provider/aws: Add Inspector Support (#11217)

* provider/aws: Add Inspector Support

* inscrease time to 1 hour
This commit is contained in:
David Blooman 2017-01-17 17:30:46 +00:00 committed by Paul Stack
parent 8b1f9b5092
commit 05c83a3ca1
17 changed files with 8464 additions and 0 deletions

View File

@ -42,6 +42,7 @@ import (
"github.com/aws/aws-sdk-go/service/firehose"
"github.com/aws/aws-sdk-go/service/glacier"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/inspector"
"github.com/aws/aws-sdk-go/service/kinesis"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/aws/aws-sdk-go/service/lambda"
@ -133,6 +134,7 @@ type AWSClient struct {
kinesisconn *kinesis.Kinesis
kmsconn *kms.KMS
firehoseconn *firehose.Firehose
inspectorconn *inspector.Inspector
elasticacheconn *elasticache.ElastiCache
elasticbeanstalkconn *elasticbeanstalk.ElasticBeanstalk
elastictranscoderconn *elastictranscoder.ElasticTranscoder
@ -282,6 +284,7 @@ func (c *Config) Client() (interface{}, error) {
client.emrconn = emr.New(sess)
client.esconn = elasticsearch.New(sess)
client.firehoseconn = firehose.New(sess)
client.inspectorconn = inspector.New(sess)
client.glacierconn = glacier.New(sess)
client.kinesisconn = kinesis.New(kinesisSess)
client.kmsconn = kms.New(sess)

View File

@ -280,6 +280,9 @@ func Provider() terraform.ResourceProvider {
"aws_iam_user_ssh_key": resourceAwsIamUserSshKey(),
"aws_iam_user": resourceAwsIamUser(),
"aws_iam_user_login_profile": resourceAwsIamUserLoginProfile(),
"aws_inspector_assessment_target": resourceAWSInspectorAssessmentTarget(),
"aws_inspector_assessment_template": resourceAWSInspectorAssessmentTemplate(),
"aws_inspector_resource_group": resourceAWSInspectorResourceGroup(),
"aws_instance": resourceAwsInstance(),
"aws_internet_gateway": resourceAwsInternetGateway(),
"aws_key_pair": resourceAwsKeyPair(),

View File

@ -0,0 +1,131 @@
package aws
import (
"log"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/inspector"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAWSInspectorAssessmentTarget() *schema.Resource {
return &schema.Resource{
Create: resourceAwsInspectorAssessmentTargetCreate,
Read: resourceAwsInspectorAssessmentTargetRead,
Update: resourceAwsInspectorAssessmentTargetUpdate,
Delete: resourceAwsInspectorAssessmentTargetDelete,
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
ForceNew: true,
Required: true,
},
"arn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
"resource_group_arn": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
},
}
}
func resourceAwsInspectorAssessmentTargetCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).inspectorconn
targetName := d.Get("name").(string)
resourceGroupArn := d.Get("resource_group_arn").(string)
resp, err := conn.CreateAssessmentTarget(&inspector.CreateAssessmentTargetInput{
AssessmentTargetName: aws.String(targetName),
ResourceGroupArn: aws.String(resourceGroupArn),
})
if err != nil {
return err
}
log.Printf("[DEBUG] Inspector Assessment %s created", *resp.AssessmentTargetArn)
d.Set("arn", resp.AssessmentTargetArn)
d.SetId(*resp.AssessmentTargetArn)
return resourceAwsInspectorAssessmentTargetRead(d, meta)
}
func resourceAwsInspectorAssessmentTargetRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).inspectorconn
resp, err := conn.DescribeAssessmentTargets(&inspector.DescribeAssessmentTargetsInput{
AssessmentTargetArns: []*string{
aws.String(d.Id()),
},
})
if err != nil {
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
return nil
} else {
log.Printf("[ERROR] Error finding Inspector Assessment Target: %s", err)
return err
}
}
if resp.AssessmentTargets != nil && len(resp.AssessmentTargets) > 0 {
d.Set("name", resp.AssessmentTargets[0].Name)
}
return nil
}
func resourceAwsInspectorAssessmentTargetUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).inspectorconn
input := inspector.UpdateAssessmentTargetInput{
AssessmentTargetArn: aws.String(d.Id()),
}
if d.HasChange("name") {
_, n := d.GetChange("name")
input.AssessmentTargetName = aws.String(n.(string))
}
if d.HasChange("resource_group_arn") {
_, n := d.GetChange("resource_group_arn")
input.AssessmentTargetName = aws.String(n.(string))
}
_, err := conn.UpdateAssessmentTarget(&input)
if err != nil {
return err
}
log.Println("[DEBUG] Inspector Assessment Target updated")
return resourceAwsInspectorAssessmentTargetRead(d, meta)
}
func resourceAwsInspectorAssessmentTargetDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).inspectorconn
return resource.Retry(60*time.Minute, func() *resource.RetryError {
_, err := conn.DeleteAssessmentTarget(&inspector.DeleteAssessmentTargetInput{
AssessmentTargetArn: aws.String(d.Id()),
})
if err != nil {
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "AssessmentRunInProgressException" {
log.Printf("[ERROR] Assement Run in progress: %s", err)
return resource.RetryableError(err)
} else {
log.Printf("[ERROR] Error deleting Assement Target: %s", err)
return resource.NonRetryableError(err)
}
}
return nil
})
}

