@ericSpence We will try to add a permission resource within the next few months. If that timeline is too far out, by all means, we welcome contributions to the repo and would be more than happy to review a PR and help out.

We also plan to address the issues in the API @kevin-sumo brought up so we can properly support the resource around the same time.

from terraform-provider-sumologic.

@marianomerlo we don't have support for permissions in the provider yet. You can use Permissions API api.sumologic.com/docs/#tag/contentPermissions. Not the same thing but that's what we have right now.

Hi @sumovishal, are there any plans to support the Permissions API in the near future?

from terraform-provider-sumologic.

@ericSpence

We previously attempted to provide a permissions resource, but ran into some issues with how the createdBy users' permissions were handled, which led to issues and confusion with the resource usage, so we ended up pulling this resource from the provider.

The permission API supports Add and Revoke methods, and in order to keep the permissions on the object in sync with the resource definition, the resource would first make a call to revoke all the permissions from the content and then make a follow up call to add the permissions defined within the resource. This meant that unless you specified the permissions (6 permissions that = "Manage") for the createdBy user as part of the definition the createdBy user would end up losing all their permissions to the content.

I think there are some backend discussions around some changes that may need to be made to the permissions API to properly support this resource. Just want to make sure you don't spend time on this only to run into the same issues.

from terraform-provider-sumologic.

Hi @seansain , @kevin-sumo, is Sumo Logic still working on the changes you mention here to the content permissions API and the terraform provider?

@ericSpence

We previously attempted to provide a permissions resource, but ran into some issues with how the createdBy users' permissions were handled, which led to issues and confusion with the resource usage, so we ended up pulling this resource from the provider.

The permission API supports Add and Revoke methods, and in order to keep the permissions on the object in sync with the resource definition, the resource would first make a call to revoke all the permissions from the content and then make a follow up call to add the permissions defined within the resource. This meant that unless you specified the permissions (6 permissions that = "Manage") for the createdBy user as part of the definition the createdBy user would end up losing all their permissions to the content.

I think there are some backend discussions around some changes that may need to be made to the permissions API to properly support this resource. Just want to make sure you don't spend time on this only to run into the same issues.

from terraform-provider-sumologic.

@marianomerlo we don't have support for permissions in the provider yet. You can use Permissions API https://api.sumologic.com/docs/#tag/contentPermissions. Not the same thing but that's what we have right now.

from terraform-provider-sumologic.

Hey, @sumovishal I know this is closed but, it's related to this.

Is there a way to obtain the Organization ID doing some data lookup? So I can output it and use it to do the share using the Permissions API you suggested?

from terraform-provider-sumologic.

@marianomerlo, unfortunately, I am not aware of any such method. You can try asking in our public Slack channel.

from terraform-provider-sumologic.

Would the team be open to the following work being done @sumovishal? I would be more than happy to take a stab at it.

Proposal: Implement Content Permissions via Permissions API

Background

The current state of Sumologic's terraform content share capability reduces the ability to use it meaningfully in a CICD pipeline. This limitation means that only the user whose credentials were applied will be able to view the created content unless someone goes in and manually edit the permissions (or runs a separate script that hits the permission API).

Proposal

Using the Content Permissions API create a new content permissions object allowing users to configure permissions on content. Phase one would only support setting permissions by roles as that is the only data source that exists. Adding support for the other source types will be as easy as adding the corresponding data elements.

Implementation

data "sumologic_personal_folder" "personalFolder" {}
data "sumologic_role" "role" { 
	name = "test-role"
}

data "sumologic_role" "admin_role" { 
	name = "admin-role"
}

resource "sumologic_content" "test_content" {
	parent_id = data.sumologic_personal_folder.personalFolder.id
	config = jsonencode({})
}

resource "sumologic_content_permission" "test_content_permission" {
	content_id = sumologic_content.test_content.id
	permission {
		permission_name = "View"
		source_type = "role"
		sourceId = data.sumologic_role.role.id
	}
	permission {
		permission_name = "GrantManage"
		source_type = "role"
		sourceId = data.sumologic_role.admin_role.id
	}
}

from terraform-provider-sumologic.

Permission resource was added in https://github.com/SumoLogic/terraform-provider-sumologic/releases/tag/v2.13.0 release.

from terraform-provider-sumologic.