Fix optional parameters in resource repository local account (#123)

README.md

@@ -178,7 +178,7 @@ terraform import cyral_repository.my_resource_name myrepo
 - [Resource Repository Authentication Configuration](./docs/resource_repository_conf_auth.md)
 - [Resource Repository Binding](./docs/resource_repository_binding.md)
 - [Resource Repository Identity Map](./docs/resource_repository_identity_map.md)
-- [Resource Repository Local Account](./docs/resource_repository_local_account.md)
+- [Resource Repository Local Account](./docs/resources/repository_local_account.md)
 - [Resource Sidecar](./docs/resource_sidecar.md)
 - [Resource Sidecar Credentials](./docs/resource_sidecar_credentials.md)
 

cyral/resource_cyral_repository_local_account.go

@@ -254,19 +254,16 @@ func resourceRepositoryLocalAccount() *schema.Resource {
 		Elem: &schema.Resource{
 			Schema: map[string]*schema.Schema{
 				"database_name": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Optional: true,
 				},
 				"local_account": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Required: true,
 				},
 				"role_arn": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Required: true,
 				},
 			},
 		},
@@ -284,19 +281,16 @@ func resourceRepositoryLocalAccount() *schema.Resource {
 		Elem: &schema.Resource{
 			Schema: map[string]*schema.Schema{
 				"database_name": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Optional: true,
 				},
 				"local_account": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Required: true,
 				},
 				"secret_arn": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Required: true,
 				},
 			},
 		},
@@ -314,14 +308,12 @@ func resourceRepositoryLocalAccount() *schema.Resource {
 		Elem: &schema.Resource{
 			Schema: map[string]*schema.Schema{
 				"database_name": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Optional: true,
 				},
 				"local_account": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Required: true,
 				},
 				"password": {
 					Type:      schema.TypeString,
@@ -344,19 +336,16 @@ func resourceRepositoryLocalAccount() *schema.Resource {
 		Elem: &schema.Resource{
 			Schema: map[string]*schema.Schema{
 				"database_name": {
-					Type:      schema.TypeString,
-					Optional:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Optional: true,
 				},
 				"local_account": {
-					Type:      schema.TypeString,
-					Optional:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Required: true,
 				},
 				"path": {
-					Type:      schema.TypeString,
-					Optional:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Required: true,
 				},
 			},
 		},
@@ -374,19 +363,16 @@ func resourceRepositoryLocalAccount() *schema.Resource {
 		Elem: &schema.Resource{
 			Schema: map[string]*schema.Schema{
 				"database_name": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Optional: true,
 				},
 				"local_account": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Required: true,
 				},
 				"variable_name": {
-					Type:      schema.TypeString,
-					Required:  true,
-					Sensitive: true,
+					Type:     schema.TypeString,
+					Required: true,
 				},
 			},
 		},

docs/resources/repository_local_account.md

@@ -0,0 +1,111 @@
+# Repository Local Account Resource
+
+Provides a resource to handle repository local accounts.
+
+## Example Usage
+
+### AWS IAM
+
+```hcl
+resource "cyral_repository_local_account" "some_resource_name" {
+    repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id
+    aws_iam {
+        database_name = ""
+        local_account = ""
+        role_arn = ""
+    }
+}
+```
+
+### AWS Secrets Manager
+
+```hcl
+resource "cyral_repository_local_account" "some_resource_name" {
+    repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id
+    aws_secrets_manager {
+        database_name = ""
+        local_account = ""
+        secret_arn = ""
+    }
+}
+```
+
+### Cyral Storage
+
+```hcl
+resource "cyral_repository_local_account" "some_resource_name" {
+    repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id
+    cyral_storage {
+        database_name = ""
+        local_account = ""
+        password = ""
+    }
+}
+```
+
+### Hashicorp Vault
+
+```hcl
+resource "cyral_repository_local_account" "some_resource_name" {
+    repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id
+    hashicorp_vault {
+        database_name = ""
+        local_account = ""
+        path = ""
+    }
+}
+```
+
+### Environment variable
+
+```hcl
+resource "cyral_repository_local_account" "some_resource_name" {
+    repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id
+    environment_variable {
+        local_account = ""
+        variable_name = ""
+    }
+}
+```
+
+## Argument Reference
+
+* `repository_id` - (Required) ID of the repository that will be used by the local account.
+* `aws_iam` - (Optional) Credential option to set the local account from AWS IAM.
+* `aws_secrets_manager` - (Optional) Credential option to set the local account from AWS Secrets Manager.
+* `cyral_storage` - (Optional) Credential option to set the local account from Cyral Storage.
+* `hashicorp_vault` - (Optional) Credential option to set the local account from Hashicorp Vault.
+
+The `aws_iam` object supports the following arguments:
+
+* `database_name` - (Optional) Database name that the local account corresponds to.
+* `local_account` - (Required) Local account name.
+* `role_arn` - (Required) AWS IAM role ARN.
+
+The `aws_secrets_manager` object supports the following arguments:
+
+* `database_name` - (Optional) Database name that the local account corresponds to.
+* `local_account` - (Required) Local account name.
+* `secret_arn` - (Required) ARN of the AWS Secret Manager that stores the credential.
+
+The `cyral_storage` object supports the following arguments:
+
+* `database_name` - (Optional) Database name that the local account corresponds to.
+* `local_account` - (Required) Local account name.
+* `password` - (Required) Local account password.
+
+The `hashicorp_vault` object supports the following arguments:
+
+* `database_name` - (Optional) Database name that the local account corresponds to.
+* `local_account` - (Required) Local account name.
+* `path` - (Required) Hashicorp Vault path.
+
+The `environment_variable` object supports the following arguments:
+
+* `database_name` - (Optional) Database name that the local account corresponds to.
+* `local_account` - (Required) Local account name.
+* `environment_name` - (Required) Name of the environment variable that will store credentials.
+
+## Attribute Reference
+
+* `id` - The ID of this resource.