feat: resource observe_grant minor updates (#164)

docs/data-sources/rbac_group.md

@@ -17,10 +17,10 @@ data "observe_rbac_group" "example" {
   name = "example"
 }
 
-// In RBAC v2, "everyone" is a special pre-defined group that always includes all users.
+// In RBAC v2, "Everyone" is a special pre-defined group that always includes all users.
 // Reach out to Observe to enable this feature.
 data "observe_rbac_group" "everyone" {
-  name = "everyone"
+  name = "Everyone"
 }
 ```
 

docs/resources/grant.md

@@ -29,9 +29,9 @@ data "observe_rbac_group" "example" {
   name = "engineering"
 }
 
-// "everyone" is a special pre-defined group that always includes all users
+// "Everyone" is a special pre-defined group that always includes all users
 data "observe_rbac_group" "everyone" {
-  name = "everyone"
+  name = "Everyone"
 }
 
 data "observe_dataset" "example" {

examples/data-sources/observe_rbac_group/data-source.tf

@@ -2,8 +2,8 @@ data "observe_rbac_group" "example" {
   name = "example"
 }
 
-// In RBAC v2, "everyone" is a special pre-defined group that always includes all users.
+// In RBAC v2, "Everyone" is a special pre-defined group that always includes all users.
 // Reach out to Observe to enable this feature.
 data "observe_rbac_group" "everyone" {
-  name = "everyone"
+  name = "Everyone"
 }

examples/resources/observe_grant/resource.tf

@@ -10,9 +10,9 @@ data "observe_rbac_group" "example" {
   name = "engineering"
 }
 
-// "everyone" is a special pre-defined group that always includes all users
+// "Everyone" is a special pre-defined group that always includes all users
 data "observe_rbac_group" "everyone" {
-  name = "everyone"
+  name = "Everyone"
 }
 
 data "observe_dataset" "example" {

observe/data_source_rbac_group.go

@@ -63,17 +63,6 @@ func dataSourceRbacGroupRead(ctx context.Context, data *schema.ResourceData, met
 		r, err = client.GetRbacGroup(ctx, explicitId)
 	} else if name != "" {
 		r, err = client.LookupRbacGroup(ctx, name)
-
-		// In RBAC v2, "everyone" is a special group with id "1" that always includes all users.
-		// To prevent issues for customers who have a real group named "everyone", only
-		// return this special group if the lookup failed.
-		if err != nil && name == "everyone" {
-			r = &gql.RbacGroup{
-				Id:   "1",
-				Name: "everyone",
-			}
-			err = nil
-		}
 	}
 
 	if err != nil {

observe/resource_grant.go

@@ -17,7 +17,6 @@ func resourceGrant() *schema.Resource {
 	return &schema.Resource{
 		Description:   descriptions.Get("grant", "description"),
 		CreateContext: resourceGrantCreate,
-		UpdateContext: resourceGrantUpdate,
 		ReadContext:   resourceGrantRead,
 		DeleteContext: resourceGrantDelete,
 		Importer: &schema.ResourceImporter{
@@ -29,12 +28,14 @@ func resourceGrant() *schema.Resource {
 				Required:         true,
 				ValidateDiagFunc: validateOID(oid.TypeUser, oid.TypeRbacGroup),
 				Description:      descriptions.Get("grant", "schema", "subject"),
+				ForceNew:         true,
 			},
 			"role": {
 				Type:             schema.TypeString,
 				Required:         true,
 				ValidateDiagFunc: validateEnums(validGrantRoles),
 				Description:      descriptions.Get("grant", "schema", "role"),
+				ForceNew:         true,
 			},
 			"qualifier": {
 				Type:     schema.TypeList,
@@ -52,6 +53,7 @@ func resourceGrant() *schema.Resource {
 						// in the future, will contain other qualifiers such as "tags"
 					},
 				},
+				ForceNew: true,
 			},
 			"oid": {
 				Type:     schema.TypeString,
@@ -80,11 +82,7 @@ func newGrantInput(data *schema.ResourceData) (input *gql.RbacStatementInput, di
 		}
 		input.Subject.UserId = &uid
 	} else if subject.Type == oid.TypeRbacGroup {
-		if subject.Id == "1" {
-			input.Subject.All = boolPtr(true)
-		} else {
-			input.Subject.GroupId = &subject.Id
-		}
+		input.Subject.GroupId = &subject.Id
 	}
 
 	// role
@@ -122,9 +120,7 @@ func grantToResourceData(stmt *gql.RbacStatement, data *schema.ResourceData) (di
 
 	// subject
 	subject := ""
-	if stmt.Subject.All != nil && *stmt.Subject.All {
-		subject = oid.RbacGroupOid("1").String()
-	} else if stmt.Subject.UserId != nil {
+	if stmt.Subject.UserId != nil {
 		subject = oid.UserOid(*stmt.Subject.UserId).String()
 	} else if stmt.Subject.GroupId != nil {
 		subject = oid.RbacGroupOid(*stmt.Subject.GroupId).String()
@@ -208,22 +204,6 @@ func resourceGrantCreate(ctx context.Context, data *schema.ResourceData, meta in
 	return append(diags, resourceGrantRead(ctx, data, meta)...)
 }
 
-func resourceGrantUpdate(ctx context.Context, data *schema.ResourceData, meta interface{}) (diags diag.Diagnostics) {
-	client := meta.(*observe.Client)
-
-	input, diags := newGrantInput(data)
-	if diags.HasError() {
-		return diags
-	}
-
-	_, err := client.UpdateRbacStatement(ctx, data.Id(), input)
-	if err != nil {
-		return diag.Errorf("failed to update grant: %s", err.Error())
-	}
-
-	return append(diags, resourceGrantRead(ctx, data, meta)...)
-}
-
 func resourceGrantRead(ctx context.Context, data *schema.ResourceData, meta interface{}) (diags diag.Diagnostics) {
 	client := meta.(*observe.Client)
 

observe/resource_grant_test.go

@@ -92,7 +92,7 @@ func TestAccObserveGrantEveryoneWorksheetView(t *testing.T) {
 			{
 				Config: fmt.Sprintf(configPreamble+datastreamConfigPreamble+`
 				data "observe_rbac_group" "everyone" {
-				  name = "everyone"
+				  name = "Everyone"
 				}
 
 				data "observe_oid" "dataset" {