Roles and Permission Management

The Shipa provider for Terraform allows you to manage both roles and permissions on Shipa directly from Terraform.

Creating Roles

terraform {
  required_providers {
    shipa = {
      version = "0.0.6"
      source = "shipa-corp/shipa"
    }
  }
}

provider "shipa" {
  host = "http://target.shipa.cloud:8080"
  token = "<your-shipa-token>"
}

resource "shipa_role" "role1" {
  name = "ShipaAdmin"
  context = "app"
  description = "test"
}

Component Definitions

Component

Description

Type

resource

shipa_role is Shipa's Terraform component for managing roles.

name

The name of the new role

Required: Yes

string

context

The context that should be bound to the new role

Required: Yes
Options:

  • team
  • app
  • global / organization
  • framework

string

description

Description for the newly created role

Required: No

string

Assigning Permissions to Roles

terraform {
  required_providers {
    shipa = {
      version = "0.0.6"
      source = "shipa.io/terraform/shipa"
    }
  }
}

provider "shipa" {}

resource "shipa_permission" "permission1" {
  name = "ShipaAdmin"
  permission = ["app.read",  "app.deploy"]
}

Component Definition

Component

Description

Type

resource

shipa_permission is Shipa's Terraform component for managing roles.

name

The name of the role to which permissions will be assigned to.

Required: Yes

string

permission

The permissions that should be assigned to the specified role.

You can find a list of available permissions by running the following command from your Shipa CLI:

shipa permission list

Required: Yes

string

Associating Roles to Users

terraform {
  required_providers {
    shipa = {
      version = "0.0.6"
      source = "shipa.io/terraform/shipa"
    }
  }
}

provider "shipa" {}

resource "shipa_role_association" "r1" {
  name = "ShipaAdmin"
  email = "[email protected]"
}

Component Definition

Component

Description

Type

resource

shipa_role_association is Shipa's Terraform component for associating existing roles to existing users.

name

The name of the existing role that will be associated to a user.

Required: Yes

string

email

The email of an existing Shipa user who will have the role associated to.

Required: Yes

string


Did this page help you?