new resource to manage self-serve role members in Athenz (#134)

Signed-off-by: Abhijeet V <[email protected]>

Author: abvaidya

.gitignore

@@ -43,3 +43,5 @@ docker/sample/domain-admin/domain_admin_cert.pem
 docker/sample/domain-admin/domain_admin_key.pem
 
 manual-testing/
+.vscode/
+local.tfrc

CHANGELOG

@@ -1,3 +1,7 @@
+v1.0.47 Release / Jun 26, 2025
+------------------------------
+- Support for self-serve role membership
+
 v1.0.46 Release / Nov 21, 2024
 ------------------------------
 - Support notifyDetails attribute for athenz_role and athenz_group resources

athenz/provider.go

@@ -77,19 +77,20 @@ func Provider() *schema.Provider {
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
-			"athenz_role":             ResourceRole(),
-			"athenz_role_members":     ResourceRoleMembers(),
-			"athenz_role_meta":        ResourceRoleMeta(),
-			"athenz_group":            ResourceGroup(),
-			"athenz_group_members":    ResourceGroupMembers(),
-			"athenz_group_meta":       ResourceGroupMeta(),
-			"athenz_policy":           ResourcePolicy(),
-			"athenz_policy_version":   ResourcePolicyVersion(),
-			"athenz_service":          ResourceService(),
-			"athenz_sub_domain":       ResourceSubDomain(),
-			"athenz_user_domain":      ResourceUserDomain(),
-			"athenz_top_level_domain": ResourceTopLevelDomain(),
-			"athenz_domain_meta":      ResourceDomainMeta(),
+			"athenz_role":                    ResourceRole(),
+			"athenz_role_members":            ResourceRoleMembers(),
+			"athenz_self_serve_role_members": ResourceSelfServeRoleMembers(),
+			"athenz_role_meta":               ResourceRoleMeta(),
+			"athenz_group":                   ResourceGroup(),
+			"athenz_group_members":           ResourceGroupMembers(),
+			"athenz_group_meta":              ResourceGroupMeta(),
+			"athenz_policy":                  ResourcePolicy(),
+			"athenz_policy_version":          ResourcePolicyVersion(),
+			"athenz_service":                 ResourceService(),
+			"athenz_sub_domain":              ResourceSubDomain(),
+			"athenz_user_domain":             ResourceUserDomain(),
+			"athenz_top_level_domain":        ResourceTopLevelDomain(),
+			"athenz_domain_meta":             ResourceDomainMeta(),
 		},
 
 		ConfigureContextFunc: configProvider,

athenz/resource_group.go

@@ -35,7 +35,7 @@ func ResourceGroup() *schema.Resource {
 				Description:      "Name of the standard group role",
 				Required:         true,
 				ForceNew:         true,
-				ValidateDiagFunc: validatePatternFunc(ENTTITY_NAME),
+				ValidateDiagFunc: validatePatternFunc(ENTITY_NAME),
 			},
 			"members": {
 				Type:        schema.TypeSet,

athenz/resource_group_members.go

@@ -36,7 +36,7 @@ func ResourceGroupMembers() *schema.Resource {
 				Description:      "Name of the standard group role",
 				Required:         true,
 				ForceNew:         true,
-				ValidateDiagFunc: validatePatternFunc(ENTTITY_NAME),
+				ValidateDiagFunc: validatePatternFunc(ENTITY_NAME),
 			},
 			"member": {
 				Type:        schema.TypeSet,

athenz/resource_group_meta.go

@@ -3,6 +3,7 @@ package athenz
 import (
 	"context"
 	"errors"
+
 	"github.com/AthenZ/athenz/clients/go/zms"
 	"github.com/ardielle/ardielle-go/rdl"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -35,7 +36,7 @@ func ResourceGroupMeta() *schema.Resource {
 				Description:      "Name of the standard group",
 				Required:         true,
 				ForceNew:         true,
-				ValidateDiagFunc: validatePatternFunc(ENTTITY_NAME),
+				ValidateDiagFunc: validatePatternFunc(ENTITY_NAME),
 			},
 			"user_expiry_days": {
 				Type:         schema.TypeInt,

athenz/resource_group_test.go

@@ -2,7 +2,6 @@ package athenz
 
 import (
 	"fmt"
-	"github.com/ardielle/ardielle-go/rdl"
 	"log"
 	"os"
 	"reflect"
@@ -11,6 +10,8 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/ardielle/ardielle-go/rdl"
+
 	"github.com/stretchr/testify/assert"
 
 	"github.com/AthenZ/athenz/clients/go/zms"
@@ -460,7 +461,7 @@ func TestAccGroupInvalidResource(t *testing.T) {
 			},
 			{
 				Config:      testAccGroupInvalidGroupNameConfig(),
-				ExpectError: getPatternErrorRegex(ENTTITY_NAME),
+				ExpectError: getPatternErrorRegex(ENTITY_NAME),
 			},
 			{
 				Config:      testAccGroupInvalidMemberNameConfig(),

athenz/resource_policy.go

@@ -35,7 +35,7 @@ func ResourcePolicy() *schema.Resource {
 				Description:      "Name of the standard policy",
 				Required:         true,
 				ForceNew:         true,
-				ValidateDiagFunc: validatePatternFunc(ENTTITY_NAME),
+				ValidateDiagFunc: validatePatternFunc(ENTITY_NAME),
 			},
 			"assertion": resourceAssertionSchema(),
 			"audit_ref": {

athenz/resource_policy_test.go

@@ -233,7 +233,7 @@ func TestAccGroupPolicyInvalidResource(t *testing.T) {
 			},
 			{
 				Config:      testAccGroupPolicyInvalidPolicyNameConfig(),
-				ExpectError: getPatternErrorRegex(ENTTITY_NAME),
+				ExpectError: getPatternErrorRegex(ENTITY_NAME),
 			},
 			{
 				Config:      testAccGroupPolicyInvalidResourceNameConfig(),

athenz/resource_policy_version.go

@@ -34,7 +34,7 @@ func ResourcePolicyVersion() *schema.Resource {
 				Description:      "Name of the policy",
 				Required:         true,
 				ForceNew:         true,
-				ValidateDiagFunc: validatePatternFunc(ENTTITY_NAME),
+				ValidateDiagFunc: validatePatternFunc(ENTITY_NAME),
 			},
 			"active_version": {
 				Type:             schema.TypeString,