feat(team): add missing features to teams (#628)

* feat(team): add prometheus_remote_write_metrics_filter

* feat(team): add all possible entrypoints and visibility options

* feat(team): remove platform metric related attributes from secure_team

Author: dbonf

sysdig/data_source_sysdig_monitor_team.go

@@ -36,6 +36,10 @@ func dataSourceSysdigMonitorTeam() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"prometheus_remote_write_metrics_filter": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"can_use_sysdig_capture": {
 				Type:     schema.TypeBool,
 				Computed: true,
@@ -48,6 +52,10 @@ func dataSourceSysdigMonitorTeam() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"can_use_agent_cli": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 			"default_team": {
 				Type:     schema.TypeBool,
 				Computed: true,
@@ -126,17 +134,21 @@ func dataSourceSysdigMonitorTeamRead(ctx context.Context, d *schema.ResourceData
 	_ = d.Set("can_use_sysdig_capture", team.CanUseSysdigCapture)
 	_ = d.Set("can_see_infrastructure_events", team.CanUseCustomEvents)
 	_ = d.Set("can_use_aws_data", team.CanUseAwsMetrics)
+	_ = d.Set("can_use_agent_cli", team.CanUseAgentCli)
 	_ = d.Set("default_team", team.DefaultTeam)
 	_ = d.Set("user_roles", userMonitorRolesToSet(team.UserRoles))
 	_ = d.Set("entrypoint", entrypointToSet(team.EntryPoint))
 	_ = d.Set("version", team.Version)
 
 	var ibmPlatformMetrics *string
+	var prometheusRemoteWrite *string
 	if team.NamespaceFilters != nil {
 		ibmPlatformMetrics = team.NamespaceFilters.IBMPlatformMetrics
+		prometheusRemoteWrite = team.NamespaceFilters.PrometheusRemoteWrite
 	}
 	_ = d.Set("enable_ibm_platform_metrics", team.CanUseBeaconMetrics)
 	_ = d.Set("ibm_platform_metrics", ibmPlatformMetrics)
+	_ = d.Set("prometheus_remote_write_metrics_filter", prometheusRemoteWrite)
 
 	return nil
 }

sysdig/data_source_sysdig_monitor_team_test.go

@@ -32,6 +32,8 @@ func TestAccDataSourceSysdigMonitorTeam(t *testing.T) {
 					resource.TestCheckResourceAttr("data.sysdig_monitor_team.test", "can_use_sysdig_capture", "true"),
 					resource.TestCheckResourceAttr("data.sysdig_monitor_team.test", "can_see_infrastructure_events", "true"),
 					resource.TestCheckResourceAttr("data.sysdig_monitor_team.test", "can_use_aws_data", "true"),
+					resource.TestCheckResourceAttr("data.sysdig_monitor_team.test", "can_use_agent_cli", "false"),
+					resource.TestCheckResourceAttr("data.sysdig_monitor_team.test", "prometheus_remote_write_metrics_filter", "kube_cluster_name in (\"test-cluster\")"),
 				),
 			},
 		},
@@ -48,9 +50,10 @@ resource "sysdig_monitor_team" "sample" {
   can_use_sysdig_capture 		= true
   can_see_infrastructure_events = true
   can_use_aws_data = true
-  
+  can_use_agent_cli = false
+  prometheus_remote_write_metrics_filter = "kube_cluster_name in (\"test-cluster\")"
   entrypoint {
-	type = "Dashboards"
+    type = "Dashboards"
   }
 }
 

sysdig/data_source_sysdig_secure_team.go

@@ -40,6 +40,14 @@ func dataSourceSysdigSecureTeam() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"can_use_agent_cli": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"can_use_rapid_response": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 			"default_team": {
 				Type:     schema.TypeBool,
 				Computed: true,
@@ -103,6 +111,8 @@ func dataSourceSysdigSecureTeamRead(ctx context.Context, d *schema.ResourceData,
 	_ = d.Set("scope_by", team.Show)
 	_ = d.Set("filter", team.Filter)
 	_ = d.Set("use_sysdig_capture", team.CanUseSysdigCapture)
+	_ = d.Set("can_use_agent_cli", team.CanUseAgentCli)
+	_ = d.Set("can_use_rapid_response", team.CanUseRapidResponse)
 	_ = d.Set("default_team", team.DefaultTeam)
 	_ = d.Set("user_roles", userSecureRolesToSet(team.UserRoles))
 	_ = d.Set("version", team.Version)

