Merge pull request #328 from aquasecurity/SLK-99905

fix: TP | Fix aquasec_enforcer_group for host_forensics

Author: semyonm0r

aquasec/data_enforcer_group.go

@@ -1,16 +1,18 @@
 package aquasec
 
 import (
+	"context"
 	"log"
 
 	"github.com/aquasecurity/terraform-provider-aquasec/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
 func dataSourceEnforcerGroup() *schema.Resource {
 	return &schema.Resource{
 		Description: "The data source `aquasec_enforcer_groups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command.",
-		Read:        dataEnforcerGroupRead,
+		ReadContext: dataEnforcerGroupRead,
 		Schema: map[string]*schema.Schema{
 			"group_id": {
 				Type:        schema.TypeString,
@@ -80,7 +82,7 @@ func dataSourceEnforcerGroup() *schema.Resource {
 				Description: "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.",
 				Optional:    true,
 			},
-			"host_forensics": {
+			"host_forensics_collection": {
 				Type:        schema.TypeBool,
 				Description: "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.",
 				Optional:    true,
@@ -386,11 +388,42 @@ func dataSourceEnforcerGroup() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"schedule_scan_settings": {
+				Type:        schema.TypeList,
+				Description: "Scheduling scan time for which you are creating the Enforcer group.",
+				Computed:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"disabled": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"is_custom": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"days": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeInt,
+							},
+						},
+						"time": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeInt,
+							},
+						},
+					},
+				},
+			},
 		},
 	}
 }
 
-func dataEnforcerGroupRead(d *schema.ResourceData, m interface{}) error {
+func dataEnforcerGroupRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	ac := m.(*client.Client)
 	name := d.Get("group_id").(string)
 	group, err := ac.GetEnforcerGroup(name)
@@ -408,7 +441,7 @@ func dataEnforcerGroupRead(d *schema.ResourceData, m interface{}) error {
 		d.Set("behavioral_engine", group.BehavioralEngine)
 		d.Set("host_behavioral_engine", group.HostBehavioralEngine)
 		d.Set("forensics", group.ContainerForensicsCollection)
-		d.Set("host_forensics", group.HostForensicsCollection)
+		d.Set("host_forensics_collection", group.HostForensicsCollection)
 		d.Set("host_network_protection", group.HostNetworkProtection)
 		d.Set("user_access_control", group.UserAccessControl)
 		d.Set("image_assurance", group.ImageAssurance)
@@ -418,6 +451,7 @@ func dataEnforcerGroupRead(d *schema.ResourceData, m interface{}) error {
 		d.Set("token", group.Token)
 		d.Set("command", flattenCommands(group.Command))
 		d.Set("orchestrator", flattenOrchestrators(group.Orchestrator))
+		d.Set("schedule_scan_settings", flattenScheduleScanSettings(group.ScheduleScanSettings))
 		d.Set("type", group.Type)
 		d.Set("host_os", group.HostOs)
 		d.Set("install_command", group.InstallCommand)
@@ -460,7 +494,7 @@ func dataEnforcerGroupRead(d *schema.ResourceData, m interface{}) error {
 		log.Println("[DEBUG]  setting id: ", name)
 		d.SetId(name)
 	} else {
-		return err
+		return diag.FromErr(err)
 	}
 	//gateways := d.Get("gateways").([]interface{})
 
@@ -482,6 +516,21 @@ func flattenOrchestrator(Orch client.EnforcerOrchestrator) map[string]interface{
 	}
 }
 
+func flattenScheduleScanSetting(setting client.EnforcerScheduleScanSettings) map[string]interface{} {
+	return map[string]interface{}{
+		"disabled":  setting.Disabled,
+		"is_custom": setting.IsCustom,
+		"days":      setting.Days,
+		"time":      setting.Time,
+	}
+}
+
+func flattenScheduleScanSettings(setting client.EnforcerScheduleScanSettings) []map[string]interface{} {
+	set := make([]map[string]interface{}, 1)
+	set[0] = flattenScheduleScanSetting(setting)
+	return set
+}
+
 func flattenCommands(Command client.EnforcerCommand) []map[string]interface{} {
 	comm := make([]map[string]interface{}, 1)
 	comm[0] = flattenCommand(Command)

aquasec/data_enforcer_group_test.go

@@ -20,9 +20,10 @@ func TestAquasecEnforcerGroupDatasource(t *testing.T) {
 		Gateways: []string{
 			"3ef9a43f2693_gateway",
 		},
-		Type:              "agent",
-		EnforcerImageName: "registry.aquasec.com/enforcer:6.5.22034",
-		Orchestrator:      client.EnforcerOrchestrator{},
+		Type:                 "agent",
+		EnforcerImageName:    "registry.aquasec.com/enforcer:6.5.22034",
+		Orchestrator:         client.EnforcerOrchestrator{},
+		ScheduleScanSettings: client.EnforcerScheduleScanSettings{},
 	}
 
