feat: add inline and proxy scanner resources (#434)

***Issue***: https://lacework.atlassian.net/jira/software/projects/ALLY/issues/ALLY-1037 ***Description:*** Added inline scanner and proxy scanner resources. ***Additional Info:*** Releated to go-sdk pull request lacework/go-sdk#1018 Signed-off-by: Salim Afiune Maya <afiune@lacework.net> Co-authored-by: credibleforce <jamiefrasermcmurray@gmail.com>
lacework · Dec 19, 2022 · d7e0074 · d7e0074
1 parent 2cf4309
commit d7e0074
Show file tree

Hide file tree

Showing 19 changed files with 845 additions and 14 deletions.
diff --git a/examples/resource_lacework_integration_inline_scanner/main.tf b/examples/resource_lacework_integration_inline_scanner/main.tf
@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    lacework = {
+      source = "lacework/lacework"
+    }
+  }
+}
+
+provider "lacework" {
+  profile = "snifftest-composite"
+}
+
+resource "lacework_integration_inline_scanner" "example" {
+  name = var.name
+
+  limit_num_scan = 60
+  identifier_tag {
+    key   = "foo"
+    value = "bar"
+  }
+}
+
+output "server_token" {
+  value = lacework_integration_inline_scanner.example.server_token
+}
diff --git a/examples/resource_lacework_integration_inline_scanner/variables.tf b/examples/resource_lacework_integration_inline_scanner/variables.tf
@@ -0,0 +1,4 @@
+variable "name" {
+  type    = string
+  default = "Inline Scanner Container Registry Example"
+}
diff --git a/examples/resource_lacework_integration_proxy_scanner/main.tf b/examples/resource_lacework_integration_proxy_scanner/main.tf
@@ -0,0 +1,28 @@
+terraform {
+  required_providers {
+    lacework = {
+      source = "lacework/lacework"
+    }
+  }
+}
+
+provider "lacework" {
+  profile = "snifftest-composite"
+}
+
+resource "lacework_integration_proxy_scanner" "example" {
+  name = var.name
+
+  limit_num_imgs        = 10
+  limit_by_tags         = ["dev*", "*test"]
+  limit_by_repositories = ["repo/my-image", "repo/other-image"]
+
+  limit_by_label {
+    key   = "foo"
+    value = "bar"
+  }
+}
+
+output "server_token" {
+  value = lacework_integration_proxy_scanner.example.server_token
+}
diff --git a/examples/resource_lacework_integration_proxy_scanner/variables.tf b/examples/resource_lacework_integration_proxy_scanner/variables.tf
@@ -0,0 +1,4 @@
+variable "name" {
+  type    = string
+  default = "Proxy Scanner Container Registry Example"
+}
diff --git a/go.mod b/go.mod
@@ -5,7 +5,7 @@ go 1.18
 require (
 	github.com/gruntwork-io/terratest v0.41.3
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1
-	github.com/lacework/go-sdk v1.1.2
+	github.com/lacework/go-sdk v1.1.3-0.20221214173411-1ec57f679902
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.8.1
 	golang.org/x/text v0.4.0

diff --git a/go.sum b/go.sum
@@ -210,8 +210,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/lacework/go-sdk v1.1.2 h1:OeB3wVi3J0fsgkUjYUHDayXIPy2TT24HWB8lYRxDTcI=
-github.com/lacework/go-sdk v1.1.2/go.mod h1:nxafgPT6NssbcHnm/bQxA1StOUKfcDBDOQAe6SFqK5g=
+github.com/lacework/go-sdk v1.1.3-0.20221214173411-1ec57f679902 h1:H9Ym77hZbqr/IttIKf0Z82Rwg5neKw1nVrdfVlq8jec=
+github.com/lacework/go-sdk v1.1.3-0.20221214173411-1ec57f679902/go.mod h1:nxafgPT6NssbcHnm/bQxA1StOUKfcDBDOQAe6SFqK5g=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=

diff --git a/integration/integration.go b/integration/integration.go
@@ -201,6 +201,30 @@ func GetContainerRegisteryGhcr(result string) api.GhcrIntegrationResponse {
 	return res
 }
 
+func GetContainerRegisteryInlineScanner(result string) api.InlineScannerIntegrationResponse {
+	id := GetIDFromTerraResults(result)
+
+	res, err := LwClient.V2.ContainerRegistries.GetInlineScanner(id)
+
+	if err != nil {
+		log.Fatalf("Unable to find integration id: %s\n Response: %v", id, res)
+	}
+
+	return res
+}
+
+func GetContainerRegisteryProxyScanner(result string) api.ProxyScannerIntegrationResponse {
+	id := GetIDFromTerraResults(result)
+
+	res, err := LwClient.V2.ContainerRegistries.GetProxyScanner(id)
+
+	if err != nil {
+		log.Fatalf("Unable to find integration id: %s\n Response: %v", id, res)
+	}
+
+	return res
+}
+
 func GetResourceGroupDescription(result string) string {
 	id := GetIDFromTerraResults(result)
 

diff --git a/integration/resource_lacework_integration_inline_scanner_test.go b/integration/resource_lacework_integration_inline_scanner_test.go
@@ -0,0 +1,47 @@
+package integration
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+// TestIntegrationInlineScannerCreate applies integration terraform:
+// => '../examples/resource_lacework_integration_inline_scanner'
+//
+// It uses the go-sdk to verify the created integration,
+// applies an update with new integration name and destroys it
+func TestIntegrationInlineScannerCreate(t *testing.T) {
+	integrationName := fmt.Sprintf("Inline Scanner Container Registry - %s", time.Now())
+
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: "../examples/resource_lacework_integration_inline_scanner",
+		EnvVars:      tokenEnvVar,
+		Vars: map[string]interface{}{
+			"name": integrationName,
+		},
+	})
+	defer terraform.Destroy(t, terraformOptions)
+
+	// Create new Inline Scanner Container Registry
+	create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
+	createData := GetContainerRegisteryInlineScanner(create)
+	assert.Equal(t, integrationName, createData.Data.Name)
+	assert.Equal(t, []map[string]string{{"foo": "bar"}}, createData.Data.Data.IdentifierTag)
+	assert.Equal(t, "60", createData.Data.Data.LimitNumScan)
+
+	// Update Inline Scanner Container Registry
+	terraformOptions.Vars["name"] = "Inline Scanner Container Registry Updated"
+
+	update := terraform.ApplyAndIdempotent(t, terraformOptions)
+	updateData := GetContainerRegisteryInlineScanner(update)
+	assert.Equal(t, "Inline Scanner Container Registry Updated", updateData.Data.Name)
+	assert.Equal(t, []map[string]string{{"foo": "bar"}}, createData.Data.Data.IdentifierTag)
+	assert.Equal(t, "60", createData.Data.Data.LimitNumScan)
+
+	server_token := terraform.Output(t, terraformOptions, "server_token")
+	assert.NotEmpty(t, server_token)
+}
diff --git a/integration/resource_lacework_integration_proxy_scanner_test.go b/integration/resource_lacework_integration_proxy_scanner_test.go
@@ -0,0 +1,53 @@
+package integration
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+// TestIntegrationProxyScannerCreate applies integration terraform:
+// => '../examples/resource_lacework_integration_inline_scanner'
+//
+// It uses the go-sdk to verify the created integration,
+// applies an update with new integration name and destroys it
+func TestIntegrationProxyScannerCreate(t *testing.T) {
+	integrationName := fmt.Sprintf("Proxy Scanner Container Registry - %s", time.Now())
+
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: "../examples/resource_lacework_integration_proxy_scanner",
+		EnvVars:      tokenEnvVar,
+		Vars: map[string]interface{}{
+			"name": integrationName,
+		},
+	})
+	defer terraform.Destroy(t, terraformOptions)
+
+	// Create new Proxy Scanner Container Registry
+	create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
+	createData := GetContainerRegisteryProxyScanner(create)
+	assert.Equal(t, integrationName, createData.Data.Name)
+	assert.Equal(t, 10, createData.Data.Data.LimitNumImg)
+	assert.Equal(t, []map[string]string{{"foo": "bar"}}, createData.Data.Data.LimitByLabel)
+	assert.Equal(t, []string{"dev*", "*test"}, createData.Data.Data.LimitByTag)
+	assert.Equal(t, []string{"repo/my-image", "repo/other-image"}, createData.Data.Data.LimitByRep)
+
+	// Update Proxy Scanner Container Registry
+	terraformOptions.Vars["name"] = "Proxy Scanner Container Registry Updated"
+
+	update := terraform.ApplyAndIdempotent(t, terraformOptions)
+	updateData := GetContainerRegisteryProxyScanner(update)
+	assert.Equal(t, "Proxy Scanner Container Registry Updated", updateData.Data.Name)
+	assert.Equal(t, 10, createData.Data.Data.LimitNumImg)
+	assert.Equal(t, []map[string]string{{"foo": "bar"}}, createData.Data.Data.LimitByLabel)
+	assert.Equal(t, []string{"dev*", "*test"}, createData.Data.Data.LimitByTag)
+	assert.Equal(t, []string{"repo/my-image", "repo/other-image"}, createData.Data.Data.LimitByRep)
+	assert.NotEmpty(t, createData.Data.ServerToken.ServerToken)
+	assert.NotEmpty(t, createData.Data.ServerToken.Uri)
+
+	server_token := terraform.Output(t, terraformOptions, "server_token")
+	assert.NotEmpty(t, server_token)
+}
diff --git a/lacework/provider.go b/lacework/provider.go
@@ -106,6 +106,8 @@ func Provider() *schema.Provider {
 			"lacework_integration_gar":                        resourceLaceworkIntegrationGar(),
 			"lacework_integration_gcr":                        resourceLaceworkIntegrationGcr(),
 			"lacework_integration_ghcr":                       resourceLaceworkIntegrationGhcr(),
+			"lacework_integration_inline_scanner":             resourceLaceworkIntegrationInlineScanner(),
+			"lacework_integration_proxy_scanner":              resourceLaceworkIntegrationProxyScanner(),
 			"lacework_query":                                  resourceLaceworkQuery(),
 			"lacework_policy":                                 resourceLaceworkPolicy(),
 			"lacework_policy_exception":                       resourceLaceworkPolicyException(),