add product_tags

Author: QuentinGuillard

datadog/fwprovider/resource_datadog_csm_threats_multi_policy_agent_rule.go

@@ -27,6 +27,7 @@ type csmThreatsMultiPolicyAgentRuleModel struct {
 	Description types.String `tfsdk:"description"`
 	Enabled     types.Bool   `tfsdk:"enabled"`
 	Expression  types.String `tfsdk:"expression"`
+	ProductTags types.Set    `tfsdk:"product_tags"`
 }
 
 func NewCSMThreatsMultiPolicyAgentRuleResource() resource.Resource {
@@ -75,6 +76,11 @@ func (r *csmThreatsMultiPolicyAgentRuleResource) Schema(_ context.Context, _ res
 					stringplanmodifier.RequiresReplace(),
 				},
 			},
+			"product_tags": schema.SetAttribute{
+				Optional:    true,
+				ElementType: types.StringType,
+				Description: "The list of product tags associated with the rule",
+			},
 		},
 	}
 }
@@ -198,42 +204,54 @@ func (r *csmThreatsMultiPolicyAgentRuleResource) Delete(ctx context.Context, req
 }
 
 func (r *csmThreatsMultiPolicyAgentRuleResource) buildCreateCSMThreatsAgentRulePayload(state *csmThreatsMultiPolicyAgentRuleModel) (*datadogV2.CloudWorkloadSecurityAgentRuleCreateRequest, error) {
-	_, policyId, name, description, enabled, expression := r.extractAgentRuleAttributesFromResource(state)
+	_, policyId, name, description, enabled, expression, productTags := r.extractAgentRuleAttributesFromResource(state)
 
 	attributes := datadogV2.CloudWorkloadSecurityAgentRuleCreateAttributes{}
 	attributes.Expression = expression
 	attributes.Name = name
 	attributes.Description = description
 	attributes.Enabled = &enabled
 	attributes.PolicyId = &policyId
+	attributes.ProductTags = productTags
 
 	data := datadogV2.NewCloudWorkloadSecurityAgentRuleCreateData(attributes, datadogV2.CLOUDWORKLOADSECURITYAGENTRULETYPE_AGENT_RULE)
 	return datadogV2.NewCloudWorkloadSecurityAgentRuleCreateRequest(*data), nil
 }
 
 func (r *csmThreatsMultiPolicyAgentRuleResource) buildUpdateCSMThreatsAgentRulePayload(state *csmThreatsMultiPolicyAgentRuleModel) (*datadogV2.CloudWorkloadSecurityAgentRuleUpdateRequest, error) {
-	agentRuleId, policyId, _, description, enabled, _ := r.extractAgentRuleAttributesFromResource(state)
+	agentRuleId, policyId, _, description, enabled, _, productTags := r.extractAgentRuleAttributesFromResource(state)
 
 	attributes := datadogV2.CloudWorkloadSecurityAgentRuleUpdateAttributes{}
 	attributes.Description = description
 	attributes.Enabled = &enabled
 	attributes.PolicyId = &policyId
+	attributes.ProductTags = productTags
 
 	data := datadogV2.NewCloudWorkloadSecurityAgentRuleUpdateData(attributes, datadogV2.CLOUDWORKLOADSECURITYAGENTRULETYPE_AGENT_RULE)
 	data.Id = &agentRuleId
 	return datadogV2.NewCloudWorkloadSecurityAgentRuleUpdateRequest(*data), nil
 }
 
-func (r *csmThreatsMultiPolicyAgentRuleResource) extractAgentRuleAttributesFromResource(state *csmThreatsMultiPolicyAgentRuleModel) (string, string, string, *string, bool, string) {
+func (r *csmThreatsMultiPolicyAgentRuleResource) extractAgentRuleAttributesFromResource(state *csmThreatsMultiPolicyAgentRuleModel) (string, string, string, *string, bool, string, []string) {
 	// Mandatory fields
 	id := state.Id.ValueString()
 	policyId := state.PolicyId.ValueString()
 	name := state.Name.ValueString()
 	enabled := state.Enabled.ValueBool()
 	expression := state.Expression.ValueString()
 	description := state.Description.ValueStringPointer()
+	var productTags []string
+	if !state.ProductTags.IsNull() && !state.ProductTags.IsUnknown() {
+		for _, tag := range state.ProductTags.Elements() {
+			tagStr, ok := tag.(types.String)
+			if !ok {
+				return "", "", "", nil, false, "", nil
+			}
+			productTags = append(productTags, tagStr.ValueString())
+		}
+	}
 
