Merge branch 'master' into issue/612

Author: bashbang

sysdig/data_source_sysdig_secure_zone.go

@@ -0,0 +1,124 @@
+package sysdig
+
+import (
+	"context"
+	"fmt"
+	v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2"
+	"strconv"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceSysdigSecureZone() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigSecureZoneRead,
+
+		Schema: map[string]*schema.Schema{
+			SchemaDescriptionKey: {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			SchemaIsSystemKey: {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			SchemaAuthorKey: {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			SchemaLastModifiedBy: {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			SchemaLastUpdated: {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			SchemaScopeKey: {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						SchemaIDKey: {
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+						SchemaTargetTypeKey: {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						SchemaRulesKey: {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"id": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ExactlyOneOf: []string{"id", "name"},
+				Description:  "The ID of the zone to retrieve.",
+			},
+			"name": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ExactlyOneOf: []string{"id", "name"},
+				Description:  "The name of the zone to retrieve.",
+			},
+		},
+	}
+}
+
+func dataSourceSysdigSecureZoneRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	client, err := getZoneClient(m.(SysdigClients))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	var zone *v2.Zone
+	zoneIDRaw, hasZoneID := d.GetOk("id")
+	if hasZoneID {
+		zoneID, err := strconv.Atoi(zoneIDRaw.(string))
+		if err != nil {
+			return diag.FromErr(fmt.Errorf("invalid zone id: %s", err))
+		}
+		zone, err = client.GetZoneById(ctx, zoneID)
+		if err != nil {
+			return diag.FromErr(fmt.Errorf("error fetching zone by ID: %s", err))
+		}
+	} else if nameRaw, hasName := d.GetOk("name"); hasName {
+		name := nameRaw.(string)
+		zones, err := client.GetZones(ctx, name)
+		if err != nil {
+			return diag.FromErr(fmt.Errorf("error fetching zones: %s", err))
+		}
+		for _, z := range zones {
+			if z.Name == name {
+				zone = &z
+				break
+			}
+		}
+		if zone == nil {
+			return diag.FromErr(fmt.Errorf("zone with name '%s' not found", name))
+		}
+	} else {
+		return diag.FromErr(fmt.Errorf("either id or name must be specified"))
+	}
+
+	d.SetId(fmt.Sprintf("%d", zone.ID))
+	_ = d.Set(SchemaNameKey, zone.Name)
+	_ = d.Set(SchemaDescriptionKey, zone.Description)
+	_ = d.Set(SchemaIsSystemKey, zone.IsSystem)
+	_ = d.Set(SchemaAuthorKey, zone.Author)
+	_ = d.Set(SchemaLastModifiedBy, zone.LastModifiedBy)
+	_ = d.Set(SchemaLastUpdated, time.UnixMilli(zone.LastUpdated).Format(time.RFC3339))
+
+	if err := d.Set(SchemaScopeKey, fromZoneScopesResponse(zone.Scopes)); err != nil {
+		return diag.FromErr(fmt.Errorf("error setting scope: %s", err))
+	}
+
+	return nil
+}

sysdig/data_source_sysdig_secure_zone_test.go

@@ -0,0 +1,62 @@
+//go:build tf_acc_sysdig_secure || tf_acc_onprem_secure
+
+package sysdig_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+)
+
+func TestAccDataSourceSysdigSecureZone(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: preCheckAnyEnv(t, SysdigSecureApiTokenEnv),
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceSysdigSecureZoneConfig(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_zone.test", "name", "test-secure-zone"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_zone.test", "description"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_zone.test", "is_system"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_zone.test", "author"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_zone.test", "last_modified_by"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_zone.test", "last_updated"),
+					resource.TestCheckTypeSetElemNestedAttrs(
+						"data.sysdig_secure_zone.test",
+						"scope.*",
+						map[string]string{
+							"target_type": "aws",
+							"rules":       "organization in (\"o1\", \"o2\") and account in (\"a1\", \"a2\")",
+						},
+					),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceSysdigSecureZoneConfig() string {
+	return `
+resource "sysdig_secure_zone" "sample" {
+  name        = "test-secure-zone"
+  description = "Test secure zone"
+  scope {
+    target_type = "aws"
+    rules       = "organization in (\"o1\", \"o2\") and account in (\"a1\", \"a2\")"
+  }
+}
+
+data "sysdig_secure_zone" "test" {
+  depends_on = ["sysdig_secure_zone.sample"]
+  name       = "test-secure-zone"
+}
+	`
+}

