Support adding Nested Access Lists as Members to Access Lists via Terraform.

[benarent]

What would you like Teleport to do?

We currently don't support adding Members to access lists. https://goteleport.com/docs/reference/terraform-provider/data-sources/access_list/

We have perviously said we don't support this, due to the required manager flow. Since we now support nested access lists. I think we should support them via IaC, especially due to the complexity of nested lists.

Please note that Access Lists can be managed via IaC but Access List memberships cannot. The goal of Access Lists is to decentralize granting and reviewing access.

# Company-Wide Access List
resource "teleport_access_list" "company_wide" {
  header = {
    version = "v1"
    metadata = {
      name = "company-wide"
      labels = {
        organization = "primary"
      }
    }
  }
  spec = {
    description = "Top-level company-wide access controls"
    title = "Company-Wide Access"
    
    ownership_requires = {
      roles = ["access"]
    }
    
    membership_requires = {
      roles = ["access"]
    }
    
    owners = [
      {
        name = "benarent"
        description = "Company admin"
      }
    ]

+    members = [
+      {
+        access_list = "SRE Team"
+        description = "SRE Team Access List"
+      }
+    ]
    
    grants = {
      roles = ["base-access"]
      traits = [{
        key    = "company-resources"
        values = ["internal-tools", "documentation"]
      }]
    }
    

  }
}

What problem does this solve?

If a workaround exists, please include it.