[datadog_sensitive_data_scanner_rule] Proof of concept for test patterns

[alexandre-pocquet]

This is a proof of concept to support pattern unit tests in datadog_sensitive_data_scanner_rule resources, replicating the testing feature already available in the SDS UI.

Here's what an SDS rule with tests would look like:

resource datadog_sensitive_data_scanner_rule my_rule {
    name = "Detect my_secret_token in logs"
    group_id = datadog_sensitive_data_scanner_group.my_group.id

    pattern = "my_secret_token[=:]\w+"
    pattern_test {
        input = "my_secret_token=aaaaaaaaaaa"
    }
    pattern_test {
        input = "my_secret_token:bbbbbbbbbb"
    }
    pattern_test {
        input = "my_secret_token_hash=ccccccccc"
        matches = false
    }
}

It's not functional at the moment, mostly because the API endpoint used by the regular SDS UI is semi-private and restricted to UI usages.

TODO:

• stabilize the SDS testing API endpoint
• add it to the public Datadog API bindings
• support more than pattern tests (include the replacement options ?)