provider/aws: Add Inspector Support (#11217)
* provider/aws: Add Inspector Support * inscrease time to 1 hour
This commit is contained in:
parent
8b1f9b5092
commit
05c83a3ca1
|
@ -42,6 +42,7 @@ import (
|
|||
"github.com/aws/aws-sdk-go/service/firehose"
|
||||
"github.com/aws/aws-sdk-go/service/glacier"
|
||||
"github.com/aws/aws-sdk-go/service/iam"
|
||||
"github.com/aws/aws-sdk-go/service/inspector"
|
||||
"github.com/aws/aws-sdk-go/service/kinesis"
|
||||
"github.com/aws/aws-sdk-go/service/kms"
|
||||
"github.com/aws/aws-sdk-go/service/lambda"
|
||||
|
@ -133,6 +134,7 @@ type AWSClient struct {
|
|||
kinesisconn *kinesis.Kinesis
|
||||
kmsconn *kms.KMS
|
||||
firehoseconn *firehose.Firehose
|
||||
inspectorconn *inspector.Inspector
|
||||
elasticacheconn *elasticache.ElastiCache
|
||||
elasticbeanstalkconn *elasticbeanstalk.ElasticBeanstalk
|
||||
elastictranscoderconn *elastictranscoder.ElasticTranscoder
|
||||
|
@ -282,6 +284,7 @@ func (c *Config) Client() (interface{}, error) {
|
|||
client.emrconn = emr.New(sess)
|
||||
client.esconn = elasticsearch.New(sess)
|
||||
client.firehoseconn = firehose.New(sess)
|
||||
client.inspectorconn = inspector.New(sess)
|
||||
client.glacierconn = glacier.New(sess)
|
||||
client.kinesisconn = kinesis.New(kinesisSess)
|
||||
client.kmsconn = kms.New(sess)
|
||||
|
|
|
@ -280,6 +280,9 @@ func Provider() terraform.ResourceProvider {
|
|||
"aws_iam_user_ssh_key": resourceAwsIamUserSshKey(),
|
||||
"aws_iam_user": resourceAwsIamUser(),
|
||||
"aws_iam_user_login_profile": resourceAwsIamUserLoginProfile(),
|
||||
"aws_inspector_assessment_target": resourceAWSInspectorAssessmentTarget(),
|
||||
"aws_inspector_assessment_template": resourceAWSInspectorAssessmentTemplate(),
|
||||
"aws_inspector_resource_group": resourceAWSInspectorResourceGroup(),
|
||||
"aws_instance": resourceAwsInstance(),
|
||||
"aws_internet_gateway": resourceAwsInternetGateway(),
|
||||
"aws_key_pair": resourceAwsKeyPair(),
|
||||
|
|
|
@ -0,0 +1,131 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"log"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/inspector"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
func resourceAWSInspectorAssessmentTarget() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceAwsInspectorAssessmentTargetCreate,
|
||||
Read: resourceAwsInspectorAssessmentTargetRead,
|
||||
Update: resourceAwsInspectorAssessmentTargetUpdate,
|
||||
Delete: resourceAwsInspectorAssessmentTargetDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
ForceNew: true,
|
||||
Required: true,
|
||||
},
|
||||
"arn": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"resource_group_arn": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceAwsInspectorAssessmentTargetCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).inspectorconn
|
||||
|
||||
targetName := d.Get("name").(string)
|
||||
resourceGroupArn := d.Get("resource_group_arn").(string)
|
||||
|
||||
resp, err := conn.CreateAssessmentTarget(&inspector.CreateAssessmentTargetInput{
|
||||
AssessmentTargetName: aws.String(targetName),
|
||||
ResourceGroupArn: aws.String(resourceGroupArn),
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
log.Printf("[DEBUG] Inspector Assessment %s created", *resp.AssessmentTargetArn)
|
||||
|
||||
d.Set("arn", resp.AssessmentTargetArn)
|
||||
d.SetId(*resp.AssessmentTargetArn)
|
||||
|
||||
return resourceAwsInspectorAssessmentTargetRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsInspectorAssessmentTargetRead(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).inspectorconn
|
||||
|
||||
resp, err := conn.DescribeAssessmentTargets(&inspector.DescribeAssessmentTargetsInput{
|
||||
AssessmentTargetArns: []*string{
|
||||
aws.String(d.Id()),
|
||||
},
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
|
||||
return nil
|
||||
} else {
|
||||
log.Printf("[ERROR] Error finding Inspector Assessment Target: %s", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if resp.AssessmentTargets != nil && len(resp.AssessmentTargets) > 0 {
|
||||
d.Set("name", resp.AssessmentTargets[0].Name)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceAwsInspectorAssessmentTargetUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).inspectorconn
