Skip to content

Commit

Permalink
feat(resource): New lacework_vulnerability_exception_host (#248)
Browse files Browse the repository at this point in the history
  • Loading branch information
dmurray-lacework authored Jan 13, 2022
1 parent 94ff17f commit afa657a
Show file tree
Hide file tree
Showing 25 changed files with 1,534 additions and 88 deletions.
79 changes: 79 additions & 0 deletions examples/resource_lacework_vulnerability_exception_host/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
terraform {
required_providers {
lacework = {
source = "lacework/lacework"
}
}
}

resource "lacework_vulnerability_exception_host" "example" {
name = var.name
description = var.description
enabled = true
reason = "Accepted Risk"
vulnerability_criteria {
severities = ["Critical"]
cves = var.cves
package {
name = var.package_name
version = var.package_version
}
package {
name = "myPackage"
version = "2.0.0"
}
package {
name = "myOtherPackage"
version = "1.0.0"
}
fixable = true
}
resource_scope {
hostnames = ["host1", "host2"]
cluster_names = ["clust-abc", "clust-xyz"]
external_ips = ["210.12.100.5"]
namespaces = ["namespace1", "namespace2"]
}
expiration_time = "2023-01-19T23:26:10Z"
}

variable "name" {
type = string
default = "Terraform Host Vulnerability Exception"
}

variable "description" {
type = string
default = "Host Vulnerability Exception created by Terraform"
}

variable "package_name" {
type = string
default = "myPackage"
}

variable "package_version" {
type = string
default = "1.0.0"
}

variable "cves" {
type = list(string)
default = ["CVE-2016-9840", "cve-2018-14599", "CVE-2018-6942"]
}

output "name" {
value = lacework_vulnerability_exception_host.example.name
}

output "description" {
value = lacework_vulnerability_exception_host.example.description
}

output "cves" {
value = lacework_vulnerability_exception_host.example.vulnerability_criteria.0.cves
}

output "packages" {
value = lacework_vulnerability_exception_host.example.vulnerability_criteria.0.package
}
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ require (
github.com/gruntwork-io/terratest v0.38.8
github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.1
github.com/hashicorp/yamux v0.0.0-20200609203250-aecfd211c9ce // indirect
github.com/lacework/go-sdk v0.22.1-0.20211209162214-4153f64f071b
github.com/lacework/go-sdk v0.23.1-0.20220107132053-ef65e232b7c7
github.com/oklog/run v1.1.0 // indirect
github.com/pkg/errors v0.9.1
github.com/stretchr/testify v1.7.0
Expand Down
13 changes: 7 additions & 6 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -558,8 +558,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hashicorp/hcl/v2 v2.3.0/go.mod h1:d+FwDBbOLvpAM3Z6J7gPj/VoAGkNe/gm352ZhjJ/Zv8=
github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
github.com/hashicorp/hcl/v2 v2.10.1 h1:h4Xx4fsrRE26ohAk/1iGF/JBqRQbyUqu5Lvj60U54ys=
github.com/hashicorp/hcl/v2 v2.10.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
github.com/hashicorp/hcl/v2 v2.11.1 h1:yTyWcXcm9XB0TEkyU/JCRU6rYy4K+mgLtzn2wlrJbcc=
github.com/hashicorp/hcl/v2 v2.11.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
Expand Down Expand Up @@ -660,8 +660,8 @@ github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LE
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
github.com/kyokomi/emoji/v2 v2.2.8/go.mod h1:JUcn42DTdsXJo1SWanHh4HKDEyPaR5CqkmoirZZP9qE=
github.com/lacework/go-sdk v0.22.1-0.20211209162214-4153f64f071b h1:7+FZmS7DszFj5to4ifA/nGyfF5F0HgHj7+7tFn14olQ=
github.com/lacework/go-sdk v0.22.1-0.20211209162214-4153f64f071b/go.mod h1:qY19L1pMZyebC17V06llwebxYfBbcEuGj9AXb2QrqWQ=
github.com/lacework/go-sdk v0.23.1-0.20220107132053-ef65e232b7c7 h1:2NNxZvpmlkAe7fkbouncWSAr4dVBa2sqcNzV0dvh6hc=
github.com/lacework/go-sdk v0.23.1-0.20220107132053-ef65e232b7c7/go.mod h1:hpRCkw5LhPqHyK7R4FJ7IJgVkG15kq86dk7CTn9Uk5o=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
Expand Down Expand Up @@ -720,8 +720,9 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.4.2 h1:6h7AQ0yhTcIsmFmnAwQls75jp2Gzs4iB8W7pjMO+rqo=
github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs=
github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
Expand Down Expand Up @@ -791,7 +792,7 @@ github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrap
github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/peterbourgon/diskv/v3 v3.0.0/go.mod h1:kJ5Ny7vLdARGU3WUuy6uzO6T0nb/2gWcT1JiBvRmb5o=
github.com/peterbourgon/diskv/v3 v3.0.1/go.mod h1:kJ5Ny7vLdARGU3WUuy6uzO6T0nb/2gWcT1JiBvRmb5o=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
Expand Down
11 changes: 11 additions & 0 deletions integration/integration.go
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,17 @@ func GetReportRuleProps(result string) api.ReportRuleResponse {
return data
}

func GetVulnerabilityExceptionProps(result string) api.VulnerabilityExceptionResponse {
id := GetSpecificIDFromTerraResults(1, result)

var data api.VulnerabilityExceptionResponse
err := LwClient.V2.VulnerabilityExceptions.Get(id, &data)
if err != nil {
log.Fatalf("Unable to retrieve vulnerability exception with id: %s", id)
}
return data
}

