Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 2.8.2 (February 18 2026)
ENHANCEMENTS
* Add insights permissions

## 2.8.1 (February 12 2026)
ENHANCEMENTS
* Fix datadog and webcheck datafeed params
Expand Down
46 changes: 24 additions & 22 deletions examples/user_team_api_key.tf
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
## Teams

resource "ns1_team" "example_team" {
name = "Example Team"
dns_manage_zones = false
dns_view_zones = true
name = "Example Team"
dns_manage_zones = false
dns_view_zones = true
dns_zones_allow_by_default = false
dns_zones_allow = ["example.com"]
# ....... all permissions listed on G
dns_zones_allow = ["example.com"]
# ....... all permissions listed on G
account_manage_ip_whitelist = true
monitoring_manage_lists = true
monitoring_manage_jobs = true
Expand All @@ -19,20 +19,20 @@ resource "ns1_team" "example_team" {

# Team User
resource "ns1_user" "example_team_user" {
name = "Example Team User from Terraform"
username = "example-team-user"
email = "testuser@example.com"
teams = [ns1_team.example_team.id]
name = "Example Team User from Terraform"
username = "example-team-user"
email = "testuser@example.com"
teams = [ns1_team.example_team.id]
notify = {
"billing" = false
}
}

# Admin User
resource "ns1_user" "example_admin_user" {
name = "Example Admin User from Terraform"
username = "example-admin-user"
email = "testuser@example.com"
name = "Example Admin User from Terraform"
username = "example-admin-user"
email = "testuser@example.com"
notify = {
"billing" = true
}
Expand All @@ -58,13 +58,13 @@ resource "ns1_user" "example_admin_user" {

# Read only user with IP whitelist
resource "ns1_user" "example_whitelist_user" {
name = "Example User with Whitelist from Terraform"
username = "example-admin-user"
email = "testuser@example.com"
name = "Example User with Whitelist from Terraform"
username = "example-admin-user"
email = "testuser@example.com"
notify = {
"billing" = true
}
ip_whitelist = ["1.1.1.1","2.2.2.2"]
ip_whitelist = ["1.1.1.1", "2.2.2.2"]
dns_view_zones = true
dns_manage_zones = false
dns_zones_allow_by_default = false
Expand All @@ -88,11 +88,11 @@ resource "ns1_user" "example_whitelist_user" {

## API keys
resource "ns1_apikey" "example" {
name = "Example API Key from Terraform"
monitoring_manage_lists = true
monitoring_manage_jobs = true
monitoring_view_jobs = true
security_manage_global_2fa = true
name = "Example API Key from Terraform"
monitoring_manage_lists = true
monitoring_manage_jobs = true
monitoring_view_jobs = true
security_manage_global_2fa = true
}


Expand Down Expand Up @@ -129,4 +129,6 @@ resource "ns1_apikey" "example" {
#monitoring_view_jobs - (Optional) Whether the user can view monitoring jobs.
#security_manage_global_2fa - (Optional) Whether the user can manage global two factor authentication.
#security_manage_active_directory - (Optional) Whether the user can manage global active directory. Only relevant for the DDI product.
#redirects_manage_redirects - (Optional) Whether the user can manager redirects.
#redirects_manage_redirects - (Optional) Whether the user can manage redirects.
#insights_view_insights - (Optional) Whether the user can view DNS insights
#insights_manage_insights - (Optional) Whether the user can manage DNS insights
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ require (
github.com/hashicorp/go-retryablehttp v0.7.7
github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1
github.com/stretchr/testify v1.8.1
gopkg.in/ns1/ns1-go.v2 v2.15.2
gopkg.in/ns1/ns1-go.v2 v2.17.2
)

require (
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -257,8 +257,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/ns1/ns1-go.v2 v2.15.2 h1:aBVyKeEH3rBFWwX72xPPjEuRL4+Lp5P9GlAcrzu0Y5M=
gopkg.in/ns1/ns1-go.v2 v2.15.2/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
gopkg.in/ns1/ns1-go.v2 v2.17.2 h1:x8YKHqCJWkC/hddfUhw7FRqTG0x3fr/0ZnWYN+i4THs=
gopkg.in/ns1/ns1-go.v2 v2.17.2/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
Expand Down
2 changes: 1 addition & 1 deletion ns1/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import (
)

