From 85370aa7df77050f76dd3548f0c04d18b40df70c Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 29 Jan 2018 11:17:22 +0100 Subject: [PATCH 1/6] Add rules packages datasource This add the rules packages datasource to retrieve all the available AWS inspector rules packages for your region --- aws/data_source_aws_rules_packages.go | 57 +++++++++++++++ aws/data_source_aws_rules_packages_test.go | 81 ++++++++++++++++++++++ aws/provider.go | 1 + 3 files changed, 139 insertions(+) create mode 100644 aws/data_source_aws_rules_packages.go create mode 100644 aws/data_source_aws_rules_packages_test.go diff --git a/aws/data_source_aws_rules_packages.go b/aws/data_source_aws_rules_packages.go new file mode 100644 index 00000000000..6a1fd9a4ebf --- /dev/null +++ b/aws/data_source_aws_rules_packages.go @@ -0,0 +1,57 @@ +package aws + +import ( + "fmt" + "log" + "sort" + + "github.com/aws/aws-sdk-go/service/inspector" + "github.com/hashicorp/terraform/helper/schema" +) + +func dataSourceAwsRulesPackages() *schema.Resource { + return &schema.Resource{ + Read: dataSourceAwsRulesPackagesRead, + + Schema: map[string]*schema.Schema{ + "arns": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + } +} + +func dataSourceAwsRulesPackagesRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).inspectorconn + + log.Printf("[DEBUG] Reading Rules Packages.") + + var results int64 = 300 + request := &inspector.ListRulesPackagesInput{ + MaxResults: &results, + } + + log.Printf("[DEBUG] Reading Rules Packages: %s", request) + + resp, err := conn.ListRulesPackages(request) + if err != nil { + return fmt.Errorf("Error fetching Rules Packages: %s", err) + } + + raw := make([]string, len(resp.RulesPackageArns)) + for i, v := range resp.RulesPackageArns { + raw[i] = *v + } + + sort.Strings(raw) + + log.Printf("[DEBUG] Output is: %s", raw) + + if err := d.Set("arns", raw); err != nil { + return fmt.Errorf("[WARN] Error setting Rules Packages: %s", err) + } + + return nil +} diff --git a/aws/data_source_aws_rules_packages_test.go b/aws/data_source_aws_rules_packages_test.go new file mode 100644 index 00000000000..634c99fd766 --- /dev/null +++ b/aws/data_source_aws_rules_packages_test.go @@ -0,0 +1,81 @@ +package aws + +import ( + "fmt" + "reflect" + "sort" + "strconv" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAWSRulesPackages_basic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckAwsRulesPackagesConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsRulesPackagesMeta("data.aws_rules_packages.aws_rules_packages"), + ), + }, + }, + }) +} + +func testAccCheckAwsRulesPackagesMeta(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Can't find Tules Packages resource: %s", n) + } + + fmt.Printf("%s", rs) + + if rs.Primary.ID == "" { + return fmt.Errorf("Rules Packages resource ID not set.") + } + + actual, err := testAccCheckAwsRulesPackagesBuildAvailable(rs.Primary.Attributes) + if err != nil { + return err + } + + expected := actual + sort.Strings(expected) + if reflect.DeepEqual(expected, actual) != true { + return fmt.Errorf("Rules Packages not sorted - expected %v, got %v", expected, actual) + } + return nil + } +} + +func testAccCheckAwsRulesPackagesBuildAvailable(attrs map[string]string) ([]string, error) { + v, ok := attrs["arns.#"] + if !ok { + return nil, fmt.Errorf("Available Rules Packages list is missing.") + } + qty, err := strconv.Atoi(v) + if err != nil { + return nil, err + } + if qty < 1 { + return nil, fmt.Errorf("No Rules Packages found in region, this is probably a bug.") + } + packages := make([]string, qty) + for n := range packages { + zone, ok := attrs["arns."+strconv.Itoa(n)] + if !ok { + return nil, fmt.Errorf("Rules Packages list corrupt, this is definitely a bug.") + } + packages[n] = zone + } + return packages, nil +} + +const testAccCheckAwsRulesPackagesConfig = ` +data "aws_rules_packages" "rules_packages" { } +` diff --git a/aws/provider.go b/aws/provider.go index 81a1dc110aa..6d8299cd4b9 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -214,6 +214,7 @@ func Provider() terraform.ResourceProvider { "aws_region": dataSourceAwsRegion(), "aws_route_table": dataSourceAwsRouteTable(), "aws_route53_zone": dataSourceAwsRoute53Zone(), + "aws_rules_packages": dataSourceAwsRulesPackages(), "aws_s3_bucket": dataSourceAwsS3Bucket(), "aws_s3_bucket_object": dataSourceAwsS3BucketObject(), "aws_sns_topic": dataSourceAwsSnsTopic(), From 5f8b98d182574eeb5c453efa36e54c1c82978b63 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 29 Jan 2018 11:29:29 +0100 Subject: [PATCH 2/6] Fix little bug --- aws/data_source_aws_rules_packages.