[datadog_security_monitioring_rule] Set tags in state

datadog/resource_datadog_security_monitoring_rule.go

@@ -316,7 +316,7 @@ func datadogSecurityMonitoringRuleSchema() map[string]*schema.Schema {
 		},
 
 		"tags": {
-			Type:        schema.TypeList,
+			Type:        schema.TypeSet,
 			Optional:    true,
 			Description: "Tags for generated signals.",
 			Elem:        &schema.Schema{Type: schema.TypeString},
@@ -474,9 +474,9 @@ func buildCreateCommonPayload(d *schema.ResourceData, payload securityMonitoring
 	}
 
 	if v, ok := d.GetOk("tags"); ok {
-		tfTags := v.([]interface{})
-		tags := make([]string, len(tfTags))
-		for i, value := range tfTags {
+		tfTags := v.(*schema.Set)
+		tags := make([]string, tfTags.Len())
+		for i, value := range tfTags.List() {
 			tags[i] = value.(string)
 		}
 		payload.SetTags(tags)
@@ -807,6 +807,10 @@ func updateCommonResourceDataFromResponse(d *schema.ResourceData, ruleResponse s
 		filters := extractFiltersFromRuleResponse(ruleResponse.GetFilters())
 		d.Set("filter", filters)
 	}
+
+	if tags, ok := ruleResponse.GetTagsOk(); ok {
+		d.Set("tags", *tags)
+	}
 }
 
 func updateStandardResourceDataFromResponse(d *schema.ResourceData, ruleResponse *datadogV2.SecurityMonitoringStandardRuleResponse) {
@@ -882,6 +886,10 @@ func updateSignalResourceDataFromResponse(d *schema.ResourceData, ruleResponse *
 	if ruleType, ok := ruleResponse.GetTypeOk(); ok {
 		d.Set("type", *ruleType)
 	}
+
+	if tags, ok := ruleResponse.GetTagsOk(); ok {
+		d.Set("tags", *tags)
+	}
 }
 
 func extractFiltersFromRuleResponse(ruleResponseFilter []datadogV2.SecurityMonitoringFilter) []interface{} {
@@ -1058,9 +1066,9 @@ func buildUpdatePayload(d *schema.ResourceData) (datadogV2.SecurityMonitoringRul
 	}
 
 	if v, ok := d.GetOk("tags"); ok {
-		tfTags := v.([]interface{})
-		tags := make([]string, len(tfTags))
-		for i, value := range tfTags {
+		tfTags := v.(*schema.Set)
+		tags := make([]string, tfTags.Len())
+		for i, value := range tfTags.List() {
 			tags[i] = value.(string)
 		}
 		payload.SetTags(tags)

datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRuleDatasource.freeze

@@ -1 +1 @@
-2022-10-13T14:11:06.897844+02:00
+2023-03-17T18:50:36.472398-04:00

datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_Basic.freeze

@@ -1 +1 @@
-2022-10-13T14:12:00.248674+02:00
+2023-03-17T18:50:07.484182-04:00

datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_CwsRule.freeze

@@ -1 +1 @@
-2022-10-13T14:12:00.248627+02:00
+2023-03-17T18:45:06.228474-04:00

datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_ImpossibleTravelRule.freeze

@@ -1 +1 @@
-2022-10-13T14:12:00.248429+02:00
+2023-03-17T18:49:54.445255-04:00

datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_NewValueRule.freeze

@@ -1 +1 @@
-2022-10-13T14:12:00.248495+02:00
+2023-03-17T18:49:42.714642-04:00

datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_SignalCorrelation.freeze

@@ -1 +1 @@
-2022-10-13T14:12:00.248348+02:00
+2023-03-17T18:53:57.076391-04:00

datadog/tests/resource_datadog_security_monitoring_rule_test.go

@@ -377,10 +377,10 @@ func testAccCheckDatadogSecurityMonitorCreatedCheckWithId(accProvider func() (*s
 			tfSecurityRuleName, "filter.1.action", "require"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "filter.1.query", "does not really require neither"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "i:tomato"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "u:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "i:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "u:tomato"),
 	)
 }
 
@@ -457,10 +457,10 @@ func testAccCheckDatadogSecurityMonitorCreatedCheckNewValueRule(accProvider func
 			tfSecurityRuleName, "options.0.new_value_options.0.learning_duration", "1"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "options.0.new_value_options.0.learning_threshold", "0"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "i:tomato"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "u:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "i:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "u:tomato"),
 	)
 }
 
