rubrikinc
diff --git a/‎.github/workflows/release.yml
+1-1 b/‎.github/workflows/release.yml
+1-1
diff --git a/‎README.md
+2 b/‎README.md
+2
diff --git a/‎docs/data-sources/account.md
+48 b/‎docs/data-sources/account.md
+48
diff --git a/‎docs/data-sources/aws_account.md
+40 b/‎docs/data-sources/aws_account.md
+40
diff --git a/‎docs/data-sources/aws_archival_location.md
+11-9 b/‎docs/data-sources/aws_archival_location.md
+11-9
diff --git a/‎docs/data-sources/aws_cnp_artifacts.md
+98-6 b/‎docs/data-sources/aws_cnp_artifacts.md
+98-6
@@ -25,7 +25,7 @@ jobs:
       - name: Set up Go
         uses: actions/[email protected]
         with:
-          go-version: 1.21
+          go-version: 1.22
       - name: Import GPG key
         id: import_gpg
         uses: crazy-max/[email protected]
 
@@ -82,6 +82,7 @@ provider "polaris" {
 ##### Environment Variables for Local User Accounts
 When using a local user account the following environmental variables can be used to override the default local user
 account behaviour:
+* *RUBRIK_POLARIS_ACCOUNT_CREDENTIALS* — Overrides the content of the local user account file.
 * *RUBRIK_POLARIS_ACCOUNT_FILE* — Overrides the name and path of the file to read local user accounts from.
 * *RUBRIK_POLARIS_ACCOUNT_NAME* — Overrides the name of the local user account given to the credentials
 parameter in the provider configuration.
@@ -109,6 +110,7 @@ provider "polaris" {
 ##### Environment Variables for Service Accounts
 When using a service account the following environmental variables can be used to override the default service account
 behaviour:
+* *RUBRIK_POLARIS_SERVICEACCOUNT_CREDENTIALS* — Overrides the content of the service account credentials file.
 * *RUBRIK_POLARIS_SERVICEACCOUNT_FILE* — Overrides the name and path of the service account credentials file.
 * *RUBRIK_POLARIS_SERVICEACCOUNT_NAME* — Overrides the name of the service account.
 * *RUBRIK_POLARIS_SERVICEACCOUNT_CLIENTID* — Overrides the client id of the service account.
 
@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "polaris_account Data Source - terraform-provider-polaris"
+subcategory: ""
+description: |-
+  The polaris_account data source is used to access information about the RSC account.
+  -> Note: The fqdn and name fields are read from the local RSC credentials and
+     not from RSC.
+---
+
+# polaris_account (Data Source)
+
+The `polaris_account` data source is used to access information about the RSC account.
+
+-> **Note:** The `fqdn` and `name` fields are read from the local RSC credentials and
+   not from RSC.
+
+## Example Usage
+
+```terraform
+# Output the features enabled for the RSC account.
+data "polaris_account" "account" {}
+
+output "features" {
+  value = data.polaris_account.account.features
+}
+
+# Using the fqdn field from the deployment data source to create an Azure
+# AD application.
+data "polaris_deployment" "deployment" {}
+
+resource "azuread_application" "app" {
+  display_name = "Rubrik Security Cloud Integration"
+  web {
+    homepage_url = "https://${data.polaris_account.account.fqdn}/setup_azure"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `features` (Set of String) Features enabled for the RSC account.
+- `fqdn` (String) Fully qualified domain name of the RSC account.
+- `id` (String) SHA-256 hash of the features, the fully qualified domain name and the name.
+- `name` (String) RSC account name.
@@ -0,0 +1,40 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "polaris_aws_account Data Source - terraform-provider-polaris"
+subcategory: ""
+description: |-
+  The polaris_aws_account data source is used to access information about an AWS account
+  added to RSC. An AWS account is looked up using either the AWS account ID or the name.
+  -> Note: The account name is the name of the AWS account as it appears in RSC.
+---
+
+# polaris_aws_account (Data Source)
+
+The `polaris_aws_account` data source is used to access information about an AWS account
+added to RSC. An AWS account is looked up using either the AWS account ID or the name.
+
+-> **Note:** The account name is the name of the AWS account as it appears in RSC.
+
+## Example Usage
+
+```terraform
+data "polaris_aws_account" "example" {
+  name = "example"
+}
+
+output "example_aws_account" {
+  value = data.polaris_aws_account.example
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `account_id` (String) AWS account ID.
+- `name` (String) AWS account name.
+
+### Read-Only
+
+- `id` (String) RSC cloud account ID (UUID).
@@ -3,19 +3,21 @@
 page_title: "polaris_aws_archival_location Data Source - terraform-provider-polaris"
 subcategory: ""
 description: |-
-  
+  The polaris_aws_archival_location data source is used to access information about an
+  AWS archival location. An archival location is looked up using either the ID or the name.
 ---
 
