feat(policies): Data source for sysdig_secure_rule_syscall (#351)

* add data source for sysdig_secure_rule_syscall

* add documentation for data source sysdig_secure_rule_syscall

Author: Ben Lucas

sysdig/data_source_sysdig_secure_rule_syscall.go

@@ -0,0 +1,51 @@
+package sysdig
+
+import (
+	"context"
+	"time"
+
+	v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceSysdigSecureRuleSyscall() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigRuleSyscallRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: createRuleDataSourceSchema(map[string]*schema.Schema{
+			"matching": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"syscalls": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		}),
+	}
+}
+
+func dataSourceSysdigRuleSyscallRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	return commonDataSourceSysdigRuleRead(ctx, d, meta, v2.RuleTypeSyscall, syscallRuleDataSourceToResourceData)
+}
+
+func syscallRuleDataSourceToResourceData(rule v2.Rule, d *schema.ResourceData) diag.Diagnostics {
+	if rule.Details.Syscalls == nil {
+		return diag.Errorf("no syscall data for a syscall rule")
+	}
+
+	_ = d.Set("matching", rule.Details.Syscalls.MatchItems)
+	_ = d.Set("syscalls", rule.Details.Syscalls.Items)
+
+	return nil
+}

sysdig/data_source_sysdig_secure_rule_syscall_test.go

@@ -0,0 +1,48 @@
+//go:build tf_acc_sysdig || tf_acc_sysdig_secure || tf_acc_policies
+
+package sysdig_test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+)
+
+func TestAccRuleSyscallDataSource(t *testing.T) {
+	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: ruleSyscallDataSource(rText()),
+			},
+		},
+	})
+}
+
+func ruleSyscallDataSource(name string) string {
+	return fmt.Sprintf(`
+%s
+
+data "sysdig_secure_rule_syscall" "data_sample" {
+	name = "TERRAFORM TEST %s"
+	depends_on = [ sysdig_secure_rule_syscall.foo ]
+}
+`, ruleSyscallWithName(name), name)
+}

sysdig/internal/client/v2/model.go

@@ -264,6 +264,7 @@ const (
 	RuleTypeFilesystem = "FILESYSTEM"
 	RuleTypeNetwork    = "NETWORK"
 	RuleTypeProcess    = "PROCESS"
+	RuleTypeSyscall    = "SYSCALL"
 )
 
 type Details struct {

sysdig/provider.go

@@ -136,6 +136,7 @@ func Provider() *schema.Provider {
 			"sysdig_secure_rule_filesystem":        dataSourceSysdigSecureRuleFilesystem(),
 			"sysdig_secure_rule_network":           dataSourceSysdigSecureRuleNetwork(),
 			"sysdig_secure_rule_process":           dataSourceSysdigSecureRuleProcess(),
+			"sysdig_secure_rule_syscall":           dataSourceSysdigSecureRuleSyscall(),
 
 			"sysdig_current_user":      dataSourceSysdigCurrentUser(),
 			"sysdig_user":              dataSourceSysdigUser(),

sysdig/resource_sysdig_secure_rule_syscall.go

@@ -2,10 +2,11 @@ package sysdig
 
 import (
 	"context"
-	v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2"
 	"strconv"
 	"time"
 
+	v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
@@ -133,7 +134,7 @@ func resourceSysdigRuleSyscallDelete(ctx context.Context, d *schema.ResourceData
 
 func resourceSysdigRuleSyscallFromResourceData(d *schema.ResourceData) v2.Rule {
 	rule := ruleFromResourceData(d)
-	rule.Details.RuleType = "SYSCALL"
+	rule.Details.RuleType = v2.RuleTypeSyscall
 
 	rule.Details.Syscalls = &v2.Syscalls{}
 	rule.Details.Syscalls.MatchItems = d.Get("matching").(bool)

website/docs/d/secure_rule_syscall.md

@@ -0,0 +1,35 @@
+---
+subcategory: "Sysdig Secure"
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_rule_syscall"
+description: |-
+  Retrieves a Sysdig Secure Syscall Rule.
+---
+
+# Data Source: sysdig_secure_rule_syscall
+
+Retrieves the information of an existing Sysdig Secure Syscall Rule.
+
+-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository.
+
+## Example Usage
+
+```terraform
+data "sysdig_secure_rule_syscall" "example" {
+    name = "Unexpected mount syscall"
+}
+```
+
+## Argument Reference
+
+* `name` - (Required) The name of the Secure rule to retrieve.
+
+## Attributes Reference
+
+In addition to the argument above, the following attributes are exported:
+
+* `description` - The description of Secure rule.
+* `tags` - A list of tags for this rule.
+* `matching` - Defines if the syscall name matches or not with the provided list.
+* `processes` - List of syscalls to match.
+* `version` - Current version of the resource in Sysdig Secure.