DocumentationChaosSearch Blog
StatusHome Page

chaossearch_usergroup resource

Create a user group of permissions using Terraform for a ChaosSearch cluster.

Suggest Edits

The chaossearch_usergroup resource creates or updates a ChaosSearch-managed user group for a cluster. The user group takes a defined set of resources and permissions like the information input to the RBAC user interface.

See RBAC Configuration for more information about permissions and user groups. Also, for more information about creating user groups and values, see the Create new groups for a given user context endpoint documentation.

Example Usage

The structure of the resource follows:

resource "chaossearch_user_group" "user_group" { 
  name = "provider_test" 
  permissions = jsonencode([ 
    {
      "Version" = "1.0",
      "Effect" = "Allow",
      "Actions" = ["*"],
      "Resources" = ["*"],
      "Condition" = {
        "Conditions" = [
        {
          "Equals" = {
            "chaos:document/attributes.title" = "" 
          },
          "Like" = {
            "chaos:document/attributes.title" = "" 
          },
          "NotEquals" = {
            "chaos:document/attributes.title" = ""
          },
          "StartsWith" = {
            "chaos:document/attributes.title" = "test" },
        }
      ]
    }
   }
  ])
}

Argument Reference

FieldRequiredDescription
nameYesThe name of the user group to create or update
permissionsNoA JSON structure that specifies an array of one or more permission declarations for the user group.
VersionNoA version value for the API. The default is 1.0.
EffectYesA value to grant (Allow) or revoke (Deny) the permission that is being defined in the group.
ActionsYesOne of the defined user capabilities for the ChaosSearch system, such as accessing and using specific tabs, resources, or controls. The list of actions is available in https://docs.chaossearch.io/reference/post_user-groups.
ResourcesYesThe resource(s) to which this container applies. The format of the resource name follows this convention:

crn:view:::foo-view
ConditionYesAn array of one or more Conditions definitions.
ConditionsYesThe supported condition values are StartsWith, Equals, NotEquals, or Like. Each condition can be applied to any attribute of the Kibana saved object document.

The condition keys follow the schema of 'chaos:document/\<attribute.path>'

Updated 5 months ago