remove multi_policy_agent_rule resource

Author: QuentinGuillard

datadog/data_source_datadog_cloud_workload_security_agent_rules.go

@@ -0,0 +1,100 @@
+package datadog
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/terraform-providers/terraform-provider-datadog/datadog/internal/utils"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceDatadogCloudWorkloadSecurityAgentRules() *schema.Resource {
+	return &schema.Resource{
+		Description:        "Use this data source to retrieve information about existing Cloud Workload Security Agent Rules for use in other resources. Deprecated, use datadog_csm_threats_agent_rules data source instead: https://registry.terraform.io/providers/DataDog/datadog/latest/docs/data-sources/csm_threats_agent_rules",
+		DeprecationMessage: "This data source is deprecated — use the datadog_csm_threats_agent_rules data source instead: https://registry.terraform.io/providers/DataDog/datadog/latest/docs/data-sources/csm_threats_agent_rules",
+		ReadContext:        dataSourceDatadogCloudWorkloadSecurityAgentRulesRead,
+
+		SchemaFunc: func() map[string]*schema.Schema {
+			return map[string]*schema.Schema{
+				// Computed
+				"agent_rules": {
+					Description: "List of Agent rules.",
+					Type:        schema.TypeList,
+					Computed:    true,
+					Elem: &schema.Resource{
+						Schema: map[string]*schema.Schema{
+							"id": {
+								Type:        schema.TypeString,
+								Computed:    true,
+								Description: "The id of the Agent rule.",
+							},
+							"description": {
+								Type:        schema.TypeString,
+								Computed:    true,
+								Description: "The description of the Agent rule.",
+							},
+							"enabled": {
+								Type:        schema.TypeBool,
+								Computed:    true,
+								Description: "Whether the Agent rule is enabled.",
+							},
+							"expression": {
+								Type:        schema.TypeString,
+								Computed:    true,
+								Description: "The SECL expression of the Agent rule.",
+							},
+							"name": {
+								Type:        schema.TypeString,
+								Computed:    true,
+								Description: "The name of the Agent rule.",
+							},
+						},
+					},
+				},
+			}
+		},
+	}
+}
+
+func dataSourceDatadogCloudWorkloadSecurityAgentRulesRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	providerConf := meta.(*ProviderConfiguration)
+	apiInstances := providerConf.DatadogApiInstances
+	auth := providerConf.Auth
+
+	agentRules := make([]map[string]interface{}, 0)
+	response, httpresp, err := apiInstances.GetCSMThreatsApiV2().ListCloudWorkloadSecurityAgentRules(auth)
+	if err != nil {
+		return utils.TranslateClientErrorDiag(err, httpresp, "error listing agent rules")
+	}
+
+	diags := diag.Diagnostics{}
+	for _, agentRule := range response.GetData() {
+		if err := utils.CheckForUnparsed(agentRule); err != nil {
+			diags = append(diags, diag.Diagnostic{
+				Severity: diag.Warning,
+				Summary:  fmt.Sprintf("skipping agent rule with id: %s", agentRule.GetId()),
+				Detail:   fmt.Sprintf("rule contains unparsed object: %v", err),
+			})
+			continue
+		}
+
+		// extract agent rule
+		agentRuleTF := make(map[string]interface{})
+		attributes := agentRule.GetAttributes()
+
+		agentRuleTF["id"] = agentRule.GetId()
+		agentRuleTF["name"] = attributes.GetName()
+		agentRuleTF["description"] = attributes.GetDescription()
+		agentRuleTF["expression"] = attributes.GetExpression()
+		agentRuleTF["enabled"] = attributes.GetEnabled()
+
+		agentRules = append(agentRules, agentRuleTF)
+	}
+
+	d.SetId("cloud-workload-security-agent-rules")
+	d.Set("agent_rules", agentRules)
+
+	return diags
+}

