Skip to content

Commit

Permalink
feat: Add Non-OS Package support for GCR, DockerV2, and DockerHub (#152)
Browse files Browse the repository at this point in the history
Signed-off-by: Andre Elizondo <andre@lacework.com>
  • Loading branch information
andrewelizondo authored Sep 8, 2021
1 parent ca4eb3d commit 96b4df8
Show file tree
Hide file tree
Showing 6 changed files with 54 additions and 24 deletions.
25 changes: 17 additions & 8 deletions lacework/resource_lacework_integration_docker_hub.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,12 @@ func resourceLaceworkIntegrationDockerHub() *schema.Resource {
Default: 5,
Description: "The maximum number of newest container images to assess per repository",
},
"non_os_package_support": {
Type: schema.TypeBool,
Optional: true,
Default: false,
Description: "Enable program language scanning",
},
"intg_guid": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -157,10 +163,11 @@ func resourceLaceworkIntegrationDockerHubCreate(d *schema.ResourceData, meta int

data := api.NewDockerHubRegistryIntegration(d.Get("name").(string),
api.ContainerRegData{
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
LimitByRep: limitByRepos,
LimitNumImg: d.Get("limit_num_imgs").(int),
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
LimitByRep: limitByRepos,
LimitNumImg: d.Get("limit_num_imgs").(int),
NonOSPackageEval: d.Get("non_os_package_support").(bool),
Credentials: api.ContainerRegCreds{
Username: d.Get("username").(string),
Password: d.Get("password").(string),
Expand Down Expand Up @@ -220,6 +227,7 @@ func resourceLaceworkIntegrationDockerHubRead(d *schema.ResourceData, meta inter

d.Set("username", integration.Data.Credentials.Username)
d.Set("limit_num_imgs", integration.Data.LimitNumImg)
d.Set("non_os_package_support", integration.Data.NonOSPackageEval)

if _, ok := d.GetOk("limit_by_tags"); ok {
d.Set("limit_by_tags", strings.Split(integration.Data.LimitByTag, ","))
Expand Down Expand Up @@ -269,10 +277,11 @@ func resourceLaceworkIntegrationDockerHubUpdate(d *schema.ResourceData, meta int

data := api.NewDockerHubRegistryIntegration(d.Get("name").(string),
api.ContainerRegData{
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
LimitByRep: limitByRepos,
LimitNumImg: d.Get("limit_num_imgs").(int),
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
LimitByRep: limitByRepos,
LimitNumImg: d.Get("limit_num_imgs").(int),
NonOSPackageEval: d.Get("non_os_package_support").(bool),
Credentials: api.ContainerRegCreds{
Username: d.Get("username").(string),
Password: d.Get("password").(string),
Expand Down
21 changes: 15 additions & 6 deletions lacework/resource_lacework_integration_docker_v2.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,12 @@ func resourceLaceworkIntegrationDockerV2() *schema.Resource {
Description: "A key based map of labels to limit the assessment of images with matching key:value labels",
ConflictsWith: []string{"limit_by_label"},
},
"non_os_package_support": {
Type: schema.TypeBool,
Optional: true,
Default: false,
Description: "Enable program language scanning",
},
"intg_guid": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -131,9 +137,10 @@ func resourceLaceworkIntegrationDockerV2Create(d *schema.ResourceData, meta inte

data := api.NewDockerV2RegistryIntegration(d.Get("name").(string),
api.ContainerRegData{
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
RegistryDomain: d.Get("registry_domain").(string),
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
RegistryDomain: d.Get("registry_domain").(string),
NonOSPackageEval: d.Get("non_os_package_support").(bool),
Credentials: api.ContainerRegCreds{
Username: d.Get("username").(string),
Password: d.Get("password").(string),
Expand Down Expand Up @@ -196,6 +203,7 @@ func resourceLaceworkIntegrationDockerV2Read(d *schema.ResourceData, meta interf
d.Set("username", integration.Data.Credentials.Username)
d.Set("password", integration.Data.Credentials.Password)
d.Set("ssl", integration.Data.Credentials.SSL)
d.Set("non_os_package_support", integration.Data.NonOSPackageEval)

if _, ok := d.GetOk("limit_by_tags"); ok {
d.Set("limit_by_tags", strings.Split(integration.Data.LimitByTag, ","))
Expand Down Expand Up @@ -234,9 +242,10 @@ func resourceLaceworkIntegrationDockerV2Update(d *schema.ResourceData, meta inte

data := api.NewDockerV2RegistryIntegration(d.Get("name").(string),
api.ContainerRegData{
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
RegistryDomain: d.Get("registry_domain").(string),
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
RegistryDomain: d.Get("registry_domain").(string),
NonOSPackageEval: d.Get("non_os_package_support").(bool),
Credentials: api.ContainerRegCreds{
Username: d.Get("username").(string),
Password: d.Get("password").(string),
Expand Down
29 changes: 19 additions & 10 deletions lacework/resource_lacework_integration_gcr.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,12 @@ func resourceLaceworkIntegrationGcr() *schema.Resource {
Optional: true,
Default: 5,
},
"non_os_package_support": {
Type: schema.TypeBool,
Optional: true,
Default: false,
Description: "Enable program language scanning",
},
"intg_guid": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -200,11 +206,12 @@ func resourceLaceworkIntegrationGcrCreate(d *schema.ResourceData, meta interface

