feat: implement sysdig_secure_accept_vulnerability_risk resource

sysdiglabs · Dec 11, 2024 · d980522 · d980522
1 parent 358a8d0
commit d980522
Show file tree

Hide file tree

Showing 6 changed files with 806 additions and 0 deletions.
diff --git a/sysdig/internal/client/v2/client.go b/sysdig/internal/client/v2/client.go
@@ -59,6 +59,7 @@ type SecureCommon interface {
 	PostureZoneInterface
 	PostureControlInterface
 	PostureAcceptRiskInterface
+	PostureVulnerabilityAcceptRiskInterface
 }
 
 type Requester interface {

diff --git a/sysdig/internal/client/v2/model_vulnerability_control.go b/sysdig/internal/client/v2/model_vulnerability_control.go
@@ -0,0 +1,98 @@
+package v2
+
+import (
+	"fmt"
+	"time"
+)
+
+type (
+	EntityType  string
+	ReasonType  string
+	StatusType  string
+	StageType   string
+	ContextType string
+)
+
+const (
+	EntityTypeImageName         EntityType = "imageName"
+	EntityTypeImagePrefix       EntityType = "imagePrefix"
+	EntityTypeImageSuffix       EntityType = "imageSuffix"
+	EntityTypeImageNameContains EntityType = "imageNameContains"
+	EntityTypeVulnerability     EntityType = "vulnerability"
+	EntityTypeHostName          EntityType = "hostName"
+	EntityTypeHostNameContains  EntityType = "hostNameContains"
+	EntityTypePolicyRule        EntityType = "policyRule"
+)
+
+const (
+	ReasonRiskTransferred ReasonType = "RiskTransferred"
+	ReasonRiskAvoided     ReasonType = "RiskAvoided"
+	ReasonRiskMitigated   ReasonType = "RiskMitigated"
+	ReasonRiskOwned       ReasonType = "RiskOwned"
+	ReasonRiskNotRelevant ReasonType = "RiskNotRelevant"
+	ReasonCustom          ReasonType = "Custom"
+)
+
+func ReasonTypeFromString(value string) (ReasonType, error) {
+	t := ReasonType(value)
+	switch t {
+	case ReasonRiskTransferred, ReasonRiskAvoided, ReasonRiskMitigated, ReasonRiskOwned, ReasonRiskNotRelevant, ReasonCustom:
+		return t, nil
+	default:
+		return "", fmt.Errorf("unsupported reason type: %s", value)
+	}
+}
+
+const (
+	StatusActive  StatusType = "active"
+	StatusExpired StatusType = "expired"
+)
+
+const (
+	ContextTypeImageName         ContextType = "imageName"
+	ContextTypeImagePrefix       ContextType = "imagePrefix"
+	ContextTypeImageSuffix       ContextType = "imageSuffix"
+	ContextTypeImageNameContains ContextType = "imageNameContains"
+	ContextTypeHostName          ContextType = "hostName"
+	ContextTypeHostNameContains  ContextType = "hostNameContains"
+	ContextTypePackageName       ContextType = "packageName"
+	ContextTypePackageVersion    ContextType = "packageVersion"
+)
+
+type AcceptVulnerabilityRiskRequest struct {
+	EntityType     EntityType                       `json:"entityType"`
+	EntityValue    string                           `json:"entityValue"`
+	Reason         ReasonType                       `json:"reason"`
+	Description    string                           `json:"description"`
+	ExpirationDate string                           `json:"expirationDate,omitempty"`
+	Context        []AcceptVulnerabilityRiskContext `json:"context"`
+	Stages         []StageType                      `json:"stages,omitempty"`
+}
+
+type UpdateAcceptVulnerabilityRiskRequest struct {
+	ID             string     `json:"id"`
+	ExpirationDate string     `json:"expirationDate,omitempty"`
+	Reason         ReasonType `json:"reason"`
+	Description    string     `json:"description"`
+}
+
+type AcceptVulnerabilityRisk struct {
+	ID             string                           `json:"id"`
+	EntityType     EntityType                       `json:"entityType"`
+	EntityValue    string                           `json:"entityValue"`
+	Reason         ReasonType                       `json:"reason"`
+	Description    string                           `json:"description"`
+	ExpirationDate string                           `json:"expirationDate,omitempty"`
+	Status         StatusType                       `json:"status"`
+	CreatedAt      time.Time                        `json:"createdAt,omitempty"`
+	UpdatedAt      time.Time                        `json:"updatedAt,omitempty"`
+	CreatedBy      string                           `json:"createdBy,omitempty"`
+	UpdatedBy      string                           `json:"updatedBy,omitempty"`
+	Context        []AcceptVulnerabilityRiskContext `json:"context"`
+	Stages         []StageType                      `json:"stages,omitempty"`
