feat: Add cloud posture custom resource and cloud rules data source

docs/data-sources/cloud_compliance_framework_controls.md

@@ -0,0 +1,86 @@
+---
+page_title: "crowdstrike_cloud_compliance_framework_controls Data Source - crowdstrike"
+subcategory: "Cloud Compliance"
+description: |-
+  This data source retrieves all or a subset of controls within compliance benchmarks. All non-FQL fields can accept wildcards * and query Falcon using logical AND. If FQL is defined, all other fields will be ignored. For advanced queries to further narrow your search, please use a Falcon Query Language (FQL) filter. For additional information on FQL filtering and usage, refer to the official CrowdStrike documentation: Falcon Query Language (FQL) https://falcon.crowdstrike.com/documentation/page/d3c84a1b/falcon-query-language-fql
+  API Scopes
+  The following API scopes are required:
+  Cloud Security Policies | Read
+---
+
+# crowdstrike_cloud_compliance_framework_controls (Data Source)
+
+This data source retrieves all or a subset of controls within compliance benchmarks. All non-FQL fields can accept wildcards `*` and query Falcon using logical AND. If FQL is defined, all other fields will be ignored. For advanced queries to further narrow your search, please use a Falcon Query Language (FQL) filter. For additional information on FQL filtering and usage, refer to the official CrowdStrike documentation: [Falcon Query Language (FQL)](https://falcon.crowdstrike.com/documentation/page/d3c84a1b/falcon-query-language-fql)
+
+## API Scopes
+
+The following API scopes are required:
+
+- Cloud Security Policies | Read
+
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    crowdstrike = {
+      source = "registry.terraform.io/crowdstrike/crowdstrike"
+    }
+  }
+}
+
+provider "crowdstrike" {
+  cloud = "us-2"
+}
+
+# retrieve all controls under a named benchmark
+data "crowdstrike_cloud_compliance_framework_controls" "all" {
+  benchmark = "CIS 1.0.0 AWS Web Architecture"
+}
+
+# retrieve a single control within a benchmark by name
+data "crowdstrike_cloud_compliance_framework_controls" "by_name" {
+  name      = "Ensure subnets for the Web tier are created"
+  benchmark = "CIS 1.0.0 AWS Web Architecture"
+}
+
+# retrieve a single control within a benchmark by requirement
+data "crowdstrike_cloud_compliance_framework_controls" "by_requirement" {
+  requirement = "2.1"
+  benchmark   = "CIS 1.0.0 AWS Web Architecture"
+}
+
+# query by FQL filter
+data "crowdstrike_cloud_compliance_framework_controls" "fql" {
+  fql = "compliance_control_name:'Ensure subnets for the Web tier are created'"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `benchmark` (String) Name of the compliance benchmark in the framework. Examples: `AWS Foundational Security Best Practices v1.*`, `CIS 1.2.0 GCP`, `CIS 1.8.0 GKE`
+- `control_name` (String) Name of the control. Examples: `Ensure security contact phone is set`, `Ensure that Azure Defender*`
+- `fql` (String) Falcon Query Language (FQL) filter for advanced control searches. FQL filter, allowed props: `compliance_control_name`, `compliance_control_authority`, `compliance_control_type`, `compliance_control_section`, `compliance_control_requirement`, `compliance_control_benchmark_name`, `compliance_control_benchmark_version`
+- `requirement` (String) Requirement of the control(s) within the framework. Examples: `2.*`, `1.1`
+- `section` (String) Section of the benchmark where the control(s) reside. Examples: `Data Protection`, `Data*`
+
+### Read-Only
+
+- `controls` (Attributes Set) Security framework and compliance rule information. (see [below for nested schema](#nestedatt--controls))
+
+<a id="nestedatt--controls"></a>
+### Nested Schema for `controls`
+
+Read-Only:
+
+- `authority` (String) The compliance authority for the framework
+- `benchmark` (String) The compliance benchmark within the framework.
+- `code` (String) The unique compliance framework rule code.
+- `id` (String) The id of the compliance control.
+- `name` (String) The name of the control.
+- `requirement` (String) The compliance framework requirement.
+- `section` (String) The section within the compliance benchmark.

