Merge pull request #47 from hi-artem/feature/coderepo-compliance

Add coderepo compliance and coderepo compliance ci resources

Author: wfg

internal/api/policy/compliance_coderepo.go

@@ -0,0 +1,81 @@
+package policy
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/PaloAltoNetworks/terraform-provider-prismacloudcompute/internal/api"
+	"github.com/PaloAltoNetworks/terraform-provider-prismacloudcompute/internal/api/collection"
+)
+
+const (
+	ComplianceCodereposEndpoint   = "api/v1/policies/compliance/coderepos"
+	ComplianceCiCodereposEndpoint = "api/v1/policies/compliance/ci/coderepos"
+)
+
+type ComplianceCoderepoPolicy struct {
+	Rules []ComplianceCoderepoRule `json:"rules,omitempty"`
+	Type  string                   `json:"policyType,omitempty"`
+}
+
+type ComplianceCoderepoRule struct {
+	Collections     []collection.Collection           `json:"collections,omitempty"`
+	Disabled        bool                              `json:"disabled"`
+	Effect          string                            `json:"effect,omitempty"`
+	GraceDays       int                               `json:"graceDays,omitempty"`
+	GraceDaysPolicy ComplianceCoderepoGraceDaysPolicy `json:"graceDaysPolicy,omitempty"`
+	Name            string                            `json:"name,omitempty"`
+	Notes           string                            `json:"notes,omitempty"`
+	License         ComplianceCoderepoLicense         `json:"license,omitempty"`
+}
+
+type ComplianceCoderepoLicense struct {
+	AlertThreshold ComplianceCoderepoThreshold `json:"alertThreshold,omitempty"`
+	BlockThreshold ComplianceCoderepoThreshold `json:"blockThreshold,omitempty"`
+	Critical       []string                    `json:"critical,omitempty"`
+	High           []string                    `json:"high,omitempty"`
+	Medium         []string                    `json:"medium,omitempty"`
+	Low            []string                    `json:"low,omitempty"`
+}
+
+type ComplianceCoderepoThreshold struct {
+	Disabled bool `json:"disabled"`
+	Enabled  bool `json:"enabled"`
+	Value    int  `json:"value,omitempty"`
+}
+
+type ComplianceCoderepoGraceDaysPolicy struct {
+	Enabled  bool `json:"enabled,omitempty"`
+	Low      int  `json:"low,omitempty"`
+	Medium   int  `json:"medium,omitempty"`
+	High     int  `json:"high,omitempty"`
+	Critical int  `json:"critical,omitempty"`
+}
+
+// Get the current CI coderepo compliance policy.
+func GetComplianceCiCoderepo(c api.Client) (ComplianceCoderepoPolicy, error) {
+	var ans ComplianceCoderepoPolicy
+	if err := c.Request(http.MethodGet, ComplianceCiCodereposEndpoint, nil, nil, &ans); err != nil {
+		return ans, fmt.Errorf("error getting CI coderepo compliance policy: %s", err)
+	}
+	return ans, nil
+}
+
+// Get the current coderepo compliance policy.
+func GetComplianceCoderepo(c api.Client) (ComplianceCoderepoPolicy, error) {
+	var ans ComplianceCoderepoPolicy
+	if err := c.Request(http.MethodGet, ComplianceCodereposEndpoint, nil, nil, &ans); err != nil {
+		return ans, fmt.Errorf("error getting coderepo compliance policy: %s", err)
+	}
+	return ans, nil
+}
+
+// Update the current CI coderepo compliance policy.
+func UpdateComplianceCiCoderepo(c api.Client, policy ComplianceCoderepoPolicy) error {
+	return c.Request(http.MethodPut, ComplianceCiCodereposEndpoint, nil, policy, nil)
+}
+
+// Update the current coderepo compliance policy.
+func UpdateComplianceCoderepo(c api.Client, policy ComplianceCoderepoPolicy) error {
+	return c.Request(http.MethodPut, ComplianceCodereposEndpoint, nil, policy, nil)
+}

