Skip to content

Commit

Permalink
[resource_monitor_json] Avoid restricted role diffs with restricton_p…
Browse files Browse the repository at this point in the history 
…olicy (#2638)

This hacks around this (already hacky) resource having conflicts with the restricted_roles attribute when the restriction_policy resource is used to manage permissions on monitors. The general strategy is to ignore roles sent back from the API if roles are not explicitly defined in the monitor. Note: This resource should be convered to a framework provider resource, that should provide much easier access to what the user configured and make this handling consistent and esaier to reason about.

Scenarios tested:
* create monitor and restriction_policy (with and without roles), there should be no diff when running subsequent plans
* modify the monitor and restricton policy, e.g. add/remove a role, there should be no diffs when running subsequent plans

Open questions:
* what does this do to existing monitor_json resources when a user updates?
  • Loading branch information
@phillip-dd
phillip-dd authored Nov 15, 2024
1 parent df830af commit e26bcac
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 11 deletions.
25 changes: 24 additions & 1 deletion datadog/resource_datadog_monitor_json.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,19 @@ func resourceDatadogMonitorJSONRead(_ context.Context, d *schema.ResourceData, m
auth := providerConf.Auth

id := d.Id()
respByte, httpResp, err := utils.SendRequest(auth, apiInstances.HttpClient, "GET", monitorPath+"/"+id, nil)
url := monitorPath + "/" + id

// Check if restricted_roles is defined in the JSON, if not explicitly
// defined, we tell the API to not return it so there is no diff. Get
// ("monitor") shouldn't be trusted as it's not the raw values, but we
// try to keep restricted_roles from mixing into it from API responses
monitor := d.Get("monitor").(string)
attrMap, _ := structure.ExpandJsonFromString(monitor)
if _, ok := attrMap["restricted_roles"]; !ok {
url += "?with_restricted_roles=false"
}

respByte, httpResp, err := utils.SendRequest(auth, apiInstances.HttpClient, "GET", url, nil)
if err != nil {
if httpResp != nil && httpResp.StatusCode == 404 {
d.SetId("")
Expand Down Expand Up @@ -217,6 +229,17 @@ func updateMonitorJSONState(d *schema.ResourceData, monitor map[string]interface
if val := reflect.ValueOf(monitor["restriction_policy"]); !val.IsValid() {
utils.DeleteKeyInMap(monitor, []string{"restriction_policy"})
}
// In addition to checking the API response, we check to see if the user
// specified restricted_roles in the config. Note: the value returned
// from the ResourceData is not the raw value - it's mixed with state.
// However, using GetRawConfig only returns null values here. If the user
// did not specify restricted_roles, do not store them in the state -
// treat them as a separately managed resource, likely in restriction
// policy resource.
attrMap, _ := structure.ExpandJsonFromString(d.Get("monitor").(string))
if val := reflect.ValueOf(attrMap["restricted_roles"]); !val.IsValid() {
utils.DeleteKeyInMap(monitor, []string{"restricted_roles"})
}

