From a8a081d70eadfc0c6d201c661103871ae601a2d6 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 25 Feb 2025 10:55:08 -0800 Subject: [PATCH 01/17] add stateful policy and rule support --- sysdig/internal/client/v2/model.go | 15 +- sysdig/internal/client/v2/rules.go | 101 ++++++- sysdig/provider.go | 1 + sysdig/resource_sysdig_secure_policy.go | 1 + .../resource_sysdig_secure_rule_stateful.go | 276 ++++++++++++++++++ ...source_sysdig_secure_rule_stateful_test.go | 53 ++++ 6 files changed, 436 insertions(+), 11 deletions(-) create mode 100644 sysdig/resource_sysdig_secure_rule_stateful.go create mode 100644 sysdig/resource_sysdig_secure_rule_stateful_test.go diff --git a/sysdig/internal/client/v2/model.go b/sysdig/internal/client/v2/model.go index 17047bbf8..c9b93c056 100644 --- a/sysdig/internal/client/v2/model.go +++ b/sysdig/internal/client/v2/model.go @@ -520,12 +520,15 @@ type Rule struct { } const ( - RuleTypeContainer = "CONTAINER" - RuleTypeFalco = "FALCO" - RuleTypeFilesystem = "FILESYSTEM" - RuleTypeNetwork = "NETWORK" - RuleTypeProcess = "PROCESS" - RuleTypeSyscall = "SYSCALL" + RuleTypeContainer = "CONTAINER" + RuleTypeFalco = "FALCO" + RuleTypeFilesystem = "FILESYSTEM" + RuleTypeNetwork = "NETWORK" + RuleTypeProcess = "PROCESS" + RuleTypeSyscall = "SYSCALL" + RuleTypeStatefulSequence = "STATEFUL_SEQUENCE" + StatefulUniqPercentRuleType = "STATEFUL_UNIQ_PERCENT" + StatefulCountRuleType = "STATEFUL_COUNT" ) type Details struct { diff --git a/sysdig/internal/client/v2/rules.go b/sysdig/internal/client/v2/rules.go index b151fd5d8..5194c4b37 100644 --- a/sysdig/internal/client/v2/rules.go +++ b/sysdig/internal/client/v2/rules.go @@ -8,11 +8,15 @@ import ( ) const ( - CreateRulePath = "%s/api/secure/rules?skipPolicyV2Msg=%t" - GetRuleByIDPath = "%s/api/secure/rules/%d" - UpdateRulePath = "%s/api/secure/rules/%d?skipPolicyV2Msg=%t" - DeleteURLPath = "%s/api/secure/rules/%d?skipPolicyV2Msg=%t" - GetRuleGroupPath = "%s/api/secure/rules/groups?name=%s&type=%s" + CreateRulePath = "%s/api/secure/rules?skipPolicyV2Msg=%t" + GetRuleByIDPath = "%s/api/secure/rules/%d" + UpdateRulePath = "%s/api/secure/rules/%d?skipPolicyV2Msg=%t" + DeleteURLPath = "%s/api/secure/rules/%d?skipPolicyV2Msg=%t" + GetRuleGroupPath = "%s/api/secure/rules/groups?name=%s&type=%s" + CreateStatefulRulePath = "%s/api/policies/v3/statefulRules" + UpdateStatefulRulePath = "%s/api/policies/v3/statefulRules/%d" + DeleteStatefulRulePath = "%s/api/policies/v3/statefulRules/%d" + GetStatefulRuleGroupPath = "%s/api/policies/v3/statefulRules/groups?name=%s&type=%s" ) type RuleInterface interface { @@ -22,6 +26,10 @@ type RuleInterface interface { UpdateRule(ctx context.Context, rule Rule) (Rule, error) DeleteRule(ctx context.Context, ruleID int) error GetRuleGroup(ctx context.Context, ruleName string, ruleType string) ([]Rule, error) + CreateStatefulRule(ctx context.Context, rule Rule) (Rule, error) + UpdateStatefulRule(ctx context.Context, rule Rule) (Rule, error) + DeleteStatefulRule(ctx context.Context, ruleID int) error + GetStatefulRuleGroup(ctx context.Context, ruleName string, ruleType string) ([]Rule, error) } func (client *Client) CreateRule(ctx context.Context, rule Rule) (Rule, error) { @@ -125,3 +133,86 @@ func (client *Client) DeleteRuleURL(ruleID int) string { func (client *Client) GetRuleGroupURL(ruleName string, ruleType string) string { return fmt.Sprintf(GetRuleGroupPath, client.config.url, url.QueryEscape(ruleName), url.QueryEscape(ruleType)) } + +func (client *Client) CreateStatefulRuleURL() string { + return fmt.Sprintf(CreateStatefulRulePath, client.config.url) +} + +func (client *Client) UpdateStatefulRuleURL(ruleID int) string { + return fmt.Sprintf(UpdateStatefulRulePath, client.config.url, ruleID) +} + +func (client *Client) DeleteStatefulRuleURL(ruleID int) string { + return fmt.Sprintf(DeleteStatefulRulePath, client.config.url, ruleID) +} + +func (client *Client) GetStatefulRuleGroupURL(ruleName string, ruleType string) string { + return fmt.Sprintf(GetStatefulRuleGroupPath, client.config.url, url.QueryEscape(ruleName), url.QueryEscape(ruleType)) +} + +func (client *Client) CreateStatefulRule(ctx context.Context, rule Rule) (Rule, error) { + payload, err := Marshal(rule) + if err != nil { + return Rule{}, err + } + response, err := client.requester.Request(ctx, http.MethodPost, client.CreateStatefulRuleURL(), payload) + if err != nil { + return Rule{}, err + } + defer response.Body.Close() + + if response.StatusCode != http.StatusOK { + return Rule{}, client.ErrorFromResponse(response) + } + + return Unmarshal[Rule](response.Body) +} + +func (client *Client) UpdateStatefulRule(ctx context.Context, rule Rule) (Rule, error) { + payload, err := Marshal(rule) + if err != nil { + return Rule{}, err + } + + response, err := client.requester.Request(ctx, http.MethodPut, client.UpdateStatefulRuleURL(rule.ID), payload) + if err != nil { + return Rule{}, err + } + + defer response.Body.Close() + + if response.StatusCode != http.StatusOK { + return Rule{}, client.ErrorFromResponse(response) + } + + return