feat(onboarding): add datasource sysdig_secure_trusted_azure_app (#519)

* feat(onboarding): add datasource sysdig_secure_trusted_azure_app

* docs(onboarding): add sysdig_secure_trusted_azure_app

* fix(onboarding): docs spelling

Author: cgeers

sysdig/data_source_sysdig_secure_onboarding.go

@@ -2,6 +2,8 @@ package sysdig
 
 import (
 	"context"
+	"fmt"
+	"regexp"
 	"strings"
 	"time"
 
@@ -94,6 +96,62 @@ func dataSourceSysdigSecureTrustedCloudIdentityRead(ctx context.Context, d *sche
 	return nil
 }
 
+func dataSourceSysdigSecureTrustedAzureApp() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigSecureTrustedAzureAppRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringInSlice([]string{"config_posture", "onboarding", "threat_detection"}, false),
+			},
+			"tenant_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"application_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"service_principal_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+// Retrieves the information of a resource form the file and loads it in Terraform
+func dataSourceSysdigSecureTrustedAzureAppRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, err := getSecureOnboardingClient(meta.(SysdigClients))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	app := d.Get("name").(string)
+	registration, err := client.GetTrustedAzureAppSecure(ctx, app)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.SetId(app)
+	for k, v := range registration {
+		fmt.Printf("%s, %s\n", k, snakeCase(k))
+		err = d.Set(snakeCase(k), v)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
+	return nil
+}
+
 func dataSourceSysdigSecureTenantExternalID() *schema.Resource {
 	timeout := 5 * time.Minute
 
@@ -223,3 +281,12 @@ func dataSourceSysdigSecureAgentlessScanningAssetsRead(ctx context.Context, d *s
 	}
 	return nil
 }
+
+var matchFirstCap = regexp.MustCompile("(.)([A-Z][a-z]+)")
+var matchAllCap = regexp.MustCompile("([a-z0-9])([A-Z])")
+
+func snakeCase(str string) string {
+	snake := matchFirstCap.ReplaceAllString(str, "${1}_${2}")
+	snake = matchAllCap.ReplaceAllString(snake, "${1}_${2}")
+	return strings.ToLower(snake)
+}

sysdig/data_source_sysdig_secure_onboarding_test.go

@@ -4,6 +4,7 @@ package sysdig_test
 
 import (
 	"os"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -26,40 +27,79 @@ func TestAccTrustedCloudIdentityDataSource(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: trustedIdentityDatasourceAWS(),
+				Config: `data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {	cloud_provider = "aws" }`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_trusted_cloud_identity.trusted_identity", "cloud_provider", "aws"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_cloud_identity.trusted_identity", "aws_account_id"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_cloud_identity.trusted_identity", "aws_role_name"),
+				),
 			},
 			{
-				Config: trustedIdentityDatasourceGCP(),
+				Config: `data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {	cloud_provider = "gcp" }`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_trusted_cloud_identity.trusted_identity", "cloud_provider", "gcp"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_cloud_identity.trusted_identity", "aws_account_id"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_cloud_identity.trusted_identity", "aws_role_name"),
+				),
 			},
 			{
-				Config: trustedIdentityDatasourceAzure(),
+				Config: `data "sysdig_secure_trusted_cloud_identity" "trusted_identity" { cloud_provider = "azure" }`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_trusted_cloud_identity.trusted_identity", "cloud_provider", "azure"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_cloud_identity.trusted_identity", "azure_tenant_id"),
+					resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_cloud_identity.trusted_identity", "azure_service_principal_id"),
+				),
 			},
 		},
 	})
 }
 
-func trustedIdentityDatasourceAWS() string {
-	return `
-data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
-	cloud_provider = "aws"
-}
-`
-}
-
-func trustedIdentityDatasourceGCP() string {
-	return `
-data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
-	cloud_provider = "gcp"
-}
-`
-}
-
-func trustedIdentityDatasourceAzure() string {
-	return `
-data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
-	cloud_provider = "azure"
-}
-`
+func TestAccTrustedAzureAppDataSource(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config:      `data "sysdig_secure_trusted_azure_app" "config_posture" {	name = "invalid" }`,
+				ExpectError: regexp.MustCompile(`.*expected name to be one of.*`),
+			},
+			{
+				Config: `data "sysdig_secure_trusted_azure_app" "config_posture" {	name = "config_posture" }`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_trusted_azure_app.config_posture", "name", "config_posture"),
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_azure_app.config_posture", "application_id"), // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_azure_app.config_posture", "tenant_id"), // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_azure_app.config_posture", "service_principal_id"), // uncomment to assert a non empty value
+				),
+			},
+			{
+				Config: `data "sysdig_secure_trusted_azure_app" "onboarding" {	name = "onboarding" }`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_trusted_azure_app.onboarding", "name", "onboarding"),
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_azure_app.onboarding", "application_id"), // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_azure_app.onboarding", "tenant_id"), // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_azure_app.onboarding", "service_principal_id"), // uncomment to assert a non empty value
+				),
+			},
+			{
+				Config: `data "sysdig_secure_trusted_azure_app" "threat_detection" { name = "threat_detection" }`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_trusted_azure_app.threat_detection", "name", "threat_detection"),
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_azure_app.threat_detection", "application_id"), // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_azure_app.threat_detection", "tenant_id"), // uncomment to assert a non empty value
+					// resource.TestCheckResourceAttrSet("data.sysdig_secure_trusted_azure_app.threat_detection", "service_principal_id"), // uncomment to assert a non empty value
+				),
+			},
+		},
+	})
 }
 
