v1.75.0

Reinhard-Pilz-Dynatrace · Reinhard-Pilz-Dynatrace · commit c3176e17039b · 2025-02-28T15:52:43.000+01:00
diff --git a/docs/data-sources/dql.md b/docs/data-sources/dql.md
@@ -0,0 +1,38 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "dynatrace_dql Data Source - terraform-provider-dynatrace"
+subcategory: ""
+description: |-
+  
+---
+
+# dynatrace_dql (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `query` (String) example: fetch events | filter event.type == "davis" AND davis.status != "CLOSED" | fields timestamp, davis.title, davis.underMaintenance, davis.status | sort timestamp | limit 10
+
+### Optional
+
+- `default_sampling_ratio` (Number) In case not specified in the DQL string, the sampling ratio defined here is applied. Note that this is only applicable to log queries
+- `default_scan_limit_gbytes` (Number) Limit in gigabytes for the amount data that will be scanned during read
+- `default_timeframe_end` (String) The query timeframe 'end' timestamp in ISO-8601 or RFC3339 format. If the timeframe 'start' parameter is missing, the whole timeframe is ignored. Note that if a timeframe is specified within the query string (query) then it has precedence over this query request parameter
+- `default_timeframe_start` (String) The query timeframe 'start' timestamp in ISO-8601 or RFC3339 format. If the timeframe 'end' parameter is missing, the whole timeframe is ignored. Note that if a timeframe is specified within the query string (query) then it has precedence over this query request parameter
+- `fetch_timeout_seconds` (Number) The query will stop reading data after reaching the fetch-timeout. The query execution will continue, providing a partial result based on the read data
+- `locale` (String) The query locale. If none specified, then a language/country neutral locale is chosen. The input values take the ISO-639 Language code with an optional ISO-3166 country code appended to it with an underscore. For instance, both values are valid 'en' or 'en_US'
+- `max_result_bytes` (Number) The maximum number of result bytes that this query will return
+- `max_result_records` (Number) The maximum number of result records that this query will return
+- `request_timeout_milliseconds` (Number) The time a client is willing to wait for the query result. In case the query finishes within the specified timeout, the query result is returned. Otherwise, the requestToken is returned, allowing polling for the result
+- `timezone` (String) The query timezone. If none is specified, UTC is used as fallback. The list of valid input values matches that of the IANA Time Zone Database (TZDB). It accepts values in their canonical names like 'Europe/Paris', the abbreviated version like CET or the UTC offset format like '+01:00'
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `records` (String)
diff --git a/docs/index.md b/docs/index.md
@@ -74,17 +74,6 @@ Define `DT_CLIENT_ID`, `DT_CLIENT_SECRET`, `DT_ACCOUNT_ID` based off of the crea
  * **View and manage policies** (`iam-policies-management`)
  * **View environments** (`account-env-read`)
 
-In addition to using environment variables, the provider itself can also be configured.
-```
-provider "dynatrace" {
-  dt_env_url    = "<env url>"
-  dt_api_token  = "<api token>"
-  client_id     = "<client id>"
-  client_secret = "<client secret>"
-  account_id    = "<account id>"
-}
-```
-
 ## Exporting existing configuration from a Dynatrace environment
 In addition to the out-of-the-box functionality of Terraform, the provider has the ability to be executed as a standalone executable to export an existing configuration from a Dynatrace environment. Refer to the [Export Utility](https://dt-url.net/h203qmc) page for more information.
 
diff --git a/docs/resources/attack_allowlist.md b/docs/resources/attack_allowlist.md
@@ -28,15 +28,38 @@ The full documentation of the export feature is available [here](https://dt-url.
 
 ```terraform
 resource "dynatrace_attack_allowlist" "#name#" {
-  criteria {
-    source_ip = "192.168.0.1"
-  }
-  enabled = false
+  enabled      = true
+  insert_after = ""
+  rule_name    = "#name#"
   attack_handling {
     blocking_strategy = "MONITOR"
   }
   metadata {
-    comment = ""
+    comment = "Example"
+  }
+  resource_attribute_conditions {
+    resource_attribute_condition {
+      matcher                  = "STARTS_WITH"
+      resource_attribute_key   = "AttributeKey2"
+      resource_attribute_value = "AttributeValue2"
+    }
+    resource_attribute_condition {
+      matcher                  = "EQUALS"
+      resource_attribute_key   = "AttributeKey1"
+      resource_attribute_value = "AttributeValue1"
+    }
+  }
+  rules {
+    rule {
+      criteria_key                  = "DETECTION_TYPE"
+      criteria_matcher              = "EQUALS"
+      criteria_value_detection_type = "SSRF"
+    }
+    rule {
+      criteria_key             = "ACTOR_IP"
+      criteria_matcher         = "CONTAINS"
+      criteria_value_free_text = "192.168.1.2"
+    }
   }
 }
 ```
@@ -46,14 +69,19 @@ resource "dynatrace_attack_allowlist" "#name#" {
 
 ### Required
 
-- `attack_handling` (Block List, Min: 1, Max: 1) Step 2: Define attack control for chosen criteria (see [below for nested schema](#nestedblock--attack_handling))
-- `criteria` (Block List, Min: 1, Max: 1) Step 1: Define criteria. Please specify at least one of source IP or attack pattern. (see [below for nested schema](#nestedblock--criteria))
+- `attack_handling` (Block List, Min: 1, Max: 1) Step 1: Define attack control for chosen criteria (see [below for nested schema](#nestedblock--attack_handling))
 - `enabled` (Boolean) This setting is enabled (`true`) or disabled (`false`)
-- `metadata` (Block List, Min: 1, Max: 1) Step 3: Leave comment (see [below for nested schema](#nestedblock--metadata))
+- `metadata` (Block List, Min: 1, Max: 1) Step 4: Leave comment (optional) (see [below for nested schema](#nestedblock--metadata))
+- `rules` (Block List, Min: 1, Max: 1) Provide conditions that must be met by the detection finding you want to allowlist. (see [below for nested schema](#nestedblock--rules))
 
 ### Optional
 
+- `criteria` (Block List, Max: 1, Deprecated) Step 1: Define criteria. Please specify at least one of source IP or attack pattern. (see [below for nested schema](#nestedblock--criteria))
 - `insert_after` (String) Because this resource allows for ordering you may specify the ID of the resource instance that comes before this instance regarding order. If not specified when creating the setting will be added to the end of the list. If not specified during update the order will remain untouched
+- `resource_attribute_conditions` (Block List, Max: 1) When you add multiple conditions, the rule applies if all conditions apply.
+
+If you want the rule to apply only to a subset of your environment, provide the resource attributes that should be used to identify that part of the environment. (see [below for nested schema](#nestedblock--resource_attribute_conditions))
+- `rule_name` (String) Rule name
 
 ### Read-Only
 
@@ -67,6 +95,36 @@ Required:
 - `blocking_strategy` (String) Possible Values: `MONITOR`, `OFF`
 
 
+<a id="nestedblock--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `comment` (String) no documentation available
+
+
+<a id="nestedblock--rules"></a>
+### Nested Schema for `rules`
+
+Required:
+
+- `rule` (Block List, Min: 1) (see [below for nested schema](#nestedblock--rules--rule))
+
+<a id="nestedblock--rules--rule"></a>
+### Nested Schema for `rules.rule`
+
+Required:
+
+- `criteria_key` (String) Possible Values: `ACTOR_IP`, `DETECTION_TYPE`, `ENTRY_POINT_PAYLOAD`, `ENTRY_POINT_PAYLOAD_DOMAIN`, `ENTRY_POINT_PAYLOAD_PORT`, `ENTRY_POINT_URL_PATH`
+- `criteria_matcher` (String) Possible Values: `CONTAINS`, `DOES_NOT_CONTAIN`, `DOES_NOT_END_WITH`, `DOES_NOT_STARTS_WITH`, `ENDS_WITH`, `EQUALS`, `IP_CIDR`, `NOT_EQUALS`, `NOT_IN_IP_CIDR`, `STARTS_WITH`
+
+Optional:
+
+- `criteria_value_detection_type` (String) Possible Values: `CMD_INJECTION`, `JNDI_INJECTION`, `SQL_INJECTION`, `SSRF`
+- `criteria_value_free_text` (String) Value
+
+
+
 <a id="nestedblock--criteria"></a>
 ### Nested Schema for `criteria`
 
@@ -76,10 +134,22 @@ Optional:
 - `source_ip` (String) Source IP
 
 
-<a id="nestedblock--metadata"></a>
-### Nested Schema for `metadata`
+<a id="nestedblock--resource_attribute_conditions"></a>
+### Nested Schema for `resource_attribute_conditions`
 
 Required:
 
