opentdf · elizabethhealy · Jun 2, 2025 · May 29, 2025 · Jun 2, 2025 · Jun 2, 2025
@@ -0,0 +1,226 @@
+package cmd
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/evertras/bubble-table/table"
+	"github.com/opentdf/otdfctl/pkg/cli"
+	"github.com/opentdf/otdfctl/pkg/man"
+	"github.com/spf13/cobra"
+)
+
+var (
+	policy_resourceMappingGroupsCmd *cobra.Command
+)
+
+func policy_createResourceMappingGroup(cmd *cobra.Command, args []string) {
+	c := cli.New(cmd, args)
+	h := NewHandler(c)
+	defer h.Close()
+
+	nsId := c.Flags.GetRequiredID("namespace-id")
+	name := c.Flags.GetRequiredString("name")
+	metadataLabels = c.Flags.GetStringSlice("label", metadataLabels, cli.FlagsStringSliceOptions{Min: 0})
+
+	resourceMappingGroup, err := h.CreateResourceMappingGroup(nsId, name, getMetadataMutable(metadataLabels))
+	if err != nil {
+		cli.ExitWithError("Failed to create resource mapping", err)
+	}
+	rows := [][]string{
+		{"Id", resourceMappingGroup.GetId()},
+		{"Namespace ID", resourceMappingGroup.GetId()},
+		{"Group Name", resourceMappingGroup.GetName()},
+	}
+	if mdRows := getMetadataRows(resourceMappingGroup.GetMetadata()); mdRows != nil {
+		rows = append(rows, mdRows...)
+	}
+	t := cli.NewTabular(rows...)
+	HandleSuccess(cmd, resourceMappingGroup.GetId(), t, resourceMappingGroup)
+}
+
+func policy_getResourceMappingGroup(cmd *cobra.Command, args []string) {
+	c := cli.New(cmd, args)
+	h := NewHandler(c)
+	defer h.Close()
+
+	id := c.Flags.GetRequiredID("id")
+
+	resourceMappingGroup, err := h.GetResourceMappingGroup(id)
+	if err != nil {
+		cli.ExitWithError(fmt.Sprintf("Failed to get resource mapping (%s)", id), err)
+	}
+	rows := [][]string{
+		{"Id", resourceMappingGroup.GetId()},
+		{"Namespace ID", resourceMappingGroup.GetId()},
+		{"Group Name", resourceMappingGroup.GetName()},
+	}
+	if mdRows := getMetadataRows(resourceMappingGroup.GetMetadata()); mdRows != nil {
+		rows = append(rows, mdRows...)
+	}
+	t := cli.NewTabular(rows...)
+	HandleSuccess(cmd, resourceMappingGroup.GetId(), t, resourceMappingGroup)
+}
+
+func policy_listResourceMappingGroups(cmd *cobra.Command, args []string) {
+	c := cli.New(cmd, args)
+	h := NewHandler(c)
+	defer h.Close()
+
+	limit := c.Flags.GetRequiredInt32("limit")
+	offset := c.Flags.GetRequiredInt32("offset")
+
+	rmgList, page, err := h.ListResourceMappingGroups(cmd.Context(), limit, offset)
+	if err != nil {
+		cli.ExitWithError("Failed to list resource mappings", err)
+	}
+
+	t := cli.NewTable(
+		cli.NewUUIDColumn(),
+		table.NewFlexColumn("ns_id", "Namespace ID", cli.FlexColumnWidthFour),
+		table.NewFlexColumn("name", "Name", cli.FlexColumnWidthFour),
+		table.NewFlexColumn("labels", "Labels", cli.FlexColumnWidthOne),
+		table.NewFlexColumn("created_at", "Created At", cli.FlexColumnWidthOne),
+		table.NewFlexColumn("updated_at", "Updated At", cli.FlexColumnWidthOne),
+	)
+	rows := []table.Row{}
+	for _, rmg := range rmgList {
+		metadata := cli.ConstructMetadata(rmg.GetMetadata())
+		rows = append(rows, table.NewRow(table.RowData{
+			"id":         rmg.GetId(),
+			"ns_id":      rmg.GetNamespaceId(),
+			"name":       rmg.GetName(),
+			"labels":     metadata["Labels"],
+			"created_at": metadata["Created At"],
+			"updated_at": metadata["Updated At"],
+		}))
+	}
+	t = t.WithRows(rows)
+	t = cli.WithListPaginationFooter(t, page)
+	HandleSuccess(cmd, "", t, rmgList)
+}
+
+func policy_updateResourceMappingGroup(cmd *cobra.Command, args []string) {
+	c := cli.New(cmd, args)
+	h := NewHandler(c)
+	defer h.Close()
+
+	id := c.Flags.GetRequiredID("id")
+	nsId := c.Flags.GetRequiredID("namespace-id")
+	name := c.Flags.GetRequiredString("name")
+	metadataLabels = c.Flags.GetStringSlice("label", metadataLabels, cli.FlagsStringSliceOptions{Min: 0})
+