 	resource.Test(t, resource.TestCase{
@@ -53,6 +54,12 @@ func testAccCheckAquasecEnforcerGroupDataSource(enforcerGroup client.EnforcerGro
 			namespace = "%s"
 			master = "%v"
 		}
+		schedule_scan_settings {
+			disabled  = %v
+			is_custom = %v
+			days      = [0, 1, 2, 3, 4, 5, 6]
+			time      = [3, 0]
+		}
 	}
 	data "aquasec_enforcer_groups" "testegdata" {
 		group_id = aquasec_enforcer_groups.testegdata.group_id
@@ -70,7 +77,9 @@ func testAccCheckAquasecEnforcerGroupDataSource(enforcerGroup client.EnforcerGro
 		enforcerGroup.Orchestrator.Type,
 		enforcerGroup.Orchestrator.ServiceAccount,
 		enforcerGroup.Orchestrator.Namespace,
-		enforcerGroup.Orchestrator.Master)
+		enforcerGroup.Orchestrator.Master,
+		enforcerGroup.ScheduleScanSettings.Disabled,
+		enforcerGroup.ScheduleScanSettings.IsCustom)
 
 }
 

aquasec/resource_enforcer_group.go

@@ -1,22 +1,24 @@
 package aquasec
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"strings"
 	"time"
 
 	"github.com/aquasecurity/terraform-provider-aquasec/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
 func resourceEnforcerGroup() *schema.Resource {
 	return &schema.Resource{
-		Create: resourceEnforcerGroupCreate,
-		Read:   resourceEnforcerGroupRead,
-		Update: resourceEnforcerGroupUpdate,
-		Delete: resourceEnforcerGroupDelete,
+		CreateContext: resourceEnforcerGroupCreate,
+		ReadContext:   resourceEnforcerGroupRead,
+		UpdateContext: resourceEnforcerGroupUpdate,
+		DeleteContext: resourceEnforcerGroupDelete,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},
@@ -204,7 +206,7 @@ func resourceEnforcerGroup() *schema.Resource {
 				Description: "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`",
 				Optional:    true,
 			},
-			"host_forensics": {
+			"host_forensics_collection": {
 				Type:        schema.TypeBool,
 				Description: "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.",
 				Optional:    true,
@@ -372,6 +374,37 @@ func resourceEnforcerGroup() *schema.Resource {
 				Optional:     true,
 				ValidateFunc: validation.StringInSlice([]string{"docker", "crio", "containerd", "garden"}, false),
 			},
+			"schedule_scan_settings": {
+				Type:        schema.TypeList,
+				Description: "Scheduling scan time for which you are creating the Enforcer group.",
+				Optional:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"disabled": {
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
+						"is_custom": {
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
+						"days": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeInt,
+							},
+						},
+						"time": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeInt,
+							},
+						},
+					},
+				},
+			},
 			"sync_host_images": {
 				Type:        schema.TypeBool,
 				Description: "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images > Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).",
@@ -403,28 +436,24 @@ func resourceEnforcerGroup() *schema.Resource {
 	}
 }
 
-func resourceEnforcerGroupCreate(d *schema.ResourceData, m interface{}) error {
+func resourceEnforcerGroupCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	ac := m.(*client.Client)
 
 	group := expandEnforcerGroup(d)
 	err := ac.CreateEnforcerGroup(group)
 
 	if err != nil {
-		return err
+		return diag.FromErr(err)
 	}
 
-	err = resourceEnforcerGroupRead(d, m)
-
-	if err == nil {
-		d.SetId(d.Get("group_id").(string))
-	} else {
-		return err
+	if diags := resourceEnforcerGroupRead(ctx, d, m); diags.HasError() {
+		return diags
 	}
-
+	d.SetId(d.Get("group_id").(string))
 	return nil
 }
 
-func resourceEnforcerGroupRead(d *schema.ResourceData, m interface{}) error {
+func resourceEnforcerGroupRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	var name string
 	ac := m.(*client.Client)
 	groupId, ok := d.GetOk("group_id")
@@ -442,7 +471,7 @@ func resourceEnforcerGroupRead(d *schema.ResourceData, m interface{}) error {
 			d.SetId("")
 			return nil
 		}
-		return err
+		return diag.FromErr(err)
 	}
 
 	d.Set("group_id", r.ID)
@@ -460,7 +489,7 @@ func resourceEnforcerGroupRead(d *schema.ResourceData, m interface{}) error {
 	d.Set("behavioral_engine", r.BehavioralEngine)
 	d.Set("host_behavioral_engine", r.BehavioralEngine)
 	d.Set("forensics", r.ContainerForensicsCollection)
-	d.Set("host_forensics", r.HostForensicsCollection)
+	d.Set("host_forensics_collection", r.HostForensicsCollection)
 	d.Set("host_network_protection", r.HostNetworkProtection)
 	d.Set("user_access_control", r.UserAccessControl)
 	d.Set("image_assurance", r.ImageAssurance)
@@ -470,6 +499,7 @@ func resourceEnforcerGroupRead(d *schema.ResourceData, m interface{}) error {
 	d.Set("token", r.Token)
 	d.Set("command", flattenCommands(r.Command))
 	d.Set("orchestrator", flattenOrchestrators(r.Orchestrator))
+	d.Set("schedule_scan_settings", flattenScheduleScanSettings(r.ScheduleScanSettings))
 	d.Set("host_os", r.HostOs)
 	d.Set("install_command", r.InstallCommand)
 	d.Set("hosts_count", r.HostsCount)
@@ -511,8 +541,7 @@ func resourceEnforcerGroupRead(d *schema.ResourceData, m interface{}) error {
 	return nil
 }
 
-func resourceEnforcerGroupUpdate(d *schema.ResourceData, m interface{}) error {
-
+func resourceEnforcerGroupUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	if d.HasChanges("admission_control",
 		"allow_kube_enforcer_audit",
 		"allowed_applications",
@@ -537,6 +566,7 @@ func resourceEnforcerGroupUpdate(d *schema.ResourceData, m interface{}) error {
 		"host_os",
 		"host_protection",
 		"host_user_protection",
+		"host_forensics_collection",
 		"image_assurance",
 		"kube_bench_image_name",
 		"logical_name",
@@ -553,6 +583,7 @@ func resourceEnforcerGroupUpdate(d *schema.ResourceData, m interface{}) error {
 		"type",
 		"user_access_control",
 		"orchestrator",
+		"schedule_scan_settings",
 	) {
 
 		ac := m.(*client.Client)
@@ -561,23 +592,23 @@ func resourceEnforcerGroupUpdate(d *schema.ResourceData, m interface{}) error {
 		err := ac.UpdateEnforcerGroup(group)
 
 		if err == nil {
-			_ = d.Set("last_updated", time.Now().Format(time.RFC850))
+			_ = d.Set("last_update", time.Now().Unix())
 		} else {
 			log.Println("[DEBUG]  error while updating enforcer r: ", err)
-			return err
+			return diag.FromErr(err)
 		}
 	}
 	return nil
 }
 
-func resourceEnforcerGroupDelete(d *schema.ResourceData, m interface{}) error {
+func resourceEnforcerGroupDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	ac := m.(*client.Client)
 	name := d.Id()
 	err := ac.DeleteEnforcerGroup(name)
 	if err != nil {
-		return err
+		return diag.FromErr(err)
 	}
-	return err
+	return diag.FromErr(err)
 }
 
 func expandEnforcerGroup(d *schema.ResourceData) client.EnforcerGroup {
@@ -714,7 +745,7 @@ func expandEnforcerGroup(d *schema.ResourceData) client.EnforcerGroup {
 		enforcerGroup.HostBehavioralEngine = hostBehavioralEngine.(bool)
 	}
 
-	hostForensics, ok := d.GetOk("host_forensics")
+	hostForensics, ok := d.GetOk("host_forensics_collection")
 	if ok {
 		enforcerGroup.HostForensicsCollection = hostForensics.(bool)
 	}
@@ -827,5 +858,33 @@ func expandEnforcerGroup(d *schema.ResourceData) client.EnforcerGroup {
 		}
 	}
 
+	if v, ok := d.GetOk("schedule_scan_settings"); ok {
+		scanSettingsList := v.([]interface{})
+		if len(scanSettingsList) > 0 && scanSettingsList[0] != nil {
+			catData := scanSettingsList[0].(map[string]interface{})
+
+			sDisabled := catData["disabled"].(bool)
+			sIsCustom := catData["is_custom"].(bool)
+
+			rawDays := catData["days"].([]interface{})
+			sDays := make([]int, len(rawDays))
+			for i, v := range rawDays {
+				sDays[i] = v.(int)
+			}
+
+			rawTime := catData["time"].([]interface{})
+			sTime := make([]int, len(rawTime))
+			for i, v := range rawTime {
+				sTime[i] = v.(int)
+			}
+
+			enforcerGroup.ScheduleScanSettings = client.EnforcerScheduleScanSettings{
+				Disabled: sDisabled,
+				IsCustom: sIsCustom,
+				Days:     sDays,
+				Time:     sTime,
+			}
+		}
+	}
 	return enforcerGroup
 }