Merge branch 'feature/462' of https://github.com/sysdiglabs/terraform-provider-sysdig into feature/462

Author: IgorEulalio

sysdig/data_source_sysdig_fargate_ECS_test.go

@@ -49,6 +49,7 @@ func getKiltRecipe(t *testing.T) string {
 		CollectorHost:    "collector_host",
 		CollectorPort:    "collector_port",
 		SysdigLogging:    "sysdig_logging",
+		Priority:         "priority",
 	}
 
 	jsonRecipeConfig, err := json.Marshal(&recipeConfig)
@@ -121,6 +122,12 @@ func TestNewPatchOptions(t *testing.T) {
 						},
 					},
 				},
+				"priority": {
+					Type:        schema.TypeString,
+					Description: "The priority of the agent. Can be 'security' or 'availability'",
+					Default:     "availability",
+					Optional:    true,
+				},
 			},
 		}
 	}
@@ -164,13 +171,24 @@ func TestNewPatchOptions(t *testing.T) {
 			"stream_prefix": "fried",
 			"region":        "chicken",
 		},
-		Essential: true,
+		Essential: false,
 	}
 	actualPatchOptions := newPatchOptions(data)
 
 	if !reflect.DeepEqual(expectedPatchOptions, actualPatchOptions) {
 		t.Errorf("patcConfigurations are not equal. Expected: %v, Actual: %v", expectedPatchOptions, actualPatchOptions)
 	}
+
+	err = data.Set("priority", "security")
+	if err != nil {
+		assert.FailNow(t, fmt.Sprintf("Could not set priority, got error: %v", err))
+	}
+	expectedPatchOptions.Essential = true
+	actualPatchOptions = newPatchOptions(data)
+
+	if !reflect.DeepEqual(expectedPatchOptions, actualPatchOptions) {
+		t.Errorf("patcConfigurations are not equal. Expected: %v, Actual: %v", expectedPatchOptions, actualPatchOptions)
+	}
 }
 
 func getSidecarConfig() string {

sysdig/data_source_sysdig_fargate_workload_agent.go

@@ -27,6 +27,7 @@ const agentinoKiltDefinition = `build {
         "SYSDIG_ACCESS_KEY": ${config.sysdig_access_key}
         "SYSDIG_LOGGING": ${config.sysdig_logging}
         "SYSDIG_SIDECAR": ${config.sidecar}
+        "SYSDIG_PRIORITY": ${config.priority}
     }
     capabilities: ["SYS_PTRACE"]
     mount: [
@@ -129,14 +130,19 @@ func dataSourceSysdigFargateWorkloadAgent() *schema.Resource {
 			"sidecar": {
 				Type:        schema.TypeString,
 				Description: "Sidecar mode: auto/force/(empty string)",
-				Default:     "", // we will want to change this to "auto" eventually
+				Default:     "auto",
+				Optional:    true,
+			},
+			"priority": {
+				Type:        schema.TypeString,
+				Description: "The priority of the agent. Can be 'security' or 'availability'",
+				Default:     "availability",
 				Optional:    true,
 			},
-
 			"instrumentation_essential": {
 				Type:        schema.TypeBool,
 				Description: "Should the instrumentation container be marked as essential",
-				Default:     true,
+				Default:     false,
 				Optional:    true,
 			},
 			"instrumentation_cpu": {
@@ -362,6 +368,7 @@ type KiltRecipeConfig struct {
 	CollectorPort    string `json:"collector_port"`
 	SysdigLogging    string `json:"sysdig_logging"`
 	Sidecar          string `json:"sidecar"`
+	Priority         string `json:"priority"`
 }
 
 type patchOptions struct {
@@ -404,7 +411,8 @@ func newPatchOptions(d *schema.ResourceData) *patchOptions {
 	if essential := d.Get("instrumentation_essential"); essential != nil {
 		opts.Essential = essential.(bool)
 	} else {
-		opts.Essential = true
+		priority := d.Get("priority").(string)
+		opts.Essential = priority == "security"
 	}
 
 	if cpuShares := d.Get("instrumentation_cpu"); cpuShares != nil {
@@ -429,6 +437,11 @@ func newPatchOptions(d *schema.ResourceData) *patchOptions {
 }
 
 func dataSourceSysdigFargateWorkloadAgentRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	priority := d.Get("priority").(string)
+	if priority != "security" && priority != "availability" {
+		return diag.Errorf("Invalid priority: %s. must be either \"security\" or \"availability\"", priority)
+	}
+
 	recipeConfig := KiltRecipeConfig{
 		SysdigAccessKey:  d.Get("sysdig_access_key").(string),
 		AgentImage:       d.Get("workload_agent_image").(string),
@@ -438,6 +451,7 @@ func dataSourceSysdigFargateWorkloadAgentRead(ctx context.Context, d *schema.Res
 		CollectorPort:    d.Get("collector_port").(string),
 		SysdigLogging:    d.Get("sysdig_logging").(string),
 		Sidecar:          d.Get("sidecar").(string),
+		Priority:         priority,
 	}
 
