Dashboard RBAC roles (#1109)

* WIP of Dashboards RBAC support, uses ForceNew. Looks correct (other than ForceNew not being ideal)

* Simplified dashboard resource changes, for use with new API design logic

* Remove a computed property left behind from older work

* Update docs with restricted_roles (no description until out of beta)

* Updated RBAC tests, generated cassette files

* Added description for restricted_roles

* Double ConflictsWith

* Fix datadog_dashboard_json test after merging in prod

Author: matt-miller-ddog

datadog/resource_datadog_dashboard.go

@@ -75,18 +75,26 @@ func resourceDatadogDashboard() *schema.Resource {
 				Optional:    true,
 				Description: "The description of the dashboard.",
 			},
-			"is_read_only": {
-				Type:        schema.TypeBool,
-				Optional:    true,
-				Default:     false,
-				Description: "Whether this dashboard is read-only.",
-			},
 			"url": {
 				Type:        schema.TypeString,
 				Optional:    true,
 				Computed:    true,
 				Description: "The URL of the dashboard.",
 			},
+			"is_read_only": {
+				Type:          schema.TypeBool,
+				Optional:      true,
+				Default:       false,
+				ConflictsWith: []string{"restricted_roles"},
+				Description:   "Whether this dashboard is read-only.",
+			},
+			"restricted_roles": {
+				Type:          schema.TypeSet,
+				Optional:      true,
+				Elem:          &schema.Schema{Type: schema.TypeString},
+				ConflictsWith: []string{"is_read_only"},
+				Description:   "Role UUIDs corresponding to users authorized to edit the dashboard. **This feature is currently in beta.**",
+			},
 			"template_variable": {
 				Type:        schema.TypeList,
 				Optional:    true,
@@ -230,10 +238,16 @@ func updateDashboardState(d *schema.ResourceData, dashboard *datadogV1.Dashboard
 	if err := d.Set("description", dashboard.GetDescription()); err != nil {
 		return diag.FromErr(err)
 	}
+	if err := d.Set("url", dashboard.GetUrl()); err != nil {
+		return diag.FromErr(err)
+	}
+
+	// Set RBAC role settings
 	if err := d.Set("is_read_only", dashboard.GetIsReadOnly()); err != nil {
 		return diag.FromErr(err)
 	}
-	if err := d.Set("url", dashboard.GetUrl()); err != nil {
+	restrictedRoles := buildTerraformRestrictedRoles(dashboard.RestrictedRoles)
+	if err := d.Set("restricted_roles", restrictedRoles); err != nil {
 		return diag.FromErr(err)
 	}
 
@@ -315,6 +329,10 @@ func buildDatadogDashboard(d *schema.ResourceData) (*datadogV1.Dashboard, error)
 	if v, ok := d.GetOk("is_read_only"); ok {
 		dashboard.SetIsReadOnly(v.(bool))
 	}
+	if v, ok := d.GetOk("restricted_roles"); ok && !dashboard.GetIsReadOnly() {
+		// do not set when 'is_read_only = true' because this takes priority on requests
+		dashboard.RestrictedRoles = buildDatadogRestrictedRoles(v.(*schema.Set))
+	}
 
 	// Build Widgets
 	terraformWidgets := d.Get("widget").([]interface{})
@@ -513,6 +531,30 @@ func buildTerraformTemplateVariablePresets(datadogTemplateVariablePresets *[]dat
 	return &terraformTemplateVariablePresets
 }
 
