From 9fa368cfd6ee096c2f3fb6e6ce501d9e2b6d8162 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 13 Mar 2025 11:14:17 -0700 Subject: [PATCH 01/15] trivial change --- website/docs/d/secure_rule_stateful.md | 1 - 1 file changed, 1 deletion(-) diff --git a/website/docs/d/secure_rule_stateful.md b/website/docs/d/secure_rule_stateful.md index bb74ed85e..aa51ba1b0 100644 --- a/website/docs/d/secure_rule_stateful.md +++ b/website/docs/d/secure_rule_stateful.md @@ -44,4 +44,3 @@ Supported fields for exceptions: * `name` - The name of the existing exception definition. * `values` - Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field and comparison operator. - From 1e020fecd654b9c086ac2db41f531fb92e658ca3 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 13 Mar 2025 11:55:07 -0700 Subject: [PATCH 02/15] Update ci-provider-docs.yaml --- .github/workflows/ci-provider-docs.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci-provider-docs.yaml b/.github/workflows/ci-provider-docs.yaml index 3207cc12f..f495061d3 100644 --- a/.github/workflows/ci-provider-docs.yaml +++ b/.github/workflows/ci-provider-docs.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: actions/cache@v2 + - uses: actions/cache@v4 continue-on-error: true id: cache-terraform-plugin-dir timeout-minutes: 2 @@ -34,12 +34,12 @@ jobs: run: | echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV - if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' - uses: actions/cache@v2 + uses: actions/cache@v4 with: path: ${{ env.GOCACHE }} key: ${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('sysdig/**') }} - if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' - uses: actions/cache@v2 + uses: actions/cache@v4 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: actions/cache@v2 + - uses: actions/cache@v4 continue-on-error: true id: cache-terraform-providers-schema timeout-minutes: 2 @@ -61,7 +61,7 @@ jobs: path: terraform-providers-schema key: ${{ runner.os }}-terraform-providers-schema-${{ hashFiles('go.sum') }}-${{ hashFiles('sysdig/**') }} - if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure' - uses: actions/cache@v2 + uses: actions/cache@v4 timeout-minutes: 2 with: path: terraform-plugin-dir @@ -97,14 +97,14 @@ jobs: go-version: ${{ env.GO_VERSION }} check-latest: true cache: true - - uses: actions/cache@v2 + - uses: actions/cache@v4 continue-on-error: true timeout-minutes: 2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - run: cd /tmp && go install github.com/bflad/tfproviderdocs@latest - - uses: actions/cache@v2 + - uses: actions/cache@v4 timeout-minutes: 2 with: path: terraform-providers-schema From 2f81a1491892665973650178f9eae48025e0cbcf Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 13 Mar 2025 16:56:57 -0700 Subject: [PATCH 03/15] add stateful data source --- ...data_source_sysdig_secure_rule_stateful.go | 134 ++++++++++++++++++ ...source_sysdig_secure_rule_stateful_test.go | 52 +++++++ sysdig/provider.go | 1 + 3 files changed, 187 insertions(+) create mode 100644 sysdig/data_source_sysdig_secure_rule_stateful.go create mode 100644 sysdig/data_source_sysdig_secure_rule_stateful_test.go diff --git a/sysdig/data_source_sysdig_secure_rule_stateful.go b/sysdig/data_source_sysdig_secure_rule_stateful.go new file mode 100644 index 000000000..142430f83 --- /dev/null +++ b/sysdig/data_source_sysdig_secure_rule_stateful.go @@ -0,0 +1,134 @@ +package sysdig + +import ( + "context" + "encoding/json" + "errors" + "strconv" + "time" + + v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceSysdigSecureRuleStateful() *schema.Resource { + timeout := 1 * time.Minute + + return &schema.Resource{ + ReadContext: dataSourceSysdigRuleStatefulRead, + + Timeouts: &schema.ResourceTimeout{ + Read: schema.DefaultTimeout(timeout), + }, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "version": { + Type: schema.TypeInt, + Computed: true, + }, + "source": { + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: validateDiagFunc(validateStatefulRuleSource), + }, + "ruletype": { + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: validateDiagFunc(validateStatefulRuleType), + }, + "append": { + Type: schema.TypeBool, + Optional: true, + Default: true, + }, + "exceptions": { + Type: schema.TypeList, + Required: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + }, + "values": { + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + }, + } +} + +func dataSourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client, err := getSecureRuleClient(meta.(SysdigClients)) + if err != nil { + return diag.FromErr(err) + } + + id, err := strconv.Atoi(d.Id()) + if err != nil { + return diag.FromErr(err) + } + + nameObj, ok := d.GetOk("name") + if !ok { + return diag.FromErr(errors.New("name is required")) + } + + name := nameObj.(string) + + sourceObj, ok := d.GetOk("source") + if !ok { + return diag.FromErr(errors.New("source is required")) + } + + source := sourceObj.(string) + + rules, err := client.GetStatefulRuleGroup(ctx, name, source) + if err != nil { + return diag.FromErr(err) + } + + if len(rules) == 0 { + d.SetId("") + } + + var rule v2.Rule + + for _, r := range rules { + if r.ID == id { + rule = r + break + } + } + + exceptions := make([]any, 0, len(rule.Details.Exceptions)) + for _, exception := range rule.Details.Exceptions { + if exception == nil { + return diag.Errorf("exception is nil") + } + valuesData, err := json.Marshal(exception.Values) + if err != nil { + return diag.Errorf("error marshalling exception values '%+v': %s", exception.Values, err) + } + + exceptions = append(exceptions, map[string]any{ + "name": exception.Name, + "values": string(valuesData), + }) + } + + if err := d.Set("exceptions", exceptions); err != nil { + return diag.FromErr(err) + } + + return nil +} diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_test.go new file mode 100644 index 000000000..101ef5d70 --- /dev/null +++ b/sysdig/data_source_sysdig_secure_rule_stateful_test.go @@ -0,0 +1,52 @@ +//go:build tf_acc_sysdig || tf_acc_sysdig_secure || tf_acc_policies || tf_acc_onprem_secure + +package sysdig_test + +import ( + "fmt" + "os" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/draios/terraform-provider-sysdig/sysdig" +) + +func TestAccRuleStatefulDataSource(t *testing.T) { + + if strings.HasSuffix(os.Getenv("SYSDIG_SECURE_URL"), "ibm.com") { + t.Skip("Skipping stateful tests for IBM Cloud") + return + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { + t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") + } + }, + ProviderFactories: map[string]func() (*schema.Provider, error){ + "sysdig": func() (*schema.Provider, error) { + return sysdig.Provider(), nil + }, + }, + Steps: []resource.TestStep{ + { + Config: ruleStatefulDataSource(), + }, + }, + }) +} + +func ruleStatefulDataSource() string { + return fmt.Sprintf(` +%s + +data "sysdig_secure_rule_stateful" "data_stateful_rule_append" { + name = "API Gateway Enumeration Detected" + depends_on = [ sysdig_secure_rule_stateful.stateful_rule_append ] +} +`, ruleStatefulAppend()) +} diff --git a/sysdig/provider.go b/sysdig/provider.go index 1562c240f..c2dfa7a20 100644 --- a/sysdig/provider.go +++ b/sysdig/provider.go @@ -234,6 +234,7 @@ func (p *SysdigProvider) Provider() *schema.Provider { "sysdig_secure_rule_syscall": dataSourceSysdigSecureRuleSyscall(), "sysdig_secure_posture_policies": dataSourceSysdigSecurePosturePolicies(), "sysdig_secure_custom_role_permissions": dataSourceSysdigSecureCustomRolePermissions(), + "sysdig_secure_rule_stateful": dataSourceSysdigSecureRuleStateful(), "sysdig_current_user": dataSourceSysdigCurrentUser(), "sysdig_user": dataSourceSysdigUser(), From 6fd2ef350b7a791e3f79e39e4d19fe80aa702cec Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 13 Mar 2025 17:41:38 -0700 Subject: [PATCH 04/15] Update data_source_sysdig_secure_rule_stateful_test.go --- sysdig/data_source_sysdig_secure_rule_stateful_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_test.go index 101ef5d70..4fd220efb 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful_test.