Merge branch 'master' into feat-implement-sysdig-secure-accept-vulner…

…ability-risk
sysdiglabs · Dec 11, 2024 · 3b305fd · 3b305fd
2 parents d980522 + e33ed88
commit 3b305fd
Show file tree

Hide file tree

Showing 12 changed files with 1,375 additions and 400 deletions.
diff --git a/sysdig/data_source_sysdig_secure_onboarding.go b/sysdig/data_source_sysdig_secure_onboarding.go
@@ -400,6 +400,62 @@ func dataSourceSysdigSecureCloudIngestionAssetsRead(ctx context.Context, d *sche
 	return nil
 }
 
+func dataSourceSysdigSecureTrustedOracleApp() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigSecureTrustedOracleAppRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringInSlice([]string{"config_posture", "onboarding"}, false),
+			},
+			"tenancy_ocid": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"group_ocid": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"user_ocid": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+// Retrieves the information of a resource from the file and loads it in Terraform
+func dataSourceSysdigSecureTrustedOracleAppRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, err := getSecureOnboardingClient(meta.(SysdigClients))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	app := d.Get("name").(string)
+	trustedIdentityGroup, err := client.GetTrustedOracleAppSecure(ctx, app)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.SetId(app)
+	for k, v := range trustedIdentityGroup {
+		fmt.Printf("%s, %s\n", k, snakeCase(k))
+		err = d.Set(snakeCase(k), v)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
+	return nil
+}
+
 var matchFirstCap = regexp.MustCompile("(.)([A-Z][a-z]+)")
 var matchAllCap = regexp.MustCompile("([a-z0-9])([A-Z])")
 

diff --git a/sysdig/data_source_sysdig_secure_onboarding_test.go b/sysdig/data_source_sysdig_secure_onboarding_test.go
@@ -191,3 +191,44 @@ func TestAccCloudIngestionAssetsDataSource(t *testing.T) {
 		},
 	})
 }
+
+func TestAccTrustedOracleAppDataSource(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config:      `data "sysdig_secure_trusted_oracle_app" "invalid" {	name = "invalid" }`,
+				ExpectError: regexp.MustCompile(`.*expected name to be one of.*`),
+			},
+			{
+				Config: `data "sysdig_secure_trusted_oracle_app" "config_posture" {	name = "config_posture" }`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_trusted_oracle_app.config_posture", "name", "config_posture"),
+					// not asserting the oci exported fields because not every backend environment is oci supported yet and thus will have empty values
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_oracle_app.config_posture", "tenancy_ocid"), // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_oracle_app.config_posture", "group_ocid"),   // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_oracle_app.config_posture", "user_ocid"),    // uncomment to assert a non empty value
+				),
+			},
+			{
+				Config: `data "sysdig_secure_trusted_oracle_app" "onboarding" {	name = "onboarding" }`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_trusted_oracle_app.onboarding", "name", "onboarding"),
+					// not asserting the oci exported fields because not every backend environment is oci supported yet and thus will have empty values
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_oracle_app.onboarding", "tenancy_ocid"), // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_oracle_app.onboarding", "group_ocid"),   // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_oracle_app.onboarding", "user_ocid"),    // uncomment to assert a non empty value
+				),
+			},
+		},
+	})
+}
diff --git a/sysdig/internal/client/v2/cloud_account.go b/sysdig/internal/client/v2/cloud_account.go
@@ -12,6 +12,9 @@ const (
 	cloudAccountPath                = "%s/api/cloud/v2/accounts/%s"
 	cloudAccountWithExternalIDPath  = "%s/api/cloud/v2/accounts/%s?includeExternalID=true"
 	providersPath                   = "%v/api/v2/providers"
+	costCloudAccountPath            = "%s/api/cloudaccount"
+	costProviderURL                 = "%s/api/cloudaccount/features/cost/account?id=%d"
+	updateCostProviderURL           = "%s/api/cloudaccount/features/cost"
 )
 
