feat: Vulnerability exception resources (#79)

* feat: Add vulnerability exception list resource
* feat: Add vulnerability exception resource
* docs: Add vulnerability exception entries to the sidebar

Author: tembleking

sysdig/internal/client/secure/client.go

@@ -42,6 +42,16 @@ type SysdigSecureClient interface {
 	GetMacroById(context.Context, int) (Macro, error)
 	DeleteMacro(context.Context, int) error
 	UpdateMacro(context.Context, Macro) (Macro, error)
+
+	CreateVulnerabilityExceptionList(context.Context, *VulnerabilityExceptionList) (*VulnerabilityExceptionList, error)
+	GetVulnerabilityExceptionListByID(context.Context, string) (*VulnerabilityExceptionList, error)
+	DeleteVulnerabilityExceptionList(context.Context, string) error
+	UpdateVulnerabilityExceptionList(context.Context, *VulnerabilityExceptionList) (*VulnerabilityExceptionList, error)
+
+	CreateVulnerabilityException(context.Context, string, *VulnerabilityException) (*VulnerabilityException, error)
+	GetVulnerabilityExceptionByID(context.Context, string, string) (*VulnerabilityException, error)
+	DeleteVulnerabilityException(context.Context, string, string) error
+	UpdateVulnerabilityException(context.Context, string, *VulnerabilityException) (*VulnerabilityException, error)
 }
 
 func WithExtraHeaders(client SysdigSecureClient, extraHeaders map[string]string) SysdigSecureClient {

sysdig/internal/client/secure/models.go

@@ -307,3 +307,47 @@ func UsersListFromJSON(body []byte) []UsersList {
 type usersListWrapper struct {
 	UsersList []UsersList `json:"users"`
 }
+
+// -------- VulnerabilityExceptionList --------
+
+type VulnerabilityExceptionList struct {
+	ID      string `json:"id,omitempty"`
+	Version string `json:"version"`
+	Name    string `json:"name"`
+	Comment string `json:"comment"`
+}
+
+func (l *VulnerabilityExceptionList) ToJSON() io.Reader {
+	payload, _ := json.Marshal(*l)
+	return bytes.NewBuffer(payload)
+}
+
+func VulnerabilityExceptionListFromJSON(body []byte) *VulnerabilityExceptionList {
+	var result VulnerabilityExceptionList
+	json.Unmarshal(body, &result)
+
+	return &result
+}
+
+// -------- VulnerabilityException --------
+
+type VulnerabilityException struct {
+	ID             string `json:"id"`
+	Gate           string `json:"gate"`
+	TriggerID      string `json:"trigger_id"`
+	Notes          string `json:"notes"`
+	ExpirationDate *int   `json:"expiration_date,omitempty"`
+	Enabled        bool   `json:"enabled"`
+}
+
+func (e *VulnerabilityException) ToJSON() io.Reader {
+	payload, _ := json.Marshal(*e)
+	return bytes.NewBuffer(payload)
+}
+
+func VulnerabilityExceptionFromJSON(body []byte) *VulnerabilityException {
+	var result VulnerabilityException
+	json.Unmarshal(body, &result)
+
+	return &result
+}