docs/data-sources/cloud_posture_rules.md

@@ -0,0 +1,106 @@
+---
+page_title: "crowdstrike_cloud_posture_rules Data Source - crowdstrike"
+subcategory: "Cloud Posture"
+description: |-
+  This data source retrieves detailed information about a specific cloud posture rule, including its unique identifier (ID) and associated attributes.All non-FQL fields can accept wildcards * and query Falcon using logical AND. If FQL is defined, all other fields will be ignored. For advanced queries to further narrow your search, please use a Falcon Query Language (FQL) filter. For additional information on FQL filtering and usage, refer to the official CrowdStrike documentation: Falcon Query Language (FQL) https://falcon.crowdstrike.com/documentation/page/d3c84a1b/falcon-query-language-fql
+  API Scopes
+  The following API scopes are required:
+  Cloud Security Policies | Read & Write
+---
+
+# crowdstrike_cloud_posture_rules (Data Source)
+
+This data source retrieves detailed information about a specific cloud posture rule, including its unique identifier (ID) and associated attributes.All non-FQL fields can accept wildcards `*` and query Falcon using logical AND. If FQL is defined, all other fields will be ignored. For advanced queries to further narrow your search, please use a Falcon Query Language (FQL) filter. For additional information on FQL filtering and usage, refer to the official CrowdStrike documentation: [Falcon Query Language (FQL)](https://falcon.crowdstrike.com/documentation/page/d3c84a1b/falcon-query-language-fql)
+
+## API Scopes
+
+The following API scopes are required:
+
+- Cloud Security Policies | Read & Write
+
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    crowdstrike = {
+      source = "registry.terraform.io/crowdstrike/crowdstrike"
+    }
+  }
+}
+
+provider "crowdstrike" {
+  cloud = "us-2"
+}
+
+# return a single rule within a cloud provider
+data "crowdstrike_cloud_posture_rules" "specific" {
+  cloud_provider = "AWS"
+  rule_name      = "NLB/ALB configured publicly with TLS/SSL disabled"
+}
+
+# query by FQL filter
+data "crowdstrike_cloud_posture_rules" "original" {
+  fql = "rule_name:'NLB/ALB configured publicly with TLS/SSL disabled'"
+}
+
+# return all rules for a specific resource type within a benchmark
+data "crowdstrike_cloud_posture_rules" "original" {
+  resource_type = "AWS::ElasticLoadBalancingV2::*"
+  benchmark     = "CIS 1.0.0 AWS Web Architecture"
+}
+
+# return all rules for a specific resource type within an entire framework
+data "crowdstrike_cloud_posture_rules" "original" {
+  resource_type = "AWS::ElasticLoadBalancingV2::*"
+  framework     = "CIS"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `benchmark` (String) Name of the benchmark that this rule is attached to. Note that rules can be associated with multiple benchmarks. Example: `CIS 1.0.0 AWS*`
+- `cloud_provider` (String) Cloud provider for where the rule resides.
+- `fql` (String) Falcon Query Language (FQL) filter for advanced control searches. FQL filter, allowed props: `rule_origin`, `rule_parent_uuid`, `rule_name`, `rule_description`, `rule_domain`, `rule_status`, `rule_severity`, `rule_short_code`, `rule_service`, `rule_resource_type`, `rule_provider`, `rule_subdomain`, `rule_auto_remediable`, `rule_control_requirement`, `rule_control_section`, `rule_compliance_benchmark`, `rule_compliance_framework`, `rule_mitre_tactic`, `rule_mitre_technique`, `rule_created_at`, `rule_updated_at`, `rule_updated_by`
+- `framework` (String) Name of the framework that this rule is attached to. Note that rules can be associated with multiple benchmarks. Examples: CIS, NIST
+- `resource_type` (String) Name of the resource type to search for. Examples: `AWS::IAM::CredentialReport`, `Microsoft.Compute/virtualMachines`, `container.googleapis.com/Cluster`.
+- `rule_name` (String) Name of the rule to search for. If no name is defined all rules in a cloud provider will be returned.
+- `service` (String) Name of the service within the cloud provider that rule is for. Examples: IAM, S3, Microsoft.Compute
+
+### Read-Only
+
+- `rules` (Attributes Set) List of cloud posture rules (see [below for nested schema](#nestedatt--rules))
+
+<a id="nestedatt--rules"></a>
+### Nested Schema for `rules`
+
+Read-Only:
+
+- `alert_info` (List of String) A list of the alert logic and detection criteria for rule violations.
+- `attack_types` (Set of String) Specific attack types associated with the rule.
+- `auto_remediable` (Boolean) Autoremediation enabled for the policy rule
+- `cloud_platform` (String) Cloud platform for the policy rule.
+- `cloud_provider` (String) Cloud provider for the policy rule.
+- `controls` (Attributes Set) Security framework and compliance rule information. (see [below for nested schema](#nestedatt--rules--controls))
+- `description` (String) Description of the policy rule.
+- `domain` (String) Domain for the policy rule.
+- `id` (String) Unique identifier of the policy rule.
+- `logic` (String) Rego logic for the policy rule.
+- `name` (String) Name of the policy rule.
+- `parent_rule_id` (String) Id of the parent rule to inherit properties from.
+- `remediation_info` (List of String) Information about how to remediate issues detected by this rule.
+- `resource_type` (String) The full resource type. Format examples: `AWS::IAM::CredentialReport`, `Microsoft.Compute/virtualMachines`, `container.googleapis.com/Cluster`
+- `severity` (String) Severity of the rule. Valid values are `critical`, `high`, `medium`, `informational`.
+- `subdomain` (String) Subdomain for the policy rule. Valid values are 'IOM' (Indicators of Misconfiguration) or 'IAC' (Infrastructure as Code). IOM is only supported at this time.
+
+<a id="nestedatt--rules--controls"></a>
+### Nested Schema for `rules.controls`
+
+Required:
+
+- `authority` (String) The compliance framework
+- `code` (String) The compliance framework rule code

