sysdiglabs / terraform-provider-sysdig Goto Github PK

View Code? Open in Web Editor NEW

47.0 40.0 48.0 2.65 MB

Sysdig Terraform provider. Allow to handle Sysdig Secure policies as code.

Home Page: https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs

License: Mozilla Public License 2.0

Makefile 0.33% Go 99.48% Shell 0.18% Dockerfile 0.02%

sysdig-platform terraform terraform-provider sysdig-secure sysdig-monitor

terraform-provider-sysdig's Introduction

Terraform Provider for Sysdig

Requirements

Terraform > 0.12.x
Go > Go version specified in go.mod
- Correctly setup a GOPATH, as well as adding $GOPATH/bin to your $PATH.

Develop

First clone source repository to: $GOPATH/src/github.com/draios/terraform-provider-sysdig

$ git clone [email protected]:draios/terraform-provider-sysdig
$ cd terraform-provider-sysdig
$ make build

If you're a rookie, check Official Terraform Provider development guides

Creating new resource / data sources

TL;DR;

Create the resource/data source item
Add the created item into the provider.go resource or datasource map with its wiring
With its acceptance test
Add its documentation page on ./website/docs/

Compile

To compile the provider, run make build. This will build the provider and put the provider binary in the $GOPATH/bin directory.

$ make build
$ $GOPATH/bin/terraform-provider-sysdig

Tests

In order to test the provider, you can simply run make test to run unit-tests. For acceptance tests, you can run make testacc, but note that

Sysdig Montir and/or Secure credentials are required, check /.envrc.template
acceptance tests rely on the creation of real infrastructure, you should execute them in an environment where you can remove the resources easily.

If you're a rookie, check Terraform acceptance test guidelines

Install (local)

To use the local provider you just built, follow the instructions to install it as a plugin. in your machine with:

$ make install

That will add the provider to the terraform plugins dir. Then just set source and version values appropriately:

provider "aws" {
  region = my_region
}

terraform {
  required_providers {
    sysdig = {
      source = "local/sysdiglabs/sysdig"
      version = "~> 1.0.0"
    }
  }
}

To uninstall the plugin:

$ make uninstall

Proposing PR's

if it's your first time, validate you're taking into account every aspect of the ./github/pull_request_template
on pull-requests some validations are enforced.
- Defined in /.pre-commit-config.yaml
- You can work on this before even pushing to remote, using pre-commit plugin
for the PR title use conventional commit format so when the branch is squashed to main branch it follows a convention
acceptance tests are launched in Sysdig production +kubelab test environment

Release

To create a new release, create and push a new tag, and it will be released following /. github/workflows/release.yml.

Before releasing check the diff between previous tag and master branch, to spot major changes
For tag, use semver
Review Released Draft Note, and make it as clear as possible.
Notify Sysdig teams on our internal #release-announcements slack channel and optionally in #terraform-provider

Mange takk!

terraform-provider-sysdig's People

Contributors

Stargazers

Watchers

terraform-provider-sysdig's Issues

Add Notification Channel data source

Data Sources allow other resources to be created by referencing them.
We could improve the provider by adding Data Sources for Notification Channels so their IDs are easily referenced by Alerts and Policies.

Crash: Importing a Dashboard with unsupported panel types crashes the provider

When a dashboard is being imported but contains panels which are not supported, the provider crashes with a panic.

2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: panic: unreachable code
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: goroutine 57 [running]:
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: github.com/draios/terraform-provider-sysdig/sysdig.dashboardToResourceData(0xc00000a1e0, 0xc0002f0d00, 0xc000612ae0, 0x2e662)
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_dashboard.go:329 +0xd3b
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: github.com/draios/terraform-provider-sysdig/sysdig.resourceSysdigDashboardRead(0x19ed100, 0xc000612ae0, 0xc0002f0d00, 0x17f0700, 0xc0001ea380, 0xc00051af80, 0xc0003f78f0, 0x100c9b8)
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_dashboard.go:179 +0x1c6
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc0002e1c80, 0x19ed080, 0xc00052a400, 0xc0002f0d00, 0x17f0700, 0xc0001ea380, 0x0, 0x0, 0x0)
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:297 +0x1ec
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc0002e1c80, 0x19ed080, 0xc00052a400, 0xc0001f05b0, 0x17f0700, 0xc0001ea380, 0xc00000e2b0, 0x0, 0x0, 0x0)
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:564 +0x1c2
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0xc0002c0220, 0x19ed080, 0xc00052a400, 0xc00052a440, 0xc00052a400, 0x1853ea0, 0x1881fa0)
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:575 +0x42f
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: github.com/hashicorp/terraform-plugin-go/tfprotov5/server.(*server).ReadResource(0xc00068d820, 0x19ed080, 0xc00052a400, 0xc000612660, 0xc00068d820, 0xc000096390, 0xc000619ba0)
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	github.com/hashicorp/[email protected]/tfprotov5/server/server.go:297 +0x101
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler(0x1881fa0, 0xc00068d820, 0x19ed140, 0xc000096390, 0xc000612600, 0x0, 0x19ed140, 0xc000096390, 0xc0003aa280, 0x123)
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:344 +0x217
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: google.golang.org/grpc.(*Server).processUnaryRPC(0xc0002de1c0, 0x19f6520, 0xc00050ac00, 0xc0001cc200, 0xc000690510, 0x1f3c550, 0x0, 0x0, 0x0)
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	google.golang.org/[email protected]/server.go:1210 +0x50a
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: google.golang.org/grpc.(*Server).handleStream(0xc0002de1c0, 0x19f6520, 0xc00050ac00, 0xc0001cc200, 0x0)
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	google.golang.org/[email protected]/server.go:1533 +0xcfd
2021-01-08T08:39:25.803Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc0002b6410, 0xc0002de1c0, 0x19f6520, 0xc00050ac00, 0xc0001cc200)
2021-01-08T08:39:25.804Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	google.golang.org/[email protected]/server.go:871 +0xa1
2021-01-08T08:39:25.804Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: created by google.golang.org/grpc.(*Server).serveStreams.func1
2021-01-08T08:39:25.804Z [DEBUG] plugin.terraform-provider-sysdig_v0.5.8: 	google.golang.org/[email protected]/server.go:869 +0x204

Return error message

Summary

Sysdig terraform provider returns just HTTP status when errors happen. It should include the error message.

