[datadog_security_monitoring] Update security-monitoring to use new api format (#1584)

* update security-monitoring to use new api format

* make docs

* bump dd go client to latest

Author: skarimo

datadog/data_source_datadog_security_monitoring_rules.go

@@ -121,7 +121,12 @@ func dataSourceDatadogSecurityMonitoringRulesRead(ctx context.Context, d *schema
 			return diag.FromErr(err)
 		}
 
-		for _, rule := range response.GetData() {
+		for _, ruleR := range response.GetData() {
+			if ruleR.SecurityMonitoringStandardRuleResponse == nil {
+				continue
+			}
+
+			rule := ruleR.SecurityMonitoringStandardRuleResponse
 			if !matchesSecMonRuleFilters(rule, nameFilter, defaultFilter, tagFilter) {
 				continue
 			}
@@ -180,7 +185,7 @@ func computeSecMonDataSourceRulesID(nameFilter *string, defaultFilter *bool, tag
 	return fmt.Sprintf("%x", h.Sum(nil))
 }
 
-func buildSecurityMonitoringTfRule(rule datadogV2.SecurityMonitoringRuleResponse) map[string]interface{} {
+func buildSecurityMonitoringTfRule(rule *datadogV2.SecurityMonitoringStandardRuleResponse) map[string]interface{} {
 	tfRule := make(map[string]interface{})
 
 	cases := make([]map[string]interface{}, len(rule.GetCases()))
@@ -242,7 +247,7 @@ func buildSecurityMonitoringTfRule(rule datadogV2.SecurityMonitoringRuleResponse
 }
 
 func matchesSecMonRuleFilters(
-	rule datadogV2.SecurityMonitoringRuleResponse,
+	rule *datadogV2.SecurityMonitoringStandardRuleResponse,
 	nameFilter *string,
 	defaultFilter *bool,
 	tagFilter map[string]bool) bool {

datadog/resource_datadog_security_monitoring_default_rule.go

@@ -120,7 +120,12 @@ func resourceDatadogSecurityMonitoringDefaultRuleRead(ctx context.Context, d *sc
 		return diag.FromErr(err)
 	}
 
-	d.Set("enabled", *ruleResponse.IsEnabled)
+	rule := ruleResponse.SecurityMonitoringStandardRuleResponse
+	if rule == nil {
+		return diag.Errorf("signal rule type is not currently supported")
+	}
+
+	d.Set("enabled", *rule.IsEnabled)
 
 	if v, ok := d.GetOk("case"); ok {
 		tfCasesRaw := v.([]interface{})
@@ -129,7 +134,7 @@ func resourceDatadogSecurityMonitoringDefaultRuleRead(ctx context.Context, d *sc
 			tfCase := tfCaseRaw.(map[string]interface{})
 			var ruleCase *datadogV2.SecurityMonitoringRuleCase
 			tfStatus := datadogV2.SecurityMonitoringRuleSeverity(tfCase["status"].(string))
-			for _, rc := range ruleResponse.GetCases() {
+			for _, rc := range rule.GetCases() {
 				if *rc.Status == tfStatus {
 					ruleCase = &rc
 					break
@@ -146,8 +151,8 @@ func resourceDatadogSecurityMonitoringDefaultRuleRead(ctx context.Context, d *sc
 		}
 	}
 
-	ruleFilters := make([]map[string]interface{}, len(ruleResponse.GetFilters()))
-	for idx, responseRuleFilter := range ruleResponse.GetFilters() {
+	ruleFilters := make([]map[string]interface{}, len(rule.GetFilters()))
+	for idx, responseRuleFilter := range rule.GetFilters() {
 		ruleFilters[idx] = map[string]interface{}{
 			"action": responseRuleFilter.GetAction(),
 			"query":  responseRuleFilter.GetQuery(),
@@ -156,9 +161,9 @@ func resourceDatadogSecurityMonitoringDefaultRuleRead(ctx context.Context, d *sc
 
 	d.Set("filter", ruleFilters)
 
-	d.Set("type", ruleResponse.GetType())
+	d.Set("type", rule.GetType())
 
