AL-2552 - Add TF support to azure (#224)

dome9/data_source_dome9_awp_azure_onboarding.go

@@ -48,6 +48,11 @@ func dataSourceAwpAzureOnboarding() *schema.Resource {
 							Optional: true,
 							Default:  "ManagedByAWP",
 						},
+						"sse_cmk_encrypted_disks_scan": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  false,
+						},
 						"custom_tags": {
 							Type:     schema.TypeMap,
 							Computed: true,

dome9/resource_dome9_awp_azure_onboarding.go

@@ -85,6 +85,11 @@ func resourceAwpAzureOnboarding() *schema.Resource {
 							Optional: true,
 							Default:  "ManagedByAWP",
 						},
+						"sse_cmk_encrypted_disks_scan": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  false,
+						},
 						"custom_tags": {
 							Type:     schema.TypeMap,
 							Optional: true,
@@ -250,6 +255,7 @@ func expandAgentlessAccountSettingsAzure(d *schema.ResourceData) (*awp_onboardin
 		CustomTags:                   make(map[string]string),
 		ScanMachineIntervalInHours:   scanMachineIntervalInHours,
 		InAccountScannerVPC:          providerconst.DefaultInAccountScannerVPCMode,
+		SseCmkEncryptedDisksScan:     false,
 		MaxConcurrenceScansPerRegion: providerconst.DefaultMaxConcurrentScansPerRegion,
 	}
 
@@ -286,6 +292,10 @@ func expandAgentlessAccountSettingsAzure(d *schema.ResourceData) (*awp_onboardin
 		agentlessAccountSettings.InAccountScannerVPC = inAccountScannerVPC
 	}
 
+	if sseCmkEncryptedDisksScan, ok := agentlessAccountSettingsMap["sse_cmk_encrypted_disks_scan"].(bool); ok {
+		agentlessAccountSettings.SseCmkEncryptedDisksScan = sseCmkEncryptedDisksScan
+	}
+
 	if customTagsInterface, ok := agentlessAccountSettingsMap["custom_tags"].(map[string]interface{}); ok {
 		customTags := make(map[string]string)
 		for k, v := range customTagsInterface {
@@ -324,6 +334,7 @@ func flattenAgentlessAccountSettingsAzure(settings *awp_onboarding.AgentlessAcco
 		"scan_machine_interval_in_hours":  settings.ScanMachineIntervalInHours,
 		"max_concurrent_scans_per_region": settings.MaxConcurrenceScansPerRegion,
 		"in_account_scanner_vpc":          settings.InAccountScannerVPC,
+		"sse_cmk_encrypted_disks_scan":    settings.SseCmkEncryptedDisksScan,
 		"custom_tags":                     settings.CustomTags,
 	}
 	return []interface{}{m}

examples/awp/azure_onboarding/main.tf

@@ -46,6 +46,7 @@ module "terraform-dome9-awp-azure" {
 	#     disabled_regions = ["eastus", "westus", ...] # List of regions to disable
 	#     max_concurrent_scans_per_region = 20
 	#     in_account_scanner_vpc = "ManagedByAWP"
+	#     sse_cmk_encrypted_disks_scan = false
 	#     custom_tags = {
 	#       tag1 = "value1"
 	#       tag2 = "value2"

go.mod

@@ -3,7 +3,7 @@ module github.com/terraform-providers/terraform-provider-dome9
 go 1.19
 
 require (
-	github.com/dome9/dome9-sdk-go v1.23.7
+	github.com/dome9/dome9-sdk-go v1.23.8
 	github.com/google/uuid v1.1.2
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 )

go.sum

@@ -83,8 +83,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dome9/dome9-sdk-go v1.23.7 h1:omD6vUmLGvuq41a9gtimKRQVjSw2jXhmhPVtl/nd4nE=
-github.com/dome9/dome9-sdk-go v1.23.7/go.mod h1:mfA4+mIM0SmqGGBfbQSOhOi/KW0uV5WW7ozIHug4NKQ=
+github.com/dome9/dome9-sdk-go v1.23.8 h1:rUBwNzY5NFRAU/RLIDa92Mp0QR9GCFRyYRK81Nm+Tg8=
+github.com/dome9/dome9-sdk-go v1.23.8/go.mod h1:mfA4+mIM0SmqGGBfbQSOhOi/KW0uV5WW7ozIHug4NKQ=
 github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=

vendor/modules.txt

@@ -94,7 +94,7 @@ github.com/bgentry/speakeasy
 # github.com/davecgh/go-spew v1.1.1
 ## explicit
 github.com/davecgh/go-spew/spew
-# github.com/dome9/dome9-sdk-go v1.23.7
+# github.com/dome9/dome9-sdk-go v1.23.8
 ## explicit; go 1.19
 github.com/dome9/dome9-sdk-go/dome9
 github.com/dome9/dome9-sdk-go/dome9/client

website/docs/r/awp_azure_onboarding.html.markdown

@@ -46,6 +46,7 @@ module "terraform-dome9-awp-azure" {
 	#     disabled_regions = ["eastus", "westus", ...] # List of regions to disable
 	#     max_concurrent_scans_per_region = 20
 	#     in_account_scanner_vpc = "ManagedByAWP"
+	#     sse_cmk_encrypted_disks_scan = false
 	#     custom_tags = {
 	#       tag1 = "value1"
 	#       tag2 = "value2"
@@ -80,6 +81,7 @@ resource "dome9_awp_azure_onboarding" "awp_azure_onboarding_test" {
     scan_machine_interval_in_hours = 24
     max_concurrent_scans_per_region = 20
     in_account_scanner_vpc = "ManagedByAWP"
+    sse_cmk_encrypted_disks_scan = false
     custom_tags = {
       tag1 = "value1"
       tag2 = "value2"
@@ -101,13 +103,14 @@ The following arguments are supported:
 * `cloudguard_account_id` - (Required) The CloudGuard account id.
 * `scan_mode` - (Required) The scan mode. Valid values are "inAccount", "saas", "inAccountHub", "inAccountSub".
 * `awp_centralized_account_id` - (Optional) The centralized cloud account id, required (and only relevant) for "inAccountSub" scan mode
-* `management_group_id` -  the management group id, relevat only for inAccountHub mode.
+* `management_group_id` -  the management group id, relevant only for inAccountHub mode.
 * `agentless_account_settings` - (Optional) The agentless account settings.
   * `disabled_regions` - (Optional) The disabled regions. valid values are "centralus", "eastus", "eastus2", "usgovlowa", "usgovvirginia", "northcentralus", "southcentralus", "westus", "westus2", "westcentralus", "northeurope", "westeurope", "eastasia", "southeastasia", "japaneast", "japanwest", "brazilsouth", "australiaeast", "australiasoutheast", "centralindia", "southindia", "westindia", "chinaeast", "chinanorth", "canadacentral", "canadaeast", "germanycentral", "germanynortheast", "koreacentral", "uksouth", "ukwest", "koreasouth"
   * `scan_machine_interval_in_hours` - (Optional) The scan machine interval in hours
   * `skip_function_apps_scan` - (Optional) Skip Azure Function Apps scan (supported for inAccount and inAccountSub scan modes)
   * `max_concurrent_scans_per_region` - (Optional) The max concurrent scans per region
-  * `in_account_scanner_vpc` = optional(string) # The VPC Mode. Valid values: "ManagedByAWP", "ManagedByCustomer" (supported for inAccount and inAccountHub scan modes)
+  * `in_account_scanner_vpc` = (optional) # The VPC Mode. Valid values: "ManagedByAWP", "ManagedByCustomer" (supported for inAccount and inAccountHub scan modes)
+  * `sse_cmk_encrypted_disks_scan` = (optional # Enable SSE CMK scanning, relevant only for inAccountHub mode.
   * `custom_tags` - (Optional) The custom tags.
 * `should_create_policy` - (Optional) Whether to create a policy. Default is true.