Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PingOne Authorize Trust Framework and Policy Manager #919

Draft
wants to merge 84 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from 62 commits
Commits
Show all changes
84 commits
Select commit Hold shift + click to select a range
4a64bc3
add draft `pingone_authorize_editor_attribute`
patrickcping Jul 24, 2024
abbe381
first draft editor statement
patrickcping Jul 31, 2024
592d8da
update todo on statement
patrickcping Jul 31, 2024
3bdee4e
round off first draft editor attribute
patrickcping Jul 31, 2024
7194686
optimisations editor attribute
patrickcping Jul 31, 2024
261f560
editor processor first draft
patrickcping Jul 31, 2024
239100f
editor condition first draft
patrickcping Jul 31, 2024
d225749
doc changes editor processor
patrickcping Jul 31, 2024
5886bf9
editor rule first draft
patrickcping Aug 2, 2024
0318e1b
editor service WIP
patrickcping Aug 2, 2024
4543748
initial draft editor service
patrickcping Aug 6, 2024
95ad455
adjustment to data conversion
patrickcping Aug 6, 2024
ec99ca8
editor service lint correction
patrickcping Aug 6, 2024
20e3ada
add validators
patrickcping Aug 6, 2024
20c2203
initial draft editor service schema
patrickcping Aug 6, 2024
8ac50a3
pre-draft editor policy
patrickcping Aug 6, 2024
403e3b6
Merge branch 'main' into 846-pingone-authorize-trust-framework
patrickcping Aug 6, 2024
e3ec89f
schema draft editor policy
patrickcping Aug 7, 2024
5877523
corrections to verify service
patrickcping Aug 7, 2024
36145f5
dev updates
patrickcping Oct 4, 2024
e6a2048
updated data models
patrickcping Oct 8, 2024
66266c9
lint corrections
patrickcping Oct 8, 2024
b5e40f2
data model correction
patrickcping Oct 8, 2024
e9d7c36
documentation for `editor_service`
patrickcping Oct 8, 2024
d781347
documentation for `editor_statement`
patrickcping Oct 8, 2024
df5ac85
documentation for `editor_rule`
patrickcping Oct 8, 2024
f35fc9a
documentation for `editor_attribute`
patrickcping Oct 8, 2024
3dac4dd
update documentation for `editor_attribute`
patrickcping Oct 8, 2024
ad253bb
documentation for `editor_condition`
patrickcping Oct 8, 2024
7136c4d
documentation for `editor_policy`
patrickcping Oct 8, 2024
dfca9d6
documentation for `editor_processor`
patrickcping Oct 8, 2024
0a713ce
draft basic tests processor
patrickcping Oct 8, 2024
0f13cc6
rename resources
patrickcping Oct 8, 2024
c977cef
processor testing and doc example
patrickcping Oct 9, 2024
80926f9
adjust processor test
patrickcping Oct 9, 2024
2ca9712
add additional fields to processor test
patrickcping Oct 9, 2024
ee4d8c3
schema correction
patrickcping Oct 9, 2024
801cbf3
condition testing
patrickcping Oct 9, 2024
91b09e0
update condition doc example
patrickcping Oct 9, 2024
359835e
update `condition` schema
patrickcping Oct 9, 2024
3f3cd55
add abstract service hcl example
patrickcping Oct 9, 2024
e060a19
add testing for `service`
patrickcping Oct 9, 2024
ff6cb2e
lint corrections
patrickcping Oct 9, 2024
9f46a7d
correct import docs
patrickcping Oct 9, 2024
27ac848
changelog
patrickcping Oct 9, 2024
f9cfbcd
add testing FF
patrickcping Oct 10, 2024
