From 64589e3300831f70ba821b43c7ceeccd1638c9a9 Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Thu, 24 Nov 2022 12:32:48 +0100 Subject: [PATCH] feat: Make comps optional for falco exceptions (#219) The comps field can be optional in the API, and is automatically evaluated with a default value when imported in Falco and Cloud Connector. --- sysdig/resource_sysdig_secure_rule_falco.go | 4 +++- sysdig/resource_sysdig_secure_rule_falco_test.go | 5 +++++ website/docs/r/secure_rule_falco.md | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/sysdig/resource_sysdig_secure_rule_falco.go b/sysdig/resource_sysdig_secure_rule_falco.go index 5b042a16..221c1f1d 100644 --- a/sysdig/resource_sysdig_secure_rule_falco.go +++ b/sysdig/resource_sysdig_secure_rule_falco.go @@ -74,7 +74,7 @@ func resourceSysdigSecureRuleFalco() *schema.Resource { }, "comps": { Type: schema.TypeList, - Required: true, + Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "values": { @@ -190,6 +190,8 @@ func fieldOrCompsToStringSlice(fields any) ([]string, error) { } case string: elements = append(elements, t) + case nil: + // do nothing default: return nil, fmt.Errorf("unexpected type: %T", t) } diff --git a/sysdig/resource_sysdig_secure_rule_falco_test.go b/sysdig/resource_sysdig_secure_rule_falco_test.go index 91406885..0a07c58c 100644 --- a/sysdig/resource_sysdig_secure_rule_falco_test.go +++ b/sysdig/resource_sysdig_secure_rule_falco_test.go @@ -193,6 +193,11 @@ resource "sysdig_secure_rule_falco" "falco_rule_with_exceptions" { comps = ["in"] values = jsonencode(["foo"]) } + exceptions { + name = "only_one_field_without_comps" + fields = ["ka.req.binding.subjects"] + values = jsonencode(["foo"]) + } } `, name) } diff --git a/website/docs/r/secure_rule_falco.md b/website/docs/r/secure_rule_falco.md index 728d361d..d572b878 100644 --- a/website/docs/r/secure_rule_falco.md +++ b/website/docs/r/secure_rule_falco.md @@ -77,7 +77,7 @@ Supported fields for exceptions: * `name` - (Required) The name of the exception. Only used to provide a handy name, and to potentially link together values in a later rule that has `append = true`. * `fields` - (Required) Contains one or more fields that will extract a value from the syscall/k8s_audit events. -* `comps` - (Required) Contains comparison operators that align 1-1 with the items in the fields property. +* `comps` - (Optional) Contains comparison operators that align 1-1 with the items in the fields property. * `values` - (Required) Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field and comparison operator. Since the value can be a string, a list of strings or a list of a list of strings, the value of this field must be supplied in JSON format. You can use the default `jsonencode` function to provide this value. See the usage example on the top. ## Attributes Reference