|
||||
|
||||
input := inspector.UpdateAssessmentTargetInput{
|
||||
AssessmentTargetArn: aws.String(d.Id()),
|
||||
}
|
||||
|
||||
if d.HasChange("name") {
|
||||
_, n := d.GetChange("name")
|
||||
input.AssessmentTargetName = aws.String(n.(string))
|
||||
}
|
||||
|
||||
if d.HasChange("resource_group_arn") {
|
||||
_, n := d.GetChange("resource_group_arn")
|
||||
input.AssessmentTargetName = aws.String(n.(string))
|
||||
}
|
||||
|
||||
_, err := conn.UpdateAssessmentTarget(&input)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Println("[DEBUG] Inspector Assessment Target updated")
|
||||
|
||||
return resourceAwsInspectorAssessmentTargetRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsInspectorAssessmentTargetDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).inspectorconn
|
||||
|
||||
return resource.Retry(60*time.Minute, func() *resource.RetryError {
|
||||
_, err := conn.DeleteAssessmentTarget(&inspector.DeleteAssessmentTargetInput{
|
||||
AssessmentTargetArn: aws.String(d.Id()),
|
||||
})
|
||||
if err != nil {
|
||||
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "AssessmentRunInProgressException" {
|
||||
log.Printf("[ERROR] Assement Run in progress: %s", err)
|
||||
return resource.RetryableError(err)
|
||||
} else {
|
||||
log.Printf("[ERROR] Error deleting Assement Target: %s", err)
|
||||
return resource.NonRetryableError(err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
})
|
||||
|
||||
}
|
|
@ -0,0 +1,101 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/inspector"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccAWSInspectorTarget_basic(t *testing.T) {
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckAWSInspectorTargetAssessmentDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSInspectorTargetAssessment,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckAWSInspectorTargetExists("aws_inspector_assessment_target.foo"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccCheckAWSInspectorTargetAssessmentModified,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckAWSInspectorTargetExists("aws_inspector_assessment_target.foo"),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccCheckAWSInspectorTargetAssessmentDestroy(s *terraform.State) error {
|
||||
conn := testAccProvider.Meta().(*AWSClient).inspectorconn
|
||||
|
||||
for _, rs := range s.RootModule().Resources {
|
||||
if rs.Type != "aws_inspector_assessment_target" {
|
||||
continue
|
||||
}
|
||||
|
||||
resp, err := conn.DescribeAssessmentTargets(&inspector.DescribeAssessmentTargetsInput{
|
||||
AssessmentTargetArns: []*string{
|
||||
aws.String(rs.Primary.ID),
|
||||
},
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
|
||||
return nil
|
||||
} else {
|
||||
return fmt.Errorf("Error finding Inspector Assessment Target: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
if len(resp.AssessmentTargets) > 0 {
|
||||
return fmt.Errorf("Found Target, expected none: %s", resp)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func testAccCheckAWSInspectorTargetExists(name string) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
_, ok := s.RootModule().Resources[name]
|
||||
if !ok {
|
||||
return fmt.Errorf("Not found: %s", name)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
var testAccAWSInspectorTargetAssessment = `
|
||||
|
||||
resource "aws_inspector_resource_group" "foo" {
|
||||
tags {
|
||||
Name = "bar"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_inspector_assessment_target" "foo" {
|
||||
name = "foo"
|
||||
resource_group_arn = "${aws_inspector_resource_group.foo.arn}"
|
||||
}`
|
||||
|
||||
var testAccCheckAWSInspectorTargetAssessmentModified = `
|
||||
|
||||
resource "aws_inspector_resource_group" "foo" {
|
||||
tags {
|
||||
Name = "bar"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_inspector_assessment_target" "foo" {
|
||||
name = "bar"
|
||||
resource_group_arn = "${aws_inspector_resource_group.foo.arn}"
|
||||
}`
|
|
@ -0,0 +1,121 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/inspector"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
func resourceAWSInspectorAssessmentTemplate() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceAwsInspectorAssessmentTemplateCreate,