Unmarshal[Rule](response.Body) +} + +func (client *Client) DeleteStatefulRule(ctx context.Context, ruleID int) error { + fmt.Println("deleting stateful rule") + response, err := client.requester.Request(ctx, http.MethodDelete, client.DeleteStatefulRuleURL(ruleID), nil) + if err != nil { + return err + } + defer response.Body.Close() + + if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK { + return client.ErrorFromResponse(response) + } + + return err +} + +func (client *Client) GetStatefulRuleGroup(ctx context.Context, ruleName string, ruleType string) ([]Rule, error) { + response, err := client.requester.Request(ctx, http.MethodGet, client.GetStatefulRuleGroupURL(ruleName, ruleType), nil) + if err != nil { + return []Rule{}, err + } + defer response.Body.Close() + + if response.StatusCode != http.StatusOK { + return []Rule{}, client.ErrorFromResponse(response) + } + + return Unmarshal[[]Rule](response.Body) +} diff --git a/sysdig/provider.go b/sysdig/provider.go index 3d86a76cf..1562c240f 100644 --- a/sysdig/provider.go +++ b/sysdig/provider.go @@ -148,6 +148,7 @@ func (p *SysdigProvider) Provider() *schema.Provider { "sysdig_secure_rule_process": resourceSysdigSecureRuleProcess(), "sysdig_secure_rule_syscall": resourceSysdigSecureRuleSyscall(), "sysdig_secure_rule_falco": resourceSysdigSecureRuleFalco(), + "sysdig_secure_rule_stateful": resourceSysdigSecureStatefulRule(), "sysdig_secure_team": resourceSysdigSecureTeam(), "sysdig_secure_list": resourceSysdigSecureList(), "sysdig_secure_macro": resourceSysdigSecureMacro(), diff --git a/sysdig/resource_sysdig_secure_policy.go b/sysdig/resource_sysdig_secure_policy.go index fa5948f31..d7ff28743 100644 --- a/sysdig/resource_sysdig_secure_policy.go +++ b/sysdig/resource_sysdig_secure_policy.go @@ -33,6 +33,7 @@ var validatePolicyType = validation.StringInSlice([]string{ "aws_machine_learning", "machine_learning", "guardduty", + "awscloudtrail_stateful", }, false) func resourceSysdigSecurePolicy() *schema.Resource { diff --git a/sysdig/resource_sysdig_secure_rule_stateful.go b/sysdig/resource_sysdig_secure_rule_stateful.go new file mode 100644 index 000000000..d83f5c985 --- /dev/null +++ b/sysdig/resource_sysdig_secure_rule_stateful.go @@ -0,0 +1,276 @@ +package sysdig + +import ( + "context" + "encoding/json" + "errors" + "strconv" + "time" + + v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/spf13/cast" +) + +var validateStatefulRuleSource = validation.StringInSlice([]string{"awscloudtrail_stateful"}, false) + +func resourceSysdigSecureStatefulRule() *schema.Resource { + timeout := 5 * time.Minute + + return &schema.Resource{ + CreateContext: resourceSysdigRuleStatefulCreate, + UpdateContext: resourceSysdigRuleStatefulUpdate, + ReadContext: resourceSysdigRuleStatefulRead, + DeleteContext: resourceSysdigRuleStatefulDelete, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(timeout), + Update: schema.DefaultTimeout(timeout), + Read: schema.DefaultTimeout(timeout), + Delete: schema.DefaultTimeout(timeout), + }, + + Schema: createRuleSchema(map[string]*schema.Schema{ + "source": { + Type: schema.TypeString, + Optional: false, + Required: true, + ValidateDiagFunc: validateDiagFunc(validateStatefulRuleSource), + }, + "ruletype": { + Type: schema.TypeString, + Optional: false, + Required: true, + ValidateDiagFunc: validateDiagFunc(validation.StringInSlice([]string{ + v2.RuleTypeStatefulSequence, + v2.StatefulCountRuleType, + v2.StatefulUniqPercentRuleType, + }, false)), + }, + "append": { + Type: schema.TypeBool, + Optional: true, + Default: true, + }, + "exceptions": { + Type: schema.TypeList, + Optional: false, + Required: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + }, + "comps": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "values": { + Type: schema.TypeString, + Required: true, + }, + "fields": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + }, + }, + }), + } +} + +func resourceSysdigRuleStatefulCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sysdigClients := meta.(SysdigClients) + client, err := getSecureRuleClient(sysdigClients) + if err != nil { + return diag.FromErr(err) + } + + rule, err := resourceSysdigRuleStatefulFromResourceData(d) + if err != nil { + return diag.FromErr(err) + } + + rule, err = client.CreateStatefulRule(ctx, rule) + if err != nil { + return diag.FromErr(err) + } + sysdigClients.AddCleanupHook(sendPoliciesToAgents) + + d.SetId(strconv.Itoa(rule.ID)) + _ = d.Set("version", rule.Version) + + return nil +} + +// Retrieves the information of a resource form the file and loads it in Terraform +func resourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client, err := getSecureRuleClient(meta.(SysdigClients)) + if err != nil { + return diag.FromErr(err) + } + + id, err := strconv.Atoi(d.Id()) + if err != nil { + return diag.FromErr(err) + } + + // for stateful rules, we'll need to get the rule group + + nameObj, ok := d.GetOk("name") + if !ok { + return diag.FromErr(errors.New("name is required")) + } + + name := nameObj.