handle unknown values for rules (#60)

Author: ffalor

internal/fim/rule_group.go

@@ -11,7 +11,9 @@ import (
 	"github.com/crowdstrike/gofalcon/falcon/client/filevantage"
 	"github.com/crowdstrike/gofalcon/falcon/models"
 	"github.com/crowdstrike/terraform-provider-crowdstrike/internal/scopes"
+	"github.com/crowdstrike/terraform-provider-crowdstrike/internal/utils"
 	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
@@ -56,7 +58,7 @@ type filevantageRuleGroupResourceModel struct {
 	Name        types.String `tfsdk:"name"`
 	Type        types.String `tfsdk:"type"`
 	Description types.String `tfsdk:"description"`
-	Rules       []*fimRule   `tfsdk:"rules"`
+	Rules       types.List   `tfsdk:"rules"`
 	LastUpdated types.String `tfsdk:"last_updated"`
 }
 
@@ -102,6 +104,47 @@ type fimRule struct {
 	WatchDeleteValueChanges    types.Bool `tfsdk:"watch_key_value_delete_changes"`
 }
 
+func (f fimRule) attrTypes() map[string]attr.Type {
+	return map[string]attr.Type{
+		"id":                types.StringType,
+		"description":       types.StringType,
+		"precedence":        types.Int64Type,
+		"path":              types.StringType,
+		"severity":          types.StringType,
+		"depth":             types.StringType,
+		"include":           types.StringType,
+		"exclude":           types.StringType,
+		"include_users":     types.StringType,
+		"include_processes": types.StringType,
+		"exclude_users":     types.StringType,
+		"exclude_processes": types.StringType,
+		"file_names": types.ListType{
+			ElemType: types.StringType,
+		},
+		"registry_values": types.ListType{
+			ElemType: types.StringType,
+		},
+		"enable_content_capture":             types.BoolType,
+		"watch_directory_delete_changes":     types.BoolType,
+		"watch_directory_create_changes":     types.BoolType,
+		"watch_directory_rename_changes":     types.BoolType,
+		"watch_directory_attribute_changes":  types.BoolType,
+		"watch_directory_permission_changes": types.BoolType,
+		"watch_file_rename_changes":          types.BoolType,
+		"watch_file_write_changes":           types.BoolType,
+		"watch_file_create_changes":          types.BoolType,
+		"watch_file_delete_changes":          types.BoolType,
+		"watch_file_attribute_changes":       types.BoolType,
+		"watch_file_permission_changes":      types.BoolType,
+		"watch_key_create_changes":           types.BoolType,
+		"watch_key_delete_changes":           types.BoolType,
+		"watch_key_rename_changes":           types.BoolType,
+		"watch_key_permissions_changes":      types.BoolType,
+		"watch_key_value_set_changes":        types.BoolType,
+		"watch_key_value_delete_changes":     types.BoolType,
+	}
+}
+
 // Configure adds the provider configured client to the resource.
 func (r *filevantageRuleGroupResource) Configure(
 	ctx context.Context,
@@ -493,8 +536,13 @@ func (r *filevantageRuleGroupResource) Create(
 		return
 	}
 
+	rules := utils.ListTypeAs[*fimRule](ctx, plan.Rules, &resp.Diagnostics)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
 	resp.Diagnostics.Append(
-		r.syncRules(ctx, rgType, plan.Rules, []*fimRule{}, plan.ID.ValueString())...)
+		r.syncRules(ctx, rgType, rules, []*fimRule{}, plan.ID.ValueString())...)
 	if resp.Diagnostics.HasError() {
 		return
 	}
@@ -510,7 +558,16 @@ func (r *filevantageRuleGroupResource) Create(
 	}
 
