Skip to content

feat(secure): add imageConfigLabelWithValueAndLabelsExist predicate#721

Merged
tembleking merged 1 commit intomasterfrom
feat/image-config-label-with-value-and-required-labels
Mar 23, 2026
Merged

feat(secure): add imageConfigLabelWithValueAndLabelsExist predicate#721
tembleking merged 1 commit intomasterfrom
feat/image-config-label-with-value-and-required-labels

Conversation

@tembleking
Copy link
Copy Markdown
Member

@tembleking tembleking commented Mar 23, 2026
edited
Loading

The backend shipped a new composite image label predicate (imageConfigLabelWithValueAndLabelsExist) that allows rules like "IF label Vendor exists AND its value contains BNPP, THEN labels Team and Org must also exist."

This adds the new label_with_value_and_required_labels block to the image_label rule type in sysdig_secure_vulnerability_rule_bundle, following the exact same patterns as the existing three imageConfigLabel predicates.

  • Model: added RequiredLabels field to VulnerabilityRulePredicateExtra
  • Schema: added label_with_value_and_required_labels block with target_label, target_value, and required_labels
  • Read/write paths for the new predicate type
  • Acceptance tests and documentation

Copilot AI review requested due to automatic review settings March 23, 2026 10:00
@tembleking tembleking requested a review from a team as a code owner March 23, 2026 10:00
Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for Sysdig Secure’s new composite image label predicate imageConfigLabelWithValueAndLabelsExist to the sysdig_secure_vulnerability_rule_bundle resource, enabling rules that require a label key/value match plus the presence of additional labels.

Changes:

  • Extends the v2 API model to include requiredLabels in predicate extras.
  • Adds Terraform schema + read/write mapping for label_with_value_and_required_labels under rule.image_label.
  • Updates docs and acceptance tests to cover the new predicate.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
sysdig/internal/client/v2/vulnerability_rule_bundle_model.go Adds RequiredLabels to predicate extras for API (un)marshalling.
sysdig/resource_sysdig_secure_vulnerability_rule_bundle.go Introduces the new nested block in schema and maps it to/from the backend predicate type.
sysdig/resource_sysdig_secure_vulnerability_rule_bundle_test.go Adds an acceptance test step asserting state fields for the new predicate.
website/docs/r/secure_vulnerability_rule_bundle.md Documents the new label_with_value_and_required_labels block and provides example usage.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sysdig/resource_sysdig_secure_vulnerability_rule_bundle.go
Comment thread sysdig/resource_sysdig_secure_vulnerability_rule_bundle_test.go
@tembleking tembleking requested a review from Copilot March 23, 2026 10:39
@tembleking
feat(secure): add imageConfigLabelWithValueAndLabelsExist predicate…
801e582 
… to vulnerability rule bundles

Adds support for Sysdig Secure's composite image label predicate,
enabling rules that require a label key/value match plus the presence
of additional labels.

Also adds mutual exclusivity validation for image_label sub-blocks,
converting a silent state-drift bug into a clear error message.
@tembleking tembleking force-pushed the feat/image-config-label-with-value-and-required-labels branch from 8755d30 to 801e582 Compare March 23, 2026 10:41
Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sysdig/resource_sysdig_secure_vulnerability_rule_bundle.go
@tembleking tembleking enabled auto-merge March 23, 2026 10:50
@tembleking tembleking added this pull request to the merge queue Mar 23, 2026
Merged via the queue into master with commit a37211b Mar 23, 2026
179 checks passed
@tembleking tembleking deleted the feat/image-config-label-with-value-and-required-labels branch March 23, 2026 11:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mateobur mateobur mateobur approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tembleking @mateobur