diff --git a/datadog/cassettes/TestAccDatadogPermissionsDatasource.freeze b/datadog/cassettes/TestAccDatadogPermissionsDatasource.freeze new file mode 100644 index 0000000000..b7fdebcbc1 --- /dev/null +++ b/datadog/cassettes/TestAccDatadogPermissionsDatasource.freeze @@ -0,0 +1 @@ +2020-11-17T16:05:16.524594+01:00 \ No newline at end of file diff --git a/datadog/cassettes/TestAccDatadogPermissionsDatasource.yaml b/datadog/cassettes/TestAccDatadogPermissionsDatasource.yaml new file mode 100644 index 0000000000..33e74183c5 --- /dev/null +++ b/datadog/cassettes/TestAccDatadogPermissionsDatasource.yaml @@ -0,0 +1,451 @@ +--- +version: 1 +interactions: +- request: + body: "" + form: {} + headers: + Accept: + - application/json + Dd-Operation-Id: + - ListPermissions + User-Agent: + - terraform-provider-datadog/dev (terraform 1.15.0; terraform-cli 0.12.7-sdk) + datadog-api-client-go/1.0.0-beta.11 (go go1.15.4; os darwin; arch amd64) + X-Datadog-Parent-Id: + - "180288265021434969" + X-Datadog-Sampling-Priority: + - "1" + X-Datadog-Trace-Id: + - "2865158598692517054" + url: https://api.datadoghq.com/api/v2/permissions + method: GET + response: + body: '{"data":[{"type":"permissions","id":"984a2bd4-d3b4-11e8-a1ff-a7f660d43029","attributes":{"name":"admin","display_name":"Privileged + Access","description":"This permission gives you the ability to view and edit + everything in your Datadog organization that does not have an explicitly defined + permission. This includes billing and usage, user, key, and organization management. + This permission is inclusive of all Standard access permissions.","created":"2018-10-19T15:35:23.734317+00:00","group_name":"General","display_type":"other","restricted":false}},{"type":"permissions","id":"984d2f00-d3b4-11e8-a200-bb47109e9987","attributes":{"name":"standard","display_name":"Standard + Access","description":"This permission gives you the ability to view and edit + components in your Datadog organization that do not have explicitly defined + permissions. This includes APM, Events, and other non-Account Management functionality.","created":"2018-10-19T15:35:23.756736+00:00","group_name":"General","display_type":"other","restricted":false}},{"type":"permissions","id":"5e605652-dd12-11e8-9e53-375565b8970e","attributes":{"name":"logs_read_index_data","display_name":"Logs + Read Index Data","description":"The ability to read all or some log indexes. + Can be granted in a limited capacity per index from the Logs interface or APIs. + If granted via the Roles interface or API the permission has global scope.","created":"2018-10-31T13:39:19.727450+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"62cc036c-dd12-11e8-9e54-db9995643092","attributes":{"name":"logs_modify_indexes","display_name":"Logs + Modify Indexes","description":"The ability to read and modify all indexes in + your account. This includes the ability to grant the Logs Read Index Data and + Logs Write Exclusion Filter permission to other roles, for some or all indexes. + This permission also grants global Log Index Read and Log Exclusion Filter Write + implicitly.","created":"2018-10-31T13:39:27.148615+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"6f66600e-dd12-11e8-9e55-7f30fbb45e73","attributes":{"name":"logs_live_tail","display_name":"Logs + Live Tail Access","description":"The ability to view the live tail feed for + all log indexes, even if otherwise specifically restricted.","created":"2018-10-31T13:39:48.292879+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"7d7c98ac-dd12-11e8-9e56-93700598622d","attributes":{"name":"logs_write_exclusion_filters","display_name":"Logs + Write Exclusion Filters","description":"The ability to add and change exclusion + filters for all or some log indexes. Can be granted in a limited capacity per + index to specific roles via the Logs interface or API. If granted from the Roles + interface or API, the permission has global scope.","created":"2018-10-31T13:40:11.926613+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"811ac4ca-dd12-11e8-9e57-676a7f0beef9","attributes":{"name":"logs_write_pipelines","display_name":"Logs + Write Pipelines","description":"The ability to add and change log pipeline configurations, + including the ability to grant the Logs Write Processors permission to other + roles, for some or all pipelines. This permission also grants global Log Processor + Write implicitly.","created":"2018-10-31T13:40:17.996379+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"84aa3ae4-dd12-11e8-9e58-a373a514ccd0","attributes":{"name":"logs_write_processors","display_name":"Log + Write Processors","description":"The ability to add and change some or all log + processor configurations. Can be granted in a limited capacity per pipeline + to specific roles via the Logs interface or API. If granted via the Roles interface + or API the permission has global scope.","created":"2018-10-31T13:40:23.969725+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"87b00304-dd12-11e8-9e59-cbeb5f71f72f","attributes":{"name":"logs_write_archives","display_name":"Logs + Archives","description":"The ability to add and edit log archive locations.","created":"2018-10-31T13:40:29.040786+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"1a92ede2-6cb2-11e9-99c6-2b3a4a0cdf0a","attributes":{"name":"logs_public_config_api","display_name":"Logs + Public Config API","description":"The ability to access and edit logs configurations + via the API.","created":"2019-05-02T08:13:01.731092+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"979df720-aed7-11e9-99c6-a7eb8373165a","attributes":{"name":"logs_generate_metrics","display_name":"Log + Generate Metrics","description":"The ability to create custom metrics from