|
||||
Read: resourceAwsInspectorAssessmentTemplateRead,
|
||||
Delete: resourceAwsInspectorAssessmentTemplateDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
"target_arn": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
"arn": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
"duration": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
"rules_package_arns": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
Set: schema.HashString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceAwsInspectorAssessmentTemplateCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).inspectorconn
|
||||
|
||||
rules := []*string{}
|
||||
if attr := d.Get("rules_package_arns").(*schema.Set); attr.Len() > 0 {
|
||||
rules = expandStringList(attr.List())
|
||||
}
|
||||
|
||||
targetArn := d.Get("target_arn").(string)
|
||||
templateName := d.Get("name").(string)
|
||||
duration := int64(d.Get("duration").(int))
|
||||
|
||||
resp, err := conn.CreateAssessmentTemplate(&inspector.CreateAssessmentTemplateInput{
|
||||
AssessmentTargetArn: aws.String(targetArn),
|
||||
AssessmentTemplateName: aws.String(templateName),
|
||||
DurationInSeconds: aws.Int64(duration),
|
||||
RulesPackageArns: rules,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
log.Printf("[DEBUG] Inspector Assessment Template %s created", *resp.AssessmentTemplateArn)
|
||||
|
||||
d.Set("arn", resp.AssessmentTemplateArn)
|
||||
|
||||
d.SetId(*resp.AssessmentTemplateArn)
|
||||
|
||||
return resourceAwsInspectorAssessmentTemplateRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsInspectorAssessmentTemplateRead(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).inspectorconn
|
||||
|
||||
resp, err := conn.DescribeAssessmentTemplates(&inspector.DescribeAssessmentTemplatesInput{
|
||||
AssessmentTemplateArns: []*string{
|
||||
aws.String(d.Id()),
|
||||
},
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
|
||||
return nil
|
||||
} else {
|
||||
log.Printf("[ERROR] Error finding Inspector Assessment Template: %s", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if resp.AssessmentTemplates != nil && len(resp.AssessmentTemplates) > 0 {
|
||||
d.Set("name", resp.AssessmentTemplates[0].Name)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceAwsInspectorAssessmentTemplateDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).inspectorconn
|
||||
|
||||
_, err := conn.DeleteAssessmentTemplate(&inspector.DeleteAssessmentTemplateInput{
|
||||
AssessmentTemplateArn: aws.String(d.Id()),
|
||||
})
|
||||
if err != nil {
|
||||
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "AssessmentRunInProgressException" {
|
||||
log.Printf("[ERROR] Assement Run in progress: %s", err)
|
||||
return err
|
||||
} else {
|
||||
log.Printf("[ERROR] Error deleting Assement Template: %s", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,125 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/inspector"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccAWSInspectorTemplate_basic(t *testing.T) {
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckAWSInspectorTemplateDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSInspectorTemplateAssessment,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckAWSInspectorTemplateExists("aws_inspector_assessment_template.foo"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccCheckAWSInspectorTemplatetModified,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckAWSInspectorTargetExists("aws_inspector_assessment_template.foo"),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccCheckAWSInspectorTemplateDestroy(s *terraform.State) error {
|
||||
conn := testAccProvider.Meta().(*AWSClient).inspectorconn
|
||||
|
||||
for _, rs := range s.RootModule().Resources {
|
||||
if rs.Type != "aws_inspector_assessment_template" {
|
||||
continue
|
||||
}
|
||||
|
||||
resp, err := conn.DescribeAssessmentTemplates(&inspector.DescribeAssessmentTemplatesInput{
|
||||
AssessmentTemplateArns: []*string{
|
||||
aws.String(rs.Primary.ID),
|
||||
},
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
|
||||
return nil
|
||||
} else {
|
||||
return fmt.Errorf("Error finding Inspector Assessment Template: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
