fix cws agent_rule resource and data_source + fix test files

Author: QuentinGuillard

datadog/fwprovider/data_source_datadog_csm_threats_agent_rule.go

@@ -51,7 +51,7 @@ func (r *csmThreatsAgentRulesDataSource) Read(ctx context.Context, request datas
 		return
 	}
 
-	res, _, err := r.api.ListCSMThreatsAgentRules(r.auth)
+	res, _, err := r.api.ListCloudWorkloadSecurityAgentRules(r.auth)
 	if err != nil {
 		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error while fetching agent rules"))
 		return

datadog/fwprovider/data_source_datadog_csm_threats_policy.go

@@ -67,6 +67,9 @@ func (r *csmThreatsPoliciesDataSource) Read(ctx context.Context, request datasou
 		policyModel.Description = types.StringValue(attributes.GetDescription())
 		policyModel.Enabled = types.BoolValue(attributes.GetEnabled())
 		policyModel.Tags, _ = types.SetValueFrom(ctx, types.StringType, attributes.GetHostTags())
+		policyModel.HostTagsLists, _ = types.SetValueFrom(ctx, types.ListType{
+			ElemType: types.StringType,
+		}, attributes.GetHostTagsLists())
 		policyIds[idx] = policy.GetId()
 		policies[idx] = policyModel
 	}
@@ -96,8 +99,13 @@ func (*csmThreatsPoliciesDataSource) Schema(_ context.Context, _ datasource.Sche
 				Description: "List of policies",
 				ElementType: types.ObjectType{
 					AttrTypes: map[string]attr.Type{
-						"id":          types.StringType,
-						"tags":        types.SetType{ElemType: types.StringType},
+						"id":   types.StringType,
+						"tags": types.SetType{ElemType: types.StringType},
+						"host_tags_lists": types.SetType{
+							ElemType: types.ListType{
+								ElemType: types.StringType,
+							},
+						},
 						"name":        types.StringType,
 						"description": types.StringType,
 						"enabled":     types.BoolType,

datadog/fwprovider/resource_datadog_csm_threats_agent_rule.go

@@ -72,9 +72,6 @@ func (r *csmThreatsAgentRuleResource) Schema(_ context.Context, _ resource.Schem
 			"expression": schema.StringAttribute{
 				Required:    true,
 				Description: "The SECL expression of the Agent rule",
-				PlanModifiers: []planmodifier.String{
-					stringplanmodifier.RequiresReplace(),
-				},
 			},
 		},
 	}
@@ -99,7 +96,7 @@ func (r *csmThreatsAgentRuleResource) Create(ctx context.Context, request resour
 		response.Diagnostics.AddError("error while parsing resource", err.Error())
 	}
 
-	res, _, err := r.api.CreateCSMThreatsAgentRule(r.auth, *agentRulePayload)
+	res, _, err := r.api.CreateCloudWorkloadSecurityAgentRule(r.auth, *agentRulePayload)
 	if err != nil {
 		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error creating agent rule"))
 		return
@@ -121,7 +118,7 @@ func (r *csmThreatsAgentRuleResource) Read(ctx context.Context, request resource
 	}
 
 	agentRuleId := state.Id.ValueString()
-	res, httpResponse, err := r.api.GetCSMThreatsAgentRule(r.auth, agentRuleId)
+	res, httpResponse, err := r.api.GetCloudWorkloadSecurityAgentRule(r.auth, agentRuleId)
 	if err != nil {
 		if httpResponse != nil && httpResponse.StatusCode == 404 {
 			response.State.RemoveResource(ctx)
@@ -154,7 +151,7 @@ func (r *csmThreatsAgentRuleResource) Update(ctx context.Context, request resour
 		response.Diagnostics.AddError("error while parsing resource", err.Error())
 	}
 
-	res, _, err := r.api.UpdateCSMThreatsAgentRule(r.auth, state.Id.ValueString(), *agentRulePayload)
+	res, _, err := r.api.UpdateCloudWorkloadSecurityAgentRule(r.auth, state.Id.ValueString(), *agentRulePayload)
 	if err != nil {
 		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error updating agent rule"))
 		return
@@ -180,7 +177,7 @@ func (r *csmThreatsAgentRuleResource) Delete(ctx context.Context, request resour
 
 	id := state.Id.ValueString()
 
-	httpResp, err := r.api.DeleteCSMThreatsAgentRule(r.auth, id)
+	httpResp, err := r.api.DeleteCloudWorkloadSecurityAgentRule(r.auth, id)
 	if err != nil {
 		if httpResp != nil && httpResp.StatusCode == 404 {
 			return
@@ -204,11 +201,12 @@ func (r *csmThreatsAgentRuleResource) buildCreateCSMThreatsAgentRulePayload(stat
 }
 
 func (r *csmThreatsAgentRuleResource) buildUpdateCSMThreatsAgentRulePayload(state *csmThreatsAgentRuleModel) (*datadogV2.CloudWorkloadSecurityAgentRuleUpdateRequest, error) {
-	agentRuleId, _, description, enabled, _ := r.extractAgentRuleAttributesFromResource(state)
+	agentRuleId, _, description, enabled, expression := r.extractAgentRuleAttributesFromResource(state)
 
 	attributes := datadogV2.CloudWorkloadSecurityAgentRuleUpdateAttributes{}
 	attributes.Description = description
 	attributes.Enabled = &enabled
+	attributes.Expression = &expression
 
 	data := datadogV2.NewCloudWorkloadSecurityAgentRuleUpdateData(attributes, datadogV2.CLOUDWORKLOADSECURITYAGENTRULETYPE_AGENT_RULE)
 	data.Id = &agentRuleId

datadog/fwprovider/resource_datadog_csm_threats_policy.go

@@ -270,8 +270,6 @@ func (r *csmThreatsPolicyResource) updateStateFromResponse(ctx context.Context,
 	state.Enabled = types.BoolValue(attributes.GetEnabled())
 	state.Tags, _ = types.SetValueFrom(ctx, types.StringType, attributes.GetHostTags())
 	state.HostTagsLists, _ = types.SetValueFrom(ctx, types.ListType{
-		ElemType: types.ListType{
-			ElemType: types.StringType,
-		},
+		ElemType: types.StringType,
 	}, attributes.GetHostTagsLists())
 }

datadog/tests/data_source_datadog_csm_threats_agent_rule_test.go

@@ -57,7 +57,7 @@ func checkCSMThreatsAgentRulesDataSourceContent(accProvider *fwprovider.Framewor
 		auth := accProvider.Auth
 		apiInstances := accProvider.DatadogApiInstances
 
-		allAgentRulesResponse, _, err := apiInstances.GetCSMThreatsApiV2().ListCSMThreatsAgentRules(auth)
+		allAgentRulesResponse, _, err := apiInstances.GetCSMThreatsApiV2().ListCloudWorkloadSecurityAgentRules(auth)
 		if err != nil {
 			return err
 		}

datadog/tests/data_source_datadog_csm_threats_policies_test.go

@@ -22,7 +22,6 @@ func TestAccCSMThreatsPoliciesDataSource(t *testing.T) {
 		name              = "%s"
 		enabled           = true
 		description       = "im a policy"
-		tags              = ["host_name:test_host"]
 		host_tags_lists   = [["host_name:test_host", "env:prod"], ["host_name:test_host2", "env:staging"]]
 	}
 	`, policyName)
@@ -101,7 +100,6 @@ func checkCSMThreatsPoliciesDataSourceContent(accProvider *fwprovider.FrameworkP
 		return resource.ComposeTestCheckFunc(
 			resource.TestCheckResourceAttr(dataSourceName, fmt.Sprintf("policies.%d.name", idx), policyName),
 			resource.TestCheckResourceAttr(dataSourceName, fmt.Sprintf("policies.%d.enabled", idx), "true"),
-			resource.TestCheckResourceAttr(dataSourceName, fmt.Sprintf("policies.%d.tags.0", idx), "host_name:test_host"),
 			resource.TestCheckResourceAttr(dataSourceName, fmt.Sprintf("policies.%d.host_tags_lists.0.0", idx), "host_name:test_host"),
 			resource.TestCheckResourceAttr(dataSourceName, fmt.Sprintf("policies.%d.host_tags_lists.0.1", idx), "env:prod"),
 			resource.TestCheckResourceAttr(dataSourceName, fmt.Sprintf("policies.%d.host_tags_lists.1.0", idx), "host_name:test_host2"),

datadog/tests/resource_datadog_csm_threats_agent_rule_test.go

@@ -89,7 +89,7 @@ func testAccCheckCSMThreatsAgentRuleExists(accProvider *fwprovider.FrameworkProv
 		auth := accProvider.Auth
 		apiInstances := accProvider.DatadogApiInstances
 
-		_, _, err := apiInstances.GetCSMThreatsApiV2().GetCSMThreatsAgentRule(auth, resource.Primary.ID)
+		_, _, err := apiInstances.GetCSMThreatsApiV2().GetCloudWorkloadSecurityAgentRule(auth, resource.Primary.ID)
 		if err != nil {
 			return fmt.Errorf("received an error retrieving agent rule: %s", err)
 		}
@@ -105,7 +105,7 @@ func testAccCheckCSMThreatsAgentRuleDestroy(accProvider *fwprovider.FrameworkPro
 
 		for _, resource := range s.RootModule().Resources {
 			if resource.Type == "datadog_csm_threats_agent_rule" {
-				_, httpResponse, err := apiInstances.GetCSMThreatsApiV2().GetCSMThreatsAgentRule(auth, resource.Primary.ID)
+				_, httpResponse, err := apiInstances.GetCSMThreatsApiV2().GetCloudWorkloadSecurityAgentRule(auth, resource.Primary.ID)
 				if err == nil {
 					return errors.New("agent rule still exists")
 				}