Skip to content

Commit

Permalink
feat(policy): add custom control (#530)
Browse files Browse the repository at this point in the history 
* add crud for posture control

* add docs

* fix

* add test

* remove

* fix

* fix test

* add acceptance

---------

Co-authored-by: hila1608 <[email protected]>
  • Loading branch information
@hila-krut-sysdig
hila-krut-sysdig and hila-krut-sysdig authored Aug 5, 2024
1 parent daf27af commit 9626096
Show file tree
Hide file tree
Showing 9 changed files with 478 additions and 69 deletions.
140 changes: 72 additions & 68 deletions sysdig/common.go
View file
Original file line number Diff line number Diff line change
@@ -1,72 +1,76 @@
package sysdig

const (
SchemaIDKey = "id"
SchemaTeamIDKey = "team_id"
SchemaPoliciesKey = "policies"
SchemaPolicyIDsKey = "policy_ids"
SchemaAuthorsKey = "authors"
SchemaAuthorKey = "author"
SchemaNameKey = "name"
SchemaEnabledKey = "enabled"
SchemaStatusKey = "status"
SchemaTypeKey = "type"
SchemaKindKey = "kind"
SchemaDescriptionKey = "description"
SchemaVersionKey = "version"
SchemaLinkKey = "link"
SchemaGroupKey = "group"
SchemaLastModifiedBy = "last_modified_by"
SchemaLastUpdated = "last_updated"
SchemaExpirationDateKey = "expiration_date"
SchemaPublishedDateKey = "published_date"
SchemaCreatedDateKey = "date_created"
SchemaMinKubeVersionKey = "min_kube_version"
SchemaMaxKubeVersionKey = "max_kube_version"
SchemaIsCustomKey = "is_custom"
SchemaIsActiveKey = "is_active"
SchemaPlatformKey = "platform"
SchemaZonesKey = "zones"
SchemaZonesIDsKey = "zone_ids"
SchemaAllZones = "all_zones"
SchemaScopeKey = "scope"
SchemaScopesKey = "scopes"
SchemaTargetTypeKey = "target_type"
SchemaRoleKey = "role"
SchemaSystemRoleKey = "system_role"
SchemaRulesKey = "rules"
SchemaApiKeyKey = "api_key"
SchemaPermissionsKey = "permissions"
SchemaMonitorPermKey = "monitor_permissions"
SchemaSecurePermKey = "secure_permissions"
SchemaRequestedPermKey = "requested_permissions"
SchemaEnrichedPermKey = "enriched_permissions"
SchemaSecureThreatDetection = "secure_threat_detection"
SchemaSecureConfigPosture = "secure_config_posture"
SchemaSecureIdentityEntitlement = "secure_identity_entitlement"
SchemaSecureAgentlessScanning = "secure_agentless_scanning"
SchemaMonitorCloudMetrics = "monitor_cloud_metrics"
SchemaType = "type"
SchemaInstance = "instance"
SchemaVersion = "version"
SchemaCloudConnectorMetadata = "cloud_connector_metadata"
SchemaTrustedRoleMetadata = "trusted_role_metadata"
SchemaEventBridgeMetadata = "event_bridge_metadata"
SchemaServicePrincipalMetadata = "service_principal_metadata"
SchemaWebhookDatasourceMetadata = "webhook_datasource_metadata"
SchemaCryptoKeyMetadata = "crypto_key_metadata"
SchemaCloudLogsMetadata = "cloud_logs_metadata"
SchemaEnabled = "enabled"
SchemaComponents = "components"
SchemaComponent = "component"
SchemaCloudProviderId = "provider_id"
SchemaCloudProviderType = "provider_type"
SchemaFeature = "feature"
SchemaManagementAccountId = "management_account_id"
SchemaOrganizationIDKey = "organization_id"
SchemaOrganizationalUnitIds = "organizational_unit_ids"
SchemaCloudProviderTenantId = "provider_tenant_id"
SchemaCloudProviderAlias = "provider_alias"
SchemaAccountId = "account_id"
SchemaFeatureFlags = "flags"
SchemaIDKey = "id"
SchemaTeamIDKey = "team_id"
SchemaPoliciesKey = "policies"
SchemaPolicyIDsKey = "policy_ids"
SchemaAuthorsKey = "authors"
SchemaAuthorKey = "author"
SchemaNameKey = "name"
SchemaEnabledKey = "enabled"
SchemaStatusKey = "status"
SchemaTypeKey = "type"
SchemaResourceKindKey = "resource_kind"
SchemaResourceRegoKey = "rego"
SchemaResourceSeverityKey = "severity"
SchemaResourceRemediationDetailsKey = "remediation_details"
SchemaKindKey = "kind"
SchemaDescriptionKey = "description"
SchemaVersionKey = "version"
SchemaLinkKey = "link"
SchemaGroupKey = "group"
SchemaLastModifiedBy = "last_modified_by"
SchemaLastUpdated = "last_updated"
SchemaExpirationDateKey = "expiration_date"
SchemaPublishedDateKey = "published_date"
SchemaCreatedDateKey = "date_created"
SchemaMinKubeVersionKey = "min_kube_version"
SchemaMaxKubeVersionKey = "max_kube_version"
SchemaIsCustomKey = "is_custom"
SchemaIsActiveKey = "is_active"
SchemaPlatformKey = "platform"
SchemaZonesKey = "zones"
SchemaZonesIDsKey = "zone_ids"
SchemaAllZones = "all_zones"
SchemaScopeKey = "scope"
SchemaScopesKey = "scopes"
SchemaTargetTypeKey = "target_type"
SchemaRoleKey = "role"
SchemaSystemRoleKey = "system_role"
SchemaRulesKey = "rules"
SchemaApiKeyKey = "api_key"
SchemaPermissionsKey = "permissions"
SchemaMonitorPermKey = "monitor_permissions"
SchemaSecurePermKey = "secure_permissions"
SchemaRequestedPermKey = "requested_permissions"
SchemaEnrichedPermKey = "enriched_permissions"
SchemaSecureThreatDetection = "secure_threat_detection"
SchemaSecureConfigPosture = "secure_config_posture"
SchemaSecureIdentityEntitlement = "secure_identity_entitlement"
SchemaSecureAgentlessScanning = "secure_agentless_scanning"
SchemaMonitorCloudMetrics = "monitor_cloud_metrics"
SchemaType = "type"
SchemaInstance = "instance"
SchemaVersion = "version"
SchemaCloudConnectorMetadata = "cloud_connector_metadata"
SchemaTrustedRoleMetadata = "trusted_role_metadata"
SchemaEventBridgeMetadata = "event_bridge_metadata"
SchemaServicePrincipalMetadata = "service_principal_metadata"
SchemaWebhookDatasourceMetadata = "webhook_datasource_metadata"
SchemaCryptoKeyMetadata = "crypto_key_metadata"
SchemaCloudLogsMetadata = "cloud_logs_metadata"
SchemaEnabled = "enabled"
SchemaComponents = "components"
SchemaComponent = "component"
SchemaCloudProviderId = "provider_id"
SchemaCloudProviderType = "provider_type"
SchemaFeature = "feature"
SchemaManagementAccountId = "management_account_id"
SchemaOrganizationIDKey = "organization_id"
SchemaOrganizationalUnitIds = "organizational_unit_ids"
SchemaCloudProviderTenantId = "provider_tenant_id"
SchemaCloudProviderAlias = "provider_alias"
SchemaAccountId = "account_id"
SchemaFeatureFlags = "flags"
)
1 change: 1 addition & 0 deletions sysdig/internal/client/v2/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ type MonitorCommon interface {
type SecureCommon interface {
PosturePolicyInterface
PostureZoneInterface
PostureControlInterface
}

