mfa_duo Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages integration with Duo MFA https://cyral.com/docs/mfa/duo.

docs/resources/integration_microsoft_teams.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_microsoft_teams Resource - cyral"
+page_title: "cyral_integration_microsoft_teams Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages integration with Microsoft Teams https://cyral.com/docs/integrations/messaging/microsoft-teams/.

docs/resources/integration_pager_duty.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_pager_duty Resource - cyral"
+page_title: "cyral_integration_pager_duty Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages integration with PagerDuty https://cyral.com/docs/integrations/incident-response/pagerduty/#in-cyral.

docs/resources/integration_slack_alerts.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_slack_alerts Resource - cyral"
+page_title: "cyral_integration_slack_alerts Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages integration with Slack to push alerts https://cyral.com/docs/integrations/messaging/slack.

docs/resources/integration_splunk.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_splunk Resource - cyral"
+page_title: "cyral_integration_splunk Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   ~> DEPRECATED Use resource cyral_integration_logging instead.

docs/resources/integration_sumo_logic.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_integration_sumo_logic Resource - cyral"
+page_title: "cyral_integration_sumo_logic Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   ~> DEPRECATED Use resource cyral_integration_logging instead.

docs/resources/policy.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_policy Resource - cyral"
+page_title: "cyral_policy Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages policies https://cyral.com/docs/reference/policy. See also: Policy Rule ./policy_rule.md. For more information, see the Policy Guide https://cyral.com/docs/policy/overview.

docs/resources/repository_conf_analysis.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_repository_conf_analysis Resource - cyral"
+page_title: "cyral_repository_conf_analysis Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages Repository Analysis Configuration. This resource allows configuring both Log Settings https://cyral.com/docs/manage-repositories/repo-log-volume and Advanced settings https://cyral.com/docs/manage-repositories/repo-advanced-settings (Logs, Alerts, Analysis and Enforcement) configurations for Data Repositories.

docs/resources/repository_conf_auth.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_repository_conf_auth Resource - cyral"
+page_title: "cyral_repository_conf_auth Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages the Repository Authentication settings https://cyral.com/docs/manage-repositories/repo-advanced-settings/#authentication that is shown in the Advanced tab.
@@ -33,6 +33,9 @@ resource "cyral_repository_conf_auth" "some_resource_name" {
 ### Optional
 
 - `allow_native_auth` (Boolean) Should the communication allow native authentication?
+- `auth_type` (String) Authentication type for this repository. List of supported types:
+  - `ACCESS_TOKEN`
+  - `AWS_IAM`
 - `client_tls` (String) Is the repo Client using TLS? Default is "disable".
 - `identity_provider` (String) The ID (Alias) of the identity provider integration.
 - `repo_tls` (String) Is TLS enabled for the repository? Default is "disable".

docs/resources/repository_datamap.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_repository_datamap Resource - cyral"
+page_title: "cyral_repository_datamap Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages Data Map https://cyral.com/docs/policy/datamap.

docs/resources/repository_network_access_policy.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_repository_network_access_policy Resource - cyral"
+page_title: "cyral_repository_network_access_policy Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages the network access policy of a repository. Network access policies are also known as the Network Shield https://cyral.com/docs/manage-repositories/network-shield/. This feature is supported for the following repository types:

docs/resources/role.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_role Resource - cyral"
+page_title: "cyral_role Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages roles for Cyral control plane users https://cyral.com/docs/account-administration/acct-manage-cyral-roles/#create-and-manage-administrator-roles-for-cyral-control-plane-users. See also: Role SSO Groups ./role_sso_groups.md.

docs/resources/role_sso_groups.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_role_sso_groups Resource - cyral"
+page_title: "cyral_role_sso_groups Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages mapping SSO groups to specific roles https://cyral.com/docs/account-administration/acct-manage-cyral-roles/#map-an-sso-group-to-a-cyral-administrator-role on Cyral control plane. See also: Role ./role.md.

docs/resources/sidecar.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "cyral_sidecar Resource - cyral"
+page_title: "cyral_sidecar Resource - terraform-provider-cyral"
 subcategory: ""
 description: |-
   Manages sidecars https://cyral.com/docs/sidecars/sidecar-manage.