feat(notificaion channel): enable all notification channels on ibm se…

…cure (#356)
sysdiglabs · Jun 8, 2023 · af3f215 · af3f215
1 parent adc1497
commit af3f215
Show file tree

Hide file tree

Showing 39 changed files with 510 additions and 82 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Lint
         uses: golangci/golangci-lint-action@v2
         with:
-          args: --timeout 30m --build-tags unit,tf_acc_sysdig_monitor,tf_acc_sysdig_secure,tf_acc_ibm_monitor
+          args: --timeout 30m --build-tags unit,tf_acc_sysdig_monitor,tf_acc_sysdig_secure,tf_acc_ibm_monitor,tf_acc_ibm_secure
 
   test:
     name: Unit Tests
@@ -105,3 +105,28 @@ jobs:
           SYSDIG_IBM_MONITOR_INSTANCE_ID: ${{ secrets.TERRAFORM_IBM_MONITOR_INSTANCE_ID }}
           SYSDIG_IBM_MONITOR_IAM_URL: "https://iam.cloud.ibm.com"
           SYSDIG_MONITOR_URL: "https://eu-gb.monitoring.cloud.ibm.com"
+
+  test-ibm-secure:
+    name: IBM Secure Acceptance Tests
+    runs-on: ubuntu-latest
+    needs: test
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          check-latest: true
+          cache: true
+
+      - name: Test
+        run: make testacc
+        env:
+          TEST_SUITE: tf_acc_ibm_secure
+          SYSDIG_IBM_SECURE_API_KEY: ${{ secrets.TERRAFORM_IBM_API_KEY }}
+          SYSDIG_IBM_SECURE_INSTANCE_ID: ${{ secrets.TERRAFORM_IBM_SECURE_INSTANCE_ID }}
+          SYSDIG_IBM_SECURE_IAM_URL: "https://iam.cloud.ibm.com"
+          SYSDIG_SECURE_URL: "https://eu-gb.monitoring.cloud.ibm.com"
diff --git a/sysdig/clienttype_string.go b/sysdig/clienttype_string.go
diff --git a/sysdig/common_test.go b/sysdig/common_test.go
@@ -10,6 +10,7 @@ const (
 	SysdigMonitorApiTokenEnv  = "SYSDIG_MONITOR_API_TOKEN"
 	SysdigSecureApiTokenEnv   = "SYSDIG_SECURE_API_TOKEN"
 	SysdigIBMMonitorAPIKeyEnv = "SYSDIG_IBM_MONITOR_API_KEY"
+	SysdigIBMSecureAPIKeyEnv  = "SYSDIG_IBM_SECURE_API_KEY"
 )
 
 func isAnyEnvSet(envs ...string) bool {

diff --git a/sysdig/data_source_sysdig_secure_notification_channel_test.go b/sysdig/data_source_sysdig_secure_notification_channel_test.go
@@ -1,10 +1,9 @@
-//go:build tf_acc_sysdig_secure || tf_acc_sysdig_common
+//go:build tf_acc_sysdig_secure || tf_acc_sysdig_common || tf_acc_ibm_secure || tf_acc_ibm_common
 
 package sysdig_test
 
 import (
 	"fmt"
-	"os"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
@@ -18,11 +17,7 @@ func TestAccNotificationChannelDataSource(t *testing.T) {
 	rText := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
 
 	resource.ParallelTest(t, resource.TestCase{
-		PreCheck: func() {
-			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
-				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
-			}
-		},
+		PreCheck: preCheckAnyEnv(t, SysdigSecureApiTokenEnv, SysdigIBMSecureAPIKeyEnv),
 		ProviderFactories: map[string]func() (*schema.Provider, error){
 			"sysdig": func() (*schema.Provider, error) {
 				return sysdig.Provider(), nil

diff --git a/sysdig/internal/client/v2/client.go b/sysdig/internal/client/v2/client.go
@@ -28,6 +28,7 @@ const (
 	SysdigUserAgentHeaderValue = "SysdigTerraform"
 	ContentTypeJSON            = "application/json"
 	ContentTypeFormURLEncoded  = "x-www-form-urlencoded"
+	SysdigProductHeader        = "X-Sysdig-Product"
 )
 
 var (

diff --git a/sysdig/internal/client/v2/config.go b/sysdig/internal/client/v2/config.go
@@ -10,8 +10,16 @@ type config struct {
 	ibmIamURL      string
 	sysdigTeamName string
 	sysdigTeamID   *int
+	product        string
 }
 
+type Product string
+
+const (
+	MonitorProduct Product = "SDC"
+	SecureProduct  Product = "SDS"
+)
+
 type ClientOption func(c *config)
 
 func WithURL(url string) ClientOption {
@@ -68,6 +76,18 @@ func WithSysdigTeamName(teamName string) ClientOption {
 	}
 }
 
