sysdiglabs · tembleking · Oct 6, 2025 · Sep 17, 2025 · Sep 17, 2025 · Sep 17, 2025
@@ -64,7 +64,7 @@ fmtcheck:
 	@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'"
 
 lint:
-	golangci-lint run --timeout 1h ./...
+	golangci-lint run --build-tags "$(TEST_SUITE)" --timeout 1h ./...
 
 errcheck:
 	@sh -c "'$(CURDIR)/scripts/errcheck.sh'"

@@ -21,13 +21,12 @@
 
 ## Requirements
 
-- [Terraform](https://www.terraform.io/downloads.html) > 0.12.x
+- [Terraform](https://www.terraform.io/downloads.html) >= 1.0 is recommended (the provider supports > 0.12.x)
 - [Go](https://golang.org/doc/install) > Go version specified in [go.mod](./go.mod#L3)
-  - Correctly setup a [GOPATH](http://golang.org/doc/code.html#GOPATH), as well as adding `$GOPATH/bin` to your `$PATH`.
 
 ## Develop
 
-First **clone** source repository to: `$GOPATH/src/github.com/draios/terraform-provider-sysdig`
+First **clone** the source repository:
 
 ```sh
 $ git clone [email protected]:draios/terraform-provider-sysdig
@@ -47,7 +46,7 @@ TL;DR;
 
 ## Compile
 
-To **compile** the provider, run `make build`. This will build the provider and put the provider binary in the `$GOPATH/bin` directory.
+To **compile** the provider, run `make build`. This will build the provider and put the provider binary in the `$(go env GOPATH)/bin` directory, which should be in your `PATH`.
 
 ```sh
 $ make build
@@ -82,7 +81,7 @@ terraform {
   required_providers {
     sysdig = {
       source = "local/sysdiglabs/sysdig"
-      version = "~> 1.0.0"
+      version = "~> 2.0.0"
     }
   }
 }

@@ -1,269 +1,3 @@
-
-> ⚠️ content deprecated, use https://docs.sysdig.com/en/docs/developer-tools/terraform-provider/
-
-# Terraform Provider for Sysdig
-
-## Introduction
-
-### What is Terraform
-
-[Terraform](https://www.terraform.io/) is a tool for building, changing, and versioning infrastructure safely and efficiently. 
-Terraform can manage existing and popular service providers as well as custom in-house solutions.
-
-Configuration files describe to Terraform the components needed to run a single application or 
-your entire datacenter. Terraform generates an execution plan describing what it will do to reach the 
-desired state, and then executes it to build the described infrastructure or configuration.
-
-As the configuration changes, Terraform is able to determine what changed and create incremental execution 
-plans which can be applied.
-
-### Terraform Provider for Sysdig
-
-The Terraform Provider for Sysdig allows you to manage your configuration in Sysdig Secure 
-and Sysdig Monitor as code, allowing you to synchronize your declarative configuration with
-the configuration at the Platform.
-
-You can instrument several use cases like:
-- Backup/restore
-- Disaster recovery
-- Configuration version management
-
-## Installation
-
-To use the provider, first you need to install Terraform, which is the main executable that
-interacts with the provider.
-
-Download the Terraform executable for your OS/Architecture from 
-here: [https://www.terraform.io/downloads.html](https://www.terraform.io/downloads.html)
-
-
-### Terraform v0.13+
-
-As of Terraform 0.13, the new block `required_providers` was added,
-making it easier to use community providers, since they are automatically
-downloaded from the Terraform Registry.
-
-You can tell Terraform to download and use `sysdiglabs/sysdig` as the `sysdig`
-provider by defining this block in one of your .tf files. 
-
-```hcl
-terraform {
-  required_providers {
-    sysdig = {
-      source  = "sysdiglabs/sysdig"
-      version = ">= 0.4.0"
-    }
-  }
-}
-```
-
-### Terraform v0.12
-
-In older Terraform versions, you need to download the 
-[latest version of the Terraform Provider for Sysdig](https://github.com/sysdiglabs/terraform-provider-sysdig/releases/latest)
-for your OS/Architecture, extract it and move the executable under `$HOME/.terraform.d/plugins` (you need to create
-this directory if it does not exist yet) as this link suggests: 
-[https://www.terraform.io/docs/configuration/providers.html#third-party-plugins](https://www.terraform.io/docs/configuration/providers.html#third-party-plugins) .
-
-## Usage example
-
-Terraform will use the Sysdig provider when you specify a [resource](https://www.terraform.io/docs/configuration/resources.html)
-or [data source](https://www.terraform.io/docs/configuration/data-sources.html) with a name starting with `sysdig_*` (i.e.: `sysdig_user`)
-
-But in order to actually create valid requests to the API and create/update/remove those resources,
-you need to specify a correct API token for the product.
-
-You can do so in 2 ways:
-1. Using environment variables
-2. Using a tfvars file.
-
-### Configure the provider: Using env vars
-
-You can configure the following environment variables to specify the API token:
-- `SYSDIG_SECURE_API_TOKEN`
-- `SYSDIG_MONITOR_API_TOKEN`
-
-For example:
-
-```sh
-$ export SYSDIG_SECURE_API_TOKEN=323232323-3232-3232-32323232
-$ export SYSDIG_MONITOR_API_TOKEN=343434343-3434-3434-34343434
-```
-
-Once you execute Terraform and apply the manifests, that env vars will be used to configure
-the provider and create API calls.
-
-### Configure the provider: Using a tfvars file
-
-To use a [tfvars file](https://www.terraform.io/docs/configuration/variables.html#variable-definitions-tfvars-files)
-you need to first create it, and specify the API tokens as [variables](https://www.terraform.io/docs/configuration/variables.html), for example:
-
-```
-# File: terraform.tfvars
-
-secure_token = "323232323-3232-3232-32323232"
-monitor_token = "343434343-3434-3434-34343434"
-```
-
-Then, you can reference it in the [provider configuration block](https://www.terraform.io/docs/configuration/providers.html#provider-configuration):
-
-```hcl
-provider "sysdig" {
-  sysdig_monitor_api_token = var.monitor_token
-  sysdig_secure_api_token  = var.secure_token
-}
-```
-
-### Creating resources with Terraform
-
-This is an example to create a pair of rules able to detect SSH connections and 
-shells spawned in containers.
-
-Start by defining a couple of rules in the `rules.tf` file. One rule will detect inbound and outbound connections 
-made to the port 22, and the other will detect a shell process being spawned.
-
-For more information about the configuration blocks, see: [https://www.terraform.io/docs/configuration/syntax.html](https://www.terraform.io/docs/configuration/syntax.html)
-
-```hcl
-resource "sysdig_secure_rule_network" "disallowed_ssh_connection" {
-  name           = "Disallowed SSH Connection detected"
-  description    = "Detect any new ssh connection to a host"
-  tags           = ["network"]
-
-  block_inbound  = true
-  block_outbound = true
-
-  tcp {
-    matching     = true
-    ports        = [22]
-  }
-}
-
-resource "sysdig_secure_rule_process" "terminal_shell" {
-  name        = "Terminal shell detected"
-  description = "A shell was used as the entrypoint/exec point"
-  tags        = ["shell"]
-
-  processes   = ["ash", "bash", "csh", "ksh", "sh", "tcsh", "zsh", "dash"]
-}
-``` 
-
-Now create a policy in a file called `policy.tf` to define how these rules 
-are applied. The policy will stop the affected container and trigger a capture for 
-further troubleshooting. 
-
-```hcl
-resource "sysdig_secure_policy" "terminal_shell_or_ssh_in_container" {
-  name        = "Terminal shell or SSH detected in container"
-  description = "Detects a terminal shell or a ssh spawned in a container"
-  enabled     = true
-  severity    = 0 // HIGH
-  scope       = "container.id != \"\""
-  rule_names  = [sysdig_secure_rule_network.disallowed_ssh_connection.name,
-                 sysdig_secure_rule_process.terminal_shell.name]
-
-  actions {