(string) + + sourceObj, ok := d.GetOk("source") + if !ok { + return diag.FromErr(errors.New("source is required")) + } + + source := sourceObj.(string) + + rules, err := client.GetStatefulRuleGroup(ctx, name, source) + if err != nil { + return diag.FromErr(err) + } + + if len(rules) == 0 { + d.SetId("") + } + + var rule v2.Rule + + for _, r := range rules { + if r.ID == id { + rule = r + break + } + } + + if rule.Details.Append != nil && !(*(rule.Details.Append)) { + if rule.Details.Condition == nil { + return diag.Errorf("no condition data for a Stateful rule") + } + } + + _ = d.Set("name", rule.Name) + _ = d.Set("source", rule.Details.Source) + + if rule.Details.Append != nil { + _ = d.Set("append", *rule.Details.Append) + } + if err := updateResourceDataExceptions(d, rule.Details.Exceptions); err != nil { + return diag.FromErr(err) + } + + return nil +} + +func resourceSysdigRuleStatefulUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sysdigClients := meta.(SysdigClients) + client, err := getSecureRuleClient(sysdigClients) + if err != nil { + return diag.FromErr(err) + } + + rule, err := resourceSysdigRuleStatefulFromResourceData(d) + if err != nil { + return diag.FromErr(err) + } + + rule.Version = d.Get("version").(int) + rule.ID, _ = strconv.Atoi(d.Id()) + + _, err = client.UpdateStatefulRule(ctx, rule) + if err != nil { + return diag.FromErr(err) + } + sysdigClients.AddCleanupHook(sendPoliciesToAgents) + + return nil +} + +func resourceSysdigRuleStatefulDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sysdigClients := meta.(SysdigClients) + client, err := getSecureRuleClient(sysdigClients) + if err != nil { + return diag.FromErr(err) + } + + id, err := strconv.Atoi(d.Id()) + if err != nil { + return diag.FromErr(err) + } + + err = client.DeleteStatefulRule(ctx, id) + if err != nil { + return diag.FromErr(err) + } + sysdigClients.AddCleanupHook(sendPoliciesToAgents) + + return nil +} + +func resourceSysdigRuleStatefulFromResourceData(d *schema.ResourceData) (v2.Rule, error) { + rule := v2.Rule{ + Name: d.Get("name").(string), + } + + ruleType := d.Get("ruletype").(string) + rule.Details.RuleType = ruleType + + appendMode, appendModeIsSet := d.GetOk("append") + if appendModeIsSet { + ptr := appendMode.(bool) + rule.Details.Append = &ptr + } + + if source, ok := d.GetOk("source"); ok && source.(string) != "" { + rule.Details.Source = source.(string) + } else if !appendModeIsSet || !(appendMode.(bool)) { + return v2.Rule{}, errors.New("source must be set when append = false") + } + + if exceptionsField, ok := d.GetOk("exceptions"); ok { + StatefulExceptions := []*v2.Exception{} + for _, exception := range exceptionsField.([]interface{}) { + exceptionMap := exception.(map[string]interface{}) + newStatefulException := &v2.Exception{ + Name: exceptionMap["name"].(string), + } + + fields := cast.ToStringSlice(exceptionMap["fields"]) + if len(fields) >= 1 { + newStatefulException.Fields = fields + } + + comps := cast.ToStringSlice(exceptionMap["comps"]) + if len(comps) >= 1 { + newStatefulException.Comps = comps + } + + values := cast.ToString(exceptionMap["values"]) + err := json.Unmarshal([]byte(values), &newStatefulException.Values) + if err != nil { + return v2.Rule{}, err + } + + StatefulExceptions = append(StatefulExceptions, newStatefulException) + } + rule.Details.Exceptions = StatefulExceptions + } + + return rule, nil +} diff --git a/sysdig/resource_sysdig_secure_rule_stateful_test.go b/sysdig/resource_sysdig_secure_rule_stateful_test.go new file mode 100644 index 000000000..7863443f8 --- /dev/null +++ b/sysdig/resource_sysdig_secure_rule_stateful_test.go @@ -0,0 +1,53 @@ +package sysdig_test + +import ( + "os" + "testing" + + "github.com/draios/terraform-provider-sysdig/sysdig" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func TestRuleGuardDutyAppends(t *testing.T) { + steps := []resource.TestStep{ + { + Config: ruleStatefulAppend(randomString()), + }, + } + runTest(steps, t) +} + +func ruleStatefulAppend(name string) string { + return ` + resource "sysdig_secure_rule_stateful" "stateful_rule_append" { + name = "API Gateway Enumeration Detected" + source = "awscloudtrail_stateful" + ruletype = "STATEFUL_SEQUENCE" + append = true + exceptions { + values = jsonencode([["abc", ["docker.io/library/busybox"]]]) + name = "tf_append_%s" + } + }` +} + +func randomString() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) } + +func runTest(steps []resource.TestStep, t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { + if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { + t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") + } + }, + ProviderFactories: map[string]func() (*schema.Provider, error){ + "sysdig": func() (*schema.Provider, error) { + return sysdig.Provider(), nil + }, + }, + Steps: steps, + }) + +} From 72686fa2b1d591f2b7f4a67222247474f90efe79 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 25 Feb 2025 10:59:16 -0800 Subject: [PATCH 02/17] fix tests --- ...source_sysdig_secure_rule_stateful_test.go | 25 +------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/sysdig/resource_sysdig_secure_rule_stateful_test.go b/sysdig/resource_sysdig_secure_rule_stateful_test.go index 7863443f8..8ad1d20be 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful_test.go +++ b/sysdig/resource_sysdig_secure_rule_stateful_test.go @@ -1,16 +1,12 @@ package sysdig_test import ( - "os" "testing" - "github.com/draios/terraform-provider-sysdig/sysdig" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) -func TestRuleGuardDutyAppends(t *testing.T) { +func TestRuleStatefulAppends(t *testing.T) { steps := []resource.TestStep{ { Config: ruleStatefulAppend(randomString()), @@ -32,22 +28,3 @@ func ruleStatefulAppend(name string) string { } }` } - -func randomString() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) } - -func runTest(steps []resource.TestStep, t *testing.T) { - resource.Test(t, resource.TestCase{ - PreCheck: func() { - if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { - t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") - } - }, - ProviderFactories: map[string]func() (*schema.Provider, error){ - "sysdig": func() (*schema.Provider, error) { - return sysdig.Provider(), nil - }, - }, - Steps: steps, - }) - -} From 67b426e2854147feed194f6c0ab26f9aa72411f9 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 25 Feb 2025 11:03:54 -0800 Subject: [PATCH 03/17] Update resource_sysdig_secure_rule_stateful_test.go --- ...source_sysdig_secure_rule_stateful_test.go | 27 +++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/sysdig/resource_sysdig_secure_rule_stateful_test.go b/sysdig/resource_sysdig_secure_rule_stateful_test.go index 8ad1d20be..a4e43081a 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful_test.go +++ b/sysdig/resource_sysdig_secure_rule_stateful_test.go @@ -1,18 +1,22 @@ package sysdig_test import ( + "os" "testing" + "github.com/draios/terraform-provider-sysdig/sysdig" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) func TestRuleStatefulAppends(t *testing.T) { steps := []resource.TestStep{ { - Config: ruleStatefulAppend(randomString()), + Config: ruleStatefulAppend(rName()), }, } - runTest(steps, t) + runStatefulTest(steps, t) } func ruleStatefulAppend(name string) string { @@ -28,3 +32,22 @@ func ruleStatefulAppend(name string) string { } }` } + +func rName() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) } + +func runStatefulTest(steps []resource.TestStep, t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { + if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { + t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") + } + }, + ProviderFactories: map[string]func() (*schema.Provider, error){ + "sysdig": func() (*schema.Provider, error) { + return sysdig.Provider(), nil + }, + }, + Steps: steps, + }) + +} From 508d0e4bb2088eeba0c3789504f3130f2aa2eacd Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 25 Feb 2025 11:27:42 -0800 Subject: [PATCH 04/17] add tests for stateful policy, skip in ibm --- ...ource_sysdig_secure_managed_policy_test.go | 22 +++++++++++++++++++ ...source_sysdig_secure_rule_stateful_test.go | 10 +++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/sysdig/data_source_sysdig_secure_managed_policy_test.go b/sysdig/data_source_sysdig_secure_managed_policy_test.go index 17a64fc2f..b1f594be1 100644 --- a/sysdig/data_source_sysdig_secure_managed_policy_test.go +++ b/sysdig/data_source_sysdig_secure_managed_policy_test.go @@ -4,6 +4,7 @@ package sysdig_test import ( "os" + "strings" "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" @@ -13,6 +14,18 @@ import ( ) func TestAccManagedPolicyDataSource(t *testing.T) { + steps := []resource.TestStep{ + { + Config: managedPolicyDataSource(), + }, + } + + if !strings.HasSuffix(os.Getenv("SYSDIG_SECURE_URL"), "ibm.com") { + steps = append(steps, resource.TestStep{ + Config: managedStatefulPolicyDataSource(), + }, + ) + } resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { @@ -40,3 +53,12 @@ data "sysdig_secure_managed_policy" "example" { } ` } + +func managedStatefulPolicyDataSource() string { + return ` +data "sysdig_secure_managed_policy" "stateful_example" { + name = "Sysdig AWS Behavioral Analytics Threat Detection" + enabled = false + type = "awscloudtrail_stateful" +` +} diff --git a/sysdig/resource_sysdig_secure_rule_stateful_test.go b/sysdig/resource_sysdig_secure_rule_stateful_test.go index a4e43081a..94dea4663 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful_test.go +++ b/sysdig/resource_sysdig_secure_rule_stateful_test.go @@ -1,7 +1,9 @@ package sysdig_test import ( + "fmt" "os" + "strings" "testing" "github.com/draios/terraform-provider-sysdig/sysdig" @@ -11,6 +13,10 @@ import ( ) func TestRuleStatefulAppends(t *testing.T) { + if strings.HasSuffix(os.Getenv("SYSDIG_SECURE_URL"), "ibm.com") { + t.Skip("Skipping stateful tests for IBM Cloud") + return + } steps := []resource.TestStep{ { Config: ruleStatefulAppend(rName()), @@ -20,7 +26,7 @@ func TestRuleStatefulAppends(t *testing.T) { } func ruleStatefulAppend(name string) string { - return ` + return fmt.Sprintf(` resource "sysdig_secure_rule_stateful" "stateful_rule_append" { name = "API