Coderepo vulnerability policies (#1)

* add vulnerabilities policies for coderepo & coderepo ci

* fmt

Author: pnancarrow

internal/api/policy/vulnerability_coderepo.go

@@ -0,0 +1,98 @@
+package policy
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/PaloAltoNetworks/terraform-provider-prismacloudcompute/internal/api"
+	"github.com/PaloAltoNetworks/terraform-provider-prismacloudcompute/internal/api/collection"
+)
+
+const (
+	VulnerabilityCodereposEndpoint   = "api/v1/policies/vulnerability/coderepos"
+	VulnerabilityCiCodereposEndpoint = "api/v1/policies/vulnerability/ci/coderepos"
+)
+
+type VulnerabilityCoderepoPolicy struct {
+	Rules []VulnerabilityCoderepoRule `json:"rules,omitempty"`
+	Type  string                      `json:"policyType,omitempty"`
+}
+
+type VulnerabilityCoderepoRule struct {
+	AlertThreshold  VulnerabilityCoderepoThreshold       `json:"alertThreshold,omitempty"`
+	BlockMessage    string                               `json:"blockMsg,omitempty"`
+	BlockThreshold  VulnerabilityCoderepoThreshold       `json:"blockThreshold,omitempty"`
+	Collections     []collection.Collection              `json:"collections,omitempty"`
+	CreatePR        bool                                 `json:"createPR,omitempty"`
+	CveRules        []VulnerabilityCoderepoCveRule       `json:"cveRules,omitempty"`
+	Disabled        bool                                 `json:"disabled"`
+	Effect          string                               `json:"effect,omitempty"`
+	GraceDays       int                                  `json:"graceDays,omitempty"`
+	GraceDaysPolicy VulnerabilityCoderepoGraceDaysPolicy `json:"graceDaysPolicy,omitempty"`
+	Name            string                               `json:"name,omitempty"`
+	Notes           string                               `json:"notes,omitempty"`
+	OnlyFixed       bool                                 `json:"onlyFixed"`
+	TagRules        []VulnerabilityCoderepoTagRule       `json:"tags,omitempty"`
+	Verbose         bool                                 `json:"verbose"`
+}
+
+type VulnerabilityCoderepoCveRule struct {
+	Description string                          `json:"description,omitempty"`
+	Effect      string                          `json:"effect,omitempty"`
+	Expiration  VulnerabilityCoderepoExpiration `json:"expiration,omitempty"`
+	Id          string                          `json:"id,omitempty"`
+}
+
+type VulnerabilityCoderepoExpiration struct {
+	Date    string `json:"date,omitempty"`
+	Enabled bool   `json:"enabled"`
+}
+
+type VulnerabilityCoderepoTagRule struct {
+	Description string                          `json:"description,omitempty"`
+	Effect      string                          `json:"effect,omitempty"`
+	Expiration  VulnerabilityCoderepoExpiration `json:"expiration,omitempty"`
+	Name        string                          `json:"name,omitempty"`
+}
+
+type VulnerabilityCoderepoThreshold struct {
+	Disabled bool `json:"disabled"`
+	Enabled  bool `json:"enabled"`
+	Value    int  `json:"value,omitempty"`
+}
+
+type VulnerabilityCoderepoGraceDaysPolicy struct {
+	Enabled  bool `json:"enabled,omitempty"`
+	Low      int  `json:"low,omitempty"`
+	Medium   int  `json:"medium,omitempty"`
+	High     int  `json:"high,omitempty"`
+	Critical int  `json:"critical,omitempty"`
+}
+
+// Get the current CI coderepo vulnerability policy.
+func GetVulnerabilityCiCoderepo(c api.Client) (VulnerabilityCoderepoPolicy, error) {
+	var ans VulnerabilityCoderepoPolicy
+	if err := c.Request(http.MethodGet, VulnerabilityCiCodereposEndpoint, nil, nil, &ans); err != nil {
+		return ans, fmt.Errorf("error getting CI coderepo vulnerability policy: %s", err)
+	}
+	return ans, nil
+}
+
+// Get the current coderepo vulnerability policy.
+func GetVulnerabilityCoderepo(c api.Client) (VulnerabilityCoderepoPolicy, error) {
+	var ans VulnerabilityCoderepoPolicy
+	if err := c.Request(http.MethodGet, VulnerabilityCodereposEndpoint, nil, nil, &ans); err != nil {
+		return ans, fmt.Errorf("error getting coderepo vulnerability policy: %s", err)
+	}
+	return ans, nil
+}
+
+// Update the current CI coderepo vulnerability policy.
+func UpdateVulnerabilityCiCoderepo(c api.Client, policy VulnerabilityCoderepoPolicy) error {
+	return c.Request(http.MethodPut, VulnerabilityCiCodereposEndpoint, nil, policy, nil)
+}
+
+// Update the current coderepo vulnerability policy.
+func UpdateVulnerabilityCoderepo(c api.Client, policy VulnerabilityCoderepoPolicy) error {
+	return c.Request(http.MethodPut, VulnerabilityCodereposEndpoint, nil, policy, nil)
+}

