Merge branch 'master' into fix-malware-hashes-fields

ombellare · ombellare · commit f6894b91e216 · 2025-07-18T09:07:31.000-07:00
diff --git a/sysdig/data_source_sysdig_secure_drift_policy_test.go b/sysdig/data_source_sysdig_secure_drift_policy_test.go
@@ -157,3 +157,78 @@ data "sysdig_secure_drift_policy" "policy_2" {
 }
 `, name, name)
 }
+
+func driftPolicyWithUseRegexDataSource(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_drift_policy" "policy_1" {
+  name        = "Test Drift Policy %s"
+  description = "Test Drift Policy Description %s"
+  enabled     = true
+  severity    = 4
+
+  rule {
+    description = "Test Drift Rule Description"
+    enabled = true
+    mounted_volume_drift_enabled = true
+    use_regex = true
+
+    exceptions {
+      items = ["/usr/bin/sh"]
+    }
+    prohibited_binaries {
+      items = ["/usr/bin/curl"]
+    }
+    process_based_exceptions {
+      items = ["/usr/bin/curl"]
+    }
+    process_based_prohibited_binaries {
+      items = ["/usr/bin/sh"]
+    }
+  }
+
+  actions {
+    prevent_drift = true
+  }
+
+}
+	
+data "sysdig_secure_drift_policy" "policy_2" {
+  name       = sysdig_secure_drift_policy.policy_1.name
+  depends_on = [sysdig_secure_drift_policy.policy_1]
+}
+`, name, name)
+}
+
+func driftPolicyWithProcessExceptionsDataSource(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_drift_policy" "policy_1" {	
+  name        = "Test Drift Policy %s"
+  description = "Test Drift Policy Description %s"
+  enabled     = true
+  severity    = 4
+
+  rule {
+    description = "Test Drift Rule Description"
+    enabled = true
+	mounted_volume_drift_enabled = true
+
+    process_based_exceptions {
+      items = ["/usr/bin/curl"]
+    }
+    process_based_prohibited_binaries {
+      items = ["/usr/bin/sh"]
+    }
+  }
+
+  actions {
+    prevent_drift = true
+  }
+
+}
+	
+data "sysdig_secure_drift_policy" "policy_2" {
+  name       = sysdig_secure_drift_policy.policy_1.name
+  depends_on = [sysdig_secure_drift_policy.policy_1]
+}
+`, name, name)
+}
diff --git a/sysdig/resource_sysdig_secure_drift_policy_test.go b/sysdig/resource_sysdig_secure_drift_policy_test.go
@@ -70,6 +70,9 @@ resource "sysdig_secure_drift_policy" "sample" {
     prohibited_binaries {
       items = ["/usr/bin/curl"]
     }
+    process_based_exceptions {
+      items = ["/usr/bin/curl"]
+    }
   }
 
   actions {
@@ -106,9 +109,6 @@ resource "sysdig_secure_drift_policy" "sample" {
     }
     process_based_exceptions {
       items = ["/usr/bin/curl"]
-    } 
-    process_based_prohibited_binaries {
-      items = ["/usr/bin/sh"]
     }
   }
 
@@ -185,9 +185,6 @@ resource "sysdig_secure_drift_policy" "sample" {
     process_based_exceptions {
       items = ["/usr/bin/curl"]
     }
-    process_based_prohibited_binaries {
-      items = ["/usr/bin/sh"]
-    }
   }
 
   actions {
@@ -235,11 +232,39 @@ resource "sysdig_secure_drift_policy" "sample" {
 
   rule {
     description = "Test Drift Rule Description"
+    mounted_volume_drift_enabled = true
 
     enabled = true
+    
+    exceptions {
+      items = ["/usr/bin/sh"]
+    }
+    prohibited_binaries {
+      items = ["/usr/bin/curl"]
+    }
+    process_based_exceptions {
+      items = ["/usr/bin/curl"]
+    }
+  }
+}
+  `, name)
+}
+
+func driftPolicyWithProcessBasedAndRegexEnabled(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_drift_policy" "sample" {
+
+  name        = "Test Drift Policy %s"
+  description = "Test Drift Policy Description"
+  enabled     = true
+  severity    = 4
+
+  rule {
+    description = "Test Drift Rule Description"
     mounted_volume_drift_enabled = true
 
     enabled = true
+    use_regex = true
     
     exceptions {
       items = ["/usr/bin/sh"]