datadog/fwprovider/data_source_datadog_csm_threats_agent_rule.go

@@ -25,22 +25,44 @@ type csmThreatsAgentRulesDataSource struct {
 }
 
 type csmThreatsAgentRulesDataSourceModel struct {
-	Id            types.String               `tfsdk:"id"`
-	AgentRulesIds types.List                 `tfsdk:"agent_rules_ids"`
-	AgentRules    []csmThreatsAgentRuleModel `tfsdk:"agent_rules"`
+	PolicyId      types.String                         `tfsdk:"policy_id"`
+	Id            types.String                         `tfsdk:"id"`
+	AgentRulesIds types.List                           `tfsdk:"agent_rules_ids"`
+	AgentRules    []csmThreatsAgentRuleDataSourceModel `tfsdk:"agent_rules"`
+}
+
+type csmThreatsAgentRuleDataSourceModel struct {
+	Id          types.String `tfsdk:"id"`
+	Name        types.String `tfsdk:"name"`
+	Description types.String `tfsdk:"description"`
+	Enabled     types.Bool   `tfsdk:"enabled"`
+	Expression  types.String `tfsdk:"expression"`
+	ProductTags types.Set    `tfsdk:"product_tags"`
 }
 
 func NewCSMThreatsAgentRulesDataSource() datasource.DataSource {
 	return &csmThreatsAgentRulesDataSource{}
 }
 
-func (r *csmThreatsAgentRulesDataSource) Configure(_ context.Context, request datasource.ConfigureRequest, _ *datasource.ConfigureResponse) {
-	providerData := request.ProviderData.(*FrameworkProvider)
+func (r *csmThreatsAgentRulesDataSource) Configure(_ context.Context, request datasource.ConfigureRequest, response *datasource.ConfigureResponse) {
+	if request.ProviderData == nil {
+		return
+	}
+
+	providerData, ok := request.ProviderData.(*FrameworkProvider)
+	if !ok {
+		response.Diagnostics.AddError(
+			"Unexpected Resource Configure Type",
+			fmt.Sprintf("Expected *FrameworkProvider, got: %T. Please report this issue to the provider developers.", request.ProviderData),
+		)
+		return
+	}
+
 	r.api = providerData.DatadogApiInstances.GetCSMThreatsApiV2()
 	r.auth = providerData.Auth
 }
 
-func (*csmThreatsAgentRulesDataSource) Metadata(_ context.Context, _ datasource.MetadataRequest, response *datasource.MetadataResponse) {
+func (r *csmThreatsAgentRulesDataSource) Metadata(_ context.Context, request datasource.MetadataRequest, response *datasource.MetadataResponse) {
 	response.TypeName = "csm_threats_agent_rules"
 }
 
@@ -51,31 +73,52 @@ func (r *csmThreatsAgentRulesDataSource) Read(ctx context.Context, request datas
 		return
 	}
 
-	res, _, err := r.api.ListCloudWorkloadSecurityAgentRules(r.auth)
+	params := datadogV2.NewListCSMThreatsAgentRulesOptionalParameters()
+	if !state.PolicyId.IsNull() && !state.PolicyId.IsUnknown() {
+		policyId := state.PolicyId.ValueString()
+		params.WithPolicyId(policyId)
+	}
+
+	res, _, err := r.api.ListCSMThreatsAgentRules(r.auth, *params)
 	if err != nil {
 		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error while fetching agent rules"))
 		return
 	}
 
 	data := res.GetData()
 	agentRuleIds := make([]string, len(data))
-	agentRules := make([]csmThreatsAgentRuleModel, len(data))
+	agentRules := make([]csmThreatsAgentRuleDataSourceModel, len(data))
 