For example

As a wrong macro, it must start with 'or' or 'and' but the below example doesn't start with these.

resource "sysdig_secure_macro" "this" {
  name      = "access_log_files"
  condition = "container"
  append    = true
}

When I apply it, terraform returns without error messages like that

$  terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # sysdig_secure_macro.this will be created
  + resource "sysdig_secure_macro" "this" {
      + append    = true
      + condition = "container"
      + id        = (known after apply)
      + name      = "access_log_files"
      + version   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

sysdig_secure_macro.this: Creating...
╷
│ Error: 400 Bad Request
│
│   with sysdig_secure_macro.this,
│   on macro.tf line 1, in resource "sysdig_secure_macro" "this":
│    1: resource "sysdig_secure_macro" "this" {

The API looks return error message via UI.

versions of the example

$  terraform version
Terraform v0.15.1
on darwin_amd64
+ provider registry.terraform.io/sysdiglabs/sysdig v0.5.14

Feature Request: Support more dashboard panel types

Currently we only support advancedTimechart and advancedNumber panel types, but there are some dashboards that contain lines and text so the information is more aesthetic and easy to consume to the user.

Supporting more panel types allows customers to define those as code and import their existing ones.

Related to #72.

Add capture on/off and nothing (notify only) option

This is for the sysdig_secure_policy resource. ✌️

sysdig_monitor_alert_metric crashes when using notification_channels

The 0.2.0 Sysdig provider crashes when using the following Terraform code on macOS Catalina:

$ terraform version
Terraform v0.12.24
+ provider.sysdig v0.2.0

The code:

provider "sysdig" {
  sysdig_secure_api_token  = var.sysdig_api_token
  sysdig_monitor_api_token = var.sysdig_api_token
  version                  = "~> 0.2"
}

resource "sysdig_secure_notification_channel" "pagerduty" {
  enabled              = true
  name                 = "[TEST] PagerDuty integration with Sysdig"
  type                 = "PAGER_DUTY"
  account              = "account"
  service_key          = "XXXXXXXXXX..."
  service_name         = "sysdig"
  notify_when_ok       = true
  notify_when_resolved = true
}

resource "sysdig_monitor_alert_metric" "test_baremetal_buzzsaw_active_batches_high" {
  enabled               = true
  name                  = "[TEST] alert"
  description           = "Alert"
  severity              = 6
  metric                = "sum(min(X)) > 100000"
  scope                 = "kubernetes.cluster.name in (\"foo\")"
  trigger_after_minutes = 20
  notification_channels = [
    sysdig_secure_notification_channel.pagerduty.id,
  ]
  multiple_alerts_by = [
    "kubernetes.cluster.name",
    "group",
  ]
}

It crashes like this:

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

sysdig_monitor_alert_metric.test_baremetal_buzzsaw_active_batches_high: Creating...

Error: rpc error: code = Unavailable desc = transport is closing


panic: interface conversion: interface {} is []interface {}, not []int
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: 
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: goroutine 15 [running]:
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: github.com/draios/terraform-provider-sysdig/sysdig.alertFromResourceData(0xc0000aabd0, 0xc0000ca3d0, 0xc0000ca3e0, 0x1a1ab80)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/Documentos/Sysdig/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_alert_common.go:102 +0x66a
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: github.com/draios/terraform-provider-sysdig/sysdig.metricAlertFromResourceData(0xc0000aabd0, 0xc0005dd1f0, 0x9, 0x252b718)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/Documentos/Sysdig/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_alert_metric.go:108 +0x40
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: github.com/draios/terraform-provider-sysdig/sysdig.resourceSysdigAlertMetricCreate(0xc0000aabd0, 0x19e9b20, 0xc000606400, 0x2, 0x252e600)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/Documentos/Sysdig/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_alert_metric.go:43 +0x7a
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Resource).Apply(0xc000122980, 0xc00008b9f0, 0xc0004572a0, 0x19e9b20, 0xc000606400, 0x1a7f501, 0xc0002bfeb8, 0xc000547ce0)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/go/pkg/mod/github.com/hashicorp/[email protected]/helper/schema/resource.go:305 +0x365
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Provider).Apply(0xc000122d00, 0xc0005dd8e0, 0xc00008b9f0, 0xc0004572a0, 0xc00012b948, 0xc00000e488, 0x1a81240)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/go/pkg/mod/github.com/hashicorp/[email protected]/helper/schema/provider.go:289 +0x99
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).ApplyResourceChange(0xc000118048, 0x1e03860, 0xc000546210, 0xc000081080, 0xc000118048, 0xc000546210, 0xc000096a48)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/go/pkg/mod/github.com/hashicorp/[email protected]/internal/helper/plugin/grpc_provider.go:885 +0x882
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x1b8b480, 0xc000118048, 0x1e03860, 0xc000546210, 0xc000081020, 0x0, 0x1e03860, 0xc000546210, 0xc0000c8c00, 0x3e2)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/go/pkg/mod/github.com/hashicorp/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3189 +0x217
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000ac000, 0x1e0dea0, 0xc000702480, 0xc0000ee500, 0xc0003b9ef0, 0x24f4b80, 0x0, 0x0, 0x0)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/go/pkg/mod/google.golang.org/[email protected]/server.go:995 +0x460
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: google.golang.org/grpc.(*Server).handleStream(0xc0000ac000, 0x1e0dea0, 0xc000702480, 0xc0000ee500, 0x0)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/go/pkg/mod/google.golang.org/[email protected]/server.go:1275 +0xd3d
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc00011c040, 0xc0000ac000, 0x1e0dea0, 0xc000702480, 0xc0000ee500)
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/go/pkg/mod/google.golang.org/[email protected]/server.go:710 +0xa1
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0: created by google.golang.org/grpc.(*Server).serveStreams.func1
2020-04-23T16:50:51.815+0200 [DEBUG] plugin.terraform-provider-sysdig_v0.2.0:   /home/fede/go/pkg/mod/google.golang.org/[email protected]/server.go:708 +0xa1
2020/04/23 16:50:51 [DEBUG] sysdig_monitor_alert_metric.test_baremetal_buzzsaw_active_batches_high: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing
2020/04/23 16:50:51 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
2020/04/23 16:50:51 [TRACE] EvalMaybeTainted: sysdig_monitor_alert_metric.test_baremetal_buzzsaw_active_batches_high encountered an error during creation, so it is now marked as tainted
2020/04/23 16:50:51 [TRACE] <root>: eval: *terraform.EvalWriteState
2020/04/23 16:50:51 [TRACE] EvalWriteState: removing state object for sysdig_monitor_alert_metric.test_baremetal_buzzsaw_active_batches_high
2020/04/23 16:50:51 [TRACE] <root>: eval: *terraform.EvalApplyProvisioners
2020/04/23 16:50:51 [TRACE] EvalApplyProvisioners: sysdig_monitor_alert_metric.test_baremetal_buzzsaw_active_batches_high has no state, so skipping provisioners
2020/04/23 16:50:51 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
2020/04/23 16:50:51 [TRACE] EvalMaybeTainted: sysdig_monitor_alert_metric.test_baremetal_buzzsaw_active_batches_high encountered an error during creation, so it is now marked as tainted
2020/04/23 16:50:51 [TRACE] <root>: eval: *terraform.EvalWriteState
2020/04/23 16:50:51 [TRACE] EvalWriteState: removing state object for sysdig_monitor_alert_metric.test_baremetal_buzzsaw_active_batches_high
2020/04/23 16:50:51 [TRACE] <root>: eval: *terraform.EvalIf
2020/04/23 16:50:51 [TRACE] <root>: eval: *terraform.EvalIf
2020/04/23 16:50:51 [TRACE] <root>: eval: *terraform.EvalWriteDiff
2020/04/23 16:50:51 [TRACE] <root>: eval: *terraform.EvalApplyPost
2020/04/23 16:50:51 [ERROR] <root>: eval: *terraform.EvalApplyPost, err: rpc error: code = Unavailable desc = transport is closing
2020/04/23 16:50:51 [ERROR] <root>: eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2020/04/23 16:50:51 [TRACE] [walkApply] Exiting eval tree: sysdig_monitor_alert_metric.test_baremetal_buzzsaw_active_batches_high
2020-04-23T16:50:51.816+0200 [DEBUG] plugin: plugin process exited: path=/Users/solana/.terraform.d/plugins/terraform-provider-sysdig_v0.2.0 pid=23896 error="exit status 2"
2020/04/23 16:50:51 [TRACE] vertex "sysdig_monitor_alert_metric.test_baremetal_buzzsaw_active_batches_high": visit complete
2020/04/23 16:50:51 [TRACE] dag/walk: upstream of "provider.sysdig (close)" errored, so skipping
2020/04/23 16:50:51 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2020/04/23 16:50:51 [TRACE] dag/walk: upstream of "root" errored, so skipping
2020-04-23T16:50:51.817+0200 [DEBUG] plugin: plugin exited



!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Terraform crashed! This is always indicative of a bug within Terraform.
A crash log has been placed at "crash.log" relative to your current
working directory. It would be immensely helpful if you could please
report the crash with Terraform[1] so that we can fix this.

When reporting bugs, please include your terraform version. That
information is available on the first line of crash.log. You can also
get it by running 'terraform --version' on the command line.

SECURITY WARNING: the "crash.log" file that was created may contain 
sensitive information that must be redacted before it is safe to share 
on the issue tracker.

[1]: https://github.com/hashicorp/terraform/issues

!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
make: *** [apply] Error 1

Resource sysdig_secure_benchmark_task incorrectly disallows kube_bench_cis-1.6.0

Setup:
resource "sysdig_secure_benchmark_task" "k8s" { name = "K8s Benchmark Task" schedule = "00 08 * * *" schema = "kube_bench_cis-1.6.0" scope = "" enabled = true }

Result:
╷ │ Error: expected schema to be one of [aws_foundations_bench-1.3.0 gcp_foundations_bench-1.2.0 azure_foundations_bench-1.3.0], got kube_bench_cis-1.6.0 │ │ with sysdig_secure_benchmark_task.k8s, │ on main.tf line 12, in resource "sysdig_secure_benchmark_task" "k8s": │ 12: schema = "kube_bench_cis-1.6.0" │ ╵

Using TF_LOG=TRACE does not show the HTTP requests to the Sysdig API

TF_LOG is a common way to debug a provider and it allows to see all the information being sent back and forth.
The HTTP requests being sent to the Sysdig API are not appearing in the logs.