View File

@ -0,0 +1,101 @@
package aws
import (
"fmt"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/inspector"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSInspectorTarget_basic(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSInspectorTargetAssessmentDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSInspectorTargetAssessment,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSInspectorTargetExists("aws_inspector_assessment_target.foo"),
),
},
resource.TestStep{
Config: testAccCheckAWSInspectorTargetAssessmentModified,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSInspectorTargetExists("aws_inspector_assessment_target.foo"),
),
},
},
})
}
func testAccCheckAWSInspectorTargetAssessmentDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).inspectorconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_inspector_assessment_target" {
continue
}
resp, err := conn.DescribeAssessmentTargets(&inspector.DescribeAssessmentTargetsInput{
AssessmentTargetArns: []*string{
aws.String(rs.Primary.ID),
},
})
if err != nil {
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
return nil
} else {
return fmt.Errorf("Error finding Inspector Assessment Target: %s", err)
}
}
if len(resp.AssessmentTargets) > 0 {
return fmt.Errorf("Found Target, expected none: %s", resp)
}
}
return nil
}
func testAccCheckAWSInspectorTargetExists(name string) resource.TestCheckFunc {
return func(s *terraform.State) error {
_, ok := s.RootModule().Resources[name]
if !ok {
return fmt.Errorf("Not found: %s", name)
}
return nil
}
}
var testAccAWSInspectorTargetAssessment = `
resource "aws_inspector_resource_group" "foo" {
tags {
Name = "bar"
}
}
resource "aws_inspector_assessment_target" "foo" {
name = "foo"
resource_group_arn = "${aws_inspector_resource_group.foo.arn}"
}`
var testAccCheckAWSInspectorTargetAssessmentModified = `
resource "aws_inspector_resource_group" "foo" {
tags {
Name = "bar"
}
}
resource "aws_inspector_assessment_target" "foo" {
name = "bar"
resource_group_arn = "${aws_inspector_resource_group.foo.arn}"
}`

