AL-2552 - Add support to custom VPC (#221)

dome9/common/providerconst/const.go

@@ -212,4 +212,5 @@ const (
 	DefaultMaxConcurrentScansPerRegion         = 20
 	MinMaxConcurrentScansPerRegion             = 1
 	MaxScanMachineIntervalInHours              = 1000
+	DefaultInAccountScannerVPCMode             = "ManagedByAWP"
 )

dome9/common/testing/variable/variable.go

@@ -269,6 +269,8 @@ const (
 	ScanMachineIntervalInHoursUpdate  = "11"
 	MaxConcurrentScansPerRegion       = "4"
 	MaxConcurrentScansPerRegionUpdate = "8"
+	InAccountScannerVPC               = "ManagedByAWP"
+	InAccountScannerVPCUpdate         = "ManagedByCustomer"
 	CustomTags                        = `{
 			tag1 = "value1"
 			tag2 = "value2"

dome9/data_source_dome9_awp_aws_onboarding.go

@@ -39,6 +39,10 @@ func dataSourceAwpAwsOnboarding() *schema.Resource {
 							Type:     schema.TypeInt,
 							Computed: true,
 						},
+						"in_account_scanner_vpc": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
 						"custom_tags": {
 							Type:     schema.TypeMap,
 							Computed: true,
@@ -54,30 +58,6 @@ func dataSourceAwpAwsOnboarding() *schema.Resource {
 				Computed: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
-			"account_issues": {
-				Type:     schema.TypeList,
-				Computed: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"regions": {
-							Type:     schema.TypeMap,
-							Optional: true,
-						},
-						"account": {
-							Type:     schema.TypeMap,
-							Optional: true,
-							Elem: &schema.Resource{
-								Schema: map[string]*schema.Schema{
-									"issue_type": {
-										Type:     schema.TypeString,
-										Optional: true,
-									},
-								},
-							},
-						},
-					},
-				},
-			},
 			"cloud_account_id": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -133,10 +113,6 @@ func dataSourceAwpAwsOnboardingRead(d *schema.ResourceData, meta interface{}) er
 			return err
 		}
 	}
-	if resp.AccountIssues != nil {
-		if err := d.Set("account_issues", flattenAccountIssues(resp.AccountIssues)); err != nil {
-			return err
-		}
-	}
+
 	return nil
 }

dome9/data_source_dome9_awp_aws_onboarding_test.go

@@ -37,6 +37,7 @@ func TestAccDataSourceAwpAwsOnboardingBasic(t *testing.T) {
 					resource.TestCheckResourceAttrPair(awpAwsOnboardingDataSourceTypeAndName, "agentless_account_settings.0.disabled_regions.1", awpAwsOnboardingResourceTypeAndName, "agentless_account_settings.0.disabled_regions.1"),
 					resource.TestCheckResourceAttrPair(awpAwsOnboardingDataSourceTypeAndName, "agentless_account_settings.0.scan_machine_interval_in_hours", awpAwsOnboardingResourceTypeAndName, "agentless_account_settings.0.scan_machine_interval_in_hours"),
 					resource.TestCheckResourceAttrPair(awpAwsOnboardingDataSourceTypeAndName, "agentless_account_settings.0.max_concurrent_scans_per_region", awpAwsOnboardingResourceTypeAndName, "agentless_account_settings.0.max_concurrent_scans_per_region"),
+					resource.TestCheckResourceAttrPair(awpAwsOnboardingDataSourceTypeAndName, "agentless_account_settings.0.in_account_scanner_vpc", awpAwsOnboardingResourceTypeAndName, "agentless_account_settings.0.in_account_scanner_vpc"),
 					resource.TestCheckResourceAttrPair(awpAwsOnboardingDataSourceTypeAndName, "agentless_account_settings.0.custom_tags.%", awpAwsOnboardingResourceTypeAndName, "agentless_account_settings.0.custom_tags.%"),
 					resource.TestCheckResourceAttrPair(awpAwsOnboardingDataSourceTypeAndName, "missing_awp_private_network_regions", awpAwsOnboardingResourceTypeAndName, "missing_awp_private_network_regions"),
 					resource.TestCheckResourceAttrPair(awpAwsOnboardingDataSourceTypeAndName, "agentless_protection_enabled", awpAwsOnboardingResourceTypeAndName, "agentless_protection_enabled"),

dome9/data_source_dome9_awp_azure_onboarding.go

@@ -43,6 +43,11 @@ func dataSourceAwpAzureOnboarding() *schema.Resource {
 							Type:     schema.TypeInt,
 							Computed: true,
 						},
+						"in_account_scanner_vpc": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "ManagedByAWP",
+						},
 						"custom_tags": {
 							Type:     schema.TypeMap,
 							Computed: true,
@@ -58,30 +63,6 @@ func dataSourceAwpAzureOnboarding() *schema.Resource {
 				Computed: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
-			"account_issues": {
-				Type:     schema.TypeList,
-				Computed: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"regions": {
-							Type:     schema.TypeMap,
-							Optional: true,
-						},
-						"account": {
-							Type:     schema.TypeMap,
-							Optional: true,
-							Elem: &schema.Resource{
-								Schema: map[string]*schema.Schema{
-									"issue_type": {
-										Type:     schema.TypeString,
-										Optional: true,
-									},
-								},
-							},
-						},
-					},
-				},
-			},
 			"cloud_account_id": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -132,10 +113,6 @@ func dataSourceAwpAzureOnboardingRead(d *schema.ResourceData, meta interface{})
 			return err
 		}
 	}
-	if resp.AccountIssues != nil {
-		if err := d.Set("account_issues", flattenAccountIssuesAzure(resp.AccountIssues)); err != nil {
-			return err
-		}
-	}
+
 	return nil
 }

dome9/resource_dome9_awp_aws_onboarding.go

@@ -81,6 +81,11 @@ func resourceAwpAwsOnboarding() *schema.Resource {
 							Optional: true,
 							Default:  20,
 						},
+						"in_account_scanner_vpc": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "ManagedByAWP",
+						},
 						"custom_tags": {
 							Type:     schema.TypeMap,
 							Optional: true,
@@ -96,30 +101,6 @@ func resourceAwpAwsOnboarding() *schema.Resource {
 				Computed: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
-			"account_issues": {
-				Type:     schema.TypeList,
-				Computed: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"regions": {
-							Type:     schema.TypeMap,
-							Optional: true,
-						},
-						"account": {
-							Type:     schema.TypeMap,
-							Optional: true,
-							Elem: &schema.Resource{
-								Schema: map[string]*schema.Schema{
-									"issue_type": {
-										Type:     schema.TypeString,
-										Optional: true,
-									},
-								},
-							},
-						},
-					},
-				},
-			},
 			"cloud_account_id": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -193,7 +174,7 @@ func resourceAWPAWSOnboardingCreate(d *schema.ResourceData, meta interface{}) er
 
 func checkCentralized(d *schema.ResourceData, meta interface{}) (string, error) {
 	scanMode := d.Get("scan_mode").(string)
-	if scanMode == "inAccountHub" || scanMode == "inAccountSub" {
+	if scanMode == "inAccountSub" {
 		if _, ok := d.GetOk("agentless_account_settings"); ok {
 			agentlessAccountSettingsList := d.Get("agentless_account_settings").([]interface{})
 			if len(agentlessAccountSettingsList) < 1 {
@@ -248,12 +229,6 @@ func resourceAWPAWSOnboardingRead(d *schema.ResourceData, meta interface{}) erro
 		return err
 	}
 
-	if resp.AccountIssues != nil {
-		if err := d.Set("account_issues", flattenAccountIssues(resp.AccountIssues)); err != nil {
-			return err
-		}
-	}
-
 	return nil
 }
 
@@ -295,6 +270,7 @@ func expandAgentlessAccountSettings(d *schema.ResourceData) (*awp_onboarding.Age
 		DisabledRegions:              make([]string, 0),
 		CustomTags:                   make(map[string]string),
 		ScanMachineIntervalInHours:   scanMachineIntervalInHours,
+		InAccountScannerVPC:          providerconst.DefaultInAccountScannerVPCMode,
 		MaxConcurrenceScansPerRegion: providerconst.DefaultMaxConcurrentScansPerRegion,
 	}
 
@@ -327,6 +303,10 @@ func expandAgentlessAccountSettings(d *schema.ResourceData) (*awp_onboarding.Age
 		agentlessAccountSettings.MaxConcurrenceScansPerRegion = maxConcurrentScans
 	}
 
+	if inAccountScannerVPC, ok := agentlessAccountSettingsMap["in_account_scanner_vpc"].(string); ok {
+		agentlessAccountSettings.InAccountScannerVPC = inAccountScannerVPC
+	}
+
 	if customTagsInterface, ok := agentlessAccountSettingsMap["custom_tags"].(map[string]interface{}); ok {
 		customTags := make(map[string]string)
 		for k, v := range customTagsInterface {
@@ -359,20 +339,12 @@ func flattenAgentlessAccountSettings(settings *awp_onboarding.AgentlessAccountSe
 		"disabled_regions":                settings.DisabledRegions,
 		"scan_machine_interval_in_hours":  settings.ScanMachineIntervalInHours,
 		"max_concurrent_scans_per_region": settings.MaxConcurrenceScansPerRegion,
+		"in_account_scanner_vpc":          settings.InAccountScannerVPC,
 		"custom_tags":                     settings.CustomTags,
 	}
 	return []interface{}{m}
 }
 
-func flattenAccountIssues(accountIssues *awp_onboarding.AccountIssues) []interface{} {
-	m := map[string]interface{}{
-		"regions": accountIssues.Regions,
-		"account": accountIssues.Account,
-	}
-
-	return []interface{}{m}
-}
-
 func resourceAWPAWSOnboardingUpdate(d *schema.ResourceData, meta interface{}) error {
 	d9Client := meta.(*Client)
 	log.Println("An update occurred")
@@ -405,8 +377,11 @@ func resourceAWPAWSOnboardingUpdate(d *schema.ResourceData, meta interface{}) er
 		if err != nil {
 			return err
 		}
+
+		scanMode := d.Get("scan_mode").(string)
+
 		// Send the update request
-		_, err = d9Client.awpAwsOnboarding.UpdateAWPSettings(d.Id(), *newAgentlessAccountSettings)
+		_, err = d9Client.awpAwsOnboarding.UpdateAWPSettings(d.Id(), scanMode, *newAgentlessAccountSettings)
 		if err != nil {
 			return err
 		}

dome9/resource_dome9_awp_aws_onboarding_test.go

@@ -49,6 +49,7 @@ func TestAccResourceAWPAWSOnboardingBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.disabled_regions.1", disabledRegion2),
 					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.scan_machine_interval_in_hours", variable.ScanMachineIntervalInHours),
 					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.max_concurrent_scans_per_region", variable.MaxConcurrentScansPerRegion),
+					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.in_account_scanner_vpc", variable.InAccountScannerVPC),
 					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.custom_tags.%", "2"),
 					resource.TestCheckResourceAttrSet(resourceTypeAndName, "id"),
 					resource.TestCheckResourceAttr(resourceTypeAndName, "cloud_provider", "aws"),
@@ -70,6 +71,7 @@ func TestAccResourceAWPAWSOnboardingBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.disabled_regions.3", disabledRegionUpdate4),
 					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.scan_machine_interval_in_hours", variable.ScanMachineIntervalInHoursUpdate),
 					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.max_concurrent_scans_per_region", variable.MaxConcurrentScansPerRegionUpdate),
+					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.in_account_scanner_vpc", variable.InAccountScannerVPCUpdate),
 					resource.TestCheckResourceAttr(resourceTypeAndName, "agentless_account_settings.0.custom_tags.%", "3"),
 					resource.TestCheckResourceAttrSet(resourceTypeAndName, "id"),
 					resource.TestCheckResourceAttr(resourceTypeAndName, "cloud_provider", "aws"),
@@ -154,6 +156,7 @@ resource "%s" "%s" {
 		disabled_regions = %s
 		scan_machine_interval_in_hours = "%s"
 		max_concurrent_scans_per_region = "%s"
+		in_account_scanner_vpc = "%s"
 		custom_tags = %s
 	}
 }
@@ -167,6 +170,7 @@ resource "%s" "%s" {
 		IfThenElse(updateAction, variable.DisabledRegionsUpdate, variable.DisabledRegions),
 		IfThenElse(updateAction, variable.ScanMachineIntervalInHoursUpdate, variable.ScanMachineIntervalInHours),
 		IfThenElse(updateAction, variable.MaxConcurrentScansPerRegionUpdate, variable.MaxConcurrentScansPerRegion),
+		IfThenElse(updateAction, variable.InAccountScannerVPCUpdate, variable.InAccountScannerVPC),
 		IfThenElse(updateAction, variable.CustomTagsUpdate, variable.CustomTags),
 	)
 }