sysdig/data_source_sysdig_secure_team_test.go

@@ -31,6 +31,8 @@ func TestAccDataSourceSysdigSecureTeam(t *testing.T) {
 					resource.TestCheckResourceAttr("data.sysdig_secure_team.test", "version", "0"),
 					resource.TestCheckResourceAttr("data.sysdig_secure_team.test", "use_sysdig_capture", "true"),
 					resource.TestCheckResourceAttr("data.sysdig_secure_team.test", "all_zones", "true"),
+					resource.TestCheckResourceAttr("data.sysdig_secure_team.test", "can_use_agent_cli", "false"),
+					resource.TestCheckResourceAttr("data.sysdig_secure_team.test", "can_use_rapid_response", "true"),
 				),
 			},
 		},
@@ -40,12 +42,14 @@ func TestAccDataSourceSysdigSecureTeam(t *testing.T) {
 func secureTeamAndDatasource(name string) string {
 	return fmt.Sprintf(`
 resource "sysdig_secure_team" "sample" {
-  name               = "%s"
-  description        = "A test secure team"
-  scope_by           = "container"
-  use_sysdig_capture = true
-  filter             = "container.image.repo = \"sysdig/agent\""
-  all_zones          = true
+  name                   = "%s"
+  description            = "A test secure team"
+  scope_by               = "container"
+  use_sysdig_capture     = true
+  filter                 = "container.image.repo = \"sysdig/agent\""
+  all_zones              = true
+  can_use_agent_cli      = false
+  can_use_rapid_response = true
 }
 
 data "sysdig_secure_team" "test" {

sysdig/internal/client/v2/model.go

@@ -26,6 +26,8 @@ type Team struct {
 	CanUseCustomEvents  *bool             `json:"canUseCustomEvents,omitempty"`
 	CanUseAwsMetrics    *bool             `json:"canUseAwsMetrics,omitempty"`
 	CanUseBeaconMetrics *bool             `json:"canUseBeaconMetrics,omitempty"`
+	CanUseRapidResponse *bool             `json:"canUseRapidResponse,omitempty"`
+	CanUseAgentCli      *bool             `json:"canUseAgentCli,omitempty"`
 	UserCount           int               `json:"userCount,omitempty"`
 	Filter              string            `json:"filter,omitempty"`
 	NamespaceFilters    *NamespaceFilters `json:"namespaceFilters,omitempty"`
@@ -35,7 +37,8 @@ type Team struct {
 }
 
 type NamespaceFilters struct {
-	IBMPlatformMetrics *string `json:"ibmPlatformMetrics"`
+	IBMPlatformMetrics    *string `json:"ibmPlatformMetrics,omitempty"`
+	PrometheusRemoteWrite *string `json:"prometheusRemoteWrite,omitempty"`
 }
 
 type UserRoles struct {

sysdig/resource_sysdig_monitor_team.go

@@ -46,11 +46,16 @@ func resourceSysdigMonitorTeam() *schema.Resource {
 				Optional: true,
 			},
 			"scope_by": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Default:      "host",
+				ValidateFunc: validation.StringInSlice([]string{"host", "container"}, false),
+			},
+			"filter": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Default:  "host",
 			},
-			"filter": {
+			"prometheus_remote_write_metrics_filter": {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
@@ -77,6 +82,11 @@ func resourceSysdigMonitorTeam() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			"can_use_agent_cli": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
 			"user_roles": {
 				Type:     schema.TypeSet,
 				Optional: true,
@@ -102,7 +112,7 @@ func resourceSysdigMonitorTeam() *schema.Resource {
 						"type": {
 							Type:         schema.TypeString,
 							Required:     true,
-							ValidateFunc: validation.StringInSlice([]string{"Explore", "Dashboards", "Events", "Alerts", "Settings"}, false),
+							ValidateFunc: validation.StringInSlice([]string{"Explore", "Dashboards", "Events", "Alerts", "Settings", "DashboardTemplates", "Advisor"}, false),
 						},
 
