diff --git a/README.md b/README.md index 36cd40bc..96b8204c 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,7 @@ terraform import cyral_repository.my_resource_name myrepo - [Resource Repository Authentication Configuration](./docs/resource_repository_conf_auth.md) - [Resource Repository Binding](./docs/resource_repository_binding.md) - [Resource Repository Identity Map](./docs/resource_repository_identity_map.md) -- [Resource Repository Local Account](./docs/resource_repository_local_account.md) +- [Resource Repository Local Account](./docs/resources/repository_local_account.md) - [Resource Sidecar](./docs/resource_sidecar.md) - [Resource Sidecar Credentials](./docs/resource_sidecar_credentials.md) diff --git a/cyral/resource_cyral_repository_local_account.go b/cyral/resource_cyral_repository_local_account.go index 291c5bef..ac43e6cf 100644 --- a/cyral/resource_cyral_repository_local_account.go +++ b/cyral/resource_cyral_repository_local_account.go @@ -254,19 +254,16 @@ func resourceRepositoryLocalAccount() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "database_name": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Optional: true, }, "local_account": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, }, "role_arn": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, }, }, }, @@ -284,19 +281,16 @@ func resourceRepositoryLocalAccount() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "database_name": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Optional: true, }, "local_account": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, }, "secret_arn": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, }, }, }, @@ -314,14 +308,12 @@ func resourceRepositoryLocalAccount() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "database_name": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Optional: true, }, "local_account": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, }, "password": { Type: schema.TypeString, @@ -344,19 +336,16 @@ func resourceRepositoryLocalAccount() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "database_name": { - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Type: schema.TypeString, + Optional: true, }, "local_account": { - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, }, "path": { - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, }, }, }, @@ -374,19 +363,16 @@ func resourceRepositoryLocalAccount() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "database_name": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Optional: true, }, "local_account": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, }, "variable_name": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, }, }, }, diff --git a/docs/resource_repository_local_account.md b/docs/resource_repository_local_account.md deleted file mode 100644 index 8a7352e4..00000000 --- a/docs/resource_repository_local_account.md +++ /dev/null @@ -1,88 +0,0 @@ -# Repository Local Account - -CRUD operations for Cyral Repository Local Account. - -## Usage - -Although all credential options are listed below, the API expects only one to be used at a time. - -```hcl -resource "cyral_repository_local_account" "my-repo-account" { - repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id - aws_iam { - database_name = "" - local_account = "" - role_arn = "" - } - aws_secrets_manager { - database_name = "" - local_account = "" - secret_arn = "" - } - cyral_storage { - database_name = "" - local_account = "" - password = "" - } - hashicorp_vault { - database_name = "" - local_account = "" - path = "" - } - environment_variable { - database_name = "" - local_account = "" - variable_name = "" - } -} -``` - -## Variables - -| Name | Default | Description | Required | -|:---------------------|:---------:|:---------------------------------------------------------------------|:--------:| -| `repository_id` | | ID of the repository that will be used by this account. | Yes | -| `aws_iam` | | Credential option to set the local account from AWS IAM. | No | -| `aws_secrets_manager`| | Credential option to set the local account from AWS Secrets Manager. | No | -| `cyral_storage` | | Credential option to set the local account from Cyral Storage. | No | -| `hashicorp_vault` | | Credential option to set the local account from Hashicorp Vault. | No | - -### aws_iam - -| Name | Default | Description | Required | -|:----------------|:---------:|:-----------------------------------------------------|:--------:| -| `database_name` | | Database name that the local account corresponds to. | Yes | -| `local_account` | | Local repository account name. | Yes | -| `role_arn` | | AWS IAM role ARN. | Yes | - -### aws_secrets_manager - -| Name | Default | Description | Required | -|:----------------|:---------:|:----------------------------------------------------------|:--------:| -| `database_name` | | Database