Skip to content

Commit

Permalink
Merge pull request #33402 from stromp/f-add-json-attribute-to-patch-b…
Browse files Browse the repository at this point in the history
…aseline-resource

F add json attribute to patch baseline resource
  • Loading branch information
YakDriver authored Jan 20, 2024
2 parents 5a4f604 + 557650a commit cd58d59
Show file tree
Hide file tree
Showing 8 changed files with 102 additions and 84 deletions.
7 changes: 7 additions & 0 deletions .changelog/33402.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
```release-note:enhancement
resource/aws_ssm_patch_baseline: Add `json` attribute to facilitate use with S3 buckets
```

```release-note:enhancement
data-source/aws_ssm_patch_baseline: Add `json` attribute to facilitate use with S3 buckets
```
4 changes: 4 additions & 0 deletions internal/acctest/acctest.go
Original file line number Diff line number Diff line change
Expand Up @@ -683,6 +683,8 @@ func CheckResourceAttrJMES(name, key, jmesPath, value string) resource.TestCheck
v = x
case float64:
v = strconv.FormatFloat(x, 'f', -1, 64)
case bool:
v = fmt.Sprint(x)
default:
return fmt.Errorf(`%[1]s: Attribute %[2]q, JMESPath %[3]q got "%#[4]v" (%[4]T)`, name, key, jmesPath, result)
}
Expand Down Expand Up @@ -729,6 +731,8 @@ func CheckResourceAttrJMESPair(nameFirst, keyFirst, jmesPath, nameSecond, keySec
value = x
case float64:
value = strconv.FormatFloat(x, 'f', -1, 64)
case bool:
value = fmt.Sprint(x)
default:
return fmt.Errorf(`%[1]s: Attribute %[2]q, JMESPath %[3]q got "%#[4]v" (%[4]T)`, nameFirst, keyFirst, jmesPath, result)
}
Expand Down
14 changes: 14 additions & 0 deletions internal/service/ssm/patch_baseline.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ package ssm

import (
"context"
"encoding/json"
"fmt"
"log"
"strings"
Expand Down Expand Up @@ -220,6 +221,10 @@ func ResourcePatchBaseline() *schema.Resource {
},
},
},
"json": {
Type: schema.TypeString,
Computed: true,
},

names.AttrTags: tftags.TagsSchema(),
names.AttrTagsAll: tftags.TagsSchemaComputed(),
Expand Down Expand Up @@ -313,9 +318,18 @@ func resourcePatchBaselineRead(ctx context.Context, d *schema.ResourceData, meta
AccountID: meta.(*conns.AWSClient).AccountID,
Resource: fmt.Sprintf("patchbaseline/%s", strings.TrimPrefix(d.Id(), "/")),
}

jsonDoc, err := json.MarshalIndent(resp, "", " ")
if err != nil {
// should never happen if the above code is correct
return sdkdiag.AppendErrorf(diags, "Formatting json representation: formatting JSON: %s", err)
}
jsonString := string(jsonDoc)

d.Set("arn", arn.String())
d.Set("name", resp.Name)
d.Set("description", resp.Description)
d.Set("json", jsonString)
d.Set("operating_system", resp.OperatingSystem)
d.Set("approved_patches_compliance_level", resp.ApprovedPatchesComplianceLevel)
d.Set("approved_patches", flex.FlattenStringList(resp.ApprovedPatches))
Expand Down
13 changes: 13 additions & 0 deletions internal/service/ssm/patch_baseline_data_source.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ package ssm

import (
"context"
"encoding/json"
"log"

