New Data Source: wiz_cloud_config_rules (#28)

This change adds a new data source, wiz_cloud_config_rules, that can be used to filter and return details for Wiz Cloud Configuration Rules.

docs/data-sources/cloud_config_rules.md

@@ -0,0 +1,138 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "wiz_cloud_config_rules Data Source - terraform-provider-wiz"
+subcategory: ""
+description: |-
+  Query cloud configuration rules.
+---
+
+# wiz_cloud_config_rules (Data Source)
+
+Query cloud configuration rules.
+
+## Example Usage
+
+```terraform
+# get aws cloud configuration rules for access keys
+data "wiz_cloud_config_rules" "aws_access_key" {
+  search = "Access key"
+  cloud_provider = [
+    "AWS",
+  ]
+}
+
+# get high and critical aws cloud configuration rules that have remediation
+data "wiz_cloud_config_rules" "aws_critical" {
+  cloud_provider = [
+    "AWS",
+  ]
+  severity = [
+    "CRITICAL",
+    "HIGH",
+  ]
+  has_remediation = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `cloud_provider` (List of String) Find CSPM rules related to cloud provider.
+    - Allowed values: 
+        - GCP
+        - AWS
+        - Azure
+        - OCI
+        - Alibaba
+        - vSphere
+        - OpenShift
+        - Kubernetes
+- `created_by` (List of String) Search rules by user.
+- `enabled` (Boolean) CSPM Rule enabled status.
+- `first` (Number) How many results to return
+    - Defaults to `500`.
+- `framework_category` (List of String) Search rules by any of securityFramework | securitySubCategory | securityCategory.
+- `function_as_control` (Boolean) Search by function as control.
+- `has_auto_remediation` (Boolean) Rule has auto remediation.
+- `has_remediation` (Boolean) Rule has remediation.
+- `ids` (List of String) GetSearch by IDs.
+- `is_opa_policy` (Boolean) Search by opaPolicy presence.
+- `matcher_type` (List of String) Search rules by target native type.
+    - Allowed values: 
+        - CLOUD
+        - TERRAFORM
+        - CLOUD_FORMATION
+        - KUBERNETES
+        - AZURE_RESOURCE_MANAGER
+        - DOCKER_FILE
+- `project` (List of String) Search by project.
+- `risk_equals_all` (List of String)
+- `risk_equals_any` (List of String)
+- `scope_account_ids` (List of String) Find CSPM rules applied on cloud account IDs.
+- `search` (String) Free text search on CSPM name or resource ID.
+- `service_type` (List of String) Find CSPM rules related to the service.
+    - Allowed values: 
+        - AWS
+        - Azure
+        - GCP
+        - OCI
+        - Alibaba
+        - AKS
+        - EKS
+        - GKE
+        - Kubernetes
+        - OKE
+- `severity` (List of String) CSPM Rule severity.
+    - Allowed values: 
+        - INFORMATIONAL
+        - LOW
+        - MEDIUM
+        - HIGH
+        - CRITICAL
+- `subject_entity_type` (List of String) Find rules by their entity type subject.
+- `target_native_type` (List of String) Search rules by target native type.
+
+### Read-Only
+
+- `cloud_configuration_rules` (Set of Object) The returned cloud configuration rules. (see [below for nested schema](#nestedatt--cloud_configuration_rules))
+- `id` (String) Internal identifier for the data.
+
+<a id="nestedatt--cloud_configuration_rules"></a>
+### Nested Schema for `cloud_configuration_rules`
+
+Read-Only:
+
+- `builtin` (Boolean)
+- `cloud_provider` (String)
+- `control_id` (String)
+- `description` (String)
+- `enabled` (Boolean)
+- `external_references` (Set of Object) (see [below for nested schema](#nestedobjatt--cloud_configuration_rules--external_references))
+- `function_as_control` (Boolean)
+- `graph_id` (String)
+- `has_auto_remediation` (Boolean)
+- `iac_matcher_ids` (List of String)
+- `id` (String)
+- `name` (String)
+- `opa_policy` (String)
+- `remediation_instructions` (String)
+- `scope_accounts` (List of String)
+- `security_sub_category_ids` (List of String)
+- `service_type` (String)
+- `severity` (String)
+- `short_id` (String)
+- `subject_entity_type` (String)
+- `supports_nrt` (Boolean)
+- `target_native_types` (List of String)
+
+<a id="nestedobjatt--cloud_configuration_rules--external_references"></a>
+### Nested Schema for `cloud_configuration_rules.external_references`
+
+Read-Only:
+
+- `id` (String)
+- `name` (String)
+
+

docs/index.md

@@ -6,7 +6,7 @@ description: |-
 
 # terraform-provider-wiz
 
-The Wiz Terraform provider is designed to work with [Wiz](https://app.wiz.io/). 
+The Wiz Terraform provider is designed to work with [Wiz](https://wiz.io/). 
 
