From 4311ce7e5ae6e5fc8393d3f8dfa017b33d9ffea3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Antonio=20Calvo?= <jose.calvo@sysdig.com>
Date: Wed, 8 May 2024 20:46:42 +0200
Subject: [PATCH 1/2] fix(tests): Skip onprem unsupported policy types

* Do not run cloud policy types tests with `tf_acc_onprem_secure` tag

* Change rules order to fix `TestAccCustomPolicy`:

```
resource_sysdig_secure_custom_policy_test.go:19: Step 2/12 error running import: ImportStateVerify attributes not equivalent. Difference is shown below. The - symbol indicates attributes missing after import.

          map[string]string{
        -	"rules.0.name": "Write below etc",
        +	"rules.0.name": "TERRAFORM TEST 6yf1pzvnbf - Terminal Shell",
        -	"rules.1.name": "TERRAFORM TEST 6yf1pzvnbf - Terminal Shell",
        +	"rules.1.name": "Write below etc",
          }
```
---
 ...source_sysdig_secure_aws_ml_policy_test.go |  2 +-
 ...sdig_secure_trusted_cloud_identity_test.go |  2 +-
 ...source_sysdig_secure_aws_ml_policy_test.go |  2 +-
 ...source_sysdig_secure_custom_policy_test.go | 87 ++++++++++---------
 sysdig/resource_sysdig_secure_policy_test.go  | 82 +++++++++--------
 5 files changed, 87 insertions(+), 88 deletions(-)

diff --git a/sysdig/data_source_sysdig_secure_aws_ml_policy_test.go b/sysdig/data_source_sysdig_secure_aws_ml_policy_test.go
index 393cb26b..39b44f20 100644
--- a/sysdig/data_source_sysdig_secure_aws_ml_policy_test.go
+++ b/sysdig/data_source_sysdig_secure_aws_ml_policy_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_policies_aws || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure || tf_acc_policies_aws
 
 package sysdig_test
 
diff --git a/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go b/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go
index 5985fd01..9a778618 100644
--- a/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go
+++ b/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure
 
 package sysdig_test
 
diff --git a/sysdig/resource_sysdig_secure_aws_ml_policy_test.go b/sysdig/resource_sysdig_secure_aws_ml_policy_test.go
index 801adf27..017cc695 100644
--- a/sysdig/resource_sysdig_secure_aws_ml_policy_test.go
+++ b/sysdig/resource_sysdig_secure_aws_ml_policy_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_policies_aws || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure || tf_acc_policies_aws
 
 package sysdig_test
 
diff --git a/sysdig/resource_sysdig_secure_custom_policy_test.go b/sysdig/resource_sysdig_secure_custom_policy_test.go
index 37e70020..e0de53be 100644
--- a/sysdig/resource_sysdig_secure_custom_policy_test.go
+++ b/sysdig/resource_sysdig_secure_custom_policy_test.go
@@ -10,12 +10,54 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
+	"github.com/draios/terraform-provider-sysdig/buildinfo"
 	"github.com/draios/terraform-provider-sysdig/sysdig"
 )
 
