From c96a3de8d9f2c4a9d2e4a5e7374dc8703acc488d Mon Sep 17 00:00:00 2001 From: hila1608 Date: Mon, 3 Jun 2024 13:22:36 +0300 Subject: [PATCH 1/8] support multi target --- sysdig/common.go | 1 + sysdig/internal/client/v2/model.go | 59 +++++++------ .../resource_sysdig_secure_posture_policy.go | 82 ++++++++++++++++--- 3 files changed, 106 insertions(+), 36 deletions(-) diff --git a/sysdig/common.go b/sysdig/common.go index 1656533ce..955d73328 100644 --- a/sysdig/common.go +++ b/sysdig/common.go @@ -26,6 +26,7 @@ const ( SchemaIsCustomKey = "is_custom" SchemaIsActiveKey = "is_active" SchemaPlatformKey = "platform" + SchemaVersionConstraintKey = "version_constraint" SchemaZonesKey = "zones" SchemaZonesIDsKey = "zone_ids" SchemaAllZones = "all_zones" diff --git a/sysdig/internal/client/v2/model.go b/sysdig/internal/client/v2/model.go index cef033d18..8bbc6421c 100644 --- a/sysdig/internal/client/v2/model.go +++ b/sysdig/internal/client/v2/model.go @@ -944,21 +944,29 @@ type PosturePolicy struct { } type FullPosturePolicy struct { - ID string `json:"id,omitempty"` - Name string `json:"name,omitempty"` - Type string `json:"type,omitempty"` - Description string `json:"description,omitempty"` - Version string `json:"version,omitempty"` - Link string `json:"link,omitempty"` - Authors string `json:"authors,omitempty"` - PublishedData string `json:"publishedDate,omitempty"` - RequirementsGroup []RequirementsGroup `json:"requirementFolders,omitempty"` - MinKubeVersion float64 `json:"minKubeVersion,omitempty"` - MaxKubeVersion float64 `json:"maxKubeVersion,omitempty"` - IsCustom bool `json:"isCustom,omitempty"` - IsActive bool `json:"isActive,omitempty"` - Platform string `json:"platform,omitempty"` + ID string `json:"id,omitempty"` + Name string `json:"name,omitempty"` + Type string `json:"type,omitempty"` + Description string `json:"description,omitempty"` + Version string `json:"version,omitempty"` + Link string `json:"link,omitempty"` + Authors string `json:"authors,omitempty"` + PublishedData string `json:"publishedDate,omitempty"` + RequirementsGroup []RequirementsGroup `json:"requirementFolders,omitempty"` + MinKubeVersion float64 `json:"minKubeVersion,omitempty"` + MaxKubeVersion float64 `json:"maxKubeVersion,omitempty"` + IsCustom bool `json:"isCustom,omitempty"` + IsActive bool `json:"isActive,omitempty"` + Platform string `json:"platform,omitempty"` + VersionConstraints []VersionConstraint `json:"versionConstraints,omitempty"` +} + +type VersionConstraint struct { + Platform string `json:"platform"` + MinKubeVersion float64 `json:"minKubeVersion,omitempty"` + MaxKubeVersion float64 `json:"maxKubeVersion,omitempty"` } + type RequirementsGroup struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` @@ -984,17 +992,18 @@ type Control struct { } type CreatePosturePolicy struct { - ID string `json:"id,omitempty"` - Name string `json:"name,omitempty"` - Description string `json:"description,omitempty"` - Type string `json:"type,omitempty"` - Link string `json:"link,omitempty"` - Version string `json:"version,omitempty"` - RequirementGroups []CreateRequirementsGroup `json:"groups,omitempty"` - MinKubeVersion float64 `json:"minKubeVersion,omitempty"` - MaxKubeVersion float64 `json:"maxKubeVersion,omitempty"` - IsActive bool `json:"isActive,omitempty"` - Platform string `json:"platform,omitempty"` + ID string `json:"id,omitempty"` + Name string `json:"name,omitempty"` + Description string `json:"description,omitempty"` + Type string `json:"type,omitempty"` + Link string `json:"link,omitempty"` + Version string `json:"version,omitempty"` + RequirementGroups []CreateRequirementsGroup `json:"groups,omitempty"` + MinKubeVersion float64 `json:"minKubeVersion,omitempty"` + MaxKubeVersion float64 `json:"maxKubeVersion,omitempty"` + IsActive bool `json:"isActive,omitempty"` + Platform string `json:"platform,omitempty"` + VersionConstraints []VersionConstraint `json:"versionConstraints,omitempty"` } type CreateRequirementsGroup struct { diff --git a/sysdig/resource_sysdig_secure_posture_policy.go b/sysdig/resource_sysdig_secure_posture_policy.go index edc1aaff6..5c1c221eb 100644 --- a/sysdig/resource_sysdig_secure_posture_policy.go +++ b/sysdig/resource_sysdig_secure_posture_policy.go @@ -156,6 +156,7 @@ func resourceSysdigSecurePosturePolicy() *schema.Resource { SchemaTypeKey: { Type: schema.TypeString, Optional: true, + Default: "Unknown", }, SchemaLinkKey: { Type: schema.TypeString, @@ -178,7 +179,26 @@ func resourceSysdigSecurePosturePolicy() *schema.Resource { SchemaPlatformKey: { Type: schema.TypeString, Optional: true, - Default: "", + }, + SchemaVersionConstraintKey: { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + SchemaMinKubeVersionKey: { + Type: schema.TypeFloat, + Optional: true, + }, + SchemaMaxKubeVersionKey: { + Type: schema.TypeFloat, + Optional: true, + }, + SchemaPlatformKey: { + Type: schema.TypeString, + Optional: true, + }, + }, + }, }, SchemaGroupKey: { Type: schema.TypeList, @@ -198,18 +218,20 @@ func resourceSysdigSecurePosturePolicyCreateOrUpdate(ctx context.Context, d *sch groups := extractGroupsRecursive(d.Get(SchemaGroupKey)) req := &v2.CreatePosturePolicy{ - ID: getStringValue(d, SchemaIDKey), - Name: getStringValue(d, SchemaNameKey), - Type: getStringValue(d, SchemaTypeKey), - Description: getStringValue(d, SchemaDescriptionKey), - MinKubeVersion: getFloatValue(d, SchemaMinKubeVersionKey), - MaxKubeVersion: getFloatValue(d, SchemaMaxKubeVersionKey), - IsActive: getBoolValue(d, SchemaIsActiveKey), - Platform: getStringValue(d, SchemaPlatformKey), - Link: getStringValue(d, SchemaLinkKey), - RequirementGroups: groups, + ID: getStringValue(d, SchemaIDKey), + Name: getStringValue(d, SchemaNameKey), + Type: getStringValue(d, SchemaTypeKey), + Description: getStringValue(d, SchemaDescriptionKey), + MinKubeVersion: getFloatValue(d, SchemaMinKubeVersionKey), + MaxKubeVersion: getFloatValue(d, SchemaMaxKubeVersionKey), + IsActive: getBoolValue(d, SchemaIsActiveKey), + Platform: getStringValue(d, SchemaPlatformKey), + VersionConstraints: getVersionConstraintsValue(d, SchemaVersionConstraintKey), + Link: getStringValue(d, SchemaLinkKey), + RequirementGroups: groups, } new, errStatus, err := client.CreateOrUpdatePosturePolicy(ctx, req) + if err != nil { return diag.Errorf("Error creating new policy with groups. error status: %s err: %s", errStatus, err) } @@ -279,6 +301,8 @@ func resourceSysdigSecurePosturePolicyRead(ctx context.Context, d *schema.Resour return diag.FromErr(err) } + err = d.Set(SchemaVersionConstraintKey, setVersionConstraints(d, SchemaVersionConstraintKey, policy.VersionConstraints)) + // Set groups if err := setGroups(d, policy.RequirementsGroup); err != nil { return diag.FromErr(err) @@ -372,6 +396,25 @@ func getStringValue(d *schema.ResourceData, key string) string { return "" } +// Helper function to retrieve version constraints value from ResourceData and handle nil case +func getVersionConstraintsValue(d *schema.ResourceData, key string) []v2.VersionConstraint { + pvc := []v2.VersionConstraint{} + versionContraintsMap, ok := d.Get(key).([]interface{}) + if !ok { + return nil + } + for _, vc := range versionContraintsMap { + vcMap := vc.(map[string]interface{}) + versionConstraint := v2.VersionConstraint{ + MinKubeVersion: vcMap["min_kube_version"].(float64), + MaxKubeVersion: vcMap["max_kube_version"].(float64), + Platform: vcMap["platform"].