Skip to content

Commit 0541fc6

Browse files
temblekingtembleking
committed
fix(resource): handle optional stage attributes in vulnerability policy
1 parent b711e8a commit 0541fc6

File tree

5 files changed

+26
-20
lines changed

5 files changed

+26
-20
lines changed

.envrc

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
export TF_ACC=true
2+
export TF_LOG=DEBUG
3+
dotenv_if_exists .env # You can create a .env file with your env vars for this project. You can also use .secrets if you are using act. See the line below.
4+
dotenv_if_exists .secrets # Used by [act](https://nektosact.com/) to load secrets into the pipelines
5+
strict_env
6+
env_vars_required SYSDIG_SECURE_API_TOKEN SYSDIG_MONITOR_API_TOKEN

.envrc.template

Lines changed: 0 additions & 12 deletions
This file was deleted.

.gitignore

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
*.dll
22
*.exe
33
.DS_Store
4-
.envrc
54
.env
5+
.secrets
66
.direnv/
77
example.tf
88
terraform.tfplan
@@ -54,4 +54,4 @@ oanc
5454
# Local test folder
5555
local-terraform-test/
5656
dist/
57-
.secrets
57+

sysdig/resource_sysdig_secure_vulnerability_policy.go

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,10 @@ func resourceSysdigSecureVulnerabilityPolicy() *schema.Resource {
5656
"stages": {
5757
Type: schema.TypeSet,
5858
Optional: true,
59+
Set: func(a any) int {
60+
in := a.(map[string]any)
61+
return schema.HashString(in["name"])
62+
},
5963
Elem: &schema.Resource{
6064
Schema: map[string]*schema.Schema{
6165
"name": {
@@ -318,11 +322,19 @@ func vulnerabilityPolicyConfigsFromSet(set *schema.Set) []v2.Configuration {
318322
for _, raw := range set.List() {
319323
rawMap := raw.(map[string]any)
320324

321-
out = append(out, v2.Configuration{
322-
Scope: rawMap["scope"].(string),
323-
Behaviour: rawMap["failure_action"].(string),
324-
UnknownImageAction: rawMap["unknown_image_action"].(string),
325-
})
325+
config := v2.Configuration{
326+
Scope: rawMap["scope"].(string),
327+
}
328+
329+
if raw, ok := rawMap["failure_action"]; ok {
330+
config.Behaviour = raw.(string)
331+
}
332+
333+
if raw, ok := rawMap["unknown_image_action"]; ok {
334+
config.UnknownImageAction = raw.(string)
335+
}
336+
337+
out = append(out, config)
326338
}
327339

328340
return out

sysdig/resource_sysdig_secure_vulnerability_policy_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,7 @@ resource "sysdig_secure_vulnerability_policy" "sample" {
9393
stages {
9494
name = "admission_control"
9595
configuration {
96-
scope = "agent.tag.cluster = \"my-cluster\""
96+
scope = "not kubernetes.namespace.name in (\"sysdig\", \"sysdig-agent\")"
9797
failure_action = "reject"
9898
unknown_image_action = "rejectAndScan"
9999
}

0 commit comments

Comments
 (0)