Skip to content

[datadog_compliance_custom_framework] Terraform Provider for Custom Frameworks #2975

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 54 commits into from
May 29, 2025
Merged

[datadog_compliance_custom_framework] Terraform Provider for Custom Frameworks #2975

merged 54 commits into from
May 29, 2025

Conversation

nkonjeti
Copy link
Contributor

@nkonjeti nkonjeti commented Apr 16, 2025
edited
Loading

Motivation:

We wanted a terraform provider to interact with our Custom Framework APIs. The terraform resources will remain as the source of truth so whenever a resource is updated/created/deleted this will be reflected in the database and UI.

Testing

I built the Terrraform provider locally.

Tested the following:

Creating
Screenshot 2025-04-25 at 4 36 07 PM

Updating
Screenshot 2025-04-25 at 4 37 17 PM

Deleting/Destroying
Screenshot 2025-04-25 at 4 38 52 PM

Changing order of rules
Screenshot 2025-04-27 at 4 07 16 PM
no changes in state so no action taken

Terraform Provider Immutable Fields (Handle And Version)
Screenshot 2025-05-19 at 10 23 46 AM

  • if handle or version is changed in a framework this will delete the old framework and create a new one with the new handle and version
Screenshot 2025-05-19 at 10 16 40 AM
  • in this example, updating the version to 2 deleted the old framework (version 1) and created a new framework with version 2
Screenshot 2025-05-19 at 10 20 48 AM
  • in this example updating the handle and version deleted the old framework with the old handle and version, and created a new framework with the new handle and version

Testing Large Input
Created this Framework: https://dd.datad0g.com/security/compliance/home/custom/my-custom-framework-terraform-3/3.0.0?previousUrl=%2Fsecurity%2Fcompliance%2Fhome&timestamp=1747948011353&live=true
one control with over 200 rule ids (seconds to complete)

Commands:

cd examples/resources/datadog_custom_framework 
terraform init
terraform plan -var="datadog_api_key=<>" -var="datadog_app_key=<>"
terraform apply

also added unit tests!

@nkonjeti nkonjeti requested review from a team as code owners April 16, 2025 22:27
@nkonjeti nkonjeti changed the title provider for custom frameworks Terraform Provider for Custom Frameworks Apr 24, 2025
@nkonjeti nkonjeti force-pushed the neha.konjeti/framework-provider branch from ccaf302 to f8a90fe Compare April 25, 2025 18:59
@nkonjeti nkonjeti marked this pull request as draft April 25, 2025 20:34
nkonjeti
nkonjeti commented Apr 30, 2025
View reviewed changes
@nkonjeti nkonjeti changed the title Terraform Provider for Custom Frameworks [K9VULN-4477]: Terraform Provider for Custom Frameworks Apr 30, 2025
@nkonjeti nkonjeti marked this pull request as ready for review May 1, 2025 21:14
@nkonjeti nkonjeti requested a review from a team as a code owner May 1, 2025 21:14
@nkonjeti nkonjeti changed the title [K9VULN-4477]: Terraform Provider for Custom Frameworks Terraform Provider for Custom Frameworks May 2, 2025
nkonjeti
nkonjeti commented May 5, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 5, 2025
View reviewed changes
nkonjeti
nkonjeti commented May 5, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 5, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 5, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 5, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 5, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 5, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 5, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 5, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 5, 2025
View reviewed changes
@nkonjeti nkonjeti force-pushed the neha.konjeti/framework-provider branch from ac03605 to e2e496e Compare May 14, 2025 17:25
@nkonjeti nkonjeti requested a review from vbarth2 May 14, 2025 17:37
@nkonjeti nkonjeti force-pushed the neha.konjeti/framework-provider branch from 7da9031 to e768276 Compare May 14, 2025 17:42
vbarth2
vbarth2 reviewed May 15, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 15, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 15, 2025
View reviewed changes
vbarth2
vbarth2 reviewed May 15, 2025
View reviewed changes
@nkonjeti nkonjeti force-pushed the neha.konjeti/framework-provider branch from d7a9e26 to e0c1c11 Compare May 28, 2025 19:29
@nkonjeti
Copy link
Contributor Author

/merge

@dd-devflow
Copy link

dd-devflow bot commented May 29, 2025
edited
Loading

View all feedbacks in Devflow UI.

2025-05-29 18:19:16 UTC ℹ️ Start processing command /merge

2025-05-29 18:19:21 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 25m (p90).

2025-05-29 18:45:48 UTC ℹ️ MergeQueue: This merge request was merged

@dd-mergequeue dd-mergequeue bot merged commit 16282dc into master May 29, 2025
17 checks passed
@dd-mergequeue dd-mergequeue bot deleted the neha.konjeti/framework-provider branch May 29, 2025 18:45
shaneyuandd pushed a commit that referenced this pull request Jun 16, 2025
@nkonjeti @shaneyuandd
[datadog_compliance_custom_framework] Terraform Provider for Custom F…
feba419 
…rameworks (#2975)

* provider for custom frameworks

* passed set create test

* clean up code and add tests

* add invalid create framework tests

* test files

* add import state functionality

* update mod file

* clean up code

* update tests

* test update is not triggered if order is changed

* change retrieve custom framework to get custom framework

* update api spec in go mod

* add docs for terraform provider

* remove unstable endpoint

* add more tests

* add validators

* change tests to use same handle and version

* add test for 409 conflict

* add a resource file

* add example in doc and remove comments

* fix required requirements and control block

* changeexample to compliance custom framework

* fix docs

* make icon url optional and remove description

* add comment to describe why requirements is a set

* remove description from resource example

* remove comments and extra cassettes

* fix description of icon url

* fix format

* delete framework in conflict test

* remove import resource and update when create conflicts

* use real rule ids in the example resource

* remove logs

* test same state framework id

* add better comments for delete after delete case

* add cassetes for same config no update test

* move around error handling

* Revert "move around error handling"

This reverts commit 367c92c.

* remove err check

* add invalidcreate cassettes

* use real rule ids

* RecreateAfterAPIDelete cassettes

* add immutable fields edge case

* change requirements and controls to lists'

* fix modify plan

* fix the apply issue

* remove modify plan because read API response order is changed

* remove import file

* check for rule ids length and update docs

* remove same config no update test

* use one validator and add test for duplicate handle

* edit validator file name

* update doc

* updateifframework exists casettes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NaOHman NaOHman NaOHman approved these changes

@Matzoc Matzoc Matzoc approved these changes

@brett0000FF brett0000FF brett0000FF approved these changes

@vbarth2 vbarth2 vbarth2 approved these changes

Assignees
No one assigned
Labels
changelog/feature mergequeue-status: done resource/datadog_compliance_custom_framework
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@nkonjeti @NaOHman @Matzoc @brett0000FF @vbarth2 @fpighi