access_monitoring_rules: Add spec.schedules (#59007)

* Extend access_monitoring_rules API

Spec now includes a schedules field

* Validate schedules

* Update terraform provider

* Remove duplicate test case

* Comment shift fields

* Address feedback

- Remove timezone configuration
- Use schedule map instead of list

Author: bernardjkim

api/gen/proto/go/teleport/accessmonitoringrules/v1/access_monitoring_rules.pb.go

@@ -67,6 +67,10 @@ message AccessMonitoringRuleSpec {
   // subjects, the desired_state may be set to `reviewed` to indicate that the
   // Access Request should be automatically reviewed.
   string desired_state = 7;
+
+  // schedules specifies a map of schedules that can be used to configure the
+  // access monitoring rule conditions.
+  map<string, Schedule> schedules = 8;
 }
 
 // Notification contains configurations for plugin notification rules.
@@ -87,6 +91,29 @@ message AutomaticReview {
   string decision = 2;
 }
 
+// Schedule specifies a schedule that can be used to configure rule conditions.
+message Schedule {
+  // TimeSchedule specifies an in-line schedule.
+  TimeSchedule time = 1;
+}
+
+// TimeSchedule specifies an in-line schedule.
+message TimeSchedule {
+  // Shifts contains a set of shifts that make up the schedule.
+  // Shifts are configured in UTC.
+  repeated Shift shifts = 1;
+
+  // Shift contains the weekday, start time, and end time of a shift.
+  message Shift {
+    // Weekday specifies the day of the week, e.g., "Sunday", "Monday", "Tuesday".
+    string weekday = 1;
+    // Start specifies the start time in the format HH:MM, e.g., "12:30".
+    string start = 2;
+    // End specifies the end time in the format HH:MM, e.g., "12:30".
+    string end = 3;
+  }
+}
+
 // CreateAccessMonitoringRuleRequest is the request for CreateAccessMonitoringRule.
 message CreateAccessMonitoringRuleRequest {
   // access_monitoring_rule is the specification of the rule to be created.

api/proto/teleport/accessmonitoringrules/v1/access_monitoring_rules.proto

@@ -46,6 +46,7 @@ Optional:
 - `condition` (String) condition is a predicate expression that operates on the specified subject resources, and determines whether the subject will be moved into desired state.
 - `desired_state` (String) desired_state defines the desired state of the subject. For Access Request subjects, the desired_state may be set to `reviewed` to indicate that the Access Request should be automatically reviewed.
 - `notification` (Attributes) notification defines the plugin configuration for notifications if rule is triggered. Both notification and automatic_review may be set within the same access_monitoring_rule. If both fields are set, the rule will trigger both notifications and automatic reviews for the same set of access events. Separate plugins may be used if both notifications and automatic_reviews is set. (see [below for nested schema](#nested-schema-for-specnotification))
+- `schedules` (Attributes Map) schedules specifies a map of schedules that can be used to configure the access monitoring rule conditions. (see [below for nested schema](#nested-schema-for-specschedules))
 - `states` (List of String) states are the desired state which the monitoring rule is attempting to bring the subjects matching the condition to.
 
 ### Nested Schema for `spec.automatic_review`
@@ -64,6 +65,29 @@ Optional:
 - `recipients` (List of String) recipients is the list of recipients the plugin should notify.
 
 
+### Nested Schema for `spec.schedules`
+
+Optional:
+
+- `time` (Attributes) TimeSchedule specifies an in-line schedule. (see [below for nested schema](#nested-schema-for-specschedulestime))
+
+### Nested Schema for `spec.schedules.time`
+
+Optional:
+
+- `shifts` (Attributes List) Shifts contains a set of shifts that make up the schedule. Shifts are configured in UTC. (see [below for nested schema](#nested-schema-for-specschedulestimeshifts))
+
+### Nested Schema for `spec.schedules.time.shifts`
+
+Optional:
+
+- `end` (String) End specifies the end time in the format HH:MM, e.g., "12:30".
+- `start` (String) Start specifies the start time in the format HH:MM, e.g., "12:30".
+- `weekday` (String) Weekday specifies the day of the week, e.g., "Sunday", "Monday", "Tuesday".
+
+
+
+
 
 ### Nested Schema for `metadata`
 

docs/pages/reference/infrastructure-as-code/terraform-provider/data-sources/access_monitoring_rule.mdx

@@ -68,6 +68,7 @@ Optional:
 - `condition` (String) condition is a predicate expression that operates on the specified subject resources, and determines whether the subject will be moved into desired state.
 - `desired_state` (String) desired_state defines the desired state of the subject. For Access Request subjects, the desired_state may be set to `reviewed` to indicate that the Access Request should be automatically reviewed.
 - `notification` (Attributes) notification defines the plugin configuration for notifications if rule is triggered. Both notification and automatic_review may be set within the same access_monitoring_rule. If both fields are set, the rule will trigger both notifications and automatic reviews for the same set of access events. Separate plugins may be used if both notifications and automatic_reviews is set. (see [below for nested schema](#nested-schema-for-specnotification))
+- `schedules` (Attributes Map) schedules specifies a map of schedules that can be used to configure the access monitoring rule conditions. (see [below for nested schema](#nested-schema-for-specschedules))
 - `states` (List of String) states are the desired state which the monitoring rule is attempting to bring the subjects matching the condition to.
 
 ### Nested Schema for `spec.automatic_review`
@@ -86,6 +87,29 @@ Optional:
 - `recipients` (List of String) recipients is the list of recipients the plugin should notify.
 
 
+### Nested Schema for `spec.schedules`
+
+Optional:
+
+- `time` (Attributes) TimeSchedule specifies an in-line schedule. (see [below for nested schema](#nested-schema-for-specschedulestime))
+
+### Nested Schema for `spec.schedules.time`
+
+Optional:
+
+- `shifts` (Attributes List) Shifts contains a set of shifts that make up the schedule. Shifts are configured in UTC. (see [below for nested schema](#nested-schema-for-specschedulestimeshifts))
+
+### Nested Schema for `spec.schedules.time.shifts`
+
+Optional:
+
+- `end` (String) End specifies the end time in the format HH:MM, e.g., "12:30".
+- `start` (String) Start specifies the start time in the format HH:MM, e.g., "12:30".
+- `weekday` (String) Weekday specifies the day of the week, e.g., "Sunday", "Monday", "Tuesday".
+
+
+
+
 
 ### Nested Schema for `metadata`