document target kubernetes resources for custom policy

Vasundharashukla · Vasundharashukla · commit 28fe2d96532a · 2022-11-25T16:41:49.000+05:30
Signed-off-by: Vasundhara Shukla &lt;vasundharas@vmware.com&gt;
diff --git a/docs/index.md b/docs/index.md
@@ -54,11 +54,6 @@ provider "tanzu-mission-control" {
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
-
-- `endpoint` (String)
-- `vmw_cloud_api_token` (String, Sensitive)
-
 ### Optional
 
 - `ca_cert` (String, Sensitive)
@@ -67,5 +62,7 @@ provider "tanzu-mission-control" {
 - `client_auth_cert_file` (String)
 - `client_auth_key` (String, Sensitive)
 - `client_auth_key_file` (String)
+- `endpoint` (String)
 - `insecure_allow_unverified_ssl` (Boolean)
+- `vmw_cloud_api_token` (String, Sensitive)
 - `vmw_cloud_endpoint` (String)
diff --git a/docs/resources/custom_policy.md b/docs/resources/custom_policy.md
@@ -35,6 +35,34 @@ In addition to the direct policy defined for a given object, each object has inh
 The scope parameter is mandatory in the schema and the user needs to add one of the defined scopes to the script for the provider to function.
 Only one scope per resource is allowed.
 
+## Target Kubernetes Resources
+
+All the custom policy recipes contain a Kubernetes Resource spec that contains `api_groups` and `kind` as sub fields.
+These attributes are of the kind `[]string` which the policy API supports. In terraform, while declaring multiple
+`api_groups` and `kinds` under one block of `target_kubernetes_resources` is validated by the API but not reflected on the UI.
+For UI comparison with Terraform, one must add multiple blocks of `target_kubernetes_resources`, each containing a API Group and a Kind.
+
+Example:
+
+```
+target_kubernetes_resources {
+  api_groups = [
+    "apps",
+  ]
+  kinds = [
+    "Event",
+  ]
+}
+target_kubernetes_resources {
+  api_groups = [
+    "batch",
+  ]
+  kinds = [
+    "Pod",
+  ]
+}
+```
+
 ## Cluster scoped TMC-block-nodeport-service Custom Policy
 
 ### Example Usage
diff --git a/templates/resources/custom_policy.md.tmpl b/templates/resources/custom_policy.md.tmpl
@@ -35,6 +35,34 @@ In addition to the direct policy defined for a given object, each object has inh
 The scope parameter is mandatory in the schema and the user needs to add one of the defined scopes to the script for the provider to function.
 Only one scope per resource is allowed.
 
+## Target Kubernetes Resources
+
+All the custom policy recipes contain a Kubernetes Resource spec that contains `api_groups` and `kind` as sub fields.
+These attributes are of the kind `[]string` which the policy API supports. In terraform, while declaring multiple
+`api_groups` and `kinds` under one block of `target_kubernetes_resources` is validated by the API but not reflected on the UI.
+For UI comparison with Terraform, one must add multiple blocks of `target_kubernetes_resources`, each containing a API Group and a Kind.
+
+Example:
+
+```
+target_kubernetes_resources {
+  api_groups = [
+    "apps",
+  ]
+  kinds = [
+    "Event",
+  ]
+}
+target_kubernetes_resources {
+  api_groups = [
+    "batch",
+  ]
+  kinds = [
+    "Pod",
+  ]
+}
+```
+
 ## Cluster scoped TMC-block-nodeport-service Custom Policy
 
 ### Example Usage