View File

@ -0,0 +1,121 @@
package aws
import (
"log"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/inspector"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAWSInspectorAssessmentTemplate() *schema.Resource {
return &schema.Resource{
Create: resourceAwsInspectorAssessmentTemplateCreate,
Read: resourceAwsInspectorAssessmentTemplateRead,
Delete: resourceAwsInspectorAssessmentTemplateDelete,
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"target_arn": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"arn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
ForceNew: true,
},
"duration": &schema.Schema{
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"rules_package_arns": &schema.Schema{
Type: schema.TypeSet,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
Required: true,
ForceNew: true,
},
},
}
}
func resourceAwsInspectorAssessmentTemplateCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).inspectorconn
rules := []*string{}
if attr := d.Get("rules_package_arns").(*schema.Set); attr.Len() > 0 {
rules = expandStringList(attr.List())
}
targetArn := d.Get("target_arn").(string)
templateName := d.Get("name").(string)
duration := int64(d.Get("duration").(int))
resp, err := conn.CreateAssessmentTemplate(&inspector.CreateAssessmentTemplateInput{
AssessmentTargetArn: aws.String(targetArn),
AssessmentTemplateName: aws.String(templateName),
DurationInSeconds: aws.Int64(duration),
RulesPackageArns: rules,
})
if err != nil {
return err
}
log.Printf("[DEBUG] Inspector Assessment Template %s created", *resp.AssessmentTemplateArn)
d.Set("arn", resp.AssessmentTemplateArn)
d.SetId(*resp.AssessmentTemplateArn)
return resourceAwsInspectorAssessmentTemplateRead(d, meta)
}
func resourceAwsInspectorAssessmentTemplateRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).inspectorconn
resp, err := conn.DescribeAssessmentTemplates(&inspector.DescribeAssessmentTemplatesInput{
AssessmentTemplateArns: []*string{
aws.String(d.Id()),
},
},
)
if err != nil {
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
return nil
} else {
log.Printf("[ERROR] Error finding Inspector Assessment Template: %s", err)
return err
}
}
if resp.AssessmentTemplates != nil && len(resp.AssessmentTemplates) > 0 {
d.Set("name", resp.AssessmentTemplates[0].Name)
}
return nil
}
func resourceAwsInspectorAssessmentTemplateDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).inspectorconn
_, err := conn.DeleteAssessmentTemplate(&inspector.DeleteAssessmentTemplateInput{
AssessmentTemplateArn: aws.String(d.Id()),
})
if err != nil {
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "AssessmentRunInProgressException" {
log.Printf("[ERROR] Assement Run in progress: %s", err)
return err
} else {
log.Printf("[ERROR] Error deleting Assement Template: %s", err)
return err
}
}
return nil
}

View File

@ -0,0 +1,125 @@
package aws
import (
"fmt"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/inspector"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSInspectorTemplate_basic(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSInspectorTemplateDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSInspectorTemplateAssessment,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSInspectorTemplateExists("aws_inspector_assessment_template.foo"),
),
},
resource.TestStep{
Config: testAccCheckAWSInspectorTemplatetModified,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSInspectorTargetExists("aws_inspector_assessment_template.foo"),
),
},
},
})
}
func testAccCheckAWSInspectorTemplateDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).inspectorconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_inspector_assessment_template" {
continue
}
resp, err := conn.DescribeAssessmentTemplates(&inspector.DescribeAssessmentTemplatesInput{
AssessmentTemplateArns: []*string{
aws.String(rs.Primary.ID),
},
})
if err != nil {
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
return nil
} else {
return fmt.Errorf("Error finding Inspector Assessment Template: %s", err)
}
}
if len(resp.AssessmentTemplates) > 0 {
return fmt.Errorf("Found Template, expected none: %s", resp)
}
}
return nil
}
func testAccCheckAWSInspectorTemplateExists(name string) resource.TestCheckFunc {
return func(s *terraform.State) error {
_, ok := s.RootModule().Resources[name]
if !ok {
return fmt.Errorf("Not found: %s", name)
}
return nil
}
}
var testAccAWSInspectorTemplateAssessment = `
resource "aws_inspector_resource_group" "foo" {
tags {
Name = "bar"
}
}
resource "aws_inspector_assessment_target" "foo" {
name = "foo"
resource_group_arn = "${aws_inspector_resource_group.foo.arn}"
}
resource "aws_inspector_assessment_template" "foo" {
name = "foo template"
target_arn = "${aws_inspector_assessment_target.foo.arn}"
duration = 3600
rules_package_arns = [
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p",
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc",
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ",
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD",
]
}`
var testAccCheckAWSInspectorTemplatetModified = `
resource "aws_inspector_resource_group" "foo" {
tags {
Name = "bar"
}
}
resource "aws_inspector_assessment_target" "foo" {
name = "foo"
resource_group_arn = "${aws_inspector_resource_group.foo.arn}"
}
resource "aws_inspector_assessment_template" "foo" {
name = "bar template"
target_arn = "${aws_inspector_assessment_target.foo.arn}"
duration = 3600
rules_package_arns = [
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p",
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc",
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ",
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD",
]
}`

