-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(resource): New lacework_vulnerability_exception_host (#248)
- Loading branch information
1 parent
94ff17f
commit afa657a
Showing
25 changed files
with
1,534 additions
and
88 deletions.
There are no files selected for viewing
79 changes: 79 additions & 0 deletions
79
examples/resource_lacework_vulnerability_exception_host/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
terraform { | ||
required_providers { | ||
lacework = { | ||
source = "lacework/lacework" | ||
} | ||
} | ||
} | ||
|
||
resource "lacework_vulnerability_exception_host" "example" { | ||
name = var.name | ||
description = var.description | ||
enabled = true | ||
reason = "Accepted Risk" | ||
vulnerability_criteria { | ||
severities = ["Critical"] | ||
cves = var.cves | ||
package { | ||
name = var.package_name | ||
version = var.package_version | ||
} | ||
package { | ||
name = "myPackage" | ||
version = "2.0.0" | ||
} | ||
package { | ||
name = "myOtherPackage" | ||
version = "1.0.0" | ||
} | ||
fixable = true | ||
} | ||
resource_scope { | ||
hostnames = ["host1", "host2"] | ||
cluster_names = ["clust-abc", "clust-xyz"] | ||
external_ips = ["210.12.100.5"] | ||
namespaces = ["namespace1", "namespace2"] | ||
} | ||
expiration_time = "2023-01-19T23:26:10Z" | ||
} | ||
|
||
variable "name" { | ||
type = string | ||
default = "Terraform Host Vulnerability Exception" | ||
} | ||
|
||
variable "description" { | ||
type = string | ||
default = "Host Vulnerability Exception created by Terraform" | ||
} | ||
|
||
variable "package_name" { | ||
type = string | ||
default = "myPackage" | ||
} | ||
|
||
variable "package_version" { | ||
type = string | ||
default = "1.0.0" | ||
} | ||
|
||
variable "cves" { | ||
type = list(string) | ||
default = ["CVE-2016-9840", "cve-2018-14599", "CVE-2018-6942"] | ||
} | ||
|
||
output "name" { | ||
value = lacework_vulnerability_exception_host.example.name | ||
} | ||
|
||
output "description" { | ||
value = lacework_vulnerability_exception_host.example.description | ||
} | ||
|
||
output "cves" { | ||
value = lacework_vulnerability_exception_host.example.vulnerability_criteria.0.cves | ||
} | ||
|
||
output "packages" { | ||
value = lacework_vulnerability_exception_host.example.vulnerability_criteria.0.package | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
67 changes: 67 additions & 0 deletions
67
integration/resource_lacework_vulnerability_exception_host_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
package integration | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/gruntwork-io/terratest/modules/terraform" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
// TestVulnerabilityExceptionHostCreate applies integration terraform: | ||
// => '../examples/resource_lacework_vulnerability_exception_host' | ||
// | ||
// It uses the go-sdk to verify the created vulnerability exception, | ||
// applies an update and destroys it | ||
//nolint | ||
func TestVulnerabilityExceptionHostCreate(t *testing.T) { | ||
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ | ||
TerraformDir: "../examples/resource_lacework_vulnerability_exception_host", | ||
Vars: map[string]interface{}{ | ||
"name": "Terraform Vulnerability Exception Host Test", | ||
"description": "Vulnerability Exception Host created by Terraform", | ||
"cves": []string{"CVE-2016-9840", "CVE-2018-14599", "CVE-2018-6942"}, | ||
"package_name": "myPackage", | ||
"package_version": "1.0.0", | ||
}, | ||
}) | ||
defer terraform.Destroy(t, terraformOptions) | ||
|
||
// Create new Vulnerability Exception | ||
create := terraform.InitAndApplyAndIdempotent(t, terraformOptions) | ||
createProps := GetVulnerabilityExceptionProps(create) | ||
|
||
actualDescription := terraform.Output(t, terraformOptions, "description") | ||
actualCves := terraform.Output(t, terraformOptions, "cves") | ||
actualPackages := terraform.Output(t, terraformOptions, "packages") | ||
|
||
assert.Equal(t, "Vulnerability Exception Host created by Terraform", createProps.Data.Props.Description) | ||
assert.Equal(t, []string{"CVE-2016-9840", "CVE-2018-14599", "CVE-2018-6942"}, createProps.Data.VulnerabilityCriteria.Cve) | ||
assert.Equal(t, []map[string][]string{{"myPackage": {"1.0.0", "2.0.0"}}, {"myOtherPackage": {"1.0.0"}}}, createProps.Data.VulnerabilityCriteria.Package) | ||
|
||
assert.Equal(t, "Vulnerability Exception Host created by Terraform", actualDescription) | ||
assert.Equal(t, "[CVE-2016-9840 CVE-2018-14599 CVE-2018-6942]", actualCves) | ||
assert.Equal(t, "[map[name:myOtherPackage version:1.0.0] map[name:myPackage version:1.0.0] map[name:myPackage version:2.0.0]]", actualPackages) | ||
|
||
// Update Vulnerability Exception | ||
terraformOptions.Vars = map[string]interface{}{ | ||
"name": "Terraform Vulnerability Exception Host Test", | ||
"description": "Updated Vulnerability Exception created by Terraform", | ||
"cves": []string{"CVE-2016-9840", "CVE-2018-6940"}, | ||
"package_name": "myUpdatedPackage", | ||
"package_version": "1.1.0", | ||
} | ||
|
||
update := terraform.ApplyAndIdempotent(t, terraformOptions) | ||
updateProps := GetVulnerabilityExceptionProps(update) | ||
actualDescription = terraform.Output(t, terraformOptions, "description") | ||
actualCves = terraform.Output(t, terraformOptions, "cves") | ||
actualPackages = terraform.Output(t, terraformOptions, "packages") | ||
|
||
assert.Equal(t, "Updated Vulnerability Exception created by Terraform", updateProps.Data.Props.Description) | ||
assert.Equal(t, []string{"CVE-2016-9840", "CVE-2018-6940"}, updateProps.Data.VulnerabilityCriteria.Cve) | ||
assert.Equal(t, []map[string][]string{{"myPackage": {"2.0.0"}}, {"myUpdatedPackage": {"1.1.0"}}, {"myOtherPackage": {"1.0.0"}}}, updateProps.Data.VulnerabilityCriteria.Package) | ||
|
||
assert.Equal(t, "Updated Vulnerability Exception created by Terraform", actualDescription) | ||
assert.Equal(t, "[CVE-2016-9840 CVE-2018-6940]", actualCves) | ||
assert.Equal(t, "[map[name:myOtherPackage version:1.0.0] map[name:myPackage version:2.0.0] map[name:myUpdatedPackage version:1.1.0]]", actualPackages) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.