var (
clientVersion = "2.8.1"
clientVersion = "2.8.2"
providerUserAgent = "tf-ns1" + "/" + clientVersion
defaultRetryMax = 3
)
Expand Down
2 changes: 2 additions & 0 deletions ns1/examples/permissions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,5 @@
# monitoring_manage_jobs: boolean - allows the requestor to manage monitoring jobs
# monitoring_view_jobs: boolean - allows the requestor to view monitoring jobs
# redirects_manage_redirects: boolean - allows the requestor to manage redirects
# insights_view_insights: boolean - allows the requestor to view DNS insights
# insights_manage_insights: boolean - allows the requestor to manage DNS insights
20 changes: 20 additions & 0 deletions ns1/permissions.go
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,18 @@ func addPermsSchema(s map[string]*schema.Schema) map[string]*schema.Schema {
Default: false,
DiffSuppressFunc: suppressPermissionDiff,
}
s["insights_view_insights"] = &schema.Schema{
Type: schema.TypeBool,
Optional: true,
Default: false,
DiffSuppressFunc: suppressPermissionDiff,
}
s["insights_manage_insights"] = &schema.Schema{
Type: schema.TypeBool,
Optional: true,
Default: false,
DiffSuppressFunc: suppressPermissionDiff,
}
return s
}

Expand Down Expand Up @@ -253,6 +265,8 @@ func permissionsToResourceData(d *schema.ResourceData, permissions account.Permi
d.Set("monitoring_delete_jobs", permissions.Monitoring.DeleteJobs)
d.Set("monitoring_view_jobs", permissions.Monitoring.ViewJobs)
d.Set("redirects_manage_redirects", permissions.Redirects.ManageRedirects)
d.Set("insights_view_insights", permissions.Insights.ViewInsights)
d.Set("insights_manage_insights", permissions.Insights.ManageInsights)
if permissions.Security != nil {
d.Set("security_manage_global_2fa", permissions.Security.ManageGlobal2FA)
d.Set("security_manage_active_directory", permissions.Security.ManageActiveDirectory)
Expand Down Expand Up @@ -371,6 +385,12 @@ func resourceDataToPermissions(d *schema.ResourceData) account.PermissionsMap {
if v, ok := d.GetOk("redirects_manage_redirects"); ok {
p.Redirects.ManageRedirects = v.(bool)
}
if v, ok := d.GetOk("insights_view_insights"); ok {
p.Insights.ViewInsights = v.(bool)
}
if v, ok := d.GetOk("insights_manage_insights"); ok {
p.Insights.ManageInsights = v.(bool)
}
return p
}

