fix: Allow severity values 1, 2, 3 and 5 in Policies (#54)

* docs: Update examples

* fix: Allow policy severity values (1,2,3,5)

* style: Format resource_sysdig_secure_policy

Author: tembleking

examples/notification.tf

@@ -1,54 +1,48 @@
 
-resource "sysdig_secure_notification_channel" "sample-email" {
+resource "sysdig_secure_notification_channel_email" "sample-email" {
   name                 = "Example Channel - Email"
   enabled              = true
-  type                 = "EMAIL"
-  recipients           = "[email protected]"
+  recipients           = ["[email protected]"]
   notify_when_ok       = false
   notify_when_resolved = false
 }
 
-resource "sysdig_secure_notification_channel" "sample-amazon-sns" {
+resource "sysdig_secure_notification_channel_sns" "sample-amazon-sns" {
   name                 = "Example Channel - Amazon SNS"
   enabled              = true
-  type                 = "SNS"
-  topics               = "arn:aws:sns:us-east-1:273107874544:my-alerts,arn:aws:sns:us-east-1:273107874544:my-alerts2"
+  topics               = ["arn:aws:sns:us-east-1:273107874544:my-alerts", "arn:aws:sns:us-east-1:273107874544:my-alerts2"]
   notify_when_ok       = false
   notify_when_resolved = false
 }
 
-resource "sysdig_secure_notification_channel" "sample-victorops" {
+resource "sysdig_secure_notification_channel_victorops" "sample-victorops" {
   name                 = "Example Channel - VictorOps"
   enabled              = true
-  type                 = "VICTOROPS"
   api_key              = "1234342-4234243-4234-2"
   routing_key          = "My team"
   notify_when_ok       = false
   notify_when_resolved = false
 }
 
-resource "sysdig_secure_notification_channel" "sample-opsgenie" {
+resource "sysdig_secure_notification_channel_opsgenie" "sample-opsgenie" {
   name                 = "Example Channel - OpsGenie"
   enabled              = true
-  type                 = "OPSGENIE"
   api_key              = "2349324-342354353-5324-23"
   notify_when_ok       = false
   notify_when_resolved = false
 }
 
-resource "sysdig_secure_notification_channel" "sample-webhook" {
+resource "sysdig_secure_notification_channel_webhook" "sample-webhook" {
   name                 = "Example Channel - Webhook"
   enabled              = true
-  type                 = "WEBHOOK"
   url                  = "localhost:8080"
   notify_when_ok       = false
   notify_when_resolved = false
 }
 
-resource "sysdig_secure_notification_channel" "sample-slack" {
+resource "sysdig_secure_notification_channel_slack" "sample-slack" {
   name                 = "Example Channel - Slack"
   enabled              = true
-  type                 = "SLACK"
   url                  = "https://hooks.slack.cwom/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX"
   channel              = "#sysdig"
   notify_when_ok       = true

examples/user.tf

@@ -1,6 +1,6 @@
 resource "sysdig_user" "sample" {
-  email      = "[email protected]"
+  email       = "[email protected]"
   system_role = "ROLE_CUSTOMER"
-  first_name = "John"
-  last_name  = "Smith"
+  first_name  = "John"
+  last_name   = "Smith"
 }

sysdig/resource_sysdig_secure_policy.go

@@ -51,10 +51,10 @@ func resourceSysdigSecurePolicy() *schema.Resource {
 				Required: true,
 			},
 			"severity": {
-				Type:         schema.TypeInt,
-				Default:      4,
-				Optional:     true,
-				ValidateFunc: validation.IntInSlice([]int{0, 4, 6, 7}),
+				Type:             schema.TypeInt,
+				Default:          4,
+				Optional:         true,
+				ValidateDiagFunc: validateDiagFunc(validation.IntBetween(0, 7)),
 			},
 			"enabled": {
 				Type:     schema.TypeBool,
@@ -100,14 +100,14 @@ func resourceSysdigSecurePolicy() *schema.Resource {
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"seconds_after_event": {
-										Type:         schema.TypeInt,
-										Required:     true,
-										ValidateFunc: validation.IntAtLeast(0),
+										Type:             schema.TypeInt,
+										Required:         true,
+										ValidateDiagFunc: validateDiagFunc(validation.IntAtLeast(0)),
 									},
 									"seconds_before_event": {
-										Type:         schema.TypeInt,
-										Required:     true,
-										ValidateFunc: validation.IntAtLeast(0),
+										Type:             schema.TypeInt,
+										Required:         true,
+										ValidateDiagFunc: validateDiagFunc(validation.IntAtLeast(0)),
 									},
 								},
 							},

sysdig/resource_sysdig_secure_policy_test.go

@@ -37,6 +37,9 @@ func TestAccPolicy(t *testing.T) {
 			{
 				Config: policyWithMinimumConfiguration(rText()),
 			},
+			{
+				Config: policiesWithDifferentSeverities(rText()),
+			},
 		},
 	})
 }
@@ -104,3 +107,28 @@ resource "sysdig_secure_policy" "sample4" {
 }
 `, name, name)
 }
+
+func policiesWithDifferentSeverities(name string) (res string) {
+	for i := 0; i <= 7; i++ {
+		res += fmt.Sprintf(`
+resource "sysdig_secure_policy" "sample_%d" {
+  name = "TERRAFORM TEST 1 %s-%d"
+  description = "TERRAFORM TEST %s-%d"
+  enabled = true
+  severity = %d
+  scope = "container.id != \"\""
+  rule_names = ["Terminal shell in container"]
+
+  actions {
+    container = "stop"
+    capture {
+      seconds_before_event = 5
+      seconds_after_event = 10
+    }
+  }
+}
+
+`, i, name, i, name, i, i)
+	}
+	return
+}

website/docs/r/sysdig_secure_policy.md

@@ -47,7 +47,7 @@ resource "sysdig_secure_policy" "write_apt_database" {
 * `description` - (Required) The description of Secure policy.
 
 * `severity` - (Optional) The severity of Secure policy. The accepted values
-    are: 0 (High), 4 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
+    are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
 
 * `enabled` - (Optional) Will secure process with this rule?. By default this is true.