 	jsonConf, err := json.Marshal(&recipeConfig)

sysdig/data_source_sysdig_secure_aws_ml_policy_test.go

@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_policies || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure || tf_acc_policies_aws || tf_acc_onprem_secure
 
 package sysdig_test
 

sysdig/data_source_sysdig_secure_drift_policy_test.go

@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_policies || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure || tf_acc_policies_aws || tf_acc_onprem_secure
 
 package sysdig_test
 

sysdig/data_source_sysdig_secure_malware_policy_test.go

@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_policies || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure || tf_acc_policies_aws || tf_acc_onprem_secure
 
 package sysdig_test
 

sysdig/data_source_sysdig_secure_ml_policy_test.go

@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_policies || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure || tf_acc_policies_aws || tf_acc_onprem_secure
 
 package sysdig_test
 

sysdig/resource_sysdig_secure_aws_ml_policy_test.go

@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_policies || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure || tf_acc_policies_aws || tf_acc_onprem_secure
 
 package sysdig_test
 

sysdig/resource_sysdig_secure_cloud_auth_account.go

@@ -87,30 +87,37 @@ func resourceSysdigSecureCloudauthAccount() *schema.Resource {
 			SchemaCloudConnectorMetadata: {
 				Type:     schema.TypeString,
 				Optional: true,
+				Default:  "",
 			},
 			SchemaTrustedRoleMetadata: {
 				Type:     schema.TypeString,
 				Optional: true,
+				Default:  "",
 			},
 			SchemaEventBridgeMetadata: {
 				Type:     schema.TypeString,
 				Optional: true,
+				Default:  "",
 			},
 			SchemaServicePrincipalMetadata: {
 				Type:     schema.TypeString,
 				Optional: true,
+				Default:  "",
 			},
 			SchemaWebhookDatasourceMetadata: {
 				Type:     schema.TypeString,
 				Optional: true,
+				Default:  "",
 			},
 			SchemaCryptoKeyMetadata: {
 				Type:     schema.TypeString,
 				Optional: true,
+				Default:  "",
 			},
 			SchemaCloudLogsMetadata: {
 				Type:     schema.TypeString,
 				Optional: true,
+				Default:  "",
 			},
 		},
 	}
@@ -387,25 +394,26 @@ func constructAccountComponents(data *schema.ResourceData) []*cloudauth.AccountC
 					if data.Get(SchemaCloudProviderType).(string) == cloudauth.Provider_PROVIDER_GCP.String() {
 						spGcp := &internalServicePrincipalMetadata{}
 						err = json.Unmarshal([]byte(value.(string)), spGcp)
+						// special handling if GCP service principal key is present, decode and unmarshal it before populating all the metadata
+						var spGcpKey *cloudauth.ServicePrincipalMetadata_GCP_Key
 						if len(spGcp.Gcp.Key) > 0 {
 							var spGcpKeyBytes []byte
 							spGcpKeyBytes, err = base64.StdEncoding.DecodeString(spGcp.Gcp.Key)
 							if err != nil {
 								diag.FromErr(err)
 							}
-							spGcpKey := &cloudauth.ServicePrincipalMetadata_GCP_Key{}
-							err = json.Unmarshal(spGcpKeyBytes, spGcpKey)
-							component.Metadata = &cloudauth.AccountComponent_ServicePrincipalMetadata{
-								ServicePrincipalMetadata: &cloudauth.ServicePrincipalMetadata{
-									Provider: &cloudauth.ServicePrincipalMetadata_Gcp{
-										Gcp: &cloudauth.ServicePrincipalMetadata_GCP{
-											Key:                        spGcpKey,
-											WorkloadIdentityFederation: spGcp.Gcp.WorkloadIdentityFederation,
-											Email:                      spGcp.Gcp.Email,
-										},
+							err = json.Unmarshal(spGcpKeyBytes, &spGcpKey)
+						}
+						component.Metadata = &cloudauth.AccountComponent_ServicePrincipalMetadata{
+							ServicePrincipalMetadata: &cloudauth.ServicePrincipalMetadata{
+								Provider: &cloudauth.ServicePrincipalMetadata_Gcp{
+									Gcp: &cloudauth.ServicePrincipalMetadata_GCP{
+										Key:                        spGcpKey,
+										WorkloadIdentityFederation: spGcp.Gcp.WorkloadIdentityFederation,
+										Email:                      spGcp.Gcp.Email,
 									},
 								},
-							}
+							},
 						}
 					}
 				case SchemaWebhookDatasourceMetadata: