From f7b48477f5c91d4bdce5bff844d17e7e14b4fbf1 Mon Sep 17 00:00:00 2001 From: Adi Shaull Date: Thu, 18 Jan 2024 14:53:38 +0200 Subject: [PATCH] Fix windows_cis_enabled --- aquasec/data_function_assurance_policy.go | 2 +- aquasec/data_host_assurance_policy.go | 2 +- aquasec/data_image_assurance_policy.go | 2 +- aquasec/data_kubernetes_assurance_policy.go | 2 +- aquasec/resource_function_assurance_policy.go | 2 +- aquasec/resource_host_assurance_policy.go | 2 +- aquasec/resource_image_assurance_policy.go | 7 ++- .../resource_kubernetes_assurance_policy.go | 2 +- aquasec/resource_vmware_assurance_policy.go | 2 +- client/assurance_policy.go | 56 +++++++++---------- .../data-sources/function_assurance_policy.md | 2 +- docs/data-sources/host_assurance_policy.md | 2 +- docs/data-sources/image_assurance_policy.md | 2 +- .../kubernetes_assurance_policy.md | 2 +- docs/resources/function_assurance_policy.md | 2 +- docs/resources/host_assurance_policy.md | 2 +- docs/resources/image_assurance_policy.md | 2 +- docs/resources/kubernetes_assurance_policy.md | 2 +- docs/resources/vmware_assurance_policy.md | 2 +- 19 files changed, 51 insertions(+), 46 deletions(-) diff --git a/aquasec/data_function_assurance_policy.go b/aquasec/data_function_assurance_policy.go index c864833..364a666 100644 --- a/aquasec/data_function_assurance_policy.go +++ b/aquasec/data_function_assurance_policy.go @@ -290,7 +290,7 @@ func dataFunctionAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of blacklist images.", + Description: "List of blacklisted images.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ diff --git a/aquasec/data_host_assurance_policy.go b/aquasec/data_host_assurance_policy.go index 62f8801..449c2d1 100644 --- a/aquasec/data_host_assurance_policy.go +++ b/aquasec/data_host_assurance_policy.go @@ -290,7 +290,7 @@ func dataHostAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of blacklist images.", + Description: "List of blacklisted images.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ diff --git a/aquasec/data_image_assurance_policy.go b/aquasec/data_image_assurance_policy.go index c30a598..e827f37 100644 --- a/aquasec/data_image_assurance_policy.go +++ b/aquasec/data_image_assurance_policy.go @@ -290,7 +290,7 @@ func dataImageAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of blacklist images.", + Description: "List of blacklisted images.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ diff --git a/aquasec/data_kubernetes_assurance_policy.go b/aquasec/data_kubernetes_assurance_policy.go index 74f7886..69b45c0 100644 --- a/aquasec/data_kubernetes_assurance_policy.go +++ b/aquasec/data_kubernetes_assurance_policy.go @@ -300,7 +300,7 @@ func dataKubernetesAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of blacklist images.", + Description: "List of blacklisted images.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ diff --git a/aquasec/resource_function_assurance_policy.go b/aquasec/resource_function_assurance_policy.go index 1454306..e78b730 100644 --- a/aquasec/resource_function_assurance_policy.go +++ b/aquasec/resource_function_assurance_policy.go @@ -310,7 +310,7 @@ func resourceFunctionAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of blacklist images.", + Description: "List of blacklisted images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ diff --git a/aquasec/resource_host_assurance_policy.go b/aquasec/resource_host_assurance_policy.go index 6207986..7f5bec3 100644 --- a/aquasec/resource_host_assurance_policy.go +++ b/aquasec/resource_host_assurance_policy.go @@ -308,7 +308,7 @@ func resourceHostAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of blacklist images.", + Description: "List of blacklisted images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ diff --git a/aquasec/resource_image_assurance_policy.go b/aquasec/resource_image_assurance_policy.go index 20e1380..58f1fcc 100644 --- a/aquasec/resource_image_assurance_policy.go +++ b/aquasec/resource_image_assurance_policy.go @@ -310,7 +310,7 @@ func resourceImageAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of blacklist images.", + Description: "List of blacklisted images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -1800,6 +1800,11 @@ func expandAssurancePolicy(d *schema.ResourceData, a_type string) *client.Assura iap.LinuxCisEnabled = linux_cis_enabled.(bool) } + windows_cis_enabled, ok := d.GetOk("windows_cis_enabled") + if ok { + iap.WindowsCisEnabled = windows_cis_enabled.(bool) + } + openshift_hardening_enabled, ok := d.GetOk("openshift_hardening_enabled") if ok { iap.OpenshiftHardeningEnabled = openshift_hardening_enabled.(bool) diff --git a/aquasec/resource_kubernetes_assurance_policy.go b/aquasec/resource_kubernetes_assurance_policy.go index 5fc591f..a3b420d 100644 --- a/aquasec/resource_kubernetes_assurance_policy.go +++ b/aquasec/resource_kubernetes_assurance_policy.go @@ -309,7 +309,7 @@ func resourceKubernetesAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of blacklist images.", + Description: "List of blacklisted images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ diff --git a/aquasec/resource_vmware_assurance_policy.go b/aquasec/resource_vmware_assurance_policy.go index 0f26e3a..0ec3479 100644 --- a/aquasec/resource_vmware_assurance_policy.go +++ b/aquasec/resource_vmware_assurance_policy.go @@ -309,7 +309,7 @@ func resourceVMwareAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of blacklist images.", + Description: "List of blacklisted images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ diff --git a/client/assurance_policy.go b/client/assurance_policy.go index 0d1e4ab..04ce0bc 100644 --- a/client/assurance_policy.go +++ b/client/assurance_policy.go @@ -12,7 +12,7 @@ import ( type AssurancePolicy struct { AssuranceType string `json:"assurance_type"` - Id int `json:"id,omitempty"` + Id int `json:"id"` Name string `json:"name"` Author string `json:"author"` Registry string `json:"registry,omitempty"` @@ -185,19 +185,19 @@ type KubernetesControls struct { type KubernetesControlsArray []KubernetesControls // GetAssurancePolicy - returns single Assurance Policy -func (cli *Client) GetAssurancePolicy(name string, at string) (*AssurancePolicy, error) { +func (cli *Client) GetAssurancePolicy(name string, assuranceType string) (*AssurancePolicy, error) { var err error var response AssurancePolicy var atype string - if strings.EqualFold(at, "host") { + if strings.EqualFold(assuranceType, "host") { atype = "host" - } else if strings.EqualFold(at, "image") { + } else if strings.EqualFold(assuranceType, "image") { atype = "image" - } else if strings.EqualFold(at, "function") { + } else if strings.EqualFold(assuranceType, "function") { atype = "function" - } else if strings.EqualFold(at, "kubernetes") { + } else if strings.EqualFold(assuranceType, "kubernetes") { atype = "kubernetes" - } else if strings.EqualFold(at, "cf_application") { + } else if strings.EqualFold(assuranceType, "cf_application") { atype = "cf_application" } @@ -238,18 +238,18 @@ func (cli *Client) GetAssurancePolicy(name string, at string) (*AssurancePolicy, } // CreateAssurancePolicy - creates single Aqua Assurance Policy -func (cli *Client) CreateAssurancePolicy(assurancepolicy *AssurancePolicy, at string) error { - payload, err := json.Marshal(assurancepolicy) +func (cli *Client) CreateAssurancePolicy(assurancePolicy *AssurancePolicy, assuranceType string) error { + payload, err := json.Marshal(assurancePolicy) var atype string - if strings.EqualFold(at, "host") { + if strings.EqualFold(assuranceType, "host") { atype = "host" - } else if strings.EqualFold(at, "image") { + } else if strings.EqualFold(assuranceType, "image") { atype = "image" - } else if strings.EqualFold(at, "function") { + } else if strings.EqualFold(assuranceType, "function") { atype = "function" - } else if strings.EqualFold(at, "kubernetes") { + } else if strings.EqualFold(assuranceType, "kubernetes") { atype = "kubernetes" - } else if strings.EqualFold(at, "cf_application") { + } else if strings.EqualFold(assuranceType, "cf_application") { atype = "cf_application" } @@ -284,24 +284,24 @@ func (cli *Client) CreateAssurancePolicy(assurancepolicy *AssurancePolicy, at st } // UpdateAssurancePolicy updates an existing Assurance Policy -func (cli *Client) UpdateAssurancePolicy(assurancepolicy *AssurancePolicy, at string) error { - payload, err := json.Marshal(assurancepolicy) +func (cli *Client) UpdateAssurancePolicy(assurancePolicy *AssurancePolicy, assuranceType string) error { + payload, err := json.Marshal(assurancePolicy) if err != nil { return err } var atype string - if strings.EqualFold(at, "host") { + if strings.EqualFold(assuranceType, "host") { atype = "host" - } else if strings.EqualFold(at, "image") { + } else if strings.EqualFold(assuranceType, "image") { atype = "image" - } else if strings.EqualFold(at, "function") { + } else if strings.EqualFold(assuranceType, "function") { atype = "function" - } else if strings.EqualFold(at, "kubernetes") { + } else if strings.EqualFold(assuranceType, "kubernetes") { atype = "kubernetes" - } else if strings.EqualFold(at, "cf_application") { + } else if strings.EqualFold(assuranceType, "cf_application") { atype = "cf_application" } - apiPath := "/api/v2/assurance_policy/" + atype + "/" + assurancepolicy.Name + apiPath := "/api/v2/assurance_policy/" + atype + "/" + assurancePolicy.Name request := cli.gorequest err = cli.limiter.Wait(context.Background()) if err != nil { @@ -329,18 +329,18 @@ func (cli *Client) UpdateAssurancePolicy(assurancepolicy *AssurancePolicy, at st } // DeleteAssurancePolicy removes a Assurance Policy -func (cli *Client) DeleteAssurancePolicy(name string, at string) error { +func (cli *Client) DeleteAssurancePolicy(name string, assuranceType string) error { request := cli.gorequest var atype string - if strings.EqualFold(at, "host") { + if strings.EqualFold(assuranceType, "host") { atype = "host" - } else if strings.EqualFold(at, "image") { + } else if strings.EqualFold(assuranceType, "image") { atype = "image" - } else if strings.EqualFold(at, "function") { + } else if strings.EqualFold(assuranceType, "function") { atype = "function" - } else if strings.EqualFold(at, "kubernetes") { + } else if strings.EqualFold(assuranceType, "kubernetes") { atype = "kubernetes" - } else if strings.EqualFold(at, "cf_application") { + } else if strings.EqualFold(assuranceType, "cf_application") { atype = "cf_application" } apiPath := "/api/v2/assurance_policy/" + atype + "/" + name diff --git a/docs/data-sources/function_assurance_policy.md b/docs/data-sources/function_assurance_policy.md index 99c581e..dcb6f2a 100644 --- a/docs/data-sources/function_assurance_policy.md +++ b/docs/data-sources/function_assurance_policy.md @@ -75,7 +75,7 @@ description: |- - `maximum_score_exclude_no_fix` (Boolean) Indicates that policy should ignore cases that do not have a known fix. - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. -- `packages_black_list` (Set of Object) List of blacklist images. (see [below for nested schema](#nestedatt--packages_black_list)) +- `packages_black_list` (Set of Object) List of blacklisted images. (see [below for nested schema](#nestedatt--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Set of Object) List of whitelisted images. (see [below for nested schema](#nestedatt--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/data-sources/host_assurance_policy.md b/docs/data-sources/host_assurance_policy.md index c29bb9e..979dfb8 100644 --- a/docs/data-sources/host_assurance_policy.md +++ b/docs/data-sources/host_assurance_policy.md @@ -75,7 +75,7 @@ description: |- - `maximum_score_exclude_no_fix` (Boolean) Indicates that policy should ignore cases that do not have a known fix. - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. -- `packages_black_list` (Set of Object) List of blacklist images. (see [below for nested schema](#nestedatt--packages_black_list)) +- `packages_black_list` (Set of Object) List of blacklisted images. (see [below for nested schema](#nestedatt--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Set of Object) List of whitelisted images. (see [below for nested schema](#nestedatt--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/data-sources/image_assurance_policy.md b/docs/data-sources/image_assurance_policy.md index 07ff64f..be764d3 100644 --- a/docs/data-sources/image_assurance_policy.md +++ b/docs/data-sources/image_assurance_policy.md @@ -75,7 +75,7 @@ description: |- - `maximum_score_exclude_no_fix` (Boolean) Indicates that policy should ignore cases that do not have a known fix. - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. -- `packages_black_list` (Set of Object) List of blacklist images. (see [below for nested schema](#nestedatt--packages_black_list)) +- `packages_black_list` (Set of Object) List of blacklisted images. (see [below for nested schema](#nestedatt--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Set of Object) List of whitelisted images. (see [below for nested schema](#nestedatt--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/data-sources/kubernetes_assurance_policy.md b/docs/data-sources/kubernetes_assurance_policy.md index 87929ee..9f67249 100644 --- a/docs/data-sources/kubernetes_assurance_policy.md +++ b/docs/data-sources/kubernetes_assurance_policy.md @@ -76,7 +76,7 @@ description: |- - `maximum_score_exclude_no_fix` (Boolean) Indicates that policy should ignore cases that do not have a known fix. - `monitored_malware_paths` (List of String) Directories to be monitored. - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. -- `packages_black_list` (Set of Object) List of blacklist images. (see [below for nested schema](#nestedatt--packages_black_list)) +- `packages_black_list` (Set of Object) List of blacklisted images. (see [below for nested schema](#nestedatt--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Set of Object) List of whitelisted images. (see [below for nested schema](#nestedatt--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/resources/function_assurance_policy.md b/docs/resources/function_assurance_policy.md index 60e257f..492d8f1 100644 --- a/docs/resources/function_assurance_policy.md +++ b/docs/resources/function_assurance_policy.md @@ -97,7 +97,7 @@ Providing comprehensive audits of all security risks, viewable in Aqua Server or - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklisted images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/resources/host_assurance_policy.md b/docs/resources/host_assurance_policy.md index 43092ce..c2e16ae 100644 --- a/docs/resources/host_assurance_policy.md +++ b/docs/resources/host_assurance_policy.md @@ -95,7 +95,7 @@ Generates an audit event for host assurance failure. - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklisted images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/resources/image_assurance_policy.md b/docs/resources/image_assurance_policy.md index c42899c..8f5ce00 100644 --- a/docs/resources/image_assurance_policy.md +++ b/docs/resources/image_assurance_policy.md @@ -87,7 +87,7 @@ Aqua Image Assurance covers the first part of the container lifecycle: image dev - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklisted images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/resources/kubernetes_assurance_policy.md b/docs/resources/kubernetes_assurance_policy.md index 8b9647c..7b00300 100644 --- a/docs/resources/kubernetes_assurance_policy.md +++ b/docs/resources/kubernetes_assurance_policy.md @@ -87,7 +87,7 @@ Kubernetes Assurance is responsible for checking the security of workload config - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklisted images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/resources/vmware_assurance_policy.md b/docs/resources/vmware_assurance_policy.md index 5a9ed0c..73a1ed9 100644 --- a/docs/resources/vmware_assurance_policy.md +++ b/docs/resources/vmware_assurance_policy.md @@ -87,7 +87,7 @@ description: |- - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklisted images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant.