Merge pull request #221 from JupiterOne/APP-15932

APP-15932 - Add resource permission set and collectionId for rule

README.md

@@ -167,6 +167,8 @@ This function is used to create the actual resource. It parses out the J1EntityM
 
 Follow this general structure for your create function and look at other resource.go files to get an idea of what you may need here.
 
+Note that if the resource you are creating does not return an `id` from the API, you will need to assign a unique id to the `data.Id` field. This is used by terraform to track the resource. The `user_group_membership` resource is one where this is necessary and can be used as an example.
+
 ```go
 func (r *J1EntityResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
 	var data J1EntityModel

docs/resources/resource_permission.md

@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "jupiterone_resource_permission Resource - terraform-provider-jupiterone"
+subcategory: ""
+description: |-
+  A set of resource based permissions.
+---
+
+# jupiterone_resource_permission (Resource)
+
+A set of JupiterOne Resource Permissions.
+
+## Example Usage
+
+```terraform
+data "jupiterone_user_group" "standard_administrators" {
+    name = "Administrators"
+}
+
+resource "jupiterone_resource_permission" "administrator_permissions" {
+    subject_id    = data.jupiterone_user_group.standard_administrators.id
+    subject_type  = "group"
+    resource_area = "rule"
+    resource_type = "*"
+    resource_id   = "*"
+    can_create    = true
+    can_read      = true
+    can_update    = true
+    can_delete    = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+
+## Schema
+
+### Required
+
+- `subject_id` (String) The ID of the subject that the resource permissions will be applied to (e.g. group ID).
+- `subject_type` (String) The type of the subject that the resource permissions will be applied to (e.g. group).
+- `resource_area` (String) The resource area that these permissions will be applied to (e.g. rule).
+- `resource_type` (String) The resource type that these permissions will be applied to (e.g. rule, rule_collection, \*).
+- `resource_id` (String) The resource ID that these permissions will be applied to (e.g. rule ID, rule_collection ID, \*).
+- `can_read` (Boolean) Whether the subject can read the resource.
+- `can_create` (Boolean) Whether the subject can create the resource.
+- `can_update` (Boolean) Whether the subject can update the resource.
+- `can_delete` (Boolean) Whether the subject can delete the resource.

docs/resources/rule.md

@@ -126,6 +126,7 @@ resource "jupiterone_rule" "users_without_mfa" {
 - `labels` (List of Attributes) Key/value pairs to apply to the jupiterone_rule entity. If label_value is a string that represents a boolean or number (i.e. "true", "1"), it will be converted to a boolean or number respectively.
 - `templates` (Map of String) Optional key/value pairs of template name to template
 - `trigger_on_new_only` (Boolean)
+- `collection_id` (String) Optional ID of a collection to associate with the rule.
 
 ### Read-Only
 

jupiterone/cassettes/TestInlineRuleInstance_BasicImport.yaml

@@ -6,20 +6,20 @@ interactions:
         proto: HTTP/1.1
         proto_major: 1
         proto_minor: 1
-        content_length: 1132
+        content_length: 1114
         transfer_encoding: []
         trailer: {}
-        host: graphql.us.jupiterone.io
+        host: graphql.dev.jupiterone.io
         remote_addr: ""
         request_uri: ""
-        body: '{"query":"\nmutation CreateInlineQuestionRuleInstance ($instance: CreateInlineQuestionRuleInstanceInput!) {\n\tcreateQuestionRuleInstance: createInlineQuestionRuleInstance(instance: $instance) {\n\t\tid\n\t\tversion\n\t\tspecVersion\n\t\tquestion {\n\t\t\tqueries {\n\t\t\t\tname\n\t\t\t\tquery\n\t\t\t\tversion\n\t\t\t\tincludeDeleted\n\t\t\t}\n\t\t}\n\t\toperations {\n\t\t\twhen\n\t\t\tactions\n\t\t}\n\t\tlabels {\n\t\t\tlabelName\n\t\t\tlabelValue\n\t\t}\n\t}\n}\n","variables":{"instance":{"question":{"queries":[{"query":"Find DataStore with classification=(''critical'' or ''sensitive'' or ''confidential'' or ''restricted'') and encrypted!=true","name":"query0","version":"v1","includeDeleted":false}]},"templates":null,"tags":["tf_acc:1","tf_acc:2"],"name":"tf-provider-test-rule","description":"test","specVersion":1,"operations":[],"outputs":["queries.query0.total","alertLevel"],"pollingInterval":"ONE_DAY","notifyOnFailure":false,"triggerActionsOnNewEntitiesOnly":false,"ignorePreviousResults":false,"remediationSteps":"","collectionId":"","labels":null,"j1Internal":false}},"operationName":"CreateInlineQuestionRuleInstance"}'