-	return id, policyId, name, description, enabled, expression
+	return id, policyId, name, description, enabled, expression, productTags
 }
 
 func (r *csmThreatsMultiPolicyAgentRuleResource) updateStateFromResponse(ctx context.Context, state *csmThreatsMultiPolicyAgentRuleModel, res *datadogV2.CloudWorkloadSecurityAgentRuleResponse) {
@@ -245,4 +263,5 @@ func (r *csmThreatsMultiPolicyAgentRuleResource) updateStateFromResponse(ctx con
 	state.Description = types.StringValue(attributes.GetDescription())
 	state.Enabled = types.BoolValue(attributes.GetEnabled())
 	state.Expression = types.StringValue(attributes.GetExpression())
+	state.ProductTags, _ = types.SetValueFrom(ctx, types.StringType, attributes.GetProductTags())
 }

datadog/fwprovider/resource_datadog_csm_threats_policy.go

@@ -3,7 +3,6 @@ package fwprovider
 import (
 	"context"
 	"fmt"
-	mathrand "math/rand"
 
 	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
 	"github.com/hashicorp/terraform-plugin-framework/path"
@@ -48,7 +47,7 @@ func (r *csmThreatsPolicyResource) Schema(_ context.Context, _ resource.SchemaRe
 		Attributes: map[string]schema.Attribute{
 			"id": utils.ResourceIDAttribute(),
 			"name": schema.StringAttribute{
-				Computed:    true,
+				Required:    true,
 				Description: "The name of the policy.",
 			},
 			"description": schema.StringAttribute{
@@ -183,13 +182,13 @@ func (r *csmThreatsPolicyResource) Delete(ctx context.Context, request resource.
 }
 
 func (r *csmThreatsPolicyResource) buildCreateCSMThreatsPolicyPayload(state *csmThreatsPolicyModel) (*datadogV2.CloudWorkloadSecurityAgentPolicyCreateRequest, error) {
-	_, description, enabled, tags, err := r.extractPolicyAttributesFromResource(state)
+	_, name, description, enabled, tags, err := r.extractPolicyAttributesFromResource(state)
 	if err != nil {
 		return nil, err
 	}
 
 	attributes := datadogV2.CloudWorkloadSecurityAgentPolicyCreateAttributes{}
-	attributes.Name = fmt.Sprintf("policy-%d", mathrand.Intn(1000))
+	attributes.Name = name
 	attributes.Description = description
 	attributes.Enabled = enabled
 	attributes.HostTags = tags
@@ -199,11 +198,12 @@ func (r *csmThreatsPolicyResource) buildCreateCSMThreatsPolicyPayload(state *csm
 }
 
 func (r *csmThreatsPolicyResource) buildUpdateCSMThreatsPolicyPayload(state *csmThreatsPolicyModel) (*datadogV2.CloudWorkloadSecurityAgentPolicyUpdateRequest, error) {
-	policyId, description, enabled, tags, err := r.extractPolicyAttributesFromResource(state)
+	policyId, name, description, enabled, tags, err := r.extractPolicyAttributesFromResource(state)
 	if err != nil {
 		return nil, err
 	}
 	attributes := datadogV2.CloudWorkloadSecurityAgentPolicyUpdateAttributes{}
+	attributes.Name = &name
 	attributes.Description = description
 	attributes.Enabled = enabled
 	attributes.HostTags = tags
@@ -213,23 +213,24 @@ func (r *csmThreatsPolicyResource) buildUpdateCSMThreatsPolicyPayload(state *csm
 	return datadogV2.NewCloudWorkloadSecurityAgentPolicyUpdateRequest(*data), nil
 }
 
