feat: Make comps optional for falco exceptions (#219)

tembleking · web-flow · commit 64589e330083 · 2022-11-24T12:32:48.000+01:00
The comps field can be optional in the API, and is automatically evaluated with a default value when imported in Falco and Cloud Connector.
diff --git a/sysdig/resource_sysdig_secure_rule_falco.go b/sysdig/resource_sysdig_secure_rule_falco.go
@@ -74,7 +74,7 @@ func resourceSysdigSecureRuleFalco() *schema.Resource {
 						},
 						"comps": {
 							Type:     schema.TypeList,
-							Required: true,
+							Optional: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 						},
 						"values": {
@@ -190,6 +190,8 @@ func fieldOrCompsToStringSlice(fields any) ([]string, error) {
 		}
 	case string:
 		elements = append(elements, t)
+	case nil:
+		// do nothing
 	default:
 		return nil, fmt.Errorf("unexpected type: %T", t)
 	}
diff --git a/sysdig/resource_sysdig_secure_rule_falco_test.go b/sysdig/resource_sysdig_secure_rule_falco_test.go
@@ -193,6 +193,11 @@ resource "sysdig_secure_rule_falco" "falco_rule_with_exceptions" {
    comps = ["in"]
    values = jsonencode(["foo"])
   }
+  exceptions {
+   name = "only_one_field_without_comps"
+   fields = ["ka.req.binding.subjects"]
+   values = jsonencode(["foo"])
+  }
 }
 `, name)
 }
diff --git a/website/docs/r/secure_rule_falco.md b/website/docs/r/secure_rule_falco.md
@@ -77,7 +77,7 @@ Supported fields for exceptions:
 
 * `name` - (Required) The name of the exception. Only used to provide a handy name, and to potentially link together values in a later rule that has `append = true`.
 * `fields` - (Required) Contains one or more fields that will extract a value from the syscall/k8s_audit events.
-* `comps` - (Required) Contains comparison operators that align 1-1 with the items in the fields property.
+* `comps` - (Optional) Contains comparison operators that align 1-1 with the items in the fields property.
 * `values` - (Required) Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field and comparison operator. Since the value can be a string, a list of strings or a list of a list of strings, the value of this field must be supplied in JSON format. You can use the default `jsonencode` function to provide this value. See the usage example on the top.
 
 ## Attributes Reference

Original file line number	Diff line number	Diff line change
`@@ -193,6 +193,11 @@ resource "sysdig_secure_rule_falco" "falco_rule_with_exceptions" {`
`193`	`193`	`comps = ["in"]`
`194`	`194`	`values = jsonencode(["foo"])`
`195`	`195`	`}`
	`196`	`+ exceptions {`
	`197`	`+ name = "only_one_field_without_comps"`
	`198`	`+ fields = ["ka.req.binding.subjects"]`
	`199`	`+ values = jsonencode(["foo"])`
	`200`	`+ }`
`196`	`201`	`}`
`197`	`202`	`, name)
`198`	`203`	`}`