docs/resources/cloud_posture_custom_rule.md

@@ -0,0 +1,147 @@
+---
+page_title: "crowdstrike_cloud_posture_custom_rule Resource - crowdstrike"
+subcategory: "Cloud Posture"
+description: |-
+  This resource manages custom cloud posture rules. These rules can be created either by inheriting properties from a parent rule with minimal customization, or by fully customizing all attributes for maximum flexibility. To create a rule based on a parent rule, utilize the crowdstrike_cloud_posture_rules data source to gather parent rule information to use in the new custom rule. The crowdstrike_cloud_compliance_framework_controls data source can be used to query Falcon for compliance benchmark controls to associate with custom rules created with this resource.
+  API Scopes
+  The following API scopes are required:
+  Cloud Security Policies | Read & Write
+---
+
+# crowdstrike_cloud_posture_custom_rule (Resource)
+
+This resource manages custom cloud posture rules. These rules can be created either by inheriting properties from a parent rule with minimal customization, or by fully customizing all attributes for maximum flexibility. To create a rule based on a parent rule, utilize the `crowdstrike_cloud_posture_rules` data source to gather parent rule information to use in the new custom rule. The `crowdstrike_cloud_compliance_framework_controls` data source can be used to query Falcon for compliance benchmark controls to associate with custom rules created with this resource.
+
+## API Scopes
+
+The following API scopes are required:
+
+- Cloud Security Policies | Read & Write
+
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    crowdstrike = {
+      source = "registry.terraform.io/crowdstrike/crowdstrike"
+    }
+  }
+}
+
+provider "crowdstrike" {
+  cloud = "us-2"
+}
+
+# Custom rule derived from a parent rule with specific modifications
+resource "crowdstrike_cloud_posture_custom_rule" "copy_rule" {
+  resource_type  = "AWS::EC2::Instance"
+  name           = "Test Terraform"
+  description    = "Test Terraform"
+  cloud_provider = "AWS"
+  severity       = "informational"
+  remediation_info = [
+    "Remediation step 1",
+    "Remediation step 2",
+    "Remediation step 3",
+  ]
+  alert_info = [
+    "First item in alert info",
+    "Second item in alert info"
+  ]
+  controls = [
+    {
+      authority = "CIS",
+      code      = "89"
+    },
+    {
+      authority = "CIS",
+      code      = "791"
+    }
+  ]
+  parent_rule_id = "190c2d3d-8b0e-4838-bf11-4c6e044b9cb1"
+}
+
+resource "crowdstrike_cloud_posture_custom_rule" "custom_rule" {
+  resource_type  = "AWS::EC2::Instance"
+  name           = "Test Terraform"
+  description    = "Test Terraform"
+  cloud_provider = "AWS"
+  attack_types = [
+    "Attack Type 1",
+    "Attack Type 2"
+  ]
+  remediation_info = [
+    "Remediation step 1",
+    "Remediation step 2",
+    "Remediation step 3",
+  ]
+  severity = "medium"
+  logic    = <<EOF
+package crowdstrike
+default result = "pass"
+result = "fail" if {
+  input.tags[_] == "catch-me"
+}
+EOF
+  alert_info = [
+    "First item in alert info",
+    "Second item in alert info"
+  ]
+  controls = [
+    {
+      authority = "CIS",
+      code      = "89"
+    },
+    {
+      authority = "CIS",
+      code      = "791"
+    },
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cloud_provider` (String) Cloud provider for the policy rule.
+- `description` (String) Description of the policy rule.
+- `name` (String) Name of the policy rule.
+- `resource_type` (String) The full resource type. Examples: `AWS::IAM::CredentialReport`, `Microsoft.Compute/virtualMachines`, `container.googleapis.com/Cluster`
+
+### Optional
+
+- `alert_info` (List of String) A list of the alert logic and detection criteria for rule violations. When `alert_info` is not defined and `parent_rule_id` is defined, this field will inherit the parent rule's `alert_info`. Do not include numbering within this list. The Falcon console will automatically add numbering.
+- `attack_types` (Set of String) Specific attack types associated with the rule. Note: If `parent_rule_id` is defined, attack types will be inherited from the parent rule and cannot be specified using this field.
+- `controls` (Attributes Set) Security framework and compliance rule information. Utilize the `crowdstrike_cloud_compliance_framework_controls` data source to obtain this information. When `controls` is not defined and `parent_rule_id` is defined, this field will inherit the parent rule's `controls`. (see [below for nested schema](#nestedatt--controls))
+- `logic` (String) Rego logic for the rule. If this is not defined, then parent_rule_id must be defined. When `parent_rule_id` is defined, `logic` from the parent rule is not visible, but it is used for triggering this rule.
+- `parent_rule_id` (String) Id of the parent rule to inherit properties from. The `crowdstrike_cloud_posture_rules` data source can be used to query Falcon for parent rule information to use in this field. Required if `logic` is not specified.
+- `remediation_info` (List of String) Information about how to remediate issues detected by this rule. Do not include numbering within this list. The Falcon console will automatically add numbering.
+- `severity` (String) Severity of the rule. Valid values are `critical`, `high`, `medium`, `informational`.
+
+### Read-Only
+
+- `cloud_platform` (String) Cloud platform for the policy rule.
+- `domain` (String) CrowdStrike domain for the custom rule. Default is CSPM
+- `id` (String) Unique identifier of the policy rule.
+- `subdomain` (String) Subdomain for the policy rule. Valid values are 'IOM' (Indicators of Misconfiguration) or 'IAC' (Infrastructure as Code). IOM is only supported at this time.
+
+<a id="nestedatt--controls"></a>
+### Nested Schema for `controls`
+
+Required:
+
+- `authority` (String) The compliance framework
+- `code` (String) The compliance framework rule code
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Cloud Posture Custom Rule resources can be imported using their UUID, e.g.
+terraform import crowdstrike_cloud_posture_custom_rule.example 123e4567-e89b-12d3-a456-426614174000
+```

examples/data-sources/crowdstrike_cloud_compliance_framework_controls/data-source.tf

@@ -0,0 +1,33 @@
+terraform {
+  required_providers {
+    crowdstrike = {
+      source = "registry.terraform.io/crowdstrike/crowdstrike"
+    }
+  }
+}
+
+provider "crowdstrike" {
+  cloud = "us-2"
+}
+
+# retrieve all controls under a named benchmark
+data "crowdstrike_cloud_compliance_framework_controls" "all" {
+  benchmark = "CIS 1.0.0 AWS Web Architecture"
+}
+
+# retrieve a single control within a benchmark by name
+data "crowdstrike_cloud_compliance_framework_controls" "by_name" {
+  name      = "Ensure subnets for the Web tier are created"
+  benchmark = "CIS 1.0.0 AWS Web Architecture"
+}
+
+# retrieve a single control within a benchmark by requirement
+data "crowdstrike_cloud_compliance_framework_controls" "by_requirement" {
+  requirement = "2.1"
+  benchmark   = "CIS 1.0.0 AWS Web Architecture"
+}
+
+# query by FQL filter
+data "crowdstrike_cloud_compliance_framework_controls" "fql" {
+  fql = "compliance_control_name:'Ensure subnets for the Web tier are created'"
+}