sysdiglabs · tembleking · Nov 29, 2024 · Nov 29, 2024 · Nov 29, 2024 · Dec 11, 2024
diff --git a/.envrc b/.envrc
@@ -0,0 +1,6 @@
+has nix && use flake
+watch_file *.nix
+strict_env
+dotenv_if_exists .env # You can create a .env file with your env vars for this project. You can also use .secrets if you are using act. See the line below.
+dotenv_if_exists .secrets # Used by [act](https://nektosact.com/) to load secrets into the pipelines
+env_vars_required SYSDIG_MONITOR_API_TOKEN SYSDIG_SECURE_API_TOKEN
diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,8 @@
 *.dll
 *.exe
 .DS_Store
-.envrc
+.secrets
+.direnv/
 .env
 example.tf
 terraform.tfplan
@@ -53,3 +54,9 @@ oanc
 # Local test folder
 local-terraform-test/
 dist/
+
+# Nix result
+result
+
+main.tf
+terraform-providers-schema/
diff --git a/GNUmakefile b/GNUmakefile
@@ -13,14 +13,16 @@ TERRAFORM_PROVIDER_DEV_VERSION=1.0.0
 TERRAFORM_PLATFORM=$(shell terraform version -json | jq -r .platform)
 TERRAFORM_SYSDIG_PLUGIN_DIR=$(TERRAFORM_PLUGIN_ROOT_DIR)/$(TERRAFORM_PROVIDER_REFERENCE_NAME)/$(TERRAFORM_PROVIDER_NAME)/$(TERRAFORM_PROVIDER_DEV_VERSION)/$(TERRAFORM_PLATFORM)
 
-install-tools:
-	go install golang.org/x/tools/cmd/stringer@latest
-
 default: build
 
 build: fmtcheck
 	go install
 
+check: fmtcheck errcheck check-vuln doccheck lint
+
+check-vuln:
+	govulncheck .
+
 install: fmtcheck
 	go build -o terraform-provider-sysdig
 	mkdir -p $(TERRAFORM_SYSDIG_PLUGIN_DIR)
@@ -64,13 +66,35 @@ fmtcheck:
 	@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'"
 
 lint:
-	golangci-lint run --timeout 1h ./...
+	golangci-lint run --timeout 1h --build-tags unit,tf_acc_sysdig_monitor,tf_acc_sysdig_secure,tf_acc_ibm_monitor,tf_acc_ibm_secure ./...
 
 errcheck:
 	@sh -c "'$(CURDIR)/scripts/errcheck.sh'"
 
-vendor-status:
-	@govendor status
+# Leverages on nix compiling and configuring the provider using the package.nix and the devshell
+init-provider-to-test:
+	echo 'terraform { ' > main.tf
+	echo 'required_providers { sysdig = { ' >> main.tf
+	echo 'source = "sysdiglabs/sysdig" ' >> main.tf
+	echo 'version = "1.0.0-local" ' >> main.tf
+	echo '} }' >> main.tf
+	echo '}' >> main.tf
+	terraform init
+
+.PHONY: terraform-providers-schema
+terraform-providers-schema:
+	rm -rf terraform-providers-schema
+	rm .terraform.lock.hcl
+	mkdir -p terraform-providers-schema
+
+doccheck: terraform-providers-schema init-provider-to-test
+	terraform providers schema -json > terraform-providers-schema/schema.json
+	tfproviderdocs check \
+          -allowed-resource-subcategories-file website/allowed-subcategories.txt \
+          -enable-contents-check \
+          -provider-source registry.terraform.io/sysdiglabs/sysdig \
+          -providers-schema-json terraform-providers-schema/schema.json \
+          -require-resource-subcategory
 
