feat(policies): data source falco rules (#344)

* initial implementation for data source for falco rules

* separate implementation of sysdig_secure_rule_falco from sysdig_secure_rule_falco_count.  Add tests

* add documentation for data sources

* switch fields to computed for data source

Author: Ben Lucas

sysdig/data_source_sysdig_secure_rule_falco.go

@@ -0,0 +1,119 @@
+package sysdig
+
+import (
+	"context"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceSysdigSecureRuleFalco() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigRuleFalcoRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: createRuleDataSourceSchema(map[string]*schema.Schema{
+			"source": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				Default:          "",
+				ValidateDiagFunc: validateDiagFunc(validateFalcoRuleSource),
+			},
+			"index": {
+				Type:     schema.TypeInt,
+				Optional: true,
+				Default:  0,
+			},
+			"condition": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"output": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"priority": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"append": {
+
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"exceptions": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"comps": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"values": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"fields": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+					},
+				},
+			},
+		}),
+	}
+}
+
+func dataSourceSysdigRuleFalcoRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, err := getSecureRuleClient(meta.(SysdigClients))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	ruleName := d.Get("name").(string)
+	ruleType := d.Get("source").(string)
+	ruleIndex := d.Get("index").(int)
+	rules, err := client.GetRuleGroup(ctx, ruleName, ruleType)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	if len(rules) == 0 {
+		return diag.Errorf("unable to find rule")
+	}
+
+	if ruleIndex >= len(rules) {
+		return diag.Errorf("unable to find rule at the index provided")
+	}
+	rule := rules[ruleIndex]
+
+	ruleDataSourceToResourceData(rule, d)
+
+	if rule.Details.Condition != nil {
+		_ = d.Set("condition", rule.Details.Condition.Condition)
+	}
+	_ = d.Set("output", rule.Details.Output)
+	_ = d.Set("priority", rule.Details.Priority)
+	_ = d.Set("source", rule.Details.Source)
+	if rule.Details.Append != nil {
+		_ = d.Set("append", *rule.Details.Append)
+	}
+	if err := updateResourceDataExceptions(d, rule.Details.Exceptions); err != nil {
+		return diag.FromErr(err)
+	}
+
+	return nil
+}

sysdig/data_source_sysdig_secure_rule_falco_count.go

@@ -0,0 +1,59 @@
+package sysdig
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceSysdigSecureRuleFalcoCount() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigRuleFalcoCountRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"source": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				Default:          "",
+				ValidateDiagFunc: validateDiagFunc(validateFalcoRuleSource),
+			},
+			"rule_count": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceSysdigRuleFalcoCountRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, err := getSecureRuleClient(meta.(SysdigClients))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	ruleName := d.Get("name").(string)
+	ruleType := d.Get("source").(string)
+	rules, err := client.GetRuleGroup(ctx, ruleName, ruleType)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(fmt.Sprintf("count_%s", ruleName))
+	_ = d.Set("name", ruleName)
+	_ = d.Set("rule_count", len(rules))
+
+	return nil
+}

sysdig/data_source_sysdig_secure_rule_falco_count_test.go

@@ -0,0 +1,77 @@
+//go:build tf_acc_sysdig || tf_acc_sysdig_secure || tf_acc_policies
+
+package sysdig_test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+)
+
+func TestAccRuleFalcoCountDataSource(t *testing.T) {
+	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: ruleFalcoCountDataSource(rText()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_rule_falco_count.data_terminal_shell", "rule_count", "1"),
+				),
+			},
+			{
+				Config: ruleFalcoCountDataSourceWithAppends(rText()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_rule_falco_count.data_terminal_shell", "rule_count", "2"),
+				),
+			},
+		},
+	})
+}
+
+func ruleFalcoCountDataSource(name string) string {
+	return fmt.Sprintf(`
+%s
+
+data "sysdig_secure_rule_falco_count" "data_terminal_shell" {
+	name = "TERRAFORM TEST %s - Terminal Shell"
+	depends_on = [ sysdig_secure_rule_falco.terminal_shell ]
+}
+`, ruleFalcoTerminalShell(name), name)
+}
+
+func ruleFalcoCountDataSourceWithAppends(name string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "sysdig_secure_rule_falco" "terminal_shell_append" {
+	name = "TERRAFORM TEST %s - Terminal Shell"
+  
+	condition = "and never_true"
+	source = "syscall" // syscall or k8s_audit
+	append = true
+	depends_on = [ sysdig_secure_rule_falco.terminal_shell ]
+}
+
+data "sysdig_secure_rule_falco_count" "data_terminal_shell" {
+	name = "TERRAFORM TEST %s - Terminal Shell"
+	depends_on = [ sysdig_secure_rule_falco.terminal_shell, sysdig_secure_rule_falco.terminal_shell_append ]
+}
+`, ruleFalcoTerminalShell(name), name, name)
+}

sysdig/data_source_sysdig_secure_rule_falco_test.go

@@ -0,0 +1,89 @@
+//go:build tf_acc_sysdig || tf_acc_sysdig_secure || tf_acc_policies
+
+package sysdig_test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+)
+
+func TestAccRuleFalcoDataSource(t *testing.T) {
+	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
+	rTextForAppendTest := rText()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: ruleFalcoDataSource(rText()),
+			},
+			{
+				Config: setupRuleFalcoDataSourceWithAppends(rTextForAppendTest),
+			},
+			{
+				Config: ruleFalcoDataSourceWithAppends(rTextForAppendTest),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_rule_falco.data_terminal_shell.0", "id"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_rule_falco.data_terminal_shell.1", "id"),
+				),
+			},
+		},
+	})
+}
+
+func ruleFalcoDataSource(name string) string {
+	return fmt.Sprintf(`
+%s
+
+data "sysdig_secure_rule_falco" "data_terminal_shell" {
+	name = "TERRAFORM TEST %s - Terminal Shell"
+	depends_on = [ sysdig_secure_rule_falco.terminal_shell ]
+}
+`, ruleFalcoTerminalShell(name), name)
+}
+
+func setupRuleFalcoDataSourceWithAppends(name string) string {
+	return fmt.Sprintf(`
+	%s
+
+	resource "sysdig_secure_rule_falco" "terminal_shell_append" {
+		name = "TERRAFORM TEST %s - Terminal Shell"
+
+		condition = "and never_true"
+		source = "syscall" // syscall or k8s_audit
+		append = true
+		depends_on = [ sysdig_secure_rule_falco.terminal_shell ]
+	}
+`, ruleFalcoTerminalShell(name), name)
+}
+func ruleFalcoDataSourceWithAppends(name string) string {
+	return fmt.Sprintf(`
+data "sysdig_secure_rule_falco_count" "terminal_shell_count" {
+	name = "TERRAFORM TEST %s - Terminal Shell"
+}
+
+data "sysdig_secure_rule_falco" "data_terminal_shell" {
+	count = data.sysdig_secure_rule_falco_count.terminal_shell_count.rule_count
+	name = "TERRAFORM TEST %s - Terminal Shell"
+	index = "${count.index}"
+
+	depends_on = [ data.sysdig_secure_rule_falco_count.terminal_shell_count ]
+}
+`, name, name)
+}

sysdig/internal/client/v2/model.go

@@ -260,6 +260,7 @@ type Rule struct {
 
 const (
 	RuleTypeContainer  = "CONTAINER"
+	RuleTypeFalco      = "FALCO"
 	RuleTypeFilesystem = "FILESYSTEM"
 )
 

sysdig/provider.go

@@ -131,6 +131,8 @@ func Provider() *schema.Provider {
 			"sysdig_secure_managed_policy":         dataSourceSysdigSecureManagedPolicy(),
 			"sysdig_secure_managed_ruleset":        dataSourceSysdigSecureManagedRuleset(),
 			"sysdig_secure_rule_container":         dataSourceSysdigSecureRuleContainer(),
+			"sysdig_secure_rule_falco":             dataSourceSysdigSecureRuleFalco(),
+			"sysdig_secure_rule_falco_count":       dataSourceSysdigSecureRuleFalcoCount(),
 			"sysdig_secure_rule_filesystem":        dataSourceSysdigSecureRuleFilesystem(),
 
 			"sysdig_current_user":      dataSourceSysdigCurrentUser(),