add tlsversion and responsetime assertions

rhythmictech · Aug 13, 2024 · b14f8b8 · b14f8b8
1 parent 61a0916
commit b14f8b8
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/synthetics/certificate/README.md b/synthetics/certificate/README.md
@@ -26,7 +26,6 @@ No modules.
 | Name | Type |
 |------|------|
 | [datadog_synthetics_test.ssl](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/synthetics_test) | resource |
-| [datadog_synthetics_locations.ssl](https://registry.terraform.io/providers/datadog/datadog/latest/docs/data-sources/synthetics_locations) | data source |
 
 ## Inputs
 
@@ -58,6 +57,8 @@ No modules.
 | <a name="input_ssl_synthetic_enabled"></a> [ssl\_synthetic\_enabled](#input\_ssl\_synthetic\_enabled) | Flag to enable SSL Synthetic Test | `string` | `"true"` | no |
 | <a name="input_ssl_synthetic_host"></a> [ssl\_synthetic\_host](#input\_ssl\_synthetic\_host) | Host name to perform SSL Synthetic Test with. | `string` | n/a | yes |
 | <a name="input_ssl_synthetic_locations"></a> [ssl\_synthetic\_locations](#input\_ssl\_synthetic\_locations) | An array of datadog locations used to run SSL Synthetic Test | `list(string)` | <pre>[<br>  "aws:us-east-1"<br>]</pre> | no |
+| <a name="input_ssl_synthetic_max_response_time"></a> [ssl\_synthetic\_max\_response\_time](#input\_ssl\_synthetic\_max\_response\_time) | Number of milliseconds host response time should be less than. | `number` | `2000` | no |
+| <a name="input_ssl_synthetic_min_tls_version"></a> [ssl\_synthetic\_min\_tls\_version](#input\_ssl\_synthetic\_min\_tls\_version) | Number Certificate TLS version should be equal to or greater than. | `number` | `1.2` | no |
 | <a name="input_ssl_synthetic_port"></a> [ssl\_synthetic\_port](#input\_ssl\_synthetic\_port) | Port to use when performing SSL Synthetic Test. | `number` | `443` | no |
 | <a name="input_ssl_synthetic_tick_every"></a> [ssl\_synthetic\_tick\_every](#input\_ssl\_synthetic\_tick\_every) | How often SSL Synthetic Test should run in seconds. | `number` | `900` | no |
 | <a name="input_team"></a> [team](#input\_team) | Team supporting the monitored resource (leave blank to omit tag) | `string` | `null` | no |

diff --git a/synthetics/certificate/main.tf b/synthetics/certificate/main.tf
@@ -30,6 +30,18 @@ resource "datadog_synthetics_test" "ssl" {
     target   = var.ssl_synthetic_days_to_expiration
   }
 
+  assertion {
+    type     = "tlsVersion"
+    operator = "moreThanOrEqual"
+    target   = var.ssl_synthetic_min_tls_version
+  }
+
+  assertion {
+    type     = "responseTime"
+    operator = "lessThan"
+    target   = var.ssl_synthetic_max_response_time
+  }
+
   options_list {
     tick_every         = var.ssl_synthetic_tick_every
     accept_self_signed = var.ssl_synthetic_accept_self_signed

diff --git a/synthetics/certificate/variables.tf b/synthetics/certificate/variables.tf
@@ -45,6 +45,18 @@ variable "ssl_synthetic_days_to_expiration" {
   default     = 7
 }
 
+variable "ssl_synthetic_min_tls_version" {
+  description = "Number Certificate TLS version should be equal to or greater than."
+  type        = number
+  default     = 1.2
+}
+
+variable "ssl_synthetic_max_response_time" {
+  description = "Number of milliseconds host response time should be less than."
+  type        = number
+  default     = 2000
+}
+
 variable "ssl_synthetic_tick_every" {
   description = "How often SSL Synthetic Test should run in seconds."
   type        = number