+//
+// Restricted Roles helpers
+//
+
+func buildDatadogRestrictedRoles(terraformRestrictedRoles *schema.Set) *[]string {
+	roles := make([]string, 0)
+	for _, r := range terraformRestrictedRoles.List() {
+		roles = append(roles, r.(string))
+	}
+	return &roles
+}
+
+func buildTerraformRestrictedRoles(datadogRestrictedRoles *[]string) *[]string {
+	if datadogRestrictedRoles == nil {
+		terraformRestrictedRoles := make([]string, 0)
+		return &terraformRestrictedRoles
+	}
+	terraformRestrictedRoles := make([]string, len(*datadogRestrictedRoles))
+	for i, roleUUID := range *datadogRestrictedRoles {
+		terraformRestrictedRoles[i] = roleUUID
+	}
+	return &terraformRestrictedRoles
+}
+
 //
 // Notify List helpers
 //

datadog/tests/cassettes/TestAccDatadogDashboardRbac_adminToRbac.freeze

@@ -0,0 +1 @@
+2021-06-14T14:11:07.039383-04:00

datadog/tests/cassettes/TestAccDatadogDashboardRbac_adminToRbac.yaml

@@ -0,0 +1 @@
+2021-06-11T16:54:51.041329-04:00

datadog/tests/cassettes/TestAccDatadogDashboardRbac_createAdmin.freeze

@@ -0,0 +1,216 @@
+---
+version: 1
+interactions:
+- request:
+    body: |
+      {"description":"Created using the Datadog provider in Terraform","id":"","is_read_only":true,"layout_type":"ordered","notify_list":[],"template_variable_presets":[],"template_variables":[],"title":"tf-TestAccDatadogDashboardRbac_createAdmin-local-1623444891","widgets":[{"definition":{"content":"note text","has_padding":true,"show_tick":false,"type":"note"}}]}
+    form: {}
+    headers:
+      Accept:
+      - application/json
+      Content-Type:
+      - application/json
+      Dd-Operation-Id:
+      - CreateDashboard
+      User-Agent:
+      - terraform-provider-datadog/dev (terraform 2.6.1; terraform-cli 0.15.4) datadog-api-client-go/1.0.0-beta.22+dev (go go1.16.3; os darwin; arch amd64)
+    url: https://api.datadoghq.com/api/v1/dashboard
+    method: POST
+  response:
+    body: '{"notify_list":[],"description":"Created using the Datadog provider in Terraform","author_name":null,"template_variable_presets":[],"template_variables":[],"is_read_only":true,"id":"9cf-bmh-734","title":"tf-TestAccDatadogDashboardRbac_createAdmin-local-1623444891","url":"/dashboard/9cf-bmh-734/tf-testaccdatadogdashboardrbaccreateadmin-local-1623444891","created_at":"2021-06-11T20:55:02.417444+00:00","modified_at":"2021-06-11T20:55:02.417444+00:00","author_handle":"[email protected]","widgets":[{"definition":{"content":"note text","has_padding":true,"show_tick":false,"type":"note"},"id":1539309291479890}],"layout_type":"ordered"}'
+    headers:
+      Cache-Control:
+      - no-cache
+      Connection:
+      - keep-alive
+      Content-Security-Policy:
+      - frame-ancestors 'self'; report-uri https://api.datadoghq.com/csp-report
+      Content-Type:
+      - application/json
+      Date:
+      - Fri, 11 Jun 2021 20:55:03 GMT
+      Pragma:
+      - no-cache
+      Strict-Transport-Security:
+      - max-age=15724800;
+      Vary:
+      - Accept-Encoding
+      X-Content-Type-Options:
+      - nosniff
+      X-Dd-Debug:
+      - 2328yjLSqI4XmR1pVqrPRR/SFcQsbafjEpPmZx7/3PfxUK1nJQQsX+wrMelyVyj+
+      X-Dd-Version:
+      - "35.4734225"
+      X-Frame-Options:
+      - SAMEORIGIN
+    status: 200 OK
+    code: 200
+    duration: ""
+- request:
+    body: ""
+    form: {}
