feat(accept-risk) accept posture risk (#556)

* accept posture risk

* fix name

* fix

* fix

* Refactor attribute section in secure posture accept risk documentation

* fix test

* fix

* fix

* open the option to put expires_at

* ExpiresAt must be in the future

* fix docs

* fix

* fix

* fix

* add fix

Author: hila-krut-sysdig

sysdig/common.go

@@ -8,6 +8,9 @@ const (
 	SchemaAuthorsKey                    = "authors"
 	SchemaAuthorKey                     = "author"
 	SchemaNameKey                       = "name"
+	SchemaAcceptanceIDKey               = "acceptance_id"
+	SchemaControlNameKey                = "control_name"
+	SchemaZoneNameKey                   = "zone_name"
 	SchemaEnabledKey                    = "enabled"
 	SchemaStatusKey                     = "status"
 	SchemaTypeKey                       = "type"
@@ -17,6 +20,16 @@ const (
 	SchemaResourceRemediationDetailsKey = "remediation_details"
 	SchemaKindKey                       = "kind"
 	SchemaDescriptionKey                = "description"
+	SchemaFilterKey                     = "filter"
+	SchemaExpiresInKey                  = "expires_in"
+	SchemaExpiresAtKey                  = "expires_at"
+	SchemaAcceptanceDateKey             = "acceptance_date"
+	SchemaIsExpiredKey                  = "is_expired"
+	SchemaIsSystemKey                   = "is_system"
+	SchemaUsernameKey                   = "username"
+	SchemaAcceptPeriodKey               = "accept_period"
+	SchemaEndTimeKey                    = "end_time"
+	SchemaReasonKey                     = "reason"
 	SchemaVersionKey                    = "version"
 	SchemaLinkKey                       = "link"
 	SchemaGroupKey                      = "group"

sysdig/internal/client/v2/client.go

@@ -58,6 +58,7 @@ type SecureCommon interface {
 	PosturePolicyInterface
 	PostureZoneInterface
 	PostureControlInterface
+	PostureAcceptRiskInterface
 }
 
 type Requester interface {

sysdig/internal/client/v2/model_posture_control.go

@@ -23,3 +23,54 @@ type PostureControl struct {
 	Rego               string `json:"rego"`
 	RemediationDetails string `json:"remediationDetails"`
 }
+
+type AccepetPostureRiskRequest struct {
+	AcceptanceID string `json:"id"`
+	ControlName  string `json:"controlName"`
+	ZoneName     string `json:"zoneName"`
+	Description  string `json:"description"`
+	Filter       string `json:"filter"`
+	Reason       string `json:"reason"`
+	ExpiresAt    string `json:"expiresAt"`
+}
+
+type UpdateAccepetPostureRiskRequest struct {
+	AcceptanceID string                        `json:"id"`
+	Acceptance   UpdateAcceptPostureRiskFields `json:"riskAcceptance"`
+}
+
+type UpdateAccepetPostureResponse struct {
+	Acceptance AcceptPostureRisk `json:"riskAcceptance"`
+}
+
+type AcceptPostureRisk struct {
+	AcceptanceID    string `json:"id"`
+	ControlName     string `json:"controlName"`
+	ZoneName        string `json:"zoneName"`
+	Description     string `json:"description"`
+	Filter          string `json:"filter"`
+	Reason          string `json:"reason"`
+	ExpiresAt       string `json:"expiresAt"`
+	AcceeptanceDate string `json:"acceptanceDate"`
+	UserName        string `json:"username"`
+	Type            string `json:"type"`
+	IsExpired       bool   `json:"isExpired"`
+	IsSystem        bool   `json:"isSystem"`
+	AcceptPeriod    string `json:"acceptPeriod"`
+}
+
+type UpdateAcceptPostureRiskFields struct {
+	Description  string `json:"description"`
+	Reason       string `json:"reason"`
+	ExpiresAt    string `json:"expiresAt"`
+	AcceptPeriod string `json:"acceptPeriod"`
+}
+
+type AcceptPostureRiskResponse struct {
+	Data AcceptPostureRisk `json:"data"`
+}
+
+type DeleteAcceptPostureRisk struct {
+	AcceptanceID string `json:"id"`
+	Filter       string `json:"filter"`
+}