 # polaris_aws_archival_location (Data Source)
 
-
+The `polaris_aws_archival_location` data source is used to access information about an
+AWS archival location. An archival location is looked up using either the ID or the name.
 
 ## Example Usage
 
 ```terraform
 # Using the archival location ID.
 data "polaris_aws_archival_location" "location" {
-  archival_location_id = "db34f042-79ea-48b1-bab8-c40dfbf2ab82"
+  id = "db34f042-79ea-48b1-bab8-c40dfbf2ab82"
 }
 
 # Using the name.
@@ -29,16 +31,16 @@ data "polaris_aws_archival_location" "location" {
 
 ### Optional
 
-- `archival_location_id` (String) ID of the archival location.
-- `name` (String) Name of the archival location.
+- `archival_location_id` (String, Deprecated) Cloud native archival location ID (UUID). **Deprecated:** use `id` instead.
+- `id` (String) Cloud native archival location ID (UUID).
+- `name` (String) Name of the cloud native archival location.
 
 ### Read-Only
 
-- `bucket_prefix` (String) AWS bucket prefix.
+- `bucket_prefix` (String) AWS bucket prefix. Note, `rubrik-` will always be prepended to the prefix.
 - `bucket_tags` (Map of String) AWS bucket tags.
 - `connection_status` (String) Connection status of the archival location.
-- `id` (String) The ID of this resource.
 - `kms_master_key` (String, Sensitive) AWS KMS master key alias/ID.
-- `location_template` (String) Location template. If a region was specified, it will be `SPECIFIC_REGION`, otherwise `SOURCE_REGION`.
+- `location_template` (String) RSC location template. If a region was specified, it will be `SPECIFIC_REGION`, otherwise `SOURCE_REGION`.
 - `region` (String) AWS region to store the snapshots in. If not specified, the snapshots will be stored in the same region as the workload.
-- `storage_class` (String) AWS bucket storage class.
+- `storage_class` (String) AWS bucket storage class. Possible values are `STANDARD`, `STANDARD_IA`, `ONEZONE_IA`, `GLACIER_INSTANT_RETRIEVAL`, `GLACIER_DEEP_ARCHIVE` and `GLACIER_FLEXIBLE_RETRIEVAL`. Default value is `STANDARD_IA`.
@@ -3,18 +3,110 @@
 page_title: "polaris_aws_cnp_artifacts Data Source - terraform-provider-polaris"
 subcategory: ""
 description: |-
-  
+  The polaris_aws_archival_location data source is used to access information about
+  instance profiles and roles required by RSC for a specified feature set.
+  Permission Groups
+  Following is a list of features and their applicable permission groups. These are used
+  when specifying the feature set.
+  CLOUDNATIVEARCHIVAL
+  BASIC - Represents the basic set of permissions required to onboard the feature.
+  CLOUDNATIVEPROTECTION
+  BASIC - Represents the basic set of permissions required to onboard the feature.EXPORT_AND_RESTORE - Represents the set of permissions required for export and
+  restore operations.FILE_LEVEL_RECOVERY - Represents the set of permissions required for file-level
+  recovery operations.SNAPSHOT_PRIVATE_ACCESS - Represents the set of permissions required for private
+  access to disk snapshots.
+  CLOUDNATIVES3_PROTECTION
+  BASIC - Represents the basic set of permissions required to onboard the feature.
+  EXOCOMPUTE
+  BASIC - Represents the basic set of permissions required to onboard the feature.PRIVATE_ENDPOINTS - Represents the set of permissions required for usage of private
+  endpoints.RSC_MANAGED_CLUSTER - Represents the set of permissions required for the Rubrik-
+  managed Exocompute cluster.
+  RDS_PROTECTION
+  BASIC - Represents the basic set of permissions required to onboard the feature.
+  -> Note: When permission groups are specified, the BASIC permission group must
+     always be included.
 ---
 
 # polaris_aws_cnp_artifacts (Data Source)
 
+The `polaris_aws_archival_location` data source is used to access information about
+instance profiles and roles required by RSC for a specified feature set.
 
+## Permission Groups
+Following is a list of features and their applicable permission groups. These are used
+when specifying the feature set.
+
+### CLOUD_NATIVE_ARCHIVAL
+  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
+
+### CLOUD_NATIVE_PROTECTION
+  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
+  * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and
+    restore operations.
+  * `FILE_LEVEL_RECOVERY` - Represents the set of permissions required for file-level
+    recovery operations.
+  * `SNAPSHOT_PRIVATE_ACCESS` - Represents the set of permissions required for private
+    access to disk snapshots.
+
+### CLOUD_NATIVE_S3_PROTECTION
+  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
+
+### EXOCOMPUTE
+  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
+  * `PRIVATE_ENDPOINTS` - Represents the set of permissions required for usage of private
+    endpoints.
+  * `RSC_MANAGED_CLUSTER` - Represents the set of permissions required for the Rubrik-
+    managed Exocompute cluster.
+
+### RDS_PROTECTION
+  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
+
+-> **Note:** When permission groups are specified, the `BASIC` permission group must
+   always be included.
 
 ## Example Usage
 
