From b3113b1dd0ef4c2662aa8f376d8c5d735ef07109 Mon Sep 17 00:00:00 2001 From: Jonathan Lacefield Date: Fri, 15 Nov 2024 17:00:01 -0500 Subject: [PATCH] addded description notes for user and service accounts to indicate admin and owner behavior (#166) --- docs/resources/service_account.md | 4 ++-- docs/resources/user.md | 4 ++-- internal/provider/service_account_resource.go | 4 ++-- internal/provider/user_resource.go | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/resources/service_account.md b/docs/resources/service_account.md index 1313b2c..087fe5e 100644 --- a/docs/resources/service_account.md +++ b/docs/resources/service_account.md @@ -54,12 +54,12 @@ resource "temporalcloud_service_account" "namespace_admin" { ### Required -- `account_access` (String) The role on the account. Must be one of [admin, developer, read] (case-insensitive) +- `account_access` (String) The role on the account. Must be one of [admin, developer, read] (case-insensitive). - `name` (String) The name associated with the service account. ### Optional -- `namespace_accesses` (Attributes List) The list of namespace accesses. (see [below for nested schema](#nestedatt--namespace_accesses)) +- `namespace_accesses` (Attributes List) The list of namespace accesses. Service Accounts with an account_access role of admin cannot be assigned explicit permissions to namespaces. admins implicitly receive access to all Namespaces. (see [below for nested schema](#nestedatt--namespace_accesses)) - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts)) ### Read-Only diff --git a/docs/resources/user.md b/docs/resources/user.md index 5cb89f3..b5fffa4 100644 --- a/docs/resources/user.md +++ b/docs/resources/user.md @@ -54,12 +54,12 @@ resource "temporalcloud_user" "namespace_admin" { ### Required -- `account_access` (String) The role on the account. Must be one of [owner, admin, developer, read] (case-insensitive). owner is only valid for import. +- `account_access` (String) The role on the account. Must be one of [owner, admin, developer, read] (case-insensitive). owner is only valid for import and cannot be created, updated or deleted without Temporal support. - `email` (String) The email address for the user. ### Optional -- `namespace_accesses` (Attributes List) The list of namespace accesses. (see [below for nested schema](#nestedatt--namespace_accesses)) +- `namespace_accesses` (Attributes List) The list of namespace accesses. Users with account_access roles of owner or admin cannot be assigned explicit permissions to namespaces. They implicitly receive access to all Namespaces. (see [below for nested schema](#nestedatt--namespace_accesses)) - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts)) ### Read-Only diff --git a/internal/provider/service_account_resource.go b/internal/provider/service_account_resource.go index 587e8e1..05f3274 100644 --- a/internal/provider/service_account_resource.go +++ b/internal/provider/service_account_resource.go @@ -109,14 +109,14 @@ func (r *serviceAccountResource) Schema(ctx context.Context, _ resource.SchemaRe }, "account_access": schema.StringAttribute{ CustomType: internaltypes.CaseInsensitiveStringType{}, - Description: "The role on the account. Must be one of [admin, developer, read] (case-insensitive)", + Description: "The role on the account. Must be one of [admin, developer, read] (case-insensitive).", Required: true, Validators: []validator.String{ stringvalidator.OneOfCaseInsensitive("admin", "developer", "read"), }, }, "namespace_accesses": schema.ListNestedAttribute{ - Description: "The list of namespace accesses.", + Description: "The list of namespace accesses. Service Accounts with an account_access role of admin cannot be assigned explicit permissions to namespaces. admins implicitly receive access to all Namespaces.", Optional: true, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ diff --git a/internal/provider/user_resource.go b/internal/provider/user_resource.go index 000d6f3..002feb1 100644 --- a/internal/provider/user_resource.go +++ b/internal/provider/user_resource.go @@ -109,14 +109,14 @@ func (r *userResource) Schema(ctx context.Context, _ resource.SchemaRequest, res }, "account_access": schema.StringAttribute{ CustomType: internaltypes.CaseInsensitiveStringType{}, - Description: "The role on the account. Must be one of [owner, admin, developer, read] (case-insensitive). owner is only valid for import.", + Description: "The role on the account. Must be one of [owner, admin, developer, read] (case-insensitive). owner is only valid for import and cannot be created, updated or deleted without Temporal support.", Required: true, Validators: []validator.String{ stringvalidator.OneOfCaseInsensitive("owner", "admin", "developer", "read"), }, }, "namespace_accesses": schema.ListNestedAttribute{ - Description: "The list of namespace accesses.", + Description: "The list of namespace accesses. Users with account_access roles of owner or admin cannot be assigned explicit permissions to namespaces. They implicitly receive access to all Namespaces.", Optional: true, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{