+	resourceMappingGroup, err := h.UpdateResourceMappingGroup(id, nsId, name, getMetadataMutable(metadataLabels), getMetadataUpdateBehavior())
+	if err != nil {
+		cli.ExitWithError(fmt.Sprintf("Failed to update resource mapping (%s)", id), err)
+	}
+	rows := [][]string{
+		{"Id", resourceMappingGroup.GetId()},
+		{"Namespace ID", resourceMappingGroup.GetId()},
+		{"Group Name", resourceMappingGroup.GetName()},
+	}
+	if mdRows := getMetadataRows(resourceMappingGroup.GetMetadata()); mdRows != nil {
+		rows = append(rows, mdRows...)
+	}
+	t := cli.NewTabular(rows...)
+	HandleSuccess(cmd, resourceMappingGroup.GetId(), t, resourceMappingGroup)
+}
+
+func policy_deleteResourceMappingGroup(cmd *cobra.Command, args []string) {
+	c := cli.New(cmd, args)
+	h := NewHandler(c)
+	defer h.Close()
+
+	id := c.Flags.GetRequiredID("id")
+	force := c.Flags.GetOptionalBool("force")
+
+	cli.ConfirmAction(cli.ActionDelete, "resource-mapping-group", id, force)
+
+	resourceMappingGroup, err := h.GetResourceMappingGroup(id)
+	if err != nil {
+		cli.ExitWithError(fmt.Sprintf("Failed to get resource mapping for delete (%s)", id), err)
+	}
+
+	_, err = h.DeleteResourceMappingGroup(id)
+	if err != nil {
+		cli.ExitWithError(fmt.Sprintf("Failed to delete resource mapping (%s)", id), err)
+	}
+	rows := [][]string{
+		{"Id", resourceMappingGroup.GetId()},
+		{"Namespace ID", resourceMappingGroup.GetId()},
+		{"Group Name", resourceMappingGroup.GetName()},
+	}
+	t := cli.NewTabular(rows...)
+	HandleSuccess(cmd, resourceMappingGroup.GetId(), t, resourceMappingGroup)
+}
+
+func init() {
+	createDoc := man.Docs.GetCommand("policy/resource-mapping-groups/create",
+		man.WithRun(policy_createResourceMappingGroup),
+	)
+	createDoc.Flags().String(
+		createDoc.GetDocFlag("namespace-id").Name,
+		createDoc.GetDocFlag("namespace-id").Default,
+		createDoc.GetDocFlag("namespace-id").Description,
+	)
+	createDoc.Flags().String(
+		createDoc.GetDocFlag("name").Name,
+		createDoc.GetDocFlag("name").Default,
+		createDoc.GetDocFlag("name").Description,
+	)
+	injectLabelFlags(&createDoc.Command, false)
+
+	getDoc := man.Docs.GetCommand("policy/resource-mapping-groups/get",
+		man.WithRun(policy_getResourceMappingGroup),
+	)
+	getDoc.Flags().String(
+		getDoc.GetDocFlag("id").Name,
+		getDoc.GetDocFlag("id").Default,
+		getDoc.GetDocFlag("id").Description,
+	)
+
+	listDoc := man.Docs.GetCommand("policy/resource-mapping-groups/list",
+		man.WithRun(policy_listResourceMappings),
+	)
+	injectListPaginationFlags(listDoc)
+
+	updateDoc := man.Docs.GetCommand("policy/resource-mapping-groups/update",
+		man.WithRun(policy_updateResourceMappingGroup),
+	)
+	updateDoc.Flags().String(
+		updateDoc.GetDocFlag("id").Name,
+		updateDoc.GetDocFlag("id").Default,
+		updateDoc.GetDocFlag("id").Description,
+	)
+	updateDoc.Flags().String(
+		updateDoc.GetDocFlag("namespace-id").Name,
+		updateDoc.GetDocFlag("namespace-id").Default,
+		updateDoc.GetDocFlag("namespace-id").Description,
+	)
+	updateDoc.Flags().String(
+		updateDoc.GetDocFlag("name").Name,
+		updateDoc.GetDocFlag("name").Default,
+		updateDoc.GetDocFlag("name").Description,
+	)
+	injectLabelFlags(&updateDoc.Command, true)
+
+	deleteDoc := man.Docs.GetCommand("policy/resource-mapping-groups/delete",
+		man.WithRun(policy_deleteResourceMappingGroup),
+	)
+	deleteDoc.Flags().String(
+		deleteDoc.GetDocFlag("id").Name,
+		deleteDoc.GetDocFlag("id").Default,
+		deleteDoc.GetDocFlag("id").Description,
+	)
+	deleteDoc.Flags().Bool(
+		deleteDoc.GetDocFlag("force").Name,
+		false,
+		deleteDoc.GetDocFlag("force").Description,
+	)
+
+	doc := man.Docs.GetCommand("policy/resource-mapping-groups",
+		man.WithSubcommands(createDoc, getDoc, listDoc, updateDoc, deleteDoc),
+	)
+	policy_resourceMappingGroupsCmd = &doc.Command
+	policyCmd.AddCommand(policy_resourceMappingGroupsCmd)
+}
@@ -22,12 +22,13 @@
 	defer h.Close()
 
