diff --git a/sysdig/internal/client/v2/cloud_account.go b/sysdig/internal/client/v2/cloud_account.go index 63f02f23..37f3c55c 100644 --- a/sysdig/internal/client/v2/cloud_account.go +++ b/sysdig/internal/client/v2/cloud_account.go @@ -7,24 +7,12 @@ import ( ) const ( - cloudAccountsPath = "%s/api/cloud/v2/accounts" - cloudAccountsWithExternalIDPath = "%s/api/cloud/v2/accounts?includeExternalID=true&upsert=true" - cloudAccountPath = "%s/api/cloud/v2/accounts/%s" - cloudAccountWithExternalIDPath = "%s/api/cloud/v2/accounts/%s?includeExternalID=true" - providersPath = "%v/api/v2/providers" - costCloudAccountPath = "%s/api/cloudaccount" - costProviderURL = "%s/api/cloudaccount/features/cost/account?id=%d" - updateCostProviderURL = "%s/api/cloudaccount/features/cost" + providersPath = "%v/api/v2/providers" + costCloudAccountPath = "%s/api/cloudaccount" + costProviderURL = "%s/api/cloudaccount/features/cost/account?id=%d" + updateCostProviderURL = "%s/api/cloudaccount/features/cost" ) -type CloudAccountSecureInterface interface { - Base - CreateCloudAccountSecure(ctx context.Context, cloudAccount *CloudAccountSecure) (*CloudAccountSecure, error) - GetCloudAccountSecureByID(ctx context.Context, accountID string) (*CloudAccountSecure, error) - DeleteCloudAccountSecure(ctx context.Context, accountID string) error - UpdateCloudAccountSecure(ctx context.Context, accountID string, cloudAccount *CloudAccountSecure) (*CloudAccountSecure, error) -} - type CloudAccountMonitorInterface interface { Base CreateCloudAccountMonitor(ctx context.Context, provider *CloudAccountMonitor) (*CloudAccountMonitor, error) @@ -36,89 +24,6 @@ type CloudAccountMonitorInterface interface { DeleteCloudAccountMonitor(ctx context.Context, id int) error } -func (c *Client) CreateCloudAccountSecure(ctx context.Context, cloudAccount *CloudAccountSecure) (createdAccount *CloudAccountSecure, err error) { - payload, err := Marshal(cloudAccount) - if err != nil { - return nil, err - } - - response, err := c.requester.Request(ctx, http.MethodPost, c.cloudAccountsURL(true), payload) - if err != nil { - return nil, err - } - defer func() { - if dErr := response.Body.Close(); dErr != nil { - err = fmt.Errorf("unable to close response body: %w", dErr) - } - }() - - if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated { - err = c.ErrorFromResponse(response) - return nil, err - } - - return Unmarshal[*CloudAccountSecure](response.Body) -} - -func (c *Client) GetCloudAccountSecureByID(ctx context.Context, accountID string) (cloudAccount *CloudAccountSecure, err error) { - response, err := c.requester.Request(ctx, http.MethodGet, c.cloudAccountURL(accountID, true), nil) - if err != nil { - return nil, err - } - defer func() { - if dErr := response.Body.Close(); dErr != nil { - err = fmt.Errorf("unable to close response body: %w", dErr) - } - }() - - if response.StatusCode != http.StatusOK { - return nil, c.ErrorFromResponse(response) - } - - return Unmarshal[*CloudAccountSecure](response.Body) -} - -func (c *Client) DeleteCloudAccountSecure(ctx context.Context, accountID string) (err error) { - response, err := c.requester.Request(ctx, http.MethodDelete, c.cloudAccountURL(accountID, false), nil) - if err != nil { - return err - } - defer func() { - if dErr := response.Body.Close(); dErr != nil { - err = fmt.Errorf("unable to close response body: %w", dErr) - } - }() - - if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK { - return c.ErrorFromResponse(response) - } - return nil -} - -func (c *Client) UpdateCloudAccountSecure(ctx context.Context, accountID string, cloudAccount *CloudAccountSecure) (updatedAccount *CloudAccountSecure, err error) { - payload, err := Marshal(cloudAccount) - if err != nil { - return nil, err - } - - response, err := c.requester.Request(ctx, http.MethodPut, c.cloudAccountURL(accountID, true), payload) - if err != nil { - return nil, err - } - defer func() { - if dErr := response.Body.Close(); dErr != nil { - err = fmt.Errorf("unable to close response body: %w", dErr) - } - }() - - if response.StatusCode != http.StatusOK { - err = c.ErrorFromResponse(response) - return nil, err - } - - return Unmarshal[*CloudAccountSecure](response.Body) -} - func (c *Client) CreateCloudAccountMonitor(ctx context.Context, provider *CloudAccountMonitor) (createdProvider *CloudAccountMonitor, err error) { payload, err := Marshal(provider) if err != nil { @@ -295,20 +200,6 @@ func (c *Client) DeleteCloudAccountMonitor(ctx context.Context, id int) (err err return nil } -func (c *Client) cloudAccountsURL(includeExternalID bool) string { - if includeExternalID { - return fmt.Sprintf(cloudAccountsWithExternalIDPath, c.config.url) - } - return fmt.Sprintf(cloudAccountsPath, c.config.url) -} - -func (c *Client) cloudAccountURL(accountID string, includeExternalID bool) string { - if includeExternalID { - return fmt.Sprintf(cloudAccountWithExternalIDPath, c.config.url, accountID) - } - return fmt.Sprintf(cloudAccountPath, c.config.url, accountID) -} - func (c *Client) getProviderURL(id int) string { return fmt.Sprintf("%v/%v", c.getProvidersURL(), id) } diff --git a/sysdig/internal/client/v2/sysdig.go b/sysdig/internal/client/v2/sysdig.go index ef70018f..3316182a 100644 --- a/sysdig/internal/client/v2/sysdig.go +++ b/sysdig/internal/client/v2/sysdig.go @@ -39,7 +39,6 @@ type SysdigSecure interface { SysdigCommon SecureCommon - CloudAccountSecureInterface CloudauthAccountComponentSecureInterface CloudauthAccountFeatureSecureInterface CloudauthAccountSecureInterface diff --git a/sysdig/provider.go b/sysdig/provider.go index 67dfe93a..911da9c6 100644 --- a/sysdig/provider.go +++ b/sysdig/provider.go @@ -151,7 +151,6 @@ func (p *SysdigProvider) Provider() *schema.Provider { "sysdig_monitor_team": resourceSysdigMonitorTeam(), "sysdig_secure_aws_ml_policy": resourceSysdigSecureAWSMLPolicy(), - "sysdig_secure_cloud_account": resourceSysdigSecureCloudAccount(), "sysdig_secure_cloud_auth_account": resourceSysdigSecureCloudauthAccount(), "sysdig_secure_cloud_auth_account_component": resourceSysdigSecureCloudauthAccountComponent(), "sysdig_secure_cloud_auth_account_feature": resourceSysdigSecureCloudauthAccountFeature(), diff --git a/sysdig/resource_sysdig_secure_cloud_account.go b/sysdig/resource_sysdig_secure_cloud_account.go deleted file mode 100644 index 8c9fffac..00000000 --- a/sysdig/resource_sysdig_secure_cloud_account.go +++ /dev/null @@ -1,172 +0,0 @@ -package sysdig - -import ( - "context" - "strings" - "time" - - v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2" - - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" -) - -func resourceSysdigSecureCloudAccount() *schema.Resource { - timeout := 5 * time.Minute - - return &schema.Resource{ - CreateContext: resourceSysdigSecureCloudAccountCreate, - UpdateContext: resourceSysdigSecureCloudAccountUpdate, - ReadContext: resourceSysdigSecureCloudAccountRead, - DeleteContext: resourceSysdigSecureCloudAccountDelete, - Importer: &schema.ResourceImporter{ - StateContext: schema.ImportStatePassthroughContext, - }, - - Timeouts: &schema.ResourceTimeout{ - Create: schema.DefaultTimeout(timeout), - Update: schema.DefaultTimeout(timeout), - Read: schema.DefaultTimeout(timeout), - Delete: schema.DefaultTimeout(timeout), - }, - Schema: map[string]*schema.Schema{ - "account_id": { - Type: schema.TypeString, - Required: true, - }, - "cloud_provider": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validation.StringInSlice([]string{"aws", "gcp", "azure"}, false), - }, - "alias": { - Type: schema.TypeString, - Optional: true, - }, - "role_enabled": { - Type: schema.TypeBool, - Optional: true, - Default: false, - }, - "role_name": { - Type: schema.TypeString, - Optional: true, - Default: "SysdigCloudBench", - }, - "external_id": { - Type: schema.TypeString, - Computed: true, - }, - "workload_identity_account_id": { - Type: schema.TypeString, - Optional: true, - }, - "workload_identity_account_alias": { - Type: schema.TypeString, - Optional: true, - }, - }, - } -} - -func getSecureCloudAccountClient(c SysdigClients) (v2.CloudAccountSecureInterface, error) { - return c.sysdigSecureClientV2() -} - -func resourceSysdigSecureCloudAccountCreate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - client, err := getSecureCloudAccountClient(meta.