feat(onboarding): data source tenant external id (#512)

* feat(onboarding): data source tenant external id

* adds external id as data source for use by sysdig tenants

* chore(onboarding): create secure onboarding client

* docs: add sysdig_secure_tenant_external_id

* fix: lint errcheck

Author: cgeers

sysdig/data_source_sysdig_secure_trusted_cloud_identity.go renamed to sysdig/data_source_sysdig_secure_onboarding.go

@@ -6,11 +6,16 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws/arn"
+	v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
+func getSecureOnboardingClient(c SysdigClients) (v2.OnboardingSecureInterface, error) {
+	return c.sysdigSecureClientV2()
+}
+
 func dataSourceSysdigSecureTrustedCloudIdentity() *schema.Resource {
 	timeout := 5 * time.Minute
 
@@ -53,7 +58,7 @@ func dataSourceSysdigSecureTrustedCloudIdentity() *schema.Resource {
 
 // Retrieves the information of a resource form the file and loads it in Terraform
 func dataSourceSysdigSecureTrustedCloudIdentityRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
-	client, err := getSecureCloudAccountClient(meta.(SysdigClients))
+	client, err := getSecureOnboardingClient(meta.(SysdigClients))
 	if err != nil {
 		return diag.FromErr(err)
 	}
@@ -88,3 +93,43 @@ func dataSourceSysdigSecureTrustedCloudIdentityRead(ctx context.Context, d *sche
 	}
 	return nil
 }
+
+func dataSourceSysdigSecureTenantExternalID() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigSecureTenantExternalIDRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"external_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+// Retrieves the information of a resource form the file and loads it in Terraform
+func dataSourceSysdigSecureTenantExternalIDRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, err := getSecureOnboardingClient(meta.(SysdigClients))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	externalId, err := client.GetTenantExternalIDSecure(ctx)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(externalId)
+	err = d.Set("external_id", externalId)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	return nil
+}

sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go renamed to sysdig/data_source_sysdig_secure_onboarding_test.go

@@ -61,3 +61,23 @@ data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
 }
 `
 }
+
+func TestAccTenantExternalIDDataSource(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: `data "sysdig_secure_tenant_external_id" "external_id" {}`,
+			},
+		},
+	})
+}

sysdig/internal/client/v2/cloud_account.go

@@ -11,7 +11,6 @@ const (
 	cloudAccountsWithExternalIDPath = "%s/api/cloud/v2/accounts?includeExternalID=true&upsert=true"
 	cloudAccountPath                = "%s/api/cloud/v2/accounts/%s"
 	cloudAccountWithExternalIDPath  = "%s/api/cloud/v2/accounts/%s?includeExternalID=true"
-	trustedCloudIdentityPath        = "%s/api/cloud/v2/%s/trustedIdentity"
 	providersPath                   = "%v/api/v2/providers"
 )
 
@@ -21,7 +20,6 @@ type CloudAccountSecureInterface interface {
 	GetCloudAccountSecure(ctx context.Context, accountID string) (*CloudAccountSecure, error)
 	DeleteCloudAccountSecure(ctx context.Context, accountID string) error
 	UpdateCloudAccountSecure(ctx context.Context, accountID string, cloudAccount *CloudAccountSecure) (*CloudAccountSecure, error)
-	GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error)
 }
 
 type CloudAccountMonitorInterface interface {
@@ -99,20 +97,6 @@ func (client *Client) UpdateCloudAccountSecure(ctx context.Context, accountID st
 	return Unmarshal[*CloudAccountSecure](response.Body)
 }
 
-func (client *Client) GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) {
-	response, err := client.requester.Request(ctx, http.MethodGet, client.trustedCloudIdentityURL(provider), nil)
-	if err != nil {
-		return "", err
-	}
-	defer response.Body.Close()
-
-	if response.StatusCode != http.StatusOK {
-		return "", client.ErrorFromResponse(response)
-	}
-
-	return Unmarshal[string](response.Body)
-}
-
 func (client *Client) cloudAccountsURL(includeExternalID bool) string {
 	if includeExternalID {
 		return fmt.Sprintf(cloudAccountsWithExternalIDPath, client.config.url)
@@ -127,10 +111,6 @@ func (client *Client) cloudAccountURL(accountID string, includeExternalID bool)
 	return fmt.Sprintf(cloudAccountPath, client.config.url, accountID)
 }
 
