feat: Add runbook to policy resource (#213)

jacklongsd · web-flow · commit c25ced8ac935 · 2022-11-23T16:08:39.000+01:00
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -4,8 +4,9 @@
 # compliance
 *benchmark* @haresh-suresh  @nkraemer-sysdig 
 
-
 # monitor
-*monitor*dashboard* @brokenpip3
 *monitor*alert* @arturodilecce
+*monitor*dashboard* @brokenpip3
 
+# policies/rules
+*secure*policy* @jacklongsd @kmvachhani @rbaderts
diff --git a/sysdig/internal/client/secure/models.go b/sysdig/internal/client/secure/models.go
@@ -20,6 +20,7 @@ type Policy struct {
 	Version                int      `json:"version,omitempty"`
 	NotificationChannelIds []int    `json:"notificationChannelIds"`
 	Type                   string   `json:"type"`
+	Runbook                string   `json:"runbook"`
 }
 
 type Action struct {
diff --git a/sysdig/resource_sysdig_secure_policy.go b/sysdig/resource_sysdig_secure_policy.go
@@ -82,6 +82,10 @@ func resourceSysdigSecurePolicy() *schema.Resource {
 					Type: schema.TypeInt,
 				},
 			},
+			"runbook": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			"actions": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -150,6 +154,7 @@ func policyToResourceData(policy *secure.Policy, d *schema.ResourceData) {
 	_ = d.Set("enabled", policy.Enabled)
 	_ = d.Set("version", policy.Version)
 	_ = d.Set("severity", policy.Severity)
+	_ = d.Set("runbook", policy.Runbook)
 	if policy.Type != "" {
 		_ = d.Set("type", policy.Type)
 	} else {
@@ -187,6 +192,7 @@ func policyFromResourceData(d *schema.ResourceData) secure.Policy {
 		Severity:    d.Get("severity").(int),
 		Enabled:     d.Get("enabled").(bool),
 		Type:        d.Get("type").(string),
+		Runbook:     d.Get("runbook").(string),
 	}
 
 	scope := d.Get("scope").(string)
diff --git a/sysdig/resource_sysdig_secure_policy_test.go b/sysdig/resource_sysdig_secure_policy_test.go
@@ -74,6 +74,7 @@ resource "sysdig_secure_policy" "sample" {
   severity = 4
   scope = "container.id != \"\""
   rule_names = [sysdig_secure_rule_falco.terminal_shell.name]
+  runbook = "https://sysdig.com"
 
   actions {
     container = "stop"
diff --git a/website/docs/r/secure_policy.md b/website/docs/r/secure_policy.md
@@ -20,7 +20,8 @@ resource "sysdig_secure_policy" "write_apt_database" {
   description = "an attempt to write to the dpkg database by any non-dpkg related program"
   severity = 4
   enabled = true
-
+  runbook = "https://runbook.com
+  
   // Scope selection
   scope = "container.id != \"\""
 
@@ -53,6 +54,7 @@ resource "sysdig_secure_policy" "write_apt_database" {
 
 * `type` - (Optional) Specifies the type of the runtime policy. Must be one of: `falco`, `list_matching`, `k8s_audit`, `aws_cloudtrail`. By default it is `falco`.
 
+* `runbook` - (Optional) Customer provided url that provides a runbook for a given policy. 
 - - -
 
 ### Scope selection

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ type Policy struct {`
`20`	`20`	Version int `json:"version,omitempty"`
`21`	`21`	NotificationChannelIds []int `json:"notificationChannelIds"`
`22`	`22`	Type string `json:"type"`
	`23`	+ Runbook string `json:"runbook"`
`23`	`24`	`}`
`24`	`25`
`25`	`26`	`type Action struct {`