fixup

docs/data-sources/custom_rule.md

@@ -10,7 +10,122 @@ description: |-
 
 Use this data source to retrieve ID of a custom rule.
 
+## Example Usage
 
+```terraform
+# Some default rules coming with the Console
+data "prismacloudcompute_custom_rule" "rule" {
+  name = "Twistlock Labs - Suspicious networking tool"
+}
+
+data "prismacloudcompute_custom_rule" "another_rule" {
+  name = "Twistlock Labs - Running privileged process within container"
+}
+
+data "prismacloudcompute_custom_rule" "yet_another_rule" {
+  name = "Twistlock Labs - Running cron app"
+}
+
+# Add container policy using these custom rules
+resource "prismacloudcompute_container_runtime_policy" "ruleset" {
+  learning_disabled = false
+
+  rule {
+    advanced_protection        = true
+    cloud_metadata_enforcement = true
+    collections = [
+      "All",
+    ]
+    disabled               = false
+    kubernetes_enforcement = true
+    name                   = "Demo runtime container policy"
+    wildfire_analysis      = "block"
+
+    custom_rule {
+      action = "audit"
+      effect = "block"
+      id     = data.prismacloudcompute_custom_rule.rule.prisma_id
+    }
+    custom_rule {
+      action = "audit"
+      effect = "block"
+      id     = data.prismacloudcompute_custom_rule.another_rule.prisma_id
+    }
+
+    custom_rule {
+      action = "audit"
+      effect = "block"
+      id     = data.prismacloudcompute_custom_rule.yet_another_rule.prisma_id
+    }
+
+    dns {
+      allowed = [
+        "amplitutude.com",
+      ]
+      denied = [
+        "ru.com",
+        "cn.com",
+        "ir.com",
+      ]
+      deny_effect = "block"
+    }
+
+    filesystem {
+      allowed = [
+        "/etc",
+        "/usr/bin/",
+        "/var/app",
+      ]
+      backdoor_files          = true
+      check_new_files         = true
+      denied                  = []
+      deny_effect             = "prevent"
+      skip_encrypted_binaries = false
+      suspicious_elf_headers  = true
+    }
+
+    network {
+      allowed_outbound_ips = []
+      denied_outbound_ips     = []
+      deny_effect             = "alert"
+      detect_port_scan        = true
+      skip_modified_processes = false
+      skip_raw_sockets        = false
+
+      allowed_listening_port {
+        deny  = false
+        end   = 443
+        start = 443
+      }
+
+      allowed_outbound_port {
+        deny  = false
+        end   = 80
+        start = 80
+      }
+      allowed_outbound_port {
+        deny  = false
+        end   = 443
+        start = 443
+      }
+    }
+
+    processes {
+      allowed = [
+        "aws-cni",
+      ]
+      check_crypto_miners    = true
+      check_lateral_movement = true
+      check_parent_child     = false
+      check_suid_binaries    = false
+      denied                 = []
+      deny_effect            = "block"
+      skip_modified          = false
+      skip_reverse_shell     = false
+    }
+  }
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema

docs/index.md

@@ -2,32 +2,88 @@
 # generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "Prisma Cloud Compute Provider"
 description: |-
-  The Prisma Cloud Compute provider gives resources to interact with the Prisma Cloud Compute API.
+  This is a community-driven fork of the official Prisma Cloud Compute provider with some extra sauce.
 ---
 
 # Prisma Cloud Compute provider
-The Prisma Cloud Compute provider gives resources to interact with the Prisma Cloud Compute API.
+This is a community-driven fork of the official Prisma Cloud Compute provider with some extra sauce.
 