if len(resp.AssessmentTemplates) > 0 {
|
||||
return fmt.Errorf("Found Template, expected none: %s", resp)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func testAccCheckAWSInspectorTemplateExists(name string) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
_, ok := s.RootModule().Resources[name]
|
||||
if !ok {
|
||||
return fmt.Errorf("Not found: %s", name)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
var testAccAWSInspectorTemplateAssessment = `
|
||||
resource "aws_inspector_resource_group" "foo" {
|
||||
tags {
|
||||
Name = "bar"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_inspector_assessment_target" "foo" {
|
||||
name = "foo"
|
||||
resource_group_arn = "${aws_inspector_resource_group.foo.arn}"
|
||||
}
|
||||
|
||||
resource "aws_inspector_assessment_template" "foo" {
|
||||
name = "foo template"
|
||||
target_arn = "${aws_inspector_assessment_target.foo.arn}"
|
||||
duration = 3600
|
||||
|
||||
rules_package_arns = [
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p",
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc",
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ",
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD",
|
||||
]
|
||||
}`
|
||||
|
||||
var testAccCheckAWSInspectorTemplatetModified = `
|
||||
resource "aws_inspector_resource_group" "foo" {
|
||||
tags {
|
||||
Name = "bar"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_inspector_assessment_target" "foo" {
|
||||
name = "foo"
|
||||
resource_group_arn = "${aws_inspector_resource_group.foo.arn}"
|
||||
}
|
||||
|
||||
resource "aws_inspector_assessment_template" "foo" {
|
||||
name = "bar template"
|
||||
target_arn = "${aws_inspector_assessment_target.foo.arn}"
|
||||
duration = 3600
|
||||
|
||||
rules_package_arns = [
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p",
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc",
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ",
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD",
|
||||
]
|
||||
}`
|
|
@ -0,0 +1,76 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/inspector"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
func resourceAWSInspectorResourceGroup() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceAwsInspectorResourceGroupCreate,
|
||||
Read: resourceAwsInspectorResourceGroupRead,
|
||||
Delete: resourceAwsInspectorResourceGroupDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"tags": &schema.Schema{
|
||||
ForceNew: true,
|
||||
Type: schema.TypeMap,
|
||||
Required: true,
|
||||
},
|
||||
"arn": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceAwsInspectorResourceGroupCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).inspectorconn
|
||||
|
||||
resp, err := conn.CreateResourceGroup(&inspector.CreateResourceGroupInput{
|
||||
ResourceGroupTags: tagsFromMapInspector(d.Get("tags").(map[string]interface{})),
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
d.Set("arn", *resp.ResourceGroupArn)
|
||||
|
||||
d.SetId(*resp.ResourceGroupArn)
|
||||
|
||||
return resourceAwsInspectorResourceGroupRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsInspectorResourceGroupRead(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).inspectorconn
|
||||
|
||||
_, err := conn.DescribeResourceGroups(&inspector.DescribeResourceGroupsInput{
|
||||
ResourceGroupArns: []*string{
|
||||
aws.String(d.Id()),
|
||||
},
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
|
||||
return nil
|
||||
} else {
|
||||
log.Printf("[ERROR] Error finding Inspector resource group: %s", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceAwsInspectorResourceGroupDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
d.Set("arn", "")
|
||||
d.SetId("")
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,55 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccAWSInspectorResourceGroup_basic(t *testing.T) {
