Adds LDAP user and group policy attachment resources (#581)

docs/resources/iam_group_policy_attachment.md

@@ -17,7 +17,7 @@ resource "minio_iam_group" "developer" {
   name = "developer"
 }
 
-resource "minio_iam_group_policy" "test_policy" {
+resource "minio_iam_policy" "test_policy" {
   name   = "state-terraform-s3"
   policy = <<EOF
 {
@@ -51,14 +51,6 @@ output "minio_users" {
 output "minio_group" {
   value = minio_iam_group_policy_attachment.developer.policy_name
 }
-
-
-# Example using an LDAP Group instead of a static MinIO group
-
-resource "minio_iam_group_policy_attachment" "developer" {
-  user_name   = "OU=Unit,DC=example,DC=com"
-  policy_name = "${minio_iam_policy.test_policy.id}"
-}
 ```
 
 <!-- schema generated by tfplugindocs -->

docs/resources/iam_ldap_group_policy_attachment.md

@@ -0,0 +1,56 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "minio_iam_ldap_group_policy_attachment Resource - terraform-provider-minio"
+subcategory: ""
+description: |-
+  Attaches LDAP group to a policy. Can be used against both built-in and user-defined policies.
+---
+
+# minio_iam_ldap_group_policy_attachment (Resource)
+
+Attaches LDAP group to a policy. Can be used against both built-in and user-defined policies.
+
+## Example Usage
+
+```terraform
+resource "minio_iam_policy" "test_policy" {
+  name   = "state-terraform-s3"
+  policy = <<EOF
+{
+  "Version":"2012-10-17",
+  "Statement": [
+    {
+      "Sid":"ListAllBucket",
+      "Effect": "Allow",
+      "Action": ["s3:PutObject"],
+      "Principal":"*",
+      "Resource": "arn:aws:s3:::state-terraform-s3/*"
+    }
+  ]
+}
+EOF
+}
+
+resource "minio_iam_ldap_group_policy_attachment" "developer" {
+  group_dn    = "CN=terraform-user,OU=Unit,DC=example,DC=com"
+  policy_name = minio_iam_policy.test_policy.id
+}
+
+# Example using a builtin policy
+resource "minio_iam_ldap_group_policy_attachment" "admins" {
+  group_dn    = "CN=minioadmins-admins,OU=Unit,DC=example,DC=com"
+  policy_name = "consoleAdmin"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group_dn` (String) The distinguished name (dn) of group to attach policy to
+- `policy_name` (String) Name of policy to attach to group
+
+### Read-Only
+
+- `id` (String) The ID of this resource.

docs/resources/iam_ldap_user_policy_attachment.md

@@ -0,0 +1,56 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "minio_iam_ldap_user_policy_attachment Resource - terraform-provider-minio"
+subcategory: ""
+description: |-
+  Attaches LDAP user to a policy. Can be used against both built-in and user-defined policies.
+---
+
+# minio_iam_ldap_user_policy_attachment (Resource)
+
+Attaches LDAP user to a policy. Can be used against both built-in and user-defined policies.
+
+## Example Usage
+
+```terraform
+resource "minio_iam_policy" "test_policy" {
+  name   = "state-terraform-s3"
+  policy = <<EOF
+{
+  "Version":"2012-10-17",
+  "Statement": [
+    {
+      "Sid":"ListAllBucket",
+      "Effect": "Allow",
+      "Action": ["s3:PutObject"],
+      "Principal":"*",
+      "Resource": "arn:aws:s3:::state-terraform-s3/*"
+    }
+  ]
+}
+EOF
+}
+
+resource "minio_iam_ldap_user_policy_attachment" "developer" {
+  user_dn    = "CN=developer,OU=Unit,DC=example,DC=com"
+  policy_name = minio_iam_policy.test_policy.id
+}
+
+# Example using a builtin policy
+resource "minio_iam_ldap_user_policy_attachment" "admins" {
+  user_dn    = "CN=admin,OU=Unit,DC=example,DC=com"
+  policy_name = "consoleAdmin"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `policy_name` (String) Name of policy to attach to user
+- `user_dn` (String) The dn of user to attach policy to
+
+### Read-Only
+
+- `id` (String) The ID of this resource.

docs/resources/iam_user_policy_attachment.md

@@ -51,13 +51,6 @@ output "minio_users" {
 output "minio_group" {
   value = minio_iam_user_policy_attachment.developer.policy_name
 }
-
-# Example using an LDAP User instead of a static MinIO group
-
-resource "minio_iam_user_policy_attachment" "developer" {
-  user_name   = "CN=My User,OU=Unit,DC=example,DC=com"
-  policy_name = minio_iam_policy.test_policy.id
-}
 ```
 
 <!-- schema generated by tfplugindocs -->

examples/resources/minio_iam_group_policy_attachment/resource.tf

@@ -2,7 +2,7 @@ resource "minio_iam_group" "developer" {
   name = "developer"
 }
 
-resource "minio_iam_group_policy" "test_policy" {
+resource "minio_iam_policy" "test_policy" {
   name   = "state-terraform-s3"
   policy = <<EOF
 {
@@ -36,11 +36,3 @@ output "minio_users" {
 output "minio_group" {
   value = minio_iam_group_policy_attachment.developer.policy_name
 }
-
-
-# Example using an LDAP Group instead of a static MinIO group
-
-resource "minio_iam_group_policy_attachment" "developer" {
-  user_name   = "OU=Unit,DC=example,DC=com"
-  policy_name = "${minio_iam_policy.test_policy.id}"
-}

examples/resources/minio_iam_ldap_group_policy_attachment/resource.tf

@@ -0,0 +1,28 @@
+resource "minio_iam_policy" "test_policy" {
+  name   = "state-terraform-s3"
+  policy = <<EOF
+{
+  "Version":"2012-10-17",
+  "Statement": [
+    {
+      "Sid":"ListAllBucket",
+      "Effect": "Allow",
+      "Action": ["s3:PutObject"],
+      "Principal":"*",
+      "Resource": "arn:aws:s3:::state-terraform-s3/*"
+    }
+  ]
+}
+EOF
+}
+
+resource "minio_iam_ldap_group_policy_attachment" "developer" {
+  group_dn    = "CN=terraform-user,OU=Unit,DC=example,DC=com"
+  policy_name = minio_iam_policy.test_policy.id
+}
+
+# Example using a builtin policy
+resource "minio_iam_ldap_group_policy_attachment" "admins" {
+  group_dn    = "CN=minioadmins-admins,OU=Unit,DC=example,DC=com"
+  policy_name = "consoleAdmin"
+}

examples/resources/minio_iam_ldap_user_policy_attachment/resource.tf

@@ -0,0 +1,28 @@
+resource "minio_iam_policy" "test_policy" {
+  name   = "state-terraform-s3"
+  policy = <<EOF
+{
+  "Version":"2012-10-17",
+  "Statement": [
+    {
+      "Sid":"ListAllBucket",
+      "Effect": "Allow",
+      "Action": ["s3:PutObject"],
+      "Principal":"*",
+      "Resource": "arn:aws:s3:::state-terraform-s3/*"
+    }
+  ]
+}
+EOF
+}
+
+resource "minio_iam_ldap_user_policy_attachment" "developer" {
+  user_dn    = "CN=developer,OU=Unit,DC=example,DC=com"
+  policy_name = minio_iam_policy.test_policy.id
+}
+
+# Example using a builtin policy
+resource "minio_iam_ldap_user_policy_attachment" "admins" {
+  user_dn    = "CN=admin,OU=Unit,DC=example,DC=com"
+  policy_name = "consoleAdmin"
+}

examples/resources/minio_iam_user_policy_attachment/resource.tf

@@ -36,10 +36,3 @@ output "minio_users" {
 output "minio_group" {
   value = minio_iam_user_policy_attachment.developer.policy_name
 }
-
-# Example using an LDAP User instead of a static MinIO group
-
-resource "minio_iam_user_policy_attachment" "developer" {
-  user_name   = "CN=My User,OU=Unit,DC=example,DC=com"
-  policy_name = minio_iam_policy.test_policy.id
-}

minio/provider.go

@@ -144,6 +144,8 @@ func newProvider(envvarPrefixed ...string) *schema.Provider {
 			"minio_iam_user_policy_attachment":       resourceMinioIAMUserPolicyAttachment(),
 			"minio_iam_group_policy_attachment":      resourceMinioIAMGroupPolicyAttachment(),
 			"minio_iam_group_user_attachment":        resourceMinioIAMGroupUserAttachment(),
+			"minio_iam_ldap_group_policy_attachment": resourceMinioIAMLDAPGroupPolicyAttachment(),
+			"minio_iam_ldap_user_policy_attachment":  resourceMinioIAMLDAPUserPolicyAttachment(),
 			"minio_ilm_policy":                       resourceMinioILMPolicy(),
 			"minio_kms_key":                          resourceMinioKMSKey(),
 			"minio_ilm_tier":                         resourceMinioILMTier(),