Gateway Enumeration Detected" source = "awscloudtrail_stateful" @@ -30,7 +36,7 @@ func ruleStatefulAppend(name string) string { values = jsonencode([["abc", ["docker.io/library/busybox"]]]) name = "tf_append_%s" } - }` + }`, name) } func rName() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) } From 0c53e481b4ad7afe133d451c15c4de47b881adbb Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 25 Feb 2025 11:46:43 -0800 Subject: [PATCH 05/17] only run tests on secure --- sysdig/resource_sysdig_secure_rule_stateful_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sysdig/resource_sysdig_secure_rule_stateful_test.go b/sysdig/resource_sysdig_secure_rule_stateful_test.go index 94dea4663..190df26f4 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful_test.go +++ b/sysdig/resource_sysdig_secure_rule_stateful_test.go @@ -1,3 +1,5 @@ +//go:build tf_acc_sysdig_secure || tf_acc_policies || tf_acc_onprem_secure + package sysdig_test import ( From 76b43c4301bfa8ef728aad4b731f24a6761a357b Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 25 Feb 2025 12:37:13 -0800 Subject: [PATCH 06/17] use existing exception name --- .../resource_sysdig_secure_rule_stateful_test.go | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/sysdig/resource_sysdig_secure_rule_stateful_test.go b/sysdig/resource_sysdig_secure_rule_stateful_test.go index 190df26f4..bc38b9bb0 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful_test.go +++ b/sysdig/resource_sysdig_secure_rule_stateful_test.go @@ -3,13 +3,11 @@ package sysdig_test import ( - "fmt" "os" "strings" "testing" "github.com/draios/terraform-provider-sysdig/sysdig" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -21,14 +19,14 @@ func TestRuleStatefulAppends(t *testing.T) { } steps := []resource.TestStep{ { - Config: ruleStatefulAppend(rName()), + Config: ruleStatefulAppend(), }, } runStatefulTest(steps, t) } -func ruleStatefulAppend(name string) string { - return fmt.Sprintf(` +func ruleStatefulAppend() string { + return ` resource "sysdig_secure_rule_stateful" "stateful_rule_append" { name = "API Gateway Enumeration Detected" source = "awscloudtrail_stateful" @@ -36,13 +34,11 @@ func ruleStatefulAppend(name string) string { append = true exceptions { values = jsonencode([["abc", ["docker.io/library/busybox"]]]) - name = "tf_append_%s" + name = "user_accountid" } - }`, name) + }` } -func rName() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) } - func runStatefulTest(steps []resource.TestStep, t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { From 16c95891ec1f796af5d47184f5502ce8b5c0357a Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 25 Feb 2025 14:01:50 -0800 Subject: [PATCH 07/17] add docs --- .../resource_sysdig_secure_rule_stateful.go | 12 ----- website/docs/d/secure_rule_stateful.md | 47 +++++++++++++++++++ 2 files changed, 47 insertions(+), 12 deletions(-) create mode 100644 website/docs/d/secure_rule_stateful.md diff --git a/sysdig/resource_sysdig_secure_rule_stateful.go b/sysdig/resource_sysdig_secure_rule_stateful.go index d83f5c985..c7cbe148b 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful.go +++ b/sysdig/resource_sysdig_secure_rule_stateful.go @@ -68,20 +68,10 @@ func resourceSysdigSecureStatefulRule() *schema.Resource { Type: schema.TypeString, Required: true, }, - "comps": { - Type: schema.TypeList, - Optional: true, - Elem: &schema.Schema{Type: schema.TypeString}, - }, "values": { Type: schema.TypeString, Required: true, }, - "fields": { - Type: schema.TypeList, - Optional: true, - Elem: &schema.Schema{Type: schema.TypeString}, - }, }, }, }, @@ -125,8 +115,6 @@ func resourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceData, return diag.FromErr(err) } - // for stateful rules, we'll need to get the rule group - nameObj, ok := d.GetOk("name") if !ok { return diag.FromErr(errors.New("name is required")) diff --git a/website/docs/d/secure_rule_stateful.md b/website/docs/d/secure_rule_stateful.md new file mode 100644 index 000000000..bb74ed85e --- /dev/null +++ b/website/docs/d/secure_rule_stateful.md @@ -0,0 +1,47 @@ +--- +subcategory: "Sysdig Secure" +layout: "sysdig" +page_title: "Sysdig: sysdig_secure_rule_stateful" +description: |- + Retrieves a Sysdig Secure Stateful Rule. +--- + +# Data Source: sysdig_secure_rule_stateful + +Retrieves the information of an existing Sysdig Secure Stateful Rule. + +-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository. + +## Example Usage + +```terraform +data "sysdig_secure_rule_stateful" "example" { + name = "Access Key Enumeration Detected" + source = "awscloudtrail_stateful" + ruletype = "STATEFUL_SEQUENCE" +} +``` + +## Argument Reference + +* `name` - (Required) The name of the Secure rule to retrieve. +* `source` - (Required) The source of the Secure rule to retrieve. +* `ruletype` - (Required) The type of the Secure rule to retrieve. + +## Attributes Reference + +In addition to the argument above, the following attributes are exported: + +* `exceptions` - The exceptions key is a list of identifier plus list of tuples of filtercheck fields. See below