+func WithMonitorProduct() ClientOption {
+	return func(c *config) {
+		c.product = string(MonitorProduct)
+	}
+}
+
+func WithSecureProduct() ClientOption {
+	return func(c *config) {
+		c.product = string(SecureProduct)
+	}
+}
+
 func configure(opts ...ClientOption) *config {
 	cfg := &config{}
 	for _, opt := range opts {

diff --git a/sysdig/internal/client/v2/ibm.go b/sysdig/internal/client/v2/ibm.go
@@ -20,6 +20,7 @@ const (
 	IBMAPIKeyGrantType    = "urn:ibm:params:oauth:grant-type:apikey"
 	SysdigTeamIDHeader    = "SysdigTeamID"
 	GetTeamByNamePath     = "/api/v2/teams/light/name/"
+	IBMProductHeader      = "SysdigProduct"
 )
 
 type IBMCommon interface {
@@ -31,6 +32,10 @@ type IBMMonitor interface {
 	MonitorCommon
 }
 
+type IBMSecure interface {
+	IBMCommon
+}
+
 type IBMAccessToken string
 type UnixTimestamp int64
 
@@ -101,6 +106,8 @@ func (ir *IBMRequest) getTeamIDByName(ctx context.Context, name string, token IB
 	r = r.WithContext(ctx)
 	r.Header.Set(IBMInstanceIDHeader, ir.config.ibmInstanceID)
 	r.Header.Set(AuthorizationHeader, fmt.Sprintf("Bearer %s", token))
+	r.Header.Set(SysdigProductHeader, ir.config.product)
+	r.Header.Set(IBMProductHeader, ir.config.product)
 
 	resp, err := request(ir.httpClient, ir.config, r)
 	if err != nil {
@@ -143,6 +150,8 @@ func (ir *IBMRequest) CurrentTeamID(ctx context.Context) (int, error) {
 	user, err := getMe(ctx, ir.config, ir.httpClient, map[string]string{
 		IBMInstanceIDHeader: ir.config.ibmInstanceID,
 		AuthorizationHeader: fmt.Sprintf("Bearer %s", token),
+		SysdigProductHeader: ir.config.product,
+		IBMProductHeader:    ir.config.product,
 	})
 	if err != nil {
 		return -1, err
@@ -179,6 +188,8 @@ func (ir *IBMRequest) Request(ctx context.Context, method string, url string, pa
 	r.Header.Set(SysdigTeamIDHeader, strconv.Itoa(teamID))
 	r.Header.Set(ContentTypeHeader, ContentTypeJSON)
 	r.Header.Set(SysdigProviderHeader, SysdigProviderHeaderValue)
+	r.Header.Set(SysdigProductHeader, ir.config.product)
+	r.Header.Set(IBMProductHeader, ir.config.product)
 
 	return request(ir.httpClient, ir.config, r)
 }
@@ -200,3 +211,7 @@ func newIBMClient(opts ...ClientOption) *Client {
 func NewIBMMonitor(opts ...ClientOption) IBMMonitor {
 	return newIBMClient(opts...)
 }
+
+func NewIBMSecure(opts ...ClientOption) IBMSecure {
+	return newIBMClient(opts...)
+}
diff --git a/sysdig/provider.go b/sysdig/provider.go
@@ -72,6 +72,31 @@ func Provider() *schema.Provider {
 				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_IBM_MONITOR_API_KEY", nil),
 			},
+			"sysdig_secure_team_id": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_SECURE_TEAM_ID", nil),
+			},
+			"sysdig_secure_team_name": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_SECURE_TEAM_NAME", nil),
+			},
+			"ibm_secure_iam_url": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_IBM_SECURE_IAM_URL", nil),
+			},
+			"ibm_secure_instance_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_IBM_SECURE_INSTANCE_ID", nil),
+			},
+			"ibm_secure_api_key": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_IBM_SECURE_API_KEY", nil),
+			},
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"sysdig_user":                 resourceSysdigUser(),

diff --git a/sysdig/resource_sysdig_monitor_notification_channel_email_test.go b/sysdig/resource_sysdig_monitor_notification_channel_email_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor
+//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor || tf_acc_ibm_common
 
 package sysdig_test
 

diff --git a/sysdig/resource_sysdig_monitor_notification_channel_opsgenie_test.go b/sysdig/resource_sysdig_monitor_notification_channel_opsgenie_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor
+//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor || tf_acc_ibm_common
 
 package sysdig_test
 

diff --git a/sysdig/resource_sysdig_monitor_notification_channel_pagerduty_test.go b/sysdig/resource_sysdig_monitor_notification_channel_pagerduty_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor
+//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor || tf_acc_ibm_common
 
 package sysdig_test
 

diff --git a/sysdig/resource_sysdig_monitor_notification_channel_slack_test.go b/sysdig/resource_sysdig_monitor_notification_channel_slack_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor
+//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor || tf_acc_ibm_common
 
 package sysdig_test
 

diff --git a/sysdig/resource_sysdig_monitor_notification_channel_sns_test.go b/sysdig/resource_sysdig_monitor_notification_channel_sns_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor
+//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor || tf_acc_ibm_common
 
 package sysdig_test
 

diff --git a/sysdig/resource_sysdig_monitor_notification_channel_victorops_test.go b/sysdig/resource_sysdig_monitor_notification_channel_victorops_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor
+//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor || tf_acc_ibm_common
 