+}
+
+type AcceptVulnerabilityRiskContext struct {
+	ContextType  ContextType `json:"contextType"`
+	ContextValue string      `json:"contextValue"`
+}
diff --git a/sysdig/internal/client/v2/vulnerability_accept_risk.go b/sysdig/internal/client/v2/vulnerability_accept_risk.go
@@ -0,0 +1,107 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+type PostureVulnerabilityAcceptRiskInterface interface {
+	Base
+
+	SaveAcceptVulnerabilityRisk(ctx context.Context, p *AcceptVulnerabilityRiskRequest) (*AcceptVulnerabilityRisk, string, error)
+	GetAcceptanceVulnerabilityRisk(ctx context.Context, id string) (*AcceptVulnerabilityRisk, string, error)
+	DeleteAcceptanceVulnerabilityRisk(ctx context.Context, id string) error
+	UpdateAcceptanceVulnerabilityRisk(ctx context.Context, p *UpdateAcceptVulnerabilityRiskRequest) (*AcceptVulnerabilityRisk, string, error)
+}
+
+const (
+	AcceptVulnerabilityRiskCreatePath = "%s/secure/vulnerability/v1beta1/accepted-risks"
+	AcceptVulnerabilityRiskGetPath    = "%s/secure/vulnerability/v1beta1/accepted-risks/%s"
+	AcceptVulnerabilityRiskDeletePath = "%s/secure/vulnerability/v1beta1/accepted-risks/%s"
+	AcceptVulnerabilityRiskUpdatePath = "%s/secure/vulnerability/v1beta1/accepted-risks/%s"
+)
+
+func (c *Client) SaveAcceptVulnerabilityRisk(ctx context.Context, p *AcceptVulnerabilityRiskRequest) (*AcceptVulnerabilityRisk, string, error) {
+	payload, err := Marshal(p)
+	if err != nil {
+		return nil, "", err
+	}
+
+	response, err := c.requester.Request(ctx, http.MethodPost, fmt.Sprintf(AcceptVulnerabilityRiskCreatePath, c.config.url), payload)
+	if err != nil {
+		return nil, "", err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusCreated {
+		errStatus, err := c.ErrorAndStatusFromResponse(response)
+		return nil, errStatus, err
+	}
+
+	resp, err := Unmarshal[AcceptVulnerabilityRisk](response.Body)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return &resp, "", nil
+}
+
+func (c *Client) GetAcceptanceVulnerabilityRisk(ctx context.Context, id string) (*AcceptVulnerabilityRisk, string, error) {
+	response, err := c.requester.Request(ctx, http.MethodGet, fmt.Sprintf(AcceptVulnerabilityRiskGetPath, c.config.url, id), nil)
+	if err != nil {
+		return nil, "", err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		errStatus, err := c.ErrorAndStatusFromResponse(response)
+		return nil, errStatus, err
+	}
+
+	resp, err := Unmarshal[AcceptVulnerabilityRisk](response.Body)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return &resp, "", nil
+}
+
+func (c *Client) DeleteAcceptanceVulnerabilityRisk(ctx context.Context, id string) error {
+	response, err := c.requester.Request(ctx, http.MethodDelete, fmt.Sprintf(AcceptVulnerabilityRiskDeletePath, c.config.url, id), nil)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent {
+		return c.ErrorFromResponse(response)
+	}
+
+	return nil
+}
+
+func (c *Client) UpdateAcceptanceVulnerabilityRisk(ctx context.Context, p *UpdateAcceptVulnerabilityRiskRequest) (*AcceptVulnerabilityRisk, string, error) {
+	payload, err := Marshal(p)
+	if err != nil {
+		return nil, "", err
+	}
+
+	response, err := c.requester.Request(ctx, http.MethodPut, fmt.Sprintf(AcceptVulnerabilityRiskUpdatePath, c.config.url, p.ID), payload)
+	if err != nil {
+		return nil, "", err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		errStatus, err := c.ErrorAndStatusFromResponse(response)
+		return nil, errStatus, err
+	}
+
+	resp, err := Unmarshal[AcceptVulnerabilityRisk](response.Body)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return &resp, "", nil
+}
diff --git a/sysdig/provider.go b/sysdig/provider.go
@@ -197,6 +197,7 @@ func (p *SysdigProvider) Provider() *schema.Provider {
 			"sysdig_secure_posture_policy":                                 resourceSysdigSecurePosturePolicy(),
 			"sysdig_secure_posture_control":                                resourceSysdigSecurePostureControl(),
 			"sysdig_secure_posture_accept_risk":                            resourceSysdigSecureAcceptPostureRisk(),
+			"sysdig_secure_vulnerability_accept_risk":                      resourceSysdigSecureVulnerabilityAcceptRisk(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_agentless_scanning_assets":                     dataSourceSysdigSecureAgentlessScanningAssets(),