Merge pull request #219 from yossig-aquasec/risk_acknowledge

feat: adding support for security acknowledge

Author: semyonmor

GNUmakefile

@@ -6,7 +6,7 @@ HOSTNAME	 := github.com
 NAMESPACE	 := aquasec
 NAME 		 := aquasec
 BINARY		 := terraform-provider-${NAME}
-VERSION      := 0.8.17
+VERSION      := 0.8.18
 OS_ARCH      := $(shell go env GOOS)_$(shell go env GOARCH)
 
 default: build

aquasec/data_acknowledge.go

@@ -0,0 +1,193 @@
+package aquasec
+
+import (
+	"github.com/aquasecurity/terraform-provider-aquasec/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"log"
+)
+
+func dataSourceAcknowledges() *schema.Resource {
+	return &schema.Resource{
+		Description: "The data source `aquasec_acknowledges` provides a method to query all acknowledges within the Aqua ",
+		Read:        dataAcknowledgesRead,
+		Schema: map[string]*schema.Schema{
+			"acknowledges": {
+				Type:        schema.TypeList,
+				Description: "A list of existing security acknowledges.",
+				Computed:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"issue_type": {
+							Type:        schema.TypeString,
+							Description: "The type of the security issue (either 'vulnerability', 'sensitive_data' or 'malware')",
+							Computed:    true,
+						},
+						"resource_type": {
+							Type:        schema.TypeString,
+							Description: "The type of the resource where the issue was detected (either 'package', 'file' or 'executable')",
+							Computed:    true,
+						},
+						"image_name": {
+							Type:        schema.TypeString,
+							Description: "Only acknowledge the issue in the context of the specified image (also requires 'registry_name')",
+							Computed:    true,
+						},
+						"registry_name": {
+							Type:        schema.TypeString,
+							Description: "Only acknowledge the issue in the context of the specified repository (also requires 'registry_name').",
+							Computed:    true,
+						},
+						"resource_name": {
+							Type:        schema.TypeString,
+							Description: "When the resource_type is 'package', the name of the package is required.",
+							Computed:    true,
+						},
+						"resource_version": {
+							Type:        schema.TypeString,
+							Description: "When the resource_type is 'package', the version of the package is required",
+							Computed:    true,
+						},
+						"resource_format": {
+							Type:        schema.TypeString,
+							Description: "The format of the resource.",
+							Computed:    true,
+						},
+						"resource_cpe": {
+							Type:        schema.TypeString,
+							Description: "The CPE of the resource as listed in the issue by the Aqua API. This is required for resources of type 'executable'. For packages and files, the next parameters can be specified instead.",
+							Computed:    true,
+						},
+						"resource_path": {
+							Type:        schema.TypeString,
+							Description: "The path of the resource. This is required for resources of type 'file' and 'executable'.",
+							Computed:    true,
+						},
+						"resource_hash": {
+							Type:        schema.TypeString,
+							Description: "When the resource_type is 'file', the hash of the file is required",
+							Computed:    true,
+						},
+						"issue_name": {
+							Type:        schema.TypeString,
+							Description: "The name of the security issue (the CVE or security advisory for vulnerabilities, name of malware or type of sensitive data)",
+							Computed:    true,
+						},
+						"comment": {
+							Type:        schema.TypeString,
+							Description: "A comment describing the reason for the acknowledgment",
+							Computed:    true,
+						},
+						"author": {
+							Type:        schema.TypeString,
+							Description: "The user who acknowledged the issue.",
+							Computed:    true,
+						},
+						"date": {
+							Type:        schema.TypeString,
+							Description: "The date and time of the acknowledgment.",
+							Computed:    true,
+						},
+						"fix_version": {
+							Type:        schema.TypeString,
+							Description: "The version of the package that having a fix for the issue.",
+							Computed:    true,
+						},
+						"expiration_days": {
+							Type:        schema.TypeInt,
+							Description: "Number of days until expiration of the acknowledgement. The value must be integer from 1 to 999, inclusive.",
+							Computed:    true,
+						},
+						"expiration_configured_at": {
+							Type:        schema.TypeString,
+							Description: "The current dat and time when the expiration was set",
+							Computed:    true,
+						},
+						"expiration_configured_by": {
+							Type:        schema.TypeString,
+							Description: "The user who set the expiration of the issue.",
+							Computed:    true,
+						},
+						"permission": {
+							Type:        schema.TypeString,
+							Description: "The permissions of the user who acknowledged the issue.",
+							Computed:    true,
+						},
+						"os": {
+							Type:        schema.TypeString,
+							Description: "When the resource_type is 'package', the operating system is required (e.g., 'ubuntu', 'alpine').",
+							Computed:    true,
+						},
+						"os_version": {
+							Type:        schema.TypeString,
+							Description: "When the resource_type is 'package', the operating system version is required.",
+							Computed:    true,
+						},
+						"docker_id": {
+							Type:        schema.TypeString,
+							Description: "",
+							Computed:    true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataAcknowledgesRead(d *schema.ResourceData, m interface{}) error {
+	log.Println("[DEBUG]  inside dataAcknowledges")
+	c := m.(*client.Client)
+	result, err := c.AcknowledgeRead()
+	if err == nil {
+		acknowledges, id := flattenAcknowledgesData(result)
+		d.SetId(id)
+		if err := d.Set("acknowledges", acknowledges); err != nil {
+			return err
+		}
+	} else {
+		return err
+	}
+
+	return nil
+}
+
+func flattenAcknowledgesData(acknowledgesList *client.AcknowledgeList) ([]interface{}, string) {
+	id := ""
+	acknowledges := acknowledgesList.Result
+	if acknowledges != nil {
+		acks := make([]interface{}, len(acknowledges), len(acknowledges))
+
+		for i, acknowledge := range acknowledges {
+			id = id + acknowledge.IssueName
+			a := make(map[string]interface{})
+
+			a["issue_type"] = acknowledge.IssueType
+			a["resource_type"] = acknowledge.ResourceType
+			a["image_name"] = acknowledge.ImageName
+			a["registry_name"] = acknowledge.RegistryName
+			a["resource_name"] = acknowledge.ResourceName
+			a["resource_version"] = acknowledge.ResourceVersion
+			a["resource_format"] = acknowledge.ResourceFormat
+			a["resource_cpe"] = acknowledge.ResourceCpe
+			a["resource_path"] = acknowledge.ResourcePath
+			a["resource_hash"] = acknowledge.ResourceHash
+			a["issue_name"] = acknowledge.IssueName
+			a["comment"] = acknowledge.Comment
+			a["author"] = acknowledge.Author
+			a["date"] = acknowledge.Date.String()
+			a["fix_version"] = acknowledge.FixVersion
+			a["expiration_days"] = acknowledge.ExpirationDays
+			a["expiration_configured_at"] = acknowledge.ExpirationConfiguredAt.String()
+			a["expiration_configured_by"] = acknowledge.ExpirationConfiguredBy
+			a["permission"] = acknowledge.Permission
+			a["os"] = acknowledge.Os
+			a["os_version"] = acknowledge.OsVersion
+			a["docker_id"] = acknowledge.DockerId
+			acks[i] = a
+		}
+
+		return acks, id
+	}
+
+	return make([]interface{}, 0), ""
+}

aquasec/data_acknowledge_test.go

@@ -0,0 +1,44 @@
+package aquasec
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+func TestDataAcknowledge(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckAcknowledgeDataSource(),
+				Check:  testAccCheckAcknowledgeDataSourceExists("data.aquasec_acknowledges.acknowledge"),
+			},
+		},
+	})
+}
+
+func testAccCheckAcknowledgeDataSource() string {
+	return `
+	data "aquasec_acknowledges" "acknowledge" {}
+	`
+}
+
+func testAccCheckAcknowledgeDataSourceExists(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+
+		if !ok {
+			return NewNotFoundErrorf("%s in state", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return NewNotFoundErrorf("ID for %s in state", n)
+		}
+
+		return nil
+	}
+}

aquasec/data_aqua_labels_test.go

@@ -33,6 +33,7 @@ func testAccCheckAquasecAquaLabelsDataSource(name, description string) string {
 	}
 
 	data "aquasec_aqua_labels" "test_aqua_labels" {
+	depends_on = [aquasec_aqua_label.new]
 	}
 	`, name, description)
 

aquasec/provider.go

@@ -85,6 +85,7 @@ func Provider(v string) *schema.Provider {
 			//"aquasec_sso":						 resourceSSO(),
 			"aquasec_role_mapping": resourceRoleMapping(),
 			"aquasec_aqua_label":   resourceAquaLabels(),
+			"aquasec_acknowledge":  resourceAcknowledge(),
 			//saas
 			"aquasec_group":             resourceGroup(),
 			"aquasec_user_saas":         resourceUserSaas(),
@@ -112,6 +113,7 @@ func Provider(v string) *schema.Provider {
 			//"aquasec_sso":						 	dataSourceSSO(),
 			"aquasec_roles_mapping": dataSourceRolesMapping(),
 			"aquasec_aqua_labels":   dataSourceAquaLabels(),
+			"aquasec_acknowledges":  dataSourceAcknowledges(),
 			//saas:
 			"aquasec_groups":             dataSourceGroups(),
 			"aquasec_users_saas":         dataSourceUsersSaas(),