Introduce support for Custom Notification

Would be nice to introduce the support for creating an Alert with a customisation to the "Notification Subject & Event Title" (customNotification field)

Example:

resource "sysdig_monitor_alert_event" "sample" {
  name        = "Notification Test[Kubernetes] Failed to pull image"
  description = "Notification Test A Kubernetes pod failed to pull an image from the registry"
  severity    = 4
  event_name  = "Failed to pull image"
  source      = "kubernetes"
  event_rel   = ">"
  event_count = 0
  multiple_alerts_by = ["kubernetes.pod.name"]
  trigger_after_minutes = 1
  customNotification {
    titleTemplate  = "{{__alert_name__}} is {{__alert_status__}} and {{kubernetes.pod.name}}"
    useNewTemplate = true
  }
}

CC: @tembleking

Getting several notification_channels errors

2020/05/01 10:51:43 [WARN] Provider "registry.terraform.io/-/sysdig" produced an invalid plan for sysdig_secure_policy.thezebra_process_whitelist_container, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .notification_channels: planned value cty.SetVal([]cty.Value{cty.NumberIntVal(27675)}) does not match config value cty.SetVal([]cty.Value{cty.NumberIntVal(27675)})

We see this pretty often, let me know if there is any other information we can provide!

Support sharing sysdig monitor dashboards to team

Trying to revive #109. We need to create dashboards from one account that everyone on the team can see and the only supported option is to make dashboards public which is not the desired result. As mentioned in the linked request we currently have a null_resource workaround just to manipulate sharing options of created dashboards but that's fragile.

Using client library outside Terraform

I have interest in utilizing/contributing the secure library beyond the context of Terraform. Couple of questions around that:

Are you open to contributions that do not include terraform resources?
Any intention to extract the library into a separate repository like https://github.com/draios/python-sdc-client?

Add support EventForwarding settings

it's helpful to add Event forwarding to the provider.

Escaping quotes with sysdig_secure_list resource

resource "sysdig_secure_list" "company_trusted_host_processes" {
  name = "company_trusted_host_processes"
  items = [
    "\"12345.dkr.ecr.us-east-1.amazonaws.com/test123\"",
    "\"12345.dkr.ecr.us-east-1.amazonaws.com/test456\""
  ]
}

We have to escape the double-quotes to prevent syntax errors like this one:

 235: syntax error, unexpected 'dkr', expecting ')', ','

Which is fine, just makes it a bit more difficult to read.

Also, how does the sysdig_secure_rule_falco resource know to create the sysdig_secure_list resource before referencing it? For example:

resource "sysdig_secure_rule_falco" "company_container_whitelist" {
  name        = "company_container_whitelist"
  description = "..."
  tags        = local.tags
  condition   = "container and container_started and not container.image.repository in (company_trusted_host_processes)"
  output      = ":fire: Unapproved container launch occured\ncontainer.image.repository=%container.image.repository\nevt.type=%evt.type"
  priority    = "emergency"
  source      = "syscall"
}

I think there might be a race condition here. I don't think I can include the name of the list resource in the condition itself, since we need to evaluate the list in terraform first, and then pass the full condition to the sysdig api (if that makes sense).

We also ran into this exception a few times, but I've been unable to determine the exact reason:

sysdig_secure_list.company_trusted_host_processes: Creating...

Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Canceled desc = context canceled



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Canceled desc = context canceled



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing


Releasing state lock. This may take a few moments...

sysdig_secure_rule_falco.company_attach_exec_pod_known: Still creating... [20s elapsed]
sysdig_secure_rule_falco.company_attach_exec_pod_known: Still creating... [30s elapsed]
sysdig_secure_rule_falco.company_attach_exec_pod_known: Still creating... [40s elapsed]
sysdig_secure_rule_falco.company_attach_exec_pod_known: Still creating... [50s elapsed]

Error: 500 Server Error

  on lists.tf line 35, in resource "sysdig_secure_list" "company_trusted_images":
  35: resource "sysdig_secure_list" "company_trusted_images" {



Error: <html><body><h1>504 Gateway Time-out</h1>
The server didn't respond in time.
</body></html>

Error: The terraform-provider-sysdig_v0.5.27 plugin crashed!

The plugin is crashing due to mishandling of "Unauthorized" when wrong/missing endpoint of Sysdig Platform.

Crash:

terraform {
required_providers {
sysdig = {
source = "sysdiglabs/sysdig"
version = "0.5.27"
}
}
}

provider "sysdig" {
sysdig_monitor_api_token = "xxxxx"
sysdig_secure_api_token = "yyyyyy"

}

resource "sysdig_secure_notification_channel_email" "sample_email" {
name = "Example Channel - Email"
recipients = ["[email protected]", "[email protected]"]
enabled = true
notify_when_ok = false
notify_when_resolved = false
send_test_notification = false
}

Not crashing shows Error: Unauthorized

terraform {
required_providers {
sysdig = {
source = "sysdiglabs/sysdig"
version = "0.5.27"
}
}
}

provider "sysdig" {
sysdig_monitor_api_token = "xxxxx"
sysdig_secure_api_token = "yyyyyy"

}

resource "sysdig_secure_vulnerability_exception_list" "sample" {
name = "Linux vulns"
description = "Linux vulnerabilities exceptions"
}

Envs:

sysdigtf terraform --version
Terraform v1.0.10
on darwin_amd64

provider registry.terraform.io/sysdiglabs/sysdig v0.5.27

The suggestion put the sysdig_monitor_api_token and sysdig_secure_api_token in the examples of the Terraform page (https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs#example-usage) and fix the crash with the same way you handle the API return for resource sysdig_secure_vulnerability_exception_list

Happy to chat about bruno silva in our slack :)

stack trace:

Stack trace from the terraform-provider-sysdig_v0.5.27 plugin:

panic: Invalid diagnostic: empty summary. This is always a bug in the provider implementation

goroutine 35 [running]:
github.com/hashicorp/terraform-plugin-sdk/v2/internal/plugin/convert.DiagsToProto({0xc0004f09c0, 0x1, 0xc0004c3888})
github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/plugin/convert/diagnostics.go:72 +0x2b3
github.com/hashicorp/terraform-plugin-sdk/v2/internal/plugin/convert.AppendProtoDiag({0x0, 0x0, 0x0}, {0x178f680, 0xc000798480})
github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/plugin/convert/diagnostics.go:25 +0x99
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc000296798, {0x1982b78, 0xc00070c100}, 0xc0002140f0)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:978 +0xdcb
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc00028b6c0, {0x1982c20, 0xc0005802a0}, 0x1982b78)
github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:332 +0x6c
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x183b3e0, 0xc00028b6c0}, {0x1982c20, 0xc0005802a0}, 0xc0003c22a0, 0x0)
github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:380 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0002ae700, {0x19906b0, 0xc00036a000}, 0xc000586000, 0xc000459410, 0x1eaef60, 0x0)
google.golang.org/[email protected]/server.go:1279 +0xccf
google.golang.org/grpc.(*Server).handleStream(0xc0002ae700, {0x19906b0, 0xc00036a000}, 0xc000586000, 0x0)
google.golang.org/[email protected]/server.go:1608 +0xa2a
google.golang.org/grpc.(*Server).serveStreams.func1.2()
google.golang.org/[email protected]/server.go:923 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
google.golang.org/[email protected]/server.go:921 +0x294

Add support for imports

$ terraform import sysdig_secure_notification_channel.sysdig_container_whitelist 12345
sysdig_secure_notification_channel.sysdig_container_whitelist: Importing from ID "12345"...

Error: resource sysdig_secure_notification_channel doesn't support import

Add user and team management for Sysdig Secure

Hi, I would like to add user/team management to this terraform provider.
Can I send PR for this feature?
And if It's ok, Could you guys review my Terraform resource design?

Usecases

Companies, which manages user and teams via Terraform like our company, want to manage Sysdig users and teams by this provider.

Resource Design

Users (Sample)

resource "sysdig_users" "sample_users" {
  email      = "[email protected]"
  system_role = "ROLE_CUSTOMER" # Optional, Default = "ROLE_USER"
  first_name = "John"
  last_name  = "Smith"
}

sysdig user is shared with secure and monitor, so resource name is sysdig_users (not sysdig_secure_users)

Teams (Sample)

resource "sysdig_secure_teams" "sample_teams" {
  name        = "sample-team"
  description = "sample"
  scope_by      = "container" # Optional, Default:container
  filter      = "container.id = \"000266b5ebab\" and container.image.digest = \"sha256:724489a791e7ead89e1b44cf7cdbaf34bd04022973b835cfa834c95e1bcc5e10\"" # Optional, Default=""
  use_sysdig_capture = true # Optional, Default:true

  advanced_users = [ # Optional
    "[email protected]"
  ]
  view_only_users = [ # Optional
    sysdig_secure_users.sample_users.email,
  ]
  team_managers = [ # Optional
    "[email protected]"
  ]
  standard_users = [ # Optional
    "[email protected]"
  ]
}

Falco Priority "Informational" does not work

When creating a Falco Rule using Terraform, you should be able to set priority to “informational”. However, the provider does not accept “informational”, only “info”. And because the Sysdig API expects “informational”, that results in Terraform always making changes when running “terraform apply”.

To give an example, every time we run “terraform plan”, we have 17 of the changes below:

(…)

~ resource "sysdig_secure_rule_falco" "rule_system_user_interactive" {

    append      = false

    condition   = "spawned_process and system_users and interactive and not user_known_system_user_login"

    description = "an attempt to run interactive commands by a system (i.e. non-login) user"

    id          = "446"

    name        = "Terraform - System user interactive"

    output      = "System user ran an interactive command (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline container_id=%container.id image=%container.image.repository)"

  ~ priority    = "info" -> "informational"

    source      = "syscall"

    tags        = [

        "NIST_800-53_AU-6(8)",

        "NIST_800-53_AC-6",

        "SOC2_CC6.1",

        "SOC2",

        "users",

        "NIST_800-53_AC-2g",

        "NIST_800-53_AC-17",

        "NIST_800-53_SI-4(24)",

        "NIST_800-53_AU-2",

        "NIST_800-53_SI-7(11)",

        "mitre_remote_access_tools",

        "NIST_800-53_SI-4",

        "NIST_800-53",

        "NIST_800-53_SI-3",

        "NIST_800-53_SI-4(2)",

    ]

    version     = 20

}

Plan: 0 to add, 17 to change, 0 to destroy.

As you can see Terraform wants to change from “info” to “informational” since that’s what the Sysdig API expects (~ priority = "info" -> "informational"). But in the code we’re actually not changing anything. My suggestion would be to update the Sysdig provider to accept “informational” instead of “info”.

terraform-provider-sysdig/sysdig/resource_sysdig_secure_rule_falco.go

Line 44 in fba0462

 ValidateDiagFunc: validateDiagFunc(validation.StringInSlice([]string{"emergency", "alert", "critical", "error", "warning", "notice", "info", "debug"}, false)), 

Error: unsupported panel type basicNumber while importing

Hello Team,
I am trying to import the dashboard using terraform sysdig provider. But facing following error

Error: unsupported panel type basicTimechart
Error: unsupported panel type basicNumber
Error: unsupported panel type basicTable

Kindly help in getting this issue fixed. Thanks in Advance.