-func (r *csmThreatsPolicyResource) extractPolicyAttributesFromResource(state *csmThreatsPolicyModel) (string, *string, *bool, []string, error) {
+func (r *csmThreatsPolicyResource) extractPolicyAttributesFromResource(state *csmThreatsPolicyModel) (string, string, *string, *bool, []string, error) {
 	// Mandatory fields
 	id := state.Id.ValueString()
+	name := state.Name.ValueString()
 	enabled := state.Enabled.ValueBoolPointer()
 	description := state.Description.ValueStringPointer()
 	var tags []string
 	if !state.Tags.IsNull() && !state.Tags.IsUnknown() {
 		for _, tag := range state.Tags.Elements() {
 			tagStr, ok := tag.(types.String)
 			if !ok {
-				return "", nil, nil, nil, fmt.Errorf("expected item to be of type types.String, got %T", tag)
+				return "", "", nil, nil, nil, fmt.Errorf("expected item to be of type types.String, got %T", tag)
 			}
 			tags = append(tags, tagStr.ValueString())
 		}
 	}
 
-	return id, description, enabled, tags, nil
+	return id, name, description, enabled, tags, nil
 }
 
 func (r *csmThreatsPolicyResource) updateStateFromResponse(ctx context.Context, state *csmThreatsPolicyModel, res *datadogV2.CloudWorkloadSecurityAgentPolicyResponse) {

datadog/tests/resource_datadog_csm_threats_agent_rule_test.go

@@ -30,6 +30,7 @@ func TestAccCSMThreatsAgentRule_CreateAndUpdate(t *testing.T) {
 					enabled           = true
 					description       = "im a rule"
 					expression 		  = "open.file.name == \"etc/shadow/password\""
+					product_tags      = ["compliance_framework:PCI-DSS"]
 				}
 				`, agentRuleName),
 				Check: resource.ComposeTestCheckFunc(
@@ -39,6 +40,7 @@ func TestAccCSMThreatsAgentRule_CreateAndUpdate(t *testing.T) {
 						agentRuleName,
 						"im a rule",
 						"open.file.name == \"etc/shadow/password\"",
+						"compliance_framework:PCI-DSS\"]",
 					),
 				),
 			},
@@ -50,6 +52,7 @@ func TestAccCSMThreatsAgentRule_CreateAndUpdate(t *testing.T) {
 					enabled           = true
 					description       = "updated agent rule for terraform provider test"
 					expression 		  = "open.file.name == \"etc/shadow/password\""
+					product_tags      = ["compliance_framework:ISO-27799"]
 				}
 				`, agentRuleName),
 				Check: resource.ComposeTestCheckFunc(
@@ -59,19 +62,22 @@ func TestAccCSMThreatsAgentRule_CreateAndUpdate(t *testing.T) {
 						agentRuleName,
 						"updated agent rule for terraform provider test",
 						"open.file.name == \"etc/shadow/password\"",
+						"compliance_framework:ISO-27799",
 					),
 				),
 			},
 		},
 	})
 }
 
-func checkCSMThreatsAgentRuleContent(resourceName string, name string, description string, expression string) resource.TestCheckFunc {
+func checkCSMThreatsAgentRuleContent(resourceName string, name string, description string, expression string, product_tags string) resource.TestCheckFunc {
 	return resource.ComposeTestCheckFunc(
 		resource.TestCheckResourceAttr(resourceName, "name", name),
 		resource.TestCheckResourceAttr(resourceName, "description", description),
 		resource.TestCheckResourceAttr(resourceName, "enabled", "true"),
 		resource.TestCheckResourceAttr(resourceName, "expression", expression),
+		resource.TestCheckResourceAttr(resourceName, "product_tags.#", "1"),
+		resource.TestCheckTypeSetElemAttr(resourceName, "product_tags.*", product_tags),
 	)
 }
 