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful_test.go @@ -46,6 +46,12 @@ func ruleStatefulDataSource() string { data "sysdig_secure_rule_stateful" "data_stateful_rule_append" { name = "API Gateway Enumeration Detected" + source = "awscloudtrail_stateful" + ruletype = "STATEFUL_SEQUENCE" + exceptions { + values = jsonencode([["user_abc", ["12345"]]]) + name = "user_accountid" + } depends_on = [ sysdig_secure_rule_stateful.stateful_rule_append ] } `, ruleStatefulAppend()) From 29b0166687e5e5a2d5b25c652f882cae5bfca148 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 13 Mar 2025 21:02:39 -0700 Subject: [PATCH 05/15] fix test --- sysdig/data_source_sysdig_secure_rule_stateful.go | 13 ++++++++----- .../data_source_sysdig_secure_rule_stateful_test.go | 6 ------ 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful.go b/sysdig/data_source_sysdig_secure_rule_stateful.go index 142430f83..19795fb48 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful.go @@ -28,28 +28,31 @@ func dataSourceSysdigSecureRuleStateful() *schema.Resource { Required: true, ForceNew: true, }, + "id": { + Type: schema.TypeInt, + Computed: true, + }, "version": { Type: schema.TypeInt, Computed: true, }, "source": { Type: schema.TypeString, - Required: true, + Computed: true, ValidateDiagFunc: validateDiagFunc(validateStatefulRuleSource), }, "ruletype": { Type: schema.TypeString, - Required: true, + Computed: true, ValidateDiagFunc: validateDiagFunc(validateStatefulRuleType), }, "append": { Type: schema.TypeBool, - Optional: true, - Default: true, + Computed: true, }, "exceptions": { Type: schema.TypeList, - Required: true, + Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "name": { diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_test.go index 4fd220efb..101ef5d70 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful_test.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful_test.go @@ -46,12 +46,6 @@ func ruleStatefulDataSource() string { data "sysdig_secure_rule_stateful" "data_stateful_rule_append" { name = "API Gateway Enumeration Detected" - source = "awscloudtrail_stateful" - ruletype = "STATEFUL_SEQUENCE" - exceptions { - values = jsonencode([["user_abc", ["12345"]]]) - name = "user_accountid" - } depends_on = [ sysdig_secure_rule_stateful.stateful_rule_append ] } `, ruleStatefulAppend()) From 9e6d6bf635309fbf133d8ee244b17841500448ad Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 13 Mar 2025 21:20:08 -0700 Subject: [PATCH 06/15] Update data_source_sysdig_secure_rule_stateful.go --- sysdig/data_source_sysdig_secure_rule_stateful.go | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful.go b/sysdig/data_source_sysdig_secure_rule_stateful.go index 19795fb48..d6f09d97c 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful.go @@ -37,14 +37,12 @@ func dataSourceSysdigSecureRuleStateful() *schema.Resource { Computed: true, }, "source": { - Type: schema.TypeString, - Computed: true, - ValidateDiagFunc: validateDiagFunc(validateStatefulRuleSource), + Type: schema.TypeString, + Computed: true, }, "ruletype": { - Type: schema.TypeString, - Computed: true, - ValidateDiagFunc: validateDiagFunc(validateStatefulRuleType), + Type: schema.TypeString, + Computed: true, }, "append": { Type: schema.TypeBool, From d9332ce7dbf4fe6ffbe0020c2579513754f77ce2 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Fri, 14 Mar 2025 13:41:53 -0700 Subject: [PATCH 07/15] Update data_source_sysdig_secure_rule_stateful_test.go --- sysdig/data_source_sysdig_secure_rule_stateful_test.