Regards,
Siva

Add Falco Rule/Macro/List validation at terraform validation

Writing Falco rules on Terraform file is hard without validation.
It's useful to validate Falco rules before terraform apply/plan by terraform validate.

https://www.terraform.io/docs/extend/schemas/schema-behaviors.html#validatefunc
falcosecurity/falco#322

Add options to skip TLS validation

I'd like TLS validation skip options for on-prem.

Feature Request: Support Vulnerability Exceptions

I would like the ability to manage vulnerability exceptions utilizing Terraform. You can currently utilize this UI page to manage exceptions today.

Can't share dashboards

When creating dashboards we are not able to set any sharing options from what I can tell. This is an issue because we use a functional API key to create our resources. When we create dashboards they're owned by that user but not shared with any other teams so these dashboards are inaccessible.

"Dashboard Templates" not supported as entrypoint.type

I'm trying to configure this with the provider

I wrote

resource "sysdig_monitor_team" "satellite_team" {
  name        = "${var.basename}-monitoring"
  scope_by    = "host"

  can_see_infrastructure_events = true

  entrypoint {
    type = "DashboardTemplates"
    selection = "ibm_satellite_link_overview"
  }

  ...
}

And I got

│ Error: expected entrypoint.0.type to be one of [Explore Dashboards Events Alerts Settings], got DashboardTemplates
│
│   with sysdig_monitor_team.satellite_team,
│   on permissions-observability.tf line 94, in resource "sysdig_monitor_team" "satellite_team":
│   94:     type = "DashboardTemplates"
│
╵

This is SysDig embedded as part of IBM Cloud

Support Secure Registry Credentials

I'd like the provider to support Registry Credentials resources on Secure.

Add Support for Rule Exceptions

It would be great to add support for rule exceptions in the provider.

website update required

https://sysdig.com/blog/sysdig-terraform-provider/

looks like there is no resource sysdig_secure_notification_channel in latest version.
Is it possible to move all the examples to this repo?

[abc@foo 13:05:12 - monitors]$cat main.tf 
terraform {
  required_providers {
    sysdig = {
      source  = "sysdiglabs/sysdig"
    }

  }
}


provider "sysdig" {
  sysdig_monitor_api_token = var.sysdig_api_key
}

resource "sysdig_secure_notification_channel" "devops-email" {
  name                 = "DevOps e-mail"
  enabled              = true
  type                 = "EMAIL"
  recipients           = "[email protected]"
  notify_when_ok       = false
  notify_when_resolved = false
}
[abc@foo 13:05:14 - monitors]$terraform plan

Error: Invalid resource type

  on main.tf line 15, in resource "sysdig_secure_notification_channel" "devops-email":
  15: resource "sysdig_secure_notification_channel" "devops-email" {

The provider provider.sysdig does not support resource type
"sysdig_secure_notification_channel".

Failure to install due to incorrect naming scheme

The URL I'm using to download the plugin: https://github.com/draios/terraform-provider-sysdig/releases/download/v0.2.0/terraform-provider-sysdig-darwin-amd64

The filename should be terraform-provider-sysdig_v0.2.0 instead of terraform-provider-sysdig-darwin-amd64.

Add users data source

Data Sources allow other resources to be created by referencing them.
We could improve the provider by adding Data Sources for users so their IDs are easily referenced by Teams.

Update docs to include that along with the team name being unique - it cannot exist in Monitor as well.

Please update the line "name - (Required) The name of the Secure Team. It must be unique." to state "name - (Required) The name of the Secure Team. It must be unique and not exist on Monitor." It needs to be a little more explicit, as in the case of when a user is using the provider to create a team on Secure, they get the following in the debug, though the team name is NOT in Secure (though it does exist in Monitor):

{"errors":[{"reason":"Invalid request","message":"Team with name 'test-terraform' already exists"}]} 0 : timestamp=2021-04-20T11:11:47.503-0400 2021/04/20 11:11:47 [DEBUG] sysdig_secure_team.terratest: apply errored, but we're indicating that via the Error pointer rather than returning it: 422 Unprocessable Entity 2021/04/20 11:11:47 [ERROR] eval: *terraform.EvalApplyPost, err: 422 Unprocessable Entity 2021/04/20 11:11:47 [ERROR] eval: *terraform.EvalSequence, err: 422 Unprocessable Entity

Add falco list/macro resources

We can create new falco rules, but can't append to the out-of-the-box ones. :)

Falco rule resource shows a priority change even if the resource isn't changed

When using sysdig_secure_rule_falco with priority = informational, terraform plan and apply shows ~ priority = "info" -> "informational" even if that rule doesn't change like here.

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # sysdig_secure_rule_falco.foo will be updated in-place
  ~ resource "sysdig_secure_rule_falco" "foo" {
        append      = false
        condition   = "spawned_process and container and shell_procs and proc.tty != 0 and container_entrypoint"
        description = "this is other example of policy"
        id          = "20958"
        name        = "AOther example of Policy"
        output      = "A shell was spawned in a container with an attached terminal (user=%user.name %container.info shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline terminal=%proc.tty container_id=%container.id image=%container.image.repository)"
      ~ priority    = "info" -> "informational"
        source      = "syscall"
        tags        = [
            "container",
            "shell",
            "mitre_execution",
        ]
        version     = 1
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Dashboard: Prometheus is unable to validate the query when created via the provider

I created a dashboard via the UI in my sysdig instance and it works ...

however when i try to create the same dashboard via terraform it fails to validate:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # sysdig_monitor_dashboard.dashboard will be created
  + resource "sysdig_monitor_dashboard" "dashboard" {
      + description  = "Example Dashboard description"
      + id           = (known after apply)
      + name         = "Example Dashboard"
      + public       = false
      + public_token = (known after apply)
      + version      = (known after apply)

      + panel {
          + description = "description"
          + height      = 6
          + name        = "example panel"
          + pos_x       = 0
          + pos_y       = 0
          + type        = "number"
          + width       = 12

          + query {
              + promql = "avg(avg_over_time(sysdig_host_cpu_used_percent[$__interval]))"
              + unit   = "percent"
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

sysdig_monitor_dashboard.dashboard: Creating...

