Merge pull request #26 from fugue/feature/RM-5320/add_google_environm…

…ent_to_the_fugue_terraform_provider

[RM-5320] add google environment to the fugue terraform provider

.gitignore

@@ -21,3 +21,4 @@ terraform.tfstate.backup
 .terraform.lock.hcl
 .terraform
 crash.log
+out.plan

Makefile

@@ -1,7 +1,7 @@
 TEST?=$$(go list ./... | grep -v 'vendor')
 NAME=fugue/fugue
 BINARY=terraform-provider-fugue
-VERSION=0.0.4
+VERSION=0.0.5
 OS_ARCH=darwin_amd64
 
 default: install

docs/data-sources/aws_types.md

@@ -1,16 +1,18 @@
 ---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "fugue_aws_types Data Source - terraform-provider-fugue"
 subcategory: ""
 description: |-
   
 ---
 
-# Data Source `fugue_aws_types`
+# fugue_aws_types (Data Source)
 
 
 
 
 
+<!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Optional
@@ -19,7 +21,7 @@ description: |-
 - **id** (String) The ID of this resource.
 - **region** (String)
 
-### Read-only
+### Read-Only
 
 - **types** (List of String)
 

docs/index.md

@@ -1,4 +1,5 @@
 ---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "fugue Provider"
 subcategory: ""
 description: |-
@@ -11,6 +12,7 @@ description: |-
 
 
 
+<!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Optional

docs/resources/aws_environment.md

@@ -1,11 +1,12 @@
 ---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "fugue_aws_environment Resource - terraform-provider-fugue"
 subcategory: ""
 description: |-
   fugue_aws_environment manages an Environment in Fugue corresponding to one AWS account.
 ---
 
-# Resource `fugue_aws_environment`
+# fugue_aws_environment (Resource)
 
 `fugue_aws_environment` manages an Environment in Fugue corresponding to one AWS account.
 
@@ -29,6 +30,7 @@ resource "fugue_aws_environment" "example" {
 }
 ```
 
+<!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
@@ -45,7 +47,7 @@ resource "fugue_aws_environment" "example" {
 - **scan_interval** (Number) Controls the time in seconds between scheduled scans of this environment.
 - **scan_schedule_enabled** (Boolean) Controls whether this environment is scanned on a schedule.
 
-### Read-only
+### Read-Only
 
 - **id** (String) The unique ID for this environment as generated by Fugue.
 - **scan_status** (String) Indicates whether a scan on this environment is currently running.

docs/resources/azure_environment.md

@@ -0,0 +1,71 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "fugue_azure_environment Resource - terraform-provider-fugue"
+subcategory: ""
+description: |-
+  fugue_azure_environment manages an Environment in Fugue corresponding to one Azure subscription.
+---
+
+# fugue_azure_environment (Resource)
+
+`fugue_azure_environment` manages an Environment in Fugue corresponding to one Azure subscription.
+
+## Example Usage
+
+```terraform
+variable "tenant_id" {
+  description = "Azure tenant ID"
+  type        = string
+}
+
+variable "subscription_id" {
+  description = "Azure subscription ID"
+  type        = string
+}
+
+variable "application_id" {
+  description = "Azure application ID"
+  type        = string
+}
+
+variable "client_secret" {
+  description = "Azure client secret"
+  type        = string
+  sensitive   = true
+}
+
+resource "fugue_azure_environment" "example" {
+  name                   = "example"
+  tenant_id              = var.tenant_id
+  subscription_id        = var.subscription_id
+  application_id         = var.application_id
+  client_secret          = var.client_secret
+  compliance_families    = ["CISAZURE"]
+  survey_resource_groups = ["*"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **application_id** (String) The Azure Active Directory application ID used for Fugue.
+- **client_secret** (String, Sensitive) The Azure secret generated for the Active Directory application.
+- **name** (String) The name for the environment.
+- **subscription_id** (String) The Azure subscription ID.
+- **survey_resource_groups** (Set of String) Survey resource groups.
+- **tenant_id** (String) The Azure Tenant ID.
+
+### Optional
+
+- **compliance_families** (Set of String) The set of compliance families to enable in this environment.
+- **scan_interval** (Number) Controls the time in seconds between scheduled scans of this environment.
+- **scan_schedule_enabled** (Boolean) Controls whether this environment is scanned on a schedule.
+
+### Read-Only
+
+- **id** (String) The unique ID for this environment as generated by Fugue.
+- **scan_status** (String) Indicates whether a scan on this environment is currently running.
+
+

docs/resources/google_environment.md

@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "fugue_google_environment Resource - terraform-provider-fugue"
+subcategory: ""
+description: |-
+  fugue_google_environment manages an Environment in Fugue corresponding to one Google project.
+---
+
+# fugue_google_environment (Resource)
+
+`fugue_google_environment` manages an Environment in Fugue corresponding to one Google project.
+
+## Example Usage
+
+```terraform
+variable "service_account_email" {
+  type = string
+}
+
+variable "project_id" {
+  type = string
+}
+
+resource "fugue_google_environment" "example" {
+  name                  = "example"
+  service_account_email = var.service_account_email
+  project_id            = var.project_id
+  compliance_families   = ["CIS-Google_v1.1.0"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **name** (String) The name for the environment.
+- **service_account_email** (String) The Google service account email used to provide Fugue secure access to the Google project.
+
+### Optional
+
+- **compliance_families** (Set of String) The set of compliance families to enable in this environment, e.g. ["CIS-Google_v1.1.0"].
+- **project_id** (String) The Google project ID. If not specified, it defaults to the project containing the provided service account email.
+- **scan_interval** (Number) Controls the time in seconds between scheduled scans of this environment.
+- **scan_schedule_enabled** (Boolean) Controls whether this environment is scanned on a schedule.
+
+### Read-Only
+
+- **id** (String) The unique ID for this environment as generated by Fugue.
+- **scan_status** (String) Indicates whether a scan on this environment is currently running.
+
+

docs/resources/rule.md

@@ -1,11 +1,12 @@
 ---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "fugue_rule Resource - terraform-provider-fugue"
 subcategory: ""
 description: |-
   fugue_rule manages the code and configuration for a rule in Fugue.
 ---
 
-# Resource `fugue_rule`
+# fugue_rule (Resource)
 
 `fugue_rule` manages the code and configuration for a rule in Fugue.
 
@@ -28,18 +29,19 @@ EOF
 }
 ```
 
