feat: Add secure-trusted-cloud-account datasource (#113)

* Add secure-trusted-cloud-account datasource

* add provider param

* use non-keyword

* rename endpoints and functions to cloudIdentity

* rename missed function

* use identity instead of arn to be cloud agnostic, add docs

* fix title

Author: nkraemer-sysdig

sysdig/data_source_sysdig_secure_trusted_cloud_identity.go

@@ -0,0 +1,50 @@
+package sysdig
+
+import (
+	"context"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceSysdigSecureTrustedCloudIdentity() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigSecureTrustedCloudIdentityRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"cloud_provider": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"identity": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+// Retrieves the information of a resource form the file and loads it in Terraform
+func dataSourceSysdigSecureTrustedCloudIdentityRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, err := meta.(SysdigClients).sysdigSecureClient()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	identity, err := client.GetTrustedCloudIdentity(ctx, d.Get("cloud_provider").(string))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(identity)
+	d.Set("identity", identity)
+
+	return nil
+}

sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go

@@ -0,0 +1,39 @@
+package sysdig_test
+
+import (
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+)
+
+func TestAccTrustedCloudIdentityDataSource(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: trustedIdentityDatasource(),
+			},
+		},
+	})
+}
+
+func trustedIdentityDatasource() string {
+	return `
+data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
+	cloud_provider = "aws"
+}
+`
+}

sysdig/internal/client/secure/client.go

@@ -57,6 +57,7 @@ type SysdigSecureClient interface {
 	GetCloudAccountById(context.Context, string) (*CloudAccount, error)
 	DeleteCloudAccount(context.Context, string) error
 	UpdateCloudAccount(context.Context, string, *CloudAccount) (*CloudAccount, error)
+	GetTrustedCloudIdentity(context.Context, string) (string, error)
 }
 
 func WithExtraHeaders(client SysdigSecureClient, extraHeaders map[string]string) SysdigSecureClient {

sysdig/internal/client/secure/cloud_account.go

@@ -21,6 +21,10 @@ func (client *sysdigSecureClient) cloudAccountByIdURL(accountID string, includeE
 	return fmt.Sprintf("%s/api/cloud/v2/accounts/%s", client.URL, accountID)
 }
 
+func (client *sysdigSecureClient) trustedCloudIdentityURL(provider string) string {
+	return fmt.Sprintf("%s/api/cloud/v2/%s/trustedIdentity", client.URL, provider)
+}
+
 func (client *sysdigSecureClient) CreateCloudAccount(ctx context.Context, cloudAccount *CloudAccount) (*CloudAccount, error) {
 	response, err := client.doSysdigSecureRequest(ctx, http.MethodPost, client.cloudAccountURL(true), cloudAccount.ToJSON())
 	if err != nil {
@@ -84,3 +88,22 @@ func (client *sysdigSecureClient) UpdateCloudAccount(ctx context.Context, accoun
 	bodyBytes, _ := ioutil.ReadAll(response.Body)
 	return CloudAccountFromJSON(bodyBytes), nil
 }
+
+func (client *sysdigSecureClient) GetTrustedCloudIdentity(ctx context.Context, provider string) (string, error) {
+	response, err := client.doSysdigSecureRequest(ctx, http.MethodGet, client.trustedCloudIdentityURL(provider), nil)
+	if err != nil {
+		return "", err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return "", errorFromResponse(response)
+	}
+
+	bodyBytes, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return "", err
+	}
+
+	return string(bodyBytes), nil
+}

sysdig/provider.go

@@ -88,9 +88,10 @@ func Provider() *schema.Provider {
 			"sysdig_monitor_team":                           resourceSysdigMonitorTeam(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
-			"sysdig_secure_notification_channel": dataSourceSysdigSecureNotificationChannel(),
-			"sysdig_current_user":                dataSourceSysdigCurrentUser(),
-			"sysdig_user":                        dataSourceSysdigUser(),
+			"sysdig_secure_trusted_cloud_identity": dataSourceSysdigSecureTrustedCloudIdentity(),
+			"sysdig_secure_notification_channel":   dataSourceSysdigSecureNotificationChannel(),
+			"sysdig_current_user":                  dataSourceSysdigCurrentUser(),
+			"sysdig_user":                          dataSourceSysdigUser(),
 		},
 		ConfigureContextFunc: providerConfigure,
 	}

website/docs/d/sysdig_secure_trusted_cloud_identity.md

@@ -0,0 +1,30 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_trusted_cloud_identity"
+sidebar_current: "docs-sysdig-secure-trusted-cloud-identity-ds"
+description: |-
+  Retrieves information about the Sysdig Secure Trusted Cloud Identity
+---
+
+# sysdig\_secure\_trusted_cloud_identity
+
+Retrieves information about the Sysdig Secure Trusted Cloud Identity
+
+`~> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository.`
+
+## Example usage
+
+```hcl
+data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
+	cloud_provider = "aws"
+}
+```
+
+## Argument Reference
+
+* `cloud_provider` - (Required) The cloud provider in which the account exists. Currently supported providers are `aws`, `gcp` and `azure` 
+
+
+## Attributes Reference
+
+* `identity` - Sysdig's identity (User/Role/etc) that should be used to create a trust relationship allowing Sysdig access to your cloud account.

website/docs/r/sysdig_secure_cloud_account.md

@@ -0,0 +1,42 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_cloud_account"
+sidebar_current: "docs-sysdig_secure_cloud_account"
+description: |-
+  Creates a Sysdig Secure Cloud Account.
+---
+
+# sysdig\_secure\_cloud_account
+
+Creates a Sysdig Secure Cloud Account.
+
+`~> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository.`
+
+## Example usage
+
+```hcl
+resource "sysdig_secure_cloud_account" "sample" {
+  account_id          = "123456789012"
+  cloud_provider      = "aws"
+  alias               = "prod"
+  role_enabled        = "false"
+}
+```
+
+## Argument Reference
+
+* `account_id` - (Required) The unique identifier of the cloud account. e.g. for AWS: `123456789012`, 
+
+* `cloud_provider` - (Required) The cloud provider in which the account exists. Currently supported providers are `aws`, `gcp` and `azure`
+
+* `alias` - (Optional) A human friendly alias for `account_id`.
+
+* `role_enabled` - (Optional) Whether or not a role with the name `SysdigCloud` is provisioned withing this account, that Sysdig has permission to AssumeRole in order to run Benchmarks. Default: `false`.
+
+## Import
+
+Secure Teams can be imported using the `account_id`, e.g.
+
+```
+$ terraform import sysdig_secure_cloud_account.sample 123456789012
+```

website/sysdig.erb

@@ -17,11 +17,17 @@
                 <li<%= sidebar_current("docs-sysdig-secure-notification-channel-ds") %>>
                   <a href="/docs/providers/sysdig/d/sysdig_secure_notification_channel.html">sysdig_secure_notification_channel</a>
                 </li>
+                <li<%= sidebar_current("docs-sysdig-secure-trusted-cloud-identity-ds") %>>
+                  <a href="/docs/providers/sysdig/d/sysdig_secure_trusted_cloud_identity.html">sysdig_secure_trusted_cloud_identity</a>
+                </li>
               </ul>
             </li>
             <li<%= sidebar_current("docs-sysdig-secure-resources") %>>
               <a href="#">Resources</a>
               <ul class="nav nav-auto-expand">
+                <li<%= sidebar_current("docs-sysdig-secure-cloud-account") %>>
+                  <a href="/docs/providers/sysdig/r/sysdig_secure_cloud_account.html">sysdig_secure_cloud_account</a>
+                </li>
                 <li<%= sidebar_current("docs-sysdig-secure-list") %>>
                   <a href="/docs/providers/sysdig/r/sysdig_secure_list.html">sysdig_secure_list</a>
                 </li>