feat(policy): add custom control (#530)

* add crud for posture control

* add docs

* fix

* add test

* remove

* fix

* fix test

* add acceptance

---------

Co-authored-by: hila1608 <[email protected]>

Author: hila-krut-sysdig

sysdig/common.go

@@ -1,72 +1,76 @@
 package sysdig
 
 const (
-	SchemaIDKey                     = "id"
-	SchemaTeamIDKey                 = "team_id"
-	SchemaPoliciesKey               = "policies"
-	SchemaPolicyIDsKey              = "policy_ids"
-	SchemaAuthorsKey                = "authors"
-	SchemaAuthorKey                 = "author"
-	SchemaNameKey                   = "name"
-	SchemaEnabledKey                = "enabled"
-	SchemaStatusKey                 = "status"
-	SchemaTypeKey                   = "type"
-	SchemaKindKey                   = "kind"
-	SchemaDescriptionKey            = "description"
-	SchemaVersionKey                = "version"
-	SchemaLinkKey                   = "link"
-	SchemaGroupKey                  = "group"
-	SchemaLastModifiedBy            = "last_modified_by"
-	SchemaLastUpdated               = "last_updated"
-	SchemaExpirationDateKey         = "expiration_date"
-	SchemaPublishedDateKey          = "published_date"
-	SchemaCreatedDateKey            = "date_created"
-	SchemaMinKubeVersionKey         = "min_kube_version"
-	SchemaMaxKubeVersionKey         = "max_kube_version"
-	SchemaIsCustomKey               = "is_custom"
-	SchemaIsActiveKey               = "is_active"
-	SchemaPlatformKey               = "platform"
-	SchemaZonesKey                  = "zones"
-	SchemaZonesIDsKey               = "zone_ids"
-	SchemaAllZones                  = "all_zones"
-	SchemaScopeKey                  = "scope"
-	SchemaScopesKey                 = "scopes"
-	SchemaTargetTypeKey             = "target_type"
-	SchemaRoleKey                   = "role"
-	SchemaSystemRoleKey             = "system_role"
-	SchemaRulesKey                  = "rules"
-	SchemaApiKeyKey                 = "api_key"
-	SchemaPermissionsKey            = "permissions"
-	SchemaMonitorPermKey            = "monitor_permissions"
-	SchemaSecurePermKey             = "secure_permissions"
-	SchemaRequestedPermKey          = "requested_permissions"
-	SchemaEnrichedPermKey           = "enriched_permissions"
-	SchemaSecureThreatDetection     = "secure_threat_detection"
-	SchemaSecureConfigPosture       = "secure_config_posture"
-	SchemaSecureIdentityEntitlement = "secure_identity_entitlement"
-	SchemaSecureAgentlessScanning   = "secure_agentless_scanning"
-	SchemaMonitorCloudMetrics       = "monitor_cloud_metrics"
-	SchemaType                      = "type"
-	SchemaInstance                  = "instance"
-	SchemaVersion                   = "version"
-	SchemaCloudConnectorMetadata    = "cloud_connector_metadata"
-	SchemaTrustedRoleMetadata       = "trusted_role_metadata"
-	SchemaEventBridgeMetadata       = "event_bridge_metadata"
-	SchemaServicePrincipalMetadata  = "service_principal_metadata"
-	SchemaWebhookDatasourceMetadata = "webhook_datasource_metadata"
-	SchemaCryptoKeyMetadata         = "crypto_key_metadata"
-	SchemaCloudLogsMetadata         = "cloud_logs_metadata"
-	SchemaEnabled                   = "enabled"
-	SchemaComponents                = "components"
-	SchemaComponent                 = "component"
-	SchemaCloudProviderId           = "provider_id"
-	SchemaCloudProviderType         = "provider_type"
-	SchemaFeature                   = "feature"
-	SchemaManagementAccountId       = "management_account_id"
-	SchemaOrganizationIDKey         = "organization_id"
-	SchemaOrganizationalUnitIds     = "organizational_unit_ids"
-	SchemaCloudProviderTenantId     = "provider_tenant_id"
-	SchemaCloudProviderAlias        = "provider_alias"
-	SchemaAccountId                 = "account_id"
-	SchemaFeatureFlags              = "flags"
+	SchemaIDKey                         = "id"
+	SchemaTeamIDKey                     = "team_id"
