Update Terraform provider to v2 + Add acceptance tests

Signed-off-by: Federico Barcelona <[email protected]>

Author: tembleking

examples/create-secure-policy/notification.tf

@@ -0,0 +1,56 @@
+
+resource "sysdig_secure_notification_channel" "sample-email" {
+  name = "Example Channel - Email"
+  enabled = true
+  type = "EMAIL"
+  recipients = "[email protected]"
+  notify_when_ok = false
+  notify_when_resolved = false
+}
+
+resource "sysdig_secure_notification_channel" "sample-amazon-sns" {
+  name = "Example Channel - Amazon SNS"
+  enabled = true
+  type = "SNS"
+  topics = "arn:aws:sns:us-east-1:273107874544:my-alerts,arn:aws:sns:us-east-1:273107874544:my-alerts2"
+  notify_when_ok = false
+  notify_when_resolved = false
+}
+
+resource "sysdig_secure_notification_channel" "sample-victorops" {
+  name = "Example Channel - VictorOps"
+  enabled = true
+  type = "VICTOROPS"
+  api_key = "1234342-4234243-4234-2"
+  routing_key = "My team"
+  notify_when_ok = false
+  notify_when_resolved = false
+}
+
+resource "sysdig_secure_notification_channel" "sample-opsgenie" {
+  name = "Example Channel - OpsGenie"
+  enabled = true
+  type = "OPSGENIE"
+  api_key = "2349324-342354353-5324-23"
+  notify_when_ok = false
+  notify_when_resolved = false
+}
+
+resource "sysdig_secure_notification_channel" "sample-webhook" {
+  name = "Example Channel - Webhook"
+  enabled = true
+  type = "WEBHOOK"
+  url = "localhost:8080"
+  notify_when_ok = false
+  notify_when_resolved = false
+}
+
+resource "sysdig_secure_notification_channel" "sample-slack" {
+  name = "Example Channel - Slack"
+  enabled = true
+  type = "SLACK"
+  url = "https://hooks.slack.cwom/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX"
+  channel = "#sysdig"
+  notify_when_ok = true
+  notify_when_resolved = true
+}

examples/create-secure-policy/policy.tf

@@ -0,0 +1,19 @@
+
+resource "sysdig_secure_policy" "sample" {
+  name = "Other example of Policy"
+  description = "this is other example of policy"
+  enabled = true
+  severity = 4
+  scope = "container.id != \"\""
+  rule_names = ["Terminal shell in container"]
+
+  actions {
+    container = "stop"
+    capture {
+      seconds_before_event = 5
+      seconds_after_event = 10
+    }
+  }
+
+  notification_channels = [10000]
+}

examples/create-secure-policy/rules.tf

@@ -0,0 +1,70 @@
+resource "sysdig_secure_rule_container" "sample" {
+  name = "Other example of Policy"
+  description = "this is other example of policy"
+  tags = ["container", "cis"]
+
+  matching = true // default
+  containers = ["foo", "foo:bar"]
+}
+
+resource "sysdig_secure_rule_filesystem"  "foo" {
+  name = "Other example of Policy"
+  description = "this is other example of policy"
+  tags = ["filesystem", "cis"]
+
+  read_only {
+    matching = true // default
+    paths = ["/etc"]
+  }
+
+  read_write {
+    matching = true // default
+    paths = ["/tmp"]
+  }
+}
+
+resource "sysdig_secure_rule_network" "foo" {
+  name = "Other example of Policy" // ID
+  description = "this is other example of policy"
+  tags = ["network", "cis"]
+
+  block_inbound = true
+  block_outbound = true
+
+  tcp {
+    matching = true // default
+    ports = [80, 443]
+  }
+
+  udp {
+    matching = true // default
+    ports = [80, 443]
+  }
+}
+
+resource "sysdig_secure_rule_process" "foo" {
+  name = "Other example of Policy" // ID
+  description = "this is other example of policy"
+
+  matching = true // default
+  processes = ["bash"]
+}
+
+resource "sysdig_secure_rule_syscall" "foo" {
+  name = "Other example of Policy" // ID
+  description = "this is other example of policy"
+
+  matching = true // default
+  syscalls = ["open", "execve"]
+}
+
+resource "sysdig_secure_rule_falco" "foo" {
+  name = "Other example of Policy" // ID
+  description = "this is other example of policy"
+  tags = ["container", "shell", "mitre_execution"]
+
+  condition = "spawned_process and container and shell_procs and proc.tty != 0 and container_entrypoint"
+  output = "A shell was spawned in a container with an attached terminal (user=%user.name %container.info shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline terminal=%proc.tty container_id=%container.id image=%container.image.repository)"
+  priority = "notice"
+  source = "syscall" // syscall or k8s_audit
+}