name that the local account corresponds to. | Yes | -| `local_account` | | Local repository account name. | Yes | -| `secret_arn` | | ARN of the AWS Secret Manager that stores the credential. | Yes | - -### cyral_storage - -| Name | Default | Description | Required | -|:----------------|:---------:|:-----------------------------------------------------|:--------:| -| `database_name` | | Database name that the local account corresponds to. | Yes | -| `local_account` | | Local repository account name. | Yes | -| `password` | | Local account password. | Yes | - -### hashicorp_vault - -| Name | Default | Description | Required | -|:----------------|:---------:|:-----------------------------------------------------|:--------:| -| `database_name` | | Database name that the local account corresponds to. | Yes | -| `local_account` | | Local repository account name. | Yes | -| `path` | | Hashicorp Vault path. | Yes | - -### environment_variable - -| Name | Default | Description | Required | -|:-------------------|:---------:|:---------------------------------------------------------------|:--------:| -| `database_name` | | Database name that the local account corresponds to. | Yes | -| `local_account` | | Local repository account name. | Yes | -| `environment_name` | | Name of the environment variable that will store credentials. | Yes | diff --git a/docs/resources/repository_local_account.md b/docs/resources/repository_local_account.md new file mode 100644 index 00000000..010bc70e --- /dev/null +++ b/docs/resources/repository_local_account.md @@ -0,0 +1,111 @@ +# Repository Local Account Resource + +Provides a resource to handle repository local accounts. + +## Example Usage + +### AWS IAM + +```hcl +resource "cyral_repository_local_account" "some_resource_name" { + repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id + aws_iam { + database_name = "" + local_account = "" + role_arn = "" + } +} +``` + +### AWS Secrets Manager + +```hcl +resource "cyral_repository_local_account" "some_resource_name" { + repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id + aws_secrets_manager { + database_name = "" + local_account = "" + secret_arn = "" + } +} +``` + +### Cyral Storage + +```hcl +resource "cyral_repository_local_account" "some_resource_name" { + repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id + cyral_storage { + database_name = "" + local_account = "" + password = "" + } +} +``` + +### Hashicorp Vault + +```hcl +resource "cyral_repository_local_account" "some_resource_name" { + repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id + hashicorp_vault { + database_name = "" + local_account = "" + path = "" + } +} +``` + +### Environment variable + +```hcl +resource "cyral_repository_local_account" "some_resource_name" { + repository_id = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id + environment_variable { + local_account = "" + variable_name = "" + } +} +``` + +## Argument Reference + +* `repository_id` - (Required) ID of the repository that will be used by the local account. +* `aws_iam` - (Optional) Credential option to set the local account from AWS IAM. +* `aws_secrets_manager` - (Optional) Credential option to set the local account from AWS Secrets Manager. +* `cyral_storage` - (Optional) Credential option to set the local account from Cyral Storage. +* `hashicorp_vault` - (Optional) Credential option to set the local account from Hashicorp Vault. + +The `aws_iam` object supports the following arguments: + +* `database_name` - (Optional) Database name that the local account corresponds to. +* `local_account` - (Required) Local account name. +* `role_arn` - (Required) AWS IAM role ARN. + +The `aws_secrets_manager` object supports the following arguments: + +* `database_name` - (Optional) Database name that the local account corresponds to. +* `local_account` - (Required) Local account name. +* `secret_arn` - (Required) ARN of the AWS Secret Manager that stores the credential. + +The `cyral_storage` object supports the following arguments: + +* `database_name` - (Optional) Database name that the local account corresponds to. +* `local_account` - (Required) Local account name. +* `password` - (Required) Local account password. + +The `hashicorp_vault` object supports the following arguments: + +* `database_name` - (Optional) Database name that the local account corresponds to. +* `local_account` - (Required) Local account name. +* `path` - (Required) Hashicorp Vault path. + +The `environment_variable` object supports the following arguments: + +* `database_name` - (Optional) Database name that the local account corresponds to. +* `local_account` - (Required) Local account name. +* `environment_name` - (Required) Name of the environment variable that will store credentials. + +## Attribute Reference + +* `id` - The ID of this resource. \ No newline at end of file