 	attrId := c.Flags.GetRequiredID("attribute-value-id")
+	grpId := c.Flags.GetOptionalID("group-id")
 	terms = c.Flags.GetStringSlice("terms", terms, cli.FlagsStringSliceOptions{
 		Min: 1,
 	})
 	metadataLabels = c.Flags.GetStringSlice("label", metadataLabels, cli.FlagsStringSliceOptions{Min: 0})
 
-	resourceMapping, err := h.CreateResourceMapping(attrId, terms, getMetadataMutable(metadataLabels))
+	resourceMapping, err := h.CreateResourceMapping(attrId, terms, grpId, getMetadataMutable(metadataLabels))
 	if err != nil {
 		cli.ExitWithError("Failed to create resource mapping", err)
 	}
@@ -36,6 +37,8 @@
 		{"Attribute Value Id", resourceMapping.GetAttributeValue().GetId()},
 		{"Attribute Value", resourceMapping.GetAttributeValue().GetValue()},
 		{"Terms", strings.Join(resourceMapping.GetTerms(), ", ")},
+		{"Group ID", resourceMapping.GetGroup().GetId()},
+		{"Group Name", resourceMapping.GetGroup().GetName()},
 	}
 	if mdRows := getMetadataRows(resourceMapping.GetMetadata()); mdRows != nil {
 		rows = append(rows, mdRows...)
@@ -60,6 +63,8 @@
 		{"Attribute Value Id", resourceMapping.GetAttributeValue().GetId()},
 		{"Attribute Value", resourceMapping.GetAttributeValue().GetValue()},
 		{"Terms", strings.Join(resourceMapping.GetTerms(), ", ")},
+		{"Group ID", resourceMapping.GetGroup().GetId()},
+		{"Group Name", resourceMapping.GetGroup().GetName()},
 	}
 	if mdRows := getMetadataRows(resourceMapping.GetMetadata()); mdRows != nil {
 		rows = append(rows, mdRows...)
@@ -86,6 +91,8 @@
 		table.NewFlexColumn("attr_value_id", "Attribute Value Id", cli.FlexColumnWidthFour),
 		table.NewFlexColumn("attr_value", "Attribute Value", cli.FlexColumnWidthFour),
 		table.NewFlexColumn("terms", "Terms", cli.FlexColumnWidthThree),
+		table.NewFlexColumn("group_id", "Group Id", cli.FlexColumnWidthFour),
+		table.NewFlexColumn("group_name", "Group Name", cli.FlexColumnWidthFour),
 		table.NewFlexColumn("labels", "Labels", cli.FlexColumnWidthOne),
 		table.NewFlexColumn("created_at", "Created At", cli.FlexColumnWidthOne),
 		table.NewFlexColumn("updated_at", "Updated At", cli.FlexColumnWidthOne),
@@ -97,6 +104,8 @@
 			"id":            resourceMapping.GetId(),
 			"attr_value_id": resourceMapping.GetAttributeValue().GetId(),
 			"attr_value":    resourceMapping.GetAttributeValue().GetValue(),
+			"group_id":      resourceMapping.GetGroup().GetId(),
+			"group_name":    resourceMapping.GetGroup().GetName(),
 			"terms":         strings.Join(resourceMapping.GetTerms(), ", "),
 			"labels":        metadata["Labels"],
 			"created_at":    metadata["Created At"],
@@ -115,10 +124,11 @@
 
 	id := c.Flags.GetRequiredID("id")
 	attrValueId := c.Flags.GetOptionalID("attribute-value-id")
+	grpId := c.Flags.GetOptionalID("group-id")
 	terms = c.Flags.GetStringSlice("terms", terms, cli.FlagsStringSliceOptions{})
 	metadataLabels = c.Flags.GetStringSlice("label", metadataLabels, cli.FlagsStringSliceOptions{Min: 0})
 