 package sysdig_test
 

diff --git a/sysdig/resource_sysdig_monitor_notification_channel_webhook_test.go b/sysdig/resource_sysdig_monitor_notification_channel_webhook_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor
+//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_common || tf_acc_ibm_monitor || tf_acc_ibm_common
 
 package sysdig_test
 

diff --git a/sysdig/resource_sysdig_secure_notification_channel_common.go b/sysdig/resource_sysdig_secure_notification_channel_common.go
@@ -15,6 +15,11 @@ func createSecureNotificationChannelSchema(original map[string]*schema.Schema) m
 			Type:     schema.TypeBool,
 			Required: true,
 		},
+		"share_with_current_team": {
+			Type:     schema.TypeBool,
+			Optional: true,
+			Default:  false,
+		},
 		"notify_when_ok": {
 			Type:     schema.TypeBool,
 			Required: true,
@@ -41,10 +46,17 @@ func createSecureNotificationChannelSchema(original map[string]*schema.Schema) m
 	return notificationChannelSchema
 }
 
-func secureNotificationChannelFromResourceData(d *schema.ResourceData) (nc v2.NotificationChannel, err error) {
+func secureNotificationChannelFromResourceData(d *schema.ResourceData, teamID int) (nc v2.NotificationChannel, err error) {
+	var tID *int
+	shareWithCurrentTeam := d.Get("share_with_current_team").(bool)
+	if shareWithCurrentTeam {
+		tID = &teamID
+	}
+
 	nc = v2.NotificationChannel{
 		Name:    d.Get("name").(string),
 		Enabled: d.Get("enabled").(bool),
+		TeamID:  tID,
 		Options: v2.NotificationChannelOptions{
 			NotifyOnOk:           d.Get("notify_when_ok").(bool),
 			NotifyOnResolve:      d.Get("notify_when_resolved").(bool),
@@ -58,6 +70,15 @@ func secureNotificationChannelToResourceData(nc *v2.NotificationChannel, data *s
 	_ = data.Set("version", nc.Version)
 	_ = data.Set("name", nc.Name)
 	_ = data.Set("enabled", nc.Enabled)
+	var shareWithCurrentTeam bool
+	if nc.TeamID != nil {
+		shareWithCurrentTeam = true
+	}
+
+	err = data.Set("share_with_current_team", shareWithCurrentTeam)
+	if err != nil {
+		return err
+	}
 	_ = data.Set("notify_when_ok", nc.Options.NotifyOnOk)
 	_ = data.Set("notify_when_resolved", nc.Options.NotifyOnResolve)
 	_ = data.Set("send_test_notification", nc.Options.SendTestNotification)
@@ -66,5 +87,19 @@ func secureNotificationChannelToResourceData(nc *v2.NotificationChannel, data *s
 }
 
 func getSecureNotificationChannelClient(c SysdigClients) (v2.NotificationChannelInterface, error) {
-	return c.sysdigSecureClientV2()
+	var client v2.NotificationChannelInterface
+	var err error
+	switch c.GetClientType() {
+	case IBMSecure:
+		client, err = c.ibmSecureClient()
+		if err != nil {
+			return nil, err
+		}
+	default:
+		client, err = c.sysdigSecureClientV2()
+		if err != nil {
+			return nil, err
+		}
+	}
+	return client, nil
 }
diff --git a/sysdig/resource_sysdig_secure_notification_channel_email.go b/sysdig/resource_sysdig_secure_notification_channel_email.go
@@ -47,7 +47,12 @@ func resourceSysdigSecureNotificationChannelEmailCreate(ctx context.Context, d *
 		return diag.FromErr(err)
 	}
 
-	notificationChannel, err := secureNotificationChannelEmailFromResourceData(d)
+	teamID, err := client.CurrentTeamID(ctx)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	notificationChannel, err := secureNotificationChannelEmailFromResourceData(d, teamID)
 	if err != nil {
 		return diag.FromErr(err)
 	}
@@ -90,7 +95,12 @@ func resourceSysdigSecureNotificationChannelEmailUpdate(ctx context.Context, d *
 		return diag.FromErr(err)
 	}
 
-	nc, err := secureNotificationChannelEmailFromResourceData(d)
+	teamID, err := client.CurrentTeamID(ctx)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	nc, err := secureNotificationChannelEmailFromResourceData(d, teamID)
 	if err != nil {
 		return diag.FromErr(err)
 	}
@@ -121,8 +131,8 @@ func resourceSysdigSecureNotificationChannelEmailDelete(ctx context.Context, d *
 	return nil
 }
 
-func secureNotificationChannelEmailFromResourceData(d *schema.ResourceData) (nc v2.NotificationChannel, err error) {
-	nc, err = secureNotificationChannelFromResourceData(d)
+func secureNotificationChannelEmailFromResourceData(d *schema.ResourceData, teamID int) (nc v2.NotificationChannel, err error) {
+	nc, err = secureNotificationChannelFromResourceData(d, teamID)
 	if err != nil {
 		return
 	}