feat(secmaster): add datasource to get list of playbook review result (#7103)

Author: ruwenqiang123

docs/data-sources/secmaster_playbook_approvals.md

@@ -0,0 +1,73 @@
+---
+subcategory: "SecMaster"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_secmaster_playbook_approvals"
+description: |-
+  Use this data source to get the list of SecMaster playbook review results.
+---
+
+# huaweicloud_secmaster_playbook_approvals
+
+Use this data source to get the list of SecMaster playbook review results.
+
+## Example Usage
+
+```hcl
+variable "workspace_id" {}
+variable "resource_id" {}
+variable "approve_type" {}
+
+data "huaweicloud_secmaster_playbook_approvals" "test" {
+  workspace_id = var.workspace_id
+  resource_id  = var.resource_id
+  approve_type = var.approve_type
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String) Specifies the region in which to query the resource.
+  If omitted, the provider-level region will be used.
+
+* `workspace_id` - (Required, String) Specifies the workspace ID.
+
+* `resource_id` - (Required, String) Specifies the resource ID.
+
+* `approve_type` - (Required, String) Specifies the review type.
+  The valid values are as follows:
+  + **PLAYBOOK**: Indicates playbook.
+  + **AOP_WORKFLOW**: Indicates workflow.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The data source ID.
+
+* `data` - The list of playbook review result.
+
+  The [data](#data_struct) structure is documented below.
+
+<a name="data_struct"></a>
+The `data` block supports:
+
+* `id` - The approval ID.
+
+* `result` - The review result.
+  The valid values are as follows:
+  + **PASS**: Indicates review pass.
+  + **UN_PASS**: Indicates review not pass.
+
+* `content` - The review content.
+
+* `type` - The resource type.
+
+* `resource_id` - The resource ID.
+
+* `user_id` - The reviewer ID.
+
+* `create_time` - The creation time of the playbook review.
+
+* `update_time` - The update time of the playbook review.

huaweicloud/provider.go

@@ -1341,6 +1341,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_secmaster_playbook_statistics":       secmaster.DataSourceSecmasterPlaybookStatistics(),
 			"huaweicloud_secmaster_playbook_audit_logs":       secmaster.DataSourceSecmasterPlaybookAuditLogs(),
 			"huaweicloud_secmaster_playbook_monitors":         secmaster.DataSourceSecmasterPlaybookMonitors(),
+			"huaweicloud_secmaster_playbook_approvals":        secmaster.DataSourcePlaybookApprovals(),
 			"huaweicloud_secmaster_alert_rule_metrics":        secmaster.DataSourceSecmasterAlertRuleMetrics(),
 
 			// Querying by Ver.2 APIs

huaweicloud/services/acceptance/acceptance.go

@@ -422,6 +422,9 @@ var (
 	// The flag of whether to create a SecMaster workspace
 	HW_SECMASTER_WORKSPACE = os.Getenv("HW_SECMASTER_WORKSPACE")
 
+	// The SecMaster playbook version ID
+	HW_SECMASTER_VERSION_ID = os.Getenv("HW_SECMASTER_VERSION_ID")
+
 	HW_MODELARTS_HAS_SUBSCRIBE_MODEL = os.Getenv("HW_MODELARTS_HAS_SUBSCRIBE_MODEL")
 	HW_MODELARTS_USER_LOGIN_PASSWORD = os.Getenv("HW_MODELARTS_USER_LOGIN_PASSWORD")
 	HW_MODELARTS_DEVSERVER_FLAVOR    = os.Getenv("HW_MODELARTS_DEVSERVER_FLAVOR")
@@ -2238,6 +2241,13 @@ func TestAccPreCheckSecMaster(t *testing.T) {
 	}
 }
 
+// lintignore:AT003
+func TestAccPreCheckSecMasterVersionId(t *testing.T) {
+	if HW_SECMASTER_VERSION_ID == "" {
+		t.Skip("HW_SECMASTER_VERSION_ID must be set for SecMaster acceptance tests")
+	}
+}
+
 // lintignore:AT003
 func TestAccPreCheckCcePartitionAz(t *testing.T) {
 	if HW_CCE_PARTITION_AZ == "" || HW_CCE_PARTITION_GROUP == "" {

huaweicloud/services/acceptance/secmaster/data_source_huaweicloud_secmaster_playbook_approvals_test.go