data := api.NewGcrRegistryIntegration(d.Get("name").(string),
api.ContainerRegData{
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
LimitByRep: limitByRepos,
LimitNumImg: d.Get("limit_num_imgs").(int),
RegistryDomain: d.Get("registry_domain").(string),
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
LimitByRep: limitByRepos,
LimitNumImg: d.Get("limit_num_imgs").(int),
RegistryDomain: d.Get("registry_domain").(string),
NonOSPackageEval: d.Get("non_os_package_support").(bool),
Credentials: api.ContainerRegCreds{
ClientID: d.Get("credentials.0.client_id").(string),
ClientEmail: d.Get("credentials.0.client_email").(string),
Expand Down Expand Up @@ -271,6 +278,7 @@ func resourceLaceworkIntegrationGcrRead(d *schema.ResourceData, meta interface{}
d.Set("credentials", []map[string]string{creds})
d.Set("registry_domain", integration.Data.RegistryDomain)
d.Set("limit_num_imgs", integration.Data.LimitNumImg)
d.Set("non_os_package_support", integration.Data.NonOSPackageEval)

if _, ok := d.GetOk("limit_by_tags"); ok {
d.Set("limit_by_tags", strings.Split(integration.Data.LimitByTag, ","))
Expand Down Expand Up @@ -320,11 +328,12 @@ func resourceLaceworkIntegrationGcrUpdate(d *schema.ResourceData, meta interface

data := api.NewGcrRegistryIntegration(d.Get("name").(string),
api.ContainerRegData{
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
LimitByRep: limitByRepos,
LimitNumImg: d.Get("limit_num_imgs").(int),
RegistryDomain: d.Get("registry_domain").(string),
LimitByTag: limitByTags,
LimitByLabel: limitByLabels,
LimitByRep: limitByRepos,
LimitNumImg: d.Get("limit_num_imgs").(int),
RegistryDomain: d.Get("registry_domain").(string),
NonOSPackageEval: d.Get("non_os_package_support").(bool),
Credentials: api.ContainerRegCreds{
ClientID: d.Get("credentials.0.client_id").(string),
ClientEmail: d.Get("credentials.0.client_email").(string),
Expand Down
1 change: 1 addition & 0 deletions website/docs/r/integration_docker_hub.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ The following arguments are supported:
* `limit_by_tags` - (Optional) A list of image tags to limit the assessment of images with matching tags. If you specify `limit_by_tags` and `limit_by_labels` limits, they function as an `AND`.
* `limit_by_labels` - (Optional) A key based map of labels to limit the assessment of images with matching `key:value` labels. If you specify `limit_by_tags` and `limit_by_labels` limits, they function as an `AND`.
* `limit_by_repositories` - (Optional) A list of repositories to assess.
* `non_os_package_support` - (Optional) Enable [program language scanning](https://support.lacework.com/hc/en-us/articles/360035472393-Container-Vulnerability-Assessment-Overview#programming-language-support). Defaults to `false`.

## Import

Expand Down
1 change: 1 addition & 0 deletions website/docs/r/integration_docker_v2.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ The following arguments are supported:
* `enabled` - (Optional) The state of the external integration. Defaults to `true`.
* `limit_by_tags` - (Optional) A list of image tags to limit the assessment of images with matching tags. If you specify `limit_by_tags` and `limit_by_labels` limits, they function as an `AND`.
* `limit_by_labels` - (Optional) A key based map of labels to limit the assessment of images with matching `key:value` labels. If you specify `limit_by_tags` and `limit_by_labels` limits, they function as an `AND`.
* `non_os_package_support` - (Optional) Enable [program language scanning](https://support.lacework.com/hc/en-us/articles/360035472393-Container-Vulnerability-Assessment-Overview#programming-language-support). Defaults to `false`.

## Import

Expand Down
1 change: 1 addition & 0 deletions website/docs/r/integration_gcr.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ The following arguments are supported:
* `limit_by_tags` - (Optional) A list of image tags to limit the assessment of images with matching tags. If you specify `limit_by_tags` and `limit_by_labels` limits, they function as an `AND`.
* `limit_by_labels` - (Optional) A key based map of labels to limit the assessment of images with matching `key:value` labels. If you specify `limit_by_tags` and `limit_by_labels` limits, they function as an `AND`.
* `limit_by_repositories` - (Optional) A list of repositories to assess.
* `non_os_package_support` - (Optional) Enable [program language scanning](https://support.lacework.com/hc/en-us/articles/360035472393-Container-Vulnerability-Assessment-Overview#programming-language-support). Defaults to `false`.

### Credentials

Expand Down

0 comments on commit 96b4df8

Please sign in to comment.