 	if len(rules) > 0 {
-		plan.Rules = rules
+		ruleList, diags := types.ListValueFrom(
+			ctx,
+			types.ObjectType{AttrTypes: fimRule{}.attrTypes()},
+			rules,
+		)
+		resp.Diagnostics.Append(diags...)
+		if resp.Diagnostics.HasError() {
+			return
+		}
+		plan.Rules = ruleList
 	}
 
 	resp.Diagnostics.Append(resp.State.Set(ctx, plan)...)
@@ -547,7 +604,6 @@ func (r *filevantageRuleGroupResource) Read(
 	}
 
 	assignRuleGroup(res, &state)
-	state.LastUpdated = types.StringValue(time.Now().Format(time.RFC850))
 
 	rules, diags := r.getRules(
 		ctx,
@@ -560,7 +616,17 @@ func (r *filevantageRuleGroupResource) Read(
 	}
 
 	if len(rules) > 0 {
-		state.Rules = rules
+		ruleList, diags := types.ListValueFrom(
+			ctx,
+			types.ObjectType{AttrTypes: fimRule{}.attrTypes()},
+			&rules,
+		)
+
+		resp.Diagnostics.Append(diags...)
+		if resp.Diagnostics.HasError() {
+			return
+		}
+		state.Rules = ruleList
 	}
 
 	// Set refreshed state
@@ -615,12 +681,19 @@ func (r *filevantageRuleGroupResource) Update(
 	assignRuleGroup(res, &plan)
 	plan.LastUpdated = types.StringValue(time.Now().Format(time.RFC850))
 
+	planRules := utils.ListTypeAs[*fimRule](ctx, plan.Rules, &resp.Diagnostics)
+	stateRules := utils.ListTypeAs[*fimRule](ctx, state.Rules, &resp.Diagnostics)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
 	resp.Diagnostics.Append(
 		r.syncRules(
 			ctx,
 			plan.Type.ValueString(),
-			plan.Rules,
-			state.Rules,
+			planRules,
+			stateRules,
 			plan.ID.ValueString(),
 		)...)
 	if resp.Diagnostics.HasError() {
@@ -638,7 +711,16 @@ func (r *filevantageRuleGroupResource) Update(
 	}
 
 	if len(rules) > 0 {
-		plan.Rules = rules
+		ruleList, diags := types.ListValueFrom(
+			ctx,
+			types.ObjectType{AttrTypes: fimRule{}.attrTypes()},
+			rules,
+		)
+		resp.Diagnostics.Append(diags...)
+		if resp.Diagnostics.HasError() {
+			return
+		}
+		plan.Rules = ruleList
 	}
 
 	resp.Diagnostics.Append(
@@ -710,7 +792,13 @@ func (r *filevantageRuleGroupResource) ValidateConfig(
 		return
 	}
 
-	for i, rule := range config.Rules {
+	rules := utils.ListTypeAs[*fimRule](ctx, config.Rules, &resp.Diagnostics)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	for i, rule := range rules {
 		rPath := path.Root("rules").AtListIndex(i)
 
 		if rgType == LinuxFiles || rgType == MacFiles || rgType == WindowsFiles {
@@ -1060,15 +1148,6 @@ func (r *filevantageRuleGroupResource) syncRules(
 		}
 	}
 
-	// panic(
-	// 	fmt.Sprintf(
-	// 		"rulesToCreate: %v rulesToDelete %v rulesToUpdate %v",
-	// 		rulesToCreate,
-	// 		rulesToDelete,
-	// 		rulesToUpdate,
-	// 	),
-	// )
-
 	diags.Append(r.createRules(ctx, ruleGroupType, rulesToCreate, ruleGroupID)...)
 	diags.Append(r.updateRules(ctx, ruleGroupType, rulesToUpdate, ruleGroupID)...)
 	diags.Append(r.deleteRules(ctx, rulesToDelete, ruleGroupID)...)

internal/fim/rule_group_test.go

@@ -9,16 +9,49 @@ import (
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 )
 