+	SchemaPoliciesKey                   = "policies"
+	SchemaPolicyIDsKey                  = "policy_ids"
+	SchemaAuthorsKey                    = "authors"
+	SchemaAuthorKey                     = "author"
+	SchemaNameKey                       = "name"
+	SchemaEnabledKey                    = "enabled"
+	SchemaStatusKey                     = "status"
+	SchemaTypeKey                       = "type"
+	SchemaResourceKindKey               = "resource_kind"
+	SchemaResourceRegoKey               = "rego"
+	SchemaResourceSeverityKey           = "severity"
+	SchemaResourceRemediationDetailsKey = "remediation_details"
+	SchemaKindKey                       = "kind"
+	SchemaDescriptionKey                = "description"
+	SchemaVersionKey                    = "version"
+	SchemaLinkKey                       = "link"
+	SchemaGroupKey                      = "group"
+	SchemaLastModifiedBy                = "last_modified_by"
+	SchemaLastUpdated                   = "last_updated"
+	SchemaExpirationDateKey             = "expiration_date"
+	SchemaPublishedDateKey              = "published_date"
+	SchemaCreatedDateKey                = "date_created"
+	SchemaMinKubeVersionKey             = "min_kube_version"
+	SchemaMaxKubeVersionKey             = "max_kube_version"
+	SchemaIsCustomKey                   = "is_custom"
+	SchemaIsActiveKey                   = "is_active"
+	SchemaPlatformKey                   = "platform"
+	SchemaZonesKey                      = "zones"
+	SchemaZonesIDsKey                   = "zone_ids"
+	SchemaAllZones                      = "all_zones"
+	SchemaScopeKey                      = "scope"
+	SchemaScopesKey                     = "scopes"
+	SchemaTargetTypeKey                 = "target_type"
+	SchemaRoleKey                       = "role"
+	SchemaSystemRoleKey                 = "system_role"
+	SchemaRulesKey                      = "rules"
+	SchemaApiKeyKey                     = "api_key"
+	SchemaPermissionsKey                = "permissions"
+	SchemaMonitorPermKey                = "monitor_permissions"
+	SchemaSecurePermKey                 = "secure_permissions"
+	SchemaRequestedPermKey              = "requested_permissions"
+	SchemaEnrichedPermKey               = "enriched_permissions"
+	SchemaSecureThreatDetection         = "secure_threat_detection"
+	SchemaSecureConfigPosture           = "secure_config_posture"
+	SchemaSecureIdentityEntitlement     = "secure_identity_entitlement"
+	SchemaSecureAgentlessScanning       = "secure_agentless_scanning"
+	SchemaMonitorCloudMetrics           = "monitor_cloud_metrics"
+	SchemaType                          = "type"
+	SchemaInstance                      = "instance"
+	SchemaVersion                       = "version"
+	SchemaCloudConnectorMetadata        = "cloud_connector_metadata"
+	SchemaTrustedRoleMetadata           = "trusted_role_metadata"
+	SchemaEventBridgeMetadata           = "event_bridge_metadata"
+	SchemaServicePrincipalMetadata      = "service_principal_metadata"
+	SchemaWebhookDatasourceMetadata     = "webhook_datasource_metadata"
+	SchemaCryptoKeyMetadata             = "crypto_key_metadata"
+	SchemaCloudLogsMetadata             = "cloud_logs_metadata"
+	SchemaEnabled                       = "enabled"
+	SchemaComponents                    = "components"
+	SchemaComponent                     = "component"
+	SchemaCloudProviderId               = "provider_id"
+	SchemaCloudProviderType             = "provider_type"
+	SchemaFeature                       = "feature"
+	SchemaManagementAccountId           = "management_account_id"
+	SchemaOrganizationIDKey             = "organization_id"
+	SchemaOrganizationalUnitIds         = "organizational_unit_ids"
+	SchemaCloudProviderTenantId         = "provider_tenant_id"
+	SchemaCloudProviderAlias            = "provider_alias"
+	SchemaAccountId                     = "account_id"
+	SchemaFeatureFlags                  = "flags"
 )

sysdig/internal/client/v2/client.go

@@ -57,6 +57,7 @@ type MonitorCommon interface {
 type SecureCommon interface {
 	PosturePolicyInterface
 	PostureZoneInterface
+	PostureControlInterface
 }
 
 type Requester interface {

sysdig/internal/client/v2/model_posture_control.go

@@ -0,0 +1,25 @@
+package v2
+
+type SaveControlRequest struct {
+	ID                 string `json:"id,omitempty"`
+	Name               string `json:"name"`
+	Description        string `json:"description"`
+	ResourceKind       string `json:"resourceKind"`
+	Severity           string `json:"severity"`
+	Rego               string `json:"rego"`
+	RemediationDetails string `json:"remediationDetails"`
+}
+
+type SaveControlResponse struct {
+	Data PostureControl `json:"data"`
+}
+
+type PostureControl struct {
+	ID                 string `json:"id"`
+	Name               string `json:"name"`
+	Description        string `json:"description"`
+	ResourceKind       string `json:"resourceKind"`
+	Severity           string `json:"severity"`
+	Rego               string `json:"rego"`
+	RemediationDetails string `json:"remediationDetails"`
+}

sysdig/internal/client/v2/posture_controls.go

@@ -0,0 +1,73 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+const (
+	PostureControlSavePath   = "%s/api/cspm/v1/policy/controls"
+	PostureControlGetPath    = "%s/api/cspm/v1/policy/controls/view/%d"
+	PostureControlDeletePath = "%s/api/cspm/v1/policy/controls/%d"
+)
+
+type PostureControlInterface interface {
+	Base
+	CreateOrUpdatePostureControl(ctx context.Context, p *SaveControlRequest) (*PostureControl, string, error)
+	GetPostureControl(ctx context.Context, id int64) (*PostureControl, error)
+	DeletePostureControl(ctx context.Context, id int64) error
+}
+
+func (c *Client) CreateOrUpdatePostureControl(ctx context.Context, p *SaveControlRequest) (*PostureControl, string, error) {
+	payload, err := Marshal(p)
+	if err != nil {
+		return nil, "", err
+	}
+	response, err := c.requester.Request(ctx, http.MethodPost, c.getPostureControlURL(PostureControlSavePath), payload)
+	if err != nil {
+		return nil, "", err
+	}
+	defer response.Body.Close()
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		errStatus, err := c.ErrorAndStatusFromResponse(response)
+		return nil, errStatus, err
+	}
+	resp, err := Unmarshal[SaveControlResponse](response.Body)
+	if err != nil {
+		return nil, "", err
+	}
+	return &resp.Data, "", nil
+
+}
+
+func (c *Client) GetPostureControl(ctx context.Context, id int64) (*PostureControl, error) {
+	response, err := c.requester.Request(ctx, http.MethodGet, fmt.Sprintf(PostureControlGetPath, c.config.url, id), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	wrapper, err := Unmarshal[SaveControlResponse](response.Body)
+	if err != nil {
+		return nil, err
+	}
+	return &wrapper.Data, nil
+}
+
+func (c *Client) DeletePostureControl(ctx context.Context, id int64) error {
+	response, err := c.requester.Request(ctx, http.MethodDelete, fmt.Sprintf(PostureControlDeletePath, c.config.url, id), nil)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK && response.StatusCode != http.StatusNotFound {
+		return c.ErrorFromResponse(response)
+	}
+
+	return nil
+}
+func (c *Client) getPostureControlURL(path string) string {
+	return fmt.Sprintf(path, c.config.url)
+}

sysdig/provider.go

@@ -193,6 +193,7 @@ func (p *SysdigProvider) Provider() *schema.Provider {
 			"sysdig_secure_posture_zone":                                   resourceSysdigSecurePostureZone(),
 			"sysdig_secure_organization":                                   resourceSysdigSecureOrganization(),
 			"sysdig_secure_posture_policy":                                 resourceSysdigSecurePosturePolicy(),
+			"sysdig_secure_posture_control":                                resourceSysdigSecurePostureControl(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_agentless_scanning_assets":                     dataSourceSysdigSecureAgentlessScanningAssets(),