Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[security_monitoring_default_rule] Fix acceptance tests for default rules #1707

Merged
merged 2 commits into from
Jan 9, 2023
Merged

[security_monitoring_default_rule] Fix acceptance tests for default rules #1707

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
68482e3
[SEC-5854] Fix acceptance tests for default rules
muffix Jan 9, 2023
de0c8af
[SEC-5854] Update cassettes
muffix Jan 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions datadog/resource_datadog_security_monitoring_default_rule.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,9 +164,13 @@ func resourceDatadogSecurityMonitoringDefaultRuleRead(ctx context.Context, d *sc
d.Set("type", rule.GetType())

responseOptions := rule.GetOptions()
ruleOptions := []map[string]interface{}{{
"decrease_criticality_based_on_env": responseOptions.GetDecreaseCriticalityBasedOnEnv(),
}}
var ruleOptions []map[string]interface{}

if *rule.Type == datadogV2.SECURITYMONITORINGRULETYPEREAD_LOG_DETECTION {
ruleOptions = append(ruleOptions, map[string]interface{}{
"decrease_criticality_based_on_env": responseOptions.GetDecreaseCriticalityBasedOnEnv(),
})
}

d.Set("options", &ruleOptions)

Expand Down
2 changes: 1 addition & 1 deletion datadog/tests/cassettes/TestAccDatadogSecurityMonitoringDefaultRule_Basic.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2022-10-13T14:12:00.249128+02:00
2023-01-09T11:33:37.933584+01:00
315 changes: 57 additions & 258 deletions datadog/tests/cassettes/TestAccDatadogSecurityMonitoringDefaultRule_Basic.yaml
View file
Open in desktop

Large diffs are not rendered by default.

32 changes: 18 additions & 14 deletions datadog/tests/resource_datadog_security_monitoring_default_rule_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,22 @@ func TestAccDatadogSecurityMonitoringDefaultRule_Basic(t *testing.T) {
PreCheck: func() { testAccPreCheck(t) },
ProviderFactories: accProviders,
Steps: []resource.TestStep{
// Define an existing default rule as one we want to import
{
Config: testAccCheckDatadogSecurityMonitoringDefaultDatasource(),
Config: testAccDatadogSecurityMonitoringDefaultDatasource(),
},
// Import the rule
{
Config: testAccCheckDatadogSecurityMonitoringDefaultNoop(),
ResourceName: tfSecurityDefaultRuleName,
ImportState: true,
ImportStateIdFunc: idFromDatasource,
Config: testAccCheckDatadogSecurityMonitoringDefaultNoop(),
ResourceName: tfSecurityDefaultRuleName,
ImportState: true,
ImportStateIdFunc: idFromDatasource,
ImportStatePersist: true,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to persist the state so that we can access it in the next step. No checks are run if we're importing a state in a test step.

},
// Change the "decrease criticality" flag
{
Config: testAccCheckDatadogSecurityMonitoringDefaultDynamicCriticality(),
ResourceName: tfSecurityDefaultRuleName,
ImportState: true,
ImportStateIdFunc: idFromDatasource,
Config: testAccDatadogSecurityMonitoringDefaultRuleDynamicCriticality(),
Check: testAccCheckDatadogSecurityMonitoringDefaultDynamicCriticality(),
},
},
})
Expand All @@ -43,26 +45,28 @@ func idFromDatasource(state *terraform.State) (string, error) {
return resourceState.Primary.Attributes["rule_ids.0"], nil
}

func testAccCheckDatadogSecurityMonitoringDefaultDatasource() string {
func testAccDatadogSecurityMonitoringDefaultDatasource() string {
return `
data "datadog_security_monitoring_rules" "bruteforce" {
name_filter = "docker"
tags_filter = ["source:cloudtrail"]
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sure we're importing a default rule of type log detection. CloudTrail rules should all be of type log detection. The previous filter returned an infrastructure configuration rule.

default_only_filter = "true"
}
`
}

func testAccCheckDatadogSecurityMonitoringDefaultNoop() string {
return `
data "datadog_security_monitoring_rules" "bruteforce" {
name_filter = "docker"
tags_filter = ["source:cloudtrail"]
default_only_filter = "true"
}

resource "datadog_security_monitoring_default_rule" "acceptance_test" {
}
`
}

func testAccCheckDatadogSecurityMonitoringDefaultDynamicCriticality() string {
func testAccDatadogSecurityMonitoringDefaultRuleDynamicCriticality() string {
return `
resource "datadog_security_monitoring_default_rule" "acceptance_test" {
options {
Expand All @@ -72,7 +76,7 @@ resource "datadog_security_monitoring_default_rule" "acceptance_test" {
`
}

func testAccCheckDatadogSecurityMonitoringDefaultDynamicCriticalityCheck() resource.TestCheckFunc {
func testAccCheckDatadogSecurityMonitoringDefaultDynamicCriticality() resource.TestCheckFunc {
return resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(
tfSecurityDefaultRuleName, "options.0.decrease_criticality_based_on_env", "true"),
Expand Down