logs.","created":"2019-07-25T12:27:39.640758+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"d90f6830-d3d8-11e9-a77a-b3404e5e9ee2","attributes":{"name":"dashboards_read","display_name":"Dashboards","description":"The + ability to view dashboards.","created":"2019-09-10T14:39:51.955175+00:00","group_name":"Dashboards","display_type":"read","restricted":true}},{"type":"permissions","id":"d90f6831-d3d8-11e9-a77a-4fd230ddbc6a","attributes":{"name":"dashboards_write","display_name":"Dashboards","description":"The + ability to create and change dashboards.","created":"2019-09-10T14:39:51.962944+00:00","group_name":"Dashboards","display_type":"write","restricted":false}},{"type":"permissions","id":"d90f6832-d3d8-11e9-a77a-bf8a2607f864","attributes":{"name":"dashboards_public_share","display_name":"Dashboards + Share","description":"The ability to share dashboards externally.","created":"2019-09-10T14:39:51.967094+00:00","group_name":"Dashboards","display_type":"other","restricted":false}},{"type":"permissions","id":"4441648c-d8b1-11e9-a77a-1b899a04b304","attributes":{"name":"monitors_read","display_name":"Monitors","description":"The + ability to view monitors.","created":"2019-09-16T18:39:07.744297+00:00","group_name":"Monitors","display_type":"read","restricted":true}},{"type":"permissions","id":"48ef71ea-d8b1-11e9-a77a-93f408470ad0","attributes":{"name":"monitors_write","display_name":"Monitors","description":"The + ability to change, mute, and delete individual monitors.","created":"2019-09-16T18:39:15.597109+00:00","group_name":"Monitors","display_type":"write","restricted":false}},{"type":"permissions","id":"4d87d5f8-d8b1-11e9-a77a-eb9c8350d04f","attributes":{"name":"monitors_downtime","display_name":"Monitors + Manage Downtimes","description":"The ability to set downtimes for your organization. + A user with this permission can suppress alerts from any monitor using a downtime, + even if they do not have permission to edit those monitors explicitly.","created":"2019-09-16T18:39:23.306702+00:00","group_name":"Monitors","display_type":"other","restricted":false}},{"type":"permissions","id":"1af86ce4-7823-11ea-93dc-d7cad1b1c6cb","attributes":{"name":"logs_read_data","display_name":"Logs + Read Data","description":"The ability to read log data. Can be restricted with + restriction queries.","created":"2020-04-06T16:24:35.989108+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"b382b982-8535-11ea-93de-2bf1bdf20798","attributes":{"name":"logs_read_archives","display_name":"Logs + Archives","description":"The ability to read logs archives location and use + it for rehydration.","created":"2020-04-23T07:40:27.966133+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"7314eb20-aa58-11ea-95e2-6fb6e4a451d5","attributes":{"name":"security_monitoring_rules_read","display_name":"Detection + Rules","description":"The ability to read Detection rules.","created":"2020-06-09T13:52:25.279909+00:00","group_name":"Security + Monitoring","display_type":"read","restricted":false}},{"type":"permissions","id":"7b516476-aa58-11ea-95e2-93718cd56369","attributes":{"name":"security_monitoring_rules_write","display_name":"Detection + Rules","description":"The ability to create and edit Detection rules.","created":"2020-06-09T13:52:39.099413+00:00","group_name":"Security + Monitoring","display_type":"write","restricted":false}},{"type":"permissions","id":"80de1ec0-aa58-11ea-95e2-aff381626d5d","attributes":{"name":"security_monitoring_signals_read","display_name":"Security + Signals","description":"The ability to view Security signals.","created":"2020-06-09T13:52:48.410398+00:00","group_name":"Security + Monitoring","display_type":"read","restricted":false}},{"type":"permissions","id":"9ac1d8cc-e707-11ea-aa2d-73d37e989a9d","attributes":{"name":"user_access_invite","display_name":"Invite + User","description":"Allows users to invite other users to your organization.","created":"2020-08-25T19:17:23.539701+00:00","group_name":"User + Access","display_type":"other","restricted":false}},{"type":"permissions","id":"9de604d8-e707-11ea-aa2d-93f1a783b3a3","attributes":{"name":"user_access_manage","display_name":"Access + Management","description":"Grants the permission to disable users, manage user + roles and SAML-to-role mappings.","created":"2020-08-25T19:17:28.810412+00:00","group_name":"User + Access","display_type":"other","restricted":false}},{"type":"permissions","id":"07c3c146-f7f8-11ea-acf6-0bd62b9ae60e","attributes":{"name":"logs_write_historical_view","display_name":"Logs + Historical View","description":"The capability to rehydrate logs from Archives.","created":"2020-09-16T08:38:44.242076+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"6ba32d22-0e1a-11eb-ba44-bf9a5aafaa39","attributes":{"name":"logs_write_facets","display_name":"Logs + Facets","description":"The capability to create or edit logs facets.","created":"2020-10-14T12:40:20.271908+00:00","group_name":"Logs","display_type":"write","restricted":false}}]}' + headers: + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Security-Policy: + - frame-ancestors 'self'; report-uri https://api.datadoghq.com/csp-report + Content-Type: + - application/json + Date: + - Tue, 17 Nov 2020 15:05:17 GMT + Dd-Pool: + - dogweb + Pragma: + - no-cache + Set-Cookie: + - DD-PSHARD=233; Max-Age=604800; Path=/; expires=Tue, 24-Nov-2020 15:05:17 GMT; + secure; HttpOnly + Strict-Transport-Security: + - max-age=15724800; + Vary: + - Accept-Encoding + X-Content-Type-Options: + - nosniff + X-Dd-Debug: + - H6YNJZe2hxg7AD4MytxnK6WTGV3v238t6qy6wX4rqFlv+Cb0Gp+GU8J41gMZvmVb + X-Dd-Version: + - "35.3382013" + X-Frame-Options: + - SAMEORIGIN + status: 200 OK + code: 200 + duration: "" +- request: + body: "" + form: {} + headers: + Accept: + - application/json + Dd-Operation-Id: + - ListPermissions + User-Agent: + - terraform-provider-datadog/dev (terraform 1.15.0; terraform-cli 0.12.7-sdk) + datadog-api-client-go/1.0.0-beta.11 (go go1.15.4; os darwin; arch amd64) + X-Datadog-Parent-Id: + - "2588494572177636653" + X-Datadog-Sampling-Priority: + - "1" + X-Datadog-Trace-Id: + - "2865158598692517054" + url: https://api.datadoghq.com/api/v2/permissions + method: GET + response: + body: '{"data":[{"type":"permissions","id":"984a2bd4-d3b4-11e8-a1ff-a7f660d43029","attributes":{"name":"admin","display_name":"Privileged + Access","description":"This permission gives you the ability to view and edit + everything in your Datadog organization that does not have an explicitly defined + permission. This includes billing and usage, user, key, and organization management. + This permission is inclusive of all Standard access permissions.","created":"2018-10-19T15:35:23.734317+00:00","group_name":"General","display_type":"other","restricted":false}},{"type":"permissions","id":"984d2f00-d3b4-11e8-a200-bb47109e9987","attributes":{"name":"standard","display_name":"Standard + Access","description":"This permission gives you the ability to view and edit + components in your Datadog organization that do not have explicitly defined + permissions. This includes APM, Events, and other non-Account Management functionality.","created":"2018-10-19T15:35:23.756736+00:00","group_name":"General","display_type":"other","restricted":false}},{"type":"permissions","id":"5e605652-dd12-11e8-9e53-375565b8970e","attributes":{"name":"logs_read_index_data","display_name":"Logs + Read Index Data","description":"The ability to read all or some log indexes. + Can be granted in a limited capacity per index from the Logs interface or APIs. + If granted via the Roles interface or API the permission has global scope.","created":"2018-10-31T13:39:19.727450+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"62cc036c-dd12-11e8-9e54-db9995643092","attributes":{"name":"logs_modify_indexes","display_name":"Logs + Modify Indexes","description":"The ability to read and modify all indexes in + your account. This includes the ability to grant the Logs Read Index Data and + Logs Write Exclusion Filter permission to other roles, for some or all indexes. + This permission also grants global Log Index Read and Log Exclusion Filter Write + implicitly.","created":"2018-10-31T13:39:27.148615+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"6f66600e-dd12-11e8-9e55-7f30fbb45e73","attributes":{"name":"logs_live_tail","display_name":"Logs + Live Tail Access","description":"The ability to view the live tail feed for + all log indexes, even if otherwise specifically restricted.","created":"2018-10-31T13:39:48.292879+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"7d7c98ac-dd12-11e8-9e56-93700598622d","attributes":{"name":"logs_write_exclusion_filters","display_name":"Logs + Write Exclusion Filters","description":"The ability to add and change exclusion + filters for all or some log indexes. Can be granted in a limited capacity per + index to specific roles via the Logs interface or API. If granted from the Roles + interface or API, the permission has global scope.","created":"2018-10-31T13:40:11.926613+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"811ac4ca-dd12-11e8-9e57-676a7f0beef9","attributes":{"name":"logs_write_pipelines","display_name":"Logs + Write Pipelines","description":"The ability to add and change log pipeline configurations, + including the ability to grant the Logs Write Processors permission to other + roles, for some or all pipelines. This permission also grants global Log Processor + Write implicitly.","created":"2018-10-31T13:40:17.996379+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"84aa3ae4-dd12-11e8-9e58-a373a514ccd0","attributes":{"name":"logs_write_processors","display_name":"Log + Write Processors","description":"The ability to add and change some or all log + processor configurations. Can be granted in a limited capacity per pipeline + to specific roles via the Logs interface or API. If granted via the Roles interface + or API the permission has global scope.","created":"2018-10-31T13:40:23.969725+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"87b00304-dd12-11e8-9e59-cbeb5f71f72f","attributes":{"name":"logs_write_archives","display_name":"Logs + Archives","description":"The ability to add and edit log archive locations.","created":"2018-10-31T13:40:29.040786+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"1a92ede2-6cb2-11e9-99c6-2b3a4a0cdf0a","attributes":{"name":"logs_public_config_api","display_name":"Logs + Public Config API","description":"The ability to access and edit logs configurations + via the API.","created":"2019-05-02T08:13:01.731092+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"979df720-aed7-11e9-99c6-a7eb8373165a","attributes":{"name":"logs_generate_metrics","display_name":"Log + Generate Metrics","description":"The ability to create custom metrics from logs.","created":"2019-07-25T12:27:39.640758+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"d90f6830-d3d8-11e9-a77a-b3404e5e9ee2","attributes":{"name":"dashboards_read","display_name":"Dashboards","description":"The + ability to view dashboards.","created":"2019-09-10T14:39:51.955175+00:00","group_name":"Dashboards","display_type":"read","restricted":true}},{"type":"permissions","id":"d90f6831-d3d8-11e9-a77a-4fd230ddbc6a","attributes":{"name":"dashboards_write","display_name":"Dashboards","description":"The + ability to create and change dashboards.","created":"2019-09-10T14:39:51.962944+00:00","group_name":"Dashboards","display_type":"write","restricted":false}},{"type":"permissions","id":"d90f6832-d3d8-11e9-a77a-bf8a2607f864","attributes":{"name":"dashboards_public_share","display_name":"Dashboards + Share","description":"The ability to share dashboards externally.","created":"2019-09-10T14:39:51.967094+00:00","group_name":"Dashboards","display_type":"other","restricted":false}},{"type":"permissions","id":"4441648c-d8b1-11e9-a77a-1b899a04b304","attributes":{"name":"monitors_read","display_name":"Monitors","description":"The + ability to view monitors.","created":"2019-09-16T18:39:07.744297+00:00","group_name":"Monitors","display_type":"read","restricted":true}},{"type":"permissions","id":"48ef71ea-d8b1-11e9-a77a-93f408470ad0","attributes":{"name":"monitors_write","display_name":"Monitors","description":"The + ability to change, mute, and delete individual monitors.","created":"2019-09-16T18:39:15.597109+00:00","group_name":"Monitors","display_type":"write","restricted":false}},{"type":"permissions","id":"4d87d5f8-d8b1-11e9-a77a-eb9c8350d04f","attributes":{"name":"monitors_downtime","display_name":"Monitors + Manage Downtimes","description":"The ability to set downtimes for your organization. + A user with this permission can suppress alerts from any monitor using a downtime, + even if they do not have permission to edit those monitors explicitly.","created":"2019-09-16T18:39:23.306702+00:00","group_name":"Monitors","display_type":"other","restricted":false}},{"type":"permissions","id":"1af86ce4-7823-11ea-93dc-d7cad1b1c6cb","attributes":{"name":"logs_read_data","display_name":"Logs + Read Data","description":"The ability to read log data. Can be restricted with + restriction queries.","created":"2020-04-06T16:24:35.989108+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"b382b982-8535-11ea-93de-2bf1bdf20798","attributes":{"name":"logs_read_archives","display_name":"Logs + Archives","description":"The ability to read logs archives location and use + it for rehydration.","created":"2020-04-23T07:40:27.966133+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"7314eb20-aa58-11ea-95e2-6fb6e4a451d5","attributes":{"name":"security_monitoring_rules_read","display_name":"Detection + Rules","description":"The ability to read Detection rules.","created":"2020-06-09T13:52:25.279909+00:00","group_name":"Security + Monitoring","display_type":"read","restricted":false}},{"type":"permissions","id":"7b516476-aa58-11ea-95e2-93718cd56369","attributes":{"name":"security_monitoring_rules_write","display_name":"Detection + Rules","description":"The ability to create and edit Detection rules.","created":"2020-06-09T13:52:39.099413+00:00","group_name":"Security + Monitoring","display_type":"write","restricted":false}},{"type":"permissions","id":"80de1ec0-aa58-11ea-95e2-aff381626d5d","attributes":{"name":"security_monitoring_signals_read","display_name":"Security + Signals","description":"The ability to view Security signals.","created":"2020-06-09T13:52:48.410398+00:00","group_name":"Security + Monitoring","display_type":"read","restricted":false}},{"type":"permissions","id":"9ac1d8cc-e707-11ea-aa2d-73d37e989a9d","attributes":{"name":"user_access_invite","display_name":"Invite + User","description":"Allows users to invite other users to your organization.","created":"2020-08-25T19:17:23.539701+00:00","group_name":"User + Access","display_type":"other","restricted":false}},{"type":"permissions","id":"9de604d8-e707-11ea-aa2d-93f1a783b3a3","attributes":{"name":"user_access_manage","display_name":"Access + Management","description":"Grants the permission to disable users, manage user + roles and SAML-to-role mappings.","created":"2020-08-25T19:17:28.810412+00:00","group_name":"User + Access","display_type":"other","restricted":false}},{"type":"permissions","id":"07c3c146-f7f8-11ea-acf6-0bd62b9ae60e","attributes":{"name":"logs_write_historical_view","display_name":"Logs + Historical View","description":"The capability to rehydrate logs from Archives.","created":"2020-09-16T08:38:44.242076+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"6ba32d22-0e1a-11eb-ba44-bf9a5aafaa39","attributes":{"name":"logs_write_facets","display_name":"Logs + Facets","description":"The capability to create or edit logs facets.","created":"2020-10-14T12:40:20.271908+00:00","group_name":"Logs","display_type":"write","restricted":false}}]}' + headers: + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Security-Policy: + - frame-ancestors 'self'; report-uri https://api.datadoghq.com/csp-report + Content-Type: + - application/json + Date: + - Tue, 17 Nov 2020 15:05:17 GMT + Dd-Pool: + - dogweb + Pragma: + - no-cache + Set-Cookie: + - DD-PSHARD=233; Max-Age=604800; Path=/; expires=Tue, 24-Nov-2020 15:05:17 GMT; + secure; HttpOnly + Strict-Transport-Security: + - max-age=15724800; + Vary: + - Accept-Encoding + X-Content-Type-Options: + - nosniff + X-Dd-Debug: + - hhAfI9DpjHRbHS2z+2prVh0mHwAun3McFDOF8AzNv8c8J6c/l2q8Kye8syKGTxkY + X-Dd-Version: + - "35.3382013" + X-Frame-Options: + - SAMEORIGIN + status: 200 OK + code: 200 + duration: "" +- request: + body: "" + form: {} + headers: + Accept: + - application/json + Dd-Operation-Id: + - ListPermissions + User-Agent: + - terraform-provider-datadog/dev (terraform 1.15.0; terraform-cli 0.12.7-sdk) + datadog-api-client-go/1.0.0-beta.11 (go go1.15.4; os darwin; arch amd64) + X-Datadog-Parent-Id: + - "2455438711229957168" + X-Datadog-Sampling-Priority: + - "1" + X-Datadog-Trace-Id: + - "2865158598692517054" + url: https://api.datadoghq.com/api/v2/permissions + method: GET + response: + body: '{"data":[{"type":"permissions","id":"984a2bd4-d3b4-11e8-a1ff-a7f660d43029","attributes":{"name":"admin","display_name":"Privileged + Access","description":"This permission gives you the ability to view and edit + everything in your Datadog organization that does not have an explicitly defined + permission. This includes billing and usage, user, key, and organization