-func testAccFilevantageRuleGroup_basic(t *testing.T, rgType string) resource.TestCase {
+func testAccFilevantageRuleGroup_basic(
+	t *testing.T,
+	rgType string,
+	paths []string,
+) resource.TestCase {
 	rName := sdkacctest.RandomWithPrefix("tf-acceptance-test")
 	rDescription := sdkacctest.RandString(20)
 	config := acctest.ProviderConfig + fmt.Sprintf(`
+variable "base_rule" {
+  type = list(object({
+    name = string
+    path = string
+  }))
+  default = [
+    {
+      name = "Path A"
+      path = "%s"
+    },
+    {
+      name = "Path B"
+      path = "%s"
+    }
+  ]
+}
+
+
 resource "crowdstrike_filevantage_rule_group" "test" {
   name        = "%s"
   type        = "%s"
   description = "%s"
+  rules = [
+    for i in var.base_rule :
+    {
+      description                        = "Monitoring ${i.name}"
+      path                               = i.path
+      severity                           = "High"
+      depth                              = "ANY"
+      exclude                            = ""
+    }
+  ]
+
 }
-`, rName, rgType, rDescription)
+`, paths[0], paths[1], rName, rgType, rDescription)
 
 	resourceName := "crowdstrike_filevantage_rule_group.test"
 
@@ -47,17 +80,40 @@ resource "crowdstrike_filevantage_rule_group" "test" {
 }
 
 func TestAccFilevantageRuleGroupResourceWindowsFiles(t *testing.T) {
-	resource.ParallelTest(t, testAccFilevantageRuleGroup_basic(t, "WindowsFiles"))
+	resource.ParallelTest(
+		t,
+		testAccFilevantageRuleGroup_basic(
+			t,
+			"WindowsFiles",
+			[]string{"c:\\\\windows\\\\", "c:\\\\program files\\\\"},
+		),
+	)
 }
 
 func TestAccFilevantageRuleGroupResourceWindowsRegistry(t *testing.T) {
-	resource.ParallelTest(t, testAccFilevantageRuleGroup_basic(t, "WindowsRegistry"))
+	resource.ParallelTest(
+		t,
+		testAccFilevantageRuleGroup_basic(
+			t,
+			"WindowsRegistry",
+			[]string{
+				"HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows NT\\\\",
+				"HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\",
+			},
+		),
+	)
 }
 
 func TestAccFilevantageRuleGroupResourceLinuxFiles(t *testing.T) {
-	resource.ParallelTest(t, testAccFilevantageRuleGroup_basic(t, "LinuxFiles"))
+	resource.ParallelTest(
+		t,
+		testAccFilevantageRuleGroup_basic(t, "LinuxFiles", []string{"/etc/", "/var/"}),
+	)
 }
 
 func TestAccFilevantageRuleGroupResourceMacFiles(t *testing.T) {
-	resource.ParallelTest(t, testAccFilevantageRuleGroup_basic(t, "MacFiles"))
+	resource.ParallelTest(
+		t,
+		testAccFilevantageRuleGroup_basic(t, "MacFiles", []string{"/etc/", "/var/"}),
+	)
 }

internal/utils/schema.go

@@ -0,0 +1,8 @@
+package utils
+
+import "github.com/hashicorp/terraform-plugin-framework/attr"
+
+// IsKnown returns true if an attribute value is known and not null.
+func IsKnown(value attr.Value) bool {
+	return !value.IsNull() && !value.IsUnknown()
+}

internal/utils/utils.go

@@ -103,3 +103,19 @@ func ListIDsToModify(
 
 	return
 }
+
+// ListTypeAs converts a types.List into a known []T.
+func ListTypeAs[T any](
+	ctx context.Context,
+	list types.List,
+	diags *diag.Diagnostics,
+) []T {
+	if !IsKnown(list) {
+		return nil
+	}
+
+	var elements []T
+
+	diags.Append(list.ElementsAs(ctx, &elements, false)...)
+	return elements
+}