feat(resource): Add sysdig_secure_list resource

Signed-off-by: Federico Barcelona <fede_rico_94@hotmail.com>
sysdiglabs · May 9, 2020 · ee4828b · ee4828b
1 parent 61ad471
commit ee4828b
Show file tree

Hide file tree

Showing 7 changed files with 327 additions and 1 deletion.
diff --git a/sysdig/provider.go b/sysdig/provider.go
@@ -46,6 +46,7 @@ func Provider() terraform.ResourceProvider {
 			"sysdig_secure_rule_syscall":         resourceSysdigSecureRuleSyscall(),
 			"sysdig_secure_rule_falco":           resourceSysdigSecureRuleFalco(),
 			"sysdig_secure_team":                 resourceSysdigSecureTeam(),
+			"sysdig_secure_list":                 resourceSysdigSecureList(),
 
 			"sysdig_monitor_alert_downtime":      resourceSysdigMonitorAlertDowntime(),
 			"sysdig_monitor_alert_metric":        resourceSysdigMonitorAlertMetric(),

diff --git a/sysdig/resource_sysdig_secure_list.go b/sysdig/resource_sysdig_secure_list.go
@@ -0,0 +1,122 @@
+package sysdig
+
+import (
+	"github.com/draios/terraform-provider-sysdig/sysdig/secure"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"strconv"
+	"strings"
+	"time"
+)
+
+func resourceSysdigSecureList() *schema.Resource {
+	timeout := 30 * time.Second
+
+	return &schema.Resource{
+		Create: resourceSysdigListCreate,
+		Update: resourceSysdigListUpdate,
+		Read:   resourceSysdigListRead,
+		Delete: resourceSysdigListDelete,
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(timeout),
+			Update: schema.DefaultTimeout(timeout),
+			Read:   schema.DefaultTimeout(timeout),
+			Delete: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"items": {
+				Type:     schema.TypeList,
+				Required: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"append": {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
+			"version": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceSysdigListCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	list := listFromResourceData(d)
+	list, err := client.CreateList(list)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(strconv.Itoa(list.ID))
+	d.Set("version", list.Version)
+
+	return nil
+}
+
+func resourceSysdigListUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	list := listFromResourceData(d)
+	list.Version = d.Get("version").(int)
+
+	id, _ := strconv.Atoi(d.Id())
+	list.ID = id
+
+	_, err := client.UpdateList(list)
+	return err
+}
+
+func resourceSysdigListRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	id, _ := strconv.Atoi(d.Id())
+	list, err := client.GetListById(id)
+
+	if err != nil {
+		d.SetId("")
+	}
+
+	d.Set("name", list.Name)
+	d.Set("version", list.Version)
+	d.Set("items", list.Items.Items)
+	d.Set("append", list.Append)
+
+	return nil
+}
+
+func resourceSysdigListDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	id, _ := strconv.Atoi(d.Id())
+
+	return client.DeleteList(id)
+}
+
+func listFromResourceData(d *schema.ResourceData) secure.List {
+	list := secure.List{
+		Name:   d.Get("name").(string),
+		Append: d.Get("append").(bool),
+		Items:  secure.Items{Items: []string{}},
+	}
+
+	items := d.Get("items").([]interface{})
+	for _, item := range items {
+		if item_str, ok := item.(string); ok {
+			item_str = strings.TrimSpace(item_str)
+			list.Items.Items = append(list.Items.Items, item_str)
+		}
+	}
+
+	return list
+}
diff --git a/sysdig/resource_sysdig_secure_list_test.go b/sysdig/resource_sysdig_secure_list_test.go
@@ -0,0 +1,86 @@
+package sysdig_test
+
+import (
+	"fmt"
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+	"os"
+	"testing"
+)
+
+func TestAccList(t *testing.T) {
+	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
+	fixedRandomText := rText()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		Providers: map[string]terraform.ResourceProvider{
+			"sysdig": sysdig.Provider(),
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: listWithName(rText()),
+			},
+			{
+				Config: listWithName(fixedRandomText),
+			},
+			{
+				Config: listUpdatedWithName(fixedRandomText),
+			},
+			{
+				Config: listAppendToDefault(),
+			},
+			{
+				Config: listWithList(rText(), rText()),
+			},
+		},
+	})
+}
+
+func listWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_list" "sample" {
+  name = "terraform_test_%s"
+  items = ["foo", "bar"]
+}
+`, name)
+}
+
+func listUpdatedWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_list" "sample" {
+  name = "terraform_test_%s"
+  items = ["foo", "bar", "baz"]
+}
+`, name)
+}
+
+func listAppendToDefault() string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_list" "sample2" {
+  name = "allowed_k8s_nodes"
+  items = ["foo", "bar"]
+  append = true
+}
+`)
+}
+
+func listWithList(name1, name2 string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_list" "sample3" {
+  name = "terraform_test_%s"
+  items = ["foo", "bar"]
+}
+
+resource "sysdig_secure_list" "sample4" {
+  name = "terraform_test_%s"
+  items = [sysdig_secure_list.sample3.name]
+}
+`, name1, name2)
+}
diff --git a/sysdig/secure/client.go b/sysdig/secure/client.go
@@ -33,6 +33,11 @@ type SysdigSecureClient interface {
 	GetTeamById(int) (Team, error)
 	DeleteTeam(int) error
 	UpdateTeam(Team) (Team, error)
+
+	CreateList(List) (List, error)
+	GetListById(int) (List, error)
+	DeleteList(int) error
+	UpdateList(List) (List, error)
 }
 
