feat(zones): support v2 expression syntax for sysdig_secure_zone#712
Merged
feat(zones): support v2 expression syntax for sysdig_secure_zone#712
Conversation
Shadow649
requested review from
a team,
draraksysdig,
filiptubic and
mbarbieri
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request adds support for v2-compatible expression syntax to the sysdig_secure_zone resource and data source, enabling richer scope filtering while maintaining backward compatibility with legacy v1 rules syntax. The implementation includes comprehensive validation, extensive testing, and detailed migration documentation.
Changes:
- Introduced structured
expressionblocks (field, operator, value/values) as a modern alternative to the deprecated string-basedrulessyntax - Added field validation that ensures expression fields are compatible with their target types (e.g.,
agent.tag.*for kubernetes/host,label.*based on cloud provider) - Implemented dual API support (v1/v2) with automatic categorization logic to route requests to the appropriate backend endpoint
- Updated client layer with new
ZoneV2Interface,APIErrortype for improved error handling, and models for v2 zones - Enhanced data source to merge v1 and v2 API responses, providing both
rulesandexpressionrepresentations
Reviewed changes
Copilot reviewed 17 out of 18 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| website/docs/r/secure_zone.md | Comprehensive documentation with migration guide from rules to expression syntax, including semantic changes for labels/agentTags |
| website/docs/d/secure_zone.md | Data source documentation explaining dual representation (rules + expressions) |
| sysdig/resource_sysdig_secure_zone.go | Main resource implementation with CRUD operations supporting both v1 (legacy rules) and v2 (expressions) APIs |
| sysdig/resource_sysdig_secure_zone_validation.go | Field validation logic with target-type-aware allowlists and forward compatibility for unknown fields |
| sysdig/data_source_sysdig_secure_zone.go | Data source merging v1 and v2 API responses to provide complete scope information |
| sysdig/internal/client/v2/zonesV2.go | New v2 zones API client implementation |
| sysdig/internal/client/v2/model.go | V2 zone models with custom JSON marshaling for API compatibility |
| sysdig/internal/client/v2/client.go | Enhanced error handling with structured APIError type |
| sysdig/*_test.go | Comprehensive unit and acceptance tests covering validation, migration, and CRUD operations |
| go.mod, go.sum | Updated terraform-plugin-sdk and related dependencies to newer versions |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Shadow649
force-pushed
the
feat-zones-v2-support
branch
from
c055d12 to
3996614
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 18 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Shadow649
force-pushed
the
feat-zones-v2-support
branch
from
3996614 to
6505ef5
Compare
Shadow649
force-pushed
the
feat-zones-v2-support
branch
from
97fb2cc to
7eeb5f6
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 18 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Shadow649
force-pushed
the
feat-zones-v2-support
branch
from
7eeb5f6 to
f1c66dc
Compare
Shadow649
force-pushed
the
feat-zones-v2-support
branch
from
22fe4ad to
383361a
Compare
Shadow649
force-pushed
the
feat-zones-v2-support
branch
from
383361a to
5ebdde9
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 18 changed files in this pull request and generated 8 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tembleking
reviewed
Mar 4, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 18 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Shadow649
force-pushed
the
feat-zones-v2-support
branch
from
9cbec0a to
1b71eb7
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 18 out of 19 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request significantly enhances the
sysdig_secure_zonedata source to support v2-compatible scope expressions, improves test coverage, and updates dependency versions. The main focus is on allowing richer scope filtering via expressions, ensuring backward compatibility, and providing robust validation with new unit and acceptance tests.Enhancements to scope expression support:
sysdig_secure_zonedata source by introducing new schema fields (expression,field,operator,value,values) and merging legacy rules with v2 expressions based on scope ID. This enables richer and more flexible filtering in resource definitions. [1] [2] [3] [4] [5] [6]Testing improvements:
TestAccDataSourceSysdigSecureZone_ByName,TestAccDataSourceSysdigSecureZone_ByID) to verify expression support and correct retrieval by name and ID, as well as helper methods for test configurations.Dependency and API updates:
go.modto newer versions, includingterraform-plugin-sdk,terraform-plugin-log, and several indirect dependencies for improved compatibility and security. [1] [2] [3] [4]ZoneV2Interfaceto the client and implemented a robustAPIErrortype with improved error extraction from API responses. [1] [2] [3]ZonesV2Wrapper,ZoneV2).These changes collectively modernize the provider's handling of secure zones, improve error reporting, and ensure comprehensive validation through testing.