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSInspectorResourceGroup,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckAWSInspectorResourceGroupExists("aws_inspector_resource_group.foo"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccCheckAWSInspectorResourceGroupModified,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckAWSInspectorTargetExists("aws_inspector_resource_group.foo"),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccCheckAWSInspectorResourceGroupExists(name string) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
_, ok := s.RootModule().Resources[name]
|
||||
if !ok {
|
||||
return fmt.Errorf("Not found: %s", name)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
var testAccAWSInspectorResourceGroup = `
|
||||
resource "aws_inspector_resource_group" "foo" {
|
||||
tags {
|
||||
Name = "foo"
|
||||
}
|
||||
}`
|
||||
|
||||
var testAccCheckAWSInspectorResourceGroupModified = `
|
||||
resource "aws_inspector_resource_group" "foo" {
|
||||
tags {
|
||||
Name = "bar"
|
||||
}
|
||||
}`
|
|
@ -1649,3 +1649,11 @@ func normalizeJsonString(jsonString interface{}) (string, error) {
|
|||
bytes, _ := json.Marshal(j)
|
||||
return string(bytes[:]), nil
|
||||
}
|
||||
|
||||
func flattenInspectorTags(cfTags []*cloudformation.Tag) map[string]string {
|
||||
tags := make(map[string]string, len(cfTags))
|
||||
for _, t := range cfTags {
|
||||
tags[*t.Key] = *t.Value
|
||||
}
|
||||
return tags
|
||||
}
|
||||
|
|
|
@ -0,0 +1,74 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"log"
|
||||
"regexp"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/service/inspector"
|
||||
)
|
||||
|
||||
// diffTags takes our tags locally and the ones remotely and returns
|
||||
// the set of tags that must be created, and the set of tags that must
|
||||
// be destroyed.
|
||||
func diffTagsInspector(oldTags, newTags []*inspector.ResourceGroupTag) ([]*inspector.ResourceGroupTag, []*inspector.ResourceGroupTag) {
|
||||
// First, we're creating everything we have
|
||||
create := make(map[string]interface{})
|
||||
for _, t := range newTags {
|
||||
create[*t.Key] = *t.Value
|
||||
}
|
||||
|
||||
// Build the list of what to remove
|
||||
var remove []*inspector.ResourceGroupTag
|
||||
for _, t := range oldTags {
|
||||
old, ok := create[*t.Key]
|
||||
if !ok || old != *t.Value {
|
||||
// Delete it!
|
||||
remove = append(remove, t)
|
||||
}
|
||||
}
|
||||
|
||||
return tagsFromMapInspector(create), remove
|
||||
}
|
||||
|
||||
// tagsFromMap returns the tags for the given map of data.
|
||||
func tagsFromMapInspector(m map[string]interface{}) []*inspector.ResourceGroupTag {
|
||||
var result []*inspector.ResourceGroupTag
|
||||
for k, v := range m {
|
||||
t := &inspector.ResourceGroupTag{
|
||||
Key: aws.String(k),
|
||||
Value: aws.String(v.(string)),
|
||||
}
|
||||
if !tagIgnoredInspector(t) {
|
||||
result = append(result, t)
|
||||
}
|
||||
}
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
// tagsToMap turns the list of tags into a map.
|
||||
func tagsToMapInspector(ts []*inspector.ResourceGroupTag) map[string]string {
|
||||
result := make(map[string]string)
|
||||
for _, t := range ts {
|
||||
if !tagIgnoredInspector(t) {
|
||||
result[*t.Key] = *t.Value
|
||||
}
|
||||
}
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
// compare a tag against a list of strings and checks if it should
|
||||
// be ignored or not
|
||||
func tagIgnoredInspector(t *inspector.ResourceGroupTag) bool {
|
||||
filter := []string{"^aws:*"}
|
||||
for _, v := range filter {
|
||||
log.Printf("[DEBUG] Matching %v with %v\n", v, *t.Key)
|
||||
if r, _ := regexp.MatchString(v, *t.Key); r == true {
|
||||
log.Printf("[DEBUG] Found AWS specific tag %s (val: %s), ignoring.\n", *t.Key, *t.Value)
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,95 @@
|
|||
// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
|
||||
|
||||
package inspector
|
||||
|
||||
import (
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/client"
|
||||
"github.com/aws/aws-sdk-go/aws/client/metadata"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/aws/signer/v4"
|
||||
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
|
||||
)
|
||||
|
||||
// Amazon Inspector enables you to analyze the behavior of your AWS resources
|
||||
// and to identify potential security issues. For more information, see Amazon
|
||||
// Inspector User Guide (http://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html).
|
||||
// The service client's operations are safe to be used concurrently.
|
||||
// It is not safe to mutate any of the client's properties though.
|
||||
// Please also see https://docs.aws.amazon.com/goto/WebAPI/inspector-2016-02-16
|
||||
type Inspector struct {
|
||||
*client.Client
|
||||
}
|
||||
|
||||
// Used for custom client initialization logic
|
||||
var initClient func(*client.Client)
|
||||
|
||||
// Used for custom request initialization logic
|
||||
var initRequest func(*request.Request)
|
||||
|
||||
// Service information constants
|
||||
const (
|
||||
ServiceName = "inspector" // Service endpoint prefix API calls made to.
|
||||
EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata.
|
||||
)
|
||||
|
||||
// New creates a new instance of the Inspector client with a session.
|
||||
// If additional configuration is needed for the client instance use the optional
|
||||
// aws.Config parameter to add your extra config.
|
||||
//
|
||||
// Example:
|
||||
// // Create a Inspector client from just a session.
|
||||
// svc := inspector.New(mySession)
|
||||
//
|
||||
// // Create a Inspector client with additional configuration
|
||||
// svc := inspector.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
|
||||
func New(p client.ConfigProvider, cfgs ...*aws.Config) *Inspector {
|
||||
c := p.ClientConfig(EndpointsID, cfgs...)
|
||||
return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
|
||||
}
|
||||
|
||||
// newClient creates, initializes and returns a new service client instance.
|
||||
func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *Inspector {
|
||||
svc := &Inspector{
|
||||
Client: client.New(
|
||||
cfg,
|
||||
metadata.ClientInfo{
|
||||
ServiceName: ServiceName,
|
||||
SigningName: signingName,
|
||||
SigningRegion: signingRegion,
|
||||
Endpoint: endpoint,
|
||||
APIVersion: "2016-02-16",
|
||||
JSONVersion: "1.1",
|
||||
TargetPrefix: "InspectorService",
|
||||
},
|
||||
handlers,
|
||||
),
|
||||
}
|
||||
|
||||
// Handlers
|
||||
svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
|
||||
svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler)
|
||||
svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler)
|
||||
svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler)
|
||||
svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler)
|
||||
|
||||
// Run custom client initialization if present
|
||||
if initClient != nil {
|
||||
initClient(svc.Client)
|
||||
}
|
||||
|
||||
return svc
|
||||
}
|
||||
|
||||
// newRequest creates a new request for a Inspector operation and runs any
|
||||
// custom request initialization.
|
||||
func (c *Inspector) newRequest(op *request.Operation, params, data interface{}) *request.Request {
|
||||
req := c.NewRequest(op, params, data)
|
||||
|
||||
// Run custom request initialization if present
|
||||
if initRequest != nil {
|
||||
initRequest(req)
|
||||
}
|
||||
|
||||
return req
|
||||
}
|
|
@ -885,6 +885,12 @@
|
|||
"version": "v1.6.9",
|
||||
"versionExact": "v1.6.9"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "lL1vgSAaM89zLB0QBCwm2FnTzTw=",
|
||||
"path": "github.com/aws/aws-sdk-go/service/inspector",
|
||||
"revision": "8649d278323ebf6bd20c9cd56ecb152b1c617375",
|
||||
"revisionTime": "2017-01-04T18:16:48Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "TR063wmYitpnw1vXbwSlslbUOAA=",
|
||||
"path": "github.com/aws/aws-sdk-go/service/kinesis",
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
layout: "aws"
|
||||
page_title: "AWS: aws_inspector_assessment_target"
|
||||
sidebar_current: "docs-aws-resource-inspector-assessment-target"
|
||||
description: |\
|
||||
Provides a Inspector assessment target.
