(feat) add grace days policy to container policy resources

hi-artem · hi-artem · commit 287375f7b245 · 2021-12-22T13:19:14.000-08:00
diff --git a/prismacloudcompute/convert/vulnerability_image.go b/prismacloudcompute/convert/vulnerability_image.go
@@ -52,7 +52,21 @@ func SchemaToVulnerabilityImageRules(d *schema.ResourceData) ([]policy.Vulnerabi
 
 			parsedRule.Disabled = presentRule["disabled"].(bool)
 			parsedRule.Effect = presentRule["effect"].(string)
-			parsedRule.GraceDays = presentRule["grace_days"].(int)
+
+			if len(presentRule["grace_days_policy"].([]interface{})) > 0 && presentRule["grace_days_policy"].([]interface{})[0] != nil {
+				presentGraceDaysPolicy := presentRule["grace_days_policy"].([]interface{})[0].(map[string]interface{})
+				parsedRule.GraceDaysPolicy = policy.VulnerabilityImageGraceDaysPolicy{
+					Enabled:  true,
+					Low:      presentGraceDaysPolicy["low"].(int),
+					Medium:   presentGraceDaysPolicy["medium"].(int),
+					High:     presentGraceDaysPolicy["high"].(int),
+					Critical: presentGraceDaysPolicy["critical"].(int),
+				}
+				parsedRule.GraceDays = 0
+			} else {
+				parsedRule.GraceDays = presentRule["grace_days"].(int)
+			}
+
 			parsedRule.Name = presentRule["name"].(string)
 			parsedRule.Notes = presentRule["notes"].(string)
 			parsedRule.OnlyFixed = presentRule["only_fixed"].(bool)
@@ -101,6 +115,7 @@ func VulnerabilityImageRulesToSchema(in []policy.VulnerabilityImageRule) []inter
 		m["disabled"] = val.Disabled
 		m["effect"] = val.Effect
 		m["grace_days"] = val.GraceDays
+		m["grace_days_policy"] = vulnerabilityImageGraceDaysPolicyToSchema(val.GraceDaysPolicy)
 		m["name"] = val.Name
 		m["notes"] = val.Notes
 		m["only_fixed"] = val.OnlyFixed
@@ -163,3 +178,14 @@ func vulnerabilityImageTagRulesToSchema(in []policy.VulnerabilityImageTagRule) [
 	}
 	return ans
 }
+
+func vulnerabilityImageGraceDaysPolicyToSchema(in policy.VulnerabilityImageGraceDaysPolicy) []interface{} {
+	ans := make([]interface{}, 0, 1)
+	m := make(map[string]interface{})
+	m["low"] = in.Low
+	m["medium"] = in.Medium
+	m["high"] = in.High
+	m["critical"] = in.Critical
+	ans = append(ans, m)
+	return ans
+}
diff --git a/prismacloudcompute/resource_policies_vulnerability_ci_images.go b/prismacloudcompute/resource_policies_vulnerability_ci_images.go
@@ -145,6 +145,32 @@ func resourcePoliciesVulnerabilityCiImage() *schema.Resource {
 							Optional:    true,
 							Description: "Number of days to suppress the rule's block effect. Measured from date the vulnerability was fixed. If there's no fix, measured from the date the vulnerability was published.",
 						},
+						"grace_days_policy": {
+							Type:        schema.TypeList,
+							MaxItems:    1,
+							Optional:    true,
+							Description: "Composite alternative to grace_days. Allows to set the effect for different severity level.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"low": {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+									"medium": {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+									"high": {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+									"critical": {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+								},
+							},
+						},
 						"name": {
 							Type:        schema.TypeString,
 							Optional:    true,
diff --git a/prismacloudcompute/resource_policies_vulnerability_images.go b/prismacloudcompute/resource_policies_vulnerability_images.go
@@ -145,6 +145,32 @@ func resourcePoliciesVulnerabilityImage() *schema.Resource {
 							Optional:    true,
 							Description: "Number of days to suppress the rule's block effect. Measured from date the vulnerability was fixed. If there's no fix, measured from the date the vulnerability was published.",
 						},
+						"grace_days_policy": {
+							Type:        schema.TypeList,
+							MaxItems:    1,
+							Optional:    true,
+							Description: "Composite alternative to grace_days. Allows to set the effect for different severity level.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"low": {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+									"medium": {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+									"high": {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+									"critical": {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+								},
+							},
+						},
 						"name": {
 							Type:        schema.TypeString,
 							Optional:    true,
