Releases: sysdiglabs/terraform-provider-sysdig
v3.0.1
v3.0.0
BREAKING CHANGES
The sysdig_secure_cloud_account resource, has been removed in this major release. This is part of a broader effort to phase out legacy cloudsec resource management from the provider.
This change is considered a breaking change for very old customer installations that might try to upgrade the provider. However, it is not expected to impact current users due to the following reasons:
Limited Usage: The resource has only been used within legacy Terraform modules (terraform-aws-secure-for-cloud, Azure, and GCP), which have been deprecated for over a year.
- No Current Usage: We have confirmed that no one should be actively using this resource, as it is tied to a deprecated type of onboarding.
- Pinned Provider Versions: The deprecated modules pin the Sysdig provider to older versions (~1.x), which include this resource since the underlying API is not yet deprecated. Therefore, current users of those modules will not encounter this breaking change unless they explicitly upgrade their provider version significantly.
- No On-Premise Usage: The Terraform resource was not used by on-premise installations, as the cloudbench submodule (the only one that used this resource) was not supported for on-premise.
The recommended solutions are:
- Redeploy using the new onboarding process.
- Pin an older provider version if they absolutely do not wish to migrate.
Given that current snippets point to older versions, users upgrading will be moving up two major versions, making breaking changes expected. The ultimate solution for these users is to migrate to the new onboarding process, as the deprecated methods will no longer be supported.
Bug Fixes
- Fixed the creation of invalid alerts in tests for silencing rules (#670).
Changelog
v2.1.0
Features
- New
severities_and_threatsRule for Vulnerability Policies: You can now create more granular and powerful vulnerability policies by defining rules based on a wide range of threat intelligence and risk factors. This new rule type allows you to use conditions such as CVSS score, vulnerability disclosure date, package type, fix availability, public exploits, CISA KEV (Known Exploited Vulnerabilities) status, and EPSS (Exploit Prediction Scoring System) scores. (#666)
Bug Fixes
- Improved Reliability for Secure Policy Creation: We've added automatic retry logic with exponential backoff to handle
409 Conflicterrors that can occur when creating security policies. (#668)
Changelog
v2.0.0
BREAKING CHANGES
This release introduces a series of breaking changes to modernize the provider, removing long-deprecated resources and aligning with the latest Sysdig API capabilities.
The following resources have been removed. Users must migrate their configurations and state to the new resources.
Remember you can still pin to the latest v1 version using the ~> version constraint.
Monitor Alerts (sysdig_monitor_alert_*)
- Removed:
sysdig_monitor_alert_metricsysdig_monitor_alert_anomalysysdig_monitor_alert_promqlsysdig_monitor_alert_group_outliersysdig_monitor_alert_eventsysdig_monitor_alert_downtime
- Reason: These "v1" alert resources were deprecated.
- Replacement: Replaced by the new, more granular
sysdig_monitor_alert_v2_*resources (e.g.,sysdig_monitor_alert_v2_metric,sysdig_monitor_alert_v2_prometheus,sysdig_monitor_alert_v2_downtime, etc.).
Secure Policy (sysdig_secure_policy)
- Removed:
sysdig_secure_policy - Reason: Deprecated in favor of the more granular policy resources.
- Replacement:
sysdig_secure_*_policy.
Secure Notification Channel Data Source
- Removed:
data "sysdig_secure_notification_channel" - Reason: The generic data source was deprecated.
- Replacement: Use the specific data source for each channel type (e.g.,
data "sysdig_secure_notification_channel_slack",data "sysdig_secure_notification_channel_email").
Vulnerability Exception Resources
- Removed:
sysdig_secure_vulnerability_exceptionsysdig_secure_vulnerability_exception_list
- Reason: These resources are obsolete and no longer supported by the API. They were part of the legacy scanner.
- Replacement: Use the new
sysdig_secure_vulnerability_accept_riskresource. This uses the new scanner.
Secure Scanning Policies
- Removed:
sysdig_secure_scanning_policy - Reason: This resource was deprecated, since it was part of the legacy scanner.
- Replacement: Use the new
sysdig_secure_vulnerability_policyresource. This uses the new scanner.
Changelog
v1.60.0
v1.59.0
v1.58.0
What's Changed
- refactor(serverless): Migrate to new agent-kilt package by @pgcrooks-sysdig in #659
- feat(secure-policies): support new fields in drift policy by @ombellare in #656
- feat: add vulnerability policy resource by @tembleking in #662
- feat(secure-policies): support new and fix existing fields in malware policy by @ombellare in #657
Full Changelog: v1.57.1...v1.58.0
Contributors
Assets 18
v1.57.1
v1.57.0
Changelog
- c277875 refactor: rename deprecated resources (#652)
- e5f40db feat(alerts): support additional fields in notification templates (#654)
- b3274f6 fix(ci): reorder elements in test (#653)
- 04617f7 build: upgrade to Go 1.24 (#651)
- 128d649 fix(lint): modernize actions and solve linting issues (#649)
- 7b8efbc chore(codeowners): add sysdig training team as owner of the project (#650)
- 43e7747 chore(codeowners): Tidy up owners (#645)
- 8d0c789 refactor: rename all deprecated scanning policy code (#648)
- a89c2d5 chore(fargate): add deprecation message for orchestrator-related parameters (#643)
- 127a273 fix(posture/accept-risk): allow expires_in=Never value (#641)
