Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No card: Add docs for resource permissions #227

Merged
merged 1 commit into from
Jan 15, 2025
Merged

No card: Add docs for resource permissions #227

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions docs/resources/resource_group.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,13 @@ description: |-

JupiterOne Resource Group

## Example Usage

```terraform
resource "jupiterone_resource_group" "resource" {
name = "Engineering"
}
```

<!-- schema generated by tfplugindocs -->
## Schema
Expand Down
63 changes: 57 additions & 6 deletions docs/resources/resource_permission.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,62 @@ description: |-

JupiterOne Resource Based Permission

## Example Usage

```terraform
resource "jupiterone_resource_group" "engineering" {
name = "Engineering"
}

resource "jupiterone_dashboard" "compliance" {
name = "Compliance"
type = "Account"
resource_group_id = jupiterone_resource_group.engineering.id
}

resource "jupiterone_dashboard" "device_matrix" {
name = "Device Matrix"
type = "Account"
resource_group_id = jupiterone_resource_group.engineering.id
}

resource "jupiterone_dashboard" "key_insights" {
name = "Key Insights"
type = "Account"
}

resource "jupiterone_user_group" "engineering" {
name = "Engineering"
description = "This group can view and manage all dashboards in the Engineering resource group as well as view the Key Insights dashboard."
}

resource "jupiterone_resource_permission" "engineering_compliance" {
subject_type = "group"
subject_id = jupiterone_user_group.engineering.id
resource_area = "dashboard"
resource_type = "resource_group"
resource_id = "*"
canCreate = true
canRead = true
canUpdate = true
canDelete = true
}

resource "jupiterone_resource_permission" "engineering_compliance" {
subject_type = "group"
subject_id = jupiterone_user_group.engineering.id
resource_area = "dashboard"
resource_type = "dashboard"
resource_id = jupiterone_dashboard.key_insights.id
canCreate = false
canRead = true
canUpdate = false
canDelete = false
}
```

<!-- schema generated by tfplugindocs -->

## Schema

### Required
Expand All @@ -21,14 +74,12 @@ JupiterOne Resource Based Permission
- `can_delete` (Boolean) Whether the subject can delete the resource.
- `can_read` (Boolean) Whether the subject can read the resource.
- `can_update` (Boolean) Whether the subject can update the resource.
- `resource_area` (String) The resource area that these permissions will be applied to (e.g. rule).
- `resource_id` (String) The ID of the resource that these permissions will be applied to (e.g. rule ID, resource group ID, *).
- `resource_type` (String) The resource type that these permissions will be applied to (e.g. rule, resource_group, *).
- `resource_area` (String) The resource area that these permissions will be applied to. Possible values: rule, dashboard, integration, collector.
- `resource_id` (String) The ID of the resource that these permissions will be applied to (e.g. rule ID, resource group ID, \*).
- `resource_type` (String) The resource type that these permissions will be applied to. Possible values: resource_group, \*, rule, dashboard, integration, collector.
- `subject_id` (String) The ID of the subject that the resource permissions will be applied to (e.g. group ID).
- `subject_type` (String) The type of the subject that the resource permissions will be applied to (e.g. group).
- `subject_type` (String) The type of the subject that the resource permissions will be applied to. Possible values: group, token.

### Read-Only

- `id` (String) The ID of this resource.


3 changes: 3 additions & 0 deletions examples/resources/jupiterone_resource_group/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
resource "jupiterone_resource_group" "resource" {
name = "Engineering"
}
49 changes: 49 additions & 0 deletions examples/resources/jupiterone_resource_permission/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
resource "jupiterone_resource_group" "engineering" {
name = "Engineering"
}

resource "jupiterone_dashboard" "compliance" {
name = "Compliance"
type = "Account"
resource_group_id = jupiterone_resource_group.engineering.id
}

resource "jupiterone_dashboard" "device_matrix" {
name = "Device Matrix"
type = "Account"
resource_group_id = jupiterone_resource_group.engineering.id
}

resource "jupiterone_dashboard" "key_insights" {
name = "Key Insights"
type = "Account"
}

resource "jupiterone_user_group" "engineering" {
name = "Engineering"
description = "This group can view and manage all dashboards in the Engineering resource group as well as view the Key Insights dashboard."
}

resource "jupiterone_resource_permission" "engineering_compliance" {
subject_type = "group"
subject_id = jupiterone_user_group.engineering.id
resource_area = "dashboard"
resource_type = "resource_group"
resource_id = "*"
canCreate = true
canRead = true
canUpdate = true
canDelete = true
}

resource "jupiterone_resource_permission" "engineering_compliance" {
subject_type = "group"
subject_id = jupiterone_user_group.engineering.id
resource_area = "dashboard"
resource_type = "dashboard"
resource_id = jupiterone_dashboard.key_insights.id
canCreate = false
canRead = true
canUpdate = false
canDelete = false
}
6 changes: 3 additions & 3 deletions jupiterone/resource_resource_permission.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,19 +70,19 @@ func (*ResourcePermissionResource) Schema(ctx context.Context, req resource.Sche
},
"subject_type": schema.StringAttribute{
Required: true,
Description: "The type of the subject that the resource permissions will be applied to (e.g. group).",
Description: "The type of the subject that the resource permissions will be applied to. Possible values: group, token.",
},
"subject_id": schema.StringAttribute{
Required: true,
Description: "The ID of the subject that the resource permissions will be applied to (e.g. group ID).",
},
"resource_area": schema.StringAttribute{
Required: true,
Description: "The resource area that these permissions will be applied to (e.g. rule).",
Description: "The resource area that these permissions will be applied to. Possible values: rule, dashboard, integration, collector.",
},
"resource_type": schema.StringAttribute{
Required: true,
Description: "The resource type that these permissions will be applied to (e.g. rule, resource_group, *).",
Description: "The resource type that these permissions will be applied to. Possible values: resource_group, *, rule, dashboard, integration, collector.",
},
"resource_id": schema.StringAttribute{
Required: true,
Expand Down
Loading