-	resourceMapping, err := h.UpdateResourceMapping(id, attrValueId, terms, getMetadataMutable(metadataLabels), getMetadataUpdateBehavior())
+	resourceMapping, err := h.UpdateResourceMapping(id, attrValueId, grpId, terms, getMetadataMutable(metadataLabels), getMetadataUpdateBehavior())
 	if err != nil {
 		cli.ExitWithError(fmt.Sprintf("Failed to update resource mapping (%s)", id), err)
 	}
@@ -127,6 +137,8 @@
 		{"Attribute Value Id", resourceMapping.GetAttributeValue().GetId()},
 		{"Attribute Value", resourceMapping.GetAttributeValue().GetValue()},
 		{"Terms", strings.Join(resourceMapping.GetTerms(), ", ")},
+		{"Group ID", resourceMapping.GetGroup().GetId()},
+		{"Group Name", resourceMapping.GetGroup().GetName()},
 	}
 	if mdRows := getMetadataRows(resourceMapping.GetMetadata()); mdRows != nil {
 		rows = append(rows, mdRows...)
@@ -159,6 +171,8 @@
 		{"Attribute Value Id", resourceMapping.GetAttributeValue().GetId()},
 		{"Attribute Value", resourceMapping.GetAttributeValue().GetValue()},
 		{"Terms", strings.Join(resourceMapping.GetTerms(), ", ")},
+		{"Group ID", resourceMapping.GetGroup().GetId()},
+		{"Group Name", resourceMapping.GetGroup().GetName()},
 	}
 	t := cli.NewTabular(rows...)
 	HandleSuccess(cmd, resourceMapping.GetId(), t, resourceMapping)
@@ -179,6 +193,11 @@
 		[]string{},
 		createDoc.GetDocFlag("terms").Description,
 	)
+	createDoc.Flags().String(
+		createDoc.GetDocFlag("group-id").Name,
+		createDoc.GetDocFlag("group-id").Default,
+		createDoc.GetDocFlag("group-id").Description,
+	)
 	injectLabelFlags(&createDoc.Command, false)
 
 	getDoc := man.Docs.GetCommand("policy/resource-mappings/get",
@@ -214,6 +233,11 @@
 		[]string{},
 		updateDoc.GetDocFlag("terms").Description,
 	)
+	updateDoc.Flags().String(
+		updateDoc.GetDocFlag("group-id").Name,
+		updateDoc.GetDocFlag("group-id").Default,
+		updateDoc.GetDocFlag("group-id").Description,
+	)
 	injectLabelFlags(&updateDoc.Command, true)
 
 	deleteDoc := man.Docs.GetCommand("policy/resource-mappings/delete",

@@ -0,0 +1,11 @@
+---
+title: Manage resource mapping groups
+command:
+  name: resource-mapping-groups
+  aliases:
+    - resmg
+    - remapgrp
+    - resource-mapping-group
+---
+
+Resource mapping groups allow you to organize multiple resource mappings into logical collections. By grouping related resource mappings, you can manage sets of resources more efficiently. This is useful for scenarios where resources share common access controls or need to be managed together as a unit.
@@ -0,0 +1,30 @@
+---
+title: Create a resource mapping group
+command:
+  name: create
+  aliases:
+    - add
+    - new
+    - c
+  flags:
+    - name: namespace-id
+      description: The ID of the namesapce of the group
+      default: ''
+    - name: name
+      description: The name of the group
+      default: ''
+    - name: label
+      description: "Optional metadata 'labels' in the format: key=value"
+      shorthand: l
+      default: ''
+---
+
+Associate an attribute value with a set of plaintext string terms.
+
+For more information about resource mapping groups, see the `resource-mapping-groups` subcommand.
+
+## Examples
+
+```shell
+otdfctl policy resource-mapping-groups create --namespace-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --name my-group
+```
@@ -0,0 +1,19 @@
+---
+title: Delete a resource mapping group
+command:
+  name: delete
+  flags:
+    - name: id
+      description: The ID of the resource mapping group to delete
+      default: ''
+    - name: force
+      description: Force deletion without interactive confirmation (dangerous)
+---
+
+For more information about resource mapping groups, see the `resource-mapping-groups` subcommand.
+
+## Examples
+
+```shell
+otdfctl policy resource-mapping-groups delete --id=3ff446fb-8fb1-4c04-8023-47592c90370c
+```