Add data_protection_content_pattern resource #255
Description
Add a new Terraform resource to manage CrowdStrike Falcon Data Protection content patterns. Content patterns allow users to define custom regex-based patterns to detect sensitive data.
API Details
gofalcon package: github.com/crowdstrike/gofalcon/falcon/client/data_protection_configuration
Available operations:
EntitiesContentPatternCreate- Create content patternEntitiesContentPatternGet- Read content pattern by IDEntitiesContentPatternPatch- Update content patternEntitiesContentPatternDelete- Delete content patternQueriesContentPatternGetV2- Query/list content pattern IDs
Model: models.APIContentPatternV1
Resource Schema
Required attributes:
name(string) - Pattern nameregex(string) - Single regex pattern to matchmin_match_threshold(int) - Minimum number of matches required (must be >= 1)
Optional attributes:
description(string) - Description of the patternexample(string) - Example text that matches the pattern
Hardcoded values (not exposed to users):
category= "Custom" (set internally)region= "ALL" (set internally)
Computed attributes (read-only):
id(string) - Pattern IDlast_updated(timestamp) - Last update time
Schema Implementation
resp.Schema = schema.Schema{
MarkdownDescription: utils.MarkdownDescription(
"Data Protection",
"This resource manages CrowdStrike Falcon Data Protection content patterns for detecting sensitive data.",
[]scopes.Scope{
{
Name: "Data Protection",
Read: true,
Write: true,
},
},
),
Attributes: map[string]schema.Attribute{
"id": schema.StringAttribute{
Computed: true,
Description: "The ID of the content pattern.",
PlanModifiers: []planmodifier.String{
stringplanmodifier.UseStateForUnknown(),
},
},
"name": schema.StringAttribute{
Required: true,
Description: "The name of the content pattern.",
},
"description": schema.StringAttribute{
Optional: true,
Description: "The description of the content pattern.",
Validators: []validator.String{
stringvalidator.NotEmptyOrWhitespace(),
},
},
"regex": schema.StringAttribute{
Required: true,
Description: "The regex pattern to match sensitive data.",
},
"example": schema.StringAttribute{
Optional: true,
Description: "Example text that matches the pattern.",
Validators: []validator.String{
stringvalidator.NotEmptyOrWhitespace(),
},
},
"min_match_threshold": schema.Int64Attribute{
Required: true,
Description: "Minimum number of matches required to trigger detection.",
Validators: []validator.Int64{
int64validator.AtLeast(1),
},
},
"last_updated": schema.StringAttribute{
Computed: true,
Description: "Timestamp of the last update.",
},
},
}Implementation Checklist
- Create
internal/data_protection/content_pattern.gowith resource implementation - Implement Schema()
- Implement Create()
- Implement Read()
- Implement Update()
- Implement Delete()
- Implement ImportState()
- Add ValidateConfig() for regex validation
- Add
.Wrap()method to convert API response to Terraform model - Register resource in
internal/provider/provider.go - Create acceptance test in
internal/data_protection/content_pattern_test.go - Create example configuration in
examples/resources/crowdstrike_data_protection_content_pattern/resource.tf - Create import script in
examples/resources/crowdstrike_data_protection_content_pattern/import.sh - Run
make gento generate documentation
Required API Scopes
- Data Protection | Read & Write
Testing Notes
- Use
resource.ParallelTest()for concurrent execution - Test full lifecycle: create, read, update, import, destroy
Questions to Resolve During Implementation
- Platform support: The UI shows options for Windows and Mac, but the API does not accept a platform field. Investigate if platform filtering is handled differently or if this is a limitation.
Note: API accepts regexes as an array but only supports a single regex value in practice. The Terraform resource exposes this as a single regex string field.