for details. +* `append` - This indicates that the rule being created appends the condition to an existing Sysdig-provided rule + +### Exceptions + +Stateful rules support an optional exceptions property to rules. The exceptions key is a list of identifier plus list of tuples of filtercheck fields. + +Supported fields for exceptions: + +* `name` - The name of the existing exception definition. +* `values` - Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field + and comparison operator. + From 55e9b2a80e3b1008ab7d912104353ed94a0ff7ae Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 25 Feb 2025 14:30:27 -0800 Subject: [PATCH 08/17] only allow name/values in exceptions --- .../resource_sysdig_secure_rule_stateful.go | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/sysdig/resource_sysdig_secure_rule_stateful.go b/sysdig/resource_sysdig_secure_rule_stateful.go index c7cbe148b..d778cb0a4 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful.go +++ b/sysdig/resource_sysdig_secure_rule_stateful.go @@ -159,7 +159,24 @@ func resourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceData, if rule.Details.Append != nil { _ = d.Set("append", *rule.Details.Append) } - if err := updateResourceDataExceptions(d, rule.Details.Exceptions); err != nil { + + exceptions := make([]any, 0, len(rule.Details.Exceptions)) + for _, exception := range rule.Details.Exceptions { + if exception == nil { + return diag.Errorf("exception is nil") + } + valuesData, err := json.Marshal(exception.Values) + if err != nil { + return diag.Errorf("error marshalling exception values '%+v': %s", exception.Values, err) + } + + exceptions = append(exceptions, map[string]any{ + "name": exception.Name, + "values": string(valuesData), + }) + } + + if err := d.Set("exceptions", exceptions); err != nil { return diag.FromErr(err) } From ac956023d02c811968870d0549e20afed88c7abc Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 27 Feb 2025 09:39:37 -0800 Subject: [PATCH 09/17] address review comments part 1 --- sysdig/internal/client/v2/model.go | 4 +- sysdig/internal/client/v2/rules.go | 1 - .../resource_sysdig_secure_rule_stateful.go | 39 +++++++++---------- 3 files changed, 20 insertions(+), 24 deletions(-) diff --git a/sysdig/internal/client/v2/model.go b/sysdig/internal/client/v2/model.go index c9b93c056..a7b6183c3 100644 --- a/sysdig/internal/client/v2/model.go +++ b/sysdig/internal/client/v2/model.go @@ -527,8 +527,8 @@ const ( RuleTypeProcess = "PROCESS" RuleTypeSyscall = "SYSCALL" RuleTypeStatefulSequence = "STATEFUL_SEQUENCE" - StatefulUniqPercentRuleType = "STATEFUL_UNIQ_PERCENT" - StatefulCountRuleType = "STATEFUL_COUNT" + RuleTypeStatefulUniqPercent = "STATEFUL_UNIQ_PERCENT" + RuleTypeStatefulCount = "STATEFUL_COUNT" ) type Details struct { diff --git a/sysdig/internal/client/v2/rules.go b/sysdig/internal/client/v2/rules.go index 5194c4b37..b14070de5 100644 --- a/sysdig/internal/client/v2/rules.go +++ b/sysdig/internal/client/v2/rules.go @@ -189,7 +189,6 @@ func (client *Client) UpdateStatefulRule(ctx context.Context, rule Rule) (Rule, } func (client *Client) DeleteStatefulRule(ctx context.Context, ruleID int) error { - fmt.Println("deleting stateful rule") response, err := client.requester.Request(ctx, http.MethodDelete, client.DeleteStatefulRuleURL(ruleID), nil) if err != nil { return err diff --git a/sysdig/resource_sysdig_secure_rule_stateful.go b/sysdig/resource_sysdig_secure_rule_stateful.go index d778cb0a4..c72f611c6 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful.go +++ b/sysdig/resource_sysdig_secure_rule_stateful.go @@ -17,8 +17,14 @@ import ( var validateStatefulRuleSource = validation.StringInSlice([]string{"awscloudtrail_stateful"}, false) +var validateStatefulRuleType = validation.StringInSlice([]string{ + v2.RuleTypeStatefulSequence, + v2.RuleTypeStatefulCount, + v2.RuleTypeStatefulUniqPercent, +}, false) + func resourceSysdigSecureStatefulRule() *schema.Resource { - timeout := 5 * time.Minute + timeout := 1 * time.Minute return &schema.Resource{ CreateContext: resourceSysdigRuleStatefulCreate, @@ -36,7 +42,12 @@ func resourceSysdigSecureStatefulRule() *schema.Resource { Delete: schema.DefaultTimeout(timeout), }, - Schema: createRuleSchema(map[string]*schema.Schema{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, "source": { Type: schema.TypeString, Optional: false, @@ -44,14 +55,10 @@ func resourceSysdigSecureStatefulRule() *schema.Resource { ValidateDiagFunc: validateDiagFunc(validateStatefulRuleSource), }, "ruletype": { - Type: schema.TypeString, - Optional: false, - Required: true, - ValidateDiagFunc: validateDiagFunc(validation.StringInSlice([]string{ - v2.RuleTypeStatefulSequence, - v2.StatefulCountRuleType, - v2.StatefulUniqPercentRuleType, - }, false)), + Type: schema.TypeString, + Optional: false, + Required: true, + ValidateDiagFunc: validateDiagFunc(validateStatefulRuleType), }, "append": { Type: schema.TypeBool, @@ -75,7 +82,7 @@ func resourceSysdigSecureStatefulRule() *schema.Resource { }, }, }, - }), + }, } } @@ -95,8 +102,6 @@ func resourceSysdigRuleStatefulCreate(ctx context.Context, d *schema.ResourceDat if err != nil { return diag.FromErr(err) } - sysdigClients.AddCleanupHook(sendPoliciesToAgents) - d.SetId(strconv.Itoa(rule.ID)) _ = d.Set("version", rule.Version) @@ -147,12 +152,6 @@ func resourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceData, } } - if rule.Details.Append != nil && !