Update GuardDuty resource to add Kubernetes audit log data source

.changelog/22859.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_guardduty_detector: Add `kubernetes` attribute to the `datasources` configuration block
+```

internal/service/guardduty/detector.go

@@ -59,6 +59,29 @@ func ResourceDetector() *schema.Resource {
 								},
 							},
 						},
+						"kubernetes": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Computed: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"audit_logs": {
+										Type:     schema.TypeList,
+										Required: true,
+										MaxItems: 1,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"enable": {
+													Type:     schema.TypeBool,
+													Required: true,
+												},
+											},
+										},
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -109,7 +132,7 @@ func resourceDetectorCreate(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[DEBUG] Creating GuardDuty Detector: %s", input)
 	output, err := conn.CreateDetector(&input)
 	if err != nil {
-		return fmt.Errorf("Creating GuardDuty Detector failed: %s", err.Error())
+		return fmt.Errorf("Creating GuardDuty Detector failed: %w", err)
 	}
 	d.SetId(aws.StringValue(output.DetectorId))
 
@@ -133,7 +156,7 @@ func resourceDetectorRead(d *schema.ResourceData, meta interface{}) error {
 			d.SetId("")
 			return nil
 		}
-		return fmt.Errorf("Reading GuardDuty Detector '%s' failed: %s", d.Id(), err.Error())
+		return fmt.Errorf("Reading GuardDuty Detector '%s' failed: %w", d.Id(), err)
 	}
 
 	arn := arn.ARN{
@@ -189,15 +212,15 @@ func resourceDetectorUpdate(d *schema.ResourceData, meta interface{}) error {
 		log.Printf("[DEBUG] Update GuardDuty Detector: %s", input)
 		_, err := conn.UpdateDetector(&input)
 		if err != nil {
-			return fmt.Errorf("Updating GuardDuty Detector '%s' failed: %s", d.Id(), err.Error())
+			return fmt.Errorf("Updating GuardDuty Detector '%s' failed: %w", d.Id(), err)
 		}
 	}
 
 	if d.HasChange("tags_all") {
 		o, n := d.GetChange("tags_all")
 
 		if err := UpdateTags(conn, d.Get("arn").(string), o, n); err != nil {
-			return fmt.Errorf("error updating GuardDuty Detector (%s) tags: %s", d.Get("arn").(string), err)
+			return fmt.Errorf("error updating GuardDuty Detector (%s) tags: %w", d.Get("arn").(string), err)
 		}
 	}
 
@@ -246,6 +269,9 @@ func expandDataSourceConfigurations(tfMap map[string]interface{}) *guardduty.Dat
 	if v, ok := tfMap["s3_logs"].([]interface{}); ok && len(v) > 0 {
 		apiObject.S3Logs = expandS3LogsConfiguration(v[0].(map[string]interface{}))
 	}
+	if v, ok := tfMap["kubernetes"].([]interface{}); ok && len(v) > 0 {
+		apiObject.Kubernetes = expandKubernetesConfiguration(v[0].(map[string]interface{}))
+	}
 
 	return apiObject
 }
@@ -264,6 +290,40 @@ func expandS3LogsConfiguration(tfMap map[string]interface{}) *guardduty.S3LogsCo
 	return apiObject
 }
 
+func expandKubernetesConfiguration(tfMap map[string]interface{}) *guardduty.KubernetesConfiguration {
+	if tfMap == nil {
+		return nil
+	}
+
+	l, ok := tfMap["audit_logs"].([]interface{})
+	if !ok || len(l) == 0 {
+		return nil
+	}
+
+	m, ok := l[0].(map[string]interface{})
+	if !ok {
+		return nil
+	}
+
+	return &guardduty.KubernetesConfiguration{
+		AuditLogs: expandKubernetesAuditLogsConfiguration(m),
+	}
+}
+
+func expandKubernetesAuditLogsConfiguration(tfMap map[string]interface{}) *guardduty.KubernetesAuditLogsConfiguration {
+	if tfMap == nil {
+		return nil
+	}
+
+	apiObject := &guardduty.KubernetesAuditLogsConfiguration{}
+
+	if v, ok := tfMap["enable"].(bool); ok {
+		apiObject.Enable = aws.Bool(v) // This can be flattened a ton
+	}
+
+	return apiObject
+}
+
 func flattenDataSourceConfigurationsResult(apiObject *guardduty.DataSourceConfigurationsResult) map[string]interface{} {
 	if apiObject == nil {
 		return nil
@@ -275,6 +335,10 @@ func flattenDataSourceConfigurationsResult(apiObject *guardduty.DataSourceConfig
 		tfMap["s3_logs"] = []interface{}{flattenS3LogsConfigurationResult(v)}
 	}
 
+	if v := apiObject.Kubernetes; v != nil {
+		tfMap["kubernetes"] = []interface{}{flattenKubernetesConfiguration(v)}
+	}
+
 	return tfMap
 }
 
@@ -291,3 +355,31 @@ func flattenS3LogsConfigurationResult(apiObject *guardduty.S3LogsConfigurationRe
 
 	return tfMap
 }
+
+func flattenKubernetesConfiguration(apiObject *guardduty.KubernetesConfigurationResult) map[string]interface{} {
+	if apiObject == nil {
+		return nil
+	}
+
+	tfMap := map[string]interface{}{}
+
+	if v := apiObject.AuditLogs; v != nil {
+		tfMap["audit_logs"] = []interface{}{flattenKubernetesAuditLogsConfiguration(v)}
+	}
+
+	return tfMap
+}
+
+func flattenKubernetesAuditLogsConfiguration(apiObject *guardduty.KubernetesAuditLogsConfigurationResult) map[string]interface{} {
+	if apiObject == nil {
+		return nil
+	}
+
+	tfMap := map[string]interface{}{}
+
+	if v := apiObject.Status; v != nil {
+		tfMap["enable"] = aws.StringValue(v) == guardduty.DataSourceStatusEnabled
+	}
+
+	return tfMap
+}