@@ -0,0 +1,53 @@
+package secmaster
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccDataSourcePlaybookApprovals_basic(t *testing.T) {
+	var (
+		dataSource = "data.huaweicloud_secmaster_playbook_approvals.test"
+		dc         = acceptance.InitDataSourceCheck(dataSource)
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckSecMasterWorkspaceID(t)
+			acceptance.TestAccPreCheckSecMasterVersionId(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testDataSourcePlaybookApprovals_basic(),
+				Check: resource.ComposeTestCheckFunc(
+					dc.CheckResourceExists(),
+					resource.TestCheckResourceAttrSet(dataSource, "data.#"),
+					resource.TestCheckResourceAttrSet(dataSource, "data.0.id"),
+					resource.TestCheckResourceAttrSet(dataSource, "data.0.result"),
+					resource.TestCheckResourceAttrSet(dataSource, "data.0.content"),
+					resource.TestCheckResourceAttrSet(dataSource, "data.0.type"),
+					resource.TestCheckResourceAttrSet(dataSource, "data.0.resource_id"),
+					resource.TestCheckResourceAttrSet(dataSource, "data.0.user_id"),
+					resource.TestCheckResourceAttrSet(dataSource, "data.0.create_time"),
+					resource.TestCheckResourceAttrSet(dataSource, "data.0.update_time"),
+				),
+			},
+		},
+	})
+}
+
+func testDataSourcePlaybookApprovals_basic() string {
+	return fmt.Sprintf(`
+data "huaweicloud_secmaster_playbook_approvals" "test" {
+  workspace_id  = "%[1]s"
+  resource_id   = "%[2]s"
+  approve_type  = "PLAYBOOK"
+}
+`, acceptance.HW_SECMASTER_WORKSPACE_ID, acceptance.HW_SECMASTER_VERSION_ID)
+}

huaweicloud/services/secmaster/data_source_huaweicloud_secmaster_playbook_approvals.go

@@ -0,0 +1,157 @@
+package secmaster
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/go-multierror"
+	"github.com/hashicorp/go-uuid"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/chnsz/golangsdk"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils"
+)
+
+// @API Secmaster GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/approval
+func DataSourcePlaybookApprovals() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourcePlaybookApprovalsRead,
+
+		Schema: map[string]*schema.Schema{
+			"region": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"workspace_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"resource_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"approve_type": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"data": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"result": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"content": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"type": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"resource_id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"user_id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"create_time": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"update_time": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourcePlaybookApprovalsRead(_ context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var (
+		cfg     = meta.(*config.Config)
+		region  = cfg.GetRegion(d)
+		httpUrl = "v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/approval"
+	)
+
+	client, err := cfg.NewServiceClient("secmaster", region)
+	if err != nil {
+		return diag.Errorf("error creating SecMaster client: %s", err)
+	}
+
+	listPath := client.Endpoint + httpUrl
+	listPath = strings.ReplaceAll(listPath, "{project_id}", client.ProjectID)
+	listPath = strings.ReplaceAll(listPath, "{workspace_id}", d.Get("workspace_id").(string))
+	listPath = fmt.Sprintf("%s?resource_id=%s&approve_type=%s", listPath, d.Get("resource_id").(string), d.Get("approve_type").(string))
+
+	listOpt := golangsdk.RequestOpts{
+		KeepResponseBody: true,
+		MoreHeaders: map[string]string{
+			"Content-Type": "application/json",
+		},
+	}
+
+	listResp, err := client.Request("GET", listPath, &listOpt)
+	if err != nil {
+		return diag.Errorf("error retrieving playbook version approval: %s", err)
+	}
+
+	listRespBody, err := utils.FlattenResponse(listResp)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	dataList := utils.PathSearch("data", listRespBody, make([]interface{}, 0)).([]interface{})
+
+	dataSourceId, err := uuid.GenerateUUID()
+	if err != nil {
+		return diag.Errorf("unable to generate ID: %s", err)
+	}
+
+	d.SetId(dataSourceId)
+
+	mErr := multierror.Append(nil,
+		d.Set("region", region),
+		d.Set("data", flattenPlaybookApprovals(dataList)),
+	)
+
+	return diag.FromErr(mErr.ErrorOrNil())
+}
+
+func flattenPlaybookApprovals(playbookApprovals []interface{}) []interface{} {
+	if len(playbookApprovals) == 0 {
+		return nil
+	}
+
+	rst := make([]interface{}, 0, len(playbookApprovals))
+	for _, v := range playbookApprovals {
+		rst = append(rst, map[string]interface{}{
+			"id":          utils.PathSearch("id", v, nil),
+			"result":      utils.PathSearch("result", v, nil),
+			"content":     utils.PathSearch("content", v, nil),
+			"type":        utils.PathSearch("type", v, nil),
+			"resource_id": utils.PathSearch("resource_id", v, nil),
+			"user_id":     utils.PathSearch("user_id", v, nil),
+			"create_time": utils.PathSearch("create_time", v, nil),
+			"update_time": utils.PathSearch("update_time", v, nil),
+		})
+	}
+
+	return rst
+}