 						"selection": {
@@ -187,12 +197,21 @@ func resourceSysdigMonitorTeamRead(ctx context.Context, d *schema.ResourceData,
 	_ = d.Set("filter", t.Filter)
 	_ = d.Set("can_use_sysdig_capture", t.CanUseSysdigCapture)
 	_ = d.Set("can_see_infrastructure_events", t.CanUseCustomEvents)
+	_ = d.Set("can_use_agent_cli", t.CanUseAgentCli)
 	_ = d.Set("can_use_aws_data", t.CanUseAwsMetrics)
 	_ = d.Set("default_team", t.DefaultTeam)
 	_ = d.Set("user_roles", userMonitorRolesToSet(t.UserRoles))
 	_ = d.Set("entrypoint", entrypointToSet(t.EntryPoint))
 
-	resourceSysdigTeamReadIBM(d, &t)
+	var ibmPlatformMetrics *string
+	var prometheusRemoteWrite *string
+	if t.NamespaceFilters != nil {
+		ibmPlatformMetrics = t.NamespaceFilters.IBMPlatformMetrics
+		prometheusRemoteWrite = t.NamespaceFilters.PrometheusRemoteWrite
+	}
+	_ = d.Set("enable_ibm_platform_metrics", t.CanUseBeaconMetrics)
+	_ = d.Set("ibm_platform_metrics", ibmPlatformMetrics)
+	_ = d.Set("prometheus_remote_write_metrics_filter", prometheusRemoteWrite)
 
 	return nil
 }
@@ -217,8 +236,12 @@ func entrypointToSet(entrypoint *v2.EntryPoint) (res []map[string]interface{}) {
 		return
 	}
 
+	module := entrypoint.Module
+	if module == "Overview" {
+		module = "Advisor"
+	}
 	entrypointMap := map[string]interface{}{
-		"type":      entrypoint.Module,
+		"type":      module,
 		"selection": entrypoint.Selection,
 	}
 	return append(res, entrypointMap)
@@ -264,8 +287,8 @@ func resourceSysdigMonitorTeamDelete(ctx context.Context, d *schema.ResourceData
 func teamFromResourceData(d *schema.ResourceData, clientType ClientType) v2.Team {
 	canUseSysdigCapture := d.Get("can_use_sysdig_capture").(bool)
 	canUseCustomEvents := d.Get("can_see_infrastructure_events").(bool)
+	canUseAgentCli := d.Get("can_use_agent_cli").(bool)
 	canUseAwsMetrics := d.Get("can_use_aws_data").(bool)
-	canUseBeaconMetrics := false
 	t := v2.Team{
 		Theme:               d.Get("theme").(string),
 		Name:                d.Get("name").(string),
@@ -275,7 +298,7 @@ func teamFromResourceData(d *schema.ResourceData, clientType ClientType) v2.Team
 		CanUseSysdigCapture: &canUseSysdigCapture,
 		CanUseCustomEvents:  &canUseCustomEvents,
 		CanUseAwsMetrics:    &canUseAwsMetrics,
-		CanUseBeaconMetrics: &canUseBeaconMetrics,
+		CanUseAgentCli:      &canUseAgentCli,
 		DefaultTeam:         d.Get("default_team").(bool),
 	}
 
@@ -291,11 +314,31 @@ func teamFromResourceData(d *schema.ResourceData, clientType ClientType) v2.Team
 
 	t.EntryPoint = &v2.EntryPoint{}
 	t.EntryPoint.Module = d.Get("entrypoint.0.type").(string)
+	if t.EntryPoint.Module == "Advisor" {
+		t.EntryPoint.Module = "Overview"
+	}
 	if val, ok := d.GetOk("entrypoint.0.selection"); ok {
 		t.EntryPoint.Selection = val.(string)
 	}
 
-	teamFromResourceDataIBM(d, &t)
+	canUseBeaconMetrics := d.Get("enable_ibm_platform_metrics").(bool)
+	t.CanUseBeaconMetrics = &canUseBeaconMetrics
+
+	if v, ok := d.GetOk("ibm_platform_metrics"); ok {
+		metrics := v.(string)
+		if t.NamespaceFilters == nil {
+			t.NamespaceFilters = &v2.NamespaceFilters{}
+		}
+		t.NamespaceFilters.IBMPlatformMetrics = &metrics
+	}
+
+	if v, ok := d.GetOk("prometheus_remote_write_metrics_filter"); ok {
+		metrics := v.(string)
+		if t.NamespaceFilters == nil {
+			t.NamespaceFilters = &v2.NamespaceFilters{}
+		}
+		t.NamespaceFilters.PrometheusRemoteWrite = &metrics
+	}
 