 test-compile:
 	@if [ "$(TEST)" = "./..." ]; then \

diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,88 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+    tfproviderdocs-init.url = "github:nixos/nixpkgs/pull/366576/head"; # tfproviderdocs is not yet a package in nixpkgs, so this workaronuds it
+  };
+  outputs =
+    {
+      self,
+      nixpkgs,
+      flake-utils,
+      tfproviderdocs-init,
+    }:
+    let
+      overlays.default = final: prev: {
+        terraform-providers = prev.terraform-providers // {
+          sysdig = prev.callPackage ./package.nix { };
+        };
+      };
+      overlays.tfproviderdocs =
+        final: prev:
+        let
+          pkgs = import tfproviderdocs-init { inherit (prev) system; };
+        in
+        {
+          inherit (pkgs) tfproviderdocs;
+        };
+      flake = flake-utils.lib.eachDefaultSystem (
+        system:
+        let
+          pkgs = import nixpkgs {
+            inherit system;
+            config.allowUnfree = true;
+            overlays = [
+              self.overlays.default
+              self.overlays.tfproviderdocs
+            ];
+          };
+        in
+        {
+          # Exposes the local plugin to be consumed as a package.
+          packages = with pkgs.terraform-providers; {
+            inherit sysdig;
+            default = sysdig;
+          };
+
+          # To be used with `nix run`.
+          apps.terraform = flake-utils.lib.mkApp {
+            drv = pkgs.terraform.withPlugins (tf: [ tf.sysdig ]);
+          };
+
+          # Used for local development. Adds the required dependencies to work in this project.
+          devShells.default =
+            with pkgs;
+            mkShell {
+              packages = [
+                go_1_23
+                errcheck
+                govulncheck
+                golangci-lint
+                golangci-lint-langserver
+                (terraform.withPlugins (tf: [ tf.sysdig ]))
+                tfproviderdocs
+              ];
+            };
+
+          # Used with `nix develop <url/path>#terraform-with-plugin`.
+          # You can load terraform with the sysdig plugin from a commit, a branch or a tag.
+          # For instance:
+          # - `nix develop github:sysdiglabs/terraform-provider-sysdig#terraform-with-plugin` will create a local dev shell with the version from the main branch.
+          # - `nix develop github:sysdiglabs/terraform-provider-sysdig/branch-name#terraform-with-plugin` with create a local dev shell with the version from the `branch-name` branch code.
+          # - `nix develop github:sysdiglabs/terraform-provider-sysdig/v1.2.3#terraform-with-plugin` will create a local dev shell with the version from the tag `v1.2.3` code (note the provided version is just an example).
+          # - `nix develop .#terraform-with-plugin` will create a local dev shell with terraform with the local code.
+          devShells.terraform-with-plugin =
+            with pkgs;
+            mkShell {
+              packages = [
+                (terraform.withPlugins (tf: [ tf.sysdig ]))
+                bashInteractive
+              ];
+            };
+
+          formatter = pkgs.nixfmt-rfc-style;
+        }
+      );
+    in
+    flake // { inherit overlays; };
+}
diff --git a/go.mod b/go.mod
@@ -1,12 +1,14 @@
 module github.com/draios/terraform-provider-sysdig
 
-go 1.19
+go 1.23
+
+toolchain go1.23.3
 
 require (
 	github.com/Jeffail/gabs/v2 v2.7.0
 	github.com/aws/aws-sdk-go v1.44.284
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
-	github.com/hashicorp/go-retryablehttp v0.7.4
+	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/hashicorp/terraform-plugin-log v0.8.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1
 	github.com/jmespath/go-jmespath v0.4.0
@@ -15,7 +17,7 @@ require (
 	github.com/spf13/cast v1.5.1
 	github.com/stretchr/testify v1.8.4
 	github.com/sysdiglabs/agent-kilt/runtimes/cloudformation v0.0.0-20240201123620-2272de6dee9f
-	google.golang.org/protobuf v1.30.0
+	google.golang.org/protobuf v1.36.0
 )
 
 require (
@@ -27,15 +29,15 @@ require (
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/docker v24.0.2+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/fatih/color v1.16.0 // indirect
 	github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-containerregistry v0.15.2 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.4.0 // indirect
+	github.com/hashicorp/go-hclog v1.6.3 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.4.8 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
@@ -51,7 +53,7 @@ require (
 	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
 	github.com/klauspost/compress v1.16.6 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
@@ -69,14 +71,14 @@ require (
 	github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
 	github.com/vmihailenco/tagparser v0.1.1 // indirect
 	github.com/zclconf/go-cty v1.13.2 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
-	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/net v0.9.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.14.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect
-	google.golang.org/grpc v1.51.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect
+	google.golang.org/grpc v1.69.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )