Comments (9)
@ericSpence We will try to add a permission resource within the next few months. If that timeline is too far out, by all means, we welcome contributions to the repo and would be more than happy to review a PR and help out.
We also plan to address the issues in the API @kevin-sumo brought up so we can properly support the resource around the same time.
from terraform-provider-sumologic.
@marianomerlo we don't have support for permissions in the provider yet. You can use Permissions API api.sumologic.com/docs/#tag/contentPermissions. Not the same thing but that's what we have right now.
Hi @sumovishal, are there any plans to support the Permissions API in the near future?
from terraform-provider-sumologic.
We previously attempted to provide a permissions resource, but ran into some issues with how the createdBy users' permissions were handled, which led to issues and confusion with the resource usage, so we ended up pulling this resource from the provider.
The permission API supports Add and Revoke methods, and in order to keep the permissions on the object in sync with the resource definition, the resource would first make a call to revoke all the permissions from the content and then make a follow up call to add the permissions defined within the resource. This meant that unless you specified the permissions (6 permissions that = "Manage") for the createdBy user as part of the definition the createdBy user would end up losing all their permissions to the content.
I think there are some backend discussions around some changes that may need to be made to the permissions API to properly support this resource. Just want to make sure you don't spend time on this only to run into the same issues.
from terraform-provider-sumologic.
Hi @seansain , @kevin-sumo, is Sumo Logic still working on the changes you mention here to the content permissions API and the terraform provider?
We previously attempted to provide a permissions resource, but ran into some issues with how the createdBy users' permissions were handled, which led to issues and confusion with the resource usage, so we ended up pulling this resource from the provider.
The permission API supports Add and Revoke methods, and in order to keep the permissions on the object in sync with the resource definition, the resource would first make a call to revoke all the permissions from the content and then make a follow up call to add the permissions defined within the resource. This meant that unless you specified the permissions (6 permissions that = "Manage") for the createdBy user as part of the definition the createdBy user would end up losing all their permissions to the content.
I think there are some backend discussions around some changes that may need to be made to the permissions API to properly support this resource. Just want to make sure you don't spend time on this only to run into the same issues.
from terraform-provider-sumologic.
@marianomerlo we don't have support for permissions in the provider yet. You can use Permissions API https://api.sumologic.com/docs/#tag/contentPermissions. Not the same thing but that's what we have right now.
from terraform-provider-sumologic.
Hey, @sumovishal I know this is closed but, it's related to this.
Is there a way to obtain the Organization ID doing some data lookup? So I can output it and use it to do the share using the Permissions API you suggested?
from terraform-provider-sumologic.
@marianomerlo, unfortunately, I am not aware of any such method. You can try asking in our public Slack channel.
from terraform-provider-sumologic.
Would the team be open to the following work being done @sumovishal? I would be more than happy to take a stab at it.
Proposal: Implement Content Permissions via Permissions API
Background
The current state of Sumologic's terraform content share capability reduces the ability to use it meaningfully in a CICD pipeline. This limitation means that only the user whose credentials were applied will be able to view the created content unless someone goes in and manually edit the permissions (or runs a separate script that hits the permission API).
Proposal
Using the Content Permissions API create a new content permissions object allowing users to configure permissions on content. Phase one would only support setting permissions by roles as that is the only data source that exists. Adding support for the other source types will be as easy as adding the corresponding data elements.
Implementation
data "sumologic_personal_folder" "personalFolder" {}
data "sumologic_role" "role" {
name = "test-role"
}
data "sumologic_role" "admin_role" {
name = "admin-role"
}
resource "sumologic_content" "test_content" {
parent_id = data.sumologic_personal_folder.personalFolder.id
config = jsonencode({})
}
resource "sumologic_content_permission" "test_content_permission" {
content_id = sumologic_content.test_content.id
permission {
permission_name = "View"
source_type = "role"
sourceId = data.sumologic_role.role.id
}
permission {
permission_name = "GrantManage"
source_type = "role"
sourceId = data.sumologic_role.admin_role.id
}
}
from terraform-provider-sumologic.
Permission resource was added in https://github.com/SumoLogic/terraform-provider-sumologic/releases/tag/v2.13.0 release.
from terraform-provider-sumologic.
Related Issues (20)
- Unable to add new items to match list HOT 18
- terraform import sumologic_collector fails on name with `/` HOT 1
- Error while using data source "admin_recommended_folder"
- local windows event log source HOT 1
- CSE match lists shows constant change for custom column as target_column HOT 6
- Crash in resource_sumologic_monitors_library_monitor.go:1552 HOT 1
- Feature Request: Metrics Transformation Rules
- Getting LastSeenAlive error while deploying Sumologic Collector HOT 1
- Feature Request: Syslog Source HOT 1
- How to get ID of root "/Library" folder?
- Eventual Consistency Leading to 400 Error in sumologic_kinesis_log_source creation
- Retry mechanism masking errors? HOT 2
- Cannot Create Dashboard Resource HOT 5
- Orca Scan reports vulnerabilities (medium and high) in sumologic provider v2.27.0 and v2.28.0 HOT 1
- Feature Request: sumologic_monitor_folder data source
- sumologic_cse_outlier_rule example is from sumologic_cse_first_seen_rule
- missing opening quote in sumologic_cse_tag_schema example
- ambiguous arguments in aggregation rule documentation
- log-search: cron_expression is populated and so subsequent plans show drift if not provided
- TF Plan fails to handle a Lookup Table that was deleted out-of-band HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-sumologic.