ebebdaa
update test scripts and initial fixes
patrickcping Oct 10, 2024
1c43580
fix expected issues pre-testing
patrickcping Oct 10, 2024
0dc1637
fix expected bugs pre-testing
patrickcping Oct 10, 2024
071ba6c
update test case
patrickcping Oct 10, 2024
163bc76
lint corrections
patrickcping Oct 10, 2024
2cafd04
update docs
patrickcping Oct 10, 2024
77ed731
Testing for `trust_framework_processor`
patrickcping Oct 22, 2024
7317c49
housekeeping updates
patrickcping Oct 22, 2024
f5f7f40
testing for `trust_framework_condition`
patrickcping Oct 22, 2024
57bdb86
testing fixes `trust_framework_condition`
patrickcping Oct 23, 2024
3dde781
bug fix `trust_framework_processor`
patrickcping Oct 23, 2024
6f42900
initial `trust_framework_service` testing
patrickcping Oct 23, 2024
f1c5fa3
terrafmt
patrickcping Oct 24, 2024
a189e0a
testing fixes `trust_framework_attribute`
patrickcping Oct 25, 2024
9a92411
add attribute values to `trust_framework_condition` test
patrickcping Oct 25, 2024
5d89758
update documentation
patrickcping Oct 25, 2024
108b68a
initial `trust_framework_service` testing
patrickcping Oct 25, 2024
96ffff9
make resolver constant values sensitive
patrickcping Oct 25, 2024
c0f46d6
terrafmt
patrickcping Oct 25, 2024
cf3c66b
`policy_manager_statement` testing
patrickcping Oct 25, 2024
c403048
update docs
patrickcping Oct 25, 2024
06d5a90
update attributes test
patrickcping Nov 5, 2024
399ce21
update condition tests
patrickcping Nov 5, 2024
c1e382b
update processor testing
patrickcping Nov 6, 2024
2d2d402
update service tests
patrickcping Nov 6, 2024
dec4b80
update statement tests
patrickcping Nov 6, 2024
668c941
remove description validation
patrickcping Nov 6, 2024
4ae8cef
update rule tests
patrickcping Nov 7, 2024
92ba614
lint
patrickcping Nov 7, 2024
84ab8d2
doc updates
patrickcping Nov 7, 2024
4c24eab
update policy tests
patrickcping Nov 7, 2024
3c6d605
add repetition source to attribute
patrickcping Nov 7, 2024
b6e5f74
testing fixes
patrickcping Nov 7, 2024
3200f9f
Merge branch 'main' into 846-pingone-authorize-trust-framework
patrickcping Nov 15, 2024
91b49fe
realign data types
patrickcping Nov 15, 2024
463f6f4
realign data types
patrickcping Nov 15, 2024
7431429
Merge branch 'main' into 846-pingone-authorize-trust-framework
patrickcping Nov 18, 2024
a152ef7
adjustment to schema to align with validation
patrickcping Dec 16, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions .changelog/919.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
```release-note:new-resource
pingone_authorize_policy_management_policy
```

```release-note:new-resource
pingone_authorize_policy_management_rule
```

```release-note:new-resource
pingone_authorize_policy_management_statement
```

```release-note:new-resource
pingone_authorize_trust_framework_attribute
```

```release-note:new-resource
pingone_authorize_trust_framework_condition
```

```release-note:new-resource
pingone_authorize_trust_framework_processor
```

```release-note:new-resource
pingone_authorize_trust_framework_service
```
473 changes: 473 additions & 0 deletions docs/resources/authorize_policy_management_policy.md