+    headers:
+      Accept:
+      - application/json
+      Dd-Operation-Id:
+      - GetDashboard
+      User-Agent:
+      - terraform-provider-datadog/dev (terraform 2.6.1; terraform-cli 0.15.4) datadog-api-client-go/1.0.0-beta.22+dev (go go1.16.3; os darwin; arch amd64)
+    url: https://api.datadoghq.com/api/v1/dashboard/9cf-bmh-734
+    method: GET
+  response:
+    body: '{"notify_list":[],"description":"Created using the Datadog provider in Terraform","author_name":null,"template_variable_presets":[],"template_variables":[],"is_read_only":true,"id":"9cf-bmh-734","title":"tf-TestAccDatadogDashboardRbac_createAdmin-local-1623444891","url":"/dashboard/9cf-bmh-734/tf-testaccdatadogdashboardrbaccreateadmin-local-1623444891","created_at":"2021-06-11T20:55:02.417444+00:00","modified_at":"2021-06-11T20:55:02.417444+00:00","author_handle":"[email protected]","widgets":[{"definition":{"content":"note text","has_padding":true,"show_tick":false,"type":"note"},"id":1539309291479890}],"layout_type":"ordered"}'
+    headers:
+      Cache-Control:
+      - no-cache
+      Connection:
+      - keep-alive
+      Content-Security-Policy:
+      - frame-ancestors 'self'; report-uri https://api.datadoghq.com/csp-report
+      Content-Type:
+      - application/json
+      Date:
+      - Fri, 11 Jun 2021 20:55:04 GMT
+      Pragma:
+      - no-cache
+      Strict-Transport-Security:
+      - max-age=15724800;
+      Vary:
+      - Accept-Encoding
+      X-Content-Type-Options:
+      - nosniff
+      X-Dd-Debug:
+      - EFjE6I+AUQmTiNqZcuE1nqoFeAjWD0Xtzy3edDrinkwlU/Wzr/2Dbl5kWk3qLVaQ
+      X-Dd-Version:
+      - "35.4734225"
+      X-Frame-Options:
+      - SAMEORIGIN
+    status: 200 OK
+    code: 200
+    duration: ""
+- request:
+    body: ""
+    form: {}
+    headers:
+      Accept:
+      - application/json
+      Dd-Operation-Id:
+      - GetDashboard
+      User-Agent:
+      - terraform-provider-datadog/dev (terraform 2.6.1; terraform-cli 0.15.4) datadog-api-client-go/1.0.0-beta.22+dev (go go1.16.3; os darwin; arch amd64)
+    url: https://api.datadoghq.com/api/v1/dashboard/9cf-bmh-734
+    method: GET
+  response:
+    body: '{"notify_list":[],"description":"Created using the Datadog provider in Terraform","author_name":null,"template_variable_presets":[],"template_variables":[],"is_read_only":true,"id":"9cf-bmh-734","title":"tf-TestAccDatadogDashboardRbac_createAdmin-local-1623444891","url":"/dashboard/9cf-bmh-734/tf-testaccdatadogdashboardrbaccreateadmin-local-1623444891","created_at":"2021-06-11T20:55:02.417444+00:00","modified_at":"2021-06-11T20:55:02.417444+00:00","author_handle":"[email protected]","widgets":[{"definition":{"content":"note text","has_padding":true,"show_tick":false,"type":"note"},"id":1539309291479890}],"layout_type":"ordered"}'
+    headers:
+      Cache-Control:
+      - no-cache
+      Connection:
+      - keep-alive
+      Content-Security-Policy:
+      - frame-ancestors 'self'; report-uri https://api.datadoghq.com/csp-report
+      Content-Type:
+      - application/json
+      Date:
+      - Fri, 11 Jun 2021 20:55:05 GMT
+      Pragma:
+      - no-cache
+      Strict-Transport-Security:
+      - max-age=15724800;
+      Vary:
+      - Accept-Encoding
+      X-Content-Type-Options:
+      - nosniff
+      X-Dd-Debug:
+      - EFjE6I+AUQmTiNqZcuE1nqoFeAjWD0Xtzy3edDrinkwlU/Wzr/2Dbl5kWk3qLVaQ
+      X-Dd-Version:
+      - "35.4734225"
+      X-Frame-Options:
+      - SAMEORIGIN
+    status: 200 OK
+    code: 200
+    duration: ""
+- request:
+    body: ""
+    form: {}
+    headers:
+      Accept:
+      - application/json
+      Dd-Operation-Id:
+      - GetDashboard
+      User-Agent:
+      - terraform-provider-datadog/dev (terraform 2.6.1; terraform-cli 0.15.4) datadog-api-client-go/1.0.0-beta.22+dev (go go1.16.3; os darwin; arch amd64)
+    url: https://api.datadoghq.com/api/v1/dashboard/9cf-bmh-734
+    method: GET
+  response:
+    body: '{"notify_list":[],"description":"Created using the Datadog provider in Terraform","author_name":null,"template_variable_presets":[],"template_variables":[],"is_read_only":true,"id":"9cf-bmh-734","title":"tf-TestAccDatadogDashboardRbac_createAdmin-local-1623444891","url":"/dashboard/9cf-bmh-734/tf-testaccdatadogdashboardrbaccreateadmin-local-1623444891","created_at":"2021-06-11T20:55:02.417444+00:00","modified_at":"2021-06-11T20:55:02.417444+00:00","author_handle":"[email protected]","widgets":[{"definition":{"content":"note text","has_padding":true,"show_tick":false,"type":"note"},"id":1539309291479890}],"layout_type":"ordered"}'
+    headers:
+      Cache-Control:
+      - no-cache
+      Connection:
+      - keep-alive
+      Content-Security-Policy:
+      - frame-ancestors 'self'; report-uri https://api.datadoghq.com/csp-report
+      Content-Type:
+      - application/json
+      Date:
+      - Fri, 11 Jun 2021 20:55:09 GMT
+      Pragma:
+      - no-cache
+      Strict-Transport-Security:
+      - max-age=15724800;
+      Vary:
+      - Accept-Encoding
+      X-Content-Type-Options:
+      - nosniff
+      X-Dd-Debug:
+      - JpIJLwIH2nFlZOC+u71rq7aAOL43MLZN3MUsL+gpYHdZz5QLUOG8Jysf8kVK6tPU
+      X-Dd-Version:
+      - "35.4734225"
+      X-Frame-Options:
+      - SAMEORIGIN
+    status: 200 OK
+    code: 200
+    duration: ""
+- request:
+    body: ""
+    form: {}
+    headers:
+      Accept:
+      - application/json
+      Dd-Operation-Id:
+      - DeleteDashboard
+      User-Agent:
+      - terraform-provider-datadog/dev (terraform 2.6.1; terraform-cli 0.15.4) datadog-api-client-go/1.0.0-beta.22+dev (go go1.16.3; os darwin; arch amd64)
+    url: https://api.datadoghq.com/api/v1/dashboard/9cf-bmh-734
+    method: DELETE
+  response:
+    body: '{"deleted_dashboard_id":"9cf-bmh-734"}'
+    headers:
+      Cache-Control:
+      - no-cache
+      Connection:
+      - keep-alive
+      Content-Security-Policy:
+      - frame-ancestors 'self'; report-uri https://api.datadoghq.com/csp-report
+      Content-Type:
+      - application/json
+      Date:
+      - Fri, 11 Jun 2021 20:55:17 GMT
+      Pragma:
+      - no-cache
+      Strict-Transport-Security:
+      - max-age=15724800;
+      Vary:
+      - Accept-Encoding
+      X-Content-Type-Options:
+      - nosniff
+      X-Dd-Debug:
+      - L3ULR3HwCWYmEqCWGz2Yob3chcH4pjowBacBXkncP7o+/uPqKt9yGEYf/g1AJPzQ
+      X-Dd-Version:
+      - "35.4734225"
+      X-Frame-Options:
+      - SAMEORIGIN
+    status: 200 OK
+    code: 200
+    duration: ""

datadog/tests/cassettes/TestAccDatadogDashboardRbac_createAdmin.yaml

@@ -0,0 +1 @@
+2021-06-11T16:57:48.794947-04:00