feat(posture_zone): add posture zone resource (#373)

Author: filiptubic

sysdig/common.go

@@ -3,18 +3,26 @@ package sysdig
 const (
 	SchemaIDKey             = "id"
 	SchemaPoliciesKey       = "policies"
+	SchemaPolicyIDsKey      = "policy_ids"
 	SchemaNameKey           = "name"
 	SchemaTypeKey           = "type"
 	SchemaKindKey           = "kind"
 	SchemaDescriptionKey    = "description"
 	SchemaVersionKey        = "version"
 	SchemaLinkKey           = "link"
 	SchemaAuthorsKey        = "authors"
+	SchemaAuthorKey         = "author"
+	SchemaLastModifiedBy    = "last_modified_by"
+	SchemaLastUpdated       = "last_updated"
 	SchemaPublishedDateKey  = "published_date"
 	SchemaMinKubeVersionKey = "min_kube_version"
 	SchemaMaxKubeVersionKey = "max_kube_version"
 	SchemaIsCustomKey       = "is_custom"
 	SchemaIsActiveKey       = "is_active"
 	SchemaPlatformKey       = "platform"
 	SchemaZonesKey          = "zones"
+	SchemaScopeKey          = "scope"
+	SchemaScopesKey         = "scopes"
+	SchemaTargetTypeKey     = "target_type"
+	SchemaRulesKey          = "rules"
 )

sysdig/common_test.go

@@ -1,6 +1,7 @@
 package sysdig_test
 
 import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"os"
 	"strings"
 	"testing"
@@ -39,3 +40,7 @@ func sysdigOrIBMMonitorPreCheck(t *testing.T) func() {
 		}
 	}
 }
+
+func randomText(len int) string {
+	return acctest.RandStringFromCharSet(len, acctest.CharSetAlphaNum)
+}

sysdig/internal/client/v2/client.go

@@ -43,6 +43,7 @@ type Common interface {
 	UserInterface
 	TeamInterface
 	NotificationChannelInterface
+	IdentityContextInterface
 }
 
 type MonitorCommon interface {
@@ -51,6 +52,7 @@ type MonitorCommon interface {
 
 type SecureCommon interface {
 	PosturePolicyInterface
+	PostureZoneInterface
 }
 
 type Requester interface {

sysdig/internal/client/v2/identity_context.go

@@ -0,0 +1,31 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+const GetIdentityContextPath = "%s/api/identity/context"
+
+type IdentityContextInterface interface {
+	GetIdentityContext(ctx context.Context) (*IdentityContext, error)
+}
+
+func (client *Client) GetIdentityContext(ctx context.Context) (*IdentityContext, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, client.GetIdentityContextURL(), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return nil, client.ErrorFromResponse(response)
+	}
+
+	return Unmarshal[*IdentityContext](response.Body)
+}
+
+func (client *Client) GetIdentityContextURL() string {
+	return fmt.Sprintf(GetIdentityContextPath, client.config.url)
+}

sysdig/internal/client/v2/model.go

@@ -627,3 +627,52 @@ type PosturePolicy struct {
 type PostureZonePolicyListResponse struct {
 	Data []PosturePolicy `json:"data"`
 }
+
+type PostureZoneScope struct {
+	ID         string `json:"id,omitempty"`
+	TargetType string `json:"targetType"`
+	Rules      string `json:"rules"`
+}
+
+type PostureZonePolicySlim struct {
+	ID   string `json:"id,omitempty"`
+	Name string `json:"name"`
+	Type int    `json:"type"`
+	Kind int    `json:"kind"`
+}
+
+type PostureZone struct {
+	ID             string                  `json:"id"`
+	Name           string                  `json:"name"`
+	Description    string                  `json:"description"`
+	Author         string                  `json:"author"`
+	LastModifiedBy string                  `json:"lastModifiedBy"`
+	LastUpdated    string                  `json:"lastUpdated"`
+	IsSystem       bool                    `json:"isSystem"`
+	Scopes         []PostureZoneScope      `json:"scopes"`
+	Policies       []PostureZonePolicySlim `json:"policies"`
+}
+
+type PostureZoneRequest struct {
+	ID          string             `json:"id"`
+	Name        string             `json:"name"`
+	Description string             `json:"description"`
+	PolicyIDs   []string           `json:"policyIds"`
+	Scopes      []PostureZoneScope `json:"scopes"`
+	Username    string             `json:"username"`
+}
+
+type PostureZoneResponse struct {
+	Data PostureZone `json:"data"`
+}
+
+type IdentityContext struct {
+	IdentityType       string `json:"identityType"`
+	CustomerID         int    `json:"customerId"`
+	TeamID             int    `json:"teamId"`
+	TeamName           string `json:"teamName"`
+	UserID             int    `json:"userId"`
+	Username           string `json:"username"`
+	ServiceAccountID   int    `json:"serviceAccountId"`
+	ServiceAccountName string `json:"serviceAccountName"`
+}

sysdig/internal/client/v2/posture_zones.go

@@ -0,0 +1,80 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+const (
+	ZonesPath = "%s/api/cspm/v1/policy/zones"
+	ZonePath  = "%s/api/cspm/v1/policy/zones/%d"
+)
+
+type PostureZoneInterface interface {
+	Base
+	CreateOrUpdatePostureZone(ctx context.Context, z *PostureZoneRequest) (*PostureZone, error)
+	GetPostureZone(ctx context.Context, id int) (*PostureZone, error)
+	DeletePostureZone(ctx context.Context, id int) error
+}
+
+func (client *Client) CreateOrUpdatePostureZone(ctx context.Context, r *PostureZoneRequest) (*PostureZone, error) {
+	if r.ID == "" {
+		r.ID = "0"
+	}
+
+	payload, err := Marshal(r)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := client.requester.Request(ctx, http.MethodPost, client.createZoneURL(), payload)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	wrapper, err := Unmarshal[PostureZoneResponse](response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return &wrapper.Data, nil
+}
+
+func (client *Client) GetPostureZone(ctx context.Context, id int) (*PostureZone, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, client.getZoneURL(id), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	wrapper, err := Unmarshal[PostureZoneResponse](response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return &wrapper.Data, nil
+}
+
+func (client *Client) DeletePostureZone(ctx context.Context, id int) error {
+	response, err := client.requester.Request(ctx, http.MethodDelete, client.getZoneURL(id), nil)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK && response.StatusCode != http.StatusNotFound {
+		return client.ErrorFromResponse(response)
+	}
+
+	return nil
+}
+
+func (client *Client) createZoneURL() string {
+	return fmt.Sprintf(ZonesPath, client.config.url)
+}
+
+func (client *Client) getZoneURL(id int) string {
+	return fmt.Sprintf(ZonePath, client.config.url, id)
+}

sysdig/provider.go

@@ -151,6 +151,7 @@ func Provider() *schema.Provider {
 			"sysdig_monitor_notification_channel_msteams":   resourceSysdigMonitorNotificationChannelMSTeams(),
 			"sysdig_monitor_team":                           resourceSysdigMonitorTeam(),
 			"sysdig_monitor_cloud_account":                  resourceSysdigMonitorCloudAccount(),
+			"sysdig_secure_posture_zone":                    resourceSysdigSecurePostureZone(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_trusted_cloud_identity": dataSourceSysdigSecureTrustedCloudIdentity(),