fix: Modify to not require condition when appending rule (#200)

Author: rbaderts

sysdig/resource_sysdig_secure_rule_falco.go

@@ -38,7 +38,7 @@ func resourceSysdigSecureRuleFalco() *schema.Resource {
 		Schema: createRuleSchema(map[string]*schema.Schema{
 			"condition": {
 				Type:     schema.TypeString,
-				Required: true,
+				Optional: true,
 			},
 			"output": {
 				Type:     schema.TypeString,
@@ -132,8 +132,10 @@ func resourceSysdigRuleFalcoRead(ctx context.Context, d *schema.ResourceData, me
 		d.SetId("")
 	}
 
-	if rule.Details.Condition == nil {
-		return diag.Errorf("no condition data for a falco rule")
+	if rule.Details.Append != nil && !(*(rule.Details.Append)) {
+		if rule.Details.Condition == nil {
+			return diag.Errorf("no condition data for a falco rule")
+		}
 	}
 
 	updateResourceDataForRule(d, rule)

sysdig/resource_sysdig_secure_rule_falco_test.go

@@ -18,6 +18,7 @@ func TestAccRuleFalco(t *testing.T) {
 
 	ruleRandomImmutableText := rText()
 
+	randomText := rText()
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck: func() {
 			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
@@ -67,7 +68,10 @@ func TestAccRuleFalco(t *testing.T) {
 				ExpectError: regexp.MustCompile("source must be set when append = false"),
 			},
 			{
-				Config: ruleFalcoWithExceptions(rText()),
+				Config: ruleFalcoWithExceptions(randomText),
+			},
+			{
+				Config: existingFalcoRuleWithExceptions(randomText),
 			},
 		},
 	})
@@ -182,3 +186,19 @@ resource "sysdig_secure_rule_falco" "attach_to_cluster_admin_role" {
 }
 `, name)
 }
+
+func existingFalcoRuleWithExceptions(name string) string {
+
+	return `
+resource "sysdig_secure_rule_falco" "attach_to_cluster_admin_role_exceptions" {
+    name = "Terminal shell in container" # Sysdig-provided
+    append    = true
+
+    exceptions {
+        name = "proc_name"
+        fields = ["proc.name"]
+        comps = ["in"]
+        values = jsonencode(["sh"])
+   }
+}`
+}