CNAPP-11967-RBAC-NewSRLSupport

dome9 · Sep 16, 2024 · 4f4ea7a · 4f4ea7a
1 parent ecdf762
commit 4f4ea7a
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 58 deletions.
diff --git a/examples/role/main.tf b/examples/role/main.tf
@@ -1,40 +1,49 @@
-resource "dome9_role" "role_rs" {
-  name        = "ROLE_NAME"
-  description = "ROLE_DESC"
-  access {
-    type              = "AWS"
-    main_id           = "MAIN_ID"
-    region            = "us_east_1"
-    security_group_id = "SECURITY_GROUP_ID"
-    traffic           = "All Traffic"
-  }
-  access {
-    type    = "OrganizationalUnit"
-    main_id = "00000000-0000-0000-0000-000000000000"
-  }
-
-  permit_notifications = false
-  permit_rulesets      = false
-  permit_policies      = false
-  permit_alert_actions = false
-  permit_on_boarding   = false
-  create               = []
-  cross_account_access = []
-}
-
-
-data "dome9_role" "data" {
-  id = "${dome9_role.role_rs.id}"
-}
-
-output "getId" {
-  value = "${data.dome9_role.data.id}"
-}
-
-output "getDescription" {
-  value = "${data.dome9_role.data.description}"
-}
-
-output "getItems" {
-  value = "${data.dome9_role.data.access}"
-}
+resource "dome9_role" "role_rs" {
+  name        = "ROLE_NAME"
+  description = "ROLE_DESC"
+  access {
+    type              = "AWS"
+    main_id           = "MAIN_ID"
+    region            = "us_east_1"
+    security_group_id = "SECURITY_GROUP_ID"
+    traffic           = "All Traffic"
+  }
+  access {
+    type    = "OrganizationalUnit"
+    main_id = "00000000-0000-0000-0000-000000000000"
+  }
+
+  manage {
+      type = "CodeSecurityResources"
+      main_id = "Member"
+    }
+
+  view {
+      type = "CloudGuardResources"
+  }
+
+  permit_notifications = false
+  permit_rulesets      = false
+  permit_policies      = false
+  permit_alert_actions = false
+  permit_on_boarding   = false
+  create               = []
+  cross_account_access = []
+}
+
+
+data "dome9_role" "data" {
+  id = "${dome9_role.role_rs.id}"
+}
+
+output "getId" {
+  value = "${data.dome9_role.data.id}"
+}
+
+output "getDescription" {
+  value = "${data.dome9_role.data.description}"
+}
+
+output "getItems" {
+  value = "${data.dome9_role.data.access}"
+}
diff --git a/vendor/github.com/dome9/dome9-sdk-go/services/cloudaccounts/azure_org/azure_org.go b/vendor/github.com/dome9/dome9-sdk-go/services/cloudaccounts/azure_org/azure_org.go
diff --git a/website/docs/d/role.html.markdown b/website/docs/d/role.html.markdown
@@ -8,7 +8,7 @@ description: |-
 
 # Data Source: dome9_role
 
-Use this data source to get information about a role in Dome9.
+Use this data source to get information about a role in CloudGuard.
 
 ## Example Usage
 
@@ -29,22 +29,22 @@ The following arguments are supported:
 
 In addition to all arguments above, the following attributes are exported:
 
-* `name` - (Required) Dome9 role name.
-* `description` - (Required) Dome9 role description. 
+* `name` - (Required) CloudGuard role name.
+* `description` - (Required) CloudGuard role description. 
 * `permit_rulesets` - Is permitted permit rulesets (Optional) .
 * `permit_notifications` - Is permitted permit notifications (Optional) .
 * `permit_policies` - Is permitted permit policies (Optional) .
 * `permit_alert_actions` - Is permitted permit alert actions (Optional) .
-* `permit_on_boarding` - Is permitted permit on boarding (Optional)  .
+* `permit_on_boarding` - Is permitted permit onboarding (Optional)  .
 * `cross_account_access` - (Optional) Cross account access.
 * `create` - (Optional) Create permission list.
 * `access` - (Optional) Access permission list ([SRL](#SRL) Type).
 * `view` - (Optional) View permission list ([SRL](#SRL) Type).
 * `manage` - (Optional) Manage permission list ([SRL](#SRL) Type).
 