-    container               = "stop"
-    capture {
-      seconds_before_event  = 5
-      seconds_after_event   = 10
-    }
-  }
-}
-```
-
-With the given `scope`, the policy will only be applied to processes being executed inside containers:
-
-```
-scope = "container.id != \"\""
-``` 
-
-Using `terraform apply` the resources are applied in the backend: 
-
-![Terraform apply creates the resources](./assets/img/terraform-apply-create-sysdig-provider.png)
-
- Terraform tells us that is going to create 3 resources, which matches what we defined in `rules.tf` and `policy.tf`. 
-
-![Terraform application completes successfully](./assets/img/terraform-apply-completed-sysdig-provider.png)
-
- After applying the plan, Terraform reports that the 3 resources have been successfully created. The policy uses the 
- rules created before, that’s why it’s the last one being created.
-
-The resources have been created, this is how they look in Sysdig Secure: 
-
-![Terraform rules created in Sysdig Secure](./assets/img/terraform-rules-created-sysdig-secure.png)
-
-![Terraform policy created in Sysdig Secure](./assets/img/terraform-policy-created-sysdig-secure.png)
-
- But now the problem is that, if this policy triggers there's no alert notice unless notification channels are defined. 
-Creating two notification channels, one for the email and another one for slack in a file called `notification.tf`,
-will alert us when the policy is triggered:
-
-```hcl
-resource "sysdig_secure_notification_channel_email" "devops-email" {
-  name                 = "DevOps e-mail"
-  enabled              = true
-  recipients           = "[email protected]"
-  notify_when_ok       = false
-  notify_when_resolved = false
-}
-
-resource "sysdig_secure_notification_channel_slack" "devops-slack" {
-  name                 = "DevOps Slack"
-  enabled              = true
-  url                  = "https://hooks.slack.com/services/xxxxxx/xxxxxxx/xxxxxxxxxxx"
-  channel              = "#devops"
-  notify_when_ok       = false
-  notify_when_resolved = false
-}
-```
-
-Bind them to the policy, modifying the file `policy.tf`; note the `notification_channels` property:
-
-```hcl
-resource "sysdig_secure_policy" "terminal_shell_or_ssh_in_container" {
-  name        = "Terminal shell or SSH detected in container"
-  description = "Detects a terminal shell or a ssh spawned in a container"
-  enabled     = true
-  severity    = 0 // HIGH
-  scope       = "container.id != \"\""
-  rule_names  = [sysdig_secure_rule_network.disallowed_ssh_connection.name,
-                 sysdig_secure_rule_process.terminal_shell.name]
-
-  actions {
-    container               = "stop"
-    capture {
-      seconds_before_event  = 5
-      seconds_after_event   = 10
-    }
-  }
-
-  notification_channels = [sysdig_secure_notification_channel_email.devops-email.id,
-                           sysdig_secure_notification_channel_slack.devops-slack.id]
-}
-``` 
-
-Finally, doing a `terraform apply`, it will inform that it will create 2 new resources and modify the existing policy:
-
-![Terraform apply updates the resources](./assets/img/terraform-apply-update-sysdig-provider.png)
-
- After inputting **yes**, Terraform will create the notification channels and bind them to the policy, 
- ensuring that the state in Monitor and Secure matches our state defined in the code.
-
-This is how the resources appear on the Sysdig Secure UI: 
-
-![Terraform apply creates new notification channels](./assets/img/terraform-new-resources-notification-sysdig.png)
-
-![Terraform updates the policy resource](./assets/img/terraform-updated-resources-policy-sysdig.png)
-
-Now, if someone tries to update it manually, by re-applying the policies, Terraform will
-restore the desired status from the `.tf` manifests.
-
-## Full Terraform resources documentation
-
-Check all the available resources and datasources for the Terraform Provider for Sysdig here: 
-
-[Terraform provider for Sysdig Datasources](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs)
-
----
-![Sysdig logo](./assets/img/sysdig-logo-220.png)
+> ⚠️ This documentation is deprecated and will be removed in a future version. 
+>
+> Please refer to the [official documentation on the Terraform Registry](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs).
@@ -0,0 +1,24 @@
+package sysdig
+
+const (
+	notificationChannelTypeEmail                  = "EMAIL"
+	notificationChannelTypeAmazonSNS              = "SNS"
+	notificationChannelTypeOpsGenie               = "OPSGENIE"
+	notificationChannelTypeVictorOps              = "VICTOROPS"
+	notificationChannelTypeWebhook                = "WEBHOOK"
+	notificationChannelTypeSlack                  = "SLACK"
+	notificationChannelTypePagerduty              = "PAGER_DUTY"
+	notificationChannelTypeMSTeams                = "MS_TEAMS"
+	notificationChannelTypeGChat                  = "GCHAT"
+	notificationChannelTypePrometheusAlertManager = "PROMETHEUS_ALERT_MANAGER"
+	notificationChannelTypeTeamEmail              = "TEAM_EMAIL"
+	notificationChannelTypeCustomWebhook          = "POWER_WEBHOOK"
+	notificationChannelTypeIBMEventNotification   = "IBM_EVENT_NOTIFICATIONS"
+
+	notificationChannelTypeSlackTemplateKeyV1   = "SLACK_SECURE_EVENT_NOTIFICATION_TEMPLATE_METADATA_v1"
+	notificationChannelTypeSlackTemplateKeyV2   = "SLACK_SECURE_EVENT_NOTIFICATION_TEMPLATE_METADATA_v2"
+	notificationChannelTypeMSTeamsTemplateKeyV1 = "MS_TEAMS_SECURE_EVENT_NOTIFICATION_TEMPLATE_METADATA_v1"
+	notificationChannelTypeMSTeamsTemplateKeyV2 = "MS_TEAMS_SECURE_EVENT_NOTIFICATION_TEMPLATE_METADATA_v2"
+
+	notificationChannelSecureEventNotificationContentSection = "SECURE_EVENT_NOTIFICATION_CONTENT"
+)
@@ -44,10 +44,10 @@ func getKiltRecipe(t *testing.T) string {
 	recipeConfig := KiltRecipeConfig{
 		SysdigAccessKey:  "sysdig_access_key",
 		AgentImage:       "workload_agent_image",
-		OrchestratorHost: "orchestrator_host",
-		OrchestratorPort: "orchestrator_port",
 		CollectorHost:    "collector_host",
 		CollectorPort:    "collector_port",
+		OrchestratorHost: "orchestrator_host",
+		OrchestratorPort: "orchestrator_port",
 		SysdigLogging:    "sysdig_logging",
 		Priority:         "priority",
 	}