(string), + } + pvc = append(pvc, versionConstraint) + } + return pvc +} + // Helper function to retrieve float64 value from ResourceData and handle nil case func getFloatValue(d *schema.ResourceData, key string) float64 { if value, ok := d.GetOk(key); ok { @@ -436,3 +479,20 @@ func extractGroupsRecursive(data interface{}) []v2.CreateRequirementsGroup { return groups } + +// Helper function to set version constraints in the Terraform schema +func setVersionConstraints(d *schema.ResourceData, key string, constraints []v2.VersionConstraint) error { + var constraintsList []map[string]interface{} + for _, vc := range constraints { + constraintsList = append(constraintsList, map[string]interface{}{ + "min_kube_version": vc.MinKubeVersion, + "max_kube_version": vc.MaxKubeVersion, + "platform": vc.Platform, + }) + } + + if err := d.Set(key, constraintsList); err != nil { + return err + } + return nil +} From 1f4a0fdad25178c752a27d724d1542a270d748e9 Mon Sep 17 00:00:00 2001 From: hila1608 Date: Thu, 6 Jun 2024 09:35:16 +0300 Subject: [PATCH 2/8] change names --- sysdig/common.go | 2 ++ sysdig/internal/client/v2/model.go | 4 ++-- sysdig/resource_sysdig_secure_posture_policy.go | 12 ++++++------ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/sysdig/common.go b/sysdig/common.go index 955d73328..0131693fd 100644 --- a/sysdig/common.go +++ b/sysdig/common.go @@ -23,6 +23,8 @@ const ( SchemaCreatedDateKey = "date_created" SchemaMinKubeVersionKey = "min_kube_version" SchemaMaxKubeVersionKey = "max_kube_version" + SchemaMinVersionKey = "min_version" + SchemaMaxVersionKey = "max_version" SchemaIsCustomKey = "is_custom" SchemaIsActiveKey = "is_active" SchemaPlatformKey = "platform" diff --git a/sysdig/internal/client/v2/model.go b/sysdig/internal/client/v2/model.go index 8bbc6421c..46aa7f7ba 100644 --- a/sysdig/internal/client/v2/model.go +++ b/sysdig/internal/client/v2/model.go @@ -958,7 +958,7 @@ type FullPosturePolicy struct { IsCustom bool `json:"isCustom,omitempty"` IsActive bool `json:"isActive,omitempty"` Platform string `json:"platform,omitempty"` - VersionConstraints []VersionConstraint `json:"versionConstraints,omitempty"` + VersionConstraints []VersionConstraint `json:"targets,omitempty"` } type VersionConstraint struct { @@ -1003,7 +1003,7 @@ type CreatePosturePolicy struct { MaxKubeVersion float64 `json:"maxKubeVersion,omitempty"` IsActive bool `json:"isActive,omitempty"` Platform string `json:"platform,omitempty"` - VersionConstraints []VersionConstraint `json:"versionConstraints,omitempty"` + VersionConstraints []VersionConstraint `json:"targets,omitempty"` } type CreateRequirementsGroup struct { diff --git a/sysdig/resource_sysdig_secure_posture_policy.go b/sysdig/resource_sysdig_secure_posture_policy.go index 5c1c221eb..8054241c6 100644 --- a/sysdig/resource_sysdig_secure_posture_policy.go +++ b/sysdig/resource_sysdig_secure_posture_policy.go @@ -406,9 +406,9 @@ func getVersionConstraintsValue(d *schema.ResourceData, key string) []v2.Version for _, vc := range versionContraintsMap { vcMap := vc.(map[string]interface{}) versionConstraint := v2.VersionConstraint{ - MinKubeVersion: vcMap["min_kube_version"].(float64), - MaxKubeVersion: vcMap["max_kube_version"].(float64), - Platform: vcMap["platform"].(string), + MinKubeVersion: vcMap[SchemaMinVersionKey].(float64), + MaxKubeVersion: vcMap[SchemaMaxVersionKey].(float64), + Platform: vcMap[SchemaPlatformKey].(string), } pvc = append(pvc, versionConstraint) } @@ -485,9 +485,9 @@ func setVersionConstraints(d *schema.ResourceData, key string, constraints []v2. var constraintsList []map[string]interface{} for _, vc := range constraints { constraintsList = append(constraintsList, map[string]interface{}{ - "min_kube_version": vc.MinKubeVersion, - "max_kube_version": vc.MaxKubeVersion, - "platform": vc.Platform, + "min_version": vc.MinKubeVersion, + "max_version": vc.MaxKubeVersion, + "platform": vc.Platform, }) } From 8cdd14f889bb872fa71beeca36c4d4bb3a9c8951 Mon Sep 17 00:00:00 2001 From: hila1608 Date: Thu, 6 Jun 2024 11:28:17 +0300 Subject: [PATCH 3/8] change name field --- sysdig/internal/client/v2/model.go | 6 ++--- .../resource_sysdig_secure_posture_policy.go | 23 +++++++++++++------ 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/sysdig/internal/client/v2/model.go b/sysdig/internal/client/v2/model.go index 46aa7f7ba..4f275040e 100644 --- a/sysdig/internal/client/v2/model.go +++ b/sysdig/internal/client/v2/model.go @@ -962,9 +962,9 @@ type FullPosturePolicy struct { } type VersionConstraint struct { - Platform string `json:"platform"` - MinKubeVersion float64 `json:"minKubeVersion,omitempty"` - MaxKubeVersion float64 `json:"maxKubeVersion,omitempty"` + Platform string `json:"platform"` + MinVersion float64 `json:"minVersion,omitempty"` + MaxVersion float64 `json:"maxVersion,omitempty"` } type RequirementsGroup struct { diff --git a/sysdig/resource_sysdig_secure_posture_policy.go b/sysdig/resource_sysdig_secure_posture_policy.go index 8054241c6..4d04a6db6 100644 --- a/sysdig/resource_sysdig_secure_posture_policy.go +++ b/sysdig/resource_sysdig_secure_posture_policy.go @@ -185,11 +185,11 @@ func resourceSysdigSecurePosturePolicy() *schema.Resource { Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - SchemaMinKubeVersionKey: { + SchemaMinVersionKey: { Type: schema.TypeFloat, Optional: true, }, - SchemaMaxKubeVersionKey: { + SchemaMaxVersionKey: { Type: schema.TypeFloat, Optional: true, }, @@ -230,6 +230,7 @@ func resourceSysdigSecurePosturePolicyCreateOrUpdate(ctx context.Context, d *sch Link: getStringValue(d, SchemaLinkKey), RequirementGroups: groups, } + new, errStatus, err := client.CreateOrUpdatePosturePolicy(ctx, req) if err != nil { @@ -405,10 +406,18 @@ func getVersionConstraintsValue(d *schema.ResourceData, key string) []v2.Version } for _, vc := range versionContraintsMap { vcMap := vc.(map[string]interface{}) + minVersion := 0.0 + maxVersion := 0.0 + if vcMap["min_version"] != nil { + minVersion = vcMap["min_version"].(float64) + } + if vcMap["max_version"] != nil { + maxVersion = vcMap["max_version"].(float64) + } versionConstraint := v2.VersionConstraint{ - MinKubeVersion: vcMap[SchemaMinVersionKey].(float64), - MaxKubeVersion: vcMap[SchemaMaxVersionKey].(float64), - Platform: vcMap[SchemaPlatformKey].(string), + MinVersion: minVersion, + MaxVersion: maxVersion, + Platform: vcMap["platform"].(string), } pvc = append(pvc, versionConstraint) } @@ -485,8 +494,8 @@ func setVersionConstraints(d *schema.ResourceData, key string, constraints []v2. var constraintsList []map[string]interface{} for _, vc := range constraints { constraintsList = append(constraintsList, map[string]interface{}{ - "min_version": vc.MinKubeVersion, - "max_version": vc.MaxKubeVersion, + "min_version": vc.MinVersion, + "max_version": vc.MaxVersion, "platform": vc.Platform, }) } From 15ee7c5ed259a86142dee2e96df042e3cb420640 Mon Sep 17 00:00:00 2001 From: hila1608 Date: Thu, 6 Jun 2024 15:10:51 +0300 Subject: [PATCH 4/8] fix set version constraints --- sysdig/resource_sysdig_secure_posture_policy.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/sysdig/resource_sysdig_secure_posture_policy.go b/sysdig/resource_sysdig_secure_posture_policy.go index 4d04a6db6..4e91ed06c 100644 --- a/sysdig/resource_sysdig_secure_posture_policy.go +++ b/sysdig/resource_sysdig_secure_posture_policy.go @@ -302,8 +302,11 @@ func resourceSysdigSecurePosturePolicyRead(ctx context.Context, d *schema.Resour return diag.FromErr(err) } - err = d.Set(SchemaVersionConstraintKey, setVersionConstraints(d, SchemaVersionConstraintKey, policy.VersionConstraints)) + err = setVersionConstraints(d, SchemaVersionConstraintKey, policy.VersionConstraints) + if err != nil { + return diag.FromErr(err) + } // Set groups if err := setGroups(d, policy.RequirementsGroup); err != nil { return