View File

@ -0,0 +1,76 @@
package aws
import (
"log"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/inspector"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAWSInspectorResourceGroup() *schema.Resource {
return &schema.Resource{
Create: resourceAwsInspectorResourceGroupCreate,
Read: resourceAwsInspectorResourceGroupRead,
Delete: resourceAwsInspectorResourceGroupDelete,
Schema: map[string]*schema.Schema{
"tags": &schema.Schema{
ForceNew: true,
Type: schema.TypeMap,
Required: true,
},
"arn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
},
}
}
func resourceAwsInspectorResourceGroupCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).inspectorconn
resp, err := conn.CreateResourceGroup(&inspector.CreateResourceGroupInput{
ResourceGroupTags: tagsFromMapInspector(d.Get("tags").(map[string]interface{})),
})
if err != nil {
return err
}
d.Set("arn", *resp.ResourceGroupArn)
d.SetId(*resp.ResourceGroupArn)
return resourceAwsInspectorResourceGroupRead(d, meta)
}
func resourceAwsInspectorResourceGroupRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).inspectorconn
_, err := conn.DescribeResourceGroups(&inspector.DescribeResourceGroupsInput{
ResourceGroupArns: []*string{
aws.String(d.Id()),
},
})
if err != nil {
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
return nil
} else {
log.Printf("[ERROR] Error finding Inspector resource group: %s", err)
return err
}
}
return nil
}
func resourceAwsInspectorResourceGroupDelete(d *schema.ResourceData, meta interface{}) error {
d.Set("arn", "")
d.SetId("")
return nil
}

View File

@ -0,0 +1,55 @@
package aws
import (
"fmt"
"testing"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSInspectorResourceGroup_basic(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSInspectorResourceGroup,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSInspectorResourceGroupExists("aws_inspector_resource_group.foo"),
),
},
resource.TestStep{
Config: testAccCheckAWSInspectorResourceGroupModified,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSInspectorTargetExists("aws_inspector_resource_group.foo"),
),
},
},
})
}
func testAccCheckAWSInspectorResourceGroupExists(name string) resource.TestCheckFunc {
return func(s *terraform.State) error {
_, ok := s.RootModule().Resources[name]
if !ok {
return fmt.Errorf("Not found: %s", name)
}
return nil
}
}
var testAccAWSInspectorResourceGroup = `
resource "aws_inspector_resource_group" "foo" {
tags {
Name = "foo"
}
}`
var testAccCheckAWSInspectorResourceGroupModified = `
resource "aws_inspector_resource_group" "foo" {
tags {
Name = "bar"
}
}`

View File

@ -1649,3 +1649,11 @@ func normalizeJsonString(jsonString interface{}) (string, error) {
bytes, _ := json.Marshal(j)
return string(bytes[:]), nil
}
func flattenInspectorTags(cfTags []*cloudformation.Tag) map[string]string {
tags := make(map[string]string, len(cfTags))
for _, t := range cfTags {
tags[*t.Key] = *t.Value
}
return tags
}