type Requester interface {
Expand Down
25 changes: 25 additions & 0 deletions sysdig/internal/client/v2/model_posture_control.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package v2

type SaveControlRequest struct {
ID string `json:"id,omitempty"`
Name string `json:"name"`
Description string `json:"description"`
ResourceKind string `json:"resourceKind"`
Severity string `json:"severity"`
Rego string `json:"rego"`
RemediationDetails string `json:"remediationDetails"`
}

type SaveControlResponse struct {
Data PostureControl `json:"data"`
}

type PostureControl struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
ResourceKind string `json:"resourceKind"`
Severity string `json:"severity"`
Rego string `json:"rego"`
RemediationDetails string `json:"remediationDetails"`
}
73 changes: 73 additions & 0 deletions sysdig/internal/client/v2/posture_controls.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
package v2

import (
"context"
"fmt"
"net/http"
)

const (
PostureControlSavePath = "%s/api/cspm/v1/policy/controls"
PostureControlGetPath = "%s/api/cspm/v1/policy/controls/view/%d"
PostureControlDeletePath = "%s/api/cspm/v1/policy/controls/%d"
)

type PostureControlInterface interface {
Base
CreateOrUpdatePostureControl(ctx context.Context, p *SaveControlRequest) (*PostureControl, string, error)
GetPostureControl(ctx context.Context, id int64) (*PostureControl, error)
DeletePostureControl(ctx context.Context, id int64) error
}

func (c *Client) CreateOrUpdatePostureControl(ctx context.Context, p *SaveControlRequest) (*PostureControl, string, error) {
payload, err := Marshal(p)
if err != nil {
return nil, "", err
}
response, err := c.requester.Request(ctx, http.MethodPost, c.getPostureControlURL(PostureControlSavePath), payload)
if err != nil {
return nil, "", err
}
defer response.Body.Close()
if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
errStatus, err := c.ErrorAndStatusFromResponse(response)
return nil, errStatus, err
}
resp, err := Unmarshal[SaveControlResponse](response.Body)
if err != nil {
return nil, "", err
}
return &resp.Data, "", nil

}

func (c *Client) GetPostureControl(ctx context.Context, id int64) (*PostureControl, error) {
response, err := c.requester.Request(ctx, http.MethodGet, fmt.Sprintf(PostureControlGetPath, c.config.url, id), nil)
if err != nil {
return nil, err
}
defer response.Body.Close()

wrapper, err := Unmarshal[SaveControlResponse](response.Body)
if err != nil {
return nil, err
}
return &wrapper.Data, nil
}

func (c *Client) DeletePostureControl(ctx context.Context, id int64) error {
response, err := c.requester.Request(ctx, http.MethodDelete, fmt.Sprintf(PostureControlDeletePath, c.config.url, id), nil)
if err != nil {
return err
}
defer response.Body.Close()

if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK && response.StatusCode != http.StatusNotFound {
return c.ErrorFromResponse(response)
}

return nil
}
func (c *Client) getPostureControlURL(path string) string {
return fmt.Sprintf(path, c.config.url)
}
1 change: 1 addition & 0 deletions sysdig/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@ func (p *SysdigProvider) Provider() *schema.Provider {
"sysdig_secure_posture_zone": resourceSysdigSecurePostureZone(),
"sysdig_secure_organization": resourceSysdigSecureOrganization(),
"sysdig_secure_posture_policy": resourceSysdigSecurePosturePolicy(),
"sysdig_secure_posture_control": resourceSysdigSecurePostureControl(),
},
DataSourcesMap: map[string]*schema.Resource{
"sysdig_secure_agentless_scanning_assets": dataSourceSysdigSecureAgentlessScanningAssets(),
Expand Down
Loading

0 comments on commit 9626096

Please sign in to comment.