sysdig/internal/client/secure/vulnerability_exception.go

@@ -0,0 +1,149 @@
+package secure
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+func (client *sysdigSecureClient) CreateVulnerabilityExceptionList(ctx context.Context, list *VulnerabilityExceptionList) (*VulnerabilityExceptionList, error) {
+	response, err := client.doSysdigSecureRequest(ctx, http.MethodPost, client.getVulnerabilityExceptionListURL(), list.ToJSON())
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		return nil, errors.New(response.Status)
+	}
+
+	return VulnerabilityExceptionListFromJSON(body), nil
+}
+
+func (client *sysdigSecureClient) GetVulnerabilityExceptionListByID(ctx context.Context, id string) (*VulnerabilityExceptionList, error) {
+	response, err := client.doSysdigSecureRequest(ctx, http.MethodGet, client.getVulnerabilityExceptionListByIDURL(id), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		return nil, errors.New(response.Status)
+	}
+
+	return VulnerabilityExceptionListFromJSON(body), nil
+}
+
+func (client *sysdigSecureClient) DeleteVulnerabilityExceptionList(ctx context.Context, id string) error {
+	response, err := client.doSysdigSecureRequest(ctx, http.MethodDelete, client.getVulnerabilityExceptionListByIDURL(id), nil)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent {
+		return errors.New(response.Status)
+	}
+
+	return nil
+}
+
+func (client *sysdigSecureClient) UpdateVulnerabilityExceptionList(ctx context.Context, list *VulnerabilityExceptionList) (*VulnerabilityExceptionList, error) {
+	response, err := client.doSysdigSecureRequest(ctx, http.MethodPut, client.getVulnerabilityExceptionListByIDURL(list.ID), list.ToJSON())
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		return nil, errors.New(response.Status)
+	}
+
+	return VulnerabilityExceptionListFromJSON(body), nil
+}
+
+func (client *sysdigSecureClient) CreateVulnerabilityException(ctx context.Context, listID string, exception *VulnerabilityException) (*VulnerabilityException, error) {
+	response, err := client.doSysdigSecureRequest(ctx, http.MethodPost, client.getVulnerabilityExceptionURL(listID), exception.ToJSON())
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		return nil, errors.New(response.Status)
+	}
+
+	return VulnerabilityExceptionFromJSON(body), nil
+}
+
+func (client *sysdigSecureClient) GetVulnerabilityExceptionByID(ctx context.Context, listID string, exceptionID string) (*VulnerabilityException, error) {
+	response, err := client.doSysdigSecureRequest(ctx, http.MethodGet, client.getVulnerabilityExceptionByIDURL(listID, exceptionID), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		return nil, errors.New(response.Status)
+	}
+
+	return VulnerabilityExceptionFromJSON(body), nil
+}
+
+func (client *sysdigSecureClient) DeleteVulnerabilityException(ctx context.Context, listID string, exceptionID string) error {
+	response, err := client.doSysdigSecureRequest(ctx, http.MethodDelete, client.getVulnerabilityExceptionByIDURL(listID, exceptionID), nil)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent {
+		return errors.New(response.Status)
+	}
+
+	return nil
+}
+
+func (client *sysdigSecureClient) UpdateVulnerabilityException(ctx context.Context, listID string, exception *VulnerabilityException) (*VulnerabilityException, error) {
+	response, err := client.doSysdigSecureRequest(ctx, http.MethodPut, client.getVulnerabilityExceptionByIDURL(listID, exception.ID), exception.ToJSON())
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		return nil, errors.New(response.Status)
+	}
+
+	return VulnerabilityExceptionFromJSON(body), nil
+}
+
+func (client *sysdigSecureClient) getVulnerabilityExceptionListURL() string {
+	return fmt.Sprintf("%s/api/scanning/v1/vulnexceptions", client.URL)
+}
+
+func (client sysdigSecureClient) getVulnerabilityExceptionListByIDURL(id string) string {
+	return fmt.Sprintf("%s/api/scanning/v1/vulnexceptions/%s", client.URL, id)
+}
+
+func (client *sysdigSecureClient) getVulnerabilityExceptionURL(listID string) string {
+	return fmt.Sprintf("%s/api/scanning/v1/vulnexceptions/%s/vulnerabilities", client.URL, listID)
+}
+
+func (client *sysdigSecureClient) getVulnerabilityExceptionByIDURL(listID, ID string) string {
+	return fmt.Sprintf("%s/api/scanning/v1/vulnexceptions/%s/vulnerabilities/%s/", client.URL, listID, ID)
+}

sysdig/provider.go

@@ -68,6 +68,8 @@ func Provider() *schema.Provider {
 			"sysdig_secure_team":                           resourceSysdigSecureTeam(),
 			"sysdig_secure_list":                           resourceSysdigSecureList(),
 			"sysdig_secure_macro":                          resourceSysdigSecureMacro(),
+			"sysdig_secure_vulnerability_exception":        resourceSysdigSecureVulnerabilityException(),
+			"sysdig_secure_vulnerability_exception_list":   resourceSysdigSecureVulnerabilityExceptionList(),
 
 			"sysdig_monitor_alert_downtime":                 resourceSysdigMonitorAlertDowntime(),
 			"sysdig_monitor_alert_metric":                   resourceSysdigMonitorAlertMetric(),