Merge pull request #227 from JupiterOne/no-card-add-docs

No card: Add docs for resource permissions
JupiterOne · Jan 15, 2025 · 5d46caf · 5d46caf
2 parents 4f7e61b + 1515384
commit 5d46caf
Show file tree

Hide file tree

Showing 5 changed files with 118 additions and 9 deletions.
diff --git a/docs/resources/resource_group.md b/docs/resources/resource_group.md
@@ -10,7 +10,13 @@ description: |-
 
 JupiterOne Resource Group
 
+## Example Usage
 
+```terraform
+resource "jupiterone_resource_group" "resource" {
+  name = "Engineering"
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema

diff --git a/docs/resources/resource_permission.md b/docs/resources/resource_permission.md
@@ -10,9 +10,62 @@ description: |-
 
 JupiterOne Resource Based Permission
 
+## Example Usage
 
+```terraform
+resource "jupiterone_resource_group" "engineering" {
+  name = "Engineering"
+}
+
+resource "jupiterone_dashboard" "compliance" {
+  name              = "Compliance"
+  type              = "Account"
+  resource_group_id = jupiterone_resource_group.engineering.id
+}
+
+resource "jupiterone_dashboard" "device_matrix" {
+  name              = "Device Matrix"
+  type              = "Account"
+  resource_group_id = jupiterone_resource_group.engineering.id
+}
+
+resource "jupiterone_dashboard" "key_insights" {
+  name = "Key Insights"
+  type = "Account"
+}
+
+resource "jupiterone_user_group" "engineering" {
+  name        = "Engineering"
+  description = "This group can view and manage all dashboards in the Engineering resource group as well as view the Key Insights dashboard."
+}
+
+resource "jupiterone_resource_permission" "engineering_compliance" {
+  subject_type  = "group"
+  subject_id    = jupiterone_user_group.engineering.id
+  resource_area = "dashboard"
+  resource_type = "resource_group"
+  resource_id   = "*"
+  canCreate     = true
+  canRead       = true
+  canUpdate     = true
+  canDelete     = true
+}
+
+resource "jupiterone_resource_permission" "engineering_compliance" {
+  subject_type  = "group"
+  subject_id    = jupiterone_user_group.engineering.id
+  resource_area = "dashboard"
+  resource_type = "dashboard"
+  resource_id   = jupiterone_dashboard.key_insights.id
+  canCreate     = false
+  canRead       = true
+  canUpdate     = false
+  canDelete     = false
+}
+```
 
 <!-- schema generated by tfplugindocs -->
+
 ## Schema
 
 ### Required
@@ -21,14 +74,12 @@ JupiterOne Resource Based Permission
 - `can_delete` (Boolean) Whether the subject can delete the resource.
 - `can_read` (Boolean) Whether the subject can read the resource.
 - `can_update` (Boolean) Whether the subject can update the resource.
-- `resource_area` (String) The resource area that these permissions will be applied to (e.g. rule).
-- `resource_id` (String) The ID of the resource that these permissions will be applied to (e.g. rule ID, resource group ID, *).
-- `resource_type` (String) The resource type that these permissions will be applied to (e.g. rule, resource_group, *).
+- `resource_area` (String) The resource area that these permissions will be applied to. Possible values: rule, dashboard, integration, collector.
+- `resource_id` (String) The ID of the resource that these permissions will be applied to (e.g. rule ID, resource group ID, \*).
+- `resource_type` (String) The resource type that these permissions will be applied to. Possible values: resource_group, \*, rule, dashboard, integration, collector.
 - `subject_id` (String) The ID of the subject that the resource permissions will be applied to (e.g. group ID).
-- `subject_type` (String) The type of the subject that the resource permissions will be applied to (e.g. group).
+- `subject_type` (String) The type of the subject that the resource permissions will be applied to. Possible values: group, token.
 
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-
diff --git a/examples/resources/jupiterone_resource_group/resource.tf b/examples/resources/jupiterone_resource_group/resource.tf
@@ -0,0 +1,3 @@
+resource "jupiterone_resource_group" "resource" {
+  name = "Engineering"
+}
diff --git a/examples/resources/jupiterone_resource_permission/resource.tf b/examples/resources/jupiterone_resource_permission/resource.tf
@@ -0,0 +1,49 @@
+resource "jupiterone_resource_group" "engineering" {
+  name = "Engineering"
+}
+
+resource "jupiterone_dashboard" "compliance" {
+  name              = "Compliance"
+  type              = "Account"
+  resource_group_id = jupiterone_resource_group.engineering.id
+}
+
+resource "jupiterone_dashboard" "device_matrix" {
+  name              = "Device Matrix"
+  type              = "Account"
+  resource_group_id = jupiterone_resource_group.engineering.id
+}
+
+resource "jupiterone_dashboard" "key_insights" {
+  name = "Key Insights"
+  type = "Account"
+}
+
+resource "jupiterone_user_group" "engineering" {
+  name        = "Engineering"
+  description = "This group can view and manage all dashboards in the Engineering resource group as well as view the Key Insights dashboard."
+}
+
+resource "jupiterone_resource_permission" "engineering_compliance" {
+  subject_type  = "group"
+  subject_id    = jupiterone_user_group.engineering.id
+  resource_area = "dashboard"
+  resource_type = "resource_group"
+  resource_id   = "*"
+  canCreate     = true
+  canRead       = true
+  canUpdate     = true
+  canDelete     = true
+}
+
+resource "jupiterone_resource_permission" "engineering_compliance" {
+  subject_type  = "group"
+  subject_id    = jupiterone_user_group.engineering.id
+  resource_area = "dashboard"
+  resource_type = "dashboard"
+  resource_id   = jupiterone_dashboard.key_insights.id
+  canCreate     = false
+  canRead       = true
+  canUpdate     = false
+  canDelete     = false
+}
diff --git a/jupiterone/resource_resource_permission.go b/jupiterone/resource_resource_permission.go
@@ -70,19 +70,19 @@ func (*ResourcePermissionResource) Schema(ctx context.Context, req resource.Sche
 			},
 			"subject_type": schema.StringAttribute{
 				Required:    true,
-				Description: "The type of the subject that the resource permissions will be applied to (e.g. group).",
+				Description: "The type of the subject that the resource permissions will be applied to. Possible values: group, token.",
 			},
 			"subject_id": schema.StringAttribute{
 				Required:    true,
 				Description: "The ID of the subject that the resource permissions will be applied to (e.g. group ID).",
 			},
 			"resource_area": schema.StringAttribute{
 				Required:    true,
-				Description: "The resource area that these permissions will be applied to (e.g. rule).",
+				Description: "The resource area that these permissions will be applied to. Possible values: rule, dashboard, integration, collector.",
 			},
 			"resource_type": schema.StringAttribute{
 				Required:    true,
-				Description: "The resource type that these permissions will be applied to (e.g. rule, resource_group, *).",
+				Description: "The resource type that these permissions will be applied to. Possible values: resource_group, *, rule, dashboard, integration, collector.",
 			},
 			"resource_id": schema.StringAttribute{
 				Required:    true,