Error when applying automation with multiple results

[SecretSquirrel-origami]

Hi,
Receive the following terraform apply error when my automation resource contains a jira_cloud_template & email_template.

Error:
│ Error: Error updating Automation
│ with orcasecurity_automation.detected_malicious_or_suspicious_activity,
│ on orcasecurity_automation.tf line 5, in resource "orcasecurity_automation" "detected_malicious_or_suspicious_activity":
│ 5: resource "orcasecurity_automation" "detected_malicious_or_suspicious_activity" {
│
│ Could not update Automation, unexpected error: 0::API returned error - status: 400, body: {"status":"failure","error":"Additional properties are not allowed ('template' was unexpected)"}, error: Additional properties are not allowed ('template' was unexpected)

Terraform Version

Terraform: v1.10.3
orca provider: v0.0.18

Affected Resource(s)

• orcasecurity_automation

Terraform Configuration Files

resource "orcasecurity_automation" "detected_malicious_or_suspicious_activity" {
  name    = "Detected Malicious or Suspicious Activity"
  description = "Send email notification upon detection of potentially malicious or suspicious activity."
  enabled = true
  query = {
    "filter": [
      { "field": "state.status", "includes": ["open"] },
      { "field": "category", "includes": ["Malicious activity","Suspicious activity","Malware"] }
      ]
  }
// JIRA INTEGRATION:
  jira_cloud_template = {
    template = "Bug"  # name of Jira template
    #parent_issue  = null #Optional parent issue Jira ID
  }
// EMAIL NOTIFICATION
  email_template = {
   email = ["[email protected]"]
   multi_alerts = false
  }
// SLACK NOTIFICATION
//  slack_template = {
//    workspace = "My Company Workspace"
//    channel   = "C04CLAAAAA"
//  }
// SUNO LOGIC INTEGRATION
  //sumologic = {
  //}
// WEB-HOOK INTEGRATION
//  webhook_template = {
//    template = "webhook-uri" 
//  }
}

[SecretSquirrel-origami]

for additional context, this issue is also encountered when configuring an automation resource to carry out more than 1 action.
For example, an automation that dismisses an alert, but also fires an email/ slack / webhook notification will fail with an error:

resource "orcasecurity_automation" "dismiss_detected_expired_secret" {
  name    = "Dismiss Detected Expired Secret"
  description = "An expired secret or credential has been detected, which can be safely ignored / dismissed."
  enabled = false
  query = {
    "filter": [
      { "field": "state.status", "includes": ["open"] },
      { "field": "asset_type_string", "includes": ["CodeRepository"] },
      { "field": "asset_labels", "includes": ["shiftleft:secret_detection","validity_status:expired"] }
    ]
  }
  alert_dismissal_details = {
   reason        = "Acceptable risk"
   justification = "Secret or Credential is no longer valid as it's expired, it can safely be ignored."
  }
// EMAIL NOTIFICATION
  email_template = {
   email = ["[email protected]"]
   multi_alerts = true
  }
}

Error:
│ Error: Error updating Automation
│
│ with orcasecurity_automation.dismiss_detected_expired_secret,
│ on orcasecurity_automation.tf line 247, in resource "orcasecurity_automation" "dismiss_detected_expired_secret":
│ 247: resource "orcasecurity_automation" "dismiss_detected_expired_secret" {
│
│ Could not update Automation, unexpected error: 0::API returned error - status: 400, body: {"status":"failure","error":"Additional properties are not allowed ('multi_alerts', 'email' were unexpected)"}, error: Additional properties are not allowed ('multi_alerts', 'email' were unexpected)

[patrickb-orca]

Thank you for pointing this out! Let me investigate this and push a PR if there's a bug, and also to allow you to implement 2 actions for one automation. Apologies for the inconvenience.