 type CloudAccountSecureInterface interface {
@@ -25,8 +28,11 @@ type CloudAccountSecureInterface interface {
 type CloudAccountMonitorInterface interface {
 	Base
 	CreateCloudAccountMonitor(ctx context.Context, provider *CloudAccountMonitor) (*CloudAccountMonitor, error)
+	CreateCloudAccountMonitorForCost(ctx context.Context, provider *CloudAccountMonitorForCost) (*CloudAccountCreatedForCost, error)
 	UpdateCloudAccountMonitor(ctx context.Context, id int, provider *CloudAccountMonitor) (*CloudAccountMonitor, error)
+	UpdateCloudAccountMonitorForCost(ctx context.Context, provider *CloudAccountCostProvider) (*CloudAccountCostProvider, error)
 	GetCloudAccountMonitor(ctx context.Context, id int) (*CloudAccountMonitor, error)
+	GetCloudAccountMonitorForCost(ctx context.Context, id int) (*CloudAccountCostProvider, error)
 	DeleteCloudAccountMonitor(ctx context.Context, id int) error
 }
 
@@ -135,6 +141,30 @@ func (client *Client) CreateCloudAccountMonitor(ctx context.Context, provider *C
 	return &wrapper.CloudAccount, nil
 }
 
+func (client *Client) CreateCloudAccountMonitorForCost(ctx context.Context, provider *CloudAccountMonitorForCost) (*CloudAccountCreatedForCost, error) {
+	payload, err := Marshal(provider)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := client.requester.Request(ctx, http.MethodPost, client.getCostProvidersURL(), payload)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return nil, client.ErrorFromResponse(response)
+	}
+
+	wrapper, err := Unmarshal[CloudAccountCreatedForCost](response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return &wrapper, nil
+}
+
 func (client *Client) UpdateCloudAccountMonitor(ctx context.Context, id int, provider *CloudAccountMonitor) (*CloudAccountMonitor, error) {
 	payload, err := Marshal(provider)
 	if err != nil {
@@ -159,6 +189,30 @@ func (client *Client) UpdateCloudAccountMonitor(ctx context.Context, id int, pro
 	return &wrapper.CloudAccount, nil
 }
 
+func (client *Client) UpdateCloudAccountMonitorForCost(ctx context.Context, provider *CloudAccountCostProvider) (*CloudAccountCostProvider, error) {
+	payload, err := Marshal(provider)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := client.requester.Request(ctx, http.MethodPut, client.getUpdateCostProviderURL(), payload)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return nil, client.ErrorFromResponse(response)
+	}
+
+	wrapper, err := Unmarshal[CloudAccountCostProviderWrapper](response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return &wrapper.CloudAccountCostProvider, nil
+}
+
 func (client *Client) GetCloudAccountMonitor(ctx context.Context, id int) (*CloudAccountMonitor, error) {
 	response, err := client.requester.Request(ctx, http.MethodGet, client.getProviderURL(id), nil)
 	if err != nil {
@@ -178,6 +232,25 @@ func (client *Client) GetCloudAccountMonitor(ctx context.Context, id int) (*Clou
 	return &wrapper.CloudAccount, nil
 }
 
+func (client *Client) GetCloudAccountMonitorForCost(ctx context.Context, id int) (*CloudAccountCostProvider, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, client.getCostProviderURL(id), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return nil, client.ErrorFromResponse(response)
+	}
+
+	wrapper, err := Unmarshal[CloudAccountCostProviderWrapper](response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return &wrapper.CloudAccountCostProvider, nil
+}
+
 func (client *Client) DeleteCloudAccountMonitor(ctx context.Context, id int) error {
 	response, err := client.requester.Request(ctx, http.MethodDelete, client.getProviderURL(id), nil)
 	if err != nil {
@@ -199,3 +272,15 @@ func (client *Client) getProviderURL(id int) string {
 func (client *Client) getProvidersURL() string {
 	return fmt.Sprintf(providersPath, client.config.url)
 }
+
+func (client *Client) getCostProvidersURL() string {
+	return fmt.Sprintf(costCloudAccountPath, client.config.url)
+}
+
+func (client *Client) getCostProviderURL(id int) string {
+	return fmt.Sprintf(costProviderURL, client.config.url, id)
+}
+
+func (client *Client) getUpdateCostProviderURL() string {
+	return fmt.Sprintf(updateCostProviderURL, client.config.url)
+}