management. + This permission is inclusive of all Standard access permissions.","created":"2018-10-19T15:35:23.734317+00:00","group_name":"General","display_type":"other","restricted":false}},{"type":"permissions","id":"984d2f00-d3b4-11e8-a200-bb47109e9987","attributes":{"name":"standard","display_name":"Standard + Access","description":"This permission gives you the ability to view and edit + components in your Datadog organization that do not have explicitly defined + permissions. This includes APM, Events, and other non-Account Management functionality.","created":"2018-10-19T15:35:23.756736+00:00","group_name":"General","display_type":"other","restricted":false}},{"type":"permissions","id":"5e605652-dd12-11e8-9e53-375565b8970e","attributes":{"name":"logs_read_index_data","display_name":"Logs + Read Index Data","description":"The ability to read all or some log indexes. + Can be granted in a limited capacity per index from the Logs interface or APIs. + If granted via the Roles interface or API the permission has global scope.","created":"2018-10-31T13:39:19.727450+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"62cc036c-dd12-11e8-9e54-db9995643092","attributes":{"name":"logs_modify_indexes","display_name":"Logs + Modify Indexes","description":"The ability to read and modify all indexes in + your account. This includes the ability to grant the Logs Read Index Data and + Logs Write Exclusion Filter permission to other roles, for some or all indexes. + This permission also grants global Log Index Read and Log Exclusion Filter Write + implicitly.","created":"2018-10-31T13:39:27.148615+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"6f66600e-dd12-11e8-9e55-7f30fbb45e73","attributes":{"name":"logs_live_tail","display_name":"Logs + Live Tail Access","description":"The ability to view the live tail feed for + all log indexes, even if otherwise specifically restricted.","created":"2018-10-31T13:39:48.292879+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"7d7c98ac-dd12-11e8-9e56-93700598622d","attributes":{"name":"logs_write_exclusion_filters","display_name":"Logs + Write Exclusion Filters","description":"The ability to add and change exclusion + filters for all or some log indexes. Can be granted in a limited capacity per + index to specific roles via the Logs interface or API. If granted from the Roles + interface or API, the permission has global scope.","created":"2018-10-31T13:40:11.926613+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"811ac4ca-dd12-11e8-9e57-676a7f0beef9","attributes":{"name":"logs_write_pipelines","display_name":"Logs + Write Pipelines","description":"The ability to add and change log pipeline configurations, + including the ability to grant the Logs Write Processors permission to other + roles, for some or all pipelines. This permission also grants global Log Processor + Write implicitly.","created":"2018-10-31T13:40:17.996379+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"84aa3ae4-dd12-11e8-9e58-a373a514ccd0","attributes":{"name":"logs_write_processors","display_name":"Log + Write Processors","description":"The ability to add and change some or all log + processor configurations. Can be granted in a limited capacity per pipeline + to specific roles via the Logs interface or API. If granted via the Roles interface + or API the permission has global scope.","created":"2018-10-31T13:40:23.969725+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"87b00304-dd12-11e8-9e59-cbeb5f71f72f","attributes":{"name":"logs_write_archives","display_name":"Logs + Archives","description":"The ability to add and edit log archive locations.","created":"2018-10-31T13:40:29.040786+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"1a92ede2-6cb2-11e9-99c6-2b3a4a0cdf0a","attributes":{"name":"logs_public_config_api","display_name":"Logs + Public Config API","description":"The ability to access and edit logs configurations + via the API.","created":"2019-05-02T08:13:01.731092+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"979df720-aed7-11e9-99c6-a7eb8373165a","attributes":{"name":"logs_generate_metrics","display_name":"Log + Generate Metrics","description":"The ability to create custom metrics from logs.","created":"2019-07-25T12:27:39.640758+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"d90f6830-d3d8-11e9-a77a-b3404e5e9ee2","attributes":{"name":"dashboards_read","display_name":"Dashboards","description":"The + ability to view dashboards.","created":"2019-09-10T14:39:51.955175+00:00","group_name":"Dashboards","display_type":"read","restricted":true}},{"type":"permissions","id":"d90f6831-d3d8-11e9-a77a-4fd230ddbc6a","attributes":{"name":"dashboards_write","display_name":"Dashboards","description":"The + ability to create and change dashboards.","created":"2019-09-10T14:39:51.962944+00:00","group_name":"Dashboards","display_type":"write","restricted":false}},{"type":"permissions","id":"d90f6832-d3d8-11e9-a77a-bf8a2607f864","attributes":{"name":"dashboards_public_share","display_name":"Dashboards + Share","description":"The ability to share dashboards externally.","created":"2019-09-10T14:39:51.967094+00:00","group_name":"Dashboards","display_type":"other","restricted":false}},{"type":"permissions","id":"4441648c-d8b1-11e9-a77a-1b899a04b304","attributes":{"name":"monitors_read","display_name":"Monitors","description":"The + ability to view monitors.","created":"2019-09-16T18:39:07.744297+00:00","group_name":"Monitors","display_type":"read","restricted":true}},{"type":"permissions","id":"48ef71ea-d8b1-11e9-a77a-93f408470ad0","attributes":{"name":"monitors_write","display_name":"Monitors","description":"The + ability to change, mute, and delete individual monitors.","created":"2019-09-16T18:39:15.597109+00:00","group_name":"Monitors","display_type":"write","restricted":false}},{"type":"permissions","id":"4d87d5f8-d8b1-11e9-a77a-eb9c8350d04f","attributes":{"name":"monitors_downtime","display_name":"Monitors + Manage Downtimes","description":"The ability to set downtimes for your organization. + A user with this permission can suppress alerts from any monitor using a downtime, + even if they do not have permission to edit those monitors explicitly.","created":"2019-09-16T18:39:23.306702+00:00","group_name":"Monitors","display_type":"other","restricted":false}},{"type":"permissions","id":"1af86ce4-7823-11ea-93dc-d7cad1b1c6cb","attributes":{"name":"logs_read_data","display_name":"Logs + Read Data","description":"The ability to read log data. Can be restricted with + restriction queries.","created":"2020-04-06T16:24:35.989108+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"b382b982-8535-11ea-93de-2bf1bdf20798","attributes":{"name":"logs_read_archives","display_name":"Logs + Archives","description":"The ability to read logs archives location and use + it for rehydration.","created":"2020-04-23T07:40:27.966133+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"7314eb20-aa58-11ea-95e2-6fb6e4a451d5","attributes":{"name":"security_monitoring_rules_read","display_name":"Detection + Rules","description":"The ability to read Detection rules.","created":"2020-06-09T13:52:25.279909+00:00","group_name":"Security + Monitoring","display_type":"read","restricted":false}},{"type":"permissions","id":"7b516476-aa58-11ea-95e2-93718cd56369","attributes":{"name":"security_monitoring_rules_write","display_name":"Detection + Rules","description":"The ability to create and edit Detection rules.","created":"2020-06-09T13:52:39.099413+00:00","group_name":"Security + Monitoring","display_type":"write","restricted":false}},{"type":"permissions","id":"80de1ec0-aa58-11ea-95e2-aff381626d5d","attributes":{"name":"security_monitoring_signals_read","display_name":"Security + Signals","description":"The ability to view Security signals.","created":"2020-06-09T13:52:48.410398+00:00","group_name":"Security + Monitoring","display_type":"read","restricted":false}},{"type":"permissions","id":"9ac1d8cc-e707-11ea-aa2d-73d37e989a9d","attributes":{"name":"user_access_invite","display_name":"Invite + User","description":"Allows users to invite other users to your organization.","created":"2020-08-25T19:17:23.539701+00:00","group_name":"User + Access","display_type":"other","restricted":false}},{"type":"permissions","id":"9de604d8-e707-11ea-aa2d-93f1a783b3a3","attributes":{"name":"user_access_manage","display_name":"Access + Management","description":"Grants the permission to disable users, manage user + roles and SAML-to-role mappings.","created":"2020-08-25T19:17:28.810412+00:00","group_name":"User + Access","display_type":"other","restricted":false}},{"type":"permissions","id":"07c3c146-f7f8-11ea-acf6-0bd62b9ae60e","attributes":{"name":"logs_write_historical_view","display_name":"Logs + Historical View","description":"The capability to rehydrate logs from Archives.","created":"2020-09-16T08:38:44.242076+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"6ba32d22-0e1a-11eb-ba44-bf9a5aafaa39","attributes":{"name":"logs_write_facets","display_name":"Logs + Facets","description":"The capability to create or edit logs facets.","created":"2020-10-14T12:40:20.271908+00:00","group_name":"Logs","display_type":"write","restricted":false}}]}' + headers: + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Security-Policy: + - frame-ancestors 'self'; report-uri https://api.datadoghq.com/csp-report + Content-Type: + - application/json + Date: + - Tue, 17 Nov 2020 15:05:17 GMT + Dd-Pool: + - dogweb + Pragma: + - no-cache + Set-Cookie: + - DD-PSHARD=233; Max-Age=604800; Path=/; expires=Tue, 24-Nov-2020 15:05:17 GMT; + secure; HttpOnly + Strict-Transport-Security: + - max-age=15724800; + Vary: + - Accept-Encoding + X-Content-Type-Options: + - nosniff + X-Dd-Debug: + - e/TBw3pWhecz3q7fqdapZ13ekoT8GYh8GanHtnVYHy0/nVmlugu7QHmJ8ANRx8P5 + X-Dd-Version: + - "35.3382013" + X-Frame-Options: + - SAMEORIGIN + status: 200 OK + code: 200 + duration: "" +- request: + body: "" + form: {} + headers: + Accept: + - application/json + Dd-Operation-Id: + - ListPermissions + User-Agent: + - terraform-provider-datadog/dev (terraform 1.15.0; terraform-cli 0.12.7-sdk) + datadog-api-client-go/1.0.0-beta.11 (go go1.15.4; os darwin; arch amd64) + X-Datadog-Parent-Id: + - "8372318696790819291" + X-Datadog-Sampling-Priority: + - "1" + X-Datadog-Trace-Id: + - "2865158598692517054" + url: https://api.datadoghq.com/api/v2/permissions + method: GET + response: + body: '{"data":[{"type":"permissions","id":"984a2bd4-d3b4-11e8-a1ff-a7f660d43029","attributes":{"name":"admin","display_name":"Privileged + Access","description":"This permission gives you the ability to view and edit + everything in your Datadog organization that does not have an explicitly defined + permission. This includes billing and usage, user, key, and organization management. + This permission is inclusive of all Standard access permissions.","created":"2018-10-19T15:35:23.734317+00:00","group_name":"General","display_type":"other","restricted":false}},{"type":"permissions","id":"984d2f00-d3b4-11e8-a200-bb47109e9987","attributes":{"name":"standard","display_name":"Standard + Access","description":"This permission gives you the ability to view and edit + components in your Datadog organization that do not have explicitly defined + permissions. This includes APM, Events, and other non-Account Management functionality.","created":"2018-10-19T15:35:23.756736+00:00","group_name":"General","display_type":"other","restricted":false}},{"type":"permissions","id":"5e605652-dd12-11e8-9e53-375565b8970e","attributes":{"name":"logs_read_index_data","display_name":"Logs + Read Index Data","description":"The ability to read all or some log indexes. + Can be granted in a limited capacity per index from the Logs interface or APIs. + If granted via the Roles interface or API the permission has global scope.","created":"2018-10-31T13:39:19.727450+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"62cc036c-dd12-11e8-9e54-db9995643092","attributes":{"name":"logs_modify_indexes","display_name":"Logs + Modify Indexes","description":"The ability to read and modify all indexes in + your account. This includes the ability to grant the Logs Read Index Data and + Logs Write Exclusion Filter permission to other roles, for some or all indexes. + This permission also grants global Log Index Read and Log Exclusion Filter Write + implicitly.","created":"2018-10-31T13:39:27.148615+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"6f66600e-dd12-11e8-9e55-7f30fbb45e73","attributes":{"name":"logs_live_tail","display_name":"Logs + Live Tail Access","description":"The ability to view the live tail feed for + all log indexes, even if otherwise specifically restricted.","created":"2018-10-31T13:39:48.292879+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"7d7c98ac-dd12-11e8-9e56-93700598622d","attributes":{"name":"logs_write_exclusion_filters","display_name":"Logs + Write Exclusion Filters","description":"The ability to add and change exclusion + filters for all or some log indexes. Can be granted in a limited capacity per + index to specific roles via the Logs interface or API. If granted from the Roles + interface or API, the permission has global scope.","created":"2018-10-31T13:40:11.926613+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"811ac4ca-dd12-11e8-9e57-676a7f0beef9","attributes":{"name":"logs_write_pipelines","display_name":"Logs + Write Pipelines","description":"The ability to add and change log pipeline configurations, + including the ability to grant the Logs Write Processors permission to other + roles, for some or all pipelines. This permission also grants global Log Processor + Write implicitly.","created":"2018-10-31T13:40:17.996379+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"84aa3ae4-dd12-11e8-9e58-a373a514ccd0","attributes":{"name":"logs_write_processors","display_name":"Log + Write Processors","description":"The ability to add and change some or all log + processor configurations. Can be granted in a limited capacity per pipeline + to specific roles via the Logs interface or API. If granted via the Roles interface + or API the permission has global scope.","created":"2018-10-31T13:40:23.969725+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"87b00304-dd12-11e8-9e59-cbeb5f71f72f","attributes":{"name":"logs_write_archives","display_name":"Logs + Archives","description":"The ability to add and edit log archive locations.","created":"2018-10-31T13:40:29.040786+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"1a92ede2-6cb2-11e9-99c6-2b3a4a0cdf0a","attributes":{"name":"logs_public_config_api","display_name":"Logs + Public Config API","description":"The ability to access and edit logs configurations + via the API.","created":"2019-05-02T08:13:01.731092+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"979df720-aed7-11e9-99c6-a7eb8373165a","attributes":{"name":"logs_generate_metrics","display_name":"Log + Generate Metrics","description":"The ability to create custom metrics from logs.","created":"2019-07-25T12:27:39.640758+00:00","group_name":"Logs","display_type":"other","restricted":false}},{"type":"permissions","id":"d90f6830-d3d8-11e9-a77a-b3404e5e9ee2","attributes":{"name":"dashboards_read","display_name":"Dashboards","description":"The + ability to view dashboards.","created":"2019-09-10T14:39:51.955175+00:00","group_name":"Dashboards","display_type":"read","restricted":true}},{"type":"permissions","id":"d90f6831-d3d8-11e9-a77a-4fd230ddbc6a","attributes":{"name":"dashboards_write","display_name":"Dashboards","description":"The + ability to create and change dashboards.","created":"2019-09-10T14:39:51.962944+00:00","group_name":"Dashboards","display_type":"write","restricted":false}},{"type":"permissions","id":"d90f6832-d3d8-11e9-a77a-bf8a2607f864","attributes":{"name":"dashboards_public_share","display_name":"Dashboards + Share","description":"The ability to share dashboards externally.","created":"2019-09-10T14:39:51.967094+00:00","group_name":"Dashboards","display_type":"other","restricted":false}},{"type":"permissions","id":"4441648c-d8b1-11e9-a77a-1b899a04b304","attributes":{"name":"monitors_read","display_name":"Monitors","description":"The + ability to view monitors.","created":"2019-09-16T18:39:07.744297+00:00","group_name":"Monitors","display_type":"read","restricted":true}},{"type":"permissions","id":"48ef71ea-d8b1-11e9-a77a-93f408470ad0","attributes":{"name":"monitors_write","display_name":"Monitors","description":"The + ability to change, mute, and delete individual monitors.","created":"2019-09-16T18:39:15.597109+00:00","group_name":"Monitors","display_type":"write","restricted":false}},{"type":"permissions","id":"4d87d5f8-d8b1-11e9-a77a-eb9c8350d04f","attributes":{"name":"monitors_downtime","display_name":"Monitors + Manage Downtimes","description":"The ability to set downtimes for your organization. + A user with this permission can suppress alerts from any monitor using a downtime, + even if they do not have permission to edit those monitors explicitly.","created":"2019-09-16T18:39:23.306702+00:00","group_name":"Monitors","display_type":"other","restricted":false}},{"type":"permissions","id":"1af86ce4-7823-11ea-93dc-d7cad1b1c6cb","attributes":{"name":"logs_read_data","display_name":"Logs + Read Data","description":"The ability to read log data. Can be