 func TestAccTenantExternalIDDataSource(t *testing.T) {

sysdig/internal/client/v2/onboarding.go

@@ -8,15 +8,17 @@ import (
 
 const (
 	onboardingTrustedIdentityPath         = "%s/api/secure/onboarding/v2/trustedIdentity?provider=%s"
+	onboardingTrustedAzureAppPath         = "%s/api/secure/onboarding/v2/trustedAzureApp?app=%s"
 	onboardingTenantExternaIDPath         = "%s/api/secure/onboarding/v2/externalID"
 	onboardingAgentlessScanningAssetsPath = "%s/api/secure/onboarding/v2/agentlessScanningAssets"
 )
 
 type OnboardingSecureInterface interface {
 	Base
 	GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error)
+	GetTrustedAzureAppSecure(ctx context.Context, app string) (map[string]string, error)
 	GetTenantExternalIDSecure(ctx context.Context) (string, error)
-	GetAgentlessScanningAssetsSecure(ctx context.Context) (map[string]interface{}, error)
+	GetAgentlessScanningAssetsSecure(ctx context.Context) (map[string]any, error)
 }
 
 func (client *Client) GetTrustedCloudIdentitySecure(ctx context.Context, provider string) (string, error) {
@@ -33,6 +35,20 @@ func (client *Client) GetTrustedCloudIdentitySecure(ctx context.Context, provide
 	return Unmarshal[string](response.Body)
 }
 
+func (client *Client) GetTrustedAzureAppSecure(ctx context.Context, app string) (map[string]string, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTrustedAzureAppPath, client.config.url, app), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return nil, client.ErrorFromResponse(response)
+	}
+
+	return Unmarshal[map[string]string](response.Body)
+}
+
 func (client *Client) GetTenantExternalIDSecure(ctx context.Context) (string, error) {
 	response, err := client.requester.Request(ctx, http.MethodGet, fmt.Sprintf(onboardingTenantExternaIDPath, client.config.url), nil)
 	if err != nil {

sysdig/provider.go

@@ -195,6 +195,7 @@ func (p *SysdigProvider) Provider() *schema.Provider {
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_agentless_scanning_assets":                     dataSourceSysdigSecureAgentlessScanningAssets(),
+			"sysdig_secure_trusted_azure_app":                             dataSourceSysdigSecureTrustedAzureApp(),
 			"sysdig_secure_trusted_cloud_identity":                        dataSourceSysdigSecureTrustedCloudIdentity(),
 			"sysdig_secure_tenant_external_id":                            dataSourceSysdigSecureTenantExternalID(),
 			"sysdig_secure_notification_channel":                          dataSourceSysdigSecureNotificationChannel(),

website/docs/d/secure_trusted_azure_app.md

@@ -0,0 +1,37 @@
+---
+subcategory: "Sysdig Secure"
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_trusted_azure_app"
+description: |-
+  Retrieves information about the Sysdig Secure Trusted Azure App
+---
+
+# Data Source: sysdig_secure_trusted_azure_app
+
+Retrieves information about the Sysdig Secure Trusted Azure App
+
+-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository.
+
+## Example Usage
+
+```terraform
+data "sysdig_secure_trusted_azure_app" "onboarding" {
+	name = "onboarding"
+}
+```
+
+## Argument Reference
+
+* `name` - (Required) Sysdig's Azure App name urrently supported applications are `config_posture`, `onboarding` and `threat_detection` 
+
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `tenant_id` - The application's associated tenant identifer
+
+* `application_id` - The application's identifier
+
+* `service_principal_id` - The application's associated service principal identifier.
+