+        body: '{"query":"\nmutation CreateInlineQuestionRuleInstance ($instance: CreateInlineQuestionRuleInstanceInput!) {\n\tcreateQuestionRuleInstance: createInlineQuestionRuleInstance(instance: $instance) {\n\t\tid\n\t\tversion\n\t\tspecVersion\n\t\tquestion {\n\t\t\tqueries {\n\t\t\t\tname\n\t\t\t\tquery\n\t\t\t\tversion\n\t\t\t\tincludeDeleted\n\t\t\t}\n\t\t}\n\t\toperations {\n\t\t\twhen\n\t\t\tactions\n\t\t}\n\t\tlabels {\n\t\t\tlabelName\n\t\t\tlabelValue\n\t\t}\n\t}\n}\n","variables":{"instance":{"question":{"queries":[{"query":"Find DataStore with classification=(''critical'' or ''sensitive'' or ''confidential'' or ''restricted'') and encrypted!=true","name":"query0","version":"v1","includeDeleted":false}]},"templates":null,"tags":["tf_acc:1","tf_acc:2"],"name":"tf-provider-test-rule","description":"test","specVersion":1,"operations":[],"outputs":["queries.query0.total","alertLevel"],"pollingInterval":"ONE_DAY","notifyOnFailure":false,"triggerActionsOnNewEntitiesOnly":false,"ignorePreviousResults":false,"remediationSteps":"","labels":null,"j1Internal":false}},"operationName":"CreateInlineQuestionRuleInstance"}'
         form: {}
         headers:
             Cache-Control:
                 - no-cache
             Content-Type:
                 - application/json
-        url: https://graphql.us.jupiterone.io/
+        url: https://graphql.dev.jupiterone.io/
         method: POST
       response:
         proto: HTTP/2.0
@@ -30,7 +30,7 @@ interactions:
         content_length: 350
         uncompressed: false
         body: |
-            {"data":{"createQuestionRuleInstance":{"id":"81a8c676-7155-4f4f-b755-9eab08be21ea","version":1,"specVersion":1,"question":{"queries":[{"name":"query0","query":"Find DataStore with classification=('critical' or 'sensitive' or 'confidential' or 'restricted') and encrypted!=true","version":"v1","includeDeleted":false}]},"operations":[],"labels":[]}}}
+            {"data":{"createQuestionRuleInstance":{"id":"2cb574d2-0cf1-4f41-8b57-bfca2a6eb5cc","version":1,"specVersion":1,"question":{"queries":[{"name":"query0","query":"Find DataStore with classification=('critical' or 'sensitive' or 'confidential' or 'restricted') and encrypted!=true","version":"v1","includeDeleted":false}]},"operations":[],"labels":[]}}}
         headers:
             Access-Control-Allow-Credentials:
                 - "true"
@@ -78,42 +78,42 @@ interactions:
                 - "0"
         status: 200 OK
         code: 200
-        duration: 609.287625ms
+        duration: 746.634084ms
     - id: 1
       request:
         proto: HTTP/1.1
         proto_major: 1
         proto_minor: 1
-        content_length: 632
+        content_length: 650
         transfer_encoding: []
         trailer: {}
-        host: graphql.us.jupiterone.io
+        host: graphql.dev.jupiterone.io
         remote_addr: ""
         request_uri: ""
-        body: '{"query":"\nquery GetQuestionRuleInstance ($id: ID!) {\n\tquestionRuleInstance(id: $id) {\n\t\tid\n\t\tname\n\t\tdescription\n\t\tversion\n\t\tspecVersion\n\t\tlatest\n\t\tpollingInterval\n\t\tdeleted\n\t\ttype\n\t\ttemplates\n\t\tnotifyOnFailure\n\t\ttriggerActionsOnNewEntitiesOnly\n\t\tignorePreviousResults\n\t\tquestionId\n\t\tquestion {\n\t\t\tqueries {\n\t\t\t\tname\n\t\t\t\tquery\n\t\t\t\tversion\n\t\t\t\tincludeDeleted\n\t\t\t}\n\t\t}\n\t\toperations {\n\t\t\twhen\n\t\t\tactions\n\t\t}\n\t\toutputs\n\t\ttags\n\t}\n}\n","variables":{"id":"81a8c676-7155-4f4f-b755-9eab08be21ea"},"operationName":"GetQuestionRuleInstance"}'
+        body: '{"query":"\nquery GetQuestionRuleInstance ($id: ID!) {\n\tquestionRuleInstance(id: $id) {\n\t\tid\n\t\tname\n\t\tcollectionId\n\t\tdescription\n\t\tversion\n\t\tspecVersion\n\t\tlatest\n\t\tpollingInterval\n\t\tdeleted\n\t\ttype\n\t\ttemplates\n\t\tnotifyOnFailure\n\t\ttriggerActionsOnNewEntitiesOnly\n\t\tignorePreviousResults\n\t\tquestionId\n\t\tquestion {\n\t\t\tqueries {\n\t\t\t\tname\n\t\t\t\tquery\n\t\t\t\tversion\n\t\t\t\tincludeDeleted\n\t\t\t}\n\t\t}\n\t\toperations {\n\t\t\twhen\n\t\t\tactions\n\t\t}\n\t\toutputs\n\t\ttags\n\t}\n}\n","variables":{"id":"2cb574d2-0cf1-4f41-8b57-bfca2a6eb5cc"},"operationName":"GetQuestionRuleInstance"}'