// GetSpecificIDFromTerraResults returns the specific index id found in the Terraform output
func GetSpecificIDFromTerraResults(i int, result string) string {
re := regexp.MustCompile(`\[id=(.*?)\]`)
Expand Down
67 changes: 67 additions & 0 deletions integration/resource_lacework_vulnerability_exception_host_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
package integration

import (
"testing"

"github.com/gruntwork-io/terratest/modules/terraform"
"github.com/stretchr/testify/assert"
)

// TestVulnerabilityExceptionHostCreate applies integration terraform:
// => '../examples/resource_lacework_vulnerability_exception_host'
//
// It uses the go-sdk to verify the created vulnerability exception,
// applies an update and destroys it
//nolint
func TestVulnerabilityExceptionHostCreate(t *testing.T) {
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
TerraformDir: "../examples/resource_lacework_vulnerability_exception_host",
Vars: map[string]interface{}{
"name": "Terraform Vulnerability Exception Host Test",
"description": "Vulnerability Exception Host created by Terraform",
"cves": []string{"CVE-2016-9840", "CVE-2018-14599", "CVE-2018-6942"},
"package_name": "myPackage",
"package_version": "1.0.0",
},
})
defer terraform.Destroy(t, terraformOptions)

// Create new Vulnerability Exception
create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
createProps := GetVulnerabilityExceptionProps(create)

actualDescription := terraform.Output(t, terraformOptions, "description")
actualCves := terraform.Output(t, terraformOptions, "cves")
actualPackages := terraform.Output(t, terraformOptions, "packages")

assert.Equal(t, "Vulnerability Exception Host created by Terraform", createProps.Data.Props.Description)
assert.Equal(t, []string{"CVE-2016-9840", "CVE-2018-14599", "CVE-2018-6942"}, createProps.Data.VulnerabilityCriteria.Cve)
assert.Equal(t, []map[string][]string{{"myPackage": {"1.0.0", "2.0.0"}}, {"myOtherPackage": {"1.0.0"}}}, createProps.Data.VulnerabilityCriteria.Package)

assert.Equal(t, "Vulnerability Exception Host created by Terraform", actualDescription)
assert.Equal(t, "[CVE-2016-9840 CVE-2018-14599 CVE-2018-6942]", actualCves)
assert.Equal(t, "[map[name:myOtherPackage version:1.0.0] map[name:myPackage version:1.0.0] map[name:myPackage version:2.0.0]]", actualPackages)

// Update Vulnerability Exception
terraformOptions.Vars = map[string]interface{}{
"name": "Terraform Vulnerability Exception Host Test",
"description": "Updated Vulnerability Exception created by Terraform",
"cves": []string{"CVE-2016-9840", "CVE-2018-6940"},
"package_name": "myUpdatedPackage",
"package_version": "1.1.0",
}

update := terraform.ApplyAndIdempotent(t, terraformOptions)
updateProps := GetVulnerabilityExceptionProps(update)
actualDescription = terraform.Output(t, terraformOptions, "description")
actualCves = terraform.Output(t, terraformOptions, "cves")
actualPackages = terraform.Output(t, terraformOptions, "packages")

assert.Equal(t, "Updated Vulnerability Exception created by Terraform", updateProps.Data.Props.Description)
assert.Equal(t, []string{"CVE-2016-9840", "CVE-2018-6940"}, updateProps.Data.VulnerabilityCriteria.Cve)
assert.Equal(t, []map[string][]string{{"myPackage": {"2.0.0"}}, {"myUpdatedPackage": {"1.1.0"}}, {"myOtherPackage": {"1.0.0"}}}, updateProps.Data.VulnerabilityCriteria.Package)

assert.Equal(t, "Updated Vulnerability Exception created by Terraform", actualDescription)
assert.Equal(t, "[CVE-2016-9840 CVE-2018-6940]", actualCves)
assert.Equal(t, "[map[name:myOtherPackage version:1.0.0] map[name:myPackage version:2.0.0] map[name:myUpdatedPackage version:1.1.0]]", actualPackages)
}
11 changes: 11 additions & 0 deletions lacework/casting.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,17 @@ func castAttributeToArrayOfKeyValueMap(d *schema.ResourceData, attr string) []ma
return aMap
}

func castAttributeToArrayOfCustomKeyValueMap(d *schema.ResourceData, attr string, key string, value string) []map[string]string {
list := d.Get(attr).(*schema.Set).List()
aMap := make([]map[string]string, len(list))
for i, v := range list {
val := v.(map[string]interface{})
aMap[i] = map[string]string{val[key].(string): val[value].(string)}
}

return aMap
}

// convert an array of map of strings with string keys to a key/value TypeSet
// needed for API v2 ContainerRegistry Limits
//
Expand Down
1 change: 1 addition & 0 deletions lacework/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ func Provider() *schema.Provider {
"lacework_resource_group_gcp": resourceLaceworkResourceGroupGcp(),
"lacework_resource_group_machine": resourceLaceworkResourceGroupMachine(),
"lacework_team_member": resourceLaceworkTeamMember(),
"lacework_vulnerability_exception_host": resourceLaceworkVulnerabilityExceptionHost(),
},

DataSourcesMap: map[string]*schema.Resource{
Expand Down
Loading

0 comments on commit afa657a

Please sign in to comment.