diag.FromErr(err) @@ -491,16 +494,16 @@ func extractGroupsRecursive(data interface{}) []v2.CreateRequirementsGroup { // Helper function to set version constraints in the Terraform schema func setVersionConstraints(d *schema.ResourceData, key string, constraints []v2.VersionConstraint) error { - var constraintsList []map[string]interface{} + var constraintsData []interface{} for _, vc := range constraints { - constraintsList = append(constraintsList, map[string]interface{}{ + constraint := map[string]interface{}{ "min_version": vc.MinVersion, "max_version": vc.MaxVersion, "platform": vc.Platform, - }) + } + constraintsData = append(constraintsData, constraint) } - - if err := d.Set(key, constraintsList); err != nil { + if err := d.Set(key, constraintsData); err != nil { return err } return nil From 4865efc09db2f24f5329c8a1b70aba855d45c14d Mon Sep 17 00:00:00 2001 From: hila1608 Date: Thu, 25 Jul 2024 10:44:48 +0300 Subject: [PATCH 5/8] add multi targets to docs --- website/docs/r/secure_posture_policy.md | 120 +++++++++++++++--------- 1 file changed, 76 insertions(+), 44 deletions(-) diff --git a/website/docs/r/secure_posture_policy.md b/website/docs/r/secure_posture_policy.md index 9698e4139..26e81cce8 100644 --- a/website/docs/r/secure_posture_policy.md +++ b/website/docs/r/secure_posture_policy.md @@ -16,41 +16,60 @@ Creates a Sysdig Secure Posture Policy. ```terraform resource "sysdig_secure_posture_policy" "example" { - name = "demo policy" - type = "kubernetes" - platform = "vanilla" - max_kube_version = 2.0 - description = "demo create policy from terraform" - group { - name = "Security" - description = "Security description" - requirement{ - name = "Security Enforce access control" - description = "Enforce description" - control { - name = "Create Pods" - enabled = false - } - control { - name = "Kubelet - Disabled AlwaysAllowed Authorization" - } - } + name = "demo policy" + type = "kubernetes" + platform = "Vanilla" // Currently supported, but will be deprecated in the future + min_kube_version = 1.5 // Currently supported, but will be deprecated in the future + max_kube_version = 2.0 // Currently supported, but will be deprecated in the future + description = "demo create policy from terraform" + + // New targets field to specify version constraints + targets = [ + { + platform = "Vanilla" + minVersion = 1.5 + maxVersion = 2.0 + } + ] + + group { + name = "Security" + description = "Security description" + + requirement { + name = "Security Enforce access control" + description = "Enforce description" + + control { + name = "Create Pods" + enabled = false } - group { - name = "Data protection" - description = "Data protection description" - requirement{ - name = "Enforce access control" - description = "Enforce description" - control { - name = "Create Pods" - } - control { - name = "Kubelet - Disabled AlwaysAllowed Authorization" - } - } + + control { + name = "Kubelet - Disabled AlwaysAllowed Authorization" + } + } + } + + group { + name = "Data protection" + description = "Data protection description" + + requirement { + name = "Enforce access control" + description = "Enforce description" + + control { + name = "Create Pods" + } + + control { + name = "Kubelet - Disabled AlwaysAllowed Authorization" } + } + } } + ``` ## Argument Reference @@ -66,20 +85,33 @@ resource "sysdig_secure_posture_policy" "example" { - Linux - `linux` - Docker - `docker` - OCI - `oci` -* `min_kube_version` - (Optional) Policy minimum Kubernetes version, eg. `1.24` -* `max_kube_version` - (Optional) Policy maximum Kubernetes version, eg. `1.26` -* `is_active` - (Optional) Policy is active flag (active means policy is published, not active means policy is draft). by default is true. -* `platform` - (Optional) Policy platform: - - IKS - `iks`, - - GKE - `gke`, - - Vanilla - `vanilla`, - - AKS - `aks`, - - RKE2 - `rke2`, - - OCP4 - `ocp4`, - - MKE - `mke`, - - EKS - `eks`, + * `platform`: (Optional) Platform for which the policy applies. This field will be deprecated in the future, and you should use the targets field instead to describe policy platform and version. Supported platforms include: + + IKS - iks + GKE - gke + Vanilla - vanilla + AKS - aks + RKE2 - rke2 + OCP4 - ocp4 + MKE - mke + EKS - eks + OCI - oci + +* `minKubeVersion`: (Optional) Policy minimum Kubernetes version, e.g., 1.24. This field will be deprecated in the future, and you should use the targets field instead to describe policy platform and version. + +* `maxKubeVersion`: (Optional) Policy maximum Kubernetes version, e.g., 1.26. This field will be deprecated in the future, and you should use the targets field instead to describe policy platform and version. + +* `targets`:(Optional) Specifies target platforms and version ranges. This field should replace Platform, MinKubeVersion, and MaxKubeVersion for more flexible and detailed policy descriptions. + + Note: The fields Platform, MinKubeVersion, and MaxKubeVersion will be deprecated in the future. We recommend using the targets field now to describe policy platform and version constraints + * `groups` - (Optional) Group block defines list of groups attached to Policy +### Targetd block + - `platform` (Optional): Name of the target platform (e.g., IKS, AWS). + - `minVersion` (Optional): Minimum version of the platform.(e.g., 1.24) + - `maxVersion` (Optional): Maximum version of the platform. (e.g., 1.26) + ### Groups block - `name` - (Required) The name of the Posture Policy Group. - `description` - (Required) The description of the Posture Policy Group. From 05bff00107f657626c7d8e902ba6b025c4255571 Mon Sep 17 00:00:00 2001 From: hila1608 Date: Thu, 25 Jul 2024 10:50:18 +0300 Subject: [PATCH 6/8] fix name field --- sysdig/common.go | 2 +- sysdig/resource_sysdig_secure_posture_policy.go | 6 +++--- website/docs/r/secure_posture_policy.md | 11 +++++------ 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/sysdig/common.go b/sysdig/common.go index 0131693fd..6ee46126a 100644 --- a/sysdig/common.go +++ b/sysdig/common.go @@ -28,7 +28,7 @@ const ( SchemaIsCustomKey = "is_custom" SchemaIsActiveKey = "is_active" SchemaPlatformKey = "platform" - SchemaVersionConstraintKey = "version_constraint" + SchemaTargetKey = "target" SchemaZonesKey = "zones" SchemaZonesIDsKey = "zone_ids" SchemaAllZones = "all_zones" diff --git a/sysdig/resource_sysdig_secure_posture_policy.go b/sysdig/resource_sysdig_secure_posture_policy.go index 9240e3b15..a04a905eb 100644 --- a/sysdig/resource_sysdig_secure_posture_policy.go +++ b/sysdig/resource_sysdig_secure_posture_policy.go @@ -180,7 +180,7 @@ func resourceSysdigSecurePosturePolicy() *schema.Resource { Type: schema.TypeString, Optional: true, }, - SchemaVersionConstraintKey: { + SchemaTargetKey: { Type: schema.TypeList, Optional: true, Elem: &schema.Resource{ @@ -226,7 +226,7 @@ func resourceSysdigSecurePosturePolicyCreateOrUpdate(ctx context.Context, d *sch MaxKubeVersion: getFloatValue(d, SchemaMaxKubeVersionKey), IsActive: getBoolValue(d, SchemaIsActiveKey), Platform: getStringValue(d, SchemaPlatformKey), - VersionConstraints: getVersionConstraintsValue(d, SchemaVersionConstraintKey), + VersionConstraints: getVersionConstraintsValue(d, SchemaTargetKey), Link: getStringValue(d, SchemaLinkKey), RequirementGroups: groups, } @@ -302,7 +302,7 @@ func resourceSysdigSecurePosturePolicyRead(ctx context.Context, d *schema.Resour return diag.FromErr(err) } - err = setVersionConstraints(d, SchemaVersionConstraintKey, policy.VersionConstraints) + err = setVersionConstraints(d, SchemaTargetKey, policy.VersionConstraints) if err != nil { return diag.FromErr(err) diff --git a/website/docs/r/secure_posture_policy.md b/website/docs/r/secure_posture_policy.md index 26e81cce8..229bdae0e 100644 --- a/website/docs/r/secure_posture_policy.md +++ b/website/docs/r/secure_posture_policy.md @@ -24,13 +24,12 @@ resource "sysdig_secure_posture_policy" "example" { description = "demo create policy from terraform" // New targets field to specify version constraints - targets = [ + target = { platform = "Vanilla" minVersion = 1.5 maxVersion = 2.0 } - ] group { name = "Security" @@ -101,18 +100,18 @@ resource "sysdig_secure_posture_policy" "example" { * `maxKubeVersion`: (Optional) Policy maximum Kubernetes version, e.g., 1.26. This field will be deprecated in the future, and you should use the targets field instead to describe policy platform and version. -* `targets`:(Optional) Specifies target platforms and version ranges. This field should replace Platform, MinKubeVersion, and MaxKubeVersion for more flexible and detailed policy descriptions. +* `target`:(Optional) Specifies target platforms and version ranges. This field should replace Platform, MinKubeVersion, and MaxKubeVersion for more flexible and detailed policy descriptions. Note: The fields Platform, MinKubeVersion, and MaxKubeVersion will be deprecated in the future. We recommend using the targets field now to describe policy platform and version constraints -* `groups` - (Optional) Group block defines list of groups attached to Policy +* `group` - (Optional) Group block defines list of groups attached to Policy -### Targetd block +### Target block - `platform` (Optional): Name of the target platform (e.g., IKS, AWS). - `minVersion` (Optional): Minimum version of the platform.(e.g., 1.24) - `maxVersion` (Optional): Maximum version of the platform. (e.g., 1.26) -### Groups block +### Group block - `name` - (Required) The name of the Posture Policy Group. - `description` - (Required) The description of the Posture Policy Group. - `requirements` - (Optional) Requirements block defines list of requirements attached to Group From a52dcb322d94a55fc9123d067c3e7194c46b6570 Mon Sep 17 00:00:00 2001 From: hila1608 Date: Thu, 25 Jul 2024 10:52:48 +0300 Subject: [PATCH 7/8] fix --- website/docs/r/secure_posture_policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/secure_posture_policy.md b/website/docs/r/secure_posture_policy.md index 229bdae0e..e5fec3efe 100644 --- a/website/docs/r/secure_posture_policy.md +++ b/website/docs/r/secure_posture_policy.md @@ -24,7 +24,7 @@ resource "sysdig_secure_posture_policy" "example" { description = "demo create policy from terraform" // New targets field to specify version constraints - target = + target { platform = "Vanilla" minVersion = 1.5 From e3120f3a973166c8a5b44a4aa936d7c893d09751 Mon Sep 17 00:00:00 2001 From: hila1608 Date: Thu, 25 Jul 2024 10:53:37 +0300 Subject: [PATCH 8/8] fix --- website/docs/r/secure_posture_policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/r/secure_posture_policy.md b/website/docs/r/secure_posture_policy.md index e5fec3efe..171ef0af2 100644 --- a/website/docs/r/secure_posture_policy.md +++ b/website/docs/r/secure_posture_policy.md @@ -106,12 +106,12 @@ resource "sysdig_secure_posture_policy" "example" { * `group` - (Optional) Group block defines list of groups attached to Policy -### Target block +### Targets block - `platform` (Optional): Name of the target platform (e.g., IKS, AWS). - `minVersion` (Optional): Minimum version of the platform.(e.g., 1.24) - `maxVersion` (Optional): Maximum version of the platform. (e.g., 1.26) -### Group block +### Groups block - `name` - (Required) The name of the Posture Policy Group. - `description` - (Required) The description of the Posture Policy Group. - `requirements` - (Optional) Requirements block defines list of requirements attached to Group