(SysdigClients)) - if err != nil { - return diag.FromErr(err) - } - - cloudAccount, err := client.CreateCloudAccountSecure(ctx, cloudAccountFromResourceData(d)) - if err != nil { - return diag.FromErr(err) - } - - d.SetId(cloudAccount.AccountID) - _ = d.Set("account_id", cloudAccount.AccountID) - _ = d.Set("cloud_provider", cloudAccount.Provider) - _ = d.Set("alias", cloudAccount.Alias) - _ = d.Set("role_enabled", cloudAccount.RoleAvailable) - _ = d.Set("role_name", cloudAccount.RoleName) - _ = d.Set("external_id", cloudAccount.ExternalID) - _ = d.Set("workload_identity_account_id", cloudAccount.WorkLoadIdentityAccountID) - _ = d.Set("workload_identity_account_alias", cloudAccount.WorkLoadIdentityAccountAlias) - - return nil -} - -func resourceSysdigSecureCloudAccountRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - client, err := getSecureCloudAccountClient(meta.(SysdigClients)) - if err != nil { - d.SetId("") - return diag.FromErr(err) - } - - cloudAccount, err := client.GetCloudAccountSecureByID(ctx, d.Id()) - if err != nil { - d.SetId("") - if strings.Contains(err.Error(), "404") { - return nil - } - return diag.FromErr(err) - } - - _ = d.Set("account_id", cloudAccount.AccountID) - _ = d.Set("cloud_provider", cloudAccount.Provider) - _ = d.Set("alias", cloudAccount.Alias) - _ = d.Set("role_enabled", cloudAccount.RoleAvailable) - _ = d.Set("role_name", cloudAccount.RoleName) - _ = d.Set("external_id", cloudAccount.ExternalID) - _ = d.Set("workload_identity_account_id", cloudAccount.WorkLoadIdentityAccountID) - _ = d.Set("workload_identity_account_alias", cloudAccount.WorkLoadIdentityAccountAlias) - - return nil -} - -func resourceSysdigSecureCloudAccountUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - client, err := getSecureCloudAccountClient(meta.(SysdigClients)) - if err != nil { - return diag.FromErr(err) - } - - _, err = client.UpdateCloudAccountSecure(ctx, d.Id(), cloudAccountFromResourceData(d)) - if err != nil { - if strings.Contains(err.Error(), "404") { - return nil - } - return diag.FromErr(err) - } - - return nil -} - -func resourceSysdigSecureCloudAccountDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - client, err := getSecureCloudAccountClient(meta.(SysdigClients)) - if err != nil { - return diag.FromErr(err) - } - - err = client.DeleteCloudAccountSecure(ctx, d.Id()) - if err != nil { - if strings.Contains(err.Error(), "404") { - return nil - } - return diag.FromErr(err) - } - return nil -} - -func cloudAccountFromResourceData(d *schema.ResourceData) *v2.CloudAccountSecure { - return &v2.CloudAccountSecure{ - AccountID: d.Get("account_id").(string), - Provider: d.Get("cloud_provider").(string), - Alias: d.Get("alias").(string), - RoleAvailable: d.Get("role_enabled").(bool), - RoleName: d.Get("role_name").(string), - WorkLoadIdentityAccountID: d.Get("workload_identity_account_id").(string), - WorkLoadIdentityAccountAlias: d.Get("workload_identity_account_alias").(string), - } -} diff --git a/sysdig/resource_sysdig_secure_cloud_account_test.go b/sysdig/resource_sysdig_secure_cloud_account_test.go deleted file mode 100644 index cd29230a..00000000 --- a/sysdig/resource_sysdig_secure_cloud_account_test.go +++ /dev/null @@ -1,106 +0,0 @@ -//go:build tf_acc_sysdig_secure || tf_acc_sysdig_common || tf_acc_onprem_secure - -package sysdig_test - -import ( - "fmt" - "os" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - - "github.com/draios/terraform-provider-sysdig/sysdig" -) - -func TestAccSecureCloudAccount(t *testing.T) { - rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) } - accID := rText() - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { - if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { - t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") - } - }, - ProviderFactories: map[string]func() (*schema.Provider, error){ - "sysdig": func() (*schema.Provider, error) { - return sysdig.Provider(), nil - }, - }, - Steps: []resource.TestStep{ - { - Config: secureCloudAccountWithID(accID), - }, - { - Config: secureCloudAccountMinimumConfiguration(accID), - }, - { - ResourceName: "sysdig_secure_cloud_account.sample", - ImportState: true, - ImportStateVerify: true, - }, - }, - }) -} - -func secureCloudAccountWithID(accountID string) string { - return fmt.Sprintf(` -resource "sysdig_secure_cloud_account" "sample" { - account_id = "sample-%s" - cloud_provider = "aws" - alias = "%s" - role_enabled = "false" - role_name = "CustomRoleName" -} -`, accountID, accountID) -} - -func secureCloudAccountMinimumConfiguration(accountID string) string { - return fmt.Sprintf(` -resource "sysdig_secure_cloud_account" "sample" { - account_id = "sample-%s" - cloud_provider = "aws" -}`, accountID) -} - -func TestAccSecureCloudAccountWID(t *testing.T) { - rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) } - accID := rText() - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { - if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { - t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") - } - }, - ProviderFactories: map[string]func() (*schema.Provider, error){ - "sysdig": func() (*schema.Provider, error) { - return sysdig.Provider(), nil - }, - }, - Steps: []resource.TestStep{ - { - Config: secureCloudAccountWithWID(accID), - }, - { - ResourceName: "sysdig_secure_cloud_account.sample-1", - ImportState: true, - ImportStateVerify: true, - }, - }, - }) -} - -func secureCloudAccountWithWID(accountID string) string { - return fmt.Sprintf(` -resource "sysdig_secure_cloud_account" "sample-1" { - account_id = "sample-1-%s" - cloud_provider = "aws" - alias = "%s" - role_enabled = "false" - role_name = "CustomRoleName" - workload_identity_account_id = "sample-1-%s" - workload_identity_account_alias = "%s" -} -`, accountID, accountID, accountID, accountID) -} diff --git a/website/docs/r/secure_cloud_account.md b/website/docs/r/secure_cloud_account.md deleted file mode 100644 index 5826393f..00000000 --- a/website/docs/r/secure_cloud_account.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -subcategory: "Sysdig Secure" -layout: "sysdig" -page_title: "Sysdig: sysdig_secure_cloud_account" -description: |- - Creates a Sysdig Secure Cloud Account. ---- - -# Resource: sysdig_secure_cloud_account - -Creates a Sysdig Secure Cloud Account. - --> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository. - -## Example Usage - -```terraform -resource "sysdig_secure_cloud_account" "sample" { - account_id = "123456789012" - cloud_provider = "aws" - alias = "prod" - role_enabled = "false" - role_name = "CustomRoleName" - workload_identity_account_id = "457345678065" - workload_identity_account_alias = "prod-alias" -} -``` - -## Argument Reference - -* `account_id` - (Required) The unique identifier of the cloud account. e.g. for AWS: `123456789012`, - -* `cloud_provider` - (Required) The cloud provider in which the account exists. Currently supported providers are `aws`, `gcp` and `azure` - -* `alias` - (Optional) A human friendly alias for `account_id`. - -* `role_enabled` - (Optional) Whether or not a role is provisioned withing this account, that Sysdig has permission to AssumeRole in order to run Benchmarks. Default: `false`. - -* `role_name` - (Optional) The name of the role Sysdig will have permission to AssumeRole if `role_enaled` is set to `true`. Default: `SysdigCloudBench`. - -* `workload_identity_account_id` - (Optional) For GCP only. The account id in which workload identity is present for this account in gcp org. - -* `workload_identity_account_alias` - (Optional) For GCP only. The alias of workload identity is present for this account in gcp org. - -## Attributes Reference - -No additional attributes are exported. - -## Import - -Secure Cloud Accounts can be imported using the `account_id`, e.g. - -``` -$ terraform import sysdig_secure_cloud_account.sample 123456789012 -```