datadog/tests/resource_datadog_csm_threats_multi_policy_agent_rule_test.go

@@ -49,6 +49,7 @@ func TestAccCSMThreatsMultiPolicyAgentRule_CreateAndUpdate(t *testing.T) {
 					enabled           = true
 					description       = "im a rule"
 					expression 		  = "open.file.name == \"etc/shadow/password\""
+					product_tags      = ["compliance_framework:PCI-DSS"]
 				}
 				`, policyConfig, agentRuleName),
 				Check: resource.ComposeTestCheckFunc(
@@ -58,6 +59,7 @@ func TestAccCSMThreatsMultiPolicyAgentRule_CreateAndUpdate(t *testing.T) {
 						agentRuleName,
 						"im a rule",
 						"open.file.name == \"etc/shadow/password\"",
+						"compliance_framework:PCI-DSS",
 					),
 				),
 			},
@@ -71,6 +73,7 @@ func TestAccCSMThreatsMultiPolicyAgentRule_CreateAndUpdate(t *testing.T) {
 					enabled           = true
 					description       = "updated agent rule for terraform provider test"
 					expression 		  = "open.file.name == \"etc/shadow/password\""
+					product_tags      = ["compliance_framework:ISO-27799"]
 				}
 				`, policyConfig, agentRuleName),
 				Check: resource.ComposeTestCheckFunc(
@@ -80,6 +83,7 @@ func TestAccCSMThreatsMultiPolicyAgentRule_CreateAndUpdate(t *testing.T) {
 						agentRuleName,
 						"updated agent rule for terraform provider test",
 						"open.file.name == \"etc/shadow/password\"",
+						"compliance_framework:ISO-27799",
 					),
 				),
 			},

datadog/tests/resource_datadog_csm_threats_policy_test.go

@@ -14,8 +14,9 @@ import (
 
 // Create an agent policy and update its description
 func TestAccCSMThreatsPolicy_CreateAndUpdate(t *testing.T) {
-	_, providers, accProviders := testAccFrameworkMuxProviders(context.Background(), t)
+	ctx, providers, accProviders := testAccFrameworkMuxProviders(context.Background(), t)
 
+	policyName := uniqueAgentRuleName(ctx)
 	resourceName := "datadog_csm_threats_policy.policy_test"
 	tags := []string{"host_name:test_host"}
 	resource.Test(t, resource.TestCase{
@@ -24,35 +25,39 @@ func TestAccCSMThreatsPolicy_CreateAndUpdate(t *testing.T) {
 		CheckDestroy:             testAccCheckCSMThreatsPolicyDestroy(providers.frameworkProvider),
 		Steps: []resource.TestStep{
 			{
-				Config: `
+				Config: fmt.Sprintf(`
 				resource "datadog_csm_threats_policy" "policy_test" {
+					name              = "%s"
 					enabled           = true
 					description       = "im a policy"
 					tags              = ["host_name:test_host"]
 				}
-				`,
+				`, policyName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCSMThreatsPolicyExists(providers.frameworkProvider, "datadog_csm_threats_policy.policy_test"),
 					checkCSMThreatsPolicyContent(
 						resourceName,
+						policyName,
 						"im a policy",
 						tags,
 					),
 				),
 			},
 			// Update description
 			{
-				Config: `
+				Config: fmt.Sprintf(`
 				resource "datadog_csm_threats_policy" "policy_test" {
+					name              = "%s"
 					enabled           = true
 					description       = "updated policy for terraform provider test"
 					tags              = ["host_name:test_host"]
 				}
-				`,
+				`, policyName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCSMThreatsPolicyExists(providers.frameworkProvider, resourceName),
 					checkCSMThreatsPolicyContent(
 						resourceName,
+						policyName,
 						"updated policy for terraform provider test",
 						tags,
 					),
@@ -62,9 +67,9 @@ func TestAccCSMThreatsPolicy_CreateAndUpdate(t *testing.T) {
 	})
 }
 
-func checkCSMThreatsPolicyContent(resourceName string, description string, tags []string) resource.TestCheckFunc {
+func checkCSMThreatsPolicyContent(resourceName string, name string, description string, tags []string) resource.TestCheckFunc {
 	return resource.ComposeTestCheckFunc(
-		resource.TestCheckResourceAttrSet(resourceName, "name"),
+		resource.TestCheckResourceAttr(resourceName, "name", name),
 		resource.TestCheckResourceAttr(resourceName, "description", description),
 		resource.TestCheckResourceAttr(resourceName, "enabled", "true"),
 		resource.TestCheckResourceAttr(resourceName, "tags.0", tags[0]),

docs/resources/csm_threats_multi_policy_agent_rule.md

@@ -25,6 +25,7 @@ Provides a Datadog CSM Threats Agent Rule API resource.
 ### Optional
 
 - `description` (String) A description for the Agent rule.
+- `product_tags` (Set of String) The list of product tags associated with the rule
 
 ### Read-Only
 

go.mod

@@ -102,3 +102,4 @@ require (
 )
 
 go 1.23.0
+replace github.com/DataDog/datadog-api-client-go/v2 v2.35.0 => ../datadog-api-spec/generated/datadog-api-client-go