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_test.go index 101ef5d70..b0003e9bd 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful_test.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful_test.go @@ -33,6 +33,9 @@ func TestAccRuleStatefulDataSource(t *testing.T) { }, }, Steps: []resource.TestStep{ + { + Config: ruleStatefulAppend(), + }, { Config: ruleStatefulDataSource(), }, @@ -41,12 +44,11 @@ func TestAccRuleStatefulDataSource(t *testing.T) { } func ruleStatefulDataSource() string { - return fmt.Sprintf(` -%s + return fmt.Sprint(` data "sysdig_secure_rule_stateful" "data_stateful_rule_append" { name = "API Gateway Enumeration Detected" depends_on = [ sysdig_secure_rule_stateful.stateful_rule_append ] } -`, ruleStatefulAppend()) +`) } From 6102da5ca5f8135105e0a9088a59f59dd8bad79d Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Fri, 14 Mar 2025 14:50:21 -0700 Subject: [PATCH 08/15] add support for stateful rule count --- ...data_source_sysdig_secure_rule_stateful.go | 27 ++++----- ...ource_sysdig_secure_rule_stateful_count.go | 58 +++++++++++++++++++ ..._sysdig_secure_rule_stateful_count_test.go | 55 ++++++++++++++++++ ...source_sysdig_secure_rule_stateful_test.go | 8 +-- sysdig/provider.go | 1 + website/docs/d/secure_rule_stateful_count.md | 33 +++++++++++ 6 files changed, 160 insertions(+), 22 deletions(-) create mode 100644 sysdig/data_source_sysdig_secure_rule_stateful_count.go create mode 100644 sysdig/data_source_sysdig_secure_rule_stateful_count_test.go create mode 100644 website/docs/d/secure_rule_stateful_count.md diff --git a/sysdig/data_source_sysdig_secure_rule_stateful.go b/sysdig/data_source_sysdig_secure_rule_stateful.go index d6f09d97c..07dea9989 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful.go @@ -4,10 +4,8 @@ import ( "context" "encoding/json" "errors" - "strconv" "time" - v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -37,8 +35,9 @@ func dataSourceSysdigSecureRuleStateful() *schema.Resource { Computed: true, }, "source": { - Type: schema.TypeString, - Computed: true, + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: validateDiagFunc(validateStatefulRuleSource), }, "ruletype": { Type: schema.TypeString, @@ -74,11 +73,6 @@ func dataSourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceDat return diag.FromErr(err) } - id, err := strconv.Atoi(d.Id()) - if err != nil { - return diag.FromErr(err) - } - nameObj, ok := d.GetOk("name") if !ok { return diag.FromErr(errors.New("name is required")) @@ -98,17 +92,16 @@ func dataSourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceDat return diag.FromErr(err) } - if len(rules) == 0 { - d.SetId("") + ruleIndexObj, ok := d.GetOk("index") + ruleIndex := 0 + if ok { + ruleIndex = ruleIndexObj.(int) } - var rule v2.Rule + rule := rules[ruleIndex] - for _, r := range rules { - if r.ID == id { - rule = r - break - } + if len(rules) == 0 { + d.SetId("") } exceptions := make([]any, 0, len(rule.Details.Exceptions)) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_count.go b/sysdig/data_source_sysdig_secure_rule_stateful_count.go new file mode 100644 index 000000000..4c2c70543 --- /dev/null +++ b/sysdig/data_source_sysdig_secure_rule_stateful_count.go @@ -0,0 +1,58 @@ +package sysdig + +import ( + "context" + "fmt" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceSysdigSecureRuleStatefulCount() *schema.Resource { + timeout := 1 * time.Minute + + return &schema.Resource{ + ReadContext: dataSourceSysdigRuleStatefulCountRead, + + Timeouts: &schema.ResourceTimeout{ + Read: schema.DefaultTimeout(timeout), + }, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + }, + "source": { + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: validateDiagFunc(validateStatefulRuleSource), + }, + "rule_count": { + Type: schema.TypeInt, + Computed: true, + }, + }, + } +} + +func dataSourceSysdigRuleStatefulCountRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client, err := getSecureRuleClient(meta.(SysdigClients)) + if err != nil { + return diag.FromErr(err) + } + + ruleName := d.Get("name").(string) + ruleType := d.Get("source").(string) + rules, err := client.GetStatefulRuleGroup(ctx, ruleName, ruleType) + if err != nil { + return diag.FromErr(err) + } + + d.SetId(fmt.Sprintf("count_%s", ruleName)) + _ = d.Set("name", ruleName) + _ = d.Set("rule_count", len(rules)) + + return nil +} diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go new file mode 100644 index 000000000..8785339a6 --- /dev/null +++ b/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go @@ -0,0 +1,55 @@ +//go:build tf_acc_sysdig || tf_acc_sysdig_secure || tf_acc_policies || tf_acc_onprem_secure + +package sysdig_test + +import ( + "fmt" + "os" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/draios/terraform-provider-sysdig/sysdig" +) + +func TestAccRuleStatefulCountDataSource(t *testing.T) { + + if strings.HasSuffix(os.Getenv("SYSDIG_SECURE_URL"), "ibm.com") { + t.Skip("Skipping stateful tests for IBM Cloud") + return + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { + t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") + } + }, + ProviderFactories: map[string]func() (*schema.Provider, error){ + "sysdig": func() (*schema.Provider, error) { + return sysdig.Provider(), nil + }, + }, + Steps: []resource.TestStep{ + { + Config: ruleStatefulCountDataSource(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.sysdig_secure_rule_stateful_count.data_stateful_rule_append", "rule_count", "1"), + ), + }, + }, + }) +} + +func ruleStatefulCountDataSource() string { + return fmt.Sprintf(` +%s + +data "sysdig_secure_rule_stateful" "data_stateful_rule_append" { + name = "API Gateway Enumeration Detected" + depends_on = [ sysdig_secure_rule_stateful.stateful_rule_append ] +} +`, ruleStatefulAppend()) +} diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_test.go index b0003e9bd..101ef5d70 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful_test.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful_test.go @@ -33,9 +33,6 @@ func TestAccRuleStatefulDataSource(t *testing.T) { }, }, Steps: []resource.TestStep{ - { - Config: ruleStatefulAppend(), - }, { Config: ruleStatefulDataSource(), }, @@ -44,11 +41,12 @@ func TestAccRuleStatefulDataSource(t *testing.T) { } func ruleStatefulDataSource() string { - return fmt.Sprint(` + return fmt.Sprintf(` +%s data "sysdig_secure_rule_stateful" "data_stateful_rule_append" { name = "API Gateway Enumeration Detected" depends_on = [ sysdig_secure_rule_stateful.stateful_rule_append ] } -`) +`, ruleStatefulAppend()) } diff --git a/sysdig/provider.go b/sysdig/provider.go index c2dfa7a20..11de1d1cd 100644 --- a/sysdig/provider.go +++ b/sysdig/provider.go @@ -235,6 +235,7 @@ func (p *SysdigProvider) Provider() *schema.Provider { "sysdig_secure_posture_policies": dataSourceSysdigSecurePosturePolicies(), "sysdig_secure_custom_role_permissions": dataSourceSysdigSecureCustomRolePermissions(), "sysdig_secure_rule_stateful": dataSourceSysdigSecureRuleStateful(), + "sysdig_secure_rule_stateful_count": dataSourceSysdigSecureRuleStatefulCount(), "sysdig_current_user": dataSourceSysdigCurrentUser(), "sysdig_user": dataSourceSysdigUser(), diff --git a/website/docs/d/secure_rule_stateful_count.md b/website/docs/d/secure_rule_stateful_count.md new file mode 100644 index 000000000..ce927b357 --- /dev/null +++ b/website/docs/d/secure_rule_stateful_count.md @@ -0,0 +1,33 @@ +--- +subcategory: "Sysdig Secure" +layout: "sysdig" +page_title: "Sysdig: sysdig_secure_rule_stateful_count" +description: |- + Retrieves the count of rules (including appends) for a named stateful rule. +--- + +# Data Source: sysdig_secure_rule_stateful_count + +Retrieves the count of rules (including appends) for a named stateful rule. + +-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository. + +## Example Usage + +```terraform +data "sysdig_secure_rule_stateful_count" "example" { + name = "API Gateway Enumeration Detected" + source = "awscloudtrail_stateful" +} +``` + +## Argument Reference + +* `name` - (Required) The name of the Secure stateful rule to retrieve. +* `source` - (Required) The source of the Secure stateful rule to retrieve. + +## Attributes Reference + +In addition to the argument above, the following attributes are exported: + +* `rule_count` - The number of rules (including appends). From 74ae360a1ff530678adcc8a0ea47c8b8b92ef6a6 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Fri, 14 Mar 2025 15:28:19 -0700 Subject: [PATCH 09/15] add source to tests --- sysdig/data_source_sysdig_secure_rule_stateful_count_test.go | 1 + sysdig/data_source_sysdig_secure_rule_stateful_test.go | 1 + 2 files changed, 2 insertions(+) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go index 8785339a6..49ad3d889 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go @@ -49,6 +49,7 @@ func ruleStatefulCountDataSource() string { data "sysdig_secure_rule_stateful" "data_stateful_rule_append" { name = "API Gateway Enumeration Detected" + source = "awscloudtrail_stateful" depends_on = [ sysdig_secure_rule_stateful.stateful_rule_append ] } `, ruleStatefulAppend()) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_test.go index 101ef5d70..41278e098 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful_test.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful_test.go @@ -46,6 +46,7 @@ func ruleStatefulDataSource() string { data "sysdig_secure_rule_stateful" "data_stateful_rule_append" { name = "API Gateway Enumeration Detected" + source = "awscloudtrail_stateful" depends_on = [ sysdig_secure_rule_stateful.stateful_rule_append ] } `, ruleStatefulAppend()) From e12069fd2bb34a4b4d9a73a384d57c6a194b8860 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Sun, 16 Mar 2025 18:24:37 -0700 Subject: [PATCH 10/15] set missing fields --- sysdig/data_source_sysdig_secure_rule_stateful.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful.go b/sysdig/data_source_sysdig_secure_rule_stateful.go index 07dea9989..a94b3a6ad 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "errors" + "strconv" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" @@ -102,6 +103,15 @@ func dataSourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceDat if len(rules) == 0 { d.SetId("") + } else { + d.SetId(strconv.Itoa(rule.ID)) + } + + _ = d.Set("name", rule.Name) + _ = d.Set("source", source) + + if rule.Details.Append != nil { + _ = d.Set("append", *rule.Details.Append) } exceptions := make([]any, 0, len(rule.Details.Exceptions)) From 14d174739b0242eb75ed085d9752e2100ce1386e Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Sun, 16 Mar 2025 20:04:26 -0700 Subject: [PATCH 11/15] Update data_source_sysdig_secure_rule_stateful_count_test.go --- sysdig/data_source_sysdig_secure_rule_stateful_count_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go index 49ad3d889..25be3c02d 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go @@ -47,7 +47,7 @@ func ruleStatefulCountDataSource() string { return fmt.Sprintf(` %s -data "sysdig_secure_rule_stateful" "data_stateful_rule_append" { +data "sysdig_secure_rule_stateful_count" "data_stateful_rule_append" { name = "API Gateway Enumeration Detected" source = "awscloudtrail_stateful" depends_on = [ sysdig_secure_rule_stateful.stateful_rule_append ] From 72056d88162f99b6f016e757777d440b545c8af7 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Sun, 16 Mar 2025 23:06:41 -0700 Subject: [PATCH 12/15] Update data_source_sysdig_secure_rule_stateful_count_test.go --- sysdig/data_source_sysdig_secure_rule_stateful_count_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go b/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go index 25be3c02d..0a7c3c918 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful_count_test.go @@ -36,7 +36,7 @@ func TestAccRuleStatefulCountDataSource(t *testing.T) { { Config: ruleStatefulCountDataSource(), Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("data.sysdig_secure_rule_stateful_count.data_stateful_rule_append", "rule_count", "1"), + resource.TestCheckResourceAttr("data.sysdig_secure_rule_stateful_count.data_stateful_rule_append", "rule_count", "2"), ), }, }, From d2bf917b8fa436c918e877608e35f9793e31c6f3 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Mon, 17 Mar 2025 10:37:42 -0700 Subject: [PATCH 13/15] address review comments --- sysdig/data_source_sysdig_secure_rule_stateful.go | 2 +- sysdig/data_source_sysdig_secure_rule_stateful_count.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful.go b/sysdig/data_source_sysdig_secure_rule_stateful.go index a94b3a6ad..89b4fad9b 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful.go @@ -96,7 +96,7 @@ func dataSourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceDat ruleIndexObj, ok := d.GetOk("index") ruleIndex := 0 if ok { - ruleIndex = ruleIndexObj.(int) + ruleIndex, ok = ruleIndexObj.(int) } rule := rules[ruleIndex] diff --git a/sysdig/data_source_sysdig_secure_rule_stateful_count.go b/sysdig/data_source_sysdig_secure_rule_stateful_count.go index 4c2c70543..9a731dc3b 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful_count.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful_count.go @@ -50,7 +50,7 @@ func dataSourceSysdigRuleStatefulCountRead(ctx context.Context, d *schema.Resour return diag.FromErr(err) } - d.SetId(fmt.Sprintf("count_%s", ruleName)) + d.SetId(fmt.Sprintf("count__%s__%s", ruleName, ruleType)) _ = d.Set("name", ruleName) _ = d.Set("rule_count", len(rules)) From 73ca4be9b2a386e41597fa9da009828203216791 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Mon, 17 Mar 2025 10:50:43 -0700 Subject: [PATCH 14/15] Update data_source_sysdig_secure_rule_stateful.go --- sysdig/data_source_sysdig_secure_rule_stateful.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful.go b/sysdig/data_source_sysdig_secure_rule_stateful.go index 89b4fad9b..3c832a04b 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful.go @@ -96,7 +96,7 @@ func dataSourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceDat ruleIndexObj, ok := d.GetOk("index") ruleIndex := 0 if ok { - ruleIndex, ok = ruleIndexObj.(int) + ruleIndex, _ = ruleIndexObj.(int) } rule := rules[ruleIndex] From 8a404d24f3e6bdaf811302d8e07e34a90b548b6a Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Mon, 17 Mar 2025 12:53:36 -0700 Subject: [PATCH 15/15] Update data_source_sysdig_secure_rule_stateful.go --- sysdig/data_source_sysdig_secure_rule_stateful.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sysdig/data_source_sysdig_secure_rule_stateful.go b/sysdig/data_source_sysdig_secure_rule_stateful.go index 3c832a04b..c12cae705 100644 --- a/sysdig/data_source_sysdig_secure_rule_stateful.go +++ b/sysdig/data_source_sysdig_secure_rule_stateful.go @@ -96,7 +96,10 @@ func dataSourceSysdigRuleStatefulRead(ctx context.Context, d *schema.ResourceDat ruleIndexObj, ok := d.GetOk("index") ruleIndex := 0 if ok { - ruleIndex, _ = ruleIndexObj.(int) + ruleIndex, ok = ruleIndexObj.(int) + if !ok { + return diag.FromErr(errors.New("index must be an integer")) + } } rule := rules[ruleIndex]