feat: Add Cloud Posture and Cloud Compliance resource and data sources

Author: gpontejos

docs/data-sources/cloud_compliance_framework_controls.md

@@ -2,15 +2,15 @@
 page_title: "crowdstrike_cloud_compliance_framework_controls Data Source - crowdstrike"
 subcategory: "Cloud Compliance"
 description: |-
-  This data source retrieves all or a subset of controls within compliance benchmarks. You can search within a single benchmark using the 'benchmark', 'name', and 'requirement' fields, or across multiple benchmarks using an FQL filter. When using 'name', 'benchmark', and 'requirement', the 'benchmark' field is required.
+  This data source retrieves all or a subset of controls within compliance benchmarks. All non-FQL fields can accept wildcards * and query Falcon using logical AND. If FQL is defined, all other fields will be ignored. For advanced queries to further narrow your search, please use a Falcon Query Language (FQL) filter. For additional information on FQL filtering and usage, refer to the official CrowdStrike documentation: Falcon Query Language (FQL) https://falcon.crowdstrike.com/documentation/page/d3c84a1b/falcon-query-language-fql
   API Scopes
   The following API scopes are required:
   Cloud Security Policies | Read
 ---
 
 # crowdstrike_cloud_compliance_framework_controls (Data Source)
 
-This data source retrieves all or a subset of controls within compliance benchmarks. You can search within a single benchmark using the 'benchmark', 'name', and 'requirement' fields, or across multiple benchmarks using an FQL filter. When using 'name', 'benchmark', and 'requirement', the 'benchmark' field is required.
+This data source retrieves all or a subset of controls within compliance benchmarks. All non-FQL fields can accept wildcards `*` and query Falcon using logical AND. If FQL is defined, all other fields will be ignored. For advanced queries to further narrow your search, please use a Falcon Query Language (FQL) filter. For additional information on FQL filtering and usage, refer to the official CrowdStrike documentation: [Falcon Query Language (FQL)](https://falcon.crowdstrike.com/documentation/page/d3c84a1b/falcon-query-language-fql)
 
 ## API Scopes
 
@@ -36,8 +36,7 @@ provider "crowdstrike" {
 
 # retrieve all controls under a named benchmark
 data "crowdstrike_cloud_compliance_framework_controls" "all" {
-  cloud_provider = "AWS"
-  rule_name      = "NLB/ALB configured publicly with TLS/SSL disabled"
+  benchmark = "CIS 1.0.0 AWS Web Architecture"
 }
 
 # retrieve a single control within a benchmark by name
@@ -63,24 +62,25 @@ data "crowdstrike_cloud_compliance_framework_controls" "fql" {
 
 ### Optional
 
-- `benchmark` (String) Name of the compliance benchmark in the framework.
+- `benchmark` (String) Name of the compliance benchmark in the framework. Examples: `AWS Foundational Security Best Practices v1.*`, `CIS 1.2.0 GCP`, `CIS 1.8.0 GKE`
+- `control_name` (String) Name of the control. Examples: `Ensure security contact phone is set`, `Ensure that Azure Defender*`
+- `fql` (String) Falcon Query Language (FQL) filter for advanced control searches. FQL filter, allowed props: `compliance_control_name`, `compliance_control_authority`, `compliance_control_type`, `compliance_control_section`, `compliance_control_requirement`, `compliance_control_benchmark_name`, `compliance_control_benchmark_version`
+- `requirement` (String) Requirement of the control(s) within the framework. Examples: `2.*`, `1.1`
+- `section` (String) Section of the benchmark where the control(s) reside. Examples: `Data Protection`, `Data*`
+
+### Read-Only
+
 - `controls` (Attributes Set) Security framework and compliance rule information. (see [below for nested schema](#nestedatt--controls))
-- `fql` (String) Falcon Query Language (FQL) filter for advanced control searches. FQL filter, allowed props: *compliance_control_name* *compliance_control_authority* *compliance_control_type* *compliance_control_section* *compliance_control_requirement* *compliance_control_benchmark_name* *compliance_control_benchmark_version*
-- `name` (String) Name of the control.
-- `requirement` (String) Version of the control.
 
