Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to share my sumologic_folder? #27

Closed
marianomerlo opened this issue Jun 8, 2020 · 9 comments
Closed

How to share my sumologic_folder? #27

marianomerlo opened this issue Jun 8, 2020 · 9 comments

Comments

@marianomerlo
Copy link

I'm creating several content under an specific folder and I want to share my folder to my whole organization so anyone can VIEW it.

Was looking information about the permission capability across the provider, but couldn't find anything.

Is it possible to do this either when creating the folder or afterward by actually sharing it?
Thanks in advance.
@marianomerlo marianomerlo changed the title How to share my sumologic_folder with TF? How to share my sumologic_folder? Jun 8, 2020
@sumovishal
Copy link
Collaborator

@marianomerlo we don't have support for permissions in the provider yet. You can use Permissions API https://api.sumologic.com/docs/#tag/contentPermissions. Not the same thing but that's what we have right now.

@marianomerlo
Copy link
Author

Hey, @sumovishal I know this is closed but, it's related to this.

Is there a way to obtain the Organization ID doing some data lookup? So I can output it and use it to do the share using the Permissions API you suggested?

@sumovishal
Copy link
Collaborator

@marianomerlo, unfortunately, I am not aware of any such method. You can try asking in our public Slack channel.

@ouranos
Copy link

ouranos commented Dec 4, 2020

@marianomerlo we don't have support for permissions in the provider yet. You can use Permissions API api.sumologic.com/docs/#tag/contentPermissions. Not the same thing but that's what we have right now.

Hi @sumovishal, are there any plans to support the Permissions API in the near future?

@ericSpence
Copy link

Would the team be open to the following work being done @sumovishal? I would be more than happy to take a stab at it.

Proposal: Implement Content Permissions via Permissions API

Background

The current state of Sumologic's terraform content share capability reduces the ability to use it meaningfully in a CICD pipeline. This limitation means that only the user whose credentials were applied will be able to view the created content unless someone goes in and manually edit the permissions (or runs a separate script that hits the permission API).

Proposal

Using the Content Permissions API create a new content permissions object allowing users to configure permissions on content. Phase one would only support setting permissions by roles as that is the only data source that exists. Adding support for the other source types will be as easy as adding the corresponding data elements.

Implementation

data "sumologic_personal_folder" "personalFolder" {}
data "sumologic_role" "role" { 
	name = "test-role"
}

data "sumologic_role" "admin_role" { 
	name = "admin-role"
}

resource "sumologic_content" "test_content" {
	parent_id = data.sumologic_personal_folder.personalFolder.id
	config = jsonencode({})
}

resource "sumologic_content_permission" "test_content_permission" {
	content_id = sumologic_content.test_content.id
	permission {
		permission_name = "View"
		source_type = "role"
		sourceId = data.sumologic_role.role.id
	}
	permission {
		permission_name = "GrantManage"
		source_type = "role"
		sourceId = data.sumologic_role.admin_role.id
	}
}

@kevin-sumo
Copy link
Collaborator

@ericSpence

We previously attempted to provide a permissions resource, but ran into some issues with how the createdBy users' permissions were handled, which led to issues and confusion with the resource usage, so we ended up pulling this resource from the provider.

The permission API supports Add and Revoke methods, and in order to keep the permissions on the object in sync with the resource definition, the resource would first make a call to revoke all the permissions from the content and then make a follow up call to add the permissions defined within the resource. This meant that unless you specified the permissions (6 permissions that = "Manage") for the createdBy user as part of the definition the createdBy user would end up losing all their permissions to the content.

I think there are some backend discussions around some changes that may need to be made to the permissions API to properly support this resource. Just want to make sure you don't spend time on this only to run into the same issues.

@seansain
Copy link
Contributor

@ericSpence We will try to add a permission resource within the next few months. If that timeline is too far out, by all means, we welcome contributions to the repo and would be more than happy to review a PR and help out.

We also plan to address the issues in the API @kevin-sumo brought up so we can properly support the resource around the same time.

@bltb
Copy link

bltb commented Sep 15, 2021

Hi @seansain , @kevin-sumo, is Sumo Logic still working on the changes you mention here to the content permissions API and the terraform provider?

@ericSpence

We previously attempted to provide a permissions resource, but ran into some issues with how the createdBy users' permissions were handled, which led to issues and confusion with the resource usage, so we ended up pulling this resource from the provider.

The permission API supports Add and Revoke methods, and in order to keep the permissions on the object in sync with the resource definition, the resource would first make a call to revoke all the permissions from the content and then make a follow up call to add the permissions defined within the resource. This meant that unless you specified the permissions (6 permissions that = "Manage") for the createdBy user as part of the definition the createdBy user would end up losing all their permissions to the content.

I think there are some backend discussions around some changes that may need to be made to the permissions API to properly support this resource. Just want to make sure you don't spend time on this only to run into the same issues.

@sumovishal
Copy link
Collaborator

Permission resource was added in https://github.com/SumoLogic/terraform-provider-sumologic/releases/tag/v2.13.0 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@ouranos @bltb @marianomerlo @kevin-sumo @ericSpence @sumovishal @seansain