feat(cis): add rules_to_skip in ibm_cis_ruleset_rule (#6441)

JayBhensdadia · web-flow · commit 0f2931aa06a9 · 2025-09-15T13:44:36.000+05:30
* deleted unused log statement

* update the schema to have rules_to_skip

* update the rules-to-skip schema and add expand and flattening logic

* make ruleset_id and rule_ids required field &amp; update docs

* revert the code change in iam service

* add schema in datasource and update the datasource related doc
diff --git a/go.mod b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/IBM/logs-go-sdk v0.4.0
 	github.com/IBM/logs-router-go-sdk v1.0.8
 	github.com/IBM/mqcloud-go-sdk v0.3.0
-	github.com/IBM/networking-go-sdk v0.51.11
+	github.com/IBM/networking-go-sdk v0.51.12
 	github.com/IBM/platform-services-go-sdk v0.86.1
 	github.com/IBM/project-go-sdk v0.3.5
 	github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5
diff --git a/go.sum b/go.sum
@@ -147,8 +147,8 @@ github.com/IBM/logs-router-go-sdk v1.0.8 h1:MU1TdYNdVbvVTUXeqeYPItu6BoiSV/NMN49y
 github.com/IBM/logs-router-go-sdk v1.0.8/go.mod h1:tCN2vFgu5xG0ob9iJcxi5M4bJ6mWmu3nhmRPnvlwev0=
 github.com/IBM/mqcloud-go-sdk v0.3.0 h1:zuRe+lu6IwIzsBsmoVKZT4JgX+GxH5PJG06r5y5Xnh4=
 github.com/IBM/mqcloud-go-sdk v0.3.0/go.mod h1:7zigCUz6k3eRrNE8KOcDkY72oPppEmoQifF+SB0NPRM=
-github.com/IBM/networking-go-sdk v0.51.11 h1:l+yMXcO9GDcb7JU9jl8riUOXjnHTvIKSLnXYFlYlKXo=
-github.com/IBM/networking-go-sdk v0.51.11/go.mod h1:TAXWyBUk3C3R7aS1m84EfKdnDcBMZMAClwLfDj/SYZc=
+github.com/IBM/networking-go-sdk v0.51.12 h1:2qv6neG8msFR1dtf9v+rbaC2gIkw9HnzohvQpgVye5w=
+github.com/IBM/networking-go-sdk v0.51.12/go.mod h1:TAXWyBUk3C3R7aS1m84EfKdnDcBMZMAClwLfDj/SYZc=
 github.com/IBM/platform-services-go-sdk v0.86.1 h1:ngBpaXvUF3gmLvbU1Z4lX1wowOSYgGoKBEBaR/urt30=
 github.com/IBM/platform-services-go-sdk v0.86.1/go.mod h1:aGD045m6I8pfcB77wft8w2cHqWOJjcM3YSSV55BX0Js=
 github.com/IBM/project-go-sdk v0.3.5 h1:L+YClFUa14foS0B/hOOY9n7sIdsT5/XQicnXOyJSpyM=
diff --git a/ibm/service/cis/data_source_ibm_cis_rulesets.go b/ibm/service/cis/data_source_ibm_cis_rulesets.go
@@ -65,6 +65,7 @@ const (
 	CISRulesetOverridesScoreThreshold                  = "score_threshold"
 	CISRulesetsRulePhases                              = "phases"
 	CISRulesetsRuleProducts                            = "products"
+	CISRulesToSkip                                     = "rules_to_skip"
 )
 
 var CISResponseObject = &schema.Resource{
@@ -271,6 +272,28 @@ var CISResponseObject = &schema.Resource{
 										},
 									},
 								},
+								CISRulesToSkip: {
+									Type:        schema.TypeList,
+									Computed:    true,
+									Description: "A list of ruleset mappings, where each element is a map of ruleset_id and its associated rule_ids",
+									Elem: &schema.Resource{
+										Schema: map[string]*schema.Schema{
+											"ruleset_id": {
+												Type:        schema.TypeString,
+												Computed:    true,
+												Description: "The ruleset identifier",
+											},
+											"rule_ids": {
+												Type:        schema.TypeList,
+												Computed:    true,
+												Description: "A list of rule IDs to be skipped",
+												Elem: &schema.Schema{
+													Type: schema.TypeString,
+												},
+											},
+										},
+									},
+								},
 							},
 						},
 					},
@@ -561,6 +584,20 @@ func flattenCISRulesetsRuleActionParameters(rulesetsRuleActionParameterObj *rule
 		resultOutput[CISRulesetOverrides] = []map[string]interface{}{flattenCISRulesetsRuleActionParameterOverrides}
 	}
 