         form: {}
         headers:
             Cache-Control:
                 - no-cache
             Content-Type:
                 - application/json
-        url: https://graphql.us.jupiterone.io/
+        url: https://graphql.dev.jupiterone.io/
         method: POST
       response:
         proto: HTTP/2.0
         proto_major: 2
         proto_minor: 0
         transfer_encoding: []
         trailer: {}
-        content_length: 668
+        content_length: 688
         uncompressed: false
         body: |
-            {"data":{"questionRuleInstance":{"id":"81a8c676-7155-4f4f-b755-9eab08be21ea","name":"tf-provider-test-rule","description":"test","version":1,"specVersion":1,"latest":true,"pollingInterval":"ONE_DAY","deleted":false,"type":"QUESTION","templates":null,"notifyOnFailure":false,"triggerActionsOnNewEntitiesOnly":false,"ignorePreviousResults":false,"questionId":null,"question":{"queries":[{"name":"query0","query":"Find DataStore with classification=('critical' or 'sensitive' or 'confidential' or 'restricted') and encrypted!=true","version":"v1","includeDeleted":false}]},"operations":[],"outputs":["queries.query0.total","alertLevel"],"tags":["tf_acc:1","tf_acc:2"]}}}
+            {"data":{"questionRuleInstance":{"id":"2cb574d2-0cf1-4f41-8b57-bfca2a6eb5cc","name":"tf-provider-test-rule","collectionId":null,"description":"test","version":1,"specVersion":1,"latest":true,"pollingInterval":"ONE_DAY","deleted":false,"type":"QUESTION","templates":null,"notifyOnFailure":false,"triggerActionsOnNewEntitiesOnly":false,"ignorePreviousResults":false,"questionId":null,"question":{"queries":[{"name":"query0","query":"Find DataStore with classification=('critical' or 'sensitive' or 'confidential' or 'restricted') and encrypted!=true","version":"v1","includeDeleted":false}]},"operations":[],"outputs":["queries.query0.total","alertLevel"],"tags":["tf_acc:1","tf_acc:2"]}}}
         headers:
             Access-Control-Allow-Credentials:
                 - "true"
             Content-Length:
-                - "668"
+                - "688"
             Content-Security-Policy:
                 - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self'' https: data:;form-action ''self'';frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
             Content-Type:
@@ -156,7 +156,7 @@ interactions:
                 - "0"
         status: 200 OK
         code: 200
-        duration: 188.905125ms
+        duration: 219.746958ms
     - id: 2
       request:
         proto: HTTP/1.1
@@ -165,17 +165,17 @@ interactions:
         content_length: 200
         transfer_encoding: []
         trailer: {}
-        host: graphql.us.jupiterone.io
+        host: graphql.dev.jupiterone.io
         remote_addr: ""
         request_uri: ""
-        body: '{"query":"\nmutation DeleteRuleInstance ($id: ID!) {\n\tdeleteRuleInstance(id: $id) {\n\t\tid\n\t}\n}\n","variables":{"id":"81a8c676-7155-4f4f-b755-9eab08be21ea"},"operationName":"DeleteRuleInstance"}'
+        body: '{"query":"\nmutation DeleteRuleInstance ($id: ID!) {\n\tdeleteRuleInstance(id: $id) {\n\t\tid\n\t}\n}\n","variables":{"id":"2cb574d2-0cf1-4f41-8b57-bfca2a6eb5cc"},"operationName":"DeleteRuleInstance"}'
         form: {}
         headers:
             Cache-Control:
                 - no-cache
             Content-Type:
                 - application/json
-        url: https://graphql.us.jupiterone.io/
+        url: https://graphql.dev.jupiterone.io/
         method: POST
       response:
         proto: HTTP/2.0
@@ -186,7 +186,7 @@ interactions:
         content_length: 78
         uncompressed: false
         body: |
-            {"data":{"deleteRuleInstance":{"id":"81a8c676-7155-4f4f-b755-9eab08be21ea"}}}
+            {"data":{"deleteRuleInstance":{"id":"2cb574d2-0cf1-4f41-8b57-bfca2a6eb5cc"}}}
         headers:
             Access-Control-Allow-Credentials:
                 - "true"
@@ -234,4 +234,4 @@ interactions:
                 - "0"
         status: 200 OK
         code: 200
-        duration: 200.725ms
+        duration: 228.711917ms