feat (CIS) - Managed Rulesets - Do Not merge (#5238)

* feat (CIS) - Managed Rulesets * added other data sources * corrected name * updated as per schema * reverted change * added override fields * added entrypoint and version * added resource structure * corrected file name * added test files * add data file for ruleset tag * add resource file for ruleset version * add resource file for rulesets * add resource file for entrypoint ruleset * add resource test files * updated GO SDK version * updated rulesets ref * updated rulesets EP version * made fixes * updated account to instance * updated data source * add documentation for ruleset and ruleset version data source * added individual ruleset * add documentation for data and resource file * updated data sources * modify documentation for data and resource file * added fixes to documentation * added import section * incorporate review changes in documentation * add detach in ruleset version documentation * add detach option for delete ruleset version * add rules info in data file documentation * updated resource files * updated file names * updated function names * corrected validator name * incorporate review changes * corrected test files * updated docs --------- Co-authored-by: Arpit Srivastava <arpit-mac@Arpits-MacBook-Pro-6.local> Co-authored-by: Arjun Chauhan <arjun.chauhan@ibm.com> Co-authored-by: arjunchauhanibm <157371067+arjunchauhanibm@users.noreply.github.com>
IBM-Cloud · May 14, 2024 · 9c34be4 · 9c34be4
1 parent 3d868ae
commit 9c34be4
Show file tree

Hide file tree

Showing 29 changed files with 3,893 additions and 72 deletions.
diff --git a/examples/ibm-cis/main.tf b/examples/ibm-cis/main.tf
@@ -640,3 +640,176 @@ resource "ibm_cis_origin_auth" "test" {
   enabled                   = true
   level                     = "hostname"
 }
+
+# CIS ruleset data source
+data "ibm_cis_rulesets" "tests" {
+    cis_id    = ibm_cis.instance.id
+    domain_id = data.ibm_cis_domain.cis_domain.domain_id
+    ruleset_id = data.ibm_cis_ruleset.cis_ruleset.ruleset_id
+}
+
+# CIS ruleset version data source
+data "ibm_cis_ruleset_versions" "tests" {
+    cis_id    = ibm_cis.instance.id
+    domain_id = data.ibm_cis_domain.cis_domain.domain_id
+    ruleset_id = data.ibm_cis_ruleset.cis_ruleset.ruleset_id
+    version = data.ibm_cis_ruleset.cis_ruleset.version
+}
+
+# CIS entry point version data source
+data "ibm_cis_ruleset_entrypoint_versions" "test"{
+    cis_id    = ibm_cis.instance.id
+    domain_id= data.ibm_cis_domain.cis_domain.domain_id
+    phase = "http_request_firewall_managed"
+    version = "2"
+    list_all = false
+} 
+
+# CIS ruleset rules by tag data source
+data "ibm_cis_ruleset_rules_by_tag" "test"{
+    cis_id    = ibm_cis.instance.id
+    ruleset_id = "dcdec3fe0cbe41edac08619503da8de5"
+    version = "2"
+    rulesets_rule_tag = "wordpress"
+}  
+
+# Update ruleset
+resource "ibm_cis_ruleset" "tests" {
+    cis_id    = ibm_cis.instance.id
+    domain_id = data.ibm_cis_domain.cis_domain.domain_id
+    ruleset_id = "dcdec3fe0cbe41edac08619503da8de5"
+    rulesets {
+      description = "Entry Point Ruleset"
+      rules {
+      {
+        action =  "execute"
+        action_parameters  {
+          id : var.to_be_deployed_ruleset.id
+          overrides  {
+            action = "log"
+            enabled = true
+            rules {
+              {
+                id = var.overriden_rule.id
+                enabled = true
+                action = "log"
+              }
+            }
+            categories {
+              {
+                category = "wordpress"
+                enabled = true
+                action = "log"
+              }
+            }
+          }
+        }
+        description = var.rule.description
+        enabled = true
+        expression = "ip.src ne 1.1.1.1"
+        ref = var.reference_rule.id
+        position  {
+          index = 1
+          after = var.after_rule.id
+          before = var.before_rule.id
+        }
+      }
+    }
+  }
+}
+
+# Update ruleset entry point 
+resource "ibm_cis_ruleset_entrypoint_version" "tests" {
+    cis_id    = ibm_cis.instance.id
+    domain_id = data.ibm_cis_domain.cis_domain.domain_id
+    phase = "http_request_firewall_managed"
+    rulesets {
+
+      description = "Entry Point ruleset"
+      rules {
+      {
+        action =  "execute"
+        action_parameters  {
+          id : var.to_be_deployed_ruleset.id
+          overrides  {
+            action = "log"
+            enabled = true
+            rules {
+              {
+                id = var.overriden_rule.id
+                enabled = true
+                action = "log"
+              }
+            }
+            categories {
+              {
+                category = "wordpress"
+                enabled = true
+                action = "log"
+              }
+            }
+          }
+        }
+        description = var.rule.description
+        enabled = true
+        expression = "ip.src ne 1.1.1.1"
+        ref = var.reference_rule.id
+        position  {
+          index = 1
+          after = var.after_rule.id
+          before = var.before_rule.id
+        }
+      }
+    }
+  }
+}
+
+# Update ruleset rule
+resource "ibm_cis_ruleset_rule" "tests" {
+    cis_id    = ibm_cis.instance.id
+    domain_id = data.ibm_cis_domain.cis_domain.domain_id
+    ruleset_id = "dcdec3fe0cbe41edac08619503da8de5"
+    rules {
+    {
+      action =  "execute"
+      action_parameters  {
+        id : var.to_be_deployed_ruleset.id
+        overrides  {
+          action = "log"
+          enabled = true
+          rules {
+            {
+              id = var.overriden_rule.id
+              enabled = true
+              action = "log"
+            }
+          }
+          categories {
+            {
+              category = "wordpress"
+              enabled = true
+              action = "log"
+            }
+          }
+        }
+      }
+      description = var.rule.description
+      enabled = true
+      expression = "ip.src ne 1.1.1.1"
+      ref = var.reference_rule.id
+      position  {
+        index = 1
+        after = <id of any existing rule>
+        before = <id of any existing rule>
+      }
+    }
+  }
+}
+
+# Detach ruleset version
+resource "ibm_cis_ruleset_version_detach" "tests" {
+    cis_id    = ibm_cis.instance.id
+    domain_id = data.ibm_cis_domain.cis_domain.domain_id
+    ruleset_id = "<id of the ruleset>"
+    version = "<ruleset version>"
+}
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/IBM-Cloud/terraform-provider-ibm
 
-go 1.19
+go 1.22.2
 
 require (
 	github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240216115622-a311507b4b5b
@@ -22,8 +22,8 @@ require (
 	github.com/IBM/ibm-hpcs-tke-sdk v0.0.0-20211109141421-a4b61b05f7d1
 	github.com/IBM/ibm-hpcs-uko-sdk v0.0.20-beta
 	github.com/IBM/keyprotect-go-client v0.12.2
+	github.com/IBM/networking-go-sdk v0.46.1
 	github.com/IBM/logs-go-sdk v0.1.1
-	github.com/IBM/networking-go-sdk v0.45.0
 	github.com/IBM/platform-services-go-sdk v0.62.11
 	github.com/IBM/project-go-sdk v0.3.0
 	github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5