-- `comment` (String) no documentation available
+- `resource_attribute_condition` (Block List, Min: 1) (see [below for nested schema](#nestedblock--resource_attribute_conditions--resource_attribute_condition))
+
+<a id="nestedblock--resource_attribute_conditions--resource_attribute_condition"></a>
+### Nested Schema for `resource_attribute_conditions.resource_attribute_condition`
+
+Required:
+
+- `matcher` (String) Possible Values: `CONTAINS`, `DOES_NOT_CONTAIN`, `DOES_NOT_END_WITH`, `DOES_NOT_EXIST`, `DOES_NOT_START_WITH`, `ENDS_WITH`, `EQUALS`, `EXISTS`, `NOT_EQUALS`, `STARTS_WITH`
+- `resource_attribute_key` (String) Resource attribute key
+
+Optional:
+
+- `resource_attribute_value` (String) Resource attribute value
  
diff --git a/docs/resources/automation_workflow.md b/docs/resources/automation_workflow.md
@@ -132,6 +132,7 @@ resource "dynatrace_automation_workflow" "Sample_Worklow_TF" {
 - `owner` (String) The ID of the owner of this workflow
 - `private` (Boolean) Defines whether this workflow is private to the owner or not. Default is `true`
 - `trigger` (Block List, Max: 1) Configures how executions of the workflows are getting triggered. If no trigger is specified it means the workflow is getting manually triggered (see [below for nested schema](#nestedblock--trigger))
+- `type` (String) The type of the workflow. Possible values are `STANDARD` and `SIMPLE`. Defaults to `STANDARD`. Workflows of type `SIMPLE` are allowed to contain only one action
 
 ### Read-Only
 
diff --git a/docs/resources/iam_policy_bindings_v2.md b/docs/resources/iam_policy_bindings_v2.md
@@ -130,5 +130,6 @@ Required:
 
 Optional:
 
+- `boundaries` (Set of String)
 - `metadata` (Map of String)
 - `parameters` (Map of String)
diff --git a/docs/resources/iam_policy_boundary.md b/docs/resources/iam_policy_boundary.md
@@ -0,0 +1,62 @@
+---
+layout: ""
+page_title: "dynatrace_iam_policy_boundary Resource - terraform-provider-dynatrace"
+subcategory: "IAM"
+description: |-
+  The resource `dynatrace_iam_policy_boundary` covers boundaries that can get specified when binding policies to user groups via Account Management API for SaaS Accounts.
+---
+
+# dynatrace_iam_policy_boundary (Resource)
+
+-> **Dynatrace SaaS only**
+
+-> To utilize this resource, please define the environment variables `DT_CLIENT_ID`, `DT_CLIENT_SECRET`, `DT_ACCOUNT_ID` with an OAuth client including the following permissions: **Allow IAM policy configuration for environments** (`iam-policies-management`) and **View environments** (`account-env-read`).
+
+-> This resource is excluded by default in the export utility, please explicitly specify the resource to retrieve existing configuration.
+
+## Dynatrace Documentation
+
+- Dynatrace IAM Group Permissions - https://docs.dynatrace.com/docs/manage/identity-access-management/permission-management/manage-user-permissions-policies
+
+- Settings API - https://www.dynatrace.com/support/help/how-to-use-dynatrace/user-management-and-sso/manage-groups-and-permissions/iam/iam-getting-started
+
+## Resource Example Usage
+
+```terraform
+resource "dynatrace_iam_policy_boundary" "this" {
+  name  = "Foo"
+  query = "environment:management-zone startsWith \"[Foo]\";"
+}
+
+resource "dynatrace_iam_policy_bindings_v2" "this" {
+  environment = "########"
+  group       = dynatrace_iam_group.this.id
+
+  policy {
+    id         = dynatrace_iam_policy.this.id
+    boundaries = [dynatrace_iam_policy_boundary.this.id]
+  }
+}
+
+resource "dynatrace_iam_group" "this" {
+  name = "my-group-name"
+}
+
+resource "dynatrace_iam_policy" "this" {
+  name            = "this"
+  account         = "########-####-####-####-############"
+  statement_query = "ALLOW settings:objects:read, settings:schemas:read WHERE settings:schemaId = \"#########\";"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the policy
+- `query` (String) The boundary query
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
diff --git a/docs/resources/log_sensitive_data_masking.md b/docs/resources/log_sensitive_data_masking.md
@@ -106,7 +106,7 @@ Required:
 
 Required:
 
-- `attribute` (String) Possible Values: `Container_name`, `Dt_entity_container_group`, `Dt_entity_process_group`, `Host_tag`, `Journald_unit`, `K8s_container_name`, `K8s_deployment_name`, `K8s_namespace_name`, `K8s_pod_annotation`, `K8s_pod_label`, `K8s_workload_kind`, `K8s_workload_name`, `Log_source`, `Log_source_origin`, `Process_technology`
+- `attribute` (String) Possible Values: `Container_name`, `Dt_entity_container_group`, `Dt_entity_process_group`, `Host_tag`, `K8s_container_name`, `K8s_deployment_name`, `K8s_namespace_name`, `K8s_pod_annotation`, `K8s_pod_label`, `K8s_workload_kind`, `K8s_workload_name`, `Log_source`, `Log_source_origin`, `Process_technology`
 - `operator` (String) Possible Values: `MATCHES`
 - `values` (Set of String) no documentation available
  
diff --git a/docs/resources/log_timestamp.md b/docs/resources/log_timestamp.md
@@ -83,7 +83,7 @@ Required:
 
 Required:
 
-- `attribute` (String) Possible Values: `Container_name`, `Dt_entity_container_group`, `Dt_entity_process_group`, `Host_tag`, `Journald_unit`, `K8s_container_name`, `K8s_deployment_name`, `K8s_namespace_name`, `K8s_pod_annotation`, `K8s_pod_label`, `K8s_workload_kind`, `K8s_workload_name`, `Log_source`, `Log_source_origin`, `Process_technology`
+- `attribute` (String) Possible Values: `Container_name`, `Dt_entity_container_group`, `Dt_entity_process_group`, `Host_tag`, `K8s_container_name`, `K8s_deployment_name`, `K8s_namespace_name`, `K8s_pod_annotation`, `K8s_pod_label`, `K8s_workload_kind`, `K8s_workload_name`, `Log_source`, `Log_source_origin`, `Process_technology`
 - `operator` (String) Possible Values: `MATCHES`
 - `values` (Set of String) no documentation available
  
diff --git a/docs/resources/monitored_technologies_python.md b/docs/resources/monitored_technologies_python.md
@@ -0,0 +1,48 @@
+---
+layout: ""
+page_title: dynatrace_monitored_technologies_python Resource - terraform-provider-dynatrace"
+subcategory: "Monitored Technologies"
+description: |-
+  The resource `dynatrace_monitored_technologies_python` covers configuration to enable/disable Python monitoring
+---
+
+# dynatrace_monitored_technologies_python (Resource)
+
+-> This resource requires the API token scopes **Read settings** (`settings.read`) and **Write settings** (`settings.write`)
+
+## Dynatrace Documentation
+
+- Hosts - https://www.dynatrace.com/support/help/platform-modules/infrastructure-monitoring/hosts
+
+- Settings API - https://www.dynatrace.com/support/help/dynatrace-api/environment-api/settings (schemaId: `builtin:monitored-technologies.python`)
+
+## Export Example Usage
+
+- `terraform-provider-dynatrace -export dynatrace_monitored_technologies_python` downloads all existing Python monitoring configuration
+
+The full documentation of the export feature is available [here](https://dt-url.net/h203qmc).
+
+## Resource Example Usage
+
+```terraform
+resource "dynatrace_monitored_technologies_python" "#name#" {
+  enabled = false
+  host_id = "environment"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `enabled` (Boolean) This setting is enabled (`true`) or disabled (`false`)
+
+### Optional
+
+- `host_id` (String) The scope of this settings. If the settings should cover the whole environment, just don't specify any scope.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+ 
diff --git a/docs/resources/security_context.md b/docs/resources/security_context.md
@@ -0,0 +1,43 @@
+---
+layout: ""
+page_title: dynatrace_security_context Resource - terraform-provider-dynatrace"
+subcategory: "Platform"
+description: |-
+  The resource `dynatrace_security_context` covers configuration for security context settings
+---
+
+# dynatrace_security_context (Resource)
+
+-> This resource requires the API token scopes **Read settings** (`settings.read`) and **Write settings** (`settings.write`)
+
+## Dynatrace Documentation
+
+- Permissions in Grail - https://docs.dynatrace.com/docs/discover-dynatrace/platform/grail/data-model/assign-permissions-in-grail
+
+- Settings API - https://www.dynatrace.com/support/help/dynatrace-api/environment-api/settings (schemaId: `builtin:security-context`)
+
+## Export Example Usage
+
+- `terraform-provider-dynatrace -export dynatrace_security_context` downloads existing security context configuration
+
+The full documentation of the export feature is available [here](https://dt-url.net/h203qmc).
+
+## Resource Example Usage
+
+```terraform
+resource "dynatrace_security_context" "#name#" {
+  enabled = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `enabled` (Boolean) This setting is enabled (`true`) or disabled (`false`)
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+ 
diff --git a/docs/resources/vulnerability_settings.md b/docs/resources/vulnerability_settings.md
@@ -81,4 +81,6 @@ Optional:
 - `enable_dot_net_runtime` (Boolean) NET runtimes
 - `enable_java_runtime` (Boolean) Java runtimes
 - `enable_node_js_runtime` (Boolean) Node.js runtimes
+- `enable_python` (Boolean) Python
+- `enable_python_runtime` (Boolean) Python runtimes
  
diff --git a/provider/version/version.go b/provider/version/version.go
@@ -17,4 +17,4 @@
 
 package version
 
-const Current = "1.74.1"
+const Current = "1.75.0"