-func (client *Client) trustedCloudIdentityURL(provider string) string {
-	return fmt.Sprintf(trustedCloudIdentityPath, client.config.url, provider)
-}
-
 func (client *Client) CreateCloudAccountMonitor(ctx context.Context, provider *CloudAccountMonitor) (*CloudAccountMonitor, error) {
 	payload, err := Marshal(provider)
 	if err != nil {

sysdig/internal/client/v2/onboarding.go

@@ -0,0 +1,46 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+const (
+	onboardingTrustedIdentityPath = "%s/api/secure/onboarding/v2/trustedIdentity?provider=%s"
+	onboardingTenantExternaIDPath = "%s/api/secure/onboarding/v2/externalID"
+)
+
+type OnboardingSecureInterface interface {
+	Base
+	GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error)
+	GetTenantExternalIDSecure(ctx context.Context) (string, error)
+}
+
+func (client *Client) GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTrustedIdentityPath, client.config.url, provider), nil)
+	if err != nil {
+		return "", err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return "", client.ErrorFromResponse(response)
+	}
+
+	return Unmarshal[string](response.Body)
+}
+
+func (client *Client) GetTenantExternalIDSecure(ctx context.Context) (string, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTenantExternaIDPath, client.config.url), nil)
+	if err != nil {
+		return "", err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return "", client.ErrorFromResponse(response)
+	}
+
+	return Unmarshal[string](response.Body)
+}

sysdig/internal/client/v2/sysdig.go

@@ -48,6 +48,7 @@ type SysdigSecure interface {
 	OrganizationSecureInterface
 	CloudauthAccountComponentSecureInterface
 	CloudauthAccountFeatureSecureInterface
+	OnboardingSecureInterface
 }
 
 func (sr *SysdigRequest) Request(ctx context.Context, method string, url string, payload io.Reader) (*http.Response, error) {

sysdig/provider.go

@@ -195,6 +195,7 @@ func (p *SysdigProvider) Provider() *schema.Provider {
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_trusted_cloud_identity":                        dataSourceSysdigSecureTrustedCloudIdentity(),
+			"sysdig_secure_tenant_external_id":                            dataSourceSysdigSecureTenantExternalID(),
 			"sysdig_secure_notification_channel":                          dataSourceSysdigSecureNotificationChannel(),
 			"sysdig_secure_notification_channel_pagerduty":                dataSourceSysdigSecureNotificationChannelPagerduty(),
 			"sysdig_secure_notification_channel_email":                    dataSourceSysdigSecureNotificationChannelEmail(),

sysdig/resource_sysdig_monitor_alert_downtime.go

@@ -158,7 +158,7 @@ func downtimeAlertToResourceData(alert *v2.Alert, data *schema.ResourceData) (er
 	}
 
 	var trigger_after_pct float64
-	fmt.Sscanf(alert.Condition, "avg(timeAvg(uptime)) <= %f", &trigger_after_pct)
+	_, _ = fmt.Sscanf(alert.Condition, "avg(timeAvg(uptime)) <= %f", &trigger_after_pct)
 	trigger_after_pct = (1 - trigger_after_pct) * 100
 
 	_ = data.Set("trigger_after_pct", int(trigger_after_pct))

website/docs/d/secure_tenant_external_id.md

@@ -0,0 +1,28 @@
+---
+subcategory: "Sysdig Secure"
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_tenant_external_id"
+description: |-
+  Retrieves information about the Sysdig Secure Tenant External ID
+---
+
+# Data Source: sysdig_secure_tenant_external_id
+
+Retrieves information about the Sysdig Secure Tenant External ID
+
+-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository.
+
+## Example Usage
+
+```terraform
+data "sysdig_secure_tenant_external_id" "external_id" {}
+```
+
+## Argument Reference
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `external_id` - String identifier for external id value
+