@@ -22,6 +22,8 @@ const (
2222 defaultMalwareTag = "malware"
2323 defaultDriftTag = "drift"
2424 defaultMLTag = "machine_learning"
25+
26+ driftElementType = "DRIFT"
2527)
2628
2729type Target interface {
@@ -473,48 +475,13 @@ func setPolicyRulesDrift(policy *v2.PolicyRulesComposite, d *schema.ResourceData
473475 // TODO: Iterate over a list of rules instead of hard-coding the index values
474476 // TODO: Should we assume that only a single Malware rule can be attached to a policy?
475477
476- exceptions := & v2.RuntimePolicyRuleList {}
477- if _ , ok := d .GetOk ("rule.0.exceptions" ); ok { // TODO: Do not hardcode the indexes
478- exceptions .Items = schemaSetToList (d .Get ("rule.0.exceptions.0.items" ))
479- exceptions .MatchItems = d .Get ("rule.0.exceptions.0.match_items" ).(bool )
480- } else {
481- // initialize Items and MatchItems so we comply with structure and not generate drift
482- exceptions .Items = []string {}
483- exceptions .MatchItems = false
484- }
478+ exceptions := extractIntoRuntimePolicyRuleList ("rule.0.exceptions" , d )
485479
486- // TODO: Extract into a function
487- prohibitedBinaries := & v2.RuntimePolicyRuleList {}
488- if _ , ok := d .GetOk ("rule.0.prohibited_binaries" ); ok { // TODO: Do not hardcode the indexes
489- prohibitedBinaries .Items = schemaSetToList (d .Get ("rule.0.prohibited_binaries.0.items" ))
490- prohibitedBinaries .MatchItems = d .Get ("rule.0.prohibited_binaries.0.match_items" ).(bool )
491- } else {
492- // initialize Items and MatchItems so we comply with structure and not generate drift
493- prohibitedBinaries .Items = []string {}
494- prohibitedBinaries .MatchItems = false
495- }
480+ prohibitedBinaries := extractIntoRuntimePolicyRuleList ("rule.0.prohibited_binaries" , d )
496481
497- // TODO: Extract into a function
498- processBasedExceptions := & v2.RuntimePolicyRuleList {}
499- if _ , ok := d .GetOk ("rule.0.process_based_exceptions" ); ok { // TODO: Do not hardcode the indexes
500- processBasedExceptions .Items = schemaSetToList (d .Get ("rule.0.process_based_exceptions.0.items" ))
501- processBasedExceptions .MatchItems = d .Get ("rule.0.process_based_exceptions.0.match_items" ).(bool )
502- } else {
503- // initialize Items and MatchItems so we comply with structure and not generate drift
504- processBasedExceptions .Items = []string {}
505- processBasedExceptions .MatchItems = false
506- }
482+ processBasedExceptions := extractIntoRuntimePolicyRuleList ("rule.0.process_based_exceptions" , d )
507483
508- // TODO: Extract into a function
509- processBasedProhibitedBinaries := & v2.RuntimePolicyRuleList {}
510- if _ , ok := d .GetOk ("rule.0.process_based_prohibited_binaries" ); ok { // TODO: Do not hardcode the indexes
511- processBasedProhibitedBinaries .Items = schemaSetToList (d .Get ("rule.0.process_based_prohibited_binaries.0.items" ))
512- processBasedProhibitedBinaries .MatchItems = d .Get ("rule.0.process_based_prohibited_binaries.0.match_items" ).(bool )
513- } else {
514- // initialize Items and MatchItems so we comply with structure and not generate drift
515- processBasedProhibitedBinaries .Items = []string {}
516- processBasedProhibitedBinaries .MatchItems = false
517- }
484+ processBasedProhibitedBinaries := extractIntoRuntimePolicyRuleList ("rule.0.process_based_prohibited_binaries" , d )
518485
519486 tags := schemaSetToList (d .Get ("rule.0.tags" ))
520487 // Set default tags as field tags must not be null
@@ -534,12 +501,12 @@ func setPolicyRulesDrift(policy *v2.PolicyRulesComposite, d *schema.ResourceData
534501 Description : d .Get ("rule.0.description" ).(string ),
535502 Tags : tags ,
536503 Details : v2.DriftRuleDetails {
537- RuleType : v2 .ElementType ("DRIFT" ), // TODO: Use const
504+ RuleType : v2 .ElementType (driftElementType ), // TODO: Use const
538505 Mode : mode ,
539- Exceptions : exceptions ,
540- ProhibitedBinaries : prohibitedBinaries ,
541- ProcessBasedExceptions : processBasedExceptions ,
542- ProcessBasedDenylist : processBasedProhibitedBinaries ,
506+ Exceptions : & exceptions ,
507+ ProhibitedBinaries : & prohibitedBinaries ,
508+ ProcessBasedExceptions : & processBasedExceptions ,
509+ ProcessBasedDenylist : & processBasedProhibitedBinaries ,
543510 },
544511 }
545512
@@ -559,6 +526,22 @@ func setPolicyRulesDrift(policy *v2.PolicyRulesComposite, d *schema.ResourceData
559526 return nil
560527}
561528
529+ func extractIntoRuntimePolicyRuleList (key string , d * schema.ResourceData ) v2.RuntimePolicyRuleList {
530+ if _ , ok := d .GetOk (key ); ok {
531+ items := schemaSetToList (d .Get (key + ".0.items" ))
532+ matchItems := d .Get (key + ".0.match_items" ).(bool )
533+
534+ return v2.RuntimePolicyRuleList {
535+ Items : items ,
536+ MatchItems : matchItems ,
537+ }
538+ }
539+ return v2.RuntimePolicyRuleList {
540+ Items : []string {},
541+ MatchItems : false ,
542+ }
543+ }
544+
562545func setPolicyRulesML (policy * v2.PolicyRulesComposite , d * schema.ResourceData ) error {
563546 policy .Policy .Rules = []* v2.PolicyRule {}
564547 policy .Rules = []* v2.RuntimePolicyRule {}
0 commit comments