-	responseOptions := ruleResponse.GetOptions()
+	responseOptions := rule.GetOptions()
 	ruleOptions := []map[string]interface{}{{
 		"decrease_criticality_based_on_env": responseOptions.GetDecreaseCriticalityBasedOnEnv(),
 	}}
@@ -176,7 +181,6 @@ func resourceDatadogSecurityMonitoringDefaultRuleUpdate(ctx context.Context, d *
 	ruleID := d.Id()
 
 	response, httpResponse, err := apiInstances.GetSecurityMonitoringApiV2().GetSecurityMonitoringRule(auth, ruleID)
-
 	if err != nil {
 		if httpResponse != nil && httpResponse.StatusCode == 404 {
 			return diag.FromErr(errors.New("default rule does not exist"))
@@ -188,11 +192,16 @@ func resourceDatadogSecurityMonitoringDefaultRuleUpdate(ctx context.Context, d *
 		return diag.FromErr(err)
 	}
 
-	if !response.GetIsDefault() {
+	rule := response.SecurityMonitoringStandardRuleResponse
+	if rule == nil {
+		return diag.Errorf("signal rule type is not currently supported")
+	}
+
+	if !rule.GetIsDefault() {
 		return diag.FromErr(errors.New("rule is not a default rule"))
 	}
 
-	ruleUpdate, shouldUpdate, err := buildSecMonDefaultRuleUpdatePayload(response, d)
+	ruleUpdate, shouldUpdate, err := buildSecMonDefaultRuleUpdatePayload(rule, d)
 
 	if err != nil {
 		return diag.FromErr(err)
@@ -207,7 +216,7 @@ func resourceDatadogSecurityMonitoringDefaultRuleUpdate(ctx context.Context, d *
 	return nil
 }
 
-func buildSecMonDefaultRuleUpdatePayload(currentState datadogV2.SecurityMonitoringRuleResponse, d *schema.ResourceData) (*datadogV2.SecurityMonitoringRuleUpdatePayload, bool, error) {
+func buildSecMonDefaultRuleUpdatePayload(currentState *datadogV2.SecurityMonitoringStandardRuleResponse, d *schema.ResourceData) (*datadogV2.SecurityMonitoringRuleUpdatePayload, bool, error) {
 	payload := datadogV2.SecurityMonitoringRuleUpdatePayload{}
 
 	isEnabled := d.Get("enabled").(bool)

datadog/resource_datadog_security_monitoring_rule.go

@@ -317,13 +317,13 @@ func resourceDatadogSecurityMonitoringRuleCreate(ctx context.Context, d *schema.
 		return diag.FromErr(err)
 	}
 
-	d.SetId(response.GetId())
+	d.SetId(response.SecurityMonitoringStandardRuleResponse.GetId())
 
 	return nil
 }
 
 func buildCreatePayload(d *schema.ResourceData) (datadogV2.SecurityMonitoringRuleCreatePayload, error) {
-	payload := datadogV2.SecurityMonitoringRuleCreatePayload{}
+	payload := datadogV2.SecurityMonitoringStandardRuleCreatePayload{}
 	payload.Cases = buildCreatePayloadCases(d)
 
 	payload.IsEnabled = d.Get("enabled").(bool)
@@ -357,11 +357,11 @@ func buildCreatePayload(d *schema.ResourceData) (datadogV2.SecurityMonitoringRul
 		if ruleType, err := datadogV2.NewSecurityMonitoringRuleTypeCreateFromValue(v.(string)); err == nil {
 			payload.Type = ruleType
 		} else {
-			return payload, err
+			return datadogV2.SecurityMonitoringStandardRuleCreatePayloadAsSecurityMonitoringRuleCreatePayload(&payload), err
 		}
 	}
 
-	return payload, nil
+	return datadogV2.SecurityMonitoringStandardRuleCreatePayloadAsSecurityMonitoringRuleCreatePayload(&payload), nil
 }
 
 func buildCreatePayloadCases(d *schema.ResourceData) []datadogV2.SecurityMonitoringRuleCaseCreate {
@@ -486,12 +486,12 @@ func extractMapFromInterface(tfOptionsList []interface{}) map[string]interface{}
 	return tfOptions
 }
 
