diff --git a/examples/user_team_api_key.tf b/examples/user_team_api_key.tf index 2b5da1f5..9f792a9b 100644 --- a/examples/user_team_api_key.tf +++ b/examples/user_team_api_key.tf @@ -89,10 +89,10 @@ resource "ns1_user" "example_whitelist_user" { ## API keys resource "ns1_apikey" "example" { name = "Example API Key from Terraform" - dhcp_manage_dhcp = true - dhcp_view_dhcp = true - ipam_manage_ipam = true - ipam_view_ipam = true + monitoring_manage_lists = true + monitoring_manage_jobs = true + monitoring_view_jobs = true + security_manage_global_2fa = true } @@ -122,10 +122,10 @@ resource "ns1_apikey" "example" { #account_view_invoices - (Optional) Whether the user can view invoices. #account_manage_ip_whitelist - (Optional) Whether the user can manage ip whitelist. #monitoring_manage_lists - (Optional) Whether the user can modify notification lists. -#monitoring_manage_jobs - (Optional) Whether the user can modify monitoring jobs. +#monitoring_manage_jobs - (Optional) Whether the user can create, update, and delete monitoring jobs. +#monitoring_create_jobs - (Optional) Whether the user can create monitoring jobs when manage_jobs is not set to true. +#monitoring_update_jobs - (Optional) Whether the user can update monitoring jobs when manage_jobs is not set to true. +#monitoring_delete_jobs - (Optional) Whether the user can delete monitoring jobs when manage_jobs is not set to true. #monitoring_view_jobs - (Optional) Whether the user can view monitoring jobs. #security_manage_global_2fa - (Optional) Whether the user can manage global two factor authentication. #security_manage_active_directory - (Optional) Whether the user can manage global active directory. Only relevant for the DDI product. -#dhcp_manage_dhcp - (Optional) Whether the user can manage DHCP. Only relevant for the DDI product. -#dhcp_view_dhcp - (Optional) Whether the user can view DHCP. Only relevant for the DDI product. -#ipam_manage_ipam - (Optional) Whether the user can manage IPAM. Only relevant for the DDI product. diff --git a/go.mod b/go.mod index 0997a96e..26988204 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.7 github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1 github.com/stretchr/testify v1.8.1 - gopkg.in/ns1/ns1-go.v2 v2.11.0 + gopkg.in/ns1/ns1-go.v2 v2.12.0 ) require ( diff --git a/go.sum b/go.sum index af0936a6..d47e7df7 100644 --- a/go.sum +++ b/go.sum @@ -251,8 +251,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/ns1/ns1-go.v2 v2.11.0 h1:T+rMHhQsQ58bSgGZwX8INxU0sjDO7cWieX9xPr/UEY4= -gopkg.in/ns1/ns1-go.v2 v2.11.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc= +gopkg.in/ns1/ns1-go.v2 v2.12.0 h1:cqdqQoTx17JmTusfxh5m3e2b36jfUzFAZedv89pFX18= +gopkg.in/ns1/ns1-go.v2 v2.12.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/ns1/config.go b/ns1/config.go index b7792000..4343edc1 100644 --- a/ns1/config.go +++ b/ns1/config.go @@ -29,7 +29,6 @@ type Config struct { Key string Endpoint string IgnoreSSL bool - EnableDDI bool RateLimitParallelism int RetryMax int UserAgent string @@ -69,10 +68,6 @@ func (c *Config) Client() (*ns1.Client, error) { httpClient.Transport = tr } - if c.EnableDDI { - decos = append(decos, ns1.SetDDIAPI()) - } - // If NS1_DEBUG is set, define custom Doer to log HTTP requests made by SDK if os.Getenv("NS1_DEBUG") != "" { doer := ns1.Decorate(httpClient, Logging()) diff --git a/ns1/permissions.go b/ns1/permissions.go index 737eb0be..d099518b 100644 --- a/ns1/permissions.go +++ b/ns1/permissions.go @@ -149,43 +149,37 @@ func addPermsSchema(s map[string]*schema.Schema) map[string]*schema.Schema { Default: false, DiffSuppressFunc: suppressPermissionDiff, } - s["monitoring_view_jobs"] = &schema.Schema{ + s["monitoring_create_jobs"] = &schema.Schema{ Type: schema.TypeBool, Optional: true, Default: false, DiffSuppressFunc: suppressPermissionDiff, } - s["security_manage_global_2fa"] = &schema.Schema{ - Type: schema.TypeBool, - Optional: true, - Default: true, - DiffSuppressFunc: suppressPermissionDiff, - } - s["security_manage_active_directory"] = &schema.Schema{ + s["monitoring_update_jobs"] = &schema.Schema{ Type: schema.TypeBool, Optional: true, - Default: true, + Default: false, DiffSuppressFunc: suppressPermissionDiff, } - s["dhcp_manage_dhcp"] = &schema.Schema{ + s["monitoring_delete_jobs"] = &schema.Schema{ Type: schema.TypeBool, Optional: true, - Default: true, + Default: false, DiffSuppressFunc: suppressPermissionDiff, } - s["dhcp_view_dhcp"] = &schema.Schema{ + s["monitoring_view_jobs"] = &schema.Schema{ Type: schema.TypeBool, Optional: true, - Default: true, + Default: false, DiffSuppressFunc: suppressPermissionDiff, } - s["ipam_manage_ipam"] = &schema.Schema{ + s["security_manage_global_2fa"] = &schema.Schema{ Type: schema.TypeBool, Optional: true, Default: true, DiffSuppressFunc: suppressPermissionDiff, } - s["ipam_view_ipam"] = &schema.Schema{ + s["security_manage_active_directory"] = &schema.Schema{ Type: schema.TypeBool, Optional: true, Default: true, @@ -248,19 +242,14 @@ func permissionsToResourceData(d *schema.ResourceData, permissions account.Permi d.Set("account_manage_ip_whitelist", permissions.Account.ManageIPWhitelist) d.Set("monitoring_manage_lists", permissions.Monitoring.ManageLists) d.Set("monitoring_manage_jobs", permissions.Monitoring.ManageJobs) + d.Set("monitoring_create_jobs", permissions.Monitoring.CreateJobs) + d.Set("monitoring_update_jobs", permissions.Monitoring.UpdateJobs) + d.Set("monitoring_delete_jobs", permissions.Monitoring.DeleteJobs) d.Set("monitoring_view_jobs", permissions.Monitoring.ViewJobs) if permissions.Security != nil { d.Set("security_manage_global_2fa", permissions.Security.ManageGlobal2FA) d.Set("security_manage_active_directory", permissions.Security.ManageActiveDirectory) } - if permissions.DHCP != nil { - d.Set("dhcp_manage_dhcp", permissions.DHCP.ManageDHCP) - d.Set("dhcp_view_dhcp", permissions.DHCP.ViewDHCP) - } - if permissions.IPAM != nil { - d.Set("ipam_manage_ipam", permissions.IPAM.ManageIPAM) - d.Set("ipam_view_ipam", permissions.IPAM.ViewIPAM) - } if permissions.DNS.RecordsAllow != nil { d.Set("dns_records_allow", dnsRecordsACLtoSchema(permissions.DNS.RecordsAllow)) } @@ -351,6 +340,15 @@ func resourceDataToPermissions(d *schema.ResourceData) account.PermissionsMap { if v, ok := d.GetOk("monitoring_manage_jobs"); ok { p.Monitoring.ManageJobs = v.(bool) } + if v, ok := d.GetOk("monitoring_create_jobs"); ok { + p.Monitoring.CreateJobs = v.(bool) + } + if v, ok := d.GetOk("monitoring_update_jobs"); ok { + p.Monitoring.UpdateJobs = v.(bool) + } + if v, ok := d.GetOk("monitoring_delete_jobs"); ok { + p.Monitoring.DeleteJobs = v.(bool) + } if v, ok := d.GetOk("monitoring_view_jobs"); ok { p.Monitoring.ViewJobs = v.(bool) } @@ -363,30 +361,6 @@ func resourceDataToPermissions(d *schema.ResourceData) account.PermissionsMap { if v, ok := d.GetOk("security_manage_active_directory"); ok { p.Security.ManageActiveDirectory = v.(bool) } - for _, thing := range []string{"dhcp_manage_dhcp", "dhcp_view_dhcp"} { - _, ok := d.GetOkExists(thing) - if d.HasChange(thing) || ok { - p.DHCP = &account.PermissionsDHCP{} - } - } - if v, ok := d.GetOk("dhcp_manage_dhcp"); ok { - p.DHCP.ManageDHCP = v.(bool) - } - if v, ok := d.GetOk("dhcp_view_dhcp"); ok { - p.DHCP.ViewDHCP = v.(bool) - } - for _, thing := range []string{"ipam_manage_ipam", "ipam_view_ipam"} { - _, ok := d.GetOkExists(thing) - if d.HasChange(thing) || ok { - p.IPAM = &account.PermissionsIPAM{} - } - } - if v, ok := d.GetOk("ipam_manage_ipam"); ok { - p.IPAM.ManageIPAM = v.(bool) - } - if v, ok := d.GetOk("ipam_view_ipam"); ok { - p.IPAM.ViewIPAM = v.(bool) - } return p } diff --git a/ns1/permissions_migrations.go b/ns1/permissions_migrations.go index db4866e0..e092f809 100644 --- a/ns1/permissions_migrations.go +++ b/ns1/permissions_migrations.go @@ -9,10 +9,6 @@ import ( func permissionInstanceStateUpgradeV0(ctx context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) { rawState["security_manage_global_2fa"] = false rawState["security_manage_active_directory"] = false - rawState["dhcp_manage_dhcp"] = false - rawState["dhcp_view_dhcp"] = false - rawState["ipam_manage_ipam"] = false - rawState["ipam_view_ipam"] = false return rawState, nil } diff --git a/ns1/provider.go b/ns1/provider.go index 953ec3ed..63405db6 100644 --- a/ns1/provider.go +++ b/ns1/provider.go @@ -30,12 +30,6 @@ func Provider() *schema.Provider { DefaultFunc: schema.EnvDefaultFunc("NS1_IGNORE_SSL", nil), Description: descriptions["ignore_ssl"], }, - "enable_ddi": { - Type: schema.TypeBool, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("NS1_ENABLE_DDI", nil), - Description: descriptions["enable_ddi"], - }, "rate_limit_parallelism": { Type: schema.TypeInt, Optional: true, @@ -108,9 +102,6 @@ func ns1Configure(d *schema.ResourceData) (interface{}, error) { if v, ok := d.GetOk("ignore_ssl"); ok { config.IgnoreSSL = v.(bool) } - if v, ok := d.GetOk("enable_ddi"); ok { - config.EnableDDI = v.(bool) - } if v, ok := d.GetOk("rate_limit_parallelism"); ok { config.RateLimitParallelism = v.(int) } @@ -134,7 +125,6 @@ func init() { "rate_limit_parallelism": "Tune response to rate limits, see docs", "retry_max": "Maximum retries for 50x errors (-1 to disable)", "user_agent": "User-Agent string to use in NS1 API requests", - "enable_ddi": "Deprecated, no longer in use", } structs.DefaultTagName = "json" diff --git a/ns1/resource_team_test.go b/ns1/resource_team_test.go index 400031c5..3c145550 100644 --- a/ns1/resource_team_test.go +++ b/ns1/resource_team_test.go @@ -116,7 +116,7 @@ func TestAccTeam_ManualDelete(t *testing.T) { func TestAccTeam_import_test(t *testing.T) { var team account.Team n := fmt.Sprintf("terraform test team %s", acctest.RandStringFromCharSet(15, acctest.CharSetAlphaNum)) - ignored_fields := []string{"dhcp_manage_dhcp", "dhcp_view_dhcp", "ipam_manage_ipam", "ipam_view_ipam", "dns_records"} + ignored_fields := []string{"dns_records"} resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, diff --git a/ns1/resource_user_test.go b/ns1/resource_user_test.go index 7d908a11..e110274e 100644 --- a/ns1/resource_user_test.go +++ b/ns1/resource_user_test.go @@ -444,7 +444,7 @@ func TestAccUser_import_test(t *testing.T) { rString := acctest.RandStringFromCharSet(15, acctest.CharSetAlphaNum) name := fmt.Sprintf("terraform acc test user %s", rString) username := fmt.Sprintf("tf_acc_test_user_%s", rString) - ignored_fields := []string{"dhcp_manage_dhcp", "dhcp_view_dhcp", "ipam_manage_ipam", "ipam_view_ipam"} + ignored_fields := []string{""} resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, diff --git a/website/docs/r/apikey.html.markdown b/website/docs/r/apikey.html.markdown index aa9ee94e..49a5422e 100644 --- a/website/docs/r/apikey.html.markdown +++ b/website/docs/r/apikey.html.markdown @@ -70,19 +70,14 @@ The following arguments are supported: * `account_view_invoices` - (Optional) Whether the apikey can view invoices. * `account_manage_ip_whitelist` - (Optional) Whether the apikey can manage ip whitelist. * `monitoring_manage_lists` - (Optional) Whether the apikey can modify notification lists. -* `monitoring_manage_jobs` - (Optional) Whether the apikey can modify monitoring jobs. +* `monitoring_manage_jobs` - (Optional) Whether the user can create, update, and delete monitoring jobs. +* `monitoring_create_jobs` - (Optional) Whether the user can create monitoring jobs when manage_jobs is not set to true. +* `monitoring_update_jobs` - (Optional) Whether the user can update monitoring jobs when manage_jobs is not set to true. +* `monitoring_delete_jobs` - (Optional) Whether the user can delete monitoring jobs when manage_jobs is not set to true. * `monitoring_view_jobs` - (Optional) Whether the apikey can view monitoring jobs. * `security_manage_global_2fa` - (Optional) Whether the apikey can manage global two factor authentication. * `security_manage_active_directory` - (Optional) Whether the apikey can manage global active directory. Only relevant for the DDI product. -* `dhcp_manage_dhcp` - (Optional) Whether the apikey can manage DHCP. -Only relevant for the DDI product. -* `dhcp_view_dhcp` - (Optional) Whether the apikey can view DHCP. -Only relevant for the DDI product. -* `ipam_manage_ipam` - (Optional) Whether the apikey can manage IPAM. -Only relevant for the DDI product. -* `ipam_view_ipam` - (Optional) Whether the apikey can view IPAM. -Only relevant for the DDI product. ## Attributes Reference diff --git a/website/docs/r/team.html.markdown b/website/docs/r/team.html.markdown index 327a9ed9..34a1de02 100644 --- a/website/docs/r/team.html.markdown +++ b/website/docs/r/team.html.markdown @@ -80,19 +80,14 @@ The following arguments are supported: * `account_view_invoices` - (Optional) Whether the team can view invoices. * `account_manage_ip_whitelist` - (Optional) Whether the team can manage ip whitelist. * `monitoring_manage_lists` - (Optional) Whether the team can modify notification lists. -* `monitoring_manage_jobs` - (Optional) Whether the team can modify monitoring jobs. +* `monitoring_manage_jobs` - (Optional) Whether the user can create, update, and delete monitoring jobs. +* `monitoring_create_jobs` - (Optional) Whether the user can create monitoring jobs when manage_jobs is not set to true. +* `monitoring_update_jobs` - (Optional) Whether the user can update monitoring jobs when manage_jobs is not set to true. +* `monitoring_delete_jobs` - (Optional) Whether the user can delete monitoring jobs when manage_jobs is not set to true. * `monitoring_view_jobs` - (Optional) Whether the team can view monitoring jobs. * `security_manage_global_2fa` - (Optional) Whether the team can manage global two factor authentication. * `security_manage_active_directory` - (Optional) Whether the team can manage global active directory. Only relevant for the DDI product. -* `dhcp_manage_dhcp` - (Optional) Whether the team can manage DHCP. -Only relevant for the DDI product. -* `dhcp_view_dhcp` - (Optional) Whether the team can view DHCP. -Only relevant for the DDI product. -* `ipam_manage_ipam` - (Optional) Whether the team can manage IPAM. -Only relevant for the DDI product. -* `ipam_view_ipam` - (Optional) Whether the team can view IPAM. -Only relevant for the DDI product. ## Import diff --git a/website/docs/r/user.html.markdown b/website/docs/r/user.html.markdown index aa930fa9..14bf05c8 100644 --- a/website/docs/r/user.html.markdown +++ b/website/docs/r/user.html.markdown @@ -77,17 +77,14 @@ The following arguments are supported: * `account_view_invoices` - (Optional) Whether the user can view invoices. * `account_manage_ip_whitelist` - (Optional) Whether the user can manage ip whitelist. * `monitoring_manage_lists` - (Optional) Whether the user can modify notification lists. -* `monitoring_manage_jobs` - (Optional) Whether the user can modify monitoring jobs. +* `monitoring_manage_jobs` - (Optional) Whether the user can create, update, and delete monitoring jobs. +* `monitoring_create_jobs` - (Optional) Whether the user can create monitoring jobs when manage_jobs is not set to true. +* `monitoring_update_jobs` - (Optional) Whether the user can update monitoring jobs when manage_jobs is not set to true. +* `monitoring_delete_jobs` - (Optional) Whether the user can delete monitoring jobs when manage_jobs is not set to true. * `monitoring_view_jobs` - (Optional) Whether the user can view monitoring jobs. * `security_manage_global_2fa` - (Optional) Whether the user can manage global two factor authentication. * `security_manage_active_directory` - (Optional) Whether the user can manage global active directory. Only relevant for the DDI product. -* `dhcp_manage_dhcp` - (Optional) Whether the user can manage DHCP. -Only relevant for the DDI product. -* `dhcp_view_dhcp` - (Optional) Whether the user can view DHCP. -Only relevant for the DDI product. -* `ipam_manage_ipam` - (Optional) Whether the user can manage IPAM. -Only relevant for the DDI product. ## Import