 ### SRL 
-* `type` - (Optional) Accepted values: AWS, Azure, GCP, OrganizationalUnit.
-* `main_id` - (Optional) Cloud Account or Organizational Unit ID.
+* `type` - (Optional) Accepted values: AWS, Azure, GCP, OrganizationalUnit, CloudGuardResources, CodeSecurityResources.
+* `main_id` - (Optional) Cloud Account, Organizational Unit ID or CodeSecurity Access Level (Admin, Member).
 * `region` - (Optional) Accepted values: "us_east_1", "us_west_1", "eu_west_1", "ap_southeast_1", "ap_northeast_1", "us_west_2", "sa_east_1", "ap_southeast_2", "eu_central_1", "ap_northeast_2", "ap_south_1", "us_east_2", "ca_central_1", "eu_west_2", "eu_west_3", "eu_north_1", "ap_east_1", "me_south_1", "af_south_1", "eu_south_1", "ap_northeast_3", "me_central_1", "ap_south_2", "ap_southeast_3", "ap_southeast_4", "eu_central_2", "eu_south_2", "il_central_1", "ca_west_1".
 * `security_group_id` - (Optional) AWS Security Group ID.
 * `traffic` - (Optional) Accepted values: "All Traffic", "All Services".
diff --git a/website/docs/r/role.html.markdown b/website/docs/r/role.html.markdown
@@ -8,7 +8,7 @@ description: |-
 
 # dome9_role
 
-The Role resource is used to create and manage Dome9 roles. Roles are used to manage access permissions for Dome9 users.
+The Role resource is used to create and manage CloudGuard roles. Roles are used to manage access permissions for CloudGuard users.
 
 ## Example Usage
 
@@ -45,22 +45,22 @@ resource "dome9_role" "role_rs" {
 
 The following arguments are supported:
 
-* `name` - (Required) Dome9 role name.
-* `description` - (Required) Dome9 role description. 
+* `name` - (Required) CloudGuard role name.
+* `description` - (Required) CloudGuard role description. 
 * `permit_rulesets` - Is permitted permit rulesets (Optional) .
 * `permit_notifications` - Is permitted permit notifications (Optional) .
 * `permit_policies` - Is permitted permit policies (Optional) .
 * `permit_alert_actions` - Is permitted permit alert actions (Optional) .
-* `permit_on_boarding` - Is permitted permit on boarding (Optional)  .
+* `permit_on_boarding` - Is permitted permit onboarding (Optional)  .
 * `cross_account_access` - (Optional) Cross account access.
 * `create` - (Optional) Create permission list.
 * `access` - (Optional) Access permission list ([SRL](#SRL) Type).
 * `view` - (Optional) View permission list ([SRL](#SRL) Type).
 * `manage` - (Optional) Manage permission list ([SRL](#SRL) Type).
 
 ### SRL 
-* `type` - (Optional) Accepted values: AWS, Azure, GCP, OrganizationalUnit.
-* `main_id` - (Optional) Cloud Account or Organizational Unit ID.
+* `type` - (Optional) Accepted values: AWS, Azure, GCP, OrganizationalUnit, CloudGuardResources, CodeSecurityResources.
+* `main_id` - (Optional) Cloud Account, Organizational Unit ID or CodeSecurity Access Level (Admin, Member).
 * `region` - (Optional) Accepted values: "us_east_1", "us_west_1", "eu_west_1", "ap_southeast_1", "ap_northeast_1", "us_west_2", "sa_east_1", "ap_southeast_2", "eu_central_1", "ap_northeast_2", "ap_south_1", "us_east_2", "ca_central_1", "eu_west_2", "eu_west_3", "eu_north_1", "il_central_1", "ca_west_1".
 * `security_group_id` - (Optional) AWS Security Group ID.
 * `traffic` - (Optional) Accepted values: "All Traffic", "All Services".