"github.com/aws/aws-sdk-go/aws"
Expand Down Expand Up @@ -100,6 +101,10 @@ func DataSourcePatchBaseline() *schema.Resource {
},
},
},
"json": {
Type: schema.TypeString,
Computed: true,
},
"name": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -225,6 +230,13 @@ func dataPatchBaselineRead(ctx context.Context, d *schema.ResourceData, meta int
return sdkdiag.AppendErrorf(diags, "getting SSM PatchBaseline: %s", err)
}

jsonDoc, err := json.MarshalIndent(output, "", " ")
if err != nil {
// should never happen if the above code is correct
return sdkdiag.AppendErrorf(diags, "Formatting json representation: formatting JSON: %s", err)
}
jsonString := string(jsonDoc)

d.SetId(aws.StringValue(baseline.BaselineId))
d.Set("approved_patches", aws.StringValueSlice(output.ApprovedPatches))
d.Set("approved_patches_compliance_level", output.ApprovedPatchesComplianceLevel)
Expand All @@ -233,6 +245,7 @@ func dataPatchBaselineRead(ctx context.Context, d *schema.ResourceData, meta int
d.Set("default_baseline", baseline.DefaultBaseline)
d.Set("description", baseline.BaselineDescription)
d.Set("global_filter", flattenPatchFilterGroup(output.GlobalFilters))
d.Set("json", jsonString)
d.Set("name", baseline.BaselineName)
d.Set("operating_system", baseline.OperatingSystem)
d.Set("rejected_patches", aws.StringValueSlice(output.RejectedPatches))
Expand Down
5 changes: 5 additions & 0 deletions internal/service/ssm/patch_baseline_data_source_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ func TestAccSSMPatchBaselineDataSource_existingBaseline(t *testing.T) {
resource.TestCheckResourceAttr(dataSourceName, "rejected_patches.#", "0"),
resource.TestCheckResourceAttr(dataSourceName, "rejected_patches_action", "ALLOW_AS_DEPENDENCY"),
resource.TestCheckResourceAttr(dataSourceName, "source.#", "0"),
acctest.CheckResourceAttrJMES(dataSourceName, "json", "ApprovedPatches|length(@)", "0"),
acctest.CheckResourceAttrJMESPair(dataSourceName, "json", "Name", dataSourceName, "name"),
acctest.CheckResourceAttrJMESPair(dataSourceName, "json", "Description", dataSourceName, "description"),
acctest.CheckResourceAttrJMESPair(dataSourceName, "json", "ApprovedPatchesEnableNonSecurity", dataSourceName, "approved_patches_enable_non_security"),
acctest.CheckResourceAttrJMESPair(dataSourceName, "json", "OperatingSystem", dataSourceName, "operating_system"),
),
},
},
Expand Down
11 changes: 11 additions & 0 deletions internal/service/ssm/patch_baseline_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@ func TestAccSSMPatchBaseline_basic(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "description", "Baseline containing all updates approved for production systems"),
resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
resource.TestCheckResourceAttr(resourceName, "approved_patches_enable_non_security", "false"),
acctest.CheckResourceAttrJMES(resourceName, "json", "ApprovedPatchesEnableNonSecurity", "false"),
acctest.CheckResourceAttrJMES(resourceName, "json", "ApprovedPatches|length(@)", "1"),
acctest.CheckResourceAttrJMESPair(resourceName, "json", "ApprovedPatches[0]", resourceName, "approved_patches.0"),
acctest.CheckResourceAttrJMESPair(resourceName, "json", "Name", resourceName, "name"),
acctest.CheckResourceAttrJMESPair(resourceName, "json", "Description", resourceName, "description"),
acctest.CheckResourceAttrJMESPair(resourceName, "json", "ApprovedPatchesEnableNonSecurity", resourceName, "approved_patches_enable_non_security"),
acctest.CheckResourceAttrJMESPair(resourceName, "json", "OperatingSystem", resourceName, "operating_system"),
),
},
{
Expand All @@ -61,6 +68,9 @@ func TestAccSSMPatchBaseline_basic(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "approved_patches_compliance_level", ssm.PatchComplianceLevelHigh),
resource.TestCheckResourceAttr(resourceName, "description", "Baseline containing all updates approved for production systems - August 2017"),
resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
acctest.CheckResourceAttrJMESPair(resourceName, "json", "ApprovedPatches[0]", resourceName, "approved_patches.1"),
acctest.CheckResourceAttrJMESPair(resourceName, "json", "ApprovedPatches[1]", resourceName, "approved_patches.0"),
acctest.CheckResourceAttrJMES(resourceName, "json", "ApprovedPatches|length(@)", "2"),
func(*terraform.State) error {
if aws.StringValue(before.BaselineId) != aws.StringValue(after.BaselineId) {
t.Fatal("Baseline IDs changed unexpectedly")
Expand Down Expand Up @@ -277,6 +287,7 @@ func TestAccSSMPatchBaseline_sources(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "source.1.configuration", "[amzn-main] \nname=amzn-main-Base\nmirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list //nmirrorlist_expire=300//nmetadata_expire=300 \npriority=10 \nfailovermethod=priority \nfastestmirror_enabled=0 \ngpgcheck=1 \ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga \nenabled=1 \nretries=3 \ntimeout=5\nreport_instanceid=yes"),
resource.TestCheckResourceAttr(resourceName, "source.1.products.#", "1"),
resource.TestCheckResourceAttr(resourceName, "source.1.products.0", "AmazonLinux2018.03"),

