From 89aa54c142a63f4e7a7b9d3e4305530ea18ec6cb Mon Sep 17 00:00:00 2001 From: Christopher Geers Date: Tue, 21 May 2024 11:55:16 -0500 Subject: [PATCH 1/4] feat(onboarding): data source tenant external id * adds external id as data source for use by sysdig tenants --- ...source_sysdig_secure_tenant_external_id.go | 49 +++++++++++++++++++ ...e_sysdig_secure_tenant_external_id_test.go | 33 +++++++++++++ sysdig/internal/client/v2/cloud_account.go | 24 ++++++--- sysdig/provider.go | 1 + 4 files changed, 101 insertions(+), 6 deletions(-) create mode 100644 sysdig/data_source_sysdig_secure_tenant_external_id.go create mode 100644 sysdig/data_source_sysdig_secure_tenant_external_id_test.go diff --git a/sysdig/data_source_sysdig_secure_tenant_external_id.go b/sysdig/data_source_sysdig_secure_tenant_external_id.go new file mode 100644 index 00000000..995294dd --- /dev/null +++ b/sysdig/data_source_sysdig_secure_tenant_external_id.go @@ -0,0 +1,49 @@ +package sysdig + +import ( + "context" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceSysdigSecureTenantExternalID() *schema.Resource { + timeout := 5 * time.Minute + + return &schema.Resource{ + ReadContext: dataSourceSysdigSecureTenantExternalIDRead, + + Timeouts: &schema.ResourceTimeout{ + Read: schema.DefaultTimeout(timeout), + }, + + Schema: map[string]*schema.Schema{ + "external_id": { + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +// Retrieves the information of a resource form the file and loads it in Terraform +func dataSourceSysdigSecureTenantExternalIDRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client, err := getSecureCloudAccountClient(meta.(SysdigClients)) + if err != nil { + return diag.FromErr(err) + } + + externalId, err := client.GetTenantExternalIDSecure(ctx) + if err != nil { + return diag.FromErr(err) + } + + d.SetId(externalId) + err = d.Set("external_id", externalId) + if err != nil { + return diag.FromErr(err) + } + + return nil +} diff --git a/sysdig/data_source_sysdig_secure_tenant_external_id_test.go b/sysdig/data_source_sysdig_secure_tenant_external_id_test.go new file mode 100644 index 00000000..57e72dc9 --- /dev/null +++ b/sysdig/data_source_sysdig_secure_tenant_external_id_test.go @@ -0,0 +1,33 @@ +//go:build tf_acc_sysdig_secure + +package sysdig_test + +import ( + "os" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/draios/terraform-provider-sysdig/sysdig" +) + +func TestAccTenantExternalIDDataSource(t *testing.T) { + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { + t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") + } + }, + ProviderFactories: map[string]func() (*schema.Provider, error){ + "sysdig": func() (*schema.Provider, error) { + return sysdig.Provider(), nil + }, + }, + Steps: []resource.TestStep{ + { + Config: `data "sysdig_secure_tenant_external_id" "external_id" {}`, + }, + }, + }) +} diff --git a/sysdig/internal/client/v2/cloud_account.go b/sysdig/internal/client/v2/cloud_account.go index 0071bdde..a29d293e 100644 --- a/sysdig/internal/client/v2/cloud_account.go +++ b/sysdig/internal/client/v2/cloud_account.go @@ -11,7 +11,8 @@ const ( cloudAccountsWithExternalIDPath = "%s/api/cloud/v2/accounts?includeExternalID=true&upsert=true" cloudAccountPath = "%s/api/cloud/v2/accounts/%s" cloudAccountWithExternalIDPath = "%s/api/cloud/v2/accounts/%s?includeExternalID=true" - trustedCloudIdentityPath = "%s/api/cloud/v2/%s/trustedIdentity" + onboardingTrustedIdentityPath = "%s/api/secure/onboarding/v2/trustedIdentity?provider=%s" + onboardingTenantExternaIDPath = "%s/api/secure/onboarding/v2/externalID" providersPath = "%v/api/v2/providers" ) @@ -22,6 +23,7 @@ type CloudAccountSecureInterface interface { DeleteCloudAccountSecure(ctx context.Context, accountID string) error UpdateCloudAccountSecure(ctx context.Context, accountID string, cloudAccount *CloudAccountSecure) (*CloudAccountSecure, error) GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) + GetTenantExternalIDSecure(ctx context.Context) (string, error) } type CloudAccountMonitorInterface interface { @@ -100,7 +102,21 @@ func (client *Client) UpdateCloudAccountSecure(ctx context.Context, accountID st } func (client *Client) GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) { - response, err := client.requester.Request(ctx, http.MethodGet, client.trustedCloudIdentityURL(provider), nil) + response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTrustedIdentityPath, client.config.url, provider), nil) + if err != nil { + return "", err + } + defer response.Body.Close() + + if response.StatusCode != http.StatusOK { + return "", client.ErrorFromResponse(response) + } + + return Unmarshal[string](response.Body) +} + +func (client *Client) GetTenantExternalIDSecure(ctx context.Context) (string, error) { + response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTenantExternaIDPath, client.config.url), nil) if err != nil { return "", err } @@ -127,10 +143,6 @@ func (client *Client) cloudAccountURL(accountID string, includeExternalID bool) return fmt.Sprintf(cloudAccountPath, client.config.url, accountID) } -func (client *Client) trustedCloudIdentityURL(provider string) string { - return fmt.Sprintf(trustedCloudIdentityPath, client.config.url, provider) -} - func (client *Client) CreateCloudAccountMonitor(ctx context.Context, provider *CloudAccountMonitor) (*CloudAccountMonitor, error) { payload, err := Marshal(provider) if err != nil { diff --git a/sysdig/provider.go b/sysdig/provider.go index c2b16899..158bea56 100644 --- a/sysdig/provider.go +++ b/sysdig/provider.go @@ -195,6 +195,7 @@ func (p *SysdigProvider) Provider() *schema.Provider { }, DataSourcesMap: map[string]*schema.Resource{ "sysdig_secure_trusted_cloud_identity": dataSourceSysdigSecureTrustedCloudIdentity(), + "sysdig_secure_tenant_external_id": dataSourceSysdigSecureTenantExternalID(), "sysdig_secure_notification_channel": dataSourceSysdigSecureNotificationChannel(), "sysdig_secure_notification_channel_pagerduty": dataSourceSysdigSecureNotificationChannelPagerduty(), "sysdig_secure_notification_channel_email": dataSourceSysdigSecureNotificationChannelEmail(), From f83e9df4ac6789b099cb53a15c54601109a208e0 Mon Sep 17 00:00:00 2001 From: Christopher Geers Date: Tue, 28 May 2024 15:08:58 -0500 Subject: [PATCH 2/4] chore(onboarding): create secure onboarding client --- ...> data_source_sysdig_secure_onboarding.go} | 47 +++++++++++++++++- ...a_source_sysdig_secure_onboarding_test.go} | 20 ++++++++ ...source_sysdig_secure_tenant_external_id.go | 49 ------------------- ...e_sysdig_secure_tenant_external_id_test.go | 33 ------------- sysdig/internal/client/v2/cloud_account.go | 32 ------------ sysdig/internal/client/v2/onboarding.go | 46 +++++++++++++++++ sysdig/internal/client/v2/sysdig.go | 1 + 7 files changed, 113 insertions(+), 115 deletions(-) rename sysdig/{data_source_sysdig_secure_trusted_cloud_identity.go => data_source_sysdig_secure_onboarding.go} (65%) rename sysdig/{data_source_sysdig_secure_trusted_cloud_identity_test.go => data_source_sysdig_secure_onboarding_test.go} (71%) delete mode 100644 sysdig/data_source_sysdig_secure_tenant_external_id.go delete mode 100644 sysdig/data_source_sysdig_secure_tenant_external_id_test.go create mode 100644 sysdig/internal/client/v2/onboarding.go diff --git a/sysdig/data_source_sysdig_secure_trusted_cloud_identity.go b/sysdig/data_source_sysdig_secure_onboarding.go similarity index 65% rename from sysdig/data_source_sysdig_secure_trusted_cloud_identity.go rename to sysdig/data_source_sysdig_secure_onboarding.go index 021831f1..2a10d3d4 100644 --- a/sysdig/data_source_sysdig_secure_trusted_cloud_identity.go +++ b/sysdig/data_source_sysdig_secure_onboarding.go @@ -6,11 +6,16 @@ import ( "time" "github.com/aws/aws-sdk-go/aws/arn" + v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) +func getSecureOnboardingClient(c SysdigClients) (v2.OnboardingSecureInterface, error) { + return c.sysdigSecureClientV2() +} + func dataSourceSysdigSecureTrustedCloudIdentity() *schema.Resource { timeout := 5 * time.Minute @@ -53,7 +58,7 @@ func dataSourceSysdigSecureTrustedCloudIdentity() *schema.Resource { // Retrieves the information of a resource form the file and loads it in Terraform func dataSourceSysdigSecureTrustedCloudIdentityRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - client, err := getSecureCloudAccountClient(meta.(SysdigClients)) + client, err := getSecureOnboardingClient(meta.(SysdigClients)) if err != nil { return diag.FromErr(err) } @@ -88,3 +93,43 @@ func dataSourceSysdigSecureTrustedCloudIdentityRead(ctx context.Context, d *sche } return nil } + +func dataSourceSysdigSecureTenantExternalID() *schema.Resource { + timeout := 5 * time.Minute + + return &schema.Resource{ + ReadContext: dataSourceSysdigSecureTenantExternalIDRead, + + Timeouts: &schema.ResourceTimeout{ + Read: schema.DefaultTimeout(timeout), + }, + + Schema: map[string]*schema.Schema{ + "external_id": { + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +// Retrieves the information of a resource form the file and loads it in Terraform +func dataSourceSysdigSecureTenantExternalIDRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client, err := getSecureOnboardingClient(meta.(SysdigClients)) + if err != nil { + return diag.FromErr(err) + } + + externalId, err := client.GetTenantExternalIDSecure(ctx) + if err != nil { + return diag.FromErr(err) + } + + d.SetId(externalId) + err = d.Set("external_id", externalId) + if err != nil { + return diag.FromErr(err) + } + + return nil +} diff --git a/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go b/sysdig/data_source_sysdig_secure_onboarding_test.go similarity index 71% rename from sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go rename to sysdig/data_source_sysdig_secure_onboarding_test.go index 9a778618..5bf5b845 100644 --- a/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go +++ b/sysdig/data_source_sysdig_secure_onboarding_test.go @@ -61,3 +61,23 @@ data "sysdig_secure_trusted_cloud_identity" "trusted_identity" { } ` } + +func TestAccTenantExternalIDDataSource(t *testing.T) { + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { + t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") + } + }, + ProviderFactories: map[string]func() (*schema.Provider, error){ + "sysdig": func() (*schema.Provider, error) { + return sysdig.Provider(), nil + }, + }, + Steps: []resource.TestStep{ + { + Config: `data "sysdig_secure_tenant_external_id" "external_id" {}`, + }, + }, + }) +} diff --git a/sysdig/data_source_sysdig_secure_tenant_external_id.go b/sysdig/data_source_sysdig_secure_tenant_external_id.go deleted file mode 100644 index 995294dd..00000000 --- a/sysdig/data_source_sysdig_secure_tenant_external_id.go +++ /dev/null @@ -1,49 +0,0 @@ -package sysdig - -import ( - "context" - "time" - - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" -) - -func dataSourceSysdigSecureTenantExternalID() *schema.Resource { - timeout := 5 * time.Minute - - return &schema.Resource{ - ReadContext: dataSourceSysdigSecureTenantExternalIDRead, - - Timeouts: &schema.ResourceTimeout{ - Read: schema.DefaultTimeout(timeout), - }, - - Schema: map[string]*schema.Schema{ - "external_id": { - Type: schema.TypeString, - Computed: true, - }, - }, - } -} - -// Retrieves the information of a resource form the file and loads it in Terraform -func dataSourceSysdigSecureTenantExternalIDRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - client, err := getSecureCloudAccountClient(meta.