 func TestAccCustomPolicy(t *testing.T) {
 	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
 	policy1 := rText()
+
+	steps := []resource.TestStep{
+		{
+			Config: customPolicyWithName(policy1),
+		},
+		{
+			ResourceName:      "sysdig_secure_custom_policy.sample",
+			ImportState:       true,
+			ImportStateVerify: true,
+		},
+		{
+			Config: customPolicyWithRulesOrderChange(policy1),
+		},
+		{
+			Config: customPolicyWithoutActions(rText()),
+		},
+		{
+			Config: customPolicyWithoutNotificationChannels(rText()),
+		},
+		{
+			Config: customPolicyWithMinimumConfiguration(rText()),
+		},
+		{
+			Config: customPoliciesWithDifferentSeverities(rText()),
+		},
+		{
+			Config: customPoliciesWithKillAction(rText()),
+		},
+		{
+			Config: customPoliciesWithDisabledRules(rText()),
+		},
+	}
+
+	if !buildinfo.OnpremSecure {
+		steps = append(steps,
+			resource.TestStep{Config: customPoliciesForAWSCloudtrail(rText())},
+			resource.TestStep{Config: customPoliciesForGCPAuditLog(rText())},
+			resource.TestStep{Config: customPoliciesForAzurePlatformlogs(rText())},
+		)
+	}
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck: preCheckAnyEnv(t, SysdigSecureApiTokenEnv),
 		ProviderFactories: map[string]func() (*schema.Provider, error){
@@ -23,46 +65,7 @@ func TestAccCustomPolicy(t *testing.T) {
 				return sysdig.Provider(), nil
 			},
 		},
-		Steps: []resource.TestStep{
-			{
-				Config: customPolicyWithName(policy1),
-			},
-			{
-				ResourceName:      "sysdig_secure_custom_policy.sample",
-				ImportState:       true,
-				ImportStateVerify: true,
-			},
-			{
-				Config: customPolicyWithRulesOrderChange(policy1),
-			},
-			{
-				Config: customPolicyWithoutActions(rText()),
-			},
-			{
-				Config: customPolicyWithoutNotificationChannels(rText()),
-			},
-			{
-				Config: customPolicyWithMinimumConfiguration(rText()),
-			},
-			{
-				Config: customPoliciesWithDifferentSeverities(rText()),
-			},
-			{
-				Config: customPoliciesWithKillAction(rText()),
-			},
-			{
-				Config: customPoliciesForAWSCloudtrail(rText()),
-			},
-			{
-				Config: customPoliciesForGCPAuditLog(rText()),
-			},
-			{
-				Config: customPoliciesForAzurePlatformlogs(rText()),
-			},
-			{
-				Config: customPoliciesWithDisabledRules(rText()),
-			},
-		},
+		Steps: steps,
 	})
 }
 
@@ -79,11 +82,11 @@ resource "sysdig_secure_custom_policy" "sample" {
   runbook = "https://sysdig.com"
 
   rules {
-    name = "Write below etc"
+    name = sysdig_secure_rule_falco.terminal_shell.name
     enabled = true
   }
   rules {
-    name = sysdig_secure_rule_falco.terminal_shell.name
+    name = "Write below etc"
     enabled = true
   }
 
diff --git a/sysdig/resource_sysdig_secure_policy_test.go b/sysdig/resource_sysdig_secure_policy_test.go
index bb757e26..2f7418c2 100644
--- a/sysdig/resource_sysdig_secure_policy_test.go
+++ b/sysdig/resource_sysdig_secure_policy_test.go
@@ -10,12 +10,50 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
+	"github.com/draios/terraform-provider-sysdig/buildinfo"
 	"github.com/draios/terraform-provider-sysdig/sysdig"
 )
 
 func TestAccPolicy(t *testing.T) {
 	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
 
+	steps := []resource.TestStep{
+		{
+			Config: policyWithName(rText()),
+		},
+		{
+			ResourceName:      "sysdig_secure_policy.sample",
+			ImportState:       true,
+			ImportStateVerify: true,
+		},
+		{
+			Config: policyWithoutActions(rText()),
+		},
+		{
+			Config: policyWithoutNotificationChannels(rText()),
+		},
+		{
+			Config: policyWithMinimumConfiguration(rText()),
+		},
+		{
+			Config: policiesWithDifferentSeverities(rText()),
+		},
+		{
+			Config: policiesWithKillAction(rText()),
+		},
+	}
+
+	if !buildinfo.OnpremSecure {
+		steps = append(steps,
+			resource.TestStep{Config: policiesForAWSCloudtrail(rText())},
+			resource.TestStep{Config: policiesForGCPAuditLog(rText())},
+			resource.TestStep{Config: policiesForAzurePlatformlogs(rText())},
+			resource.TestStep{Config: policiesForFalcoCloudAWSCloudtrail(rText())},
+			resource.TestStep{Config: policiesForOkta(rText())},
+			resource.TestStep{Config: policiesForGithub(rText())},
+		)
+	}
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck: preCheckAnyEnv(t, SysdigSecureApiTokenEnv),
 		ProviderFactories: map[string]func() (*schema.Provider, error){
@@ -23,49 +61,7 @@ func TestAccPolicy(t *testing.T) {
 				return sysdig.Provider(), nil
 			},
 		},
-		Steps: []resource.TestStep{
-			{
-				Config: policyWithName(rText()),
-			},
-			{
-				ResourceName:      "sysdig_secure_policy.sample",
-				ImportState:       true,
-				ImportStateVerify: true,
-			},
-			{
-				Config: policyWithoutActions(rText()),
-			},
-			{
-				Config: policyWithoutNotificationChannels(rText()),
-			},
-			{
-				Config: policyWithMinimumConfiguration(rText()),
-			},
-			{
-				Config: policiesWithDifferentSeverities(rText()),
-			},
-			{
-				Config: policiesWithKillAction(rText()),
-			},
-			{
-				Config: policiesForAWSCloudtrail(rText()),
-			},
-			{
-				Config: policiesForGCPAuditLog(rText()),
-			},
-			{
-				Config: policiesForAzurePlatformlogs(rText()),
-			},
-			{
-				Config: policiesForFalcoCloudAWSCloudtrail(rText()),
-			},
-			{
-				Config: policiesForOkta(rText()),
-			},
-			{
-				Config: policiesForGithub(rText()),
-			},
-		},
+		Steps: steps,
 	})
 }
 

