Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[datadog_integration_gcp_sts] Add Account tags, ResourceCollectionEnabled and IsSecurityCommandCenterEnabled support to gcp tf module #2134

Merged
merged 5 commits into from
Mar 12, 2024
Merged

[datadog_integration_gcp_sts] Add Account tags, ResourceCollectionEnabled and IsSecurityCommandCenterEnabled support to gcp tf module #2134

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9186396
Add Account tags support to gcp tf module
dtru-ddog Oct 4, 2023
e78aa29
Merge branch 'master' into dan.trujillo/gcp-account-tags-support
smuhit Feb 23, 2024
ca882c1
[datadog_integration_gcp_sts] Add ResourceCollectionEnabled and IsSec…
smuhit Feb 23, 2024
0f42469
Forgot to update state
smuhit Feb 23, 2024
09d1443
Addressing PR Comments
smuhit Feb 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
21 changes: 21 additions & 0 deletions datadog/fwprovider/resource_datadog_integration_gcp_sts.go
View file
Open in desktop
Expand Up @@ -27,6 +27,7 @@ type integrationGcpStsResource struct {

type integrationGcpStsModel struct {
ID types.String `tfsdk:"id"`
AccountTags types.Set `tfsdk:"account_tags"`
Automute types.Bool `tfsdk:"automute"`
ClientEmail types.String `tfsdk:"client_email"`
DelegateAccountEmail types.String `tfsdk:"delegate_account_email"`
Expand All @@ -52,6 +53,11 @@ func (r *integrationGcpStsResource) Schema(_ context.Context, _ resource.SchemaR
response.Schema = schema.Schema{
Description: "Provides a Datadog Integration GCP Sts resource. This can be used to create and manage Datadog - Google Cloud Platform integration.",
Attributes: map[string]schema.Attribute{
"account_tags": schema.SetAttribute{
Optional: true,
Description: "Tags to be associated with GCP metrics and service checks from your account.",
ElementType: types.StringType,
ash-ddog marked this conversation as resolved.
Show resolved Hide resolved
},
"automute": schema.BoolAttribute{
Optional: true,
Computed: true,
Expand Down Expand Up @@ -222,6 +228,9 @@ func (r *integrationGcpStsResource) updateState(ctx context.Context, state *inte
state.ID = types.StringValue(resp.GetId())

attributes := resp.GetAttributes()
if accountTags, ok := attributes.GetAccountTagsOk(); ok && len(*accountTags) > 0 {
state.AccountTags, _ = types.SetValueFrom(ctx, types.StringType, *accountTags)
}
if automute, ok := attributes.GetAutomuteOk(); ok {
state.Automute = types.BoolValue(*automute)
}
Expand All @@ -240,6 +249,12 @@ func (r *integrationGcpStsResource) buildIntegrationGcpStsRequestBody(ctx contex
diags := diag.Diagnostics{}
attributes := datadogV2.NewGCPSTSServiceAccountAttributesWithDefaults()

accountTags := make([]string, 0)
Copy link

@ash-ddog ash-ddog Oct 4, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not idiomatic Go. Typically, you initialize slices to nil. nil slices are valid for just about anything (i.e. iteration, appending, etc).
var accountTags []string

But not familiar enough with this terraform stuff to know if that'll make a difference.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Guess this is a copy paste from the code for host_filters (same type)

if !state.AccountTags.IsNull() {
diags.Append(state.AccountTags.ElementsAs(ctx, &accountTags, false)...)
}
attributes.SetAccountTags(accountTags)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feels weird to include account_tags=[] in the REST call when it's an optional field.


if !state.Automute.IsNull() {
attributes.SetAutomute(state.Automute.ValueBool())
}
Expand Down Expand Up @@ -267,6 +282,12 @@ func (r *integrationGcpStsResource) buildIntegrationGcpStsUpdateRequestBody(ctx
diags := diag.Diagnostics{}
attributes := datadogV2.NewGCPSTSServiceAccountAttributesWithDefaults()

accountTags := make([]string, 0)
if !state.AccountTags.IsNull() {
diags.Append(state.AccountTags.ElementsAs(ctx, &accountTags, false)...)
}
attributes.SetAccountTags(accountTags)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comments apply here.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we be doing something like the IsUnknown() for AccountTags (like we're doing below) since it's also a new field? Not familiar enough with terraform to know what's right here.


if !state.Automute.IsNull() {
attributes.SetAutomute(state.Automute.ValueBool())
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All this stuff is super duplicative. Is it worth refactoring like this?

func (r *integrationGcpStsResource) buildIntegrationGcpStsCreateRequest(ctx context.Context, state *integrationGcpStsModel) (*datadogV2.GCPSTSServiceAccountCreateRequest, diag.Diagnostics) {
	attrs, diags := r.buildIntegrationGcpStsAccountAttributes(ctx, state)
	req := datadogV2.NewGCPSTSServiceAccountCreateRequestWithDefaults()
	req.Data = datadogV2.NewGCPSTSServiceAccountDataWithDefaults()
	req.Data.SetAttributes(*attrs)
	return req, diags
}

func (r *integrationGcpStsResource) buildIntegrationGcpStsUpdateRequest(ctx context.Context, state *integrationGcpStsModel) (*datadogV2.GCPSTSServiceAccountUpdateRequest, diag.Diagnostics) {
	attrs, diags := r.buildIntegrationGcpStsAccountAttributes(ctx, state)
	req := datadogV2.NewGCPSTSServiceAccountUpdateRequestWithDefaults()
	req.Data = datadogV2.NewGCPSTSServiceAccountUpdateRequestDataWithDefaults()
	req.Data.SetAttributes(*attrs)
	return req, diags
}

func (r *integrationGcpStsResource) buildIntegrationGcpStsAccountAttributes(ctx context.Context, state *integrationGcpStsModel) (*datadogV2.GCPSTSServiceAccountAttributes, diag.Diagnostics) {
	diags := diag.Diagnostics{}
	attributes := datadogV2.NewGCPSTSServiceAccountAttributesWithDefaults()

	accountTags := make([]string, 0)
	if !state.AccountTags.IsNull() {
		diags.Append(state.AccountTags.ElementsAs(ctx, &accountTags, false)...)
	}
	attributes.SetAccountTags(accountTags)

	if !state.Automute.IsNull() {
		attributes.SetAutomute(state.Automute.ValueBool())
	}
	if !state.ClientEmail.IsNull() {
		attributes.SetClientEmail(state.ClientEmail.ValueString())
	}
	if !state.IsCspmEnabled.IsNull() {
		attributes.SetIsCspmEnabled(state.IsCspmEnabled.ValueBool())
	}

	hostFilters := make([]string, 0)
	if !state.HostFilters.IsNull() {
		diags.Append(state.HostFilters.ElementsAs(ctx, &hostFilters, false)...)
	}
	attributes.SetHostFilters(hostFilters)

	return attributes, diags
}

Weird thing is that I'm pretty sure that the update API does not support updating ClientEmail, but it was already in the update body before these changes 🥴 .

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO that's pertinent but maybe an a separated PR?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we mostly took this (thanks), but still we have ClientEmail in the update API when that's not supported. Not blocking, but could confuse someone in the future.

Copy link
Contributor

@smuhit smuhit Mar 1, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed.. But didn't want to make functionally different changes (removal of ClientEmail in the Update call) in a PR that is essentially additive changes.

Expand Down
1 change: 1 addition & 0 deletions docs/resources/integration_gcp_sts.md
View file
Open in desktop
Expand Up @@ -46,6 +46,7 @@ resource "datadog_integration_gcp_sts" "foo" {

### Optional

- `account_tags` (Set of String) Tags to be associated with GCP metrics and service checks from your account.
- `automute` (Boolean) Silence monitors for expected GCE instance shutdowns.
- `host_filters` (Set of String) Your Host Filters.
- `is_cspm_enabled` (Boolean) When enabled, Datadog performs configuration checks across your Google Cloud environment by continuously scanning every resource, which may incur additional charges.
Expand Down