 func NewSysdigSecureClient(sysdigSecureAPIToken string, url string) SysdigSecureClient {

diff --git a/sysdig/secure/lists.go b/sysdig/secure/lists.go
@@ -0,0 +1,90 @@
+package secure
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+func (client *sysdigSecureClient) CreateList(listRequest List) (list List, err error) {
+	response, err := client.doSysdigSecureRequest(http.MethodPost, client.GetListsUrl(), listRequest.ToJSON())
+	if err != nil {
+		return
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		err = errors.New(response.Status)
+		return
+	}
+
+	list, err = ListFromJSON(body)
+	return
+}
+
+func (client *sysdigSecureClient) GetListById(id int) (list List, err error) {
+	response, err := client.doSysdigSecureRequest(http.MethodGet, client.GetListUrl(id), nil)
+	if err != nil {
+		return
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK {
+		err = errors.New(response.Status)
+		return
+	}
+
+	list, err = ListFromJSON(body)
+	if err != nil {
+		return
+	}
+
+	if list.Version == 0 {
+		err = fmt.Errorf("List with ID: %d does not exists", id)
+		return
+	}
+	return
+}
+
+func (client *sysdigSecureClient) UpdateList(listRequest List) (list List, err error) {
+	response, err := client.doSysdigSecureRequest(http.MethodPut, client.GetListUrl(listRequest.ID), listRequest.ToJSON())
+	if err != nil {
+		return
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK {
+		err = errors.New(response.Status)
+		return
+	}
+
+	return ListFromJSON(body)
+}
+
+func (client *sysdigSecureClient) DeleteList(id int) error {
+	response, err := client.doSysdigSecureRequest(http.MethodDelete, client.GetListUrl(id), nil)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK {
+		return errors.New(response.Status)
+	}
+	return nil
+}
+
+func (client *sysdigSecureClient) GetListsUrl() string {
+	return fmt.Sprintf("%s/api/secure/falco/lists", client.URL)
+}
+
+func (client *sysdigSecureClient) GetListUrl(id int) string {
+	return fmt.Sprintf("%s/api/secure/falco/lists/%d", client.URL, id)
+}
diff --git a/sysdig/secure/models.go b/sysdig/secure/models.go
@@ -206,6 +206,29 @@ func RuleFromJSON(body []byte) (rule Rule, err error) {
 	return
 }
 
+// -------- List --------
+
+type List struct {
+	Name    string `json:"name"`
+	Items   Items  `json:"items"`
+	Append  bool   `json:"append"`
+	ID      int    `json:"id,omitempty"`
+	Version int    `json:"version,omitempty"`
+}
+type Items struct {
+	Items []string `json:"items"`
+}
+
+func (l *List) ToJSON() io.Reader {
+	payload, _ := json.Marshal(l)
+	return bytes.NewBuffer(payload)
+}
+
+func ListFromJSON(body []byte) (list List, err error) {
+	err = json.Unmarshal(body, &list)
+	return
+}
+
 // -------- User --------
 type User struct {
 	ID         int    `json:"id,omitempty"`

diff --git a/sysdig/secure/notification_channels.go b/sysdig/secure/notification_channels.go
@@ -91,7 +91,6 @@ func (client *sysdigSecureClient) UpdateNotificationChannel(ncRequest Notificati
 
 	nc = NotificationChannelFromJSON(body)
 	return
-
 }
 
 func (client *sysdigSecureClient) DeleteNotificationChannel(id int) error {