 <a id="nestedatt--controls"></a>
 ### Nested Schema for `controls`
 
-Required:
+Read-Only:
 
+- `authority` (String) The compliance authority for the framework
+- `benchmark` (String) The compliance benchmark within the framework.
 - `code` (String) The unique compliance framework rule code.
+- `id` (String) The id of the compliance control.
 - `name` (String) The name of the control.
-- `uuid` (String) The uuid of the compliance control.
-
-Optional:
-
-- `authority` (String) This compliance authority for the framework
-- `benchmark` (String) The compliance benchmark within the framework.
 - `requirement` (String) The compliance framework requirement.
 - `section` (String) The section within the compliance benchmark.

docs/data-sources/cloud_posture_rules.md

@@ -2,15 +2,15 @@
 page_title: "crowdstrike_cloud_posture_rules Data Source - crowdstrike"
 subcategory: "Cloud Posture"
 description: |-
-  This data source retrieves detailed information about a specific cloud posture rule, including its unique identifier (UUID) and associated attributes.
+  This data source retrieves detailed information about a specific cloud posture rule, including its unique identifier (ID) and associated attributes.All non-FQL fields can accept wildcards * and query Falcon using logical AND. If FQL is defined, all other fields will be ignored. For advanced queries to further narrow your search, please use a Falcon Query Language (FQL) filter. For additional information on FQL filtering and usage, refer to the official CrowdStrike documentation: Falcon Query Language (FQL) https://falcon.crowdstrike.com/documentation/page/d3c84a1b/falcon-query-language-fql
   API Scopes
   The following API scopes are required:
   Cloud Security Policies | Read & Write
 ---
 
 # crowdstrike_cloud_posture_rules (Data Source)
 
-This data source retrieves detailed information about a specific cloud posture rule, including its unique identifier (UUID) and associated attributes.
+This data source retrieves detailed information about a specific cloud posture rule, including its unique identifier (ID) and associated attributes.All non-FQL fields can accept wildcards `*` and query Falcon using logical AND. If FQL is defined, all other fields will be ignored. For advanced queries to further narrow your search, please use a Falcon Query Language (FQL) filter. For additional information on FQL filtering and usage, refer to the official CrowdStrike documentation: [Falcon Query Language (FQL)](https://falcon.crowdstrike.com/documentation/page/d3c84a1b/falcon-query-language-fql)
 
 ## API Scopes
 
@@ -34,59 +34,73 @@ provider "crowdstrike" {
   cloud = "us-2"
 }
 
-# return all rules for a single cloud provider
-data "crowdstrike_cloud_posture_rules" "all" {
-  cloud_provider = "AWS"
-}
-
 # return a single rule within a cloud provider
 data "crowdstrike_cloud_posture_rules" "specific" {
   cloud_provider = "AWS"
   rule_name      = "NLB/ALB configured publicly with TLS/SSL disabled"
 }
+
+# query by FQL filter
+data "crowdstrike_cloud_posture_rules" "original" {
+  fql = "rule_name:'NLB/ALB configured publicly with TLS/SSL disabled'"
+}
+
+# return all rules for a specific resource type within a benchmark
+data "crowdstrike_cloud_posture_rules" "original" {
+  resource_type = "AWS::ElasticLoadBalancingV2::*"
+  benchmark     = "CIS 1.0.0 AWS Web Architecture"
+}
+
+# return all rules for a specific resource type within an entire framework
+data "crowdstrike_cloud_posture_rules" "original" {
+  resource_type = "AWS::ElasticLoadBalancingV2::*"
+  framework     = "CIS"
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
+### Optional
 
+- `benchmark` (String) Name of the benchmark that this rule is attached to. Note that rules can be associated with multiple benchmarks. Example: `CIS 1.0.0 AWS*`
 - `cloud_provider` (String) Cloud provider for where the rule resides.
+- `fql` (String) Falcon Query Language (FQL) filter for advanced control searches. FQL filter, allowed props: `rule_origin`, `rule_parent_uuid`, `rule_name`, `rule_description`, `rule_domain`, `rule_status`, `rule_severity`, `rule_short_code`, `rule_service`, `rule_resource_type`, `rule_provider`, `rule_subdomain`, `rule_auto_remediable`, `rule_control_requirement`, `rule_control_section`, `rule_compliance_benchmark`, `rule_compliance_framework`, `rule_mitre_tactic`, `rule_mitre_technique`, `rule_created_at`, `rule_updated_at`, `rule_updated_by`
+- `framework` (String) Name of the framework that this rule is attached to. Note that rules can be associated with multiple benchmarks. Examples: CIS, NIST
+- `resource_type` (String) Name of the resource type to search for. Examples: `AWS::IAM::CredentialReport`, `Microsoft.Compute/virtualMachines`, `container.googleapis.com/Cluster`.
+- `rule_name` (String) Name of the rule to search for. If no name is defined all rules in a cloud provider will be returned.
+- `service` (String) Name of the service within the cloud provider that rule is for. Examples: IAM, S3, Microsoft.Compute
 
-### Optional
+### Read-Only
 
-- `rule_name` (String) Name of the rule to search for. If no name is defined all rules in cloud provider will be returned.
-- `rules` (Attributes List) List of cloud posture rules (see [below for nested schema](#nestedatt--rules))
+- `rules` (Attributes Set) List of cloud posture rules (see [below for nested schema](#nestedatt--rules))
 
 <a id="nestedatt--rules"></a>
 ### Nested Schema for `rules`
 
-Optional:
+Read-Only:
 
-- `alert_info` (List of String) A list of the alert logic and detection criteria for rule violations. Parent value will be used when parent_rule_id is defined.
+- `alert_info` (List of String) A list of the alert logic and detection criteria for rule violations.
 - `attack_types` (Set of String) Specific attack types associated with the rule.
-- `auto_remediable` (Boolean) Autoremediation enabled for rule
+- `auto_remediable` (Boolean) Autoremediation enabled for the policy rule
 - `cloud_platform` (String) Cloud platform for the policy rule.
 - `cloud_provider` (String) Cloud provider for the policy rule.
 - `controls` (Attributes Set) Security framework and compliance rule information. (see [below for nested schema](#nestedatt--rules--controls))
 - `description` (String) Description of the policy rule.
-- `domain` (String) Timestamp of the last Terraform update of the resource.
-- `logic` (String) Rego logic for the rule. If this is not defined, then parent_rule_id must be defined.
+- `domain` (String) Domain for the policy rule.
+- `id` (String) Unique identifier of the policy rule.
+- `logic` (String) Rego logic for the policy rule.
 - `name` (String) Name of the policy rule.
-- `parent_rule_id` (String) UUID of the parent rule to inherit properties from. Required if logic is not specified.
-- `remediation_info` (String) Information about how to remediate issues detected by this rule.
-- `resource_type` (String) The full resource type. Format examples: AWS: AWS::IAM::CredentialReport, Azure: Microsoft.Compute/virtualMachines, GCP: container.googleapis.com/Cluster
-- `severity` (Number) Severity of the rule. Valid values are 0 (critical), 1 (high), 2 (medium), 3 (informational).
+- `parent_rule_id` (String) Id of the parent rule to inherit properties from.
+- `remediation_info` (List of String) Information about how to remediate issues detected by this rule.
+- `resource_type` (String) The full resource type. Format examples: `AWS::IAM::CredentialReport`, `Microsoft.Compute/virtualMachines`, `container.googleapis.com/Cluster`
+- `severity` (String) Severity of the rule. Valid values are `critical`, `high`, `medium`, `informational`.
 - `subdomain` (String) Subdomain for the policy rule. Valid values are 'IOM' (Indicators of Misconfiguration) or 'IAC' (Infrastructure as Code). IOM is only supported at this time.
 
-Read-Only:
-
-- `uuid` (String) Unique identifier of the policy rule.
-
 <a id="nestedatt--rules--controls"></a>
 ### Nested Schema for `rules.controls`
 
 Required:
 
-- `authority` (String) This compliance framework
+- `authority` (String) The compliance framework
 - `code` (String) The compliance framework rule code

docs/resources/cloud_posture_custom_rule.md

@@ -2,15 +2,15 @@
 page_title: "crowdstrike_cloud_posture_custom_rule Resource - crowdstrike"
 subcategory: "Cloud Posture"
 description: |-
-  This resource manages custom cloud posture rules. These rules can be created either by inheriting properties from a parent rule with minimal customization, or by fully customizing all attributes for maximum flexibility.
+  This resource manages custom cloud posture rules. These rules can be created either by inheriting properties from a parent rule with minimal customization, or by fully customizing all attributes for maximum flexibility. To create a rule based on a parent rule, utilize the crowdstrike_cloud_posture_rules data source to gather parent rule information to use in the new custom rule. The crowdstrike_cloud_compliance_framework_controls data source can be used to query Falcon for compliance benchmark controls to associate with custom rules created with this resource.
   API Scopes
   The following API scopes are required:
   Cloud Security Policies | Read & Write
 ---
 
 # crowdstrike_cloud_posture_custom_rule (Resource)
 
-This resource manages custom cloud posture rules. These rules can be created either by inheriting properties from a parent rule with minimal customization, or by fully customizing all attributes for maximum flexibility.
+This resource manages custom cloud posture rules. These rules can be created either by inheriting properties from a parent rule with minimal customization, or by fully customizing all attributes for maximum flexibility. To create a rule based on a parent rule, utilize the `crowdstrike_cloud_posture_rules` data source to gather parent rule information to use in the new custom rule. The `crowdstrike_cloud_compliance_framework_controls` data source can be used to query Falcon for compliance benchmark controls to associate with custom rules created with this resource. 
 
 ## API Scopes
 
@@ -37,12 +37,10 @@ provider "crowdstrike" {
 # Custom rule derived from a parent rule with specific modifications
 resource "crowdstrike_cloud_posture_custom_rule" "copy_rule" {
   resource_type  = "AWS::EC2::Instance"
-  subdomain      = "IOM"
   name           = "Test Terraform"
   description    = "Test Terraform"
-  cloud_platform = "AWS"
   cloud_provider = "AWS"
-  severity       = 1
+  severity       = "informational"
   remediation_info = [
     "Remediation step 1",
     "Remediation step 2",
@@ -67,21 +65,19 @@ resource "crowdstrike_cloud_posture_custom_rule" "copy_rule" {
 
 resource "crowdstrike_cloud_posture_custom_rule" "custom_rule" {
   resource_type  = "AWS::EC2::Instance"
-  subdomain      = "IOM"
   name           = "Test Terraform"
   description    = "Test Terraform"
-  cloud_platform = "AWS"
   cloud_provider = "AWS"
   attack_types = [
-    "this is an attack type",
-    "this is another attack type"
+    "Attack Type 1",
+    "Attack Type 2"
   ]
   remediation_info = [
     "Remediation step 1",
     "Remediation step 2",
     "Remediation step 3",
   ]
-  severity = 2
+  severity = "medium"
   logic    = <<EOF
 package crowdstrike
 default result = "pass"
@@ -111,34 +107,34 @@ EOF
 
 ### Required
 
-- `cloud_platform` (String) Cloud platform for the policy rule.
 - `cloud_provider` (String) Cloud provider for the policy rule.
 - `description` (String) Description of the policy rule.
 - `name` (String) Name of the policy rule.
-- `resource_type` (String) The full resource type. Format examples: AWS: AWS::IAM::CredentialReport, Azure: Microsoft.Compute/virtualMachines, GCP: container.googleapis.com/Cluster.
-- `subdomain` (String) Subdomain for the policy rule. Valid values are 'IOM' (Indicators of Misconfiguration) or 'IaC' (Infrastructure as Code). IOM is only supported at this time.
+- `resource_type` (String) The full resource type. Examples: `AWS::IAM::CredentialReport`, `Microsoft.Compute/virtualMachines`, `container.googleapis.com/Cluster`
 
 ### Optional
 
-- `alert_info` (List of String) A list of the alert logic and detection criteria for rule violations. Parent value will be used when parent_rule_id is defined.
-- `attack_types` (Set of String) Specific attack types associated with the rule. Note: If 'parent_rule_id' is specified, these attack types will be inherited from the parent rule, and any values provided here will be ignored.
-- `controls` (Attributes Set) Security framework and compliance rule information. (see [below for nested schema](#nestedatt--controls))
-- `logic` (String) Rego logic for the rule. If this is not defined, then parent_rule_id must be defined.
-- `parent_rule_id` (String) UUID of the parent rule to inherit properties from. Required if logic is not specified.
-- `remediation_info` (List of String) Information about how to remediate issues detected by this rule.
-- `severity` (Number) Severity of the rule. Valid values are 0 (critical), 1 (high), 2 (medium), 3 (informational).
+- `alert_info` (List of String) A list of the alert logic and detection criteria for rule violations. When `alert_info` is not defined and `parent_rule_id` is defined, this field will inherit the parent rule's `alert_info`. Do not include numbering within this list. The Falcon console will automatically add numbering.
+- `attack_types` (Set of String) Specific attack types associated with the rule. Note: If `parent_rule_id` is defined, attack types will be inherited from the parent rule and cannot be specified using this field.
+- `controls` (Attributes Set) Security framework and compliance rule information. Utilize the `crowdstrike_cloud_compliance_framework_controls` data source to obtain this information. When `controls` is not defined and `parent_rule_id` is defined, this field will inherit the parent rule's `controls`. (see [below for nested schema](#nestedatt--controls))
+- `logic` (String) Rego logic for the rule. If this is not defined, then parent_rule_id must be defined. When `parent_rule_id` is defined, `logic` from the parent rule is not visible, but it is used for triggering this rule.
+- `parent_rule_id` (String) Id of the parent rule to inherit properties from. The `crowdstrike_cloud_posture_rules` data source can be used to query Falcon for parent rule information to use in this field. Required if `logic` is not specified.
+- `remediation_info` (List of String) Information about how to remediate issues detected by this rule. Do not include numbering within this list. The Falcon console will automatically add numbering.
+- `severity` (String) Severity of the rule. Valid values are `critical`, `high`, `medium`, `informational`.
 
 ### Read-Only
 
+- `cloud_platform` (String) Cloud platform for the policy rule.
 - `domain` (String) CrowdStrike domain for the custom rule. Default is CSPM
-- `uuid` (String) Unique identifier of the policy rule.
+- `id` (String) Unique identifier of the policy rule.
+- `subdomain` (String) Subdomain for the policy rule. Valid values are 'IOM' (Indicators of Misconfiguration) or 'IAC' (Infrastructure as Code). IOM is only supported at this time.
 
 <a id="nestedatt--controls"></a>
 ### Nested Schema for `controls`
 
 Required:
 
-- `authority` (String) This compliance framework
+- `authority` (String) The compliance framework
 - `code` (String) The compliance framework rule code
 
 ## Import

examples/data-sources/crowdstrike_cloud_compliance_framework_controls/data-source.tf

@@ -12,8 +12,7 @@ provider "crowdstrike" {
 
 # retrieve all controls under a named benchmark
 data "crowdstrike_cloud_compliance_framework_controls" "all" {
-  cloud_provider = "AWS"
-  rule_name      = "NLB/ALB configured publicly with TLS/SSL disabled"
+  benchmark = "CIS 1.0.0 AWS Web Architecture"
 }
 
 # retrieve a single control within a benchmark by name