(*(rule.Details.Append)) { - if rule.Details.Condition == nil { - return diag.Errorf("no condition data for a Stateful rule") - } - } - _ = d.Set("name", rule.Name) _ = d.Set("source", rule.Details.Source) @@ -202,7 +201,6 @@ func resourceSysdigRuleStatefulUpdate(ctx context.Context, d *schema.ResourceDat if err != nil { return diag.FromErr(err) } - sysdigClients.AddCleanupHook(sendPoliciesToAgents) return nil } @@ -223,7 +221,6 @@ func resourceSysdigRuleStatefulDelete(ctx context.Context, d *schema.ResourceDat if err != nil { return diag.FromErr(err) } - sysdigClients.AddCleanupHook(sendPoliciesToAgents) return nil } From be40879658a12dc025c063f14b8b56c5ee5535a3 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 27 Feb 2025 10:37:10 -0800 Subject: [PATCH 10/17] address review comments part 2 --- sysdig/resource_sysdig_secure_rule_stateful.go | 10 ++++++---- sysdig/resource_sysdig_secure_rule_stateful_test.go | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/sysdig/resource_sysdig_secure_rule_stateful.go b/sysdig/resource_sysdig_secure_rule_stateful.go index c72f611c6..e781c3020 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful.go +++ b/sysdig/resource_sysdig_secure_rule_stateful.go @@ -50,13 +50,11 @@ func resourceSysdigSecureStatefulRule() *schema.Resource { }, "source": { Type: schema.TypeString, - Optional: false, Required: true, ValidateDiagFunc: validateDiagFunc(validateStatefulRuleSource), }, "ruletype": { Type: schema.TypeString, - Optional: false, Required: true, ValidateDiagFunc: validateDiagFunc(validateStatefulRuleType), }, @@ -67,7 +65,6 @@ func resourceSysdigSecureStatefulRule() *schema.Resource { }, "exceptions": { Type: schema.TypeList, - Optional: false, Required: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -195,7 +192,12 @@ func resourceSysdigRuleStatefulUpdate(ctx context.Context, d *schema.ResourceDat } rule.Version = d.Get("version").(int) - rule.ID, _ = strconv.Atoi(d.Id()) + id, err := strconv.Atoi(d.Id()) + if err != nil { + return diag.FromErr(err) + } + + rule.ID = id _, err = client.UpdateStatefulRule(ctx, rule) if err != nil { diff --git a/sysdig/resource_sysdig_secure_rule_stateful_test.go b/sysdig/resource_sysdig_secure_rule_stateful_test.go index bc38b9bb0..745e914d4 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful_test.go +++ b/sysdig/resource_sysdig_secure_rule_stateful_test.go @@ -33,7 +33,7 @@ func ruleStatefulAppend() string { ruletype = "STATEFUL_SEQUENCE" append = true exceptions { - values = jsonencode([["abc", ["docker.io/library/busybox"]]]) + values = jsonencode([["12345", ["docker.io/library/busybox"]]]) name = "user_accountid" } }` From 3e45595a4dfcaf1b196e08bcfed9c95472f9e3a6 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 27 Feb 2025 10:59:39 -0800 Subject: [PATCH 11/17] address review comments part 3 --- sysdig/resource_sysdig_secure_rule_stateful.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sysdig/resource_sysdig_secure_rule_stateful.go b/sysdig/resource_sysdig_secure_rule_stateful.go index e781c3020..004cd601d 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful.go +++ b/sysdig/resource_sysdig_secure_rule_stateful.go @@ -191,7 +191,11 @@ func resourceSysdigRuleStatefulUpdate(ctx context.Context, d *schema.ResourceDat return diag.FromErr(err) } - rule.Version = d.Get("version").(int) + version, ok := d.Get("version").(int) + if !ok { + return diag.FromErr(errors.New("version is required")) + } + rule.Version = version id, err := strconv.Atoi(d.Id()) if err != nil { return diag.FromErr(err) From ae4ebd8734324e547d57c6ede9d868e4e6924978 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 27 Feb 2025 13:14:52 -0800 Subject: [PATCH 12/17] add version to resource --- sysdig/resource_sysdig_secure_rule_stateful.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sysdig/resource_sysdig_secure_rule_stateful.go b/sysdig/resource_sysdig_secure_rule_stateful.go index 004cd601d..522fd363a 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful.go +++ b/sysdig/resource_sysdig_secure_rule_stateful.go @@ -48,6 +48,10 @@ func resourceSysdigSecureStatefulRule() *schema.Resource { Required: true, ForceNew: true, }, + "version": { + Type: schema.TypeInt, + Computed: true, + }, "source": { Type: schema.TypeString, Required: true, From 7d83228987ce25dfff16bc9adc277f6506b3fca2 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 27 Feb 2025 13:21:08 -0800 Subject: [PATCH 13/17] add docs --- website/docs/r/secure_rule_stateful.md | 53 ++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 website/docs/r/secure_rule_stateful.md diff --git a/website/docs/r/secure_rule_stateful.md b/website/docs/r/secure_rule_stateful.md new file mode 100644 index 000000000..8373afe2d --- /dev/null +++ b/website/docs/r/secure_rule_stateful.md @@ -0,0 +1,53 @@ +--- +subcategory: "Sysdig Secure" +layout: "sysdig" +page_title: "Sysdig: sysdig_secure_rule_stateful" +description: |- + Creates a Sysdig Secure Stateful Rule Append. +--- + +# Resource: sysdig_secure_rule_stateful + +Creates a Sysdig Secure Stateful Rule Append. + +-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository. + +## Example Usage + +```terraform +resource "sysdig_secure_rule_stateful" "stateful_rule" { + name = "API Gateway Enumeration Detected" + source = "awscloudtrail_stateful" + ruletype = "STATEFUL_SEQUENCE" + exceptions { + values = jsonencode([["user_abc", ["12345"]]]) + name = "user_accountid" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The name of the Stateful rule that the exception is being appended to. +* `source` - (Required) The source of the event. We currently support the "awscloudtrail_stateful" source. +* `exceptions` - (Required) The exceptions key is a list of identifier plus list of tuples of filtercheck fields. See below for details. +* `append` - (Optional) This indicates that the rule being created appends the condition to an existing Sysdig-provided. For stateful rules, the default value is true. +* `ruletype` - (Required) The type of Stateful rule being appended to. We currently support "STATEFUL_SEQUENCE", "STATEFUL_COUNT", and "STATEFUL_UNIQ_PERCENT". + +### Exceptions +Supported fields for exceptions: + +* `name` - (Required) The name of the exception. +* `values` - (Required) Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field + and comparison operator. Since the value can be a string, a list of strings or a list of a list of strings, the value + of this field must be supplied in JSON format. You can use the default `jsonencode` function to provide this value. + See the usage example on the top. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `version` - Current version of the resource in Sysdig Secure. + From 3cc9ef4714caa53517773d7ca5c5209cabfbab64 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 27 Feb 2025 14:35:55 -0800 Subject: [PATCH 14/17] address lint errors --- sysdig/data_source_sysdig_secure_managed_policy_test.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/sysdig/data_source_sysdig_secure_managed_policy_test.go b/sysdig/data_source_sysdig_secure_managed_policy_test.go index b1f594be1..8debe4acf 100644 --- a/sysdig/data_source_sysdig_secure_managed_policy_test.go +++ b/sysdig/data_source_sysdig_secure_managed_policy_test.go @@ -37,11 +37,7 @@ func TestAccManagedPolicyDataSource(t *testing.T) { return sysdig.Provider(), nil }, }, - Steps: []resource.TestStep{ - { - Config: managedPolicyDataSource(), - }, - }, + Steps: steps, }) } From 5141fdd9814b2582f682a6ba57872e9738b2d36e Mon Sep 17 00:00:00 2001 From: ombellare Date: Thu, 27 Feb 2025 17:25:57 -0800 Subject: [PATCH 15/17] Small fix to test --- sysdig/resource_sysdig_secure_rule_stateful_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysdig/resource_sysdig_secure_rule_stateful_test.go b/sysdig/resource_sysdig_secure_rule_stateful_test.go index 745e914d4..c8ba776a5 100644 --- a/sysdig/resource_sysdig_secure_rule_stateful_test.go +++ b/sysdig/resource_sysdig_secure_rule_stateful_test.go @@ -33,7 +33,7 @@ func ruleStatefulAppend() string { ruletype = "STATEFUL_SEQUENCE" append = true exceptions { - values = jsonencode([["12345", ["docker.io/library/busybox"]]]) + values = jsonencode([["user_abc", ["12345"]]]) name = "user_accountid" } }` From c31773e2eecc71d1e2531d97bc842b0290a21cb6 Mon Sep 17 00:00:00 2001 From: ombellare Date: Thu, 27 Feb 2025 18:57:03 -0800 Subject: [PATCH 16/17] Fix test failure --- sysdig/data_source_sysdig_secure_managed_policy_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/sysdig/data_source_sysdig_secure_managed_policy_test.go b/sysdig/data_source_sysdig_secure_managed_policy_test.go index 8debe4acf..d5baf9864 100644 --- a/sysdig/data_source_sysdig_secure_managed_policy_test.go +++ b/sysdig/data_source_sysdig_secure_managed_policy_test.go @@ -56,5 +56,6 @@ data "sysdig_secure_managed_policy" "stateful_example" { name = "Sysdig AWS Behavioral Analytics Threat Detection" enabled = false type = "awscloudtrail_stateful" +} ` } From 1439f4cefbc251fab62481a1c623b0ddddcb81bc Mon Sep 17 00:00:00 2001 From: ombellare Date: Thu, 27 Feb 2025 19:41:29 -0800 Subject: [PATCH 17/17] Remove computed enabled flag for managed policy data source --- sysdig/data_source_sysdig_secure_managed_policy_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/sysdig/data_source_sysdig_secure_managed_policy_test.go b/sysdig/data_source_sysdig_secure_managed_policy_test.go index d5baf9864..e5a85caa2 100644 --- a/sysdig/data_source_sysdig_secure_managed_policy_test.go +++ b/sysdig/data_source_sysdig_secure_managed_policy_test.go @@ -54,7 +54,6 @@ func managedStatefulPolicyDataSource() string { return ` data "sysdig_secure_managed_policy" "stateful_example" { name = "Sysdig AWS Behavioral Analytics Threat Detection" - enabled = false type = "awscloudtrail_stateful" } `