feat: Add support for suppression rules in Aqua Security Terraform provider

Implementation:

Adds suppression rule CRUD resource and listing data source, wires them into the provider with new client endpoints and constants, plus docs, examples, tests, and refined credential handling.

 - **Suppression Rules**:
   - **Resource**: New `aquasec_suppression_rule` with CRUD, schema validations, and import (`aquasec/resource_suppression_rules.go`).
   - **Data Source**: New `aquasec_suppression_rules` for listing/pagination (`aquasec/data_suppression_rules.go`).
   - **Provider Wiring**: Registers resource/data source in `provider.go`.
 - **Client**:
   - Adds `SuppressionRule` models, enums, and helpers; implements `Get/List/Create/Update/Delete` via Supply Chain API (`client/suppression_rules.go`).
   - Extends client init with `saasScpUrl`; adds supply-chain URLs and adjusts API-key auth mapping (`client/client.go`, `consts/consts.go`).
 - **Utils**: New flatten/expand helpers for suppression rules (`aquasec/utils.go`).
 - **Provider Config**: Trims/merges creds from file/env, prefers API key flow, updates validation paths (`aquasec/provider.go`).
 - **Docs & Examples**: Adds docs for resource/data source and Terraform examples.
 - **Tests**: Acceptance tests for resource and data source.

Author: sarvodayaKumar

aquasec/data_suppression_rules.go

@@ -0,0 +1,46 @@
+package aquasec
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+func TestDataSourceSuppressionRule(t *testing.T) {
+	t.Parallel()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceSuppressionRuleConfig(),
+				Check:  testAccDataSourceSuppressionRuleExists("data.aquasec_suppression_rules.all"),
+			},
+		},
+	})
+}
+
+func testAccDataSourceSuppressionRuleConfig() string {
+	return `
+	data "aquasec_suppression_rules" "all" {
+	}
+`
+}
+
+func testAccDataSourceSuppressionRuleExists(resourceName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("not found: %s", resourceName)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("no ID is set")
+		}
+
+		return nil
+	}
+}

aquasec/data_suppression_rules_test.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"log"
 	"os"
+	"strings"
 
 	"github.com/aquasecurity/terraform-provider-aquasec/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -146,6 +147,7 @@ func Provider(v string) *schema.Provider {
 			"aquasec_log_management":          resourceLogManagement(),
 			"aquasec_serverless_application":  resourceServerlessApplication(),
 			"aquasec_monitoring_system":       resourceMonitoringSystem(),
+			"aquasec_suppression_rule":        resourceSuppressionRule(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"aquasec_users":                       dataSourceUsers(),
@@ -184,6 +186,7 @@ func Provider(v string) *schema.Provider {
 			"aquasec_log_managements":         dataLogManagement(),
 			"aquasec_serverless_applications": dataSourceServerlessApplication(),
 			"aquasec_monitoring_systems":      dataSourceMonitoringSystem(),
+			"aquasec_suppression_rules":       dataSourceSuppressionRule(),
 		},
 		ConfigureContextFunc: providerConfigure,
 	}
@@ -235,31 +238,54 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 	caCertPath := d.Get("ca_certificate_path").(string)
 	validate := d.Get("validate").(bool)
 
-	if username == "" && password == "" && aquaURL == "" && apiKey == "" && secretkey == "" {
-		username, password, aquaURL, apiKey, secretkey, err = getProviderConfigurationFromFile(d)
-		if err != nil && validate {
-			return nil, diag.FromErr(err)
+	if username == "" || password == "" || apiKey == "" || secretkey == "" {
+		uF, pF, fileURL, akF, skF, ferr := getProviderConfigurationFromFile(d)
+		if ferr != nil && validate {
+			return nil, diag.FromErr(ferr)
+		}
+		if username == "" {
+			username = uF
+		}
+		if password == "" {
+			password = pF
+		}
+		if aquaURL == "" && fileURL != "" {
+			aquaURL = fileURL
+		}
+		if apiKey == "" {
+			apiKey = akF
+		}
+		if secretkey == "" {
+			secretkey = skF
 		}
 	}
 
+	username = strings.TrimSpace(username)
+	password = strings.TrimSpace(password)
+	apiKey = strings.TrimSpace(apiKey)
+	secretkey = strings.TrimSpace(secretkey)
+	aquaURL = strings.TrimSpace(aquaURL)
+
 	if validate {
 		if aquaURL == "" {
 			diags = append(diags, diag.Diagnostic{
 				Severity: diag.Error,
 				Summary:  "Initializing provider, aqua_url parameter is missing.",
 			})
 		}
-		if username == "" {
-			diags = append(diags, diag.Diagnostic{
-				Severity: diag.Error,
-				Summary:  "Initializing provider, username parameter is missing.",
-			})
-		}
-		if password == "" {
-			diags = append(diags, diag.Diagnostic{
-				Severity: diag.Error,
-				Summary:  "Initializing provider, password parameter is missing.",
-			})
+		if apiKey == "" && secretkey == "" {
+			if username == "" {
+				diags = append(diags, diag.Diagnostic{
+					Severity: diag.Error,
+					Summary:  "Initializing provider, username parameter is missing.",
+				})
+			}
+			if password == "" {
+				diags = append(diags, diag.Diagnostic{
+					Severity: diag.Error,
+					Summary:  "Initializing provider, password parameter is missing.",
+				})
+			}
 		}
 	}
 
@@ -282,16 +308,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 	}
 
 	var aquaClient *client.Client
-	if username != "" && password != "" {
-		aquaClient, err = client.NewClientWithTokenAuth(aquaURL, username, password, verifyTLS, caCertByte)
-		if err != nil {
-			return nil, diag.Diagnostics{diag.Diagnostic{
-				Severity: diag.Error,
-				Summary:  "Error creating Aqua client with token authentication",
-				Detail:   err.Error(),
-			}}
-		}
-	} else if apiKey != "" {
+	if apiKey != "" {
 		aquaClient, err = client.NewClientWithAPIKey(aquaURL, apiKey, secretkey, verifyTLS, caCertByte)
 		if err != nil {
 			return nil, diag.Diagnostics{diag.Diagnostic{
@@ -309,6 +326,15 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 		if v, ok := d.GetOk("csp_roles"); ok {
 			aquaClient.CSPRoles = convertStringArr(v.([]interface{}))
 		}
+	} else if username != "" && password != "" {
+		aquaClient, err = client.NewClientWithTokenAuth(aquaURL, username, password, verifyTLS, caCertByte)
+		if err != nil {
+			return nil, diag.Diagnostics{diag.Diagnostic{
+				Severity: diag.Error,
+				Summary:  "Error creating Aqua client with token authentication",
+				Detail:   err.Error(),
+			}}
+		}
 	} else {
 		return nil, diag.Diagnostics{diag.Diagnostic{
 			Severity: diag.Error,