feat: add folder role assignment resource

Benjamin Ritter · l0wl3vel · commit dade9fac8ae3 · 2025-12-09T11:31:19.000+01:00
Signed-off-by: Benjamin Ritter &lt;benjamin.ritter@stackit.cloud&gt;
diff --git a/docs/resources/authorization_folder_role_assignment.md b/docs/resources/authorization_folder_role_assignment.md
@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_authorization_folder_role_assignment Resource - stackit"
+subcategory: ""
+description: |-
+  folder Role Assignment resource schema.
+  ~> This resource is part of the iam experiment and is likely going to undergo significant changes or be removed in the future. Use it at your own discretion.
+---
+
+# stackit_authorization_folder_role_assignment (Resource)
+
+folder Role Assignment resource schema.
+
+~> This resource is part of the iam experiment and is likely going to undergo significant changes or be removed in the future. Use it at your own discretion.
+
+## Example Usage
+
+```terraform
+resource "stackit_authorization_folder_role_assignment" "example" {
+  resource_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  role        = "owner"
+  subject     = "john.doe@stackit.cloud"
+}
+
+# Only use the import statement, if you want to import an existing folder role assignment
+import {
+  to = stackit_authorization_folder_role_assignment.import-example
+  id = "${var.folder_id},${var.folder_role_assignment_role},${var.folder_role_assignment_subject}"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `resource_id` (String) folder Resource to assign the role to.
+- `role` (String) Role to be assigned
+- `subject` (String) Identifier of user, service account or client. Usually email address or name in case of clients
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource identifier. It is structured as "[resource_id],[role],[subject]".
diff --git a/examples/resources/stackit_authorization_folder_role_assignment/resource.tf b/examples/resources/stackit_authorization_folder_role_assignment/resource.tf
@@ -0,0 +1,11 @@
+resource "stackit_authorization_folder_role_assignment" "example" {
+  resource_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  role        = "owner"
+  subject     = "john.doe@stackit.cloud"
+}
+
+# Only use the import statement, if you want to import an existing folder role assignment
+import {
+  to = stackit_authorization_folder_role_assignment.import-example
+  id = "${var.folder_id},${var.folder_role_assignment_role},${var.folder_role_assignment_subject}"
+}
diff --git a/stackit/internal/services/authorization/roleassignments/resource.go b/stackit/internal/services/authorization/roleassignments/resource.go
@@ -30,6 +30,7 @@ import (
 var roleTargets = []string{
 	"project",
 	"organization",
+	"folder",
 }
 
 // Ensure the implementation satisfies the expected interfaces.

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ import (`
`30`	`30`	`var roleTargets = []string{`
`31`	`31`	`"project",`
`32`	`32`	`"organization",`
	`33`	`+ "folder",`
`33`	`34`	`}`
`34`	`35`
`35`	`36`	`// Ensure the implementation satisfies the expected interfaces.`