 The "wiz" provider manages resources typically manually managed in the [Wiz web interface](https://app.wiz.io/).  You must configure the provider with the proper credentials before you can use it.
 

examples/data-sources/wiz_cloud_config_rules/data-source.tf

@@ -0,0 +1,19 @@
+# get aws cloud configuration rules for access keys
+data "wiz_cloud_config_rules" "aws_access_key" {
+  search = "Access key"
+  cloud_provider = [
+    "AWS",
+  ]
+}
+
+# get high and critical aws cloud configuration rules that have remediation
+data "wiz_cloud_config_rules" "aws_critical" {
+  cloud_provider = [
+    "AWS",
+  ]
+  severity = [
+    "CRITICAL",
+    "HIGH",
+  ]
+  has_remediation = true
+}

internal/provider/data_source_cloud_accounts.go

@@ -6,6 +6,7 @@ import (
 	"crypto/sha1"
 	"encoding/hex"
 	"fmt"
+	"sort"
 
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -322,7 +323,10 @@ func dataSourceWizCloudAccountsRead(ctx context.Context, d *schema.ResourceData,
 	if b {
 		filterBy.Search = utils.ConvertListToString(a.([]interface{}))
 	}
-	filterBy.ProjectID = d.Get("project_id").(string)
+	a, b = d.GetOk("project_id")
+	if b {
+		filterBy.ProjectID = a.(string)
+	}
 	a, b = d.GetOk("cloud_provider")
 	if b {
 		filterBy.CloudProvider = utils.ConvertListToString(a.([]interface{}))
@@ -339,8 +343,14 @@ func dataSourceWizCloudAccountsRead(ctx context.Context, d *schema.ResourceData,
 	if b {
 		filterBy.ConnectorIssueID = utils.ConvertListToString(a.([]interface{}))
 	}
-	filterBy.AssignedToProject = utils.ConvertBoolToPointer(d.Get("assigned_to_project").(bool))
-	filterBy.HasMultipleConnectorSources = utils.ConvertBoolToPointer(d.Get("has_multiple_connector_sources").(bool))
+	a, b = d.GetOk("assigned_to_project")
+	if b {
+		filterBy.AssignedToProject = utils.ConvertBoolToPointer(a.(bool))
+	}
+	a, b = d.GetOk("has_multiple_connector_sources")
+	if b {
+		filterBy.HasMultipleConnectorSources = utils.ConvertBoolToPointer(a.(bool))
+	}
 	vars.FilterBy = filterBy
 
 	// process the request
@@ -356,8 +366,6 @@ func dataSourceWizCloudAccountsRead(ctx context.Context, d *schema.ResourceData,
 		return append(diags, diag.FromErr(err)...)
 	}
 
-	tflog.Debug(ctx, "Finished")
-
 	return diags
 }
 
@@ -380,6 +388,11 @@ func flattenCloudAccounts(ctx context.Context, nodes *[]*vendor.CloudAccount) []
 		output = append(output, accountMap)
 	}
 
+	// sort the return slice to avoid unwanted diffs
+	sort.Slice(output, func(i, j int) bool {
+		return output[i].(map[string]interface{})["id"].(string) < output[j].(map[string]interface{})["id"].(string)
+	})
+
 	tflog.Debug(ctx, fmt.Sprintf("flattenCloudAccounts output: %s", utils.PrettyPrint(output)))
 
 	return output
@@ -396,6 +409,11 @@ func flattenProjectIDs(ctx context.Context, projects *[]*vendor.Project) []inter
 		output = append(output, b.ID)
 	}
 
+	// sort the return slice to avoid unwanted diffs
+	sort.Slice(output, func(i, j int) bool {
+		return output[i].(string) < output[j].(string)
+	})
+
 	tflog.Debug(ctx, fmt.Sprintf("flattenProjectIDs output: %s", utils.PrettyPrint(output)))
 
 	return output
@@ -412,6 +430,11 @@ func flattenSourceConnectorIDs(ctx context.Context, connectors *[]vendor.Connect
 		output = append(output, b.ID)
 	}
 
+	// sort the return slice to avoid unwanted diffs
+	sort.Slice(output, func(i, j int) bool {
+		return output[i].(string) < output[j].(string)
+	})
+
 	tflog.Debug(ctx, fmt.Sprintf("flattenSourceConnectorIDs output: %s", utils.PrettyPrint(output)))
 
 	return output

internal/provider/data_source_cloud_accounts_test.go

@@ -18,8 +18,8 @@ func TestFlattenCloudAccounts(t *testing.T) {
 			"cloud_provider": "0767b7a3-d540-4b9c-8afd-a018aa7da0fb",
 			"status":         "9b6e7ae9-e0f6-4748-8171-a6b7a8f385ec",
 			"linked_project_ids": []interface{}{
-				"55e9138d-e48f-4155-a2ac-364eb00005db",
 				"3d9ef88a-84f9-4a84-9a67-e5cdd28ad35f",
+				"55e9138d-e48f-4155-a2ac-364eb00005db",
 			},
 			"source_connector_ids": []interface{}{
 				"7ac2f620-3882-4c35-91f0-7631eef430c6",
@@ -68,8 +68,8 @@ func TestFlattenCloudAccounts(t *testing.T) {
 func TestFlattenProjectIDs(t *testing.T) {
 	ctx := context.Background()
 	expected := []interface{}{
-		"b0a03462-697e-4ef8-af52-0e8122c6eb7f",
 		"225697ef-8d21-42e1-8195-46d29b285ee6",
+		"b0a03462-697e-4ef8-af52-0e8122c6eb7f",
 		"d24f22fb-088d-4586-ba8a-9524260f7427",
 	}
 
@@ -99,9 +99,9 @@ func TestFlattenProjectIDs(t *testing.T) {
 func TestFlattenSourceConnectorIDs(t *testing.T) {
 	ctx := context.Background()
 	expected := []interface{}{
-		"d84b87ad-a38f-4ff1-9ee3-761521fbbaab",
-		"796def2c-70c6-4dc6-85a1-991616a98f4a",
 		"317d6352-69e0-47e0-a280-76dd3e2e9659",
+		"796def2c-70c6-4dc6-85a1-991616a98f4a",
+		"d84b87ad-a38f-4ff1-9ee3-761521fbbaab",
 	}
 
 	var connectors = &[]vendor.Connector{