docs(resources): iam_group documentation and examples (#60)

ndopj · web-flow · commit a8c40ba950f2 · 2023-11-01T00:02:05.000+01:00
diff --git a/docs/resources/iam_group.md b/docs/resources/iam_group.md
@@ -0,0 +1,96 @@
+---
+page_title: "montecarlo_iam_group Resource - terraform-provider-montecarlo"
+subcategory: ""
+description: |-
+  A named resource which lets you define Monte Carlo authorization group responsible for assigning roles to the users.
+---
+
+# montecarlo_iam_group (Resource)
+
+Represents a named resource which lets you define _Monte Carlo_ **authorization group** responsible for assigning roles to the users. An authorization group policy is made up of three primary parts:
+
+- a list of permissions
+- a list of group members (not set by this resource)
+- optionally, one or more Monte Carlo domains to restrict the group to
+
+The list of permissions/roles specifies **what can be done** (such as access or edit monitors), and the domain restrictions specify what parts of your data/metadata those users **may access under given permissions**.
+
+To get more information about _Monte Carlo_ **authorization groups**, see:
+- [API documentation](https://apidocs.getmontecarlo.com/#definition-AuthorizationGroupOutput)
+- How-to Guides
+  - [Authorization](https://docs.getmontecarlo.com/docs/authorization)
+
+
+
+## Example Usage
+
+```terraform
+resource "montecarlo_iam_group" "example" {
+  name        = "name"
+  description = "description"
+  role        = "mcd/viewer"
+  domains     = ["domainUUID"] # restricting to selected domains
+  sso_group   = "sso_group"    # automatical mapping to SSO group
+}
+```
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+<a id="attr--name"></a>
+- `name` (String) ID of the authorization group. Must be unique per _Monte Carlo_ account. Authorization group **name within the UI** is not value of this attribute, instead `label` is used ([see bellow](#attr--label)).
+
+- `role` (String) Used to define the specific role or permissions that are assigned to the _Monte Carlo_ authorization group.  
+Allowed roles:
+
+  - **mcd/owner**
+  - **mcd/domains-manager**
+  - **mcd/responder**
+  - **mcd/editor**
+  - **mcd/viewer**
+  - **mcd/asset-viewer**
+  - **mcd/asset-editor**
+
+### Optional
+
+- `description` (String, _default:_ `""`) Description of the authorization group. Usually can be used to document for what the authorization group is responsible for.
+
+- `domains` (Set of Strings, _default:_ `[]`) Set of **domain UUIDs** that this authorization group should be restricted to. By default, if this attribute is not set, the authorization group permissions will be applied globally.
+
+- `sso_group` (String, _default:_ `null`) Automatically assignes all of the users from the provided **SSO group** to the authorization group.
+
+  - if set, users cannot be assigned to the authorization group directly
+
+  - if set, when authorization group already exists, all of the previous user assignments will be destroyed.
+
+### Read-Only
+
+<a id="attr--label"></a>
+- `label` (String) Authorization group **label/name** as it should be presented in the _Monte Carlo_ UI. Implementation of this resource will always set this attribute to the same value as the `name` attribute ([see above](#attr--name)) to avoid confusion.
+
+
+
+## Import
+
+This resource can be imported using the import ID with following format:
+
+* `{{group_name}}`
+
+In **Terraform v1.5.0** and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import a _Transactional Warehouse_ using one of the formats above. For example:
+
+```terraform
+import {
+  id = "{{group_name}}"
+  to = montecarlo_iam_group.default
+}
+```
+
+When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), _Authorization Group_ can be imported using one of the formats above. For example:
+
+```
+$ terraform import montecarlo_iam_group.default {{group_name}}
+```
diff --git a/examples/resources/montecarlo_iam_group/resource.tf b/examples/resources/montecarlo_iam_group/resource.tf
@@ -0,0 +1,21 @@
+## Allowed roles:
+##   "mcd/owner"
+##   "mcd/domains-manager"
+##   "mcd/responder"
+##   "mcd/editor"
+##   "mcd/viewer"
+##   "mcd/asset-viewer"
+##   "mcd/asset-editor"
+
+resource "montecarlo_iam_group" "example_thin" {
+  name        = "name"
+  role        = "mcd/viewer"
+}
+
+resource "montecarlo_iam_group" "example_thick" {
+  name        = "name"
+  description = "description"
+  role        = "mcd/viewer"
+  domains     = ["domainUUID"] # restricting to selecting domains
+  sso_group   = "sso_group"    # automatical mapping to SSO group
+}