 ## Example Usage
 ```terraform
 terraform {
   required_providers {
     prismacloudcompute = {
-      source  = "PaloAltoNetworks/prismacloudcompute"
-      version = "0.4.0"
+      source  = "hi-artem/prismacloudcompute"
+      version = "0.8.1"
     }
   }
 }
 
 provider "prismacloudcompute" {
-  # Configure provider with file
+  # Configure provider inline
   #
-  config_file = "creds.json"
+  console_url = "https://foo.bar.com"
+  username = "myUsername"
+  password = "myPassword"
 
-  # Alternatively, you can use variables
+  # Or you can use file
   #
-  # console_url = "https://foo.bar.com"
-  # username = "myUsername"
-  # password = "myPassword"
+  # config_file = "creds.json"
+}
+```
+
+## Simplifying Policies
+Resources representing policies can become really long. It is often helpful to simplify their structure using HCL `dynamic` blocks.
+
+```hcl
+# First define your hosts variable
+variable "hosts" {
+  default = [
+    { 
+      name: "ec2-develop, 
+      compliance_check: [
+        { id: 16 }
+      ]
+    },
+    { 
+      name: "ec2-staging, 
+      compliance_check: [
+        { id: 16, block: true }
+      ]
+    },
+    { 
+      name: "ec2-staging, 
+      compliance_check: [
+        { id: 16, block: true },
+        { id: 18, block: false }
+      ]
+    }
+  ]
+}
+
+# And then use dynamic blocks to create a rule for each host
+resource "prismacloudcompute_host_compliance_policy" "ruleset" {
+  dynamic "rule" {
+
+    for_each = var.hosts
+    content {
+      name        = "${rule.value.name}-compliance-policy"
+      notes       = "Compliance policy for ${rule.value.name} host"
+      collections = rule.value.collection_name
+
+      disabled           = false
+      effect             = "alert"
+      show_passed_checks = true
+      verbose            = true
+
+      dynamic "compliance_check" {
+        for_each = rule.value.compliance_checks
+        content {
+          id    = compliance_check.value.id
+          block = try(compliance_check.value.block, false)
+        }
+      }
+    }
+  }
 }
 ```

docs/resources/admission_policy.md

@@ -10,7 +10,53 @@ description: |-
 
 
 
+## Example Usage
 
+```terraform
+resource "prismacloudcompute_admission_policy" "ruleset" {
+  rule {
+    name        = "Block host PID and IPC sharing"
+    disabled    = true
+    effect      = "block"
+    description = "This rule is important, but disabled"
+    script      = <<-EOT
+            match[{"msg": msg}] {
+            	input.request.operation == "CREATE"
+            	input.request.kind.kind == "Pod"
+            	input.request.resource.resource == "pods"
+            	input_share_hostnamespace(input.request.object)
+            	msg := sprintf("Sharing the host namespace is not allowed, pod: %v", [input.request.object.metadata.name])
+            }
+
+            input_share_hostnamespace(o) {
+                o.spec.hostPID
+            }
+
+            input_share_hostnamespace(o) {
+                o.spec.hostIPC
+            }
+        EOT
+  }
+  rule {
+    name        = "Allow containers with non read only filesystem"
+    disabled    = false
+    effect      = "allow"
+    description = "This rule is important and enabled, but allowed"
+    script      = <<-EOT
+            match[{"msg": msg}] {
+                operations := {"CREATE"}
+                operations[input.request.operation]
+                input.request.kind.kind == "Pod"
+
+                containers := input.request.object.spec.containers[_]
+
+                not containers.securityContext.readOnlyRootFilesystem
+                msg := sprintf("container '%v' does not have a read only root filesystem", [containers.name])
+            }
+        EOT
+  }
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema

docs/resources/custom_malware.md

@@ -10,7 +10,21 @@ description: |-
 
 
 
-
+## Example Usage
+
+```terraform
+resource "prismacloudcompute_custom_malware" "custom" {
+  feed  {
+    md5 = "044003f961de0e52bdd6e561460cb05a"
+    name =  "allowed"
+  }
+  feed  {
+    md5 = "1447a3f961de0e52b086e561460cb05a"
+    name =  "denied"
+    allowed = false
+  }
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema

docs/resources/custom_rule.md

@@ -10,7 +10,31 @@ description: |-
 
 
 
-
+## Example Usage
+
+```terraform
+resource "prismacloudcompute_custom_rule" "test" {
+  name        = "basic-rule"
+  description = "this is basic rule"
+  message     = "%proc.name doing stuff"
+  type        = "processes"
+  script      = "proc.name = \"cat\""
+}
+
+resource "prismacloudcompute_custom_rule" "test_heredoc" {
+  name        = "less-basic-rule"
+  description = "this is less basic rule"
+  message     = "%proc.name wrote to path"
+  type        = "filesystem"
+  script      = <<EOT
+                  // Example:
+                  // user modifies a sensitive file under /etc or its subfolders
+                  // proc.user != "root" and file.path startswith "/etc"
+
+                  proc.user != "crond" and file.path startswith "/var/spool"
+                EOT
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema

examples/README.md

@@ -8,4 +8,4 @@ The document generation tool looks for files in the following locations by defau
 * `data-sources/data_source_name/data-source.tf` example file for the named data source page
 * `resources/resource_name/resource.tf` example file for the named data source page
 
-The files in the `defaults/` directory are for Prisma Cloud Compute default configurations.
+The files in the `defaults/` directory are for Prisma Cloud Compute default configurations. This configuration is a subject to change, depending on the Compute version.