feat: add MonitorGlobalMuter grant role (#161)

observeinc · Oct 16, 2024 · 69626b2 · 69626b2
1 parent 5fe1485
commit 69626b2
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 22 deletions.
diff --git a/client/internal/meta/schema/rbac.graphql b/client/internal/meta/schema/rbac.graphql
@@ -115,7 +115,7 @@ extend type Mutation {
     updateRbacStatement(id: ORN!, input: RbacStatementInput!): RbacStatement!
     deleteRbacStatement(id: ORN!): ResultStatus!
     """
-    mutateRbacStatements is delicious dessert topping, and also works great as a floor wax!
+    MutateRbacStatements is delicious dessert topping, and also works great as a floor wax!
     It will perform all the mutations requested and commit them as one operation, or it will
     return an error and have performed none of the mutations; there are no half-way changes.
     """
@@ -145,6 +145,7 @@ enum RbacRole @goModel(model: "observe/rbac/policy.Role") {
     Viewer
     Ingester
     Lister
+    MonitorGlobalMute
 }
 
 type RbacGroup implements AuditedObject @goModel(model: "observe/rbac/policy.Group") {

diff --git a/client/meta/genqlient.generated.go b/client/meta/genqlient.generated.go
diff --git a/observe/resource_grant.go b/observe/resource_grant.go
@@ -140,6 +140,8 @@ func grantToResourceData(stmt *gql.RbacStatement, data *schema.ResourceData) (di
 	qualifier := make(map[string]interface{}, 0)
 	if stmt.Role == gql.RbacRoleManager && stmt.Object.All != nil && *stmt.Object.All {
 		role = toSnake(string(Administrator))
+	} else if stmt.Role == gql.RbacRoleMonitorglobalmute {
+		role = toSnake(string(MonitorGlobalMuter))
 	} else if stmt.Object.Type != nil {
 		objType := oid.Type(*stmt.Object.Type)
 		if !sliceContains(validRbacV2Types, objType) {
@@ -247,22 +249,23 @@ func resourceGrantDelete(ctx context.Context, data *schema.ResourceData, meta in
 type GrantRole string
 
 const (
-	Administrator     GrantRole = "Administrator"
-	DashboardCreator  GrantRole = "DashboardCreator"
-	DashboardEditor   GrantRole = "DashboardEditor"
-	DashboardViewer   GrantRole = "DashboardViewer"
-	DatasetCreator    GrantRole = "DatasetCreator"
-	DatasetEditor     GrantRole = "DatasetEditor"
-	DatasetViewer     GrantRole = "DatasetViewer"
-	DatastreamCreator GrantRole = "DatastreamCreator"
-	DatastreamEditor  GrantRole = "DatastreamEditor"
-	DatastreamViewer  GrantRole = "DatastreamViewer"
-	MonitorCreator    GrantRole = "MonitorCreator"
-	MonitorEditor     GrantRole = "MonitorEditor"
-	MonitorViewer     GrantRole = "MonitorViewer"
-	WorksheetCreator  GrantRole = "WorksheetCreator"
-	WorksheetEditor   GrantRole = "WorksheetEditor"
-	WorksheetViewer   GrantRole = "WorksheetViewer"
+	Administrator      GrantRole = "Administrator"
+	DashboardCreator   GrantRole = "DashboardCreator"
+	DashboardEditor    GrantRole = "DashboardEditor"
+	DashboardViewer    GrantRole = "DashboardViewer"
+	DatasetCreator     GrantRole = "DatasetCreator"
+	DatasetEditor      GrantRole = "DatasetEditor"
+	DatasetViewer      GrantRole = "DatasetViewer"
+	DatastreamCreator  GrantRole = "DatastreamCreator"
+	DatastreamEditor   GrantRole = "DatastreamEditor"
+	DatastreamViewer   GrantRole = "DatastreamViewer"
+	MonitorCreator     GrantRole = "MonitorCreator"
+	MonitorEditor      GrantRole = "MonitorEditor"
+	MonitorViewer      GrantRole = "MonitorViewer"
+	MonitorGlobalMuter GrantRole = "MonitorGlobalMuter"
+	WorksheetCreator   GrantRole = "WorksheetCreator"
+	WorksheetEditor    GrantRole = "WorksheetEditor"
+	WorksheetViewer    GrantRole = "WorksheetViewer"
 )
 
 var validGrantRoles = []GrantRole{
@@ -279,6 +282,7 @@ var validGrantRoles = []GrantRole{
 	MonitorCreator,
 	MonitorEditor,
 	MonitorViewer,
+	MonitorGlobalMuter,
 	WorksheetCreator,
 	WorksheetEditor,
 	WorksheetViewer,
@@ -317,6 +321,8 @@ var viewGrantRoleForType = map[oid.Type]GrantRole{
 func (r GrantRole) ToRbacRole() (gql.RbacRole, error) {
 	if r == Administrator {
 		return gql.RbacRoleManager, nil
+	} else if r == MonitorGlobalMuter {
+		return gql.RbacRoleMonitorglobalmute, nil
 	} else if sliceContains(createGrantRoles, r) || sliceContains(editGrantRoles, r) {
 		return gql.RbacRoleEditor, nil
 	} else if sliceContains(viewGrantRoles, r) {
@@ -359,6 +365,9 @@ func (r GrantRole) ToRbacObject(resourceId *string) (gql.RbacObjectInput, error)
 	switch r {
 	case Administrator:
 		objectInput.All = boolPtr(true)
+	case MonitorGlobalMuter:
+		// this grant role doesn't require anything on the statement object,
+		// just setting the statement role is sufficient
 	default:
 		objectInput.Type = (*string)(r.ToType())
 		objectInput.ObjectId = resourceId

diff --git a/observe/resource_grant_test.go b/observe/resource_grant_test.go
@@ -158,3 +158,29 @@ func TestAccObserveGrantGroupAdminWorkspace(t *testing.T) {
 		},
 	})
 }
+
+func TestAccObserveGrantGroupMonitorGlobalMuter(t *testing.T) {
+	randomPrefix := acctest.RandomWithPrefix("tf")
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(configPreamble+`
+				resource "observe_rbac_group" "example" {
+				  name      = "%[1]s"
+				}
+
+				resource "observe_grant" "example" {
+				  subject = observe_rbac_group.example.oid
+				  role    = "monitor_global_muter"
+				}
+				`, randomPrefix),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("observe_grant.example", "subject"),
+					resource.TestCheckResourceAttr("observe_grant.example", "role", "monitor_global_muter"),
+				),
+			},
+		},
+	})
+}