Large diffs are not rendered by default.

761 changes: 761 additions & 0 deletions docs/resources/authorize_policy_management_rule.md

Large diffs are not rendered by default.

62 changes: 62 additions & 0 deletions docs/resources/authorize_policy_management_statement.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
page_title: "pingone_authorize_policy_management_statement Resource - terraform-provider-pingone"
subcategory: "Authorize"
description: |-
Resource to create and manage an authorization statement for the PingOne Authorize Policy Manager in a PingOne environment.
---

# pingone_authorize_policy_management_statement (Resource)

Resource to create and manage an authorization statement for the PingOne Authorize Policy Manager in a PingOne environment.

## Example Usage

```terraform
resource "pingone_environment" "my_environment" {
# ...
}

resource "pingone_authorize_policy_management_statement" "my_awesome_policy_statement" {
environment_id = pingone_environment.my_environment.id

# ...
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `applies_if` (String) A string that specifies when to attach a final decision. Options are `ANYTHING`, `FINAL_DECISION_MATCHES`, `PATH_MATCHES`.
- `applies_to` (String) A string that specifies what result the statement applies to. Options are `ANYTHING`, `DENY`, `INDETERMINATE`, `PERMIT`, `PERMIT_OR_DENY`.
- `attributes` (Attributes List) An list of objects that specify configuration settings for the authorization attributes to attach to the statement. (see [below for nested schema](#nestedatt--attributes))
- `code` (String) A string that specifies the statement code.
- `environment_id` (String) The ID of the environment to configure the Authorize editor statement in. Must be a valid PingOne resource ID. This field is immutable and will trigger a replace plan if changed.
- `name` (String) A string that specifies a unique name for the authorization statement.
- `payload` (String) A string that specifies the statement payload.

### Optional

- `description` (String) A string that specifies a description to apply to the resource statement.
- `obligatory` (Boolean) A boolean that specifies whether the statement must be fulfilled as a condition of authorizing the decision request. Defaults to `false`.

### Read-Only

- `id` (String) The ID of this resource.
- `version` (String) A string that describes a random ID generated by the system for concurrency control purposes.

<a id="nestedatt--attributes"></a>
### Nested Schema for `attributes`

Required:

- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework. Must be a valid PingOne resource ID.

## Import

Import is supported using the following syntax, where attributes in `<>` brackets are replaced with the relevant ID. For example, `<environment_id>` should be replaced with the ID of the environment to import from.

```shell
terraform import pingone_authorize_policy_management_statement.example <environment_id>/<authorization_statement_id>
```
718 changes: 718 additions & 0 deletions docs/resources/authorize_trust_framework_attribute.md

Large diffs are not rendered by default.

447 changes: 447 additions & 0 deletions docs/resources/authorize_trust_framework_condition.md

Large diffs are not rendered by default.

196 changes: 196 additions & 0 deletions docs/resources/authorize_trust_framework_processor.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
---
page_title: "pingone_authorize_trust_framework_processor Resource - terraform-provider-pingone"
subcategory: "Authorize"
description: |-
Resource to create and manage an authorization processor for the PingOne Authorize Trust Framework in a PingOne environment.
---

# pingone_authorize_trust_framework_processor (Resource)

Resource to create and manage an authorization processor for the PingOne Authorize Trust Framework in a PingOne environment.

## Example Usage

```terraform
resource "pingone_environment" "my_environment" {
# ...
}

resource "pingone_authorize_trust_framework_processor" "my_awesome_processor" {
environment_id = pingone_environment.my_environment.id
name = "Account Number"
description = "My awesome Account Number processor"

processor = {
name = "Extract Account Number"
type = "JSON_PATH"

expression = "$.accountNo"
value_type = {
type = "STRING"
}
}
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `environment_id` (String) The ID of the environment to configure the Authorize editor processor in. Must be a valid PingOne resource ID. This field is immutable and will trigger a replace plan if changed.
- `name` (String) A string that specifies a user-friendly name to apply to the authorization processor. The value must be unique.
- `processor` (Attributes) An object that specifies configuration settings for the authorization processor. (see [below for nested schema](#nestedatt--processor))

### Optional

- `parent` (Attributes) An object that specifies configuration settings for the processor resource's parent. (see [below for nested schema](#nestedatt--parent))

### Read-Only

- `full_name` (String) A string that describes a unique name generated by the system for each authorization processor resource. It is the concatenation of names in the processor resource hierarchy.
- `id` (String) The ID of this resource.
- `type` (String) A string that describes the resource type. Options are `PROCESSOR`.
- `version` (String) A string that describes a random ID generated by the system for concurrency control purposes.

<a id="nestedatt--processor"></a>
### Nested Schema for `processor`

Required:

- `name` (String) A user-friendly authorization processor name. The value must be unique.
- `type` (String) A string that specifies the processor type. Options are `CHAIN`, `COLLECTION_FILTER`, `COLLECTION_TRANSFORM`, `JSON_PATH`, `REFERENCE`, `SPEL`, `XPATH`.