func(*terraform.State) error {
if aws.StringValue(before.BaselineId) != aws.StringValue(after.BaselineId) {
t.Fatal("Baseline IDs changed unexpectedly")
Expand Down
34 changes: 19 additions & 15 deletions website/docs/d/ssm_patch_baseline.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -35,37 +35,41 @@ data "aws_ssm_patch_baseline" "default_custom" {

## Argument Reference

This data source supports the following arguments:
The following arguments are required:

* `owner` - (Required) Owner of the baseline. Valid values: `All`, `AWS`, `Self` (the current account).
* `name_prefix` - (Optional) Filter results by the baseline name prefix.

The following arguments are optional:

* `default_baseline` - (Optional) Filters the results against the baselines default_baseline field.
* `name_prefix` - (Optional) Filter results by the baseline name prefix.
* `operating_system` - (Optional) Specified OS for the baseline. Valid values: `AMAZON_LINUX`, `AMAZON_LINUX_2`, `UBUNTU`, `REDHAT_ENTERPRISE_LINUX`, `SUSE`, `CENTOS`, `ORACLE_LINUX`, `DEBIAN`, `MACOS`, `RASPBIAN` and `ROCKY_LINUX`.

## Attribute Reference

This data source exports the following attributes in addition to the arguments above:

* `approved_patches` - List of explicitly approved patches for the baseline.
* `approved_patches_compliance_level` - The compliance level for approved patches.
* `approved_patches_compliance_level` - Compliance level for approved patches.
* `approved_patches_enable_non_security` - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
* `approval_rule` - List of rules used to include patches in the baseline.
* `approve_after_days` - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
* `approve_until_date` - The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as `YYYY-MM-DD`. Conflicts with `approve_after_days`
* `compliance_level` - The compliance level for patches approved by this rule.
* `approve_after_days` - Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
* `approve_until_date` - Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as `YYYY-MM-DD`. Conflicts with `approve_after_days`
* `compliance_level` - Compliance level for patches approved by this rule.
* `enable_non_security` - Boolean enabling the application of non-security updates.
* `patch_filter` - The patch filter group that defines the criteria for the rule.
* `key` - The key for the filter.
* `values` - The value for the filter.
* `patch_filter` - Patch filter group that defines the criteria for the rule.
* `key` - Key for the filter.
* `values` - Value for the filter.
* `global_filter` - Set of global filters used to exclude patches from the baseline.
* `key` - The key for the filter.
* `values` - The value for the filter.
* `key` - Key for the filter.
* `values` - Value for the filter.
* `id` - ID of the baseline.
* `json` - JSON representation of the baseline.
* `name` - Name of the baseline.
* `description` - Description of the baseline.
* `rejected_patches` - List of rejected patches.
* `rejected_patches_action` - The action specified to take on patches included in the `rejected_patches` list.
* `rejected_patches_action` - Action specified to take on patches included in the `rejected_patches` list.
* `source` - Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
* `configuration` - The value of the yum repo configuration.
* `name` - The name specified to identify the patch source.
* `products` - The specific operating system versions a patch repository applies to.
* `configuration` - Value of the yum repo configuration.
* `name` - Name specified to identify the patch source.
* `products` - Specific operating system versions a patch repository applies to.
Loading

0 comments on commit cd58d59

Please sign in to comment.