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws/data_source_aws_rules_packages.go b/aws/data_source_aws_rules_packages.go index 6a1fd9a4ebf..471ef55f851 100644 --- a/aws/data_source_aws_rules_packages.go +++ b/aws/data_source_aws_rules_packages.go @@ -4,6 +4,7 @@ import ( "fmt" "log" "sort" + "time" "github.com/aws/aws-sdk-go/service/inspector" "github.com/hashicorp/terraform/helper/schema" @@ -27,6 +28,7 @@ func dataSourceAwsRulesPackagesRead(d *schema.ResourceData, meta interface{}) er conn := meta.(*AWSClient).inspectorconn log.Printf("[DEBUG] Reading Rules Packages.") + d.SetId(time.Now().UTC().String()) var results int64 = 300 request := &inspector.ListRulesPackagesInput{ @@ -47,8 +49,6 @@ func dataSourceAwsRulesPackagesRead(d *schema.ResourceData, meta interface{}) er sort.Strings(raw) - log.Printf("[DEBUG] Output is: %s", raw) - if err := d.Set("arns", raw); err != nil { return fmt.Errorf("[WARN] Error setting Rules Packages: %s", err) } From 02835c99cec9151fcdcd0d4016c517e8649fbcb8 Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 12 Feb 2018 08:53:50 +0100 Subject: [PATCH 3/6] Modify code with PR comments This changes the name of the function to aws_inspector_rules_packages. Also a change to the pagination was made + simplified the tests --- ...ata_source_aws_inspector_rules_packages.go | 56 +++++++++++++ ...ource_aws_inspector_rules_packages_test.go | 24 ++++++ aws/data_source_aws_rules_packages.go | 57 ------------- aws/data_source_aws_rules_packages_test.go | 81 ------------------- aws/provider.go | 2 +- 5 files changed, 81 insertions(+), 139 deletions(-) create mode 100644 aws/data_source_aws_inspector_rules_packages.go create mode 100644 aws/data_source_aws_inspector_rules_packages_test.go delete mode 100644 aws/data_source_aws_rules_packages.go delete mode 100644 aws/data_source_aws_rules_packages_test.go diff --git a/aws/data_source_aws_inspector_rules_packages.go b/aws/data_source_aws_inspector_rules_packages.go new file mode 100644 index 00000000000..fb479bd5faa --- /dev/null +++ b/aws/data_source_aws_inspector_rules_packages.go @@ -0,0 +1,56 @@ +package aws + +import ( + "errors" + "fmt" + "log" + "sort" + "time" + + "github.com/aws/aws-sdk-go/service/inspector" + "github.com/hashicorp/terraform/helper/schema" +) + +func dataSourceAwsInspectorRulesPackages() *schema.Resource { + return &schema.Resource{ + Read: dataSourceAwsInspectorRulesPackagesRead, + + Schema: map[string]*schema.Schema{ + "arns": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + } +} + +func dataSourceAwsInspectorRulesPackagesRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).inspectorconn + + log.Printf("[DEBUG] Reading Rules Packages.") + d.SetId(time.Now().UTC().String()) + + var arns []string + + input := &inspector.ListRulesPackagesInput{} + + err := conn.ListRulesPackagesPages(input, func(page *inspector.ListRulesPackagesOutput, lastPage bool) bool { + for _, arn := range page.RulesPackageArns { + arns = append(arns, *arn) + } + return !lastPage + }) + if err != nil { + return fmt.Errorf("Error fetching Rules Packages: %s", err) + } + + if len(arns) == 0 { + return errors.New("No rules packages found.") + } + + sort.Strings(arns) + d.Set("arns", arns) + + return nil +} diff --git a/aws/data_source_aws_inspector_rules_packages_test.go b/aws/data_source_aws_inspector_rules_packages_test.go new file mode 100644 index 00000000000..276adcf6937 --- /dev/null +++ b/aws/data_source_aws_inspector_rules_packages_test.go @@ -0,0 +1,24 @@ +package aws + +import ( + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccAWSInspectorRulesPackages_basic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckAWSInspectorRulesPackagesConfig, + Check: resource.TestCheckResourceAttrSet("data.aws_inspector_rules_packages.test", "arns.#"), + }, + }, + }) +} + +const testAccCheckAWSInspectorRulesPackagesConfig = ` +data "aws_inspector_rules_packages" "rules_packages" { } +` diff --git a/aws/data_source_aws_rules_packages.go b/aws/data_source_aws_rules_packages.go deleted file mode 100644 index 471ef55f851..00000000000 --- a/aws/data_source_aws_rules_packages.go +++ /dev/null @@ -1,57 +0,0 @@ -package aws - -import ( - "fmt" - "log" - "sort" - "time" - - "github.com/aws/aws-sdk-go/service/inspector" - "github.com/hashicorp/terraform/helper/schema" -) - -func dataSourceAwsRulesPackages() *schema.Resource { - return &schema.Resource{ - Read: dataSourceAwsRulesPackagesRead, - - Schema: map[string]*schema.Schema{ - "arns": { - Type: schema.TypeList, - Computed: true, - Elem: &schema.Schema{Type: schema.TypeString}, - }, - }, - } -} - -func dataSourceAwsRulesPackagesRead(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*AWSClient).inspectorconn - - log.Printf("[DEBUG] Reading Rules Packages.") - d.SetId(time.Now().UTC().String()) - - var results int64 = 300 - request := &inspector.ListRulesPackagesInput{ - MaxResults: &results, - } - - log.Printf("[DEBUG] Reading Rules Packages: %s", request) - - resp, err := conn.ListRulesPackages(request) - if err != nil { - return fmt.Errorf("Error fetching Rules Packages: %s", err) - } - - raw := make([]string, len(resp.RulesPackageArns)) - for i, v := range resp.RulesPackageArns { - raw[i] = *v - } - - sort.Strings(raw) - - if err := d.Set("arns", raw); err != nil { - return fmt.Errorf("[WARN] Error setting Rules Packages: %s", err) - } - - return nil -} diff --git a/aws/data_source_aws_rules_packages_test.go b/aws/data_source_aws_rules_packages_test.go deleted file mode 100644 index 634c99fd766..00000000000 --- a/aws/data_source_aws_rules_packages_test.go +++ /dev/null @@ -1,81 +0,0 @@ -package aws - -import ( - "fmt" - "reflect" - "sort" - "strconv" - "testing" - - "github.com/hashicorp/terraform/helper/resource" - "github.com/hashicorp/terraform/terraform" -) - -func TestAccAWSRulesPackages_basic(t *testing.T) { - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccCheckAwsRulesPackagesConfig, - Check: resource.ComposeTestCheckFunc( - testAccCheckAwsRulesPackagesMeta("data.aws_rules_packages.aws_rules_packages"), - ), - }, - }, - }) -} - -func testAccCheckAwsRulesPackagesMeta(n string) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[n] - if !ok { - return fmt.Errorf("Can't find Tules Packages resource: %s", n) - } - - fmt.Printf("%s", rs) - - if rs.Primary.ID == "" { - return fmt.Errorf("Rules Packages resource ID not set.") - } - - actual, err := testAccCheckAwsRulesPackagesBuildAvailable(rs.Primary.Attributes) - if err != nil { - return err - } - - expected := actual - sort.Strings(expected) - if reflect.DeepEqual(expected, actual) != true { - return fmt.Errorf("Rules Packages not sorted - expected %v, got %v", expected, actual) - } - return nil - } -} - -func testAccCheckAwsRulesPackagesBuildAvailable(attrs map[string]string) ([]string, error) { - v, ok := attrs["arns.#"] - if !ok { - return nil, fmt.Errorf("Available Rules Packages list is missing.") - } - qty, err := strconv.Atoi(v) - if err != nil { - return nil, err - } - if qty < 1 { - return nil, fmt.Errorf("No Rules Packages found in region, this is probably a bug.") - } - packages := make([]string, qty) - for n := range packages { - zone, ok := attrs["arns."+strconv.Itoa(n)] - if !ok { - return nil, fmt.Errorf("Rules Packages list corrupt, this is definitely a bug.") - } - packages[n] = zone - } - return packages, nil -} - -const testAccCheckAwsRulesPackagesConfig = ` -data "aws_rules_packages" "rules_packages" { } -` diff --git a/aws/provider.go b/aws/provider.go index 6d8299cd4b9..6ff6f52c8d3 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -214,7 +214,7 @@ func Provider() terraform.ResourceProvider { "aws_region": dataSourceAwsRegion(), "aws_route_table": dataSourceAwsRouteTable(), "aws_route53_zone": dataSourceAwsRoute53Zone