 	return t
 }

sysdig/resource_sysdig_monitor_team_ibm_test.go

@@ -41,6 +41,9 @@ func TestAccMonitorIBMTeam(t *testing.T) {
 			{
 				Config: monitorTeamWithPlatformMetricsIBM(rText()),
 			},
+			{
+				Config: monitorTeamWithPlatformMetricsAndPrwMetricsIBM(rText()),
+			},
 			{
 				ResourceName:      "sysdig_monitor_team.sample",
 				ImportState:       true,
@@ -53,28 +56,42 @@ func TestAccMonitorIBMTeam(t *testing.T) {
 func monitorTeamWithFullConfigIBM(name string) string {
 	return fmt.Sprintf(`
 resource "sysdig_monitor_team" "sample" {
-  name                   		= "sample-%s"
-  description        			= "%s"
-  scope_by           			= "host"
-  filter             			= "container.image.repo = \"sysdig/agent\""
-  can_use_sysdig_capture 		= true
-  can_see_infrastructure_events = true
-  
+  name                                   = "sample-%s"
+  description                            = "%s"
+  scope_by                               = "host"
+  filter                                 = "container.image.repo = \"sysdig/agent\""
+  prometheus_remote_write_metrics_filter = "kube_cluster_name in (\"test-cluster\", \"test-k8s-data\") and kube_deployment_name  = \"coredns\" and my_metric starts with \"prefix\" and not my_metric contains \"prefix-test\""
+  can_use_sysdig_capture                 = true
+  can_see_infrastructure_events          = true
+
   entrypoint {
-	type = "Dashboards"
+    type = "Dashboards"
   }
 }`, name, name)
 }
 
 func monitorTeamWithPlatformMetricsIBM(name string) string {
 	return fmt.Sprintf(`
 resource "sysdig_monitor_team" "sample" {
-  name = "sample-%s"
+  name                        = "sample-%s"
   enable_ibm_platform_metrics = true
-  ibm_platform_metrics = "foo in (\"0\") and bar in (\"3\")"
+  ibm_platform_metrics        = "foo in (\"0\") and bar in (\"3\")"
+
+  entrypoint {
+    type = "Dashboards"
+  }
+}`, name)
+}
+
+func monitorTeamWithPlatformMetricsAndPrwMetricsIBM(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_monitor_team" "sample" {
+  name                                   = "sample-%s"
+  enable_ibm_platform_metrics            = true
+  prometheus_remote_write_metrics_filter = "kube_cluster_name in (\"test-cluster\", \"test-k8s-data\") and kube_deployment_name  = \"coredns\" and my_metric starts with \"prefix\" and not my_metric contains \"prefix-test\""
 
   entrypoint {
-	type = "Dashboards"
+    type = "Dashboards"
   }
 }`, name)
 }

sysdig/resource_sysdig_monitor_team_test.go

@@ -50,16 +50,18 @@ func TestAccMonitorTeam(t *testing.T) {
 func monitorTeamWithFullConfig(name string) string {
 	return fmt.Sprintf(`
 resource "sysdig_monitor_team" "sample" {
-  name                   		= "sample-%s"
-  description        			= "%s"
-  scope_by           			= "host"
-  filter             			= "container.image.repo = \"sysdig/agent\""
-  can_use_sysdig_capture 		= true
-  can_see_infrastructure_events = true
-  can_use_aws_data 				= true
-  
+  name                                   = "sample-%s"
+  description                            = "%s"
+  scope_by                               = "host"
+  filter                                 = "container.image.repo = \"sysdig/agent\""
+  prometheus_remote_write_metrics_filter = "kube_cluster_name in (\"test-cluster\", \"test-k8s-data\") and kube_deployment_name  = \"coredns\" and my_metric starts with \"prefix\" and not my_metric contains \"prefix-test\""
+  can_use_sysdig_capture                 = true
+  can_see_infrastructure_events          = true
+  can_use_aws_data                       = true
+  can_use_agent_cli                      = true
+
   entrypoint {
-	type = "Dashboards"
+    type = "Dashboards"
   }
 }`, name, name)
 }