@@ -530,10 +530,10 @@ func testAccCheckDatadogSecurityMonitorCreatedCheckImpossibleTravelRule(accProvi
 			tfSecurityRuleName, "options.0.detection_method", "impossible_travel"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "options.0.impossible_travel_options.0.baseline_user_locations", "true"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "i:tomato"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "u:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "i:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "u:tomato"),
 	)
 }
 
@@ -603,10 +603,10 @@ func testAccCheckDatadogSecurityMonitorUpdatedCheckImpossibleTravelRule(accProvi
 			tfSecurityRuleName, "options.0.detection_method", "impossible_travel"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "options.0.impossible_travel_options.0.baseline_user_locations", "true"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "i:tomato"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "u:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "i:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "u:tomato"),
 	)
 }
 
@@ -709,10 +709,10 @@ func testAccCheckDatadogSecurityMonitoringCreatedCheckCwsRule(accProvider func()
 			tfSecurityRuleName, "options.0.keep_alive", "600"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "options.0.max_signal_duration", "900"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "i:tomato"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "u:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "i:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "u:tomato"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "type", "workload_security"),
 	)
@@ -810,10 +810,10 @@ func testAccCheckDatadogSecurityMonitoringUpdateCheck(accProvider func() (*schem
 			tfSecurityRuleName, "filter.0.action", "suppress"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "filter.0.query", "does not really suppress (updated)"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "u:tomato"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "i:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "u:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "i:tomato"),
 	)
 }
 
@@ -893,10 +893,10 @@ func testAccCheckDatadogSecurityMonitoringUpdateCheckNewValueRule(accProvider fu
 			tfSecurityRuleName, "options.0.new_value_options.0.learning_duration", "0"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "options.0.new_value_options.0.learning_threshold", "0"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "u:tomato"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "i:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "u:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "i:tomato"),
 	)
 }
 
@@ -968,10 +968,10 @@ func testAccCheckDatadogSecurityMonitoringUpdateCheckCwsRule(accProvider func()
 			tfSecurityRuleName, "options.0.keep_alive", "600"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "options.0.max_signal_duration", "900"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "u:tomato"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "i:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "u:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "i:tomato"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "type", "workload_security"),
 	)
@@ -1136,10 +1136,10 @@ func testAccCheckDatadogSecurityMonitorCreatedSignalCorrelationCheck(accProvider
 			tfSecurityRuleName, "filter.1.action", "require"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "filter.1.query", "does not really require neither"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "alert:red"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "attack:advanced"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "alert:red"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "attack:advanced"),
 	)
 }
 
@@ -1244,10 +1244,10 @@ func testAccCheckDatadogSecurityMonitoringUpdateSignalCorrelationCheck(accProvid
 			tfSecurityRuleName, "filter.0.action", "suppress"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "filter.0.query", "does not really suppress (updated)"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "alert:red"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "attack:advanced"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "alert:red"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "attack:advanced"),
 	)
 }
 
@@ -1294,10 +1294,10 @@ func testAccCheckDatadogSecurityMonitoringEnabledDefaultCheck(accProvider func()
 			tfSecurityRuleName, "filter.0.action", "suppress"),
 		resource.TestCheckResourceAttr(
 			tfSecurityRuleName, "filter.0.query", "does not really suppress (updated)"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.0", "u:tomato"),
-		resource.TestCheckResourceAttr(
-			tfSecurityRuleName, "tags.1", "i:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "u:tomato"),
+		resource.TestCheckTypeSetElemAttr(
+			tfSecurityRuleName, "tags.*", "i:tomato"),
 	)
 }
 

docs/data-sources/security_monitoring_rules.md

@@ -50,7 +50,7 @@ Read-Only:
 - `options` (List of Object) (see [below for nested schema](#nestedobjatt--rules--options))
 - `query` (List of Object) (see [below for nested schema](#nestedobjatt--rules--query))
 - `signal_query` (List of Object) (see [below for nested schema](#nestedobjatt--rules--signal_query))
-- `tags` (List of String)
+- `tags` (Set of String)
 - `type` (String)
 
 <a id="nestedobjatt--rules--case"></a>

docs/resources/security_monitoring_rule.md

@@ -66,7 +66,7 @@ resource "datadog_security_monitoring_rule" "myrule" {
 - `options` (Block List, Max: 1) Options on rules. (see [below for nested schema](#nestedblock--options))
 - `query` (Block List) Queries for selecting logs which are part of the rule. (see [below for nested schema](#nestedblock--query))
 - `signal_query` (Block List) Queries for selecting logs which are part of the rule. (see [below for nested schema](#nestedblock--signal_query))
-- `tags` (List of String) Tags for generated signals.
+- `tags` (Set of String) Tags for generated signals.
 - `type` (String) The rule type. Valid values are `log_detection`, `workload_security`, `signal_correlation`.
 
 ### Read-Only