Add terraform support to Okta ML Policy#675
Add terraform support to Okta ML Policy#675harshampatel-sysdig wants to merge 7 commits intosysdiglabs:masterfrom
Conversation
harshampatel-sysdig
requested review from
airadier,
daniel-almeida,
ivanlysiuk-sysdig,
jbainbridgesysdig,
mateobur,
ombellare,
rosenbloomb-sysdig and
tembleking
as code owners
daniel-almeida
left a comment
daniel-almeida
left a comment
There was a problem hiding this comment.
Left some minor comments. I'll let someone else look at the implication of the changes as I don't have any experience with this repo.
| @@ -0,0 +1,15 @@ | |||
| { | |||
There was a problem hiding this comment.
No need to push this. If you can, please add it to gitignore so this isn't tracked in the future.
There was a problem hiding this comment.
You might need to delete it from your local machine and push once to remove it from here
| // TODO: Iterate over a list of rules instead of hard-coding the index values | ||
| // TODO: Should we assume that only a single Malware rule can be attached to a policy? |
There was a problem hiding this comment.
These TODOs are intentionally kept to match the AWS ML implementation pattern. Both AWS ML and Okta ML policies currently support a single rule per policy.
There was a problem hiding this comment.
For now yes the behavior is 1 rule per policy for these non-Falco types like malware, drift and ML ones. So we can remove the comment if needed
| }) | ||
| } | ||
|
|
||
| _ = d.Set("rule", rules) |
There was a problem hiding this comment.
Is this an error being ignored? We should handle it if so.
| } | ||
|
|
||
| func oktaMLPolicyFromResourceData(d *schema.ResourceData) (v2.PolicyRulesComposite, error) { | ||
| policy := &v2.PolicyRulesComposite{ |
There was a problem hiding this comment.
I see there's similar code for other types, but I think it makes more sense to avoid the pointer in this function and pass &policy to oktaMLPolicyReducer, which is where a pointer is actually needed.
| return diag.FromErr(err) | ||
| } | ||
|
|
||
| id, _ := strconv.Atoi(d.Id()) |
ombellare
left a comment
ombellare
left a comment
There was a problem hiding this comment.
Added some minor comments. Let me know if you want me to add it to your other branch that you plan to merge
| @@ -0,0 +1,15 @@ | |||
| { | |||
There was a problem hiding this comment.
You might need to delete it from your local machine and push once to remove it from here
| // TODO: Iterate over a list of rules instead of hard-coding the index values | ||
| // TODO: Should we assume that only a single Malware rule can be attached to a policy? |
There was a problem hiding this comment.
For now yes the behavior is 1 rule per policy for these non-Falco types like malware, drift and ML ones. So we can remove the comment if needed
|
|
||
| * `anomalous_console_login` - Anomaly detection settings for logins. | ||
| * `enabled` - Whether anomaly detection is enabled. | ||
| * `threshold` - Confidence level threshold for triggering alerts. |
There was a problem hiding this comment.
Could you add that only supported values for the threshold are 1, 2 and 3 please? If you would like you can update for the other ML types as well (I think they were missed there too)
|
|
||
| * `description` - (Required) Rule description. | ||
| * `anomalous_console_login` - (Required) This attribute allows you to activate anomaly detection for logins and adjust its settings. | ||
| * `threshold` - (Required) Trigger at or above confidence level. |
There was a problem hiding this comment.
I think there should be an enabled field here too similar to how you have on your data source.
Changed threshold value descriptions from 'High/Medium/Low' to 'Default/High/Higher' for ML policies
|
Closed as duplicate of #676, since this is a PR from a fork and secrets will not be passed to the CI. |
Key changes: - Added resource and data source for sysdig_secure_okta_ml_policy - Implemented CRUD operations with proper error handling - Added tests and documentation Similar open PR: #675 (I'll close this once new one merged) --------- Co-authored-by: Fede Barcelona <fede_rico_94@hotmail.com>
4 participants
Key changes:
sysdig_secure_okta_ml_policy