sysdig/resource_sysdig_secure_team.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
 func resourceSysdigSecureTeam() *schema.Resource {
@@ -61,27 +62,40 @@ func resourceSysdigSecureTeam() *schema.Resource {
 				Optional: true,
 			},
 			"scope_by": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Default:  "container",
+				Type:         schema.TypeString,
+				Optional:     true,
+				Default:      "container",
+				ValidateFunc: validation.StringInSlice([]string{"host", "container"}, false),
 			},
 			"filter": {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
 			"enable_ibm_platform_metrics": {
-				Type:     schema.TypeBool,
-				Optional: true,
+				Type:       schema.TypeBool,
+				Optional:   true,
+				Deprecated: "This option should be not used anymore and will be removed in the future",
 			},
 			"ibm_platform_metrics": {
-				Type:     schema.TypeString,
-				Optional: true,
+				Type:       schema.TypeString,
+				Optional:   true,
+				Deprecated: "This option should be not used anymore and will be removed in the future",
 			},
 			"use_sysdig_capture": {
 				Type:     schema.TypeBool,
 				Optional: true,
 				Default:  true,
 			},
+			"can_use_agent_cli": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+			"can_use_rapid_response": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
 			"user_roles": {
 				Type:     schema.TypeSet,
 				Optional: true,
@@ -187,6 +201,8 @@ func resourceSysdigSecureTeamRead(ctx context.Context, d *schema.ResourceData, m
 	_ = d.Set("scope_by", t.Show)
 	_ = d.Set("filter", t.Filter)
 	_ = d.Set("use_sysdig_capture", t.CanUseSysdigCapture)
+	_ = d.Set("can_use_agent_cli", t.CanUseAgentCli)
+	_ = d.Set("can_use_rapid_response", t.CanUseRapidResponse)
 	_ = d.Set("default_team", t.DefaultTeam)
 	_ = d.Set("user_roles", userSecureRolesToSet(t.UserRoles))
 
@@ -200,7 +216,12 @@ func resourceSysdigSecureTeamRead(ctx context.Context, d *schema.ResourceData, m
 		return diag.FromErr(err)
 	}
 
-	resourceSysdigTeamReadIBM(d, &t)
+	var ibmPlatformMetrics *string
+	if t.NamespaceFilters != nil {
+		ibmPlatformMetrics = t.NamespaceFilters.IBMPlatformMetrics
+	}
+	_ = d.Set("enable_ibm_platform_metrics", t.CanUseBeaconMetrics)
+	_ = d.Set("ibm_platform_metrics", ibmPlatformMetrics)
 
 	return nil
 }
@@ -258,6 +279,8 @@ func resourceSysdigSecureTeamDelete(ctx context.Context, d *schema.ResourceData,
 
 func secureTeamFromResourceData(d *schema.ResourceData, clientType ClientType) v2.Team {
 	canUseSysdigCapture := d.Get("use_sysdig_capture").(bool)
+	canUseAgentCli := d.Get("can_use_agent_cli").(bool)
+	canUseRapidResponse := d.Get("can_use_rapid_response").(bool)
 	canUseAwsMetrics := new(bool)
 	allZones := d.Get(SchemaAllZones).(bool)
 	t := v2.Team{
@@ -268,6 +291,8 @@ func secureTeamFromResourceData(d *schema.ResourceData, clientType ClientType) v
 		Filter:              d.Get("filter").(string),
 		CanUseSysdigCapture: &canUseSysdigCapture,
 		CanUseAwsMetrics:    canUseAwsMetrics,
+		CanUseAgentCli:      &canUseAgentCli,
+		CanUseRapidResponse: &canUseRapidResponse,
 		DefaultTeam:         d.Get("default_team").(bool),
 		AllZones:            allZones,
 	}
@@ -288,7 +313,16 @@ func secureTeamFromResourceData(d *schema.ResourceData, clientType ClientType) v
 		t.ZoneIDs[i] = z.(int)
 	}
 
-	teamFromResourceDataIBM(d, &t)
+	canUseBeaconMetrics := d.Get("enable_ibm_platform_metrics").(bool)
+	t.CanUseBeaconMetrics = &canUseBeaconMetrics
+
+	if v, ok := d.GetOk("ibm_platform_metrics"); ok {
+		metrics := v.(string)
+		if t.NamespaceFilters == nil {
+			t.NamespaceFilters = &v2.NamespaceFilters{}
+		}
+		t.NamespaceFilters.IBMPlatformMetrics = &metrics
+	}
 
 	return t
 }

sysdig/resource_sysdig_secure_team_test.go

@@ -27,6 +27,9 @@ func TestAccSecureTeam(t *testing.T) {
 			{
 				Config: secureTeamWithName(randomText(10)),
 			},
+			{
+				Config: secureTeamWithAgentCliAndRapidResponse(randomText(10)),
+			},
 			{
 				Config: secureTeamMinimumConfiguration(randomText(10)),
 			},
@@ -74,19 +77,31 @@ resource "sysdig_secure_team" "sample" {
 `, name, name)
 }
 
