feat: add datasource secure connection (#157)

* feature: add d secure connection
* chore: add doc
* doc: add links for tf plugin development

Author: iru

.envrc.template

@@ -1,3 +1,5 @@
 # prod/kubelab
 export SYSDIG_SECURE_API_TOKEN=
 export SYSDIG_MONITOR_API_TOKEN=
+
+# export SYSDIG_SECURE_URL=https://secure.sysdig.com

.gitignore

@@ -2,6 +2,7 @@
 *.exe
 .DS_Store
 .envrc
+.env
 example.tf
 terraform.tfplan
 terraform.tfstate

README.md

@@ -33,7 +33,6 @@ Using the provider
 ----------------------
 If you're building the provider, follow the instructions to [install it as a plugin.](https://www.terraform.io/docs/plugins/basics.html#installing-a-plugin) After placing it into your plugins directory,  run `terraform init` to initialize it.
 
----
 
 Contribute
 ---------------------------
@@ -55,12 +54,29 @@ In order to test the provider, you can simply run `make test`.
 $ make test
 ```
 
-If you want to execute the acceptance tests, you can run `make testacc`. Please note that you need a token for Monitor and Secure, and since the acceptance tests create real infrastructure you should execute them in an environment where you can remove the resorces easily.
-
+If you want to execute the acceptance tests, you can run `make testacc`.
 ```sh
 $ make testacc
 ```
 
+<br/>:warning:Please note that you need a token for Monitor and Secure, and since the **acceptance tests create real infrastructure**
+you should execute them in an environment where you can remove the resorces easily.
+
+
+
+### Creating new resource / data sources
+
+TL;DR;
+- Create the resource/data source item
+- Add the created item into the `provider.go` resource or datasource map with its wiring
+- With its [acceptance test](https://www.terraform.io/plugin/sdkv2/testing/acceptance-tests)
+- Add its documentation page on `./website/docs/`
+
+
+https://www.terraform.io/plugin
+https://www.hashicorp.com/blog/testing-hashicorp-terraform
+
+
 ### Proposing PR's
 
 * on pull-requests some validations are enforced.

sysdig/data_source_sysdig_secure_current_connection.go

@@ -0,0 +1,55 @@
+package sysdig
+
+import (
+	"context"
+	"crypto/sha256"
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceSysdigSecureConnection() *schema.Resource {
+
+	return &schema.Resource{
+		ReadContext: dataSourceSecureConnectionRead,
+		Schema: map[string]*schema.Schema{
+			"secure_url": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Sysdig Secure URL basepath to where backend requests will be sent",
+			},
+			"secure_api_token": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Sensitive:   true,
+				Description: "Sysdig Secure authentication api token",
+			},
+		},
+	}
+}
+
+func dataSourceSecureConnectionRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+	endpoint, err := meta.(SysdigClients).GetSecureEndpoint()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	apiToken, err := meta.(SysdigClients).GetSecureApiToken()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(fmt.Sprintf("%x", sha256.Sum256([]byte(fmt.Sprintf("%s,%s", endpoint, apiToken)))))
+
+	err = d.Set("secure_url", endpoint)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	err = d.Set("secure_api_token", apiToken)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	return nil
+}

sysdig/data_source_sysdig_secure_current_connection_test.go

@@ -0,0 +1,48 @@
+package sysdig_test
+
+import (
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+)
+
+func TestAccSecureConnection(t *testing.T) {
+
+	dataSourceResourceName := "data.sysdig_secure_connection.current"
+
+	apiToken := os.Getenv("SYSDIG_SECURE_API_TOKEN")
+
+	resource.ParallelTest(t, resource.TestCase{
+
+		PreCheck: func() {
+			if apiToken == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN and must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: getSysdigSecureCurrentConnection(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(dataSourceResourceName, "secure_url", "https://secure.sysdig.com"),
+					resource.TestCheckResourceAttr(dataSourceResourceName, "secure_api_token", apiToken),
+				),
+			},
+		},
+	})
+}
+
+func getSysdigSecureCurrentConnection() string {
+	return `
+data "sysdig_secure_connection" "current" {
+}
+`
+}

sysdig/provider.go

@@ -94,6 +94,7 @@ func Provider() *schema.Provider {
 			"sysdig_secure_notification_channel":   dataSourceSysdigSecureNotificationChannel(),
 			"sysdig_current_user":                  dataSourceSysdigCurrentUser(),
 			"sysdig_user":                          dataSourceSysdigUser(),
+			"sysdig_secure_connection":             dataSourceSysdigSecureConnection(),
 
 			"sysdig_fargate_workload_agent":                 dataSourceSysdigFargateWorkloadAgent(),
 			"sysdig_monitor_notification_channel_pagerduty": dataSourceSysdigMonitorNotificationChannelPagerduty(),

sysdig/sysdig_clients.go

@@ -12,6 +12,9 @@ import (
 )
 
 type SysdigClients interface {
+	GetSecureEndpoint() (string, error)
+	GetSecureApiToken() (string, error)
+
 	sysdigMonitorClient() (monitor.SysdigMonitorClient, error)
 	sysdigSecureClient() (secure.SysdigSecureClient, error)
 	sysdigCommonClient() (common.SysdigCommonClient, error)
@@ -28,6 +31,22 @@ type sysdigClients struct {
 	commonClient  common.SysdigCommonClient
 }
 
+func (c *sysdigClients) GetSecureEndpoint() (string, error) {
+	endpoint := c.d.Get("sysdig_secure_url").(string)
+	if endpoint == "" {
+		return "", errors.New("GetSecureEndpoint, sysdig_secure_url not provided")
+	}
+	return endpoint, nil
+}
+
+func (c *sysdigClients) GetSecureApiToken() (string, error) {
+	secureAPIToken := c.d.Get("sysdig_secure_api_token").(string)
+	if secureAPIToken == "" {
+		return "", errors.New("GetSecureApiToken, sysdig secure token not provided")
+	}
+	return secureAPIToken, nil
+}
+
 func (c *sysdigClients) sysdigMonitorClient() (m monitor.SysdigMonitorClient, err error) {
 	c.mu.Lock()
 	defer c.mu.Unlock()

website/docs/d/secure_connection.md

@@ -0,0 +1,25 @@
+---
+subcategory: "Sysdig Platform"
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_connection"
+description: |-
+  Provides secure connection details.
+---
+
+# Data Source: sysdig_secure_connection
+
+Provides information about current secure connection details.
+
+## Example Usage
+
+```terraform
+data "sysdig_secure_connection" "current" {
+}
+```
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `secure_url` - Sysdig Secure Endpoint URL basepath.
+* `secure_api_token` - Sysdig Api Token for authentication (Sensitive).