feat(monitor): ADD new aws monitor provider parameters (#552)

* ADD new aws monitor provider parameters
sysdiglabs · Sep 10, 2024 · de61a83 · de61a83
1 parent 779e9c0
commit de61a83
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 8 deletions.
diff --git a/sysdig/internal/client/v2/model.go b/sysdig/internal/client/v2/model.go
@@ -925,7 +925,10 @@ type alertV2ChangeWrapper struct {
 }
 
 type CloudAccountCredentialsMonitor struct {
-	AccountId string `json:"accountId"`
+	AccountId   string `json:"accountId"`
+	RoleName    string `json:"roleName"`
+	SecretKey   string `json:"key"`
+	AccessKeyId string `json:"id"`
 }
 
 type CloudAccountMonitor struct {

diff --git a/sysdig/resource_sysdig_monitor_cloud_account.go b/sysdig/resource_sysdig_monitor_cloud_account.go
@@ -37,13 +37,29 @@ func resourceSysdigMonitorCloudAccount() *schema.Resource {
 				Required: true,
 			},
 			"account_id": {
-				Type:     schema.TypeString,
-				Required: true,
+				Type:      schema.TypeString,
+				Required:  true,
+				Sensitive: true,
 			},
-			"additional_options": {
+			"role_name": {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"secret_key": {
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+			},
+			"access_key_id": {
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+			},
+			"additional_options": {
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+			},
 		},
 	}
 }
@@ -140,7 +156,10 @@ func monitorCloudAccountFromResourceData(data *schema.ResourceData) v2.CloudAcco
 		IntegrationType:   data.Get("integration_type").(string),
 		AdditionalOptions: data.Get("additional_options").(string),
 		Credentials: v2.CloudAccountCredentialsMonitor{
-			AccountId: data.Get("account_id").(string),
+			AccountId:   data.Get("account_id").(string),
+			RoleName:    data.Get("role_name").(string),
+			SecretKey:   data.Get("secret_key").(string),
+			AccessKeyId: data.Get("access_key_id").(string),
 		},
 	}
 }
@@ -166,5 +185,20 @@ func monitorCloudAccountToResourceData(data *schema.ResourceData, cloudAccount *
 		return err
 	}
 
+	err = data.Set("role_name", cloudAccount.Credentials.RoleName)
+	if err != nil {
+		return err
+	}
+
+	err = data.Set("secret_key", cloudAccount.Credentials.SecretKey)
+	if err != nil {
+		return err
+	}
+
+	err = data.Set("access_key_id", cloudAccount.Credentials.AccessKeyId)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
diff --git a/website/docs/r/monitor_cloud_account.md b/website/docs/r/monitor_cloud_account.md
@@ -15,18 +15,39 @@ Creates a Sysdig Monitor Cloud Account for monitoring cloud resources.
 ## Example Usage
 
 ```terraform
+// GCP example
 resource "sysdig_monitor_cloud_account" "sample" {
   cloud_provider = "GCP"
   integration_type = "API"
   account_id = "gcp_project_id"
 }
+
+// AWS example with role delegation
+resource "sysdig_monitor_cloud_account" "sample" {
+  cloud_provider = "AWS"
+  integration_type = "Metrics Streams"
+  account_id = "123412341234"
+  role_name = "SysdigTestRole"
+}
+
+// AWS example with secret key
+resource "sysdig_monitor_cloud_account" "sample" {
+  cloud_provider = "AWS"
+  integration_type = "Metrics Streams"
+  account_id = "123412341234"
+  secret_key = "Xxx5XX2xXx/Xxxx+xxXxXXxXxXxxXXxxxXXxXxXx"
+  access_key_id = "XXXXX33XXXX3XX3XXX7X"
+}
 ```
 
 ## Argument Reference
 
-* `cloud_provider` - (Required) Cloud platform that will be monitored. Only `GCP` is currently supported.
-* `integration_type` - (Required) Type of cloud integration. Only `API` is currently supported.
-* `account_id` - (Required) The GCP project id for the project that will be monitored.
+* `cloud_provider` - (Required) Cloud platform that will be monitored. Only `GCP` and `AWS` are currently supported.
+* `integration_type` - (Required) Type of cloud integration. Only `API` and `Metrics Streams` are currently supported (`Metrics Streams` only for `AWS`).
+* `account_id` - (Required for GCP) The GCP project id for the project that will be monitored . (Optional For AWS) This identified the target Account ID. If provided, a role_name must be set.
+* `role_name` - (Optional) The role name used for delegation over the customer resources towards the Sysdig AWS account. Only for AWS when the authentication mode is role delegation instead of secret key.
+* `secret_key` - (Optional) The the secret key for a AWS connection. It must be provided along `access_key_id` when this auth mode is used.
+* `access_key_id` - (Optional) The ID for the access key that has the permissions into the Cloud Account. It must be provided along `secret_key` when this auth mode is used.
 * `additional_options` - (Optional) The private key generated when creating a new GCP service account key. Must be in JSON format and base64 encoded.
 
 ## Attributes Reference