-func buildCreatePayloadQueries(d *schema.ResourceData) []datadogV2.SecurityMonitoringRuleQueryCreate {
+func buildCreatePayloadQueries(d *schema.ResourceData) []datadogV2.SecurityMonitoringStandardRuleQuery {
 	tfQueries := d.Get("query").([]interface{})
-	payloadQueries := make([]datadogV2.SecurityMonitoringRuleQueryCreate, len(tfQueries))
+	payloadQueries := make([]datadogV2.SecurityMonitoringStandardRuleQuery, len(tfQueries))
 	for idx, tfQuery := range tfQueries {
 		query := tfQuery.(map[string]interface{})
-		payloadQuery := datadogV2.SecurityMonitoringRuleQueryCreate{}
+		payloadQuery := datadogV2.SecurityMonitoringStandardRuleQuery{}
 
 		if v, ok := query["aggregation"]; ok {
 			aggregation := datadogV2.SecurityMonitoringRuleQueryAggregation(v.(string))
@@ -577,12 +577,12 @@ func resourceDatadogSecurityMonitoringRuleRead(ctx context.Context, d *schema.Re
 		return diag.FromErr(err)
 	}
 
-	updateResourceDataFromResponse(d, ruleResponse)
+	updateResourceDataFromResponse(d, ruleResponse.SecurityMonitoringStandardRuleResponse)
 
 	return nil
 }
 
-func updateResourceDataFromResponse(d *schema.ResourceData, ruleResponse datadogV2.SecurityMonitoringRuleResponse) {
+func updateResourceDataFromResponse(d *schema.ResourceData, ruleResponse *datadogV2.SecurityMonitoringStandardRuleResponse) {
 	ruleCases := make([]interface{}, len(ruleResponse.GetCases()))
 	for idx := range ruleResponse.GetCases() {
 		ruleCase := make(map[string]interface{})
@@ -653,7 +653,7 @@ func updateResourceDataFromResponse(d *schema.ResourceData, ruleResponse datadog
 	}
 }
 
-func extractFiltersFromRuleResponse(ruleResponse datadogV2.SecurityMonitoringRuleResponse) []interface{} {
+func extractFiltersFromRuleResponse(ruleResponse *datadogV2.SecurityMonitoringStandardRuleResponse) []interface{} {
 	filters := make([]interface{}, len(ruleResponse.GetFilters()))
 	for idx, responseFilter := range ruleResponse.GetFilters() {
 		filter := make(map[string]interface{})
@@ -716,7 +716,7 @@ func resourceDatadogSecurityMonitoringRuleUpdate(ctx context.Context, d *schema.
 		return diag.FromErr(err)
 	}
 
-	updateResourceDataFromResponse(d, response)
+	updateResourceDataFromResponse(d, response.SecurityMonitoringStandardRuleResponse)
 
 	return nil
 }
@@ -774,7 +774,7 @@ func buildUpdatePayload(d *schema.ResourceData) datadogV2.SecurityMonitoringRule
 		payloadQueries := make([]datadogV2.SecurityMonitoringRuleQuery, len(tfQueries))
 		for idx, tfQuery := range tfQueries {
 			query := tfQuery.(map[string]interface{})
-			payloadQuery := datadogV2.SecurityMonitoringRuleQuery{}
+			payloadQuery := datadogV2.SecurityMonitoringStandardRuleQuery{}
 
 			if v, ok := query["aggregation"]; ok {
 				aggregation := datadogV2.SecurityMonitoringRuleQueryAggregation(v.(string))
@@ -819,10 +819,11 @@ func buildUpdatePayload(d *schema.ResourceData) datadogV2.SecurityMonitoringRule
 			}
 
 			queryQuery := query["query"].(string)
-			payloadQuery.Query = &queryQuery
+			payloadQuery.Query = queryQuery
 