internal/convert/compliance_ci_coderepo.go

@@ -0,0 +1,88 @@
+package convert
+
+import (
+	"github.com/PaloAltoNetworks/terraform-provider-prismacloudcompute/internal/api/policy"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func SchemaToComplianceCiCoderepoRules(d *schema.ResourceData) ([]policy.ComplianceCoderepoRule, error) {
+	parsedRules := make([]policy.ComplianceCoderepoRule, 0)
+	if rules, ok := d.GetOk("rule"); ok {
+		presentRules := rules.([]interface{})
+		for _, val := range presentRules {
+			presentRule := val.(map[string]interface{})
+			parsedRule := policy.ComplianceCoderepoRule{}
+
+			if len(presentRule["license"].([]interface{})) > 0 && presentRule["license"].([]interface{})[0] != nil {
+				presentLicense := presentRule["license"].([]interface{})[0].(map[string]interface{})
+				if len(presentLicense["critical"].([]interface{})) > 0 && presentLicense["critical"].([]interface{})[0] != nil {
+					parsedRule.License.Critical = SchemaToStringSlice(presentLicense["critical"].([]interface{}))
+				}
+				if len(presentLicense["high"].([]interface{})) > 0 && presentLicense["high"].([]interface{})[0] != nil {
+					parsedRule.License.High = SchemaToStringSlice(presentLicense["high"].([]interface{}))
+				}
+				if len(presentLicense["medium"].([]interface{})) > 0 && presentLicense["medium"].([]interface{})[0] != nil {
+					parsedRule.License.Medium = SchemaToStringSlice(presentLicense["medium"].([]interface{}))
+				}
+				if len(presentLicense["low"].([]interface{})) > 0 && presentLicense["low"].([]interface{})[0] != nil {
+					parsedRule.License.Low = SchemaToStringSlice(presentLicense["low"].([]interface{}))
+				}
+				if presentLicense["alert_threshold"].([]interface{})[0] != nil {
+					presentAlertThreshold := presentLicense["alert_threshold"].([]interface{})[0].(map[string]interface{})
+					parsedRule.License.AlertThreshold = policy.ComplianceCoderepoThreshold{
+						Enabled: presentAlertThreshold["enabled"].(bool),
+						Value:   presentAlertThreshold["value"].(int),
+					}
+				}
+				if presentLicense["block_threshold"].([]interface{})[0] != nil {
+					presentBlockThreshold := presentLicense["block_threshold"].([]interface{})[0].(map[string]interface{})
+					parsedRule.License.BlockThreshold = policy.ComplianceCoderepoThreshold{
+						Enabled: presentBlockThreshold["enabled"].(bool),
+						Value:   presentBlockThreshold["value"].(int),
+					}
+				}
+			} else {
+				parsedRule.License = policy.ComplianceCoderepoLicense{}
+			}
+
+			parsedRule.Collections = PolicySchemaToCollections(presentRule["collections"].([]interface{}))
+
+			parsedRule.Disabled = presentRule["disabled"].(bool)
+			parsedRule.Effect = presentRule["effect"].(string)
+			parsedRule.Name = presentRule["name"].(string)
+			parsedRule.Notes = presentRule["notes"].(string)
+
+			parsedRules = append(parsedRules, parsedRule)
+		}
+	}
+	return parsedRules, nil
+}
+
+func ComplianceCoderepoCiRulesToSchema(in []policy.ComplianceCoderepoRule) []interface{} {
+	ans := make([]interface{}, 0, len(in))
+	for _, val := range in {
+		m := make(map[string]interface{})
+		m["collections"] = CollectionsToPolicySchema(val.Collections)
+		m["license"] = complianceCoderepoCiLicenseToSchema(val.License)
+		m["disabled"] = val.Disabled
+		m["effect"] = val.Effect
+		m["name"] = val.Name
+		m["notes"] = val.Notes
+		ans = append(ans, m)
+	}
+	return ans
+}
+
+func complianceCoderepoCiLicenseToSchema(in policy.ComplianceCoderepoLicense) []interface{} {
+	ans := make([]interface{}, 0, 1)
+	m := make(map[string]interface{})
+	m["alert_threshold"] = complianceCoderepoThresholdToSchema(in.AlertThreshold)
+	m["block_threshold"] = complianceCoderepoThresholdToSchema(in.BlockThreshold)
+	m["critical"] = in.Critical
+	m["high"] = in.High
+	m["medium"] = in.Medium
+	m["low"] = in.Low
+
+	ans = append(ans, m)
+	return ans
+}

internal/convert/compliance_coderepo.go

@@ -0,0 +1,89 @@
+package convert
+
+import (
+	"github.com/PaloAltoNetworks/terraform-provider-prismacloudcompute/internal/api/policy"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func SchemaToComplianceCoderepoRules(d *schema.ResourceData) ([]policy.ComplianceCoderepoRule, error) {
+	parsedRules := make([]policy.ComplianceCoderepoRule, 0)
+	if rules, ok := d.GetOk("rule"); ok {
+		presentRules := rules.([]interface{})
+		for _, val := range presentRules {
+			presentRule := val.(map[string]interface{})
+			parsedRule := policy.ComplianceCoderepoRule{}
+
+			if len(presentRule["license"].([]interface{})) > 0 && presentRule["license"].([]interface{})[0] != nil {
+				presentLicense := presentRule["license"].([]interface{})[0].(map[string]interface{})
+				if len(presentLicense["critical"].([]interface{})) > 0 && presentLicense["critical"].([]interface{})[0] != nil {
+					parsedRule.License.Critical = SchemaToStringSlice(presentLicense["critical"].([]interface{}))
+				}
+				if len(presentLicense["high"].([]interface{})) > 0 && presentLicense["high"].([]interface{})[0] != nil {
+					parsedRule.License.High = SchemaToStringSlice(presentLicense["high"].([]interface{}))
+				}
+				if len(presentLicense["medium"].([]interface{})) > 0 && presentLicense["medium"].([]interface{})[0] != nil {
+					parsedRule.License.Medium = SchemaToStringSlice(presentLicense["medium"].([]interface{}))
+				}
+				if len(presentLicense["low"].([]interface{})) > 0 && presentLicense["low"].([]interface{})[0] != nil {
+					parsedRule.License.Low = SchemaToStringSlice(presentLicense["low"].([]interface{}))
+				}
+				if presentLicense["alert_threshold"].([]interface{})[0] != nil {
+					presentAlertThreshold := presentLicense["alert_threshold"].([]interface{})[0].(map[string]interface{})
+					parsedRule.License.AlertThreshold = policy.ComplianceCoderepoThreshold{
+						Enabled: presentAlertThreshold["enabled"].(bool),
+						Value:   presentAlertThreshold["value"].(int),
+					}
+				}
+			} else {
+				parsedRule.License = policy.ComplianceCoderepoLicense{}
+			}
+
+			parsedRule.Collections = PolicySchemaToCollections(presentRule["collections"].([]interface{}))
+
+			parsedRule.Disabled = presentRule["disabled"].(bool)
+			parsedRule.Effect = presentRule["effect"].(string)
+			parsedRule.Name = presentRule["name"].(string)
+			parsedRule.Notes = presentRule["notes"].(string)
+
+			parsedRules = append(parsedRules, parsedRule)
+		}
+	}
+	return parsedRules, nil
+}
+
+func ComplianceCoderepoRulesToSchema(in []policy.ComplianceCoderepoRule) []interface{} {
+	ans := make([]interface{}, 0, len(in))
+	for _, val := range in {
+		m := make(map[string]interface{})
+		m["collections"] = CollectionsToPolicySchema(val.Collections)
+		m["license"] = complianceCoderepoLicenseToSchema(val.License)
+		m["disabled"] = val.Disabled
+		m["effect"] = val.Effect
+		m["name"] = val.Name
+		m["notes"] = val.Notes
+		ans = append(ans, m)
+	}
+	return ans
+}
+
+func complianceCoderepoThresholdToSchema(in policy.ComplianceCoderepoThreshold) []interface{} {
+	ans := make([]interface{}, 0, 1)
+	m := make(map[string]interface{})
+	m["enabled"] = in.Enabled
+	m["value"] = in.Value
+	ans = append(ans, m)
+	return ans
+}
+
+func complianceCoderepoLicenseToSchema(in policy.ComplianceCoderepoLicense) []interface{} {
+	ans := make([]interface{}, 0, 1)
+	m := make(map[string]interface{})
+	m["alert_threshold"] = complianceCoderepoThresholdToSchema(in.AlertThreshold)
+	m["critical"] = in.Critical
+	m["high"] = in.High
+	m["medium"] = in.Medium
+	m["low"] = in.Low
+
+	ans = append(ans, m)
+	return ans
+}

internal/provider/common.go

@@ -3,6 +3,8 @@ package provider
 const (
 	policyTypeAdmission               = "admission"
 	policyTypeComplianceCiImage       = "ciImagesCompliance"
+	policyTypeComplianceCoderepo      = "codeRepoCompliance"
+	policyTypeComplianceCiCoderepo    = "ciCodeRepoCompliance"
 	policyTypeComplianceContainer     = "containerCompliance"
 	policyTypeComplianceHost          = "hostCompliance"
 	policyTypeRuntimeContainer        = "containerRuntime"

internal/provider/provider.go

@@ -64,6 +64,8 @@ func Provider() *schema.Provider {
 			"prismacloudcompute_ci_coderepo_vulnerability_policy": resourcePoliciesVulnerabilityCiCoderepo(),
 			"prismacloudcompute_ci_image_vulnerability_policy":    resourcePoliciesVulnerabilityCiImage(),
 			"prismacloudcompute_coderepo_vulnerability_policy":    resourcePoliciesVulnerabilityCoderepo(),
+			"prismacloudcompute_coderepo_compliance_policy":       resourcePoliciesComplianceCoderepo(),
+			"prismacloudcompute_ci_coderepo_compliance_policy":    resourcePoliciesComplianceCiCoderepo(),
 			"prismacloudcompute_host_vulnerability_policy":        resourcePoliciesVulnerabilityHost(),
 			"prismacloudcompute_image_vulnerability_policy":       resourcePoliciesVulnerabilityImage(),
 			"prismacloudcompute_registry_settings":                resourceRegistry(),