monitorString, err := structure.FlattenJsonToString(monitor)
if err != nil {
Expand Down
12 changes: 6 additions & 6 deletions datadog/tests/cassettes/TestAccDatadogMonitorJSONBasic.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ interactions:
headers:
Content-Type:
- application/json
url: https://api.datadoghq.com/api/v1/monitor/142875735
url: https://api.datadoghq.com/api/v1/monitor/142875735?with_restricted_roles=false
method: GET
response:
proto: HTTP/1.1
Expand All @@ -85,7 +85,7 @@ interactions:
content_length: -1
uncompressed: true
body: |
{"id":142875735,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONBasic-local-1712694310","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.421316+00:00","modified":"2024-04-09T20:25:11.421316+00:00","deleted":null,"restricted_roles":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
{"id":142875735,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONBasic-local-1712694310","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.421316+00:00","modified":"2024-04-09T20:25:11.421316+00:00","deleted":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
headers:
Content-Type:
- application/json
Expand All @@ -108,7 +108,7 @@ interactions:
headers:
Content-Type:
- application/json
url: https://api.datadoghq.com/api/v1/monitor/142875735
url: https://api.datadoghq.com/api/v1/monitor/142875735?with_restricted_roles=false
method: GET
response:
proto: HTTP/1.1
Expand All @@ -120,7 +120,7 @@ interactions:
content_length: -1
uncompressed: true
body: |
{"id":142875735,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONBasic-local-1712694310","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.421316+00:00","modified":"2024-04-09T20:25:11.421316+00:00","deleted":null,"restricted_roles":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
{"id":142875735,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONBasic-local-1712694310","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.421316+00:00","modified":"2024-04-09T20:25:11.421316+00:00","deleted":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
headers:
Content-Type:
- application/json
Expand Down Expand Up @@ -199,7 +199,7 @@ interactions:
headers:
Content-Type:
- application/json
url: https://api.datadoghq.com/api/v1/monitor/142875735
url: https://api.datadoghq.com/api/v1/monitor/142875735?with_restricted_roles=false
method: GET
response:
proto: HTTP/1.1
Expand All @@ -211,7 +211,7 @@ interactions:
content_length: -1
uncompressed: true
body: |
{"id":142875735,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONBasic-local-1712694310-updated","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.421316+00:00","modified":"2024-04-09T20:25:13.564041+00:00","deleted":null,"restricted_roles":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
{"id":142875735,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONBasic-local-1712694310-updated","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.421316+00:00","modified":"2024-04-09T20:25:13.564041+00:00","deleted":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
headers:
Content-Type:
- application/json
Expand Down
8 changes: 4 additions & 4 deletions datadog/tests/cassettes/TestAccDatadogMonitorJSONImport.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ interactions:
headers:
Content-Type:
- application/json
url: https://api.datadoghq.com/api/v1/monitor/142875736
url: https://api.datadoghq.com/api/v1/monitor/142875736?with_restricted_roles=false
method: GET
response:
proto: HTTP/1.1
Expand All @@ -85,7 +85,7 @@ interactions:
content_length: -1
uncompressed: true
body: |
{"id":142875736,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONImport-local-1712694310","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.434214+00:00","modified":"2024-04-09T20:25:11.434214+00:00","deleted":null,"restricted_roles":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
{"id":142875736,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONImport-local-1712694310","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.434214+00:00","modified":"2024-04-09T20:25:11.434214+00:00","deleted":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
headers:
Content-Type:
- application/json
Expand All @@ -108,7 +108,7 @@ interactions:
headers:
Content-Type:
- application/json
url: https://api.datadoghq.com/api/v1/monitor/142875736
url: https://api.datadoghq.com/api/v1/monitor/142875736?with_restricted_roles=false
method: GET
response:
proto: HTTP/1.1
Expand All @@ -120,7 +120,7 @@ interactions:
content_length: -1
uncompressed: true
body: |
{"id":142875736,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONImport-local-1712694310","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.434214+00:00","modified":"2024-04-09T20:25:11.434214+00:00","deleted":null,"restricted_roles":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
{"id":142875736,"org_id":321813,"type":"service check","name":"tf-TestAccDatadogMonitorJSONImport-local-1712694310","message":"Change the message triggers if any host's clock goes out of sync with the time given by NTP. The offset threshold is configured in the Agent's 'ntp.yaml' file.\n\nSee [Troubleshooting NTP Offset issues](https://docs.datadoghq.com/agent/troubleshooting/ntp for more details on cause and resolution.","tags":[],"query":"\"ntp.in_sync\".by(\"*\").last(2).count_by_status()","options":{"include_tags":true,"new_host_delay":150,"notify_audit":false,"notify_no_data":false,"thresholds":{"warning":1,"ok":1,"critical":1},"silenced":{}},"multi":true,"created_at":1712694311000,"created":"2024-04-09T20:25:11.434214+00:00","modified":"2024-04-09T20:25:11.434214+00:00","deleted":null,"priority":null,"overall_state_modified":null,"overall_state":"No Data","creator":{"name":null,"email":"[email protected]","handle":"[email protected]","id":1445416}}
headers:
Content-Type:
- application/json
Expand Down

0 comments on commit e26bcac

Please sign in to comment.