 	for idx, agentRule := range res.GetData() {
-		var agentRuleModel csmThreatsAgentRuleModel
+		var agentRuleModel csmThreatsAgentRuleDataSourceModel
 		agentRuleModel.Id = types.StringValue(agentRule.GetId())
 		attributes := agentRule.Attributes
 		agentRuleModel.Name = types.StringValue(attributes.GetName())
 		agentRuleModel.Description = types.StringValue(attributes.GetDescription())
 		agentRuleModel.Enabled = types.BoolValue(attributes.GetEnabled())
 		agentRuleModel.Expression = types.StringValue(*attributes.Expression)
-
+		tags := attributes.GetProductTags()
+		tagSet := make(map[string]struct{})
+		for _, tag := range tags {
+			tagSet[tag] = struct{}{}
+		}
+		uniqueTags := make([]string, 0, len(tagSet))
+		for tag := range tagSet {
+			uniqueTags = append(uniqueTags, tag)
+		}
+
+		productTags, diags := types.SetValueFrom(ctx, types.StringType, uniqueTags)
+		if diags.HasError() {
+			response.Diagnostics.Append(diags...)
+			continue
+		}
+		agentRuleModel.ProductTags = productTags
 		agentRuleIds[idx] = agentRule.GetId()
 		agentRules[idx] = agentRuleModel
 	}
 
 	stateId := strings.Join(agentRuleIds, "--")
-	state.Id = types.StringValue(computeAgentRulesDataSourceID(&stateId))
+	state.Id = types.StringValue(computeDataSourceID(&stateId))
 	tfAgentRuleIds, diags := types.ListValueFrom(ctx, types.StringType, agentRuleIds)
 	response.Diagnostics.Append(diags...)
 	state.AgentRulesIds = tfAgentRuleIds
@@ -84,24 +127,20 @@ func (r *csmThreatsAgentRulesDataSource) Read(ctx context.Context, request datas
 	response.Diagnostics.Append(response.State.Set(ctx, &state)...)
 }
 
-func computeAgentRulesDataSourceID(agentruleIds *string) string {
-	// Key for hashing
-	var b strings.Builder
-	if agentruleIds != nil {
-		b.WriteString(*agentruleIds)
-	}
-	keyStr := b.String()
-	h := sha256.New()
-	h.Write([]byte(keyStr))
-
-	return fmt.Sprintf("%x", h.Sum(nil))
-}
-
 func (*csmThreatsAgentRulesDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) {
 	response.Schema = schema.Schema{
 		Description: "Use this data source to retrieve information about existing Agent rules.",
 		Attributes: map[string]schema.Attribute{
-			"id": utils.ResourceIDAttribute(),
+			// Input
+			"policy_id": schema.StringAttribute{
+				Description: "Listing only the rules in the policy with this field as the ID",
+				Optional:    true,
+			},
+			// Output
+			"id": schema.StringAttribute{
+				Description: "The ID of the data source",
+				Computed:    true,
+			},
 			"agent_rules_ids": schema.ListAttribute{
 				Computed:    true,
 				Description: "List of IDs for the Agent rules.",
@@ -112,14 +151,28 @@ func (*csmThreatsAgentRulesDataSource) Schema(_ context.Context, _ datasource.Sc
 				Description: "List of Agent rules",
 				ElementType: types.ObjectType{
 					AttrTypes: map[string]attr.Type{
-						"id":          types.StringType,
-						"name":        types.StringType,
-						"description": types.StringType,
-						"enabled":     types.BoolType,
-						"expression":  types.StringType,
+						"id":           types.StringType,
+						"name":         types.StringType,
+						"description":  types.StringType,
+						"enabled":      types.BoolType,
+						"expression":   types.StringType,
+						"product_tags": types.SetType{ElemType: types.StringType},
 					},
 				},
 			},
 		},
 	}
 }
+
+func computeDataSourceID(ids *string) string {
+	// Key for hashing
+	var b strings.Builder
+	if ids != nil {
+		b.WriteString(*ids)
+	}
+	keyStr := b.String()
+	h := sha256.New()
+	h.Write([]byte(keyStr))
+
+	return fmt.Sprintf("%x", h.Sum(nil))
+}