update documentation

docs/data-sources/group.md

@@ -69,9 +69,9 @@ Read-Only:
 
 Read-Only:
 
-- `manage_all_containers` (Boolean)
+- `manage_all_containers` (Boolean) Ability to manage all S3 buckets or Swift containers for this tenant account (overrides permission settings in group or bucket policies). Supersedes the viewAllContainers permission
 - `manage_endpoints` (Boolean) Allows users to configure endpoints for platform services.
-- `manage_own_container_objects` (Boolean)
+- `manage_own_container_objects` (Boolean) Ability to use S3 Console to view and manage bucket objects
 - `manage_own_s3_credentials` (Boolean) Allows users to create and delete their own S3 access keys.
 - `root_access` (Boolean) Allows users to access all administration features. Root access permission supersedes all other permissions.
 - `view_all_containers` (Boolean) Allows users to view settings of all S3 buckets (or Swift containers) in this account. Superseded by the Manage all buckets permission. Applies to the Tenant Manager UI and API only and does not affect the permissions granted by an S3 group policy.

docs/data-sources/groups.md

@@ -31,8 +31,8 @@ Read-Only:
 
 - `account_id` (String)
 - `display_name` (String)
-- `federated` (Boolean)
-- `group_urn` (String)
+- `federated` (Boolean) True if the Group is federated, for example, an LDAP Group
+- `group_urn` (String) Contains the Group uniqueName and Account ID (generated automatically)
 - `id` (String)
 - `management_read_only` (Boolean)
 - `policies` (Attributes) (see [below for nested schema](#nestedatt--data--policies))
@@ -53,7 +53,7 @@ Read-Only:
 
 - `manage_all_containers` (Boolean) Allows users to change settings of all S3 buckets (or Swift containers) in this account. Supersedes the View all buckets permission. Applies to the Tenant Manager UI and API only and does not affect the permissions granted by an S3 group policy.
 - `manage_endpoints` (Boolean) Allows users to configure endpoints for platform services.
-- `manage_own_container_objects` (Boolean)
+- `manage_own_container_objects` (Boolean) Ability to use S3 Console to view and manage bucket objects
 - `manage_own_s3_credentials` (Boolean) Allows users to create and delete their own S3 access keys.
 - `root_access` (Boolean) Allows users to access all administration features. Root access permission supersedes all other permissions.
 - `view_all_containers` (Boolean) Allows users to view settings of all S3 buckets (or Swift containers) in this account. Superseded by the Manage all buckets permission. Applies to the Tenant Manager UI and API only and does not affect the permissions granted by an S3 group policy.

docs/resources/groups.md

@@ -29,8 +29,8 @@ Other LDAP: Identify the appropriate unique name value for the LDAP server.
 ### Optional
 
 - `account_id` (String)
-- `federated` (Boolean)
-- `group_urn` (String)
+- `federated` (Boolean) True if the Group is federated, for example, an LDAP Group
+- `group_urn` (String) Contains the Group uniqueName and Account ID (generated automatically)
 
 ### Read-Only
 

docs/resources/s3_access_key.md

@@ -17,17 +17,17 @@ Create S3 access and secret key pair for an user - a resource
 
 ### Required
 
-- `user_uuid` (String)
+- `user_uuid` (String) ID that uniquely identifies the user
 
 ### Optional
 
-- `expires` (String)
+- `expires` (String) The time after which the key pair will no longer be valid. Null means the key pair never expires.
 
 ### Read-Only
 
-- `access_key` (String)
-- `account_id` (String)
-- `display_name` (String)
-- `id` (String) The ID of this resource.
-- `secret_access_key` (String)
-- `user_urn` (String)
+- `access_key` (String) generated automatically (returned only when generated and otherwise omitted)
+- `account_id` (String) Storage Tenant Account ID
+- `display_name` (String) Obfuscated access key
+- `id` (String) A unique identifier for the S3 credential pair (automatically assigned when an access key is created)
+- `secret_access_key` (String) generated automatically (returned only when generated and otherwise omitted)
+- `user_urn` (String) Contains the user name and account ID (generated automatically)

docs/resources/users.md

@@ -17,8 +17,8 @@ Create a new user - a resource
 
 ### Required
 
-- `full_name` (String)
-- `member_of` (List of String)
+- `full_name` (String) The human-readable name for the User (required for local Users and imported automatically for federated Users)
+- `member_of` (List of String) Group memberships for this User (required for local Users and imported automatically for federated Users)
 - `unique_name` (String) The name this user will use to sign in. Usernames must be unique and cannot be changed.
 
