feat(datasource): agentless scanning assets (#516)

cgeers · web-flow · commit 4e365188b146 · 2024-06-06T16:24:36.000-05:00
diff --git a/sysdig/data_source_sysdig_secure_onboarding.go b/sysdig/data_source_sysdig_secure_onboarding.go
@@ -133,3 +133,93 @@ func dataSourceSysdigSecureTenantExternalIDRead(ctx context.Context, d *schema.R
 
 	return nil
 }
+
+func dataSourceSysdigSecureAgentlessScanningAssets() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigSecureAgentlessScanningAssetsRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"aws": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"azure": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"backend": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"gcp": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+// Retrieves the information of a resource form the file and loads it in Terraform
+func dataSourceSysdigSecureAgentlessScanningAssetsRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, err := getSecureOnboardingClient(meta.(SysdigClients))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	assets, err := client.GetAgentlessScanningAssetsSecure(ctx)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	assetsAws, _ := assets["aws"].(map[string]interface{})
+	assetsAzure, _ := assets["azure"].(map[string]interface{})
+	assetsBackend, _ := assets["backend"].(map[string]interface{})
+	assetsGcp, _ := assets["gcp"].(map[string]interface{})
+
+	d.SetId("agentlessScanningAssets")
+	err = d.Set("aws", map[string]interface{}{
+		"account_id": assetsAws["accountId"],
+	})
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	err = d.Set("azure", map[string]interface{}{
+		"service_principal_id": assetsAzure["servicePrincipalId"],
+		"tenant_id":            assetsAzure["tenantId"],
+	})
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	err = d.Set("backend", map[string]interface{}{
+		"cloud_id": assetsBackend["cloudId"],
+		"type":     assetsBackend["type"],
+	})
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	err = d.Set("gcp", map[string]interface{}{
+		"worker_identity": assetsGcp["workerIdentity"],
+	})
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	return nil
+}
diff --git a/sysdig/data_source_sysdig_secure_onboarding_test.go b/sysdig/data_source_sysdig_secure_onboarding_test.go
@@ -81,3 +81,29 @@ func TestAccTenantExternalIDDataSource(t *testing.T) {
 		},
 	})
 }
+
+func TestAccAgentlessScanningAssetsDataSource(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: `data "sysdig_secure_agentless_scanning_assets" "assets" {}`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_agentless_scanning_assets.assets", "aws.%", "1"),
+					resource.TestCheckResourceAttr("data.sysdig_secure_agentless_scanning_assets.assets", "azure.%", "2"),
+					resource.TestCheckResourceAttr("data.sysdig_secure_agentless_scanning_assets.assets", "backend.%", "2"),
+					resource.TestCheckResourceAttr("data.sysdig_secure_agentless_scanning_assets.assets", "gcp.%", "1"),
+				),
+			},
+		},
+	})
+}
diff --git a/sysdig/internal/client/v2/onboarding.go b/sysdig/internal/client/v2/onboarding.go
@@ -7,14 +7,16 @@ import (
 )
 
 const (
-	onboardingTrustedIdentityPath = "%s/api/secure/onboarding/v2/trustedIdentity?provider=%s"
-	onboardingTenantExternaIDPath = "%s/api/secure/onboarding/v2/externalID"
+	onboardingTrustedIdentityPath         = "%s/api/secure/onboarding/v2/trustedIdentity?provider=%s"
+	onboardingTenantExternaIDPath         = "%s/api/secure/onboarding/v2/externalID"
+	onboardingAgentlessScanningAssetsPath = "%s/api/secure/onboarding/v2/agentlessScanningAssets"
 )
 
 type OnboardingSecureInterface interface {
 	Base
 	GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error)
 	GetTenantExternalIDSecure(ctx context.Context) (string, error)
+	GetAgentlessScanningAssetsSecure(ctx context.Context) (map[string]interface{}, error)
 }
 
 func (client *Client) GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) {
@@ -44,3 +46,17 @@ func (client *Client) GetTenantExternalIDSecure(ctx context.Context) (string, er
 
 	return Unmarshal[string](response.Body)
 }
+
+func (client *Client) GetAgentlessScanningAssetsSecure(ctx context.Context) (map[string]interface{}, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingAgentlessScanningAssetsPath, client.config.url), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return nil, client.ErrorFromResponse(response)
+	}
+
+	return Unmarshal[map[string]interface{}](response.Body)
+}
diff --git a/sysdig/provider.go b/sysdig/provider.go
@@ -194,6 +194,7 @@ func (p *SysdigProvider) Provider() *schema.Provider {
 			"sysdig_secure_posture_policy":                                 resourceSysdigSecurePosturePolicy(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
+			"sysdig_secure_agentless_scanning_assets":                     dataSourceSysdigSecureAgentlessScanningAssets(),
 			"sysdig_secure_trusted_cloud_identity":                        dataSourceSysdigSecureTrustedCloudIdentity(),
 			"sysdig_secure_tenant_external_id":                            dataSourceSysdigSecureTenantExternalID(),
 			"sysdig_secure_notification_channel":                          dataSourceSysdigSecureNotificationChannel(),
diff --git a/website/docs/d/secure_agentless_scanning_assets.md b/website/docs/d/secure_agentless_scanning_assets.md
@@ -0,0 +1,38 @@
+---
+subcategory: "Sysdig Secure"
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_agentless_scanning_assets"
+description: |-
+  Retrieves information about the Sysdig Secure Agentless Scanning Assets
+---
+
+# Data Source: sysdig_secure_agentless_scanning_assets
+
+Retrieves information about the Sysdig Secure Agentless Scanning Assets
+
+-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository.
+
+## Example Usage
+
+```terraform
+data "sysdig_secure_agentless_scanning_assets" "assets" {}
+```
+
+## Argument Reference
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `aws.account_id` - AWS account sandbox in which Sysdig Agentless Scanning operates
+
+* `azure.service_principal_id` - Azure service principal id for use with Sysdig Agentless Scanning
+
+* `azure.tenant_id` - Azure tenant id in which Sysdig Agentless Scanning operates
+
+* `backend.cloud_id` - Sysdig backend cloud identifier
+
+* `backend.type` - Sysdig backend cloud type
+
+* `gcp.worker_identity` - GCP worker indentity id
+
