SumoLogic
diff --git a/‎CHANGELOG.md‎
Lines changed: 2 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎sumologic/resource_sumologic_generic_polling_source.go‎
Lines changed: 8 additions & 0 deletions b/‎sumologic/resource_sumologic_generic_polling_source.go‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎sumologic/resource_sumologic_monitors_library_monitor.go‎
Lines changed: 61 additions & 0 deletions b/‎sumologic/resource_sumologic_monitors_library_monitor.go‎
Lines changed: 61 additions & 0 deletions
@@ -3,10 +3,11 @@ FEATURES:
 * **New Resource:** sumologic_cse_entity_entity_group_configuration (GH-376)
 * **New Resource:** sumologic_cse_inventory_entity_group_configuration (GH-376)
 
+* Add new optional `obj_permission` set to resource/sumologic_monitor for Fine Grain Permission (FGP) support (GH-397)
+
 BUG FIXES:
 * Allow Monitor move between Monitor folders
 
-
 ## 2.16.2 (June 12, 2022)
 
 BUG FIXES:
 
@@ -125,6 +125,10 @@ func resourceSumologicGenericPollingSource() *schema.Resource {
 					Type:     schema.TypeString,
 					Optional: true,
 				},
+				"use_versioned_api": {
+					Type:     schema.TypeBool,
+					Optional: true,
+				},
 				"path_expression": {
 					Type:     schema.TypeString,
 					Optional: true,
@@ -336,6 +340,7 @@ func getPollingThirdPartyPathAttributes(pollingResource []PollingResource) []map
 			"limit_to_regions":              t.Path.LimitToRegions,
 			"limit_to_namespaces":           t.Path.LimitToNamespaces,
 			"limit_to_services":             t.Path.LimitToServices,
+			"use_versioned_api":             t.Path.UseVersionedApi,
 			"custom_services":               flattenCustomServices(t.Path.CustomServices),
 			"tag_filters":                   flattenPollingTagFilters(t.Path.TagFilters),
 			"sns_topic_or_subscription_arn": flattenPollingSnsTopicOrSubscriptionArn(t.Path.SnsTopicOrSubscriptionArn),
@@ -572,6 +577,9 @@ func getPollingPathSettings(d *schema.ResourceData) (PollingPath, error) {
 			pathSettings.Type = "S3BucketPathExpression"
 			pathSettings.BucketName = path["bucket_name"].(string)
 			pathSettings.PathExpression = path["path_expression"].(string)
+			if path["use_versioned_api"] != nil {
+				pathSettings.UseVersionedApi = path["use_versioned_api"].(bool)
+			}
 			pathSettings.SnsTopicOrSubscriptionArn = getPollingSnsTopicOrSubscriptionArn(d)
 		case "CloudWatchPath", "AwsInventoryPath":
 			pathSettings.Type = pathType
 
@@ -353,6 +353,8 @@ func resourceSumologicMonitorsLibraryMonitor() *schema.Resource {
 				Optional:     true,
 				ValidateFunc: validation.StringLenBetween(1, 512),
 			},
+
+			"obj_permission": GetCmfFgpObjPermSetSchema(),
 		},
 	}
 }
@@ -569,6 +571,16 @@ func resourceSumologicMonitorsLibraryMonitorCreate(d *schema.ResourceData, meta
 			return err
 		}
 
+		permStmts, convErr := ResourceToCmfFgpPermStmts(d, monitorDefinitionID)
+		if convErr != nil {
+			return convErr
+		}
+		_, fgpErr := c.SetCmfFgp(fgpTargetType, CmfFgpRequest{
+			PermissionStatements: permStmts,
+		})
+		if fgpErr != nil {
+			return fgpErr
+		}
 		d.SetId(monitorDefinitionID)
 	}
 	return resourceSumologicMonitorsLibraryMonitorRead(d, meta)
@@ -588,6 +600,18 @@ func resourceSumologicMonitorsLibraryMonitorRead(d *schema.ResourceData, meta in
 		return nil
 	}
 
+	fgpResponse, fgpErr := c.GetCmfFgp(fgpTargetType, monitor.ID)
+	if fgpErr != nil {
+		suppressedErrorCode := HasErrorCode(fgpErr.Error(), []string{"not_implemented_yet", "api_not_enabled"})
+		if suppressedErrorCode == "" {
+			return fgpErr
+		} else {
+			log.Printf("[WARN] FGP Feature has not been enabled yet. Suppressing \"%s\" error under GetCmfFgp operation.", suppressedErrorCode)
+		}
+	} else {
+		CmfFgpPermStmtsSetToResource(d, fgpResponse.PermissionStatements)
+	}
+
 	d.Set("created_by", monitor.CreatedBy)
 	d.Set("created_at", monitor.CreatedAt)
 	d.Set("monitor_type", monitor.MonitorType)
@@ -716,6 +740,43 @@ func resourceSumologicMonitorsLibraryMonitorUpdate(d *schema.ResourceData, meta
 	if err != nil {
 		return err
 	}
+
+	// converting Resource FGP to Struct
+	permStmts, convErr := ResourceToCmfFgpPermStmts(d, monitor.ID)
+	if convErr != nil {
+		return convErr
+	}
+
+	// reading FGP from Backend to reconcile
+	fgpGetResponse, fgpGetErr := c.GetCmfFgp(fgpTargetType, monitor.ID)
+	if fgpGetErr != nil {
+		/*
+		   |errCode         |  len  | logic                   |
+		   |--------------------------------------------------|
+		   |server_error    |   0   | return err at Get       |
+		   |server_error    |   1   | warn; return err at Set |
+		   |not_enabled     |   0   | warn                    |
+		   |not_enabled     |   1   | warn; return err at Set |
+		*/
+		suppressedErrorCode := HasErrorCode(fgpGetErr.Error(), []string{"not_implemented_yet", "api_not_enabled"})
+		if suppressedErrorCode == "" && len(permStmts) == 0 {
+			return fgpGetErr
+		} else {
+			log.Printf("[WARN] FGP Feature has not been enabled yet. Suppressing \"%s\" error under GetCmfFgp operation.", suppressedErrorCode)
+		}
+	}
+
+	if len(permStmts) > 0 || fgpGetResponse != nil {
+		_, fgpSetErr := c.SetCmfFgp(fgpTargetType, CmfFgpRequest{
+			PermissionStatements: ReconcileFgpPermStmtsWithEmptyPerms(
+				permStmts, fgpGetResponse.PermissionStatements,
+			),
+		})
+		if fgpSetErr != nil {
+			return fgpSetErr
+		}
+	}
+
 	updatedMonitor := resourceSumologicMonitorsLibraryMonitorRead(d, meta)
 
 	return updatedMonitor