+<!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- **cloud_provider** (String) Indicates which environment type this rule is intended to be used with. One of: AWS, AWS_GOVCLOUD, AZURE, GOOGLE.
+- **cloud_provider** (String) Indicates which environment type this rule is intended to be used with. One of: AWS, AWS_GOVCLOUD, AZURE, or GOOGLE.
 - **description** (String) A description of this rule.
 - **name** (String) The name of the rule.
 - **resource_type** (String) The resource type evaluated by this rule. This may be a string like `AWS.S3.Bucket` or `MULTIPLE` to indicate that multiple types are evaluated.
 - **rule_text** (String) The Rego code for the rule, as a string.
 - **severity** (String) Severity of this rule: Infomational, Low, Medium, High, or Critical.
 
-### Read-only
+### Read-Only
 
 - **id** (String) The unique ID for this rule as generated by Fugue.
 - **source** (String) The source of this rule: FUGUE or CUSTOM.

docs/resources/rule_waiver.md

@@ -1,11 +1,12 @@
 ---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "fugue_rule_waiver Resource - terraform-provider-fugue"
 subcategory: ""
 description: |-
   fugue_rule_waiver manages a rule waiver in Fugue for a given rule ID and resource.
 ---
 
-# Resource `fugue_rule_waiver`
+# fugue_rule_waiver (Resource)
 
 `fugue_rule_waiver` manages a rule waiver in Fugue for a given rule ID and resource.
 
@@ -23,6 +24,7 @@ resource "fugue_rule_waiver" "example" {
 }
 ```
 
+<!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
@@ -35,7 +37,7 @@ resource "fugue_rule_waiver" "example" {
 - **resource_type** (String) The type string of the resource, such as `AWS.S3.Bucket`.
 - **rule_id** (String) The ID of the rule to be waived, such as `FG_R00229`.
 
-### Read-only
+### Read-Only
 
 - **id** (String) The unique ID for this waiver as generated by Fugue.
 

examples/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     fugue = {
-      version = "0.0.4"
+      version = "0.0.5"
       source  = "fugue/fugue"
     }
   }

examples/resources/fugue_azure_environment/resource.tf

@@ -0,0 +1,31 @@
+
+variable "tenant_id" {
+  description = "Azure tenant ID"
+  type        = string
+}
+
+variable "subscription_id" {
+  description = "Azure subscription ID"
+  type        = string
+}
+
+variable "application_id" {
+  description = "Azure application ID"
+  type        = string
+}
+
+variable "client_secret" {
+  description = "Azure client secret"
+  type        = string
+  sensitive   = true
+}
+
+resource "fugue_azure_environment" "example" {
+  name                   = "example"
+  tenant_id              = var.tenant_id
+  subscription_id        = var.subscription_id
+  application_id         = var.application_id
+  client_secret          = var.client_secret
+  compliance_families    = ["CISAZURE"]
+  survey_resource_groups = ["*"]
+}

examples/resources/fugue_google_environment/resource.tf

@@ -0,0 +1,15 @@
+
+variable "service_account_email" {
+  type = string
+}
+
+variable "project_id" {
+  type = string
+}
+
+resource "fugue_google_environment" "example" {
+  name                  = "example"
+  service_account_email = var.service_account_email
+  project_id            = var.project_id
+  compliance_families   = ["CIS-Google_v1.1.0"]
+}

fugue/helpers.go

@@ -2,12 +2,19 @@ package fugue
 
 import (
 	"strings"
+	"time"
 
 	"github.com/fugue/fugue-client/client/custom_rules"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
+const (
+	// EnvironmentRetryTimeout defines the maximum time to retry on
+	// errors when changing an environment
+	EnvironmentRetryTimeout = 30 * time.Second
+)
+
 func getStringSlice(input []interface{}) []string {
 	items := make([]string, 0, len(input))
 	for _, item := range input {

fugue/provider.go

@@ -26,9 +26,11 @@ func Provider() *schema.Provider {
 			},
 		},
 		ResourcesMap: map[string]*schema.Resource{
-			"fugue_aws_environment": resourceAwsEnvironment(),
-			"fugue_rule_waiver":     resourceRuleWaiver(),
-			"fugue_rule":            resourceRule(),
+			"fugue_aws_environment":    resourceAwsEnvironment(),
+			"fugue_google_environment": resourceGoogleEnvironment(),
+			"fugue_azure_environment":  resourceAzureEnvironment(),
+			"fugue_rule_waiver":        resourceRuleWaiver(),
+			"fugue_rule":               resourceRule(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"fugue_aws_types": dataSourceAwsTypes(),