Error: {"errors":[{"message":"Invalid advanced query: avg(avg_over_time(sysdig_host_cpu_used_percent[$__interval])) (Prometheus is unable to validate the query)"}]}

Add documentation for resource sysdig_user

Currently there's no documentation for the sysdig_user resource. Add it to the website/docs/r folder.

Mapping of API roles to WebUI roles needed

The following was found in https://docs.sysdig.com/en/docs/administration/administration-settings/user-and-team-administration/#integrating-users-and-teams-via-api but should also probably be part of the provider documentation https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/resources/secure_team#user-role-argument-reference or linked by reference to keep it DRY.

Team roles

Advanced user = ROLE_TEAM_EDIT

Standard user = ROLE_TEAM_STANDARD

View-only user = ROLE_TEAM_READ

Team manager = ROLE_TEAM_MANAGER

Service manager (Sysdig Secure only) = ROLE_TEAM_SERVICE_MANAGER

Feature Request: Support policy assignment for images

I would like the ability to manage policy assignment utilizing Terraform. You can currently utilize this UI page to assign policies for images.

Note: I'm not personally concerned with adding support for policy creation since the number of policies we intend to create is quite small compared to the amount of assignments.

Please include a usage license for this repository

Add support for platform metrics

currently platform metrics is available in the ui,

yet is not available in the provider;

terraform-provider-sysdig/sysdig/resource_sysdig_monitor_team.go

Line 52 in 6d8b71a

"can_use_sysdig_capture": {

API Tokens should only be required for the service being used

Hello!

Great job on this provider, thank you!

If feasible, it would be awesome if API Tokens for only the Sysdig services being consumed were required.

For example, in my use case, I am only configuring Sysdig Secure rules and policies but I am still required to provide a value for sysdig_monitor_api_token.

This is not a blocker, as i can set that value to an arbitrary value since it will not be utilized.

Ideally, sysdig_secure_api_token would only be required if actually needed based upon the resources to be created and same for sysdig_monitor_api_token.

sysdig_monitor_alert_metric is missing grouping and scoping to team

Hi,

when creating an Alert with "sysdig_monitor_alert_metric" resource (https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/resources/monitor_alert_metric) it is impossible to group the alert to a metric group and it is also impossible to create the alert in the scope of a team.

We heavily use teams, and we want to group alerts (like "ELK","KAFKA", ...). Alerts should only be visible to a specific team (or teams). The sysdig UI supports Metric Groups, when creating an Alert as a Member of a specific Team in UI it is also created in the scope of the team correctly.

ATM we create alerts with TF, then we need to manually copy the alerts to the target team (as they are exposed to default monitoing group only), and then we need to manually add the "group" in UI to each created alert.

You should consider changing "sysdig_monitor_alert_metric" resource to add a "group" attribute and a "team" attribute.

resource "sysdig_monitor_alert_metric" "elk_high_disk" {
    name = "ELK_PROD_DISK_FULL_WARNING"
    description = "The disk usage is very high."
    group = "ELK"  <<<< metric group
    team   = "TEAMID1"  <<<< metric is created in this teams scope
    severity = 2

    scope = "host.hostName starts with \"shared-${lower(var.stage)}-elk\" AND not fs.device contains \"/dev/loop\""
    metric = "max(avg(fs.used.percent)) > ${var.high_disk_threshold_percent}"
    ...
}

Add support for CIS Benchmark tasks; Custom Selection

We'd like to run kube-bench and linux-bench in some Kubernetes clusters monitored by different Sysdig Secure clusters.
We don't need to run all tests of each benchmark, and so Custom Selection will be suitable.

Actually, the priority is low compared to Image Scanning Policy etc., but we'd be happy if CIS Benchmark settings be supported.

Add provider to Terraform Registry

We are currently transitioning from 0.12 to 0.13, just need this provider to be on the registry:

https://www.hashicorp.com/blog/announcing-hashicorp-terraform-0-13/

Add data sources for sysdig monitor notification channels

It would be really helpful if we could have data sources for sysdig monitoring notification channels. In some of our environments we end up creating and maintaining sysdig monitor instances and their notification channels in one module and alerts get created in several other modules depending on the environment/application/etc.

The current work around is to maintain outputs from one module and use remote data sources elsewhere which is cumbersome, prone to errors and I would not be surprised if Hashicorp stops supporting it down the line.

Fix `rpc error: code = Unavailable desc`

it was mentioned at #29.
When I run terraform apply, frequently, I see the error Error: rpc error: code = Unavailable desc = transport is closing .

I've attached the TF_LOG=debug terraform apply >> neterror.log 2>&1 output.

neterror.log

Add support Image Scanning Policy and the gates

I'd like you to add scanning policy gates
https://docs.sysdig.com/en/scanning-policy-gates-and-triggers.html

Improve the test coverage for some functions

The following number of functions are not currently covered by the tests:

File                                                                                                   Function                                         Coverage
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_alert_anomaly.go:59:		resourceSysdigAlertAnomalyUpdate	               0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_alert_downtime.go:60:	resourceSysdigAlertDowntimeUpdate	               0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_alert_event.go:71:		resourceSysdigAlertEventUpdate		        0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_alert_group_outlier.go:54:	resourceSysdigAlertGroupOutlierUpdate	        0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_monitor_alert_metric.go:58:		resourceSysdigAlertMetricUpdate		        0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_secure_policy.go:233:		       resourceSysdigPolicyUpdate		               0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_secure_rule_container.go:85:		resourceSysdigRuleContainerUpdate	               0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_secure_rule_falco.go:96:		resourceSysdigRuleFalcoUpdate		        0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_secure_rule_filesystem.go:125:	resourceSysdigRuleFilesystemUpdate	        0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_secure_rule_network.go:136:		resourceSysdigRuleNetworkUpdate		        0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_secure_rule_process.go:85:		resourceSysdigRuleProcessUpdate		        0.0%
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_secure_rule_syscall.go:85:		resourceSysdigRuleSyscallUpdate		        0.0%

Ideally we want to cover the most critical functions for the provider to work correctly.

server error 500 when creating multiple teams in a loop

i have a template that creates 6 teams using a for_each in the terraform template

variable "teams" {
  description = "Map of teams and filter"
  default     = {
    "admin" = "agent.tag.team in (\"admin\")"
    "dev-a" = "agent.tag.team in (\"dev-a\")"
    "dev-b" = "agent.tag.team in (\"dev-b\")"
    "dev-c" = "agent.tag.team in (\"dev-c\")"
    "dev-d" = "agent.tag.team in (\"dev-d\")"
    "ops" = "agent.tag.team in (\"ops\")"
  }
}

resource "sysdig_monitor_team" "team" {
  for_each = var.teams

  name         = "${var.basename}-${each.key}"
  description  = var.team_description
  scope_by     = var.team_show
  filter       = each.value

  can_see_infrastructure_events = true

  entrypoint {
    type = "Explore"
  }
}

the first time i run terraform apply it creates 1 of the teams and 5 error 500 for the other teams. running terraform apply the second time results in the other 5 teams created.

the error in my terraform log is:
{"timestamp":1606918078147,"status":500,"error":"Internal Server Error","message":"{\"errors\":[{\"reason\":\"system.error\",\"message\":\"Sorry, something really bad happened with your request (traceId: 4fa24c755faf28d7).\"}]}","path":"/api/users/light"}

2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalCheckPlannedChange
2020/05/01 10:47:16 [TRACE] EvalCheckPlannedChange: Verifying that actual change (action Update) matches planned change (action Update)
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalGetProvider
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalReadState
2020/05/01 10:47:16 [TRACE] EvalReadState: reading state for sysdig_secure_rule_falco.thezebra_container_whitelist
2020/05/01 10:47:16 [TRACE] UpgradeResourceState: schema version of sysdig_secure_rule_falco.thezebra_container_whitelist is still 0; calling provider "registry.terraform.io/-/sysdig" for any other minor fixups
2020/05/01 10:47:16 [TRACE] GRPCProvider: UpgradeResourceState
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalReduceDiff
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalIf
2020/05/01 10:47:16 [TRACE] <root>: eval: terraform.EvalNoop
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalApplyPre
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalApply
2020/05/01 10:47:16 [DEBUG] sysdig_secure_rule_falco.thezebra_container_whitelist: applying the planned Update change
2020/05/01 10:47:16 [TRACE] GRPCProvider: ApplyResourceChange
2020/05/01 10:47:16 [DEBUG] sysdig_secure_rule_falco.thezebra_container_whitelist: apply errored, but we're indicating that via the Error pointer rather than returning it: {"errors":[{"reason":"system.error","message":"Sorry, something really bad happened with your request (traceId: 79d254a352fa3baf)."}]}
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalWriteState
2020/05/01 10:47:16 [TRACE] EvalWriteState: recording 0 dependencies for sysdig_secure_rule_falco.thezebra_container_whitelist
2020/05/01 10:47:16 [TRACE] EvalWriteState: writing current state object for sysdig_secure_rule_falco.thezebra_container_whitelist
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalApplyProvisioners
2020/05/01 10:47:16 [TRACE] EvalApplyProvisioners: sysdig_secure_rule_falco.thezebra_container_whitelist is not freshly-created, so no provisioning is required
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalWriteState
2020/05/01 10:47:16 [TRACE] EvalWriteState: recording 0 dependencies for sysdig_secure_rule_falco.thezebra_container_whitelist
2020/05/01 10:47:16 [TRACE] EvalWriteState: writing current state object for sysdig_secure_rule_falco.thezebra_container_whitelist
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalIf
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalIf
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalWriteDiff
2020/05/01 10:47:16 [TRACE] <root>: eval: *terraform.EvalApplyPost
2020/05/01 10:47:16 [ERROR] <root>: eval: *terraform.EvalApplyPost, err: {"errors":[{"reason":"system.error","message":"Sorry, something really bad happened with your request (traceId: 79d254a352fa3baf)."}]}
2020/05/01 10:47:16 [ERROR] <root>: eval: *terraform.EvalSequence, err: {"errors":[{"reason":"system.error","message":"Sorry, something really bad happened with your request (traceId: 79d254a352fa3baf)."}]}
2020/05/01 10:47:16 [TRACE] [walkApply] Exiting eval tree: sysdig_secure_rule_falco.thezebra_container_whitelist
2020/05/01 10:47:16 [TRACE] vertex "sysdig_secure_rule_falco.thezebra_container_whitelist": visit complete
2020/05/01 10:47:16 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2020/05/01 10:47:16 [TRACE] dag/walk: upstream of "provider.sysdig (close)" errored, so skipping
2020/05/01 10:47:16 [TRACE] dag/walk: upstream of "root" errored, so skipping
Error: {"errors":[{"reason":"system.error","message":"Sorry, something really bad happened with your request (traceId: 79d254a352fa3baf)."}]}

Can we use the traceId somehow to uncover why it's breaking?