Skip to content

Commit 86affe3

Browse files
ombellareombellare
committed
Address review comments
1 parent 435c47d commit 86affe3

File tree

2 files changed

+109
-8
lines changed

2 files changed

+109
-8
lines changed

sysdig/data_source_sysdig_secure_drift_policy_test.go

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,12 @@ func TestAccDriftPolicyDataSource(t *testing.T) {
3232
{
3333
Config: driftPolicyDataSource(rText),
3434
},
35+
{
36+
Config: driftPolicyWithUseRegexDataSource(rText),
37+
},
38+
{
39+
Config: driftPolicyWithProcessExceptionsDataSource(rText),
40+
},
3541
},
3642
})
3743
}
@@ -44,6 +50,39 @@ resource "sysdig_secure_drift_policy" "policy_1" {
4450
enabled = true
4551
severity = 4
4652
53+
rule {
54+
description = "Test Drift Rule Description"
55+
enabled = true
56+
57+
exceptions {
58+
items = ["/usr/bin/sh"]
59+
}
60+
prohibited_binaries {
61+
items = ["/usr/bin/curl"]
62+
}
63+
}
64+
65+
actions {
66+
prevent_drift = true
67+
}
68+
69+
}
70+
71+
data "sysdig_secure_drift_policy" "policy_2" {
72+
name = sysdig_secure_drift_policy.policy_1.name
73+
depends_on = [sysdig_secure_drift_policy.policy_1]
74+
}
75+
`, name, name)
76+
}
77+
78+
func driftPolicyWithUseRegexDataSource(name string) string {
79+
return fmt.Sprintf(`
80+
resource "sysdig_secure_drift_policy" "policy_1" {
81+
name = "Test Drift Policy %s"
82+
description = "Test Drift Policy Description %s"
83+
enabled = true
84+
severity = 4
85+
4786
rule {
4887
description = "Test Drift Rule Description"
4988
enabled = true
@@ -76,3 +115,37 @@ data "sysdig_secure_drift_policy" "policy_2" {
76115
}
77116
`, name, name)
78117
}
118+
119+
func driftPolicyWithProcessExceptionsDataSource(name string) string {
120+
return fmt.Sprintf(`
121+
resource "sysdig_secure_drift_policy" "policy_1" {
122+
name = "Test Drift Policy %s"
123+
description = "Test Drift Policy Description %s"
124+
enabled = true
125+
severity = 4
126+
127+
rule {
128+
description = "Test Drift Rule Description"
129+
enabled = true
130+
mounted_volume_drift_enabled = true
131+
132+
process_based_exceptions {
133+
items = ["/usr/bin/curl"]
134+
}
135+
process_based_prohibited_binaries {
136+
items = ["/usr/bin/sh"]
137+
}
138+
}
139+
140+
actions {
141+
prevent_drift = true
142+
}
143+
144+
}
145+
146+
data "sysdig_secure_drift_policy" "policy_2" {
147+
name = sysdig_secure_drift_policy.policy_1.name
148+
depends_on = [sysdig_secure_drift_policy.policy_1]
149+
}
150+
`, name, name)
151+
}

sysdig/resource_sysdig_secure_drift_policy_test.go

Lines changed: 36 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,9 @@ func TestAccDriftPolicy(t *testing.T) {
4242
{
4343
Config: driftPolicyWithMountedVolumeDriftEnabled(rText()),
4444
},
45+
{
46+
Config: driftPolicyWithProcessBasedAndRegexEnabled(rText()),
47+
},
4548
},
4649
})
4750
}
@@ -67,6 +70,9 @@ resource "sysdig_secure_drift_policy" "sample" {
6770
prohibited_binaries {
6871
items = ["/usr/bin/curl"]
6972
}
73+
process_based_exceptions {
74+
items = ["/usr/bin/curl"]
75+
}
7076
}
7177
7278
actions {
@@ -93,7 +99,6 @@ resource "sysdig_secure_drift_policy" "sample" {
9399
description = "Test Drift Rule Description"
94100
95101
enabled = true
96-
use_regex = true
97102
98103
exceptions {
99104
items = ["/usr/bin/sh"]
@@ -103,9 +108,6 @@ resource "sysdig_secure_drift_policy" "sample" {
103108
}
104109
process_based_exceptions {
105110
items = ["/usr/bin/curl"]
106-
}
107-
process_based_prohibited_binaries {
108-
items = ["/usr/bin/sh"]
109111
}
110112
}
111113
@@ -139,7 +141,6 @@ resource "sysdig_secure_drift_policy" "sample" {
139141
description = "Test Drift Rule Description"
140142
141143
enabled = true
142-
use_regex = true
143144
144145
exceptions {
145146
items = ["/usr/bin/sh"]
@@ -182,9 +183,6 @@ resource "sysdig_secure_drift_policy" "sample" {
182183
process_based_exceptions {
183184
items = ["/usr/bin/curl"]
184185
}
185-
process_based_prohibited_binaries {
186-
items = ["/usr/bin/sh"]
187-
}
188186
}
189187
190188
actions {
@@ -232,10 +230,40 @@ resource "sysdig_secure_drift_policy" "sample" {
232230
233231
rule {
234232
description = "Test Drift Rule Description"
233+
mounted_volume_drift_enabled = true
235234
236235
enabled = true
236+
237+
exceptions {
238+
items = ["/usr/bin/sh"]
239+
}
240+
prohibited_binaries {
241+
items = ["/usr/bin/curl"]
242+
}
243+
process_based_exceptions {
244+
items = ["/usr/bin/curl"]
245+
}
246+
}
247+
}
248+
`, name)
249+
}
250+
251+
func driftPolicyWithProcessBasedAndRegexEnabled(name string) string {
252+
return fmt.Sprintf(`
253+
resource "sysdig_secure_drift_policy" "sample" {
254+
255+
name = "Test Drift Policy %s"
256+
description = "Test Drift Policy Description"
257+
enabled = true
258+
severity = 4
259+
260+
rule {
261+
description = "Test Drift Rule Description"
237262
mounted_volume_drift_enabled = true
238263
264+
enabled = true
265+
use_regex = true
266+
239267
exceptions {
240268
items = ["/usr/bin/sh"]
241269
}

0 commit comments

Comments
 (0)