(SysdigClients)) - if err != nil { - return diag.FromErr(err) - } - - externalId, err := client.GetTenantExternalIDSecure(ctx) - if err != nil { - return diag.FromErr(err) - } - - d.SetId(externalId) - err = d.Set("external_id", externalId) - if err != nil { - return diag.FromErr(err) - } - - return nil -} diff --git a/sysdig/data_source_sysdig_secure_tenant_external_id_test.go b/sysdig/data_source_sysdig_secure_tenant_external_id_test.go deleted file mode 100644 index 57e72dc9..00000000 --- a/sysdig/data_source_sysdig_secure_tenant_external_id_test.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build tf_acc_sysdig_secure - -package sysdig_test - -import ( - "os" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - - "github.com/draios/terraform-provider-sysdig/sysdig" -) - -func TestAccTenantExternalIDDataSource(t *testing.T) { - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { - if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" { - t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests") - } - }, - ProviderFactories: map[string]func() (*schema.Provider, error){ - "sysdig": func() (*schema.Provider, error) { - return sysdig.Provider(), nil - }, - }, - Steps: []resource.TestStep{ - { - Config: `data "sysdig_secure_tenant_external_id" "external_id" {}`, - }, - }, - }) -} diff --git a/sysdig/internal/client/v2/cloud_account.go b/sysdig/internal/client/v2/cloud_account.go index a29d293e..5ab752d8 100644 --- a/sysdig/internal/client/v2/cloud_account.go +++ b/sysdig/internal/client/v2/cloud_account.go @@ -11,8 +11,6 @@ const ( cloudAccountsWithExternalIDPath = "%s/api/cloud/v2/accounts?includeExternalID=true&upsert=true" cloudAccountPath = "%s/api/cloud/v2/accounts/%s" cloudAccountWithExternalIDPath = "%s/api/cloud/v2/accounts/%s?includeExternalID=true" - onboardingTrustedIdentityPath = "%s/api/secure/onboarding/v2/trustedIdentity?provider=%s" - onboardingTenantExternaIDPath = "%s/api/secure/onboarding/v2/externalID" providersPath = "%v/api/v2/providers" ) @@ -22,8 +20,6 @@ type CloudAccountSecureInterface interface { GetCloudAccountSecure(ctx context.Context, accountID string) (*CloudAccountSecure, error) DeleteCloudAccountSecure(ctx context.Context, accountID string) error UpdateCloudAccountSecure(ctx context.Context, accountID string, cloudAccount *CloudAccountSecure) (*CloudAccountSecure, error) - GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) - GetTenantExternalIDSecure(ctx context.Context) (string, error) } type CloudAccountMonitorInterface interface { @@ -101,34 +97,6 @@ func (client *Client) UpdateCloudAccountSecure(ctx context.Context, accountID st return Unmarshal[*CloudAccountSecure](response.Body) } -func (client *Client) GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) { - response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTrustedIdentityPath, client.config.url, provider), nil) - if err != nil { - return "", err - } - defer response.Body.Close() - - if response.StatusCode != http.StatusOK { - return "", client.ErrorFromResponse(response) - } - - return Unmarshal[string](response.Body) -} - -func (client *Client) GetTenantExternalIDSecure(ctx context.Context) (string, error) { - response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTenantExternaIDPath, client.config.url), nil) - if err != nil { - return "", err - } - defer response.Body.Close() - - if response.StatusCode != http.StatusOK { - return "", client.ErrorFromResponse(response) - } - - return Unmarshal[string](response.Body) -} - func (client *Client) cloudAccountsURL(includeExternalID bool) string { if includeExternalID { return fmt.Sprintf(cloudAccountsWithExternalIDPath, client.config.url) diff --git a/sysdig/internal/client/v2/onboarding.go b/sysdig/internal/client/v2/onboarding.go new file mode 100644 index 00000000..43b853bd --- /dev/null +++ b/sysdig/internal/client/v2/onboarding.go @@ -0,0 +1,46 @@ +package v2 + +import ( + "context" + "fmt" + "net/http" +) + +const ( + onboardingTrustedIdentityPath = "%s/api/secure/onboarding/v2/trustedIdentity?provider=%s" + onboardingTenantExternaIDPath = "%s/api/secure/onboarding/v2/externalID" +) + +type OnboardingSecureInterface interface { + Base + GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) + GetTenantExternalIDSecure(ctx context.Context) (string, error) +} + +func (client *Client) GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) { + response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTrustedIdentityPath, client.config.url, provider), nil) + if err != nil { + return "", err + } + defer response.Body.Close() + + if response.StatusCode != http.StatusOK { + return "", client.ErrorFromResponse(response) + } + + return Unmarshal[string](response.Body) +} + +func (client *Client) GetTenantExternalIDSecure(ctx context.Context) (string, error) { + response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTenantExternaIDPath, client.config.url), nil) + if err != nil { + return "", err + } + defer response.Body.Close() + + if response.StatusCode != http.StatusOK { + return "", client.ErrorFromResponse(response) + } + + return Unmarshal[string](response.Body) +} diff --git a/sysdig/internal/client/v2/sysdig.go b/sysdig/internal/client/v2/sysdig.go index b639a705..dbf88ea4 100644 --- a/sysdig/internal/client/v2/sysdig.go +++ b/sysdig/internal/client/v2/sysdig.go @@ -48,6 +48,7 @@ type SysdigSecure interface { OrganizationSecureInterface CloudauthAccountComponentSecureInterface CloudauthAccountFeatureSecureInterface + OnboardingSecureInterface } func (sr *SysdigRequest) Request(ctx context.Context, method string, url string, payload io.Reader) (*http.Response, error) { From eaac319f38326436a93d796a4f26f63c115bcd42 Mon Sep 17 00:00:00 2001 From: Christopher Geers Date: Tue, 28 May 2024 16:45:07 -0500 Subject: [PATCH 3/4] docs: add sysdig_secure_tenant_external_id --- website/docs/d/secure_tenant_external_id.md | 28 +++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 website/docs/d/secure_tenant_external_id.md diff --git a/website/docs/d/secure_tenant_external_id.md b/website/docs/d/secure_tenant_external_id.md new file mode 100644 index 00000000..8dbd6272 --- /dev/null +++ b/website/docs/d/secure_tenant_external_id.md @@ -0,0 +1,28 @@ +--- +subcategory: "Sysdig Secure" +layout: "sysdig" +page_title: "Sysdig: sysdig_secure_tenant_external_id" +description: |- + Retrieves information about the Sysdig Secure Tenant External ID +--- + +# Data Source: sysdig_secure_tenant_external_id + +Retrieves information about the Sysdig Secure Tenant External ID + +-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository. + +## Example Usage + +```terraform +data "sysdig_secure_tenant_external_id" "external_id" {} +``` + +## Argument Reference + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `external_id` - String identifier for external id value + From d23b4ed81f3496bda37311e7239061082861bf87 Mon Sep 17 00:00:00 2001 From: Christopher Geers Date: Wed, 29 May 2024 10:27:25 -0500 Subject: [PATCH 4/4] fix: lint errcheck --- sysdig/resource_sysdig_monitor_alert_downtime.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysdig/resource_sysdig_monitor_alert_downtime.go b/sysdig/resource_sysdig_monitor_alert_downtime.go index d21def02..a0ee83db 100644 --- a/sysdig/resource_sysdig_monitor_alert_downtime.go +++ b/sysdig/resource_sysdig_monitor_alert_downtime.go @@ -158,7 +158,7 @@ func downtimeAlertToResourceData(alert *v2.Alert, data *schema.ResourceData) (er } var trigger_after_pct float64 - fmt.Sscanf(alert.Condition, "avg(timeAvg(uptime)) <= %f", &trigger_after_pct) + _, _ = fmt.Sscanf(alert.Condition, "avg(timeAvg(uptime)) <= %f", &trigger_after_pct) trigger_after_pct = (1 - trigger_after_pct) * 100 _ = data.Set("trigger_after_pct", int(trigger_after_pct))