+func secureTeamWithAgentCliAndRapidResponse(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_team" "sample" {
+  name                   = "sample-%s"
+  description            = "%s"
+  scope_by               = "container"
+  can_use_agent_cli      = false
+	can_use_rapid_response = true
+}
+`, name, name)
+}
+
 func secureTeamMinimumConfiguration(name string) string {
 	return fmt.Sprintf(`
 resource "sysdig_secure_team" "sample" {
-  name      = "sample-%s"
+  name = "sample-%s"
 }`, name)
 }
 
 func secureTeamWithPlatformMetricsIBM(name string) string {
 	return fmt.Sprintf(`
 resource "sysdig_secure_team" "sample" {
-  name = "sample-%s"
+  name                        = "sample-%s"
   enable_ibm_platform_metrics = true
-  ibm_platform_metrics = "foo in (\"0\") and bar in (\"3\")"
+  ibm_platform_metrics        = "foo in (\"0\") and bar in (\"3\")"
 }`, name)
 }
 

sysdig/resource_sysdig_team_common.go

@@ -28,9 +28,11 @@ data "sysdig_monitor_team" "example" {
 - `description` - The description of the monitor team.
 - `entrypoint` - The entrypoint configuration for the team.
 - `filter` - The filter applied to the team.
+- `prometheus_remote_write_metrics_filter` - The Prometheus remote write metrics filter for the team.
 - `scope_by` - The scope of the team.
 - `can_use_sysdig_capture` - Whether the team can use Sysdig capture.
 - `can_see_infrastructure_events` - Whether the team can see infrastructure events.
+- `can_use_agent_cli` - Whether the team can use the agent CLI.
 - `can_use_aws_data` - Whether the team can use AWS data.
 - `default_team` - Whether the team is the default team.
 - `user_roles` - The roles assigned to users in the team.

website/docs/d/monitor_team.md

@@ -29,10 +29,11 @@ data "sysdig_secure_team" "example" {
 - `filter` - The filter applied to the team.
 - `scope_by` - The scope of the team.
 - `use_sysdig_capture` - Whether the team can use Sysdig capture.
+- `can_use_agent_cli` - Whether the team can use the agent CLI.
+- `can_use_rapid_response` - Whether the team can use rapid response.
 - `default_team` - Whether the team is the default team.
 - `user_roles` - The roles assigned to users in the team.
 - `zone_ids` - The IDs of the zones associated with the team.
 - `all_zones` - Whether the team has access to all zones.
 - `version` - The version of the secure team.
 - `theme` - The theme of the secure team.
-

website/docs/d/secure_team.md

@@ -19,9 +19,10 @@ resource "sysdig_monitor_team" "devops" {
   name = "Monitoring DevOps team"
 
   entrypoint {
-	type = "Explore"
+    type = "DashboardTemplates"
+    selection = "view.net.http"
   }
-  
+
   user_roles {
     email = data.sysdig_current_user.me.email
     role = "ROLE_TEAM_MANAGER"
@@ -36,8 +37,11 @@ resource "sysdig_monitor_team" "devops" {
     email = "john.smith@example.com"
     role = data.sysdig_custom_role.custom_role.id
   }
+
+  filter = "kubernetes.namespace.name in (\"kube-system\") and kubernetes.deployment.name in (\"coredns\")"
+  prometheus_remote_write_metrics_filter = "kube_cluster_name in (\"test-cluster\", \"test-k8s-data\") and kube_deployment_name  = \"coredns\" and my_metric starts with \"prefix\" and not my_metric contains \"prefix-test\""
 }
- 
+
 data "sysdig_current_user" "me" {
 }
 
@@ -50,24 +54,28 @@ data "sysdig_custom_role" "custom_role" {
 
 * `name` - (Required) The name of the Monitor Team. It must be unique and must not exist in Secure.
 