 ```terraform
+# Permission groups defaults to BASIC.
+data "polaris_aws_cnp_artifacts" "artifacts" {
+  feature {
+    name = "CLOUD_NATIVE_PROTECTION"
+  }
+}
+
+# Multiple permission groups. When permission groups are specified,
+# the BASIC permission group must always be included.
+data "polaris_aws_cnp_artifacts" "artifacts" {
+  feature {
+    name = "CLOUD_NATIVE_PROTECTION"
+
+    permission_groups = [
+      "BASIC",
+      "EXPORT_AND_RESTORE",
+      "FILE_LEVEL_RECOVERY",
+    ]
+  }
+}
+
+# Multiple features with permission groups.
 data "polaris_aws_cnp_artifacts" "artifacts" {
-  features = ["CLOUD_NATIVE_PROTECTION"]
+  feature {
+    name = "CLOUD_NATIVE_ARCHIVAL"
+
+    permission_groups = [
+      "BASIC",
+    ]
+  }
+
+  feature {
+    name = "CLOUD_NATIVE_PROTECTION"
+
+    permission_groups = [
+      "BASIC",
+      "EXPORT_AND_RESTORE",
+      "FILE_LEVEL_RECOVERY",
+    ]
+  }
 }
 ```
 
@@ -27,11 +119,11 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
 
 ### Optional
 
-- `cloud` (String) AWS cloud type.
+- `cloud` (String) AWS cloud type. Possible values are `STANDARD`, `CHINA` and `GOV`. Default value is `STANDARD`.
 
 ### Read-Only
 
-- `id` (String) The ID of this resource.
+- `id` (String) SHA-256 hash of the instance profile keys and the roleskeys.
 - `instance_profile_keys` (Set of String) Instance profile keys for the RSC features.
 - `role_keys` (Set of String) Role keys for the RSC features.
 
@@ -40,5 +132,5 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
 
 Required:
 
-- `name` (String) Feature name.
-- `permission_groups` (Set of String) Permission groups to assign to the feature.
+- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
+- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups.