feat: Resource to create roles (#858)

docs/resources/directory_role.md

@@ -0,0 +1,73 @@
+---
+page_title: "btp_directory_role Resource - terraform-provider-btp"
+subcategory: ""
+description: |-
+  Creates a role in a directory.
+  Tip:
+  You must be assigned to the admin role of the global account or the directory.
+  Further documentation:
+  https://help.sap.com/docs/btp/sap-business-technology-platform/role-collections-and-roles-in-global-accounts-directories-and-subaccounts
+---
+
+# btp_directory_role (Resource)
+
+Creates a role in a directory.
+
+__Tip:__
+You must be assigned to the admin role of the global account or the directory.
+
+__Further documentation:__
+<https://help.sap.com/docs/btp/sap-business-technology-platform/role-collections-and-roles-in-global-accounts-directories-and-subaccounts>
+
+## Example Usage
+
+```terraform
+resource "btp_directory_role" "dirrole" {
+  directory_id       = "ddfc2206-5f11-48ed-a1ec-29010af70050"
+  name               = "DirUsageRepViewTest"
+  role_template_name = "Directory_Usage_Reporting_Viewer"
+  app_id             = "uas!b36585"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `app_id` (String) The ID of the xsuaa application.
+- `directory_id` (String) The ID of the directory.
+- `name` (String) The name of the role.
+- `role_template_name` (String) The name of the role template.
+
+### Optional
+
+- `description` (String) The role description.
+
+### Read-Only
+
+- `id` (String, Deprecated) The combined unique ID of the role.
+- `read_only` (Boolean) Shows whether the role can be modified or not.
+- `scopes` (Attributes List) Scopes available with this role. (see [below for nested schema](#nestedatt--scopes))
+
+<a id="nestedatt--scopes"></a>
+### Nested Schema for `scopes`
+
+Read-Only:
+
+- `custom_grant_as_authority_to_apps` (Set of String)
+- `custom_granted_apps` (Set of String)
+- `description` (String) The description of the scope.
+- `grant_as_authority_to_apps` (Set of String)
+- `granted_apps` (Set of String)
+- `name` (String) The name of the scope.
+
+## Import
+
+Import is supported using the following syntax:
+
+```terraform
+# terraform import btp_directory_role.<resource_name> '<directory_id>,<name>,<role_template_name>,<app_id>'
+
+terraform import btp_directory_role.directory_viewer '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f,Directory Viewer,Directory_Viewer,cis-central!b13'
+```

docs/resources/globalaccount_role.md

@@ -0,0 +1,57 @@
+---
+page_title: "btp_globalaccount_role Resource - terraform-provider-btp"
+subcategory: ""
+description: |-
+  Creates a role in a global account.
+  Tip:
+  You must be assigned to the admin role of the global account.
+  Further documentation:
+  https://help.sap.com/docs/btp/sap-business-technology-platform/role-collections-and-roles-in-global-accounts-directories-and-subaccounts
+---
+
+# btp_globalaccount_role (Resource)
+
+Creates a role in a global account.
+
+__Tip:__
+You must be assigned to the admin role of the global account.
+
+__Further documentation:__
+<https://help.sap.com/docs/btp/sap-business-technology-platform/role-collections-and-roles-in-global-accounts-directories-and-subaccounts>
+
+## Example Usage
+
+```terraform
+resource "btp_globalaccount_role" "xsuaa_admin" {
+  name               = "My Role"
+  role_template_name = "xsuaa_admin"
+  app_id             = "xsuaa!t1"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `app_id` (String) The ID of the xsuaa application.
+- `name` (String) The name of the role.
+- `role_template_name` (String) The name of the role template.
+
+### Optional
+
+- `description` (String) The role description.
+
+### Read-Only
+
+- `read_only` (Boolean) Shows whether the role can be modified or not.
+
+## Import
+
+Import is supported using the following syntax:
+
+```terraform
+# terraform import btp_globalaccount_role.<resource_name> '<name>,<role_template_name>,<app_id>'
+
+terraform import btp_globalaccount_role.globalaccount_auditor 'User and Role Auditor,xsuaa_auditor,xsuaa!t2'
+```

docs/resources/subaccount_role.md

@@ -0,0 +1,60 @@
+---
+page_title: "btp_subaccount_role Resource - terraform-provider-btp"
+subcategory: ""
+description: |-
+  Creates a role in a subaccount.
+  Tip:
+  You must be assigned to the admin role of the subaccount.
+  Further documentation:
+  https://help.sap.com/docs/btp/sap-business-technology-platform/role-collections-and-roles-in-global-accounts-directories-and-subaccounts
+---
+
+# btp_subaccount_role (Resource)
+
+Creates a role in a subaccount.
+
+__Tip:__
+You must be assigned to the admin role of the subaccount.		
+
+__Further documentation:__
+<https://help.sap.com/docs/btp/sap-business-technology-platform/role-collections-and-roles-in-global-accounts-directories-and-subaccounts>
+
+## Example Usage
+
+```terraform
+resource "btp_subaccount_role" "xsuaa_auditor" {
+  subaccount_id      = "6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f"
+  name               = "XSUAA Auditor"
+  role_template_name = "xsuaa_auditor"
+  app_id             = "xsuaa!t1"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `app_id` (String) The ID of the xsuaa application.
+- `name` (String) The name of the role.
+- `role_template_name` (String) The name of the role template.
+- `subaccount_id` (String) The ID of the subaccount.
+
+### Optional
+
+- `description` (String) The role description.
+
+### Read-Only
+
+- `id` (String, Deprecated) The combined unique ID of the role.
+- `read_only` (Boolean) Shows whether the role can be modified or not.
+
+## Import
+
+Import is supported using the following syntax:
+
+```terraform
+# terraform import btp_subaccount_role.<resource_name> '<subaccount_id>,<name>,<role_template_name>,<app_id>'
+
+terraform import btp_subaccount_role.subaccount_viewer '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f,Subaccount Viewer,Subaccount_Viewer,cis-local!b2'
+```

internal/btpcli/facade_security_role.go

@@ -2,6 +2,7 @@ package btpcli
 
 import (
 	"context"
+
 	"github.com/SAP/terraform-provider-btp/internal/tfutils"
 
 	"github.com/SAP/terraform-provider-btp/internal/btpcli/types/xsuaa_authz"
@@ -69,6 +70,7 @@ type DirectoryRoleCreateInput struct {
 	AppId            string `btpcli:"appId"`
 	RoleTemplateName string `btpcli:"roleTemplateName"`
 	DirectoryId      string `btpcli:"directory"`
+	Description      string `btpcli:"description"`
 }
 
 func (f *securityRoleFacade) CreateByDirectory(ctx context.Context, args *DirectoryRoleCreateInput) (xsuaa_authz.Role, CommandResponse, error) {
@@ -78,6 +80,11 @@ func (f *securityRoleFacade) CreateByDirectory(ctx context.Context, args *Direct
 		return xsuaa_authz.Role{}, CommandResponse{}, err
 	}
 
+	_, exist := params["description"]
+	if !exist {
+		params["description"] = ""
+	}
+
 	return doExecute[xsuaa_authz.Role](f.cliClient, ctx, NewCreateRequest(f.getCommand(), params))
 }
 
@@ -95,6 +102,7 @@ type SubaccountRoleCreateInput struct {
 	AppId            string `btpcli:"appId"`
 	RoleTemplateName string `btpcli:"roleTemplateName"`
 	SubaccountId     string `btpcli:"subaccount"`
+	Description      string `btpcli:"description"`
 }
 
 func (f *securityRoleFacade) CreateBySubaccount(ctx context.Context, args *SubaccountRoleCreateInput) (xsuaa_authz.Role, CommandResponse, error) {
@@ -104,6 +112,11 @@ func (f *securityRoleFacade) CreateBySubaccount(ctx context.Context, args *Subac
 		return xsuaa_authz.Role{}, CommandResponse{}, err
 	}
 
+	_, exist := params["description"]
+	if !exist {
+		params["description"] = ""
+	}
+
 	return doExecute[xsuaa_authz.Role](f.cliClient, ctx, NewCreateRequest(f.getCommand(), params))
 }
 
@@ -120,6 +133,7 @@ type GlobalAccountRoleCreateInput struct {
 	RoleName         string `btpcli:"roleName"`
 	AppId            string `btpcli:"appId"`
 	RoleTemplateName string `btpcli:"roleTemplateName"`
+	Description      string `btpcli:"description"`
 }
 
 func (f *securityRoleFacade) CreateByGlobalAccount(ctx context.Context, args *GlobalAccountRoleCreateInput) (xsuaa_authz.Role, CommandResponse, error) {
@@ -131,6 +145,11 @@ func (f *securityRoleFacade) CreateByGlobalAccount(ctx context.Context, args *Gl
 
 	params["globalAccount"] = f.cliClient.GetGlobalAccountSubdomain()
 
+	_, exist := params["description"]
+	if !exist {
+		params["description"] = ""
+	}
+
 	return doExecute[xsuaa_authz.Role](f.cliClient, ctx, NewCreateRequest(f.getCommand(), params))
 }
 

internal/btpcli/facade_security_role_test.go

@@ -285,6 +285,7 @@ func TestSecurityRoleFacade_CreateByDirectory(t *testing.T) {
 				"appId":            roleTemplateAppId,
 				"roleName":         roleName,
 				"roleTemplateName": roleTemplateName,
+				"description":      "",
 			})
 		}))
 		defer srv.Close()
@@ -321,6 +322,7 @@ func TestSecurityRoleFacade_CreateBySubaccount(t *testing.T) {
 				"appId":            roleTemplateAppId,
 				"roleName":         roleName,
 				"roleTemplateName": roleTemplateName,
+				"description":      "",
 			})
 		}))
 		defer srv.Close()
@@ -356,6 +358,7 @@ func TestSecurityRoleFacade_CreateByGlobalAccount(t *testing.T) {
 				"appId":            roleTemplateAppId,
 				"roleName":         roleName,
 				"roleTemplateName": roleTemplateName,
+				"description":      "",
 			})
 		}))
 		defer srv.Close()