restricted with + restriction queries.","created":"2020-04-06T16:24:35.989108+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"b382b982-8535-11ea-93de-2bf1bdf20798","attributes":{"name":"logs_read_archives","display_name":"Logs + Archives","description":"The ability to read logs archives location and use + it for rehydration.","created":"2020-04-23T07:40:27.966133+00:00","group_name":"Logs","display_type":"read","restricted":false}},{"type":"permissions","id":"7314eb20-aa58-11ea-95e2-6fb6e4a451d5","attributes":{"name":"security_monitoring_rules_read","display_name":"Detection + Rules","description":"The ability to read Detection rules.","created":"2020-06-09T13:52:25.279909+00:00","group_name":"Security + Monitoring","display_type":"read","restricted":false}},{"type":"permissions","id":"7b516476-aa58-11ea-95e2-93718cd56369","attributes":{"name":"security_monitoring_rules_write","display_name":"Detection + Rules","description":"The ability to create and edit Detection rules.","created":"2020-06-09T13:52:39.099413+00:00","group_name":"Security + Monitoring","display_type":"write","restricted":false}},{"type":"permissions","id":"80de1ec0-aa58-11ea-95e2-aff381626d5d","attributes":{"name":"security_monitoring_signals_read","display_name":"Security + Signals","description":"The ability to view Security signals.","created":"2020-06-09T13:52:48.410398+00:00","group_name":"Security + Monitoring","display_type":"read","restricted":false}},{"type":"permissions","id":"9ac1d8cc-e707-11ea-aa2d-73d37e989a9d","attributes":{"name":"user_access_invite","display_name":"Invite + User","description":"Allows users to invite other users to your organization.","created":"2020-08-25T19:17:23.539701+00:00","group_name":"User + Access","display_type":"other","restricted":false}},{"type":"permissions","id":"9de604d8-e707-11ea-aa2d-93f1a783b3a3","attributes":{"name":"user_access_manage","display_name":"Access + Management","description":"Grants the permission to disable users, manage user + roles and SAML-to-role mappings.","created":"2020-08-25T19:17:28.810412+00:00","group_name":"User + Access","display_type":"other","restricted":false}},{"type":"permissions","id":"07c3c146-f7f8-11ea-acf6-0bd62b9ae60e","attributes":{"name":"logs_write_historical_view","display_name":"Logs + Historical View","description":"The capability to rehydrate logs from Archives.","created":"2020-09-16T08:38:44.242076+00:00","group_name":"Logs","display_type":"write","restricted":false}},{"type":"permissions","id":"6ba32d22-0e1a-11eb-ba44-bf9a5aafaa39","attributes":{"name":"logs_write_facets","display_name":"Logs + Facets","description":"The capability to create or edit logs facets.","created":"2020-10-14T12:40:20.271908+00:00","group_name":"Logs","display_type":"write","restricted":false}}]}' + headers: + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Security-Policy: + - frame-ancestors 'self'; report-uri https://api.datadoghq.com/csp-report + Content-Type: + - application/json + Date: + - Tue, 17 Nov 2020 15:05:17 GMT + Dd-Pool: + - dogweb + Pragma: + - no-cache + Set-Cookie: + - DD-PSHARD=233; Max-Age=604800; Path=/; expires=Tue, 24-Nov-2020 15:05:17 GMT; + secure; HttpOnly + Strict-Transport-Security: + - max-age=15724800; + Vary: + - Accept-Encoding + X-Content-Type-Options: + - nosniff + X-Dd-Debug: + - hkXZRrnCTh2pkyHJgLo1+B5+sLp+RYzQrqT867R6UzDvqVGo8Av8yUCpaA0POidP + X-Dd-Version: + - "35.3382013" + X-Frame-Options: + - SAMEORIGIN + status: 200 OK + code: 200 + duration: "" diff --git a/datadog/data_source_datadog_permissions.go b/datadog/data_source_datadog_permissions.go index 24a78f1c8a..b6bd8acfa4 100644 --- a/datadog/data_source_datadog_permissions.go +++ b/datadog/data_source_datadog_permissions.go @@ -28,13 +28,15 @@ func dataSourceDatadogPermissionsRead(d *schema.ResourceData, meta interface{}) res, _, err := datadogClientV2.RolesApi.ListPermissions(authV2).Execute() if err != nil { - return translateClientError(err, "error querying roles") + return translateClientError(err, "error listing permissions") } perms := res.GetData() permsNameToID := make(map[string]string, len(perms)) for _, perm := range perms { permsNameToID[perm.Attributes.GetName()] = perm.GetId() } + d.SetId("datadog-permissions") d.Set("permissions", permsNameToID) + return nil } diff --git a/datadog/data_source_datadog_permissions_test.go b/datadog/data_source_datadog_permissions_test.go new file mode 100644 index 0000000000..c4481ad840 --- /dev/null +++ b/datadog/data_source_datadog_permissions_test.go @@ -0,0 +1,27 @@ +package datadog + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" +) + +func TestAccDatadogPermissionsDatasource(t *testing.T) { + accProviders, _, cleanup := testAccProviders(t, initRecorder(t)) + defer cleanup(t) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: accProviders, + Steps: []resource.TestStep{ + { + Config: `data "datadog_permissions" "foo" {}`, + // Check at least one permission exists + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.datadog_permissions.foo", "id", "datadog-permissions"), + resource.TestCheckResourceAttrSet("data.datadog_permissions.foo", "permissions.admin"), + ), + }, + }, + }) +} diff --git a/datadog/provider_test.go b/datadog/provider_test.go index 451d3690a7..44130c068f 100644 --- a/datadog/provider_test.go +++ b/datadog/provider_test.go @@ -37,6 +37,7 @@ var testFiles2EndpointTags = map[string]string{ "data_source_datadog_dashboard_list_test": "dashboard-lists", "data_source_datadog_ip_ranges_test": "ip-ranges", "data_source_datadog_monitor_test": "monitors", + "data_source_datadog_permissions_test": "permissions", "data_source_datadog_role_test": "roles", "data_source_datadog_synthetics_locations_test": "synthetics", "import_datadog_downtime_test": "downtimes",