feat(zone): add Zone resource for Secure (#609)

* add Zone resource for Secure

* remove ZoneWrapper | change Scopes schema

* fix acceptance test

* add documentation

* convert `last_updated` to date (string) from timestamp

* upgrade actions/cache v2 -> v4

* fix acc test

* add Importer to resource schema

* refactor: rename method

* refactor: rename variables

* make `scopes` required in terraform config and add `id` field to `scope`

* simplify zone TF schema: remove `scopes` field

* add all computed fields to documentation

* set scopes properly when updating the state

Author: vojindj

sysdig/internal/client/v2/client.go

@@ -60,6 +60,7 @@ type SecureCommon interface {
 	PostureControlInterface
 	PostureAcceptRiskInterface
 	PostureVulnerabilityAcceptRiskInterface
+	ZoneInterface
 }
 
 type Requester interface {

sysdig/internal/client/v2/client_test.go

@@ -57,7 +57,6 @@ func TestUnmarshal(t *testing.T) {
 }
 
 func TestClient_ErrorFromResponse_non_json(t *testing.T) {
-
 	givenPayload := "non json body"
 	expected := "401 Unauthorized"
 	c := Client{}
@@ -111,7 +110,6 @@ func TestClient_ErrorFromResponse_standard_error_format(t *testing.T) {
 }
 
 func TestClient_ErrorFromResponse_standard_error_format_2(t *testing.T) {
-
 	givenPayload := `
 	{
 		"timestamp" : 1715255725613,

sysdig/internal/client/v2/model.go

@@ -1223,3 +1223,31 @@ type AgentAccessKeyWriteWrapper struct {
 type OrganizationSecure struct {
 	cloudauth.CloudOrganization
 }
+
+type ZonesWrapper struct {
+	Zones []Zone `json:"zones"`
+}
+
+type ZoneRequest struct {
+	ID          int         `json:"id,omitempty"`
+	Name        string      `json:"name"`
+	Description string      `json:"description,omitempty"`
+	Scopes      []ZoneScope `json:"scopes"`
+}
+
+type Zone struct {
+	ID             int         `json:"id"`
+	Name           string      `json:"name"`
+	Description    string      `json:"description,omitempty"`
+	Author         string      `json:"author"`
+	LastModifiedBy string      `json:"lastModifiedBy,omitempty"`
+	LastUpdated    int64       `json:"lastUpdated,omitempty"`
+	IsSystem       bool        `json:"isSystem"`
+	Scopes         []ZoneScope `json:"scopes"`
+}
+
+type ZoneScope struct {
+	ID         int    `json:"id,omitempty"`
+	TargetType string `json:"targetType"`
+	Rules      string `json:"rules"`
+}

sysdig/internal/client/v2/posture_zones.go

@@ -7,8 +7,8 @@ import (
 )
 
 const (
-	ZonesPath = "%s/api/cspm/v1/policy/zones"
-	ZonePath  = "%s/api/cspm/v1/policy/zones/%d"
+	PostureZonesPath = "%s/api/cspm/v1/policy/zones"
+	PostureZonePath  = "%s/api/cspm/v1/policy/zones/%d"
 )
 
 type PostureZoneInterface interface {
@@ -28,7 +28,7 @@ func (client *Client) CreateOrUpdatePostureZone(ctx context.Context, r *PostureZ
 		return nil, "", err
 	}
 
-	response, err := client.requester.Request(ctx, http.MethodPost, client.createZoneURL(), payload)
+	response, err := client.requester.Request(ctx, http.MethodPost, client.createPostureZoneURL(), payload)
 	if err != nil {
 		return nil, "", err
 	}
@@ -48,7 +48,7 @@ func (client *Client) CreateOrUpdatePostureZone(ctx context.Context, r *PostureZ
 }
 
 func (client *Client) GetPostureZone(ctx context.Context, id int) (*PostureZone, error) {
-	response, err := client.requester.Request(ctx, http.MethodGet, client.getZoneURL(id), nil)
+	response, err := client.requester.Request(ctx, http.MethodGet, client.getPostureZoneURL(id), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -63,7 +63,7 @@ func (client *Client) GetPostureZone(ctx context.Context, id int) (*PostureZone,
 }
 
 func (client *Client) DeletePostureZone(ctx context.Context, id int) error {
-	response, err := client.requester.Request(ctx, http.MethodDelete, client.getZoneURL(id), nil)
+	response, err := client.requester.Request(ctx, http.MethodDelete, client.getPostureZoneURL(id), nil)
 	if err != nil {
 		return err
 	}
@@ -76,10 +76,10 @@ func (client *Client) DeletePostureZone(ctx context.Context, id int) error {
 	return nil
 }
 
-func (client *Client) createZoneURL() string {
-	return fmt.Sprintf(ZonesPath, client.config.url)
+func (client *Client) createPostureZoneURL() string {
+	return fmt.Sprintf(PostureZonesPath, client.config.url)
 }
 
-func (client *Client) getZoneURL(id int) string {
-	return fmt.Sprintf(ZonePath, client.config.url, id)
+func (client *Client) getPostureZoneURL(id int) string {
+	return fmt.Sprintf(PostureZonePath, client.config.url, id)
 }

sysdig/internal/client/v2/zones.go

@@ -0,0 +1,121 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+const (
+	PlatformZonesPath = "%s/platform/v1/zones"
+	PlatformZonePath  = "%s/platform/v1/zones/%d"
+)
+
+type ZoneInterface interface {
+	Base
+	GetZones(ctx context.Context) ([]Zone, error)
+	GetZoneById(ctx context.Context, id int) (*Zone, error)
+	CreateZone(ctx context.Context, zone *ZoneRequest) (*Zone, error)
+	UpdateZone(ctx context.Context, zone *ZoneRequest) (*Zone, error)
+	DeleteZone(ctx context.Context, id int) error
+}
+
+func (client *Client) GetZones(ctx context.Context) ([]Zone, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, client.getZonesURL(), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	wrapper, err := Unmarshal[ZonesWrapper](response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return wrapper.Zones, nil
+}
+
+func (client *Client) GetZoneById(ctx context.Context, id int) (*Zone, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, client.getZoneURL(id), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	zone, err := Unmarshal[Zone](response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return &zone, nil
+}
+
+func (client *Client) CreateZone(ctx context.Context, zone *ZoneRequest) (*Zone, error) {
+	payload, err := Marshal(zone)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := client.requester.Request(ctx, http.MethodPost, client.getZonesURL(), payload)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		return nil, client.ErrorFromResponse(response)
+	}
+
+	createdZone, err := Unmarshal[Zone](response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return &createdZone, nil
+}
+
+func (client *Client) UpdateZone(ctx context.Context, zone *ZoneRequest) (*Zone, error) {
+	payload, err := Marshal(zone)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := client.requester.Request(ctx, http.MethodPut, client.getZoneURL(zone.ID), payload)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		return nil, client.ErrorFromResponse(response)
+	}
+
+	updatedZone, err := Unmarshal[Zone](response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return &updatedZone, nil
+}
+
+func (client *Client) DeleteZone(ctx context.Context, id int) error {
+	response, err := client.requester.Request(ctx, http.MethodDelete, client.getZoneURL(id), nil)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK && response.StatusCode != http.StatusNotFound {
+		return client.ErrorFromResponse(response)
+	}
+
+	return nil
+}
+
+func (client *Client) getZonesURL() string {
+	return fmt.Sprintf(PlatformZonesPath, client.config.url)
+}
+
+func (client *Client) getZoneURL(id int) string {
+	return fmt.Sprintf(PlatformZonePath, client.config.url, id)
+}

sysdig/provider.go

@@ -199,6 +199,7 @@ func (p *SysdigProvider) Provider() *schema.Provider {
 			"sysdig_secure_posture_control":                                resourceSysdigSecurePostureControl(),
 			"sysdig_secure_posture_accept_risk":                            resourceSysdigSecureAcceptPostureRisk(),
 			"sysdig_secure_vulnerability_accept_risk":                      resourceSysdigSecureVulnerabilityAcceptRisk(),
+			"sysdig_secure_zone":                                           resourceSysdigSecureZone(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_agentless_scanning_assets":                     dataSourceSysdigSecureAgentlessScanningAssets(),