Optional:

- `expression` (String) A string that specifies the expression to use. If the `type` is `JSON_PATH`, the expression should be a valid JSON path expression, if the `type` is `SPEL`, the expression should be a valid SpEL expression and if the `type` is `XPATH`, the expression should be a valid XPath expression. This field is required when `type` is `JSON_PATH`, `SPEL` or `XPATH`.
- `predicate` (Attributes) This field is required when `type` is `COLLECTION_FILTER`. (see [below for nested schema](#nestedatt--processor--predicate))
- `processor` (Attributes) This field is required when `type` is `COLLECTION_TRANSFORM`. (see [below for nested schema](#nestedatt--processor--processor))
- `processor_ref` (Attributes) An object that specifies configuration settings for the authorization processor to reference. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--processor--processor_ref))
- `processors` (Attributes List) The list of processors to apply in the given order. This field is required when `type` is `CHAIN`. (see [below for nested schema](#nestedatt--processor--processors))
- `value_type` (Attributes) An object that specifies the output type of the value. This field is required when `type` is `JSON_PATH`, `SPEL` or `XPATH`. (see [below for nested schema](#nestedatt--processor--value_type))

<a id="nestedatt--processor--predicate"></a>
### Nested Schema for `processor.predicate`

Required:

- `name` (String) A user-friendly authorization processor name. The value must be unique.
- `type` (String) A string that specifies the processor type. Options are `JSON_PATH`, `REFERENCE`, `SPEL`, `XPATH`.

Optional:

- `expression` (String) A string that specifies the expression to use. If the `type` is `JSON_PATH`, the expression should be a valid JSON path expression, if the `type` is `SPEL`, the expression should be a valid SpEL expression and if the `type` is `XPATH`, the expression should be a valid XPath expression. This field is required when `type` is `JSON_PATH`, `SPEL` or `XPATH`.
- `processor_ref` (Attributes) An object that specifies configuration settings for the authorization processor to reference. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--processor--predicate--processor_ref))
- `value_type` (Attributes) An object that specifies the output type of the value. This field is required when `type` is `JSON_PATH`, `SPEL` or `XPATH`. (see [below for nested schema](#nestedatt--processor--predicate--value_type))

<a id="nestedatt--processor--predicate--processor_ref"></a>
### Nested Schema for `processor.predicate.processor_ref`

Required:

- `id` (String) A string that specifies the ID of the authorization processor in the trust framework. Must be a valid PingOne resource ID.


<a id="nestedatt--processor--predicate--value_type"></a>
### Nested Schema for `processor.predicate.value_type`

Required:

- `type` (String) A string that specifies the type of the value. Options are `BOOLEAN`, `COLLECTION`, `DATE_TIME`, `DURATION`, `JSON`, `LOCAL_DATE`, `LOCAL_DATE_TIME`, `LOCAL_TIME`, `NUMBER`, `PERIOD`, `STRING`, `TIME_PERIOD`, `XML`, `ZONED_DATE_TIME`. Must be `BOOLEAN` when the processor type (`processor.type`) is `COLLECTION_FILTER`



<a id="nestedatt--processor--processor"></a>
### Nested Schema for `processor.processor`

Required:

- `name` (String) A user-friendly authorization processor name. The value must be unique.
- `type` (String) A string that specifies the processor type. Options are `JSON_PATH`, `REFERENCE`, `SPEL`, `XPATH`.

Optional:

- `expression` (String) A string that specifies the expression to use. If the `type` is `JSON_PATH`, the expression should be a valid JSON path expression, if the `type` is `SPEL`, the expression should be a valid SpEL expression and if the `type` is `XPATH`, the expression should be a valid XPath expression. This field is required when `type` is `JSON_PATH`, `SPEL` or `XPATH`.
- `processor_ref` (Attributes) An object that specifies configuration settings for the authorization processor to reference. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--processor--processor--processor_ref))
- `value_type` (Attributes) An object that specifies the output type of the value. This field is required when `type` is `JSON_PATH`, `SPEL` or `XPATH`. (see [below for nested schema](#nestedatt--processor--processor--value_type))

<a id="nestedatt--processor--processor--processor_ref"></a>
### Nested Schema for `processor.processor.processor_ref`

Required:

- `id` (String) A string that specifies the ID of the authorization processor in the trust framework. Must be a valid PingOne resource ID.