sysdig/internal/client/v2/posture_accept_risk.go

@@ -0,0 +1,106 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+const (
+	AcceptPostureRiskCreatePath = "%s/api/cspm/v1/compliance/risk-acceptances"
+	AcceptPostureRiskGetPath    = "%s/api/cspm/v1/compliance/risk-acceptances/%s"
+	AcceptPostureRiskDelete     = "%s/api/cspm/v1/compliance/violations/revoke"
+	AcceptPostureRiskUpdate     = "%s/api/cspm/v1/compliance/risk-acceptances/%s"
+)
+
+type PostureAcceptRiskInterface interface {
+	Base
+	SaveAcceptPostureRisk(ctx context.Context, p *AccepetPostureRiskRequest) (*AcceptPostureRiskResponse, string, error)
+	GetAcceptancePostureRisk(ctx context.Context, id string) (*AcceptPostureRiskResponse, string, error)
+	DeleteAcceptancePostureRisk(ctx context.Context, p *DeleteAcceptPostureRisk) error
+	UpdateAcceptancePostureRisk(ctx context.Context, p *UpdateAccepetPostureRiskRequest) (*AcceptPostureRisk, string, error)
+}
+
+func (c *Client) SaveAcceptPostureRisk(ctx context.Context, p *AccepetPostureRiskRequest) (*AcceptPostureRiskResponse, string, error) {
+	payload, err := Marshal(p)
+	if err != nil {
+		return nil, "", err
+	}
+	response, err := c.requester.Request(ctx, http.MethodPost, c.getPostureControlURL(AcceptPostureRiskCreatePath), payload)
+	if err != nil {
+		return nil, "", err
+	}
+
+	defer response.Body.Close()
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		errStatus, err := c.ErrorAndStatusFromResponse(response)
+		return nil, errStatus, err
+	}
+	resp, err := Unmarshal[AcceptPostureRiskResponse](response.Body)
+
+	if err != nil {
+		return nil, "", err
+	}
+
+	return &resp, "", nil
+}
+
+func (c *Client) GetAcceptancePostureRisk(ctx context.Context, id string) (*AcceptPostureRiskResponse, string, error) {
+	response, err := c.requester.Request(ctx, http.MethodGet, fmt.Sprintf(AcceptPostureRiskGetPath, c.config.url, id), nil)
+	if err != nil {
+		return nil, "", err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		errStatus, err := c.ErrorAndStatusFromResponse(response)
+		return nil, errStatus, err
+	}
+
+	wrapper, err := Unmarshal[AcceptPostureRiskResponse](response.Body)
+	if err != nil {
+		return nil, "", err
+	}
+	return &wrapper, "", nil
+}
+
+func (c *Client) DeleteAcceptancePostureRisk(ctx context.Context, p *DeleteAcceptPostureRisk) error {
+	payload, err := Marshal(p)
+	if err != nil {
+		return err
+	}
+
+	response, err := c.requester.Request(ctx, http.MethodPost, fmt.Sprintf(AcceptPostureRiskDelete, c.config.url), payload)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK && response.StatusCode != http.StatusNotFound {
+		return c.ErrorFromResponse(response)
+	}
+
+	return nil
+}
+
+func (c *Client) UpdateAcceptancePostureRisk(ctx context.Context, p *UpdateAccepetPostureRiskRequest) (*AcceptPostureRisk, string, error) {
+	payload, err := Marshal(p)
+	if err != nil {
+		return nil, "", err
+	}
+	response, err := c.requester.Request(ctx, http.MethodPatch, fmt.Sprintf(AcceptPostureRiskUpdate, c.config.url, p.AcceptanceID), payload)
+	if err != nil {
+		return nil, "", err
+	}
+	defer response.Body.Close()
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		errStatus, err := c.ErrorAndStatusFromResponse(response)
+		return nil, errStatus, err
+	}
+	resp, err := Unmarshal[AcceptPostureRiskResponse](response.Body)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return &resp.Data, "", nil
+}

sysdig/provider.go

@@ -196,6 +196,7 @@ func (p *SysdigProvider) Provider() *schema.Provider {
 			"sysdig_secure_organization":                                   resourceSysdigSecureOrganization(),
 			"sysdig_secure_posture_policy":                                 resourceSysdigSecurePosturePolicy(),
 			"sysdig_secure_posture_control":                                resourceSysdigSecurePostureControl(),
+			"sysdig_secure_posture_accept_risk":                            resourceSysdigSecureAcceptPostureRisk(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_agentless_scanning_assets":                     dataSourceSysdigSecureAgentlessScanningAssets(),