internal/convert/vulnerability_ci_coderepo.go

@@ -0,0 +1,191 @@
+package convert
+
+import (
+	"github.com/PaloAltoNetworks/terraform-provider-prismacloudcompute/internal/api/policy"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func SchemaToVulnerabilityCiCoderepoRules(d *schema.ResourceData) ([]policy.VulnerabilityCoderepoRule, error) {
+	parsedRules := make([]policy.VulnerabilityCoderepoRule, 0)
+	if rules, ok := d.GetOk("rule"); ok {
+		presentRules := rules.([]interface{})
+		for _, val := range presentRules {
+			presentRule := val.(map[string]interface{})
+			parsedRule := policy.VulnerabilityCoderepoRule{}
+
+			if presentRule["alert_threshold"].([]interface{})[0] != nil {
+				presentAlertThreshold := presentRule["alert_threshold"].([]interface{})[0].(map[string]interface{})
+				parsedRule.AlertThreshold = policy.VulnerabilityCoderepoThreshold{
+					Disabled: presentAlertThreshold["disabled"].(bool),
+					Value:    presentAlertThreshold["value"].(int),
+				}
+			} else {
+				parsedRule.AlertThreshold = policy.VulnerabilityCoderepoThreshold{}
+			}
+
+			parsedRule.BlockMessage = presentRule["block_message"].(string)
+
+			if presentRule["block_threshold"].([]interface{})[0] != nil {
+				presentBlockThreshold := presentRule["block_threshold"].([]interface{})[0].(map[string]interface{})
+				parsedRule.BlockThreshold = policy.VulnerabilityCoderepoThreshold{
+					Enabled: presentBlockThreshold["enabled"].(bool),
+					Value:   presentBlockThreshold["value"].(int),
+				}
+			} else {
+				parsedRule.BlockThreshold = policy.VulnerabilityCoderepoThreshold{}
+			}
+
+			parsedRule.Collections = PolicySchemaToCollections(presentRule["collections"].([]interface{}))
+
+			presentCveRules := presentRule["cve_rule"].([]interface{})
+			parsedCveRules := make([]policy.VulnerabilityCoderepoCveRule, 0, len(presentCveRules))
+			for _, val := range presentCveRules {
+				presentCveRule := val.(map[string]interface{})
+				parsedCveRules = append(parsedCveRules, policy.VulnerabilityCoderepoCveRule{
+					Description: presentCveRule["description"].(string),
+					Effect:      presentCveRule["effect"].(string),
+					Expiration:  schemaToVulnerabilityCiCoderepoExpiration(presentCveRule["expiration"].([]interface{})),
+					Id:          presentCveRule["id"].(string),
+				})
+			}
+			parsedRule.CveRules = parsedCveRules
+
+			parsedRule.Disabled = presentRule["disabled"].(bool)
+			parsedRule.Effect = presentRule["effect"].(string)
+
+			if len(presentRule["grace_days_policy"].([]interface{})) > 0 && presentRule["grace_days_policy"].([]interface{})[0] != nil {
+				presentGraceDaysPolicy := presentRule["grace_days_policy"].([]interface{})[0].(map[string]interface{})
+				parsedRule.GraceDaysPolicy = policy.VulnerabilityCoderepoGraceDaysPolicy{
+					Enabled:  true,
+					Low:      presentGraceDaysPolicy["low"].(int),
+					Medium:   presentGraceDaysPolicy["medium"].(int),
+					High:     presentGraceDaysPolicy["high"].(int),
+					Critical: presentGraceDaysPolicy["critical"].(int),
+				}
+				parsedRule.GraceDays = 0
+			} else {
+				parsedRule.GraceDays = presentRule["grace_days"].(int)
+			}
+
+			parsedRule.Name = presentRule["name"].(string)
+			parsedRule.Notes = presentRule["notes"].(string)
+			parsedRule.OnlyFixed = presentRule["only_fixed"].(bool)
+
+			presentTagRules := presentRule["tag_rule"].([]interface{})
+			parsedTagRules := make([]policy.VulnerabilityCoderepoTagRule, 0, len(presentTagRules))
+			for _, val := range presentTagRules {
+				presentTagRule := val.(map[string]interface{})
+				parsedTagRules = append(parsedTagRules, policy.VulnerabilityCoderepoTagRule{
+					Description: presentTagRule["description"].(string),
+					Effect:      presentTagRule["effect"].(string),
+					Expiration:  schemaToVulnerabilityCiCoderepoExpiration(presentTagRule["expiration"].([]interface{})),
+					Name:        presentTagRule["name"].(string),
+				})
+			}
+			parsedRule.TagRules = parsedTagRules
+
+			parsedRule.Verbose = presentRule["verbose"].(bool)
+
+			parsedRules = append(parsedRules, parsedRule)
+		}
+	}
+	return parsedRules, nil
+}
+
+func schemaToVulnerabilityCiCoderepoExpiration(in []interface{}) policy.VulnerabilityCoderepoExpiration {
+	parsedExpiration := policy.VulnerabilityCoderepoExpiration{}
+	if in[0] == nil {
+		return parsedExpiration
+	}
+	presentExpiration := in[0].(map[string]interface{})
+	parsedExpiration.Date = presentExpiration["date"].(string)
+	parsedExpiration.Enabled = presentExpiration["enabled"].(bool)
+	return parsedExpiration
+}
+
+func VulnerabilityCiCoderepoRulesToSchema(in []policy.VulnerabilityCoderepoRule) []interface{} {
+	ans := make([]interface{}, 0, len(in))
+	for _, val := range in {
+		m := make(map[string]interface{})
+		m["alert_threshold"] = vulnerabilityCiCoderepoAlertThresholdToSchema(val.AlertThreshold)
+		m["block_message"] = val.BlockMessage
+		m["block_threshold"] = vulnerabilityCiCoderepoBlockThresholdToSchema(val.BlockThreshold)
+		m["collections"] = CollectionsToPolicySchema(val.Collections)
+		m["cve_rule"] = vulnerabilityCiCoderepoCveRulesToSchema(val.CveRules)
+		m["disabled"] = val.Disabled
+		m["effect"] = val.Effect
+		m["grace_days"] = val.GraceDays
+		m["grace_days_policy"] = vulnerabilityCiCoderepoGraceDaysPolicyToSchema(val.GraceDaysPolicy)
+		m["name"] = val.Name
+		m["notes"] = val.Notes
+		m["only_fixed"] = val.OnlyFixed
+		m["tag_rule"] = vulnerabilityCiCoderepoTagRulesToSchema(val.TagRules)
+		m["verbose"] = val.Verbose
+		ans = append(ans, m)
+	}
+	return ans
+}
+
+func vulnerabilityCiCoderepoAlertThresholdToSchema(in policy.VulnerabilityCoderepoThreshold) []interface{} {
+	ans := make([]interface{}, 0, 1)
+	m := make(map[string]interface{})
+	m["disabled"] = in.Disabled
+	m["value"] = in.Value
+	ans = append(ans, m)
+	return ans
+}
+
+func vulnerabilityCiCoderepoBlockThresholdToSchema(in policy.VulnerabilityCoderepoThreshold) []interface{} {
+	ans := make([]interface{}, 0, 1)
+	m := make(map[string]interface{})
+	m["enabled"] = in.Enabled
+	m["value"] = in.Value
+	ans = append(ans, m)
+	return ans
+}
+
+func vulnerabilityCiCoderepoCveRulesToSchema(in []policy.VulnerabilityCoderepoCveRule) []interface{} {
+	ans := make([]interface{}, 0, len(in))
+	for _, val := range in {
+		m := make(map[string]interface{})
+		m["description"] = val.Description
+		m["effect"] = val.Effect
+		m["expiration"] = vulnerabilityCoderepoExpirationToSchema(val.Expiration)
+		m["id"] = val.Id
+		ans = append(ans, m)
+	}
+	return ans
+}
+
+func vulnerabilityCiCoderepoExpirationToSchema(in policy.VulnerabilityCoderepoExpiration) []interface{} {
+	ans := make([]interface{}, 0, 1)
+	m := make(map[string]interface{})
+	m["date"] = in.Date
+	m["enabled"] = in.Enabled
+	ans = append(ans, m)
+	return ans
+}
+
+func vulnerabilityCiCoderepoTagRulesToSchema(in []policy.VulnerabilityCoderepoTagRule) []interface{} {
+	ans := make([]interface{}, 0, len(in))
+	for _, val := range in {
+		m := make(map[string]interface{})
+		m["description"] = val.Description
+		m["effect"] = val.Effect
+		m["expiration"] = vulnerabilityCoderepoExpirationToSchema(val.Expiration)
+		m["name"] = val.Name
+		ans = append(ans, m)
+	}
+	return ans
+}
+
+func vulnerabilityCiCoderepoGraceDaysPolicyToSchema(in policy.VulnerabilityCoderepoGraceDaysPolicy) []interface{} {
+	ans := make([]interface{}, 0, 1)
+	m := make(map[string]interface{})
+	m["low"] = in.Low
+	m["medium"] = in.Medium
+	m["high"] = in.High
+	m["critical"] = in.Critical
+	ans = append(ans, m)
+	return ans
+}