View File

@ -0,0 +1,74 @@
package aws
import (
"log"
"regexp"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/inspector"
)
// diffTags takes our tags locally and the ones remotely and returns
// the set of tags that must be created, and the set of tags that must
// be destroyed.
func diffTagsInspector(oldTags, newTags []*inspector.ResourceGroupTag) ([]*inspector.ResourceGroupTag, []*inspector.ResourceGroupTag) {
// First, we're creating everything we have
create := make(map[string]interface{})
for _, t := range newTags {
create[*t.Key] = *t.Value
}
// Build the list of what to remove
var remove []*inspector.ResourceGroupTag
for _, t := range oldTags {
old, ok := create[*t.Key]
if !ok || old != *t.Value {
// Delete it!
remove = append(remove, t)
}
}
return tagsFromMapInspector(create), remove
}
// tagsFromMap returns the tags for the given map of data.
func tagsFromMapInspector(m map[string]interface{}) []*inspector.ResourceGroupTag {
var result []*inspector.ResourceGroupTag
for k, v := range m {
t := &inspector.ResourceGroupTag{
Key: aws.String(k),
Value: aws.String(v.(string)),
}
if !tagIgnoredInspector(t) {
result = append(result, t)
}
}
return result
}
// tagsToMap turns the list of tags into a map.
func tagsToMapInspector(ts []*inspector.ResourceGroupTag) map[string]string {
result := make(map[string]string)
for _, t := range ts {
if !tagIgnoredInspector(t) {
result[*t.Key] = *t.Value
}
}
return result
}
// compare a tag against a list of strings and checks if it should
// be ignored or not
func tagIgnoredInspector(t *inspector.ResourceGroupTag) bool {
filter := []string{"^aws:*"}
for _, v := range filter {
log.Printf("[DEBUG] Matching %v with %v\n", v, *t.Key)
if r, _ := regexp.MatchString(v, *t.Key); r == true {
log.Printf("[DEBUG] Found AWS specific tag %s (val: %s), ignoring.\n", *t.Key, *t.Value)
return true
}
}
return false
}

7530
vendor/github.com/aws/aws-sdk-go/service/inspector/api.go generated vendored Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,95 @@
// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
package inspector
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/client/metadata"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/aws/signer/v4"
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)
// Amazon Inspector enables you to analyze the behavior of your AWS resources
// and to identify potential security issues. For more information, see Amazon
// Inspector User Guide (http://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html).
// The service client's operations are safe to be used concurrently.
// It is not safe to mutate any of the client's properties though.
// Please also see https://docs.aws.amazon.com/goto/WebAPI/inspector-2016-02-16
type Inspector struct {
*client.Client
}
// Used for custom client initialization logic
var initClient func(*client.Client)
// Used for custom request initialization logic
var initRequest func(*request.Request)
// Service information constants
const (
ServiceName = "inspector" // Service endpoint prefix API calls made to.
EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata.
)
// New creates a new instance of the Inspector client with a session.
// If additional configuration is needed for the client instance use the optional
// aws.Config parameter to add your extra config.
//
// Example:
// // Create a Inspector client from just a session.
// svc := inspector.New(mySession)
//
// // Create a Inspector client with additional configuration
// svc := inspector.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *Inspector {
c := p.ClientConfig(EndpointsID, cfgs...)
return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
}
// newClient creates, initializes and returns a new service client instance.
func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *Inspector {
svc := &Inspector{
Client: client.New(
cfg,
metadata.ClientInfo{
ServiceName: ServiceName,
SigningName: signingName,
SigningRegion: signingRegion,
Endpoint: endpoint,
APIVersion: "2016-02-16",
JSONVersion: "1.1",
TargetPrefix: "InspectorService",
},
handlers,
),
}
// Handlers
svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler)
svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler)
svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler)
svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler)
// Run custom client initialization if present
if initClient != nil {
initClient(svc.Client)
}
return svc
}
// newRequest creates a new request for a Inspector operation and runs any
// custom request initialization.
func (c *Inspector) newRequest(op *request.Operation, params, data interface{}) *request.Request {
req := c.NewRequest(op, params, data)
// Run custom request initialization if present
if initRequest != nil {
initRequest(req)
}
return req
}