From 2bd65717d8de7be13d6f4dfecccf2eb1c0a1b3f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Antonio=20Calvo?= <jose.calvo@sysdig.com>
Date: Fri, 10 May 2024 13:13:49 +0200
Subject: [PATCH 2/2] Use TypeSet instead of TypeList for rules

Reverts the order change in the test which is no longer needed.
---
 .../resource_sysdig_secure_custom_policy.go   | 20 +++++++++----------
 ...source_sysdig_secure_custom_policy_test.go |  4 ++--
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/sysdig/resource_sysdig_secure_custom_policy.go b/sysdig/resource_sysdig_secure_custom_policy.go
index 1f89f8a7..7b7d3185 100644
--- a/sysdig/resource_sysdig_secure_custom_policy.go
+++ b/sysdig/resource_sysdig_secure_custom_policy.go
@@ -3,7 +3,6 @@ package sysdig
 import (
 	"context"
 	"errors"
-	"fmt"
 	"net/http"
 	"strconv"
 	"time"
@@ -51,7 +50,7 @@ func resourceSysdigSecureCustomPolicy() *schema.Resource {
 				ValidateDiagFunc: validateDiagFunc(validation.IntBetween(0, 7)),
 			},
 			"rules": {
-				Type:     schema.TypeList,
+				Type:     schema.TypeSet,
 				Optional: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -100,11 +99,11 @@ func customPolicyFromResourceData(d *schema.ResourceData) v2.Policy {
 
 	policy.Rules = []*v2.PolicyRule{}
 
-	rules := d.Get("rules").([]interface{})
-	for index := range rules {
+	for _, ruleItr := range d.Get("rules").(*schema.Set).List() {
+		ruleInfo := ruleItr.(map[string]interface{})
 		rule := &v2.PolicyRule{
-			Name:    d.Get(fmt.Sprintf("rules.%d.name", index)).(string),
-			Enabled: d.Get(fmt.Sprintf("rules.%d.enabled", index)).(bool),
+			Name:    ruleInfo["name"].(string),
+			Enabled: ruleInfo["enabled"].(bool),
 		}
 		policy.Rules = append(policy.Rules, rule)
 	}
@@ -147,13 +146,14 @@ func customPolicyToResourceData(policy *v2.Policy, d *schema.ResourceData) {
 }
 
 func getPolicyRulesFromResourceData(d *schema.ResourceData) []*v2.PolicyRule {
-	rules := d.Get("rules").([]interface{})
+	rules := d.Get("rules").(*schema.Set).List()
 	policyRules := make([]*v2.PolicyRule, len(rules))
 
-	for i, rule := range rules {
+	for i, ruleItr := range rules {
+		ruleInfo := ruleItr.(map[string]interface{})
 		policyRules[i] = &v2.PolicyRule{
-			Name:    rule.(map[string]interface{})["name"].(string),
-			Enabled: rule.(map[string]interface{})["enabled"].(bool),
+			Name:    ruleInfo["name"].(string),
+			Enabled: ruleInfo["enabled"].(bool),
 		}
 	}
 
diff --git a/sysdig/resource_sysdig_secure_custom_policy_test.go b/sysdig/resource_sysdig_secure_custom_policy_test.go
index e0de53be..0591a163 100644
--- a/sysdig/resource_sysdig_secure_custom_policy_test.go
+++ b/sysdig/resource_sysdig_secure_custom_policy_test.go
@@ -82,11 +82,11 @@ resource "sysdig_secure_custom_policy" "sample" {
   runbook = "https://sysdig.com"
 
   rules {
-    name = sysdig_secure_rule_falco.terminal_shell.name
+    name = "Write below etc"
     enabled = true
   }
   rules {
-    name = "Write below etc"
+    name = sysdig_secure_rule_falco.terminal_shell.name
     enabled = true
   }