Expand Down
14 changes: 13 additions & 1 deletion ns1/resource_user_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,9 @@ func TestAccUser_permissions(t *testing.T) {
resource.TestCheckResourceAttr("ns1_user.u", "username", username),
resource.TestCheckResourceAttr("ns1_user.u", "account_manage_account_settings", "false"),
resource.TestCheckResourceAttr("ns1_user.u", "account_manage_ip_whitelist", "true"),
resource.TestCheckResourceAttr("ns1_user.u", "redirects_manage_redirects", "false"),
resource.TestCheckResourceAttr("ns1_user.u", "insights_view_insights", "false"),
resource.TestCheckResourceAttr("ns1_user.u", "insights_manage_insights", "false"),
),
},
{
Expand All @@ -115,6 +118,9 @@ func TestAccUser_permissions(t *testing.T) {
resource.TestCheckResourceAttr("ns1_user.u", "account_manage_ip_whitelist", "true"),
resource.TestCheckResourceAttr("ns1_user.u", "security_manage_global_2fa", "false"),
resource.TestCheckResourceAttr("ns1_user.u", "security_manage_active_directory", "true"),
resource.TestCheckResourceAttr("ns1_user.u", "redirects_manage_redirects", "true"),
resource.TestCheckResourceAttr("ns1_user.u", "insights_view_insights", "true"),
resource.TestCheckResourceAttr("ns1_user.u", "insights_manage_insights", "true"),
),
},
{
Expand All @@ -126,6 +132,9 @@ func TestAccUser_permissions(t *testing.T) {
resource.TestCheckResourceAttr("ns1_user.u", "username", username),
resource.TestCheckResourceAttr("ns1_user.u", "account_manage_account_settings", "true"),
resource.TestCheckResourceAttr("ns1_user.u", "account_manage_ip_whitelist", "false"),
resource.TestCheckResourceAttr("ns1_user.u", "redirects_manage_redirects", "false"),
resource.TestCheckResourceAttr("ns1_user.u", "insights_view_insights", "false"),
resource.TestCheckResourceAttr("ns1_user.u", "insights_manage_insights", "false"),
),
},
{
Expand Down Expand Up @@ -503,7 +512,7 @@ resource "ns1_user" "u" {
username = "tf_acc_test_user_%s"
email = "tf_acc_test_ns1@hashicorp.com"
teams = [ns1_team.test.id]

ip_whitelist_strict = false
ip_whitelist = []

Expand Down Expand Up @@ -778,6 +787,9 @@ resource "ns1_user" "u" {

account_manage_ip_whitelist = true
security_manage_global_2fa = false
redirects_manage_redirects = true
insights_view_insights = true
insights_manage_insights = true
}
`, rString, rString, rString)
}
Expand Down
59 changes: 30 additions & 29 deletions website/docs/r/apikey.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ resource "ns1_apikey" "example" {
# Optional IP whitelist
ip_whitelist = ["1.1.1.1","2.2.2.2"]

# Configure permissions
# Configure permissions
dns_view_zones = false
account_manage_users = false
}
Expand All @@ -50,35 +50,36 @@ The following arguments are supported:
* `teams` - (Optional) The teams that the apikey belongs to.
* `ip_whitelist` - (Optional, default: `[]`) Array of IP addresses/networks to which to grant the API key access.
* `ip_whitelist_strict` - (Optional, default: `false`) Set to true to restrict access to only those IP addresses and networks listed in the **ip_whitelist** field.
* `dns_view_zones` - (Optional) Whether the apikey can view the accounts zones.
* `dns_manage_zones` - (Optional) Whether the apikey can modify the accounts zones.
* `dns_zones_allow_by_default` - (Optional) If true, enable the `dns_zones_allow` list, otherwise enable the `dns_zones_deny` list.
* `dns_zones_allow` - (Optional) List of zones that the apikey may access.
* `dns_zones_deny` - (Optional) List of zones that the apikey may not access.
* `dns_records_allow` - (Optional) List of records that the apikey may access.
* `dns_records_deny` - (Optional) List of records that the apikey may not access.
* `data_push_to_datafeeds` - (Optional) Whether the apikey can publish to data feeds.
* `data_manage_datasources` - (Optional) Whether the apikey can modify data sources.
* `data_manage_datafeeds` - (Optional) Whether the apikey can modify data feeds.
* `account_manage_users` - (Optional) Whether the apikey can modify account users.
* `account_manage_payment_methods` - (Optional) Whether the apikey can modify account payment methods.
* `dns_view_zones` - (Optional, default: `false`) Whether the apikey can view the accounts zones.
* `dns_manage_zones` - (Optional, default: `false`) Whether the apikey can modify the accounts zones.
* `dns_zones_allow_by_default` - (Optional, default: `false`) If true, enable the `dns_zones_allow` list, otherwise enable the `dns_zones_deny` list.
* `dns_zones_allow` - (Optional, default: `[]`) List of zones that the apikey may access.
* `dns_zones_deny` - (Optional, default: `[]`) List of zones that the apikey may not access.
* `dns_records_allow` - (Optional, default: `[]`) List of records that the apikey may access.
* `dns_records_deny` - (Optional, default: `[]`) List of records that the apikey may not access.
* `data_push_to_datafeeds` - (Optional, default: `false`) Whether the apikey can publish to data feeds.
* `data_manage_datasources` - (Optional, default: `false`) Whether the apikey can modify data sources.
* `data_manage_datafeeds` - (Optional, default: `false`) Whether the apikey can modify data feeds.
* `account_manage_users` - (Optional, default: `false`) Whether the apikey can modify account users.
* `account_manage_payment_methods` - (Optional, default: `false`) Whether the apikey can modify account payment methods.
* `account_manage_plan` - (Deprecated) No longer in use.
* `account_manage_teams` - (Optional) Whether the apikey can modify other teams in the account.
* `account_manage_apikeys` - (Optional) Whether the apikey can modify account apikeys.
* `account_manage_account_settings` - (Optional) Whether the apikey can modify account settings.
* `account_view_activity_log` - (Optional) Whether the apikey can view activity logs.
* `account_view_invoices` - (Optional) Whether the apikey can view invoices.
* `account_manage_ip_whitelist` - (Optional) Whether the apikey can manage ip whitelist.
* `monitoring_manage_lists` - (Optional) Whether the apikey can modify notification lists.
* `monitoring_manage_jobs` - (Optional) Whether the user can create, update, and delete monitoring jobs.
* `monitoring_create_jobs` - (Optional) Whether the user can create monitoring jobs when manage_jobs is not set to true.
* `monitoring_update_jobs` - (Optional) Whether the user can update monitoring jobs when manage_jobs is not set to true.
* `monitoring_delete_jobs` - (Optional) Whether the user can delete monitoring jobs when manage_jobs is not set to true.
* `monitoring_view_jobs` - (Optional) Whether the apikey can view monitoring jobs.
* `security_manage_global_2fa` - (Optional) Whether the apikey can manage global two factor authentication.
* `security_manage_active_directory` - (Optional) Whether the apikey can manage global active directory.
* `redirects_manage_redirects` - (Optional) Whether the user can manage redirects.
Only relevant for the DDI product.
* `account_manage_teams` - (Optional, default: `false`) Whether the apikey can modify other teams in the account.
* `account_manage_apikeys` - (Optional, default: `false`) Whether the apikey can modify account apikeys.
* `account_manage_account_settings` - (Optional, default: `false`) Whether the apikey can modify account settings.
* `account_view_activity_log` - (Optional, default: `false`) Whether the apikey can view activity logs.
* `account_view_invoices` - (Optional), default: `false` Whether the apikey can view invoices.
* `account_manage_ip_whitelist` - (Optional, default: `false`) Whether the apikey can manage ip whitelist.
* `monitoring_manage_lists` - (Optional, default: `false`) Whether the apikey can modify notification lists.
* `monitoring_manage_jobs` - (Optional, default: `false`) Whether the apikey can create, update, and delete monitoring jobs.
* `monitoring_create_jobs` - (Optional, default: `false`) Whether the apikey can create monitoring jobs when manage_jobs is not set to true.
* `monitoring_update_jobs` - (Optional, default: `false`) Whether the apikey can update monitoring jobs when manage_jobs is not set to true.
* `monitoring_delete_jobs` - (Optional, default: `false`) Whether the apikey can delete monitoring jobs when manage_jobs is not set to true.
* `monitoring_view_jobs` - (Optional, default: `false`) Whether the apikey can view monitoring jobs.
* `security_manage_global_2fa` - (Optional, default: `true`) Whether the apikey can manage global two factor authentication.
* `security_manage_active_directory` - (Optional, default: `true`) Whether the apikey can manage global active directory. Only relevant for the DDI product.
* `redirects_manage_redirects` - (Optional, default: `false`) Whether the apikey can manage redirects.
* `insights_view_insights` - (Optional, default: `false`) Whether the apikey can view DNS insights.
* `insights_manage_insights` - (Optional, default: `false`) Whether the apikey can manage DNS insights.

## Attributes Reference

Expand Down
Loading