 ### Optional
@@ -28,6 +28,6 @@ Create a new user - a resource
 ### Read-Only
 
 - `account_id` (String)
-- `federated` (Boolean)
+- `federated` (Boolean) True if the User is federated, for example, an LDAP User
 - `id` (String) The ID of this resource.
 - `user_urn` (String)

internal/provider/group_by_id_name_data_source.go

@@ -78,15 +78,15 @@ func (d *groupDataSource) Schema(ctx context.Context, req datasource.SchemaReque
 						Computed: true,
 						Attributes: map[string]schema.Attribute{
 							"manage_all_containers": schema.BoolAttribute{
-								Computed: true,
+								Computed:    true,
 								Description: "Ability to manage all S3 buckets or Swift containers for this tenant account (overrides permission settings in group or bucket policies). Supersedes the viewAllContainers permission",
 							},
 							"manage_endpoints": schema.BoolAttribute{
 								Computed:    true,
 								Description: "Allows users to configure endpoints for platform services.",
 							},
 							"manage_own_container_objects": schema.BoolAttribute{
-								Computed: true,
+								Computed:    true,
 								Description: "Ability to use S3 Console to view and manage bucket objects",
 							},
 							"manage_own_s3_credentials": schema.BoolAttribute{

internal/provider/groups_all_data_source.go

@@ -60,11 +60,11 @@ func (d *groupsDataSource) Schema(ctx context.Context, req datasource.SchemaRequ
 							Computed: true,
 						},
 						"group_urn": schema.StringAttribute{
-							Computed: true,
+							Computed:    true,
 							Description: "Contains the Group uniqueName and Account ID (generated automatically)",
 						},
 						"federated": schema.BoolAttribute{
-							Computed: true,
+							Computed:    true,
 							Description: "True if the Group is federated, for example, an LDAP Group",
 						},
 						"management_read_only": schema.BoolAttribute{
@@ -85,7 +85,7 @@ func (d *groupsDataSource) Schema(ctx context.Context, req datasource.SchemaRequ
 											Description: "Allows users to configure endpoints for platform services.",
 										},
 										"manage_own_container_objects": schema.BoolAttribute{
-											Computed: true,
+											Computed:    true,
 											Description: "Ability to use S3 Console to view and manage bucket objects",
 										},
 										"manage_own_s3_credentials": schema.BoolAttribute{

internal/provider/groups_resource.go

@@ -51,8 +51,8 @@ func (r *groupsResource) Schema(ctx context.Context, req resource.SchemaRequest,
 		MarkdownDescription: "Create new group - a resource",
 		Attributes: map[string]schema.Attribute{
 			"group_urn": schema.StringAttribute{
-				Optional: true,
-				Computed: true,
+				Optional:    true,
+				Computed:    true,
 				Description: "Contains the Group uniqueName and Account ID (generated automatically)",
 				PlanModifiers: []planmodifier.String{
 					stringplanmodifier.UseStateForUnknown(),

internal/provider/s3_keys_by_user_id_resource.go

@@ -43,28 +43,28 @@ func (r *s3AccessSecretKeyResource) Schema(ctx context.Context, req resource.Sch
 		MarkdownDescription: "Create S3 access and secret key pair for an user - a resource",
 		Attributes: map[string]schema.Attribute{
 			"user_uuid": schema.StringAttribute{
-				Required: true,
+				Required:    true,
 				Description: "ID that uniquely identifies the user",
 			},
 			"expires": schema.StringAttribute{
-				Optional: true,
-				Computed: true,
+				Optional:    true,
+				Computed:    true,
 				Description: "The time after which the key pair will no longer be valid. Null means the key pair never expires.",
 			},
 			"id": schema.StringAttribute{
-				Computed: true,
+				Computed:    true,
 				Description: "A unique identifier for the S3 credential pair (automatically assigned when an access key is created)",
 			},
 			"account_id": schema.StringAttribute{
-				Computed: true,
+				Computed:    true,
 				Description: "Storage Tenant Account ID",
 			},
 			"display_name": schema.StringAttribute{
-				Computed: true,
+				Computed:    true,
 				Description: "Obfuscated access key",
 			},
 			"user_urn": schema.StringAttribute{
-				Computed: true,
+				Computed:    true,
 				Description: "Contains the user name and account ID (generated automatically)",
 			},
 			"access_key": schema.StringAttribute{

internal/provider/users_resource.go

@@ -50,7 +50,7 @@ func (r *usersResource) Schema(ctx context.Context, req resource.SchemaRequest,
 				Description: "The name this user will use to sign in. Usernames must be unique and cannot be changed.",
 			},
 			fl_name: schema.StringAttribute{
-				Required: true,
+				Required:    true,
 				Description: "The human-readable name for the User (required for local Users and imported automatically for federated Users)",
 				Validators: []validator.String{
 					// Must contain at least 1 and no more than 128 characters
@@ -70,7 +70,7 @@ func (r *usersResource) Schema(ctx context.Context, req resource.SchemaRequest,
 				Required:    true,
 			},
 			"federated": schema.BoolAttribute{
-				Computed: true,
+				Computed:    true,
 				Description: "True if the User is federated, for example, an LDAP User",
 				PlanModifiers: []planmodifier.Bool{
 					boolplanmodifier.UseStateForUnknown(),