sysdig/internal/client/v2/client.go

@@ -60,6 +60,7 @@ type SecureCommon interface {
 	PostureControlInterface
 	PostureAcceptRiskInterface
 	PostureVulnerabilityAcceptRiskInterface
+	ZoneInterface
 }
 
 type Requester interface {

sysdig/internal/client/v2/client_test.go

@@ -57,7 +57,6 @@ func TestUnmarshal(t *testing.T) {
 }
 
 func TestClient_ErrorFromResponse_non_json(t *testing.T) {
-
 	givenPayload := "non json body"
 	expected := "401 Unauthorized"
 	c := Client{}
@@ -111,7 +110,6 @@ func TestClient_ErrorFromResponse_standard_error_format(t *testing.T) {
 }
 
 func TestClient_ErrorFromResponse_standard_error_format_2(t *testing.T) {
-
 	givenPayload := `
 	{
 		"timestamp" : 1715255725613,

sysdig/internal/client/v2/model.go

@@ -1223,3 +1223,31 @@ type AgentAccessKeyWriteWrapper struct {
 type OrganizationSecure struct {
 	cloudauth.CloudOrganization
 }
+
+type ZonesWrapper struct {
+	Zones []Zone `json:"data"`
+}
+
+type ZoneRequest struct {
+	ID          int         `json:"id,omitempty"`
+	Name        string      `json:"name"`
+	Description string      `json:"description,omitempty"`
+	Scopes      []ZoneScope `json:"scopes"`
+}
+
+type Zone struct {
+	ID             int         `json:"id"`
+	Name           string      `json:"name"`
+	Description    string      `json:"description,omitempty"`
+	Author         string      `json:"author"`
+	LastModifiedBy string      `json:"lastModifiedBy,omitempty"`
+	LastUpdated    int64       `json:"lastUpdated,omitempty"`
+	IsSystem       bool        `json:"isSystem"`
+	Scopes         []ZoneScope `json:"scopes"`
+}
+
+type ZoneScope struct {
+	ID         int    `json:"id,omitempty"`
+	TargetType string `json:"targetType"`
+	Rules      string `json:"rules"`
+}

sysdig/internal/client/v2/posture_zones.go

@@ -7,8 +7,8 @@ import (
 )
 
 const (
-	ZonesPath = "%s/api/cspm/v1/policy/zones"
-	ZonePath  = "%s/api/cspm/v1/policy/zones/%d"
+	PostureZonesPath = "%s/api/cspm/v1/policy/zones"
+	PostureZonePath  = "%s/api/cspm/v1/policy/zones/%d"
 )
 
 type PostureZoneInterface interface {
@@ -28,7 +28,7 @@ func (client *Client) CreateOrUpdatePostureZone(ctx context.Context, r *PostureZ
 		return nil, "", err
 	}
 
-	response, err := client.requester.Request(ctx, http.MethodPost, client.createZoneURL(), payload)
+	response, err := client.requester.Request(ctx, http.MethodPost, client.createPostureZoneURL(), payload)
 	if err != nil {
 		return nil, "", err
 	}
@@ -48,7 +48,7 @@ func (client *Client) CreateOrUpdatePostureZone(ctx context.Context, r *PostureZ
 }
 
 func (client *Client) GetPostureZone(ctx context.Context, id int) (*PostureZone, error) {
-	response, err := client.requester.Request(ctx, http.MethodGet, client.getZoneURL(id), nil)
+	response, err := client.requester.Request(ctx, http.MethodGet, client.getPostureZoneURL(id), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -63,7 +63,7 @@ func (client *Client) GetPostureZone(ctx context.Context, id int) (*PostureZone,
 }
 
 func (client *Client) DeletePostureZone(ctx context.Context, id int) error {
-	response, err := client.requester.Request(ctx, http.MethodDelete, client.getZoneURL(id), nil)
+	response, err := client.requester.Request(ctx, http.MethodDelete, client.getPostureZoneURL(id), nil)
 	if err != nil {
 		return err
 	}
@@ -76,10 +76,10 @@ func (client *Client) DeletePostureZone(ctx context.Context, id int) error {
 	return nil
 }
 
-func (client *Client) createZoneURL() string {
-	return fmt.Sprintf(ZonesPath, client.config.url)
+func (client *Client) createPostureZoneURL() string {
+	return fmt.Sprintf(PostureZonesPath, client.config.url)
 }
 
-func (client *Client) getZoneURL(id int) string {
-	return fmt.Sprintf(ZonePath, client.config.url, id)
+func (client *Client) getPostureZoneURL(id int) string {
+	return fmt.Sprintf(PostureZonePath, client.config.url, id)
 }