diff --git a/dome9/common/providerconst/const.go b/dome9/common/providerconst/const.go index d8ffda58..a7b808f4 100644 --- a/dome9/common/providerconst/const.go +++ b/dome9/common/providerconst/const.go @@ -73,10 +73,16 @@ const ( // Azure security group const ( - AWS = "1" - Azure = "2" - GCP = "3" - OrganizationalUnit = "12" + AWS = "1" + Azure = "2" + GCP = "3" + OrganizationalUnit = "12" + CloudGuardResources = "200" + CSPMResources = "201" + NetworkSecurityResources = "202" + CIEMResources = "203" + CDRResources = "204" + CodeSecurityResources = "210" ) // AWS regions @@ -140,7 +146,7 @@ var AllAWSRegions = append(AWSGOVRegions, append(AWSRegions, AWSChinaRegions...) var CloudVendors = []string{"aws", "azure", "google", "kubernetesruntimeassurance", "imageassurance"} var ProtocolTypes = []string{"ALL", "HOPOPT", "ICMP", "IGMP", "GGP", "IPV4", "ST", "TCP", "CBT", "EGP", "IGP", "BBN_RCC_MON", "NVP2", "PUP", "ARGUS", "EMCON", "XNET", "CHAOS", "UDP", "MUX", "DCN_MEAS", "HMP", "PRM", "XNS_IDP", "TRUNK1", "TRUNK2", "LEAF1", "LEAF2", "RDP", "IRTP", "ISO_TP4", "NETBLT", "MFE_NSP", "MERIT_INP", "DCCP", "ThreePC", "IDPR", "XTP", "DDP", "IDPR_CMTP", "TPplusplus", "IL", "IPV6", "SDRP", "IPV6_ROUTE", "IPV6_FRAG", "IDRP", "RSVP", "GRE", "DSR", "BNA", "ESP", "AH", "I_NLSP", "SWIPE", "NARP", "MOBILE", "TLSP", "SKIP", "ICMPV6", "IPV6_NONXT", "IPV6_OPTS", "CFTP", "SAT_EXPAK", "KRYPTOLAN", "RVD", "IPPC", "SAT_MON", "VISA", "IPCV", "CPNX", "CPHB", "WSN", "PVP", "BR_SAT_MON", "SUN_ND", "WB_MON", "WB_EXPAK", "ISO_IP", "VMTP", "SECURE_VMTP", "VINES", "TTP", "NSFNET_IGP", "DGP", "TCF", "EIGRP", "OSPFIGP", "SPRITE_RPC", "LARP", "MTP", "AX25", "IPIP", "MICP", "SCC_SP", "ETHERIP", "ENCAP", "GMTP", "IFMP", "PNNI", "PIM", "ARIS", "SCPS", "QNX", "AN", "IPCOMP", "SNP", "COMPAQ_PEER", "IPX_IN_IP", "VRRP", "PGM", "L2TP", "DDX", "IATP", "STP", "SRP", "UTI", "SMP", "SM", "PTP", "ISIS", "FIRE", "CRTP", "CRUDP", "SSCOPMCE", "IPLT", "SPS", "PIPE", "SCTP", "FC", "RSVP_E2E_IGNORE", "MOBILITY_HEADER", "UDPLITE", "MPLS_IN_IP", "MANET", "HIP", "SHIM6", "WESP", "ROHC"} var OperationMode = []string{"Read", "Manage"} -var SRLTypes = []string{"AWS", "Azure", "GCP", "OrganizationalUnit"} +var SRLTypes = []string{"AWS", "Azure", "GCP", "OrganizationalUnit", "CloudGuardResources", "CSPMResources", "NetworkSecurityResources", "CIEMResources", "CDRResources", "CodeSecurityResources"} var IAMEntityProtectType = []string{IAMSafeEntityTypeUser, IAMSafeEntityTypeRole} var IAMEntityProtectionMode = []string{IAMSafeEntityProtect, IAMSafeEntityProtectWithElevation} @@ -151,10 +157,16 @@ var SRLStructure = []string{"type", "main_id", "rg", "region", "sg", "security_g // SRL construction variables var SRlType = map[string]string{ - "AWS": AWS, - "Azure": Azure, - "GCP": GCP, - "OrganizationalUnit": OrganizationalUnit, + "AWS": AWS, + "Azure": Azure, + "GCP": GCP, + "OrganizationalUnit": OrganizationalUnit, + "CloudGuardResources": CloudGuardResources, + "CSPMResources": CSPMResources, + "NetworkSecurityResources": NetworkSecurityResources, + "CIEMResources": CIEMResources, + "CDRResources": CDRResources, + "CodeSecurityResources": CodeSecurityResources, } var AWSRegionsEnum = map[string]string{ diff --git a/examples/role/main.tf b/examples/role/main.tf