DataDog · nkzou · Jan 20, 2023 · Jan 18, 2023 · Jan 17, 2023 · Jan 17, 2023
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"time"
 
 	"github.com/terraform-providers/terraform-provider-datadog/datadog/internal/utils"
 	"github.com/terraform-providers/terraform-provider-datadog/datadog/internal/validators"
@@ -102,6 +103,26 @@ func resourceDatadogSecurityMonitoringDefaultRule() *schema.Resource {
 	}
 }
 
+func securityMonitoringRuleDeprecationWarning(rule securityMonitoringRuleResponseInterface) diag.Diagnostics {
+	var diags diag.Diagnostics
+
+	if deprecationTimestampMs, ok := rule.GetDeprecationDateOk(); ok {
+		deprecation := time.UnixMilli(*deprecationTimestampMs)
+
+		warning := diag.Diagnostic{
+			Severity: diag.Warning,
+			Summary:  fmt.Sprintf("Rule will be deprecated on %s.", deprecation.Format("Jan _2 2006")),
+			Detail: "Please consider deleting the associated resource. " +
+				"After the deprecation date, the rule will stop triggering signals. " +
+				"Moreover, the API will reject any call to update the rule, which might break your Terraform pipeline.",
+		}
+
+		diags = append(diags, warning)
+	}
+
+	return diags
+}
+
 func resourceDatadogSecurityMonitoringDefaultRuleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	return diag.FromErr(errors.New("cannot create a default rule, please import it first before making changes"))
 }
@@ -174,7 +195,7 @@ func resourceDatadogSecurityMonitoringDefaultRuleRead(ctx context.Context, d *sc
 
 	d.Set("options", &ruleOptions)
 
-	return nil
+	return securityMonitoringRuleDeprecationWarning(rule)
 }
 
 func resourceDatadogSecurityMonitoringDefaultRuleUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
@@ -211,13 +232,21 @@ func resourceDatadogSecurityMonitoringDefaultRuleUpdate(ctx context.Context, d *
 		return diag.FromErr(err)
 	}
 
+	var diags diag.Diagnostics
+
 	if shouldUpdate {
-		if _, httpResponse, err := apiInstances.GetSecurityMonitoringApiV2().UpdateSecurityMonitoringRule(auth, ruleID, *ruleUpdate); err != nil {
-			return utils.TranslateClientErrorDiag(err, httpResponse, "error updating security monitoring rule on resource creation")
+		ruleResponse, httpResponse, err := apiInstances.GetSecurityMonitoringApiV2().UpdateSecurityMonitoringRule(auth, ruleID, *ruleUpdate)
+
+		if err != nil {
+			diags = append(diags, utils.TranslateClientErrorDiag(err, httpResponse, "error updating security monitoring rule on resource creation")...)
 		}
+
+		diags = append(diags, securityMonitoringRuleDeprecationWarning(ruleResponse.SecurityMonitoringStandardRuleResponse)...)
+	} else {
+		diags = append(diags, securityMonitoringRuleDeprecationWarning(rule)...)
 	}
 
-	return nil
+	return diags
 }
 
 func buildSecMonDefaultRuleUpdatePayload(currentState *datadogV2.SecurityMonitoringStandardRuleResponse, d *schema.ResourceData) (*datadogV2.SecurityMonitoringRuleUpdatePayload, bool, error) {

@@ -385,6 +385,7 @@ type securityMonitoringRuleResponseInterface interface {
 	securityMonitoringRuleInterface
 	SetCases(v []datadogV2.SecurityMonitoringRuleCase)
 	GetCases() []datadogV2.SecurityMonitoringRuleCase
+	GetDeprecationDateOk() (*int64, bool)
 }
 
 func resourceDatadogSecurityMonitoringRuleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {

@@ -0,0 +1 @@
+2023-01-17T18:25:16.433499+01:00
@@ -39,6 +39,44 @@ func TestAccDatadogSecurityMonitoringDefaultRule_Basic(t *testing.T) {
 	})
 }
 
