fix: address reviewer feedback for Okta ML policy

harshampatel-sysdig · harshampatel-sysdig · commit b526cd9960ca · 2025-11-05T12:48:36.000-08:00
diff --git a/sysdig/data_source_sysdig_secure_okta_ml_policy.go b/sysdig/data_source_sysdig_secure_okta_ml_policy.go
@@ -45,6 +45,7 @@ func createOktaMLPolicyDataSourceSchema() map[string]*schema.Schema {
 		"rule": {
 			Type:     schema.TypeList,
 			Computed: true,
+			MaxItems: 1,
 			Elem: &schema.Resource{
 				Schema: map[string]*schema.Schema{
 					"id":                      ReadOnlyIntSchema(),
diff --git a/sysdig/data_source_sysdig_secure_okta_ml_policy_test.go b/sysdig/data_source_sysdig_secure_okta_ml_policy_test.go
@@ -30,13 +30,19 @@ func TestAccOktaMLPolicyDataSource(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: oktaOktaMLPolicyDataSource(rText),
+				Config: oktaMLPolicyDataSource(rText),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.sysdig_secure_okta_ml_policy.policy_2", "name", fmt.Sprintf("Test Okta ML Policy %s", rText)),
+					resource.TestCheckResourceAttr("data.sysdig_secure_okta_ml_policy.policy_2", "description", fmt.Sprintf("Test Okta ML Policy Description %s", rText)),
+					resource.TestCheckResourceAttr("data.sysdig_secure_okta_ml_policy.policy_2", "enabled", "true"),
+					resource.TestCheckResourceAttr("data.sysdig_secure_okta_ml_policy.policy_2", "severity", "4"),
+				),
 			},
 		},
 	})
 }
 
-func oktaOktaMLPolicyDataSource(name string) string {
+func oktaMLPolicyDataSource(name string) string {
 	return fmt.Sprintf(`
 resource "sysdig_secure_okta_ml_policy" "policy_1" {
   name        = "Test Okta ML Policy %s"
diff --git a/sysdig/resource_sysdig_secure_okta_ml_policy.go b/sysdig/resource_sysdig_secure_okta_ml_policy.go
@@ -54,6 +54,7 @@ func resourceSysdigSecureOktaMLPolicy() *schema.Resource {
 			"rule": {
 				Type:     schema.TypeList,
 				Required: true,
+				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"id":   ReadOnlyIntSchema(),
@@ -171,16 +172,12 @@ func resourceSysdigOktaMLPolicyDelete(ctx context.Context, d *schema.ResourceDat
 		return diag.FromErr(err)
 	}
 
-	policy, err := oktaMLPolicyFromResourceData(d)
+	id, err := strconv.Atoi(d.Id())
 	if err != nil {
 		return diag.FromErr(err)
 	}
 
-	if policy.Policy.ID == 0 {
-		return diag.FromErr(errors.New("policy ID is missing"))
-	}
-
-	err = client.DeleteCompositePolicy(ctx, policy.Policy.ID)
+	err = client.DeleteCompositePolicy(ctx, id)
 	if err != nil {
 		return diag.FromErr(err)
 	}
diff --git a/sysdig/schema.go b/sysdig/schema.go
@@ -413,8 +413,9 @@ func MLRuleThresholdAndSeveritySchema() *schema.Schema {
 					Default:  true,
 				},
 				"threshold": {
-					Type:     schema.TypeInt,
-					Required: true,
+					Type:             schema.TypeInt,
+					Required:         true,
+					ValidateDiagFunc: validateDiagFunc(validation.IntBetween(1, 3)),
 				},
 			},
 		},
diff --git a/sysdig/tfresource.go b/sysdig/tfresource.go
@@ -321,10 +321,14 @@ func setTFResourcePolicyRulesOktaML(d *schema.ResourceData, policy v2.PolicyRule
 
 	rules := []map[string]any{}
 	for _, rule := range policy.Rules {
-		anomalousLogin := []map[string]any{{
-			"enabled":   rule.Details.(*v2.OktaMLRuleDetails).AnomalousConsoleLogin.Enabled,
-			"threshold": rule.Details.(*v2.OktaMLRuleDetails).AnomalousConsoleLogin.Threshold,
-		}}
+		anomalousLogin := []map[string]any{}
+
+		if d, ok := rule.Details.(*v2.OktaMLRuleDetails); ok && d.AnomalousConsoleLogin != nil {
+			anomalousLogin = []map[string]any{{
+				"enabled":   d.AnomalousConsoleLogin.Enabled,
+				"threshold": int(d.AnomalousConsoleLogin.Threshold),
+			}}
+		}
 
 		rules = append(rules, map[string]any{
 			"id":                      rule.ID,
diff --git a/website/docs/r/secure_okta_ml_policy.md b/website/docs/r/secure_okta_ml_policy.md
@@ -3,12 +3,12 @@ subcategory: "Sysdig Secure"
 layout: "sysdig"
 page_title: "Sysdig: sysdig_secure_okta_ml_policy"
 description: |-
-  Retrieves a Sysdig Secure Okta ML Policy.
+  Manages a Sysdig Secure Okta ML Policy.
 ---
 
 # Resource: sysdig_secure_okta_ml_policy
 
-Retrieves the information of an existing Sysdig Secure Okta ML Policy.
+Manages a Sysdig Secure Okta ML Policy.
 
 -> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository.
 
@@ -28,6 +28,7 @@ resource "sysdig_secure_okta_ml_policy" "policy" {
       enabled   = true
       threshold = 1
     }
+  }
 }
 ```
 