<a id="nestedatt--processor--processor--value_type"></a>
### Nested Schema for `processor.processor.value_type`

Required:

- `type` (String) A string that specifies the type of the value. Options are `BOOLEAN`, `COLLECTION`, `DATE_TIME`, `DURATION`, `JSON`, `LOCAL_DATE`, `LOCAL_DATE_TIME`, `LOCAL_TIME`, `NUMBER`, `PERIOD`, `STRING`, `TIME_PERIOD`, `XML`, `ZONED_DATE_TIME`. Must be `BOOLEAN` when the processor type (`processor.type`) is `COLLECTION_FILTER`



<a id="nestedatt--processor--processor_ref"></a>
### Nested Schema for `processor.processor_ref`

Required:

- `id` (String) A string that specifies the ID of the authorization processor in the trust framework. Must be a valid PingOne resource ID.


<a id="nestedatt--processor--processors"></a>
### Nested Schema for `processor.processors`

Required:

- `name` (String) A user-friendly authorization processor name. The value must be unique.
- `type` (String) A string that specifies the processor type. Options are `JSON_PATH`, `REFERENCE`, `SPEL`, `XPATH`.

Optional:

- `expression` (String) A string that specifies the expression to use. If the `type` is `JSON_PATH`, the expression should be a valid JSON path expression, if the `type` is `SPEL`, the expression should be a valid SpEL expression and if the `type` is `XPATH`, the expression should be a valid XPath expression. This field is required when `type` is `JSON_PATH`, `SPEL` or `XPATH`.
- `processor_ref` (Attributes) An object that specifies configuration settings for the authorization processor to reference. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--processor--processors--processor_ref))
- `value_type` (Attributes) An object that specifies the output type of the value. This field is required when `type` is `JSON_PATH`, `SPEL` or `XPATH`. (see [below for nested schema](#nestedatt--processor--processors--value_type))

<a id="nestedatt--processor--processors--processor_ref"></a>
### Nested Schema for `processor.processors.processor_ref`

Required:

- `id` (String) A string that specifies the ID of the authorization processor in the trust framework. Must be a valid PingOne resource ID.


<a id="nestedatt--processor--processors--value_type"></a>
### Nested Schema for `processor.processors.value_type`

Required:

- `type` (String) A string that specifies the type of the value. Options are `BOOLEAN`, `COLLECTION`, `DATE_TIME`, `DURATION`, `JSON`, `LOCAL_DATE`, `LOCAL_DATE_TIME`, `LOCAL_TIME`, `NUMBER`, `PERIOD`, `STRING`, `TIME_PERIOD`, `XML`, `ZONED_DATE_TIME`. Must be `BOOLEAN` when the processor type (`processor.type`) is `COLLECTION_FILTER`



<a id="nestedatt--processor--value_type"></a>
### Nested Schema for `processor.value_type`

Required:

- `type` (String) A string that specifies the type of the value. Options are `BOOLEAN`, `COLLECTION`, `DATE_TIME`, `DURATION`, `JSON`, `LOCAL_DATE`, `LOCAL_DATE_TIME`, `LOCAL_TIME`, `NUMBER`, `PERIOD`, `STRING`, `TIME_PERIOD`, `XML`, `ZONED_DATE_TIME`. Must be `BOOLEAN` when the processor type (`processor.type`) is `COLLECTION_FILTER`



<a id="nestedatt--parent"></a>
### Nested Schema for `parent`

Required:

- `id` (String) A string that specifies the ID of the parent resource. Must be a valid PingOne resource ID.

## Import

Import is supported using the following syntax, where attributes in `<>` brackets are replaced with the relevant ID. For example, `<environment_id>` should be replaced with the ID of the environment to import from.

```shell
terraform import pingone_authorize_trust_framework_processor.example <environment_id>/<authorization_processor_id>
```
Loading