Add terraform support to Okta ML Policy #675
Conversation
harshampatel-sysdig
requested review from
airadier,
daniel-almeida,
ivanlysiuk-sysdig,
jbainbridgesysdig,
mateobur,
ombellare,
rosenbloomb-sysdig and
tembleking
as code owners
.vscode/launch.json
Outdated
| @@ -0,0 +1,15 @@ | |||
| { | |||
There was a problem hiding this comment.
No need to push this. If you can, please add it to gitignore so this isn't tracked in the future.
There was a problem hiding this comment.
You might need to delete it from your local machine and push once to remove it from here
sysdig/tfresource.go
Outdated
| // TODO: Iterate over a list of rules instead of hard-coding the index values | ||
| // TODO: Should we assume that only a single Malware rule can be attached to a policy? |
There was a problem hiding this comment.
These TODOs are intentionally kept to match the AWS ML implementation pattern. Both AWS ML and Okta ML policies currently support a single rule per policy.
There was a problem hiding this comment.
For now yes the behavior is 1 rule per policy for these non-Falco types like malware, drift and ML ones. So we can remove the comment if needed
sysdig/tfresource.go
Outdated
| }) | ||
| } | ||
|
|
||
| _ = d.Set("rule", rules) |
There was a problem hiding this comment.
Is this an error being ignored? We should handle it if so.
| } | ||
|
|
||
| func oktaMLPolicyFromResourceData(d *schema.ResourceData) (v2.PolicyRulesComposite, error) { | ||
| policy := &v2.PolicyRulesComposite{ |
There was a problem hiding this comment.
I see there's similar code for other types, but I think it makes more sense to avoid the pointer in this function and pass &policy to oktaMLPolicyReducer, which is where a pointer is actually needed.
| return diag.FromErr(err) | ||
| } | ||
|
|
||
| id, _ := strconv.Atoi(d.Id()) |
.vscode/launch.json
Outdated
| @@ -0,0 +1,15 @@ | |||
| { | |||
There was a problem hiding this comment.
You might need to delete it from your local machine and push once to remove it from here
sysdig/tfresource.go
Outdated
| // TODO: Iterate over a list of rules instead of hard-coding the index values | ||
| // TODO: Should we assume that only a single Malware rule can be attached to a policy? |
There was a problem hiding this comment.
For now yes the behavior is 1 rule per policy for these non-Falco types like malware, drift and ML ones. So we can remove the comment if needed
|
|
||
| * `anomalous_console_login` - Anomaly detection settings for logins. | ||
| * `enabled` - Whether anomaly detection is enabled. | ||
| * `threshold` - Confidence level threshold for triggering alerts. |
There was a problem hiding this comment.
Could you add that only supported values for the threshold are 1, 2 and 3 please? If you would like you can update for the other ML types as well (I think they were missed there too)
|
|
||
| * `description` - (Required) Rule description. | ||
| * `anomalous_console_login` - (Required) This attribute allows you to activate anomaly detection for logins and adjust its settings. | ||
| * `threshold` - (Required) Trigger at or above confidence level. |
There was a problem hiding this comment.
I think there should be an enabled field here too similar to how you have on your data source.
Changed threshold value descriptions from 'High/Medium/Low' to 'Default/High/Higher' for ML policies
3 participants
Key changes:
sysdig_secure_okta_ml_policy