feat(onboarding): data source tenant external id

* adds external id as data source for use by sysdig tenants

Author: cgeers

sysdig/data_source_sysdig_secure_tenant_external_id.go

@@ -0,0 +1,49 @@
+package sysdig
+
+import (
+	"context"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceSysdigSecureTenantExternalID() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigSecureTenantExternalIDRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"external_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+// Retrieves the information of a resource form the file and loads it in Terraform
+func dataSourceSysdigSecureTenantExternalIDRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, err := getSecureCloudAccountClient(meta.(SysdigClients))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	externalId, err := client.GetTenantExternalIDSecure(ctx)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(externalId)
+	err = d.Set("external_id", externalId)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	return nil
+}

sysdig/data_source_sysdig_secure_tenant_external_id_test.go

@@ -0,0 +1,33 @@
+//go:build tf_acc_sysdig_secure
+
+package sysdig_test
+
+import (
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+)
+
+func TestAccTenantExternalIDDataSource(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: `data "sysdig_secure_tenant_external_id" "external_id" {}`,
+			},
+		},
+	})
+}

sysdig/internal/client/v2/cloud_account.go

@@ -11,7 +11,8 @@ const (
 	cloudAccountsWithExternalIDPath = "%s/api/cloud/v2/accounts?includeExternalID=true&upsert=true"
 	cloudAccountPath                = "%s/api/cloud/v2/accounts/%s"
 	cloudAccountWithExternalIDPath  = "%s/api/cloud/v2/accounts/%s?includeExternalID=true"
-	trustedCloudIdentityPath        = "%s/api/cloud/v2/%s/trustedIdentity"
+	onboardingTrustedIdentityPath   = "%s/api/secure/onboarding/v2/trustedIdentity?provider=%s"
+	onboardingTenantExternaIDPath   = "%s/api/secure/onboarding/v2/externalID"
 	providersPath                   = "%v/api/v2/providers"
 )
 
@@ -22,6 +23,7 @@ type CloudAccountSecureInterface interface {
 	DeleteCloudAccountSecure(ctx context.Context, accountID string) error
 	UpdateCloudAccountSecure(ctx context.Context, accountID string, cloudAccount *CloudAccountSecure) (*CloudAccountSecure, error)
 	GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error)
+	GetTenantExternalIDSecure(ctx context.Context) (string, error)
 }
 
 type CloudAccountMonitorInterface interface {
@@ -100,7 +102,21 @@ func (client *Client) UpdateCloudAccountSecure(ctx context.Context, accountID st
 }
 
 func (client *Client) GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) {
-	response, err := client.requester.Request(ctx, http.MethodGet, client.trustedCloudIdentityURL(provider), nil)
+	response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTrustedIdentityPath, client.config.url, provider), nil)
+	if err != nil {
+		return "", err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return "", client.ErrorFromResponse(response)
+	}
+
+	return Unmarshal[string](response.Body)
+}
+
+func (client *Client) GetTenantExternalIDSecure(ctx context.Context) (string, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTenantExternaIDPath, client.config.url), nil)
 	if err != nil {
 		return "", err
 	}
@@ -127,10 +143,6 @@ func (client *Client) cloudAccountURL(accountID string, includeExternalID bool)
 	return fmt.Sprintf(cloudAccountPath, client.config.url, accountID)
 }
 
-func (client *Client) trustedCloudIdentityURL(provider string) string {
-	return fmt.Sprintf(trustedCloudIdentityPath, client.config.url, provider)
-}
-
 func (client *Client) CreateCloudAccountMonitor(ctx context.Context, provider *CloudAccountMonitor) (*CloudAccountMonitor, error) {
 	payload, err := Marshal(provider)
 	if err != nil {

sysdig/provider.go

@@ -195,6 +195,7 @@ func (p *SysdigProvider) Provider() *schema.Provider {
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_trusted_cloud_identity":                        dataSourceSysdigSecureTrustedCloudIdentity(),
+			"sysdig_secure_tenant_external_id":                            dataSourceSysdigSecureTenantExternalID(),
 			"sysdig_secure_notification_channel":                          dataSourceSysdigSecureNotificationChannel(),
 			"sysdig_secure_notification_channel_pagerduty":                dataSourceSysdigSecureNotificationChannelPagerduty(),
 			"sysdig_secure_notification_channel_email":                    dataSourceSysdigSecureNotificationChannelEmail(),