terraform-provider-sysdig/sysdig/resource_sysdig_secure_rule_filesystem_test.go at d45f818d3dbe055cda4f41676218565ccc1d200d · sysdiglabs/terraform-provider-sysdig · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
//go:build tf_acc_sysdig_secure || tf_acc_policies || tf_acc_onprem_secure

package sysdig_test

import (
	"fmt"
	"os"
	"testing"

	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"

	"github.com/draios/terraform-provider-sysdig/sysdig"
)

func TestAccRuleFilesystem(t *testing.T) {
	t.Skip("List matching rules are deprecated - skipping tests")

	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }

	resource.ParallelTest(t, resource.TestCase{
		PreCheck: func() {
			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
			}
		},
		ProviderFactories: map[string]func() (*schema.Provider, error){
			"sysdig": func() (*schema.Provider, error) {
				return sysdig.Provider(), nil
			},
		},
		Steps: []resource.TestStep{
			{
				Config: ruleFilesystemWithName(rText()),
			},
			{
				Config: ruleFilesystemWithoutTagsWithName(rText()),
			},
			{
				Config: ruleFilesystemWithReadonlyWithName(rText()),
			},
			{
				Config: ruleFilesystemWithReadwriteWithName(rText()),
			},
			{
				ResourceName:      "sysdig_secure_rule_filesystem.foo",
				ImportState:       true,
				ImportStateVerify: true,
			},
			{
				Config: ruleFilesystemMinimalConfig(rText()),
			},
		},
	})
}

func ruleFilesystemWithName(name string) string {
	return fmt.Sprintf(`
resource "sysdig_secure_rule_filesystem"  "foo" {
  name = "TERRAFORM TEST %s"
  description = "TERRAFORM TEST %s"
  tags = ["filesystem", "cis"]

  read_only {
    matching = true // default
    paths = ["/etc"]
  }

  read_write {
    matching = false // default
    paths = ["/tmp"]
  }
}`, name, name)
}

func ruleFilesystemWithoutTagsWithName(name string) string {
	return fmt.Sprintf(`
resource "sysdig_secure_rule_filesystem"  "foo" {
  name = "TERRAFORM TEST %s"
  description = "TERRAFORM TEST %s"

  read_only {
    matching = true // default
    paths = ["/etc"]
  }

  read_write {
    matching = false // default
    paths = ["/tmp"]
  }
}`, name, name)
}

func ruleFilesystemWithReadonlyWithName(name string) string {
	return fmt.Sprintf(`
resource "sysdig_secure_rule_filesystem"  "foo" {
  name = "TERRAFORM TEST %s"
  description = "TERRAFORM TEST %s"

  read_only {
    matching = true // default
    paths = ["/etc"]
  }
}`, name, name)
}

func ruleFilesystemWithReadwriteWithName(name string) string {
	return fmt.Sprintf(`
resource "sysdig_secure_rule_filesystem"  "foo" {
  name = "TERRAFORM TEST %s"
  description = "TERRAFORM TEST %s"

  read_write {
    matching = true // default
    paths = ["/etc"]
  }
}`, name, name)
}

func ruleFilesystemMinimalConfig(name string) string {
	return fmt.Sprintf(`
resource "sysdig_secure_rule_filesystem"  "foo-minimal" {
  name = "TERRAFORM TEST %s"
  description = "TERRAFORM TEST %s"
}`, name, name)
}