search

splunk / terraform-provider-splunk

Terraform Provider for Splunk
Mozilla Public License 2.0
103 stars 76 forks source link

Data UI Views does not persist permissions on creation #59

Closed bhayes-zd closed 3 years ago

bhayes-zd commented 3 years ago

Problem

When attempting to create a dashboard using the splunk_data_ui_views the permissions settings always revert to private. So when attempting to post the following, it does not maintain the global permission.

This same issue occurs when attempting to set any level of access other than private.

Potential problem spots are the following:

Looks like its not getting the ACL successfully and could be defaulting in that if statement.

Expected Behavior

When running terraform apply, it should create the dashboard with the same permissions as the HCL config.

resource "splunk_data_ui_views" "terraform_test_dashboard" {
  name     = "new_test_dashboard"
  eai_data = <<EOF
    <dashboard>
        <label>New Test Dashboard</label>
        <row>
            <panel></panel>
        </row>
    </dashboard>
  EOF
  acl {
    owner   = "admin"
    app     = "search"
    sharing = "global"
    read    = ["*"]
    write   = ["*"]
  }
}

This might be worth adding as a unit test. Let me know if I can help in any way ! 😄

ftieben commented 3 years ago

I think the bigger Problem here is that the sharing parameter is hard-coded:

https://github.com/splunk/terraform-provider-splunk/blob/master/splunk/resource_splunk_data_ui_views.go#L60

func splunkDashboardsCreate(d *schema.ResourceData, meta interface{}) error {
    provider := meta.(*SplunkProvider)
    name := d.Get("name").(string)
    splunkDashboardsObj := getSplunkDashboardsConfig(d)
    aclObject := &models.ACLObject{}
    if r, ok := d.GetOk("acl"); ok {
        aclObject = getACLConfig(r.([]interface{}))
    } else {
        aclObject.App = "search"
        aclObject.Owner = "admin"
        aclObject.Sharing = "user"
    }
    err := (*provider.Client).CreateDashboardObject(aclObject.Owner, aclObject.App, splunkDashboardsObj)
    if err != nil {
        return err
    }

    if _, ok := d.GetOk("acl"); ok {
        aclObject.Sharing = "user" // hard-coding to avoid to user input; because changing object sharing permissions messes deletion of object
        err = (*provider.Client).UpdateAcl(aclObject.Owner, aclObject.App, name, aclObject, "data", "ui", "views")
        if err != nil {
            return err
        }
    }

    d.SetId(name)
    return splunkDashboardsRead(d, meta)
}
anushjay commented 3 years ago

@bhayes-zd @ftieben We thought there might be an issue there. I have a branch with the fix and will merge when tests are done.