From f86690d733de161e693228f13147b4286f52f3fa Mon Sep 17 00:00:00 2001 From: Orkhan Mamedov Date: Sat, 30 Aug 2025 21:02:37 -0400 Subject: [PATCH] feat: Extend singular role datasource to include role permissions in it's output --- datadog/data_source_datadog_role.go | 47 +++++++++++++++++-- .../tests/data_source_datadog_role_test.go | 10 +++- docs/data-sources/role.md | 1 + 3 files changed, 53 insertions(+), 5 deletions(-) diff --git a/datadog/data_source_datadog_role.go b/datadog/data_source_datadog_role.go index bdd93e3f7..b897265ba 100644 --- a/datadog/data_source_datadog_role.go +++ b/datadog/data_source_datadog_role.go @@ -35,6 +35,14 @@ func dataSourceDatadogRole() *schema.Resource { Type: schema.TypeInt, Computed: true, }, + "permissions": { + Description: "Map of permissions granted to this role, keyed by permission name and returning the permission ID.", + Type: schema.TypeMap, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, } }, } @@ -82,13 +90,46 @@ func dataSourceDatadogRoleRead(ctx context.Context, d *schema.ResourceData, meta } r := roles[roleIndex] - d.SetId(r.GetId()) - if err := d.Set("name", r.Attributes.GetName()); err != nil { + roleID := r.GetId() + d.SetId(roleID) + + roleResp, httpResp, err := apiInstances.GetRolesApiV2().GetRole(auth, roleID) + if err != nil { + return utils.TranslateClientErrorDiag(err, httpResp, "error getting role details") + } + + if err := utils.CheckForUnparsed(roleResp); err != nil { return diag.FromErr(err) } - if err := d.Set("user_count", r.Attributes.GetUserCount()); err != nil { + + roleData := roleResp.GetData() + if err := d.Set("name", roleData.Attributes.GetName()); err != nil { + return diag.FromErr(err) + } + if err := d.Set("user_count", roleData.Attributes.GetUserCount()); err != nil { return diag.FromErr(err) } + permResp, httpResp, err := apiInstances.GetRolesApiV2().ListRolePermissions(auth, roleID) + if err != nil { + return utils.TranslateClientErrorDiag(err, httpResp, "error getting role permissions") + } + + if err := utils.CheckForUnparsed(permResp); err != nil { + return diag.FromErr(err) + } + + return updateRolePermissionsStateDataSource(ctx, d, permResp.GetData(), apiInstances) +} + +func updateRolePermissionsStateDataSource(ctx context.Context, d *schema.ResourceData, rolePerms []datadogV2.Permission, apiInstances *utils.ApiInstances) diag.Diagnostics { + permsMap := make(map[string]string) + for _, perm := range rolePerms { + permsMap[perm.Attributes.GetName()] = perm.GetId() + } + + if err := d.Set("permissions", permsMap); err != nil { + return diag.FromErr(err) + } return nil } diff --git a/datadog/tests/data_source_datadog_role_test.go b/datadog/tests/data_source_datadog_role_test.go index dad47fb84..483e4a2e5 100644 --- a/datadog/tests/data_source_datadog_role_test.go +++ b/datadog/tests/data_source_datadog_role_test.go @@ -19,7 +19,10 @@ func TestAccDatadogRoleDatasource(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccDatasourceRoleConfig(), - Check: resource.TestCheckResourceAttr("data.datadog_role.foo", "name", "Datadog Standard Role"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.datadog_role.foo", "name", "Datadog Standard Role"), + resource.TestCheckResourceAttrSet("data.datadog_role.foo", "permissions.#"), + ), }, }, }) @@ -44,7 +47,10 @@ func TestAccDatadogRoleDatasourceExactMatch(t *testing.T) { }, { Config: testAccDatasourceRoleExactMatchConfig(rolename), - Check: resource.TestCheckResourceAttr("data.datadog_role.exact_match", "name", rolename+" main"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.datadog_role.exact_match", "name", rolename+" main"), + resource.TestCheckResourceAttrSet("data.datadog_role.exact_match", "permissions.#"), + ), }, }, }) diff --git a/docs/data-sources/role.md b/docs/data-sources/role.md index 8358215a6..e90025cc1 100644 --- a/docs/data-sources/role.md +++ b/docs/data-sources/role.md @@ -29,4 +29,5 @@ data "datadog_role" "test" { - `id` (String) The ID of this resource. - `name` (String) Name of the role. +- `permissions` (Map of String) Map of permissions granted to this role, keyed by permission name and returning the permission ID. - `user_count` (Number) Number of users assigned to this role.