+	if rulesToSkip := rulesetsRuleActionParameterObj.Rules; rulesToSkip != nil && len(rulesToSkip) > 0 {
+		flattenedRulesToSkip := make([]map[string]interface{}, 0, len(rulesToSkip))
+
+		for rulesetID, ruleIDs := range rulesToSkip {
+			entry := map[string]interface{}{
+				"ruleset_id": rulesetID,
+				"rule_ids":   ruleIDs,
+			}
+			flattenedRulesToSkip = append(flattenedRulesToSkip, entry)
+		}
+
+		resultOutput[CISRulesToSkip] = flattenedRulesToSkip
+	}
+
 	return resultOutput
 }
 
diff --git a/ibm/service/cis/resource_ibm_cis_ruleset.go b/ibm/service/cis/resource_ibm_cis_ruleset.go
@@ -597,6 +597,32 @@ func expandCISRulesetsRulesActionParameters(obj interface{}) rulesetsv1.ActionPa
 	productsList := flex.ExpandStringList(products)
 	actionParameterRespObj.Products = productsList
 
+	if v, ok := actionParameterObj[CISRulesToSkip].([]interface{}); ok && len(v) > 0 {
+		rulesToSkipMap := make(map[string][]string)
+
+		for _, item := range v {
+			if item == nil {
+				continue
+			}
+			entry := item.(map[string]interface{})
+
+			rulesetID, _ := entry["ruleset_id"].(string)
+			if rulesetID == "" {
+				continue
+			}
+
+			ruleIDsIface, _ := entry["rule_ids"].([]interface{})
+			ruleIDs := make([]string, 0, len(ruleIDsIface))
+			for _, ruleID := range ruleIDsIface {
+				ruleIDs = append(ruleIDs, fmt.Sprint(ruleID))
+			}
+
+			rulesToSkipMap[rulesetID] = ruleIDs
+		}
+
+		actionParameterRespObj.Rules = rulesToSkipMap
+	}
+
 	finalResponse := make([]rulesetsv1.ActionParameters, 0)
 
 	overrideObj := rulesetsv1.Overrides{}
diff --git a/ibm/service/cis/resource_ibm_cis_ruleset_rule.go b/ibm/service/cis/resource_ibm_cis_ruleset_rule.go
@@ -178,6 +178,28 @@ var CISRulesetsRulesObject = &schema.Resource{
 							},
 						},
 					},
+					CISRulesToSkip: {
+						Type:        schema.TypeList,
+						Optional:    true,
+						Description: "A list of ruleset mappings, where each element is a map of ruleset_id and its associated rule_ids",
+						Elem: &schema.Resource{
+							Schema: map[string]*schema.Schema{
+								"ruleset_id": {
+									Type:        schema.TypeString,
+									Required:    true,
+									Description: "The ruleset identifier",
+								},
+								"rule_ids": {
+									Type:        schema.TypeList,
+									Required:    true,
+									Description: "A list of rule IDs to be skipped",
+									Elem: &schema.Schema{
+										Type: schema.TypeString,
+									},
+								},
+							},
+						},
+					},
 				},
 			},
 		},
diff --git a/website/docs/d/cis_rulesets.html.markdown b/website/docs/d/cis_rulesets.html.markdown
@@ -88,6 +88,11 @@ Extra attribute references when `ruleset_id` is provided.
         - `content` (String) Content of the response.
         - `content_type` (string) Content type of the response.
         - `status_code` (Int) Status code returned by the API.
+      - `rules_to_skip` (Optional, List) Rules to be skipped when action is `skip`
+        Nested scheme of `rules_to_skip`
+        - `ruleset_id` (Required, String) Id of the Ruleset
+        - `rule_ids` (Required, List) List of rule-ids
+
     - `rate_limit` (Map) Ratelimit of the rule
       
       Nested scheme of `rate_limit`
diff --git a/website/docs/r/cis_ruleset_rule.html.markdown b/website/docs/r/cis_ruleset_rule.html.markdown
@@ -157,6 +157,13 @@ Review the argument references that you can specify for your resource.
           - `category` (Required, String) Category of the rule.
           - `enabled` (Optional, Boolean) Enables/Disables the rule.
           - `action` (Optional, String) Action of the rule.
+
+      - `rules_to_skip` (Optional, List) Rules to be skipped when action is `skip`
+        
+        Nested scheme of `rules_to_skip`
+        - `ruleset_id` (Required, String) Id of the Ruleset
+        - `rule_ids` (Required, List) List of rule-ids
+  
     - `position` (Optional, List). You can use only one of the before, after, and index fields at a time. It is used to update the positing of the existing rule.
       - `index` (Optional, String) Index of the rule to be added.
       - `before` (Optional, String) ID of the rule before which the new rule will be added.