+func TestAccDatadogSecurityMonitoringDefaultRule_DeprecationWarning(t *testing.T) {
+	if !isReplaying() {
+		t.Skip("this is a replay-only test")
+		return
+	}
+
+	t.Parallel()
+	_, accProviders := testAccProviders(context.Background(), t)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: accProviders,
+		Steps: []resource.TestStep{
+			// Define an existing rule
+			{
+				Config: testAccDatadogSecurityMonitoringDefaultDatasource(),
+			},
+			// Import the rule
+			{
+				Config:             testAccCheckDatadogSecurityMonitoringDefaultNoop(),
+				ResourceName:       tfSecurityDefaultRuleName,
+				ImportState:        true,
+				ImportStateIdFunc:  idFromDatasource,
+				ImportStatePersist: true,
+			},
+			// Change the "decrease criticality" flag
+			// For this specific test, we manually changed the cassette recording to set a deprecation date on the rule
+			// As of Jan 17, 2023, the TF testing framework does not provide a way to make assertions on warning
+			// See https://github.com/hashicorp/terraform-plugin-sdk/issues/864
+			// However, this test makes sure nothing breaks when the warning is returned
+			{
+				Config: testAccDatadogSecurityMonitoringDefaultRuleDynamicCriticality(),
+				Check:  testAccCheckDatadogSecurityMonitoringDefaultDynamicCriticality(),
+			},
+		},
+	})
+}
+
 func idFromDatasource(state *terraform.State) (string, error) {
 	resources := state.RootModule().Resources
 	resourceState := resources["data.datadog_security_monitoring_rules.bruteforce"]

@@ -4540,7 +4540,7 @@ Required:
 
 Required:
 
-- `data_source` (String) Source from which to query items to display in the stream. Valid values are `logs_stream`, `audit_stream`, `rum_issue_stream`, `apm_issue_stream`, `logs_pattern_stream`.
+- `data_source` (String) Source from which to query items to display in the stream. Valid values are `logs_stream`, `audit_stream`, `rum_issue_stream`, `apm_issue_stream`, `logs_pattern_stream`, `logs_transaction_stream`.
 
 Optional:
 
@@ -10013,7 +10013,7 @@ Required:
 
 Required:
 
-- `data_source` (String) Source from which to query items to display in the stream. Valid values are `logs_stream`, `audit_stream`, `rum_issue_stream`, `apm_issue_stream`, `logs_pattern_stream`.
+- `data_source` (String) Source from which to query items to display in the stream. Valid values are `logs_stream`, `audit_stream`, `rum_issue_stream`, `apm_issue_stream`, `logs_pattern_stream`, `logs_transaction_stream`.
 
 Optional:
 

@@ -1,7 +1,7 @@
 module github.com/terraform-providers/terraform-provider-datadog
 
 require (
-	github.com/DataDog/datadog-api-client-go/v2 v2.7.1-0.20230112221549-b0e839b9dc19
+	github.com/DataDog/datadog-api-client-go/v2 v2.7.1-0.20230120075132-4b9844ff6888
 	github.com/DataDog/dd-sdk-go-testing v0.0.0-20211116174033-1cd082e322ad
 	github.com/dnaeon/go-vcr v1.0.1
 	github.com/hashicorp/go-cleanhttp v0.5.2

@@ -1,8 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/DataDog/datadog-api-client-go/v2 v2.7.1-0.20230112221549-b0e839b9dc19 h1:s8RUsTz6RZ5nlaQOvD/3F2LtgUk876lKtConeDNuoRs=
-github.com/DataDog/datadog-api-client-go/v2 v2.7.1-0.20230112221549-b0e839b9dc19/go.mod h1:sHt3EuVMN8PSYJu065qwp3pZxCwR3RZP4sJnYwj/ZQY=
+github.com/DataDog/datadog-api-client-go/v2 v2.7.1-0.20230120075132-4b9844ff6888 h1:MLHiIxHYnsZaV2HCkuJ/QraIQms9d2k2VwIxid2QKB8=
+github.com/DataDog/datadog-api-client-go/v2 v2.7.1-0.20230120075132-4b9844ff6888/go.mod h1:sHt3EuVMN8PSYJu065qwp3pZxCwR3RZP4sJnYwj/ZQY=
 github.com/DataDog/datadog-go v4.4.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/datadog-go v4.8.3+incompatible h1:fNGaYSuObuQb5nzeTQqowRAd9bpDIRRV4/gUtIBjh8Q=
 github.com/DataDog/datadog-go v4.8.3+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=