feat: Add cloud posture custom resource and cloud rules data source #147
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gpontejos
force-pushed
the
custom-policy-resource
branch
from
22e6889 to
ab438d4
Compare
gpontejos
force-pushed
the
custom-policy-resource
branch
from
ab438d4 to
6d6a396
Compare
ffalor
requested changes
Sep 26, 2025
|
|
||
| "github.com/crowdstrike/gofalcon/falcon" | ||
| cloudcompliance "github.com/crowdstrike/terraform-provider-crowdstrike/internal/cloud_compliance" | ||
| "github.com/crowdstrike/terraform-provider-crowdstrike/internal/cloud_posture" |
There was a problem hiding this comment.
Suggested change
| "github.com/crowdstrike/terraform-provider-crowdstrike/internal/cloud_posture" | |
| cloudposture "github.com/crowdstrike/terraform-provider-crowdstrike/internal/cloud_posture" |
| contentupdatepolicy.NewDefaultContentUpdatePolicyResource, | ||
| contentupdatepolicy.NewContentUpdatePolicyPrecedenceResource, | ||
| sensorvisibilityexclusion.NewSensorVisibilityExclusionResource, | ||
| cloud_posture.NewCloudPostureCustomRuleResource, |
There was a problem hiding this comment.
Suggested change
| cloud_posture.NewCloudPostureCustomRuleResource, | |
| cloudposture.NewCloudPostureCustomRuleResource, |
| sensorupdatepolicy.NewSensorUpdateBuildsDataSource, | ||
| fcs.NewCloudAwsAccountsDataSource, | ||
| contentupdatepolicy.NewContentCategoryVersionsDataSource, | ||
| cloud_posture.NewCloudPostureRulesDataSource, |
There was a problem hiding this comment.
Suggested change
| cloud_posture.NewCloudPostureRulesDataSource, | |
| cloudposture.NewCloudPostureRulesDataSource, |
| } | ||
|
|
||
| type cloudComplianceFrameworkControlDataSourceModel struct { | ||
| Controls []cloudComplianceFrameworkControlModel `tfsdk:"controls"` |
There was a problem hiding this comment.
We should use terraform types for our model struct. Almost every bug I have had to fix have been due to me using go types in my model. A recent example: #136
Suggested change
| Controls []cloudComplianceFrameworkControlModel `tfsdk:"controls"` | |
| Controls []types.Set `tfsdk:"controls"` |
You can use Schedule in sensor update policy as reference.
data.Controls = types.SetNull(types.ObjectType{AttrTypes: cloudComplianceFrameworkControlModel{}.AttributeTypes()})Basically I add a AttributeTypes method to help reduce the boilerplate that is required to convert from go to tf types.
|
|
||
| # retrieve all controls under a named benchmark | ||
| data "crowdstrike_cloud_compliance_framework_controls" "all" { | ||
| cloud_provider = "AWS" |
There was a problem hiding this comment.
This doesn't look like a valid option.
Comment on lines
+326
to
+329
| diags.AddError( | ||
| "Failed to create rule.", | ||
| fmt.Sprintf("Failed to create rule: %s", err), | ||
| ) |
There was a problem hiding this comment.
this error message needs to be updated
Comment on lines
+344
to
+350
| if len(queryPayload.Resources) == 0 { | ||
| diags.AddWarning( | ||
| "No Rules Found", | ||
| "The query returned no rules. Please check your filter criteria.", | ||
| ) | ||
| return nil, diags | ||
| } |
There was a problem hiding this comment.
I don't think we need this warning.
Comment on lines
+361
to
+364
| diags.AddError( | ||
| "Failed to get rule", | ||
| fmt.Sprintf("Failed to get rule: %s", err), | ||
| ) |
There was a problem hiding this comment.
Suggested change
| diags.AddError( | |
| "Failed to get rule", | |
| fmt.Sprintf("Failed to get rule: %s", err), | |
| ) | |
| diags.AddError( | |
| "Failed to get rules", | |
| fmt.Sprintf("Failed to get rules: %s", err), | |
| ) |
| if err = falcon.AssertNoError(getRulesPayload.Errors); err != nil { | ||
| diags.AddError( | ||
| "Failed to get rules", | ||
| fmt.Sprintf("Failed to get rule: %s", err.Error()), |
There was a problem hiding this comment.
Suggested change
| fmt.Sprintf("Failed to get rule: %s", err.Error()), | |
| fmt.Sprintf("Failed to get rules: %s", err.Error()), |
Comment on lines
+414
to
+420
| rule.AttackTypes = types.SetValueMust(types.StringType, []attr.Value{}) | ||
| for _, attackType := range resource.AttackTypes { | ||
| rule.AttackTypes, diags = types.SetValue(types.StringType, append(rule.AttackTypes.Elements(), types.StringValue(attackType))) | ||
| if diags.HasError() { | ||
| return nil, diags | ||
| } | ||
| } |
There was a problem hiding this comment.
you should be able to do this instead
Suggested change
| rule.AttackTypes = types.SetValueMust(types.StringType, []attr.Value{}) | |
| for _, attackType := range resource.AttackTypes { | |
| rule.AttackTypes, diags = types.SetValue(types.StringType, append(rule.AttackTypes.Elements(), types.StringValue(attackType))) | |
| if diags.HasError() { | |
| return nil, diags | |
| } | |
| } | |
| attackTypeSet, diags := types.SetValueFrom(ctx, types.StringType, resource.AttackTypes) | |
| if diags.HasError() { | |
| return nil, diags | |
| } |
ffalor
requested changes
Sep 26, 2025
ffalor
requested changes
Sep 26, 2025
Comment on lines
+176
to
+181
| if config.Benchmark.IsNull() && config.FQL.IsNull() { | ||
| resp.Diagnostics.AddError( | ||
| "Invalid Configuration", | ||
| "At least one of 'benchmark' or 'fql' must be defined", | ||
| ) | ||
| } |
There was a problem hiding this comment.
Is it possible for this endpoint to return everything? if it is then instead of requiring fql or benchmark, we should allow nothing to be provided, and just verify they aren't providing both are the same time.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.