|
||||
---
|
||||
|
||||
# aws\_inspector\_assessment\_target
|
||||
|
||||
Provides a Inspector assessment target
|
||||
|
||||
## Example Usage
|
||||
|
||||
```
|
||||
resource "aws_inspector_resource_group" "bar" {
|
||||
tags {
|
||||
Name = "foo"
|
||||
Env = "bar"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_inspector_assessment_target" "foo" {
|
||||
name = "assessment target"
|
||||
resource_group_arn = "${aws_inspector_resource_group.bar.arn}"
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
* `name` - (Required) The name of the assessment target.
|
||||
* `resource_group_arn` (Required )- The resource group ARN stating tags for instance matching.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
The following attributes are exported:
|
||||
|
||||
* `arn` - The target assessment ARN.
|
|
@ -0,0 +1,43 @@
|
|||
---
|
||||
layout: "aws"
|
||||
page_title: "AWS: aws_inspector_assessment_template"
|
||||
sidebar_current: "docs-aws-resource-inspector-assessment-template"
|
||||
description: |\
|
||||
Provides a Inspector assessment template.
|
||||
---
|
||||
|
||||
# aws\_inspector\_assessment\_template
|
||||
|
||||
Provides a Inspector assessment template
|
||||
|
||||
## Example Usage
|
||||
|
||||
```
|
||||
resource "aws_inspector_assessment_template" "foo" {
|
||||
name = "bar template"
|
||||
target_arn = "${aws_inspector_assessment_target.foo.arn}"
|
||||
duration = 3600
|
||||
|
||||
rules_package_arns = [
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p",
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc",
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ",
|
||||
"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD",
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
* `name` - (Required) The name of the assessment template.
|
||||
* `target_arn` - (Required) The assessment target ARN to attach the template to.
|
||||
* `duration` - (Required) The duration of the inspector run.
|
||||
* `rules_package_arns` - (Required) The rules to be used during the run.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
The following attributes are exported:
|
||||
|
||||
* `arn` - The template assessment ARN.
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
layout: "aws"
|
||||
page_title: "AWS: aws_inspector_resource_group"
|
||||
sidebar_current: "docs-aws-resource-inspector-resource-group"
|
||||
description: |\
|
||||
Provides a Inspector resource group.
|
||||
---
|
||||
|
||||
# aws\_inspector\_resource\_group
|
||||
|
||||
Provides a Inspector assessment template
|
||||
|
||||
## Example Usage
|
||||
|
||||
```
|
||||
resource "aws_inspector_resource_group" "bar" {
|
||||
tags {
|
||||
Name = "foo"
|
||||
Env = "bar"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
* `tags` - (Required) The tags on your EC2 Instance.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
The following attributes are exported:
|
||||
|
||||
* `arn` - The resource group ARN.
|
|
@ -662,6 +662,25 @@
|
|||
</ul>
|
||||
</li>
|
||||
|
||||
<li<%= sidebar_current(/^docs-aws-resource-inspector/) %>>
|
||||
<a href="#">Inspector Resources</a>
|
||||
<ul class="nav nav-visible">
|
||||
|
||||
<li<%= sidebar_current("docs-aws-resource-inspector-assessment-target") %>>
|
||||
<a href="/docs/providers/aws/r/inspector_assessment_template.html">aws_inspector_assessment_target</a>
|
||||
</li>
|
||||
|
||||
<li<%= sidebar_current("docs-aws-resource-inspector-assessment-template") %>>
|
||||
<a href="/docs/providers/aws/r/inspector_assessment_template.html">aws_inspector_assessment_template</a>
|
||||
</li>
|
||||
|
||||
<li<%= sidebar_current("docs-aws-resource-inspector-resource-group") %>>
|
||||
<a href="/docs/providers/aws/r/inspector_resource_group.html">aws_inspector_resource_group</a>
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
|
||||
<li<%= sidebar_current(/^docs-aws-resource-kinesis/) %>>
|
||||
<a href="#">Kinesis Resources</a>
|
||||
|
|
Loading…
Reference in New Issue