-			payloadQueries[idx] = payloadQuery
+			payloadQueries[idx] = datadogV2.SecurityMonitoringStandardRuleQueryAsSecurityMonitoringRuleQuery(&payloadQuery)
 		}
+
 		payload.Queries = payloadQueries
 	}
 

datadog/tests/data_source_datadog_security_monitoring_rules_test.go

@@ -100,7 +100,11 @@ func securityMonitoringCheckRuleCountNameFilter(accProvider func() (*schema.Prov
 
 		ruleCount := 0
 		for _, rule := range *allRules {
-			if strings.Contains(rule.GetName(), name) {
+			if rule.SecurityMonitoringStandardRuleResponse == nil {
+				continue
+			}
+
+			if strings.Contains(rule.SecurityMonitoringStandardRuleResponse.GetName(), name) {
 				ruleCount++
 			}
 		}
@@ -120,7 +124,11 @@ func securityMonitoringCheckRuleCountTagsFilter(accProvider func() (*schema.Prov
 
 		ruleCount := 0
 		for _, rule := range *allRules {
-			for _, tag := range rule.GetTags() {
+			if rule.SecurityMonitoringStandardRuleResponse == nil {
+				continue
+			}
+
+			for _, tag := range rule.SecurityMonitoringStandardRuleResponse.GetTags() {
 				if strings.Contains(tag, filterTag) {
 					ruleCount++
 				}
@@ -141,7 +149,11 @@ func securityMonitoringCheckRuleCountDefaultFilter(accProvider func() (*schema.P
 
 		ruleCount := 0
 		for _, rule := range *allRules {
-			if rule.GetIsDefault() == isDefault {
+			if rule.SecurityMonitoringStandardRuleResponse == nil {
+				continue
+			}
+
+			if rule.SecurityMonitoringStandardRuleResponse.GetIsDefault() == isDefault {
 				ruleCount++
 			}
 		}

docs/resources/security_monitoring_rule.md

@@ -96,7 +96,7 @@ Required:
 Optional:
 
 - `agent_rule` (Block List, Deprecated) **Deprecated**. It won't be applied anymore. **Deprecated.** `agent_rule` has been deprecated in favor of new Agent Rule resource. (see [below for nested schema](#nestedblock--query--agent_rule))
-- `aggregation` (String) The aggregation type. Valid values are `count`, `cardinality`, `sum`, `max`, `new_value`, `geo_data`.
+- `aggregation` (String) The aggregation type. Valid values are `count`, `cardinality`, `sum`, `max`, `new_value`, `geo_data`, `event_count`.
 - `distinct_fields` (List of String) Field for which the cardinality is measured. Sent as an array.
 - `group_by_fields` (List of String) Fields to group by.
 - `metric` (String) The target field to aggregate over when using the `sum`, `max`, or `new_value` aggregations.

go.mod

@@ -1,7 +1,7 @@
 module github.com/terraform-providers/terraform-provider-datadog
 
 require (
-	github.com/DataDog/datadog-api-client-go/v2 v2.2.1-0.20220912161001-91d6ffb4d0dd
+	github.com/DataDog/datadog-api-client-go/v2 v2.3.1
 	github.com/DataDog/dd-sdk-go-testing v0.0.0-20211116174033-1cd082e322ad
 	github.com/dnaeon/go-vcr v1.0.1
 	github.com/hashicorp/go-cleanhttp v0.5.2

go.sum

@@ -1,8 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/DataDog/datadog-api-client-go/v2 v2.2.1-0.20220912161001-91d6ffb4d0dd h1:w8gZX+jeqRf10W32Ri69NO0DPJ/rAU9atOxLacZIkyY=
-github.com/DataDog/datadog-api-client-go/v2 v2.2.1-0.20220912161001-91d6ffb4d0dd/go.mod h1:98b/MtTwSAr/yhTfhCR1oxAqQ/4tMkdrgKH7fYiDA0g=
+github.com/DataDog/datadog-api-client-go/v2 v2.3.1 h1:+0FHme5n4AuJEGmzaN8+n3OWKFLiJoBP+FNI60EqvuU=
+github.com/DataDog/datadog-api-client-go/v2 v2.3.1/go.mod h1:98b/MtTwSAr/yhTfhCR1oxAqQ/4tMkdrgKH7fYiDA0g=
 github.com/DataDog/datadog-go v4.4.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/datadog-go v4.8.3+incompatible h1:fNGaYSuObuQb5nzeTQqowRAd9bpDIRRV4/gUtIBjh8Q=
 github.com/DataDog/datadog-go v4.8.3+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=