6
vendor/vendor.json vendored
View File

@ -885,6 +885,12 @@
"version": "v1.6.9",
"versionExact": "v1.6.9"
},
{
"checksumSHA1": "lL1vgSAaM89zLB0QBCwm2FnTzTw=",
"path": "github.com/aws/aws-sdk-go/service/inspector",
"revision": "8649d278323ebf6bd20c9cd56ecb152b1c617375",
"revisionTime": "2017-01-04T18:16:48Z"
},
{
"checksumSHA1": "TR063wmYitpnw1vXbwSlslbUOAA=",
"path": "github.com/aws/aws-sdk-go/service/kinesis",

View File

@ -0,0 +1,40 @@
---
layout: "aws"
page_title: "AWS: aws_inspector_assessment_target"
sidebar_current: "docs-aws-resource-inspector-assessment-target"
description: |\
Provides a Inspector assessment target.
---
# aws\_inspector\_assessment\_target
Provides a Inspector assessment target
## Example Usage
```
resource "aws_inspector_resource_group" "bar" {
tags {
Name = "foo"
Env = "bar"
}
}
resource "aws_inspector_assessment_target" "foo" {
name = "assessment target"
resource_group_arn = "${aws_inspector_resource_group.bar.arn}"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the assessment target.
* `resource_group_arn` (Required )- The resource group ARN stating tags for instance matching.
## Attributes Reference
The following attributes are exported:
* `arn` - The target assessment ARN.

View File

@ -0,0 +1,43 @@
---
layout: "aws"
page_title: "AWS: aws_inspector_assessment_template"
sidebar_current: "docs-aws-resource-inspector-assessment-template"
description: |\
Provides a Inspector assessment template.
---
# aws\_inspector\_assessment\_template
Provides a Inspector assessment template
## Example Usage
```
resource "aws_inspector_assessment_template" "foo" {
name = "bar template"
target_arn = "${aws_inspector_assessment_target.foo.arn}"
duration = 3600
rules_package_arns = [
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p",
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc",
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ",
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD",
]
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the assessment template.
* `target_arn` - (Required) The assessment target ARN to attach the template to.
* `duration` - (Required) The duration of the inspector run.
* `rules_package_arns` - (Required) The rules to be used during the run.
## Attributes Reference
The following attributes are exported:
* `arn` - The template assessment ARN.

View File

@ -0,0 +1,34 @@
---
layout: "aws"
page_title: "AWS: aws_inspector_resource_group"
sidebar_current: "docs-aws-resource-inspector-resource-group"
description: |\
Provides a Inspector resource group.
---
# aws\_inspector\_resource\_group
Provides a Inspector assessment template
## Example Usage
```
resource "aws_inspector_resource_group" "bar" {
tags {
Name = "foo"
Env = "bar"
}
}
```
## Argument Reference
The following arguments are supported:
* `tags` - (Required) The tags on your EC2 Instance.
## Attributes Reference
The following attributes are exported:
* `arn` - The resource group ARN.

View File

@ -662,6 +662,25 @@
</ul>
</li>
<li<%= sidebar_current(/^docs-aws-resource-inspector/) %>>
<a href="#">Inspector Resources</a>
<ul class="nav nav-visible">
<li<%= sidebar_current("docs-aws-resource-inspector-assessment-target") %>>
<a href="/docs/providers/aws/r/inspector_assessment_template.html">aws_inspector_assessment_target</a>
</li>
<li<%= sidebar_current("docs-aws-resource-inspector-assessment-template") %>>
<a href="/docs/providers/aws/r/inspector_assessment_template.html">aws_inspector_assessment_template</a>
</li>
<li<%= sidebar_current("docs-aws-resource-inspector-resource-group") %>>
<a href="/docs/providers/aws/r/inspector_resource_group.html">aws_inspector_resource_group</a>
</li>
</ul>
</li>
<li<%= sidebar_current(/^docs-aws-resource-kinesis/) %>>
<a href="#">Kinesis Resources</a>