diff --git a/sysdig/data_source_sysdig_secure_posture_zone.go b/sysdig/data_source_sysdig_secure_posture_zone.go new file mode 100644 index 00000000..a44cc78b --- /dev/null +++ b/sysdig/data_source_sysdig_secure_posture_zone.go @@ -0,0 +1,135 @@ +package sysdig + +import ( + "context" + "strconv" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceSysdigSecurePostureZone() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceSysdigSecurePostureZoneRead, + + Schema: map[string]*schema.Schema{ + "id": { + Type: schema.TypeString, + Required: true, + }, + "name": { + Type: schema.TypeString, + Computed: true, + }, + "description": { + Type: schema.TypeString, + Computed: true, + }, + "policy_ids": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeInt, + }, + }, + "author": { + Type: schema.TypeString, + Computed: true, + }, + "last_modified_by": { + Type: schema.TypeString, + Computed: true, + }, + "last_updated": { + Type: schema.TypeString, + Computed: true, + }, + "scopes": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "target_type": { + Type: schema.TypeString, + Computed: true, + }, + "rules": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + }, + } +} + +func dataSourceSysdigSecurePostureZoneRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client, err := getPostureZoneClient(meta.(SysdigClients)) + if err != nil { + return diag.FromErr(err) + } + + id, err := strconv.Atoi(d.Get("id").(string)) + if err != nil { + return diag.FromErr(err) + } + + postureZone, err := client.GetPostureZone(ctx, id) + if err != nil { + return diag.FromErr(err) + } + + d.SetId(postureZone.ID) + err = d.Set("name", postureZone.Name) + if err != nil { + return diag.FromErr(err) + } + + err = d.Set("description", postureZone.Description) + if err != nil { + return diag.FromErr(err) + } + + err = d.Set("author", postureZone.Author) + if err != nil { + return diag.FromErr(err) + } + + err = d.Set("last_modified_by", postureZone.LastModifiedBy) + if err != nil { + return diag.FromErr(err) + } + + err = d.Set("last_updated", postureZone.LastUpdated) + if err != nil { + return diag.FromErr(err) + } + + pIDs := make([]int, len(postureZone.Policies)) + for i, p := range postureZone.Policies { + id, err := strconv.Atoi(p.ID) + if err != nil { + return diag.FromErr(err) + } + pIDs[i] = id + } + err = d.Set("policy_ids", pIDs) + if err != nil { + return diag.FromErr(err) + } + + scopes := make([]map[string]interface{}, len(postureZone.Scopes)) + for i, s := range postureZone.Scopes { + scopes[i] = map[string]interface{}{ + "target_type": s.TargetType, + "rules": s.Rules, + } + } + err = d.Set("scopes", scopes) + if err != nil { + return diag.FromErr(err) + } + + return nil +} diff --git a/sysdig/data_source_sysdig_secure_posture_zone_test.go b/sysdig/data_source_sysdig_secure_posture_zone_test.go new file mode 100644 index 00000000..3ac24ce2 --- /dev/null +++ b/sysdig/data_source_sysdig_secure_posture_zone_test.go @@ -0,0 +1,77 @@ +//go:build tf_acc_sysdig_secure || tf_acc_ibm_secure || tf_acc_onprem_secure + +package sysdig_test + +import ( + "fmt" + "github.com/draios/terraform-provider-sysdig/sysdig" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +func TestAccDataSourceSysdigSecurePostureZones(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: preCheckAnyEnv(t, SysdigSecureApiTokenEnv, SysdigIBMSecureAPIKeyEnv), + ProviderFactories: map[string]func() (*schema.Provider, error){ + "sysdig": func() (*schema.Provider, error) { + return sysdig.Provider(), nil + }, + }, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSysdigSecurePostureZonesWithMultipleResourcesConfig(), + Check: resource.ComposeTestCheckFunc( + testAccCheckDataSourceSysdigSecurePostureZonesExists("data.sysdig_secure_posture_zone.test_posture_zone"), + resource.TestCheckResourceAttr("data.sysdig_secure_posture_zone.test_posture_zone", "name", "test-zone-1"), + resource.TestCheckResourceAttr("data.sysdig_secure_posture_zone.test_posture_zone", "description", "Test description 1"), + resource.TestCheckTypeSetElemNestedAttrs( + "data.sysdig_secure_posture_zone.test_posture_zone", + "scopes.*", + map[string]string{ + "target_type": "aws", + "rules": "organization in (\"o1\", \"o2\") and account in (\"a1\", \"a2\")", + }, + ), + ), + }, + }, + }) +} + +func testAccDataSourceSysdigSecurePostureZonesWithMultipleResourcesConfig() string { + return ` + resource "sysdig_secure_posture_zone" "test_posture_zone" { + name = "test-zone-1" + description = "Test description 1" + + scopes { + scope { + target_type = "aws" + rules = "organization in (\"o1\", \"o2\") and account in (\"a1\", \"a2\")" + } + } + } + + data "sysdig_secure_posture_zone" "test_posture_zone" { + id = sysdig_secure_posture_zone.test_posture_zone.id + } + ` +} + +func testAccCheckDataSourceSysdigSecurePostureZonesExists(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("not found: %s", resourceName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("no ID is set") + } + + return nil + } +} diff --git a/sysdig/provider.go b/sysdig/provider.go index 40394b87..527bae92 100644 --- a/sysdig/provider.go +++ b/sysdig/provider.go @@ -240,6 +240,7 @@ func (p *SysdigProvider) Provider() *schema.Provider { "sysdig_secure_zone": dataSourceSysdigSecureZone(), "sysdig_secure_team": dataSourceSysdigSecureTeam(), "sysdig_secure_teams": dataSourceSysdigSecureTeams(), + "sysdig_secure_posture_zone": dataSourceSysdigSecurePostureZone(), "sysdig_current_user": dataSourceSysdigCurrentUser(), "sysdig_user": dataSourceSysdigUser(), diff --git a/website/docs/d/secure_posture_zone.md b/website/docs/d/secure_posture_zone.md new file mode 100644 index 00000000..8068419b --- /dev/null +++ b/website/docs/d/secure_posture_zone.md @@ -0,0 +1,39 @@ +--- +subcategory: "Sysdig Secure" +layout: "sysdig" +page_title: "Sysdig: sysdig_secure_posture_zone" +description: |- + Retrieves Posture Zone by ID. +--- + +# sysdig_secure_posture_zone Data Source + +The `sysdig_secure_posture_zone` data source allows you to retrieve information about a specific secure posture zone by its ID. + +## Example Usage + +```terraform +data "sysdig_secure_posture_zone" "example" { + id = "454678" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `id` (Required) - The ID of the secure posture zone to retrieve. + +## Attribute Reference + +The following attributes are exported: + +- `name` - The name of the secure posture zone. +- `description` - The description of the secure posture zone. +- `policy_ids` - A list of policy IDs associated with the secure posture zone. +- `author` - The author of the secure posture zone. +- `last_modified_by` - The user who last modified the secure posture zone. +- `last_updated` - The timestamp of the last update to the secure posture zone. +- `scopes` - A list of scopes associated with the secure posture zone. Each scope contains: + - `target_type` - The target type of the scope. + - `rules` - The rules associated with the scope.