-* `entrypoint` - (Required) Main entry point for the current team in the product. 
+* `entrypoint` - (Required) Main entry point for the current team in the product.
                  See the Entrypoint argument reference section for more information.
 
 * `description` - (Optional) A description of the team.
 
-* `theme` - (Optional) Colour of the team. Default: "#73A1F7".
+* `theme` - (Optional) Colour of the team. Default: `#05C391`.
+
+* `scope_by` - (Optional) Scope for the team, either `container` or `host`. Default: `host`. If set to `host`, team members can see all host-level and container-level information. If set to `container`, team members can see only Container-level information.
+
+* `filter` - (Optional) Use this option to select which Agent Metrics data users of this team can view. Not setting it will allow users to see all Agent Metrics data.
+
+* `prometheus_remote_write_metrics_filter` - (Optional) Use this option to select which Prometheus Remote Write data users of this team can view. Not setting it will allow users to see all Prometheus Remote Write data.
+
+* `can_use_sysdig_capture` - (Optional) Defines if the team is able to create Sysdig Capture files.  Default: `true`.
+
+* `can_see_infrastructure_events` - (Optional) Enable this option to allow this team to view all Infrastructure and Custom Events from every user and agent. Otherwise, this team will only see infrastructure events sent specifically to this team. Default: `false`.
 
-* `scope_by` - (Optional) Scope for the team. Default: "container".
+* `can_use_aws_data` - (Optional) Enable this option to give this team access to AWS metrics and tags. All AWS data is made available, regardless of the team’s Scope. Default: `false`.
 
-* `filter` - (Optional) If the team can only see some resources, 
-             write down a filter of such resources.
-             
-* `use_sysdig_capture` - (Optional) Defines if the team is able to create Sysdig Capture files. 
-                         Default: true.
-                         
-* `can_see_infrastructure_events` - (Optional) TODO. Default: false.
+* `can_use_agent_cli` - (Optional) Enable this option to give this team access to Using the Agent Console. Default: `true`.
 
-* `can_use_aws_data` - (Optional) TODO. Default: false.
+* `default_team` - (Optional) Defines if the team is the default one. Warning: only one can be the default, if you define multiple default teams, Terraform will be updating the API in every execution, even if the state hasn't changed.
 
 * `user_roles` - (Optional) Multiple user roles can be specified.
                  Administrators of the account will be automatically added
@@ -77,31 +85,32 @@ data "sysdig_custom_role" "custom_role" {
 ### Entrypoint Argument Reference
 
 * `type` - (Required) Main entrypoint for the team.
-                      Valid options are: Explore, Dashboards, Events, Alerts, Settings.
+                      Valid options are: `Explore`, `Dashboards`, `Events`, `Alerts`, `Settings`, `DashboardTemplates`, `Advisor`.
 
 * `selection` - (Optional) Sets up the defined Dashboard name as entrypoint.
-                Warning: This field must only be added if the `type` is "Dashboards".
+                Warning: This field must only be added if the `type` is `Dashboards`, and the value is the numeric id of the selected dashboard, or `DashboardTemplates`, and the value is the id (dotted name) of the selected dashboard template.
 
 ### User Role Argument Reference
 
 * `email` - (Required) The email of the user in the group.
 
 * `role` - (Optional) The role for the user in this group.
-           Valid roles are: ROLE_TEAM_STANDARD, ROLE_TEAM_EDIT, ROLE_TEAM_READ, ROLE_TEAM_MANAGER or CustomRole ID.<br/>
-           Default: ROLE_TEAM_STANDARD.<br/>
+           Valid roles are: `ROLE_TEAM_STANDARD`, `ROLE_TEAM_EDIT`, `ROLE_TEAM_READ`, `ROLE_TEAM_MANAGER` or CustomRole ID.<br/>
+           Default: `ROLE_TEAM_STANDARD`.<br/>
            Note: CustomRole ID can be referenced from `sysdig_custom_role` resource or `sysdig_custom_role` data source
 
 ## Attributes Reference
 
 In addition to all arguments above, the following attributes are exported:
 
-* `default_team` - (Optional) Mark team as default team. Users with no designated team will be added to this team by default.
+* `id` - ID of the created team.
+* `version` - Current version of the resource.
 
 ### IBM Cloud Monitoring arguments
 
-* `enable_ibm_platform_metrics` - (Optional) Enable platform metrics on IBM Cloud Monitoring.
+* `enable_ibm_platform_metrics` - (Optional) Enable Platform Metrics on IBM Cloud Monitoring.
 
-* `ibm_platform_metrics` - (Optional) Define platform metrics on IBM Cloud Monitoring.
+* `ibm_platform_metrics` - (Optional) Use this option to select which Platform Metrics data users of this team can view. Not setting it will allow users to see all Platform Metrics data.
 
 ## Import
 

website/docs/r/monitor_team.md

@@ -17,7 +17,7 @@ Creates a Sysdig Secure Team.
 ```terraform
 resource "sysdig_secure_team" "devops" {
   name = "DevOps team"
-  
+
   user_roles {
     email = data.sysdig_current_user.me.email
     role = "ROLE_TEAM_MANAGER"
@@ -33,7 +33,7 @@ resource "sysdig_secure_team" "devops" {
     role = data.sysdig_custom_role.custom_role.id
   }
 }
- 
+
 data "sysdig_current_user" "me" {
 }
 
@@ -48,19 +48,20 @@ data "sysdig_custom_role" "custom_role" {
 
 * `description` - (Optional) A description of the team.
 
-* `theme` - (Optional) Colour of the team. Default: "#73A1F7".
+* `theme` - (Optional) Colour of the team. Default: `#73A1F7`.
 
-* `scope_by` - (Optional) Scope for the team. Default: "container".
+* `scope_by` - (Optional) Scope for the team, either `container` or `host`. Default: `container`. If set to `host`, team members can see all host-level and container-level information. If set to `container`, team members can see only Container-level information.
 
-* `filter` - (Optional) If the team can only see some resources, 
+* `filter` - (Optional) If the team can only see some resources,
              write down a filter of such resources.
-             
-* `use_sysdig_capture` - (Optional) Defines if the team is able to create Sysdig Capture files. 
-                         Default: true.
-                         
-* `default_team` - (Optional) Defines if the team is the default one. Warning: only one can be the default,
-                   if you define multiple default teams, Terraform will be updating the API in every execution,
-                   even if the state hasn't changed.
+
+* `use_sysdig_capture` - (Optional) Defines if the team is able to create Sysdig Capture files. Default: `true`.
+
+* `can_use_agent_cli` - (Optional) Enable this option to give this team access to Using the Agent Console. Default: `true`.
+
+* `can_use_rapid_response` - (Optional) Enable this option to give this Secure team access to Rapid Response. Default: `false`.
+
+* `default_team` - (Optional) Defines if the team is the default one. Warning: only one can be the default, if you define multiple default teams, Terraform will be updating the API in every execution, even if the state hasn't changed.
 
 * `user_roles` - (Optional) Multiple user roles can be specified.
                  Administrators of the account will be automatically added
@@ -70,25 +71,22 @@ data "sysdig_custom_role" "custom_role" {
 * `zone_ids` - (Optional) List of zone IDs attached to the team. If `all_zones` is specified this argument needs to be omitted.
 
 * `all_zones` - (Optional) Attach all zones to the team. If this argument is enabled then `zone_ids` needs to be omitted.
-                         
+
 ### User Role Argument Reference
 
 * `email` - (Required) The email of the user in the group.
 
 * `role` - (Optional) The role for the user in this group.
-           Valid roles are: ROLE_TEAM_STANDARD, ROLE_TEAM_EDIT, ROLE_TEAM_READ, ROLE_TEAM_MANAGER or CustomRole ID.<br/>
-           Default: ROLE_TEAM_STANDARD.<br/>
+           Valid roles are: `ROLE_TEAM_STANDARD`, `ROLE_TEAM_EDIT`, `ROLE_TEAM_READ`, `ROLE_TEAM_MANAGER` or CustomRole ID.<br/>
+           Default: `ROLE_TEAM_STANDARD`.<br/>
            Note: CustomRole ID can be referenced from `sysdig_custom_role` resource or `sysdig_custom_role` data source
 
 ## Attributes Reference
 
-No additional attributes are exported.
-
-### IBM Workload protection arguments
-
-* `enable_ibm_platform_metrics` - (Optional) Enable platform metrics on IBM Cloud Monitoring.
+In addition to all arguments above, the following attributes are exported:
 
-* `ibm_platform_metrics` - (Optional) Define platform metrics on IBM Cloud Monitoring.
+* `id` - ID of the created team.
+* `version` - Current version of the resource.
 
 ## Import