go.mod

@@ -2,4 +2,4 @@ module github.com/draios/terraform-provider-sysdig
 
 go 1.12
 
-require github.com/hashicorp/terraform v0.12.8
+require github.com/hashicorp/terraform-plugin-sdk v1.0.0

go.sum

@@ -2,7 +2,7 @@ package main
 
 import (
 	"github.com/draios/terraform-provider-sysdig/sysdig"
-	"github.com/hashicorp/terraform/plugin"
+	"github.com/hashicorp/terraform-plugin-sdk/plugin"
 )
 
 func main() {

main.go

@@ -1,8 +1,8 @@
 package sysdig
 
 import (
-	"github.com/hashicorp/terraform/helper/schema"
-	"github.com/hashicorp/terraform/terraform"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
 
 	"github.com/draios/terraform-provider-sysdig/sysdig/secure"
 )
@@ -13,6 +13,7 @@ func Provider() terraform.ResourceProvider {
 			"sysdig_secure_api_token": {
 				Type:        schema.TypeString,
 				Required:    true,
+				Sensitive:   true,
 				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_SECURE_API_TOKEN", nil),
 			},
 			"sysdig_secure_url": {
@@ -23,9 +24,13 @@ func Provider() terraform.ResourceProvider {
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_policy":               resourceSysdigSecurePolicy(),
-			"sysdig_secure_user_rules_file":      resourceSysdigSecureUserRulesFile(),
 			"sysdig_secure_notification_channel": resourceSysdigSecureNotificationChannel(),
-			"sysdig_secure_policies_priority":    resourceSysdigSecurePoliciesPriority(),
+			"sysdig_secure_rule_container":       resourceSysdigSecureRuleContainer(),
+			"sysdig_secure_rule_filesystem":      resourceSysdigSecureRuleFilesystem(),
+			"sysdig_secure_rule_network":         resourceSysdigSecureRuleNetwork(),
+			"sysdig_secure_rule_process":         resourceSysdigSecureRuleProcess(),
+			"sysdig_secure_rule_syscall":         resourceSysdigSecureRuleSyscall(),
+			"sysdig_secure_rule_falco":           resourceSysdigSecureRuleFalco(),
 		},
 		ConfigureFunc: providerConfigure,
 	}

sysdig/provider.go

@@ -7,7 +7,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 
 	"github.com/draios/terraform-provider-sysdig/sysdig/secure"
 )
@@ -87,6 +87,11 @@ func resourceSysdigSecureNotificationChannel() *schema.Resource {
 				Type:     schema.TypeInt,
 				Computed: true,
 			},
+			"send_test_notification": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
 		},
 	}
 }
@@ -136,6 +141,7 @@ func resourceSysdigNotificationChannelRead(d *schema.ResourceData, meta interfac
 	d.Set("routing_key", nc.Options.RoutingKey)
 	d.Set("notify_when_ok", nc.Options.NotifyOnOk)
 	d.Set("notify_when_resolved", nc.Options.NotifyOnResolve)
+	d.Set("send_test_notification", nc.Options.SendTestNotification)
 
 	// When we receive a notification channel of type OpsGenie,
 	// the API sends us the URL, but we are configuring the API
@@ -200,8 +206,9 @@ func notificationChannelFromResourceData(d *schema.ResourceData) (nc secure.Noti
 		Enabled: d.Get("enabled").(bool),
 		Type:    channelType,
 		Options: secure.NotificationChannelOptions{
-			NotifyOnOk:      d.Get("notify_when_ok").(bool),
-			NotifyOnResolve: d.Get("notify_when_resolved").(bool),
+			NotifyOnOk:           d.Get("notify_when_ok").(bool),
+			NotifyOnResolve:      d.Get("notify_when_resolved").(bool),
+			SendTestNotification: d.Get("send_test_notification").(bool),
 		},
 	}
 

sysdig/resource_sysdig_secure_notification_channel.go

@@ -0,0 +1,122 @@
+package sysdig_test
+
+import (
+	"fmt"
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+	"os"
+	"testing"
+)
+
+func TestAccNotificationChannel(t *testing.T) {
+	//var ncBefore, ncAfter secure.NotificationChannel
+
+	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		Providers: map[string]terraform.ResourceProvider{
+			"sysdig": sysdig.Provider(),
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: notificationChannelEmailWithName(rText()),
+			},
+			{
+				Config: notificationChannelAmazonSNSWithName(rText()),
+			},
+			{
+				Config: notificationChannelOpsGenieWithName(rText()),
+			},
+			{
+				Config: notificationChannelVictorOpsWithName(rText()),
+			},
+			{
+				Config: notificationChannelWebhookWithName(rText()),
+			},
+			{
+				Config: notificationChannelSlackWithName(rText()),
+			},
+		},
+	})
+}
+
+func notificationChannelEmailWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_notification_channel" "sample_email" {
+	name = "%s"
+	enabled = true
+	type = "EMAIL"
+	recipients = "[email protected]"
+	notify_when_ok = false
+	notify_when_resolved = false
+}`, name)
+}
+
+func notificationChannelAmazonSNSWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_notification_channel" "sample-amazon-sns" {
+	name = "Example Channel %s - Amazon SNS"
+	enabled = true
+	type = "SNS"
+	topics = "arn:aws:sns:us-east-1:273489009834:my-alerts,arn:aws:sns:us-east-1:279948934544:my-alerts2"
+	notify_when_ok = false
+	notify_when_resolved = false
+}`, name)
+}
+
+func notificationChannelVictorOpsWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_notification_channel" "sample-victorops" {
+	name = "Example Channel %s - VictorOps"
+	enabled = true
+	type = "VICTOROPS"
+	api_key = "1234342-4234243-4234-2"
+	routing_key = "My team"
+	notify_when_ok = false
+	notify_when_resolved = false
+}`, name)
+}
+
+func notificationChannelOpsGenieWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_notification_channel" "sample-opsgenie" {
+	name = "Example Channel %s - OpsGenie"
+	enabled = true
+	type = "OPSGENIE"
+	api_key = "2349324-342354353-5324-23"
+	notify_when_ok = false
+	notify_when_resolved = false
+}`, name)
+}
+
+func notificationChannelWebhookWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_notification_channel" "sample-webhook" {
+	name = "Example Channel %s - Webhook"
+	enabled = true
+	type = "WEBHOOK"
+	url = "localhost:8080"
+	notify_when_ok = false
+	notify_when_resolved = false
+}`, name)
+}
+
+func notificationChannelSlackWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_notification_channel" "sample-slack" {
+	name = "Example Channel %s - Slack"
+	enabled = true
+	type = "SLACK"
+	url = "https://hooks.slack.cwom/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX"
+	channel = "#sysdig"
+	notify_when_ok = true
+	notify_when_resolved = true
+}`, name)
+}