feat(main): refactor actions within existing CLI policy object CRUD

docs/man/policy/attributes/create.md

@@ -41,17 +41,19 @@ and may contain hyphens and underscores between other alphanumeric characters.
 #### ANY_OF
 
 If an Attribute is defined with logical rule `ANY_OF`, an Entity who is mapped to `any` of the associated Values of the Attribute
-on TDF'd Resource Data will be Entitled.
+on TDF'd Resource Data will be Entitled to take the actions in the mapping.
 
 #### ALL_OF
 
 If an Attribute is defined with logical rule `ALL_OF`, an Entity must be mapped to `all` of the associated Values of the Attribute
-on TDF'd Resource Data to be Entitled.
+on TDF'd Resource Data to be Entitled to take the actions in the mapping.
 
 ### HIERARCHY
 
 If an Attribute is defined with logical rule `HIERARCHY`, an Entity must be mapped to the same level Value or a level above in hierarchy
-compared to a given Value on TDF'd Resource Data. Hierarchical values are considered highest at index 0 and lowest at the last index.
+compared to a given Value on TDF'd Resource Data. Hierarchical values are considered highest at index 0 and lowest at the last index. Actions
+propagate down through the hierarchy, so a mapping of a `read` action on the highest level Value on the Attribute will entitle the action
+to each hierarchically lower value, and so on.
 
 For more general information about attributes, see the `attributes` subcommand.
 

docs/man/policy/subject-mappings/_index.md

@@ -9,10 +9,11 @@ command:
     - subject-mapping
 ---
 
-As data is bound to fully qualified Attribute Values when encrypted within a TDF, Entities are entitled to Attribute Values through a mechanism called Subject Mappings.
+As data is bound to fully qualified Attribute Values when encrypted within a TDF, Entities are entitled to take actions on
+resources containing Attribute Values through a mechanism called Subject Mappings.
 
 A Subject Mapping (SM) is the relation of a Subject Condition Set (SCS, see `subject-condition-sets` command)
-to an Attribute Value to determine a Subject's Entitlement to an Attribute Value.
+to an Attribute Value to determine a Subject's Entitlement to take various actions on an Attribute Value.
 
 Entities (Subjects, Users, Machines, etc.) are defined by a representation (Entity Representation) of their identity from an identity provider (idP).
 The OpenTDF Platform is not itself an idP, and it utilizes the OpenID Connect (OIDC) protocol as well as idP pluggability to rely upon an Entity store

docs/man/policy/subject-mappings/create.md

@@ -8,55 +8,47 @@ command:
     - c
   flags:
     - name: attribute-value-id
-      description: The ID of the attribute value to map to a subject set
+      description: The ID of the attribute value to map to a subject condition set
       shorthand: a
       required: true
-      default: ''
-    - name: action-standard
-      description: The standard action to map to a subject set
-      enum:
-        - DECRYPT
-        - TRANSMIT
-      shorthand: s
-      required: true
-      default: ''
-    - name: action-custom
-      description: The custom action to map to a subject set
-      shorthand: c
-      required: false
-      default: ''
+    - name: action
+      description: Each 'id' or 'name' of an Action to be entitled (i.e. 'create', 'read', 'update', 'delete')
     - name: subject-condition-set-id
       description: Known preexisting Subject Condition Set Id
-      required: true
-      default: ''
     - name: subject-condition-set-new
       description: JSON array of Subject Sets to create a new Subject Condition Set associated with the created Subject Mapping
-      required: false
-      default: ''
     - name: label
       description: "Optional metadata 'labels' in the format: key=value"
       shorthand: l
-      default: ''
+    - name: action-standard
+      description: Deprecated. Migrated to '--action'.
+      shorthand: s
+    - name: action-custom
+      description: Deprecated. Migrated to '--action'.
+      shorthand: c
 ---
 
-The possible values for standard actions are DECRYPT and TRANSMIT.
+Create a Subject Mapping to entitle an entity (via existing or new Subject Condition Set) to action(s) on an Attribute Value.
+
+Subject Mappings may entitle actions with standard names ('create', 'read', 'update', 'delete'), custom names, or by their
+stored 'id' within policy.
 
-Create a Subject Mapping to entitle an entity (via existing or new Subject Condition Set) to an Attribute Value.
+For more information about actions, see the `actions` subcommand.
 
 For more information about subject mappings, see the `subject-mappings` subcommand.
 
 For more information about subject condition sets, see the `subject-condition-sets` subcommand.
 
 ## Examples
 
-Create a subject mapping linking to an existing subject condition set:
+Create a subject mapping for a 'read' action linking to an existing subject condition set:
 ```shell
-otdfctl policy subject-mapping create --attribute-value-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --action-standard DECRYPT --subject-condition-set-id 8dc98f65-5f0a-4444-bfd1-6a818dc7b447
+otdfctl policy subject-mapping create --attribute-value-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --action read --subject-condition-set-id 8dc98f65-5f0a-4444-bfd1-6a818dc7b447
 ```
 
-Or you can create a mapping that linked to a new subject condition set:
+Or you can create a mapping for 'read' or 'create' linking to a new subject condition set:
 ```shell
-otdfctl policy subject-mapping create --attribute-value-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --action-standard DECRYPT --subject-condition-set-new '[                                           
+otdfctl policy subject-mapping create --attribute-value-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --action create --action update --subject-condition-set-new '[                                           
   {
     "condition_groups": [
       {