index abddebff..baf765bf 100644 --- a/examples/role/main.tf +++ b/examples/role/main.tf @@ -1,40 +1,49 @@ -resource "dome9_role" "role_rs" { - name = "ROLE_NAME" - description = "ROLE_DESC" - access { - type = "AWS" - main_id = "MAIN_ID" - region = "us_east_1" - security_group_id = "SECURITY_GROUP_ID" - traffic = "All Traffic" - } - access { - type = "OrganizationalUnit" - main_id = "00000000-0000-0000-0000-000000000000" - } - - permit_notifications = false - permit_rulesets = false - permit_policies = false - permit_alert_actions = false - permit_on_boarding = false - create = [] - cross_account_access = [] -} - - -data "dome9_role" "data" { - id = "${dome9_role.role_rs.id}" -} - -output "getId" { - value = "${data.dome9_role.data.id}" -} - -output "getDescription" { - value = "${data.dome9_role.data.description}" -} - -output "getItems" { - value = "${data.dome9_role.data.access}" -} +resource "dome9_role" "role_rs" { + name = "ROLE_NAME" + description = "ROLE_DESC" + access { + type = "AWS" + main_id = "MAIN_ID" + region = "us_east_1" + security_group_id = "SECURITY_GROUP_ID" + traffic = "All Traffic" + } + access { + type = "OrganizationalUnit" + main_id = "00000000-0000-0000-0000-000000000000" + } + + manage { + type = "CodeSecurityResources" + main_id = "Member" + } + + view { + type = "CloudGuardResources" + } + + permit_notifications = false + permit_rulesets = false + permit_policies = false + permit_alert_actions = false + permit_on_boarding = false + create = [] + cross_account_access = [] +} + + +data "dome9_role" "data" { + id = "${dome9_role.role_rs.id}" +} + +output "getId" { + value = "${data.dome9_role.data.id}" +} + +output "getDescription" { + value = "${data.dome9_role.data.description}" +} + +output "getItems" { + value = "${data.dome9_role.data.access}" +} diff --git a/vendor/github.com/dome9/dome9-sdk-go/services/cloudaccounts/azure_org/azure_org.go b/vendor/github.com/dome9/dome9-sdk-go/services/cloudaccounts/azure_org/azure_org.go index 95db8cb4..00bc3cc6 100644 --- a/vendor/github.com/dome9/dome9-sdk-go/services/cloudaccounts/azure_org/azure_org.go +++ b/vendor/github.com/dome9/dome9-sdk-go/services/cloudaccounts/azure_org/azure_org.go @@ -113,7 +113,7 @@ type AzureSimplifiedOnboardingExecCmdRequest struct { func (service *Service) Create(body OnboardingRequest) (*OrganizationManagementViewModel, *http.Response, error) { v := new(OrganizationManagementViewModel) - resp, err := service.Client.NewRequestDo("POST", cloudaccounts.RESTfulServicePathAzureOrgMgmt, nil, body, v) + resp, err := service.Client.NewRequestDoRetry("POST", cloudaccounts.RESTfulServicePathAzureOrgMgmt, nil, body, v, nil) if err != nil { return nil, nil, err } @@ -127,7 +127,7 @@ func (service *Service) UpdateOrganizationManagementAsync(id string, body Onboar } relativeURL := fmt.Sprintf("%s/%s", cloudaccounts.RESTfulServicePathAzureOrgMgmt, id) - resp, err := service.Client.NewRequestDo("PUT", relativeURL, nil, body, nil) + resp, err := service.Client.NewRequestDoRetry("PUT", relativeURL, nil, body, nil, nil) if err != nil { return nil, err } @@ -137,7 +137,7 @@ func (service *Service) UpdateOrganizationManagementAsync(id string, body Onboar func (service *Service) Delete(id string) (*http.Response, error) { relativeURL := fmt.Sprintf("%s/%s", cloudaccounts.RESTfulServicePathAzureOrgMgmt, id) - resp, err := service.Client.NewRequestDo("DELETE", relativeURL, nil, nil, nil) + resp, err := service.Client.NewRequestDoRetry("DELETE", relativeURL, nil, nil, nil, nil) if err != nil { return nil, err } @@ -152,7 +152,7 @@ func (service *Service) Get(id string) (*OrganizationManagementViewModel, *http. v := new(OrganizationManagementViewModel) relativeURL := fmt.Sprintf("%s/%s", cloudaccounts.RESTfulServicePathAzureOrgMgmt, id) - resp, err := service.Client.NewRequestDo("GET", relativeURL, nil, nil, v) + resp, err := service.Client.NewRequestDoRetry("GET", relativeURL, nil, nil, v, nil) if err != nil { return nil, nil, err } @@ -162,7 +162,7 @@ func (service *Service) Get(id string) (*OrganizationManagementViewModel, *http. func (service *Service) GetAll() (*[]OrganizationManagementViewModel, *http.Response, error) { v := new([]OrganizationManagementViewModel) - resp, err := service.Client.NewRequestDo("GET", cloudaccounts.RESTfulServicePathAzureOrgMgmt, nil, nil, v) + resp, err := service.Client.NewRequestDoRetry("GET", cloudaccounts.RESTfulServicePathAzureOrgMgmt, nil, nil, v, nil) if err != nil { return nil, nil, err } @@ -174,7 +174,7 @@ func (service *Service) GenerateOnboardingExecutionCommand(body AzureSimplifiedO v := new(string) relativeURL := fmt.Sprintf("%s/%s", cloudaccounts.RESTfulPathAzure, cloudaccounts.RESTfulServicePathAzureOnboardingExecutionCommand) - resp, err := service.Client.NewRequestDo("POST", relativeURL, nil, body, v) + resp, err := service.Client.NewRequestDoRetry("POST", relativeURL, nil, body, v, nil) if err != nil { return nil, nil, err } diff --git a/website/docs/d/role.html.markdown b/website/docs/d/role.html.markdown index 2c96dfdd..e90d3f3b 100644 --- a/website/docs/d/role.html.markdown +++ b/website/docs/d/role.html.markdown @@ -8,7 +8,7 @@ description: |- # Data Source: dome9_role -Use this data source to get information about a role in Dome9. +Use this data source to get information about a role in CloudGuard. ## Example Usage @@ -29,13 +29,13 @@ The following arguments are supported: In addition to all arguments above, the following attributes are exported: -* `name` - (Required) Dome9 role name. -* `description` - (Required) Dome9 role description. +* `name` - (Required) CloudGuard role name. +* `description` - (Required) CloudGuard role description. * `permit_rulesets` - Is permitted permit rulesets (Optional) . * `permit_notifications` - Is permitted permit notifications (Optional) . * `permit_policies` - Is permitted permit policies (Optional) . * `permit_alert_actions` - Is permitted permit alert actions (Optional) . -* `permit_on_boarding` - Is permitted permit on boarding (Optional) . +* `permit_on_boarding` - Is permitted permit onboarding (Optional) . * `cross_account_access` - (Optional) Cross account access. * `create` - (Optional) Create permission list. * `access` - (Optional) Access permission list ([SRL](#SRL) Type). @@ -43,8 +43,8 @@ In addition to all arguments above, the following attributes are exported: * `manage` - (Optional) Manage permission list ([SRL](#SRL) Type). ### SRL -* `type` - (Optional) Accepted values: AWS, Azure, GCP, OrganizationalUnit. -* `main_id` - (Optional) Cloud Account or Organizational Unit ID. +* `type` - (Optional) Accepted values: AWS, Azure, GCP, OrganizationalUnit, CloudGuardResources, CodeSecurityResources. +* `main_id` - (Optional) Cloud Account, Organizational Unit ID or CodeSecurity Access Level (Admin, Member). * `region` - (Optional) Accepted values: "us_east_1", "us_west_1", "eu_west_1", "ap_southeast_1", "ap_northeast_1", "us_west_2", "sa_east_1", "ap_southeast_2", "eu_central_1", "ap_northeast_2", "ap_south_1", "us_east_2", "ca_central_1", "eu_west_2", "eu_west_3", "eu_north_1", "ap_east_1", "me_south_1", "af_south_1", "eu_south_1", "ap_northeast_3", "me_central_1", "ap_south_2", "ap_southeast_3", "ap_southeast_4", "eu_central_2", "eu_south_2", "il_central_1", "ca_west_1". * `security_group_id` - (Optional) AWS Security Group ID. * `traffic` - (Optional) Accepted values: "All Traffic", "All Services". diff --git a/website/docs/r/role.html.markdown b/website/docs/r/role.html.markdown index 2c12fbd6..548b234b 100644 --- a/website/docs/r/role.html.markdown +++ b/website/docs/r/role.html.markdown @@ -8,7 +8,7 @@ description: |- # dome9_role -The Role resource is used to create and manage Dome9 roles. Roles are used to manage access permissions for Dome9 users. +The Role resource is used to create and manage CloudGuard roles. Roles are used to manage access permissions for CloudGuard users. ## Example Usage @@ -45,13 +45,13 @@ resource "dome9_role" "role_rs" { The following arguments are supported: -* `name` - (Required) Dome9 role name. -* `description` - (Required) Dome9 role description. +* `name` - (Required) CloudGuard role name. +* `description` - (Required) CloudGuard role description. * `permit_rulesets` - Is permitted permit rulesets (Optional) . * `permit_notifications` - Is permitted permit notifications (Optional) . * `permit_policies` - Is permitted permit policies (Optional) . * `permit_alert_actions` - Is permitted permit alert actions (Optional) . -* `permit_on_boarding` - Is permitted permit on boarding (Optional) . +* `permit_on_boarding` - Is permitted permit onboarding (Optional) . * `cross_account_access` - (Optional) Cross account access. * `create` - (Optional) Create permission list. * `access` - (Optional) Access permission list ([SRL](#SRL) Type). @@ -59,8 +59,8 @@ The following arguments are supported: * `manage` - (Optional) Manage permission list ([SRL](#SRL) Type). ### SRL -* `type` - (Optional) Accepted values: AWS, Azure, GCP, OrganizationalUnit. -* `main_id` - (Optional) Cloud Account or Organizational Unit ID. +* `type` - (Optional) Accepted values: AWS, Azure, GCP, OrganizationalUnit, CloudGuardResources, CodeSecurityResources. +* `main_id` - (Optional) Cloud Account, Organizational Unit ID or CodeSecurity Access Level (Admin, Member). * `region` - (Optional) Accepted values: "us_east_1", "us_west_1", "eu_west_1", "ap_southeast_1", "ap_northeast_1", "us_west_2", "sa_east_1", "ap_southeast_2", "eu_central_1", "ap_northeast_2", "ap_south_1", "us_east_2", "ca_central_1", "eu_west_2", "eu_west_3", "eu_north_1", "il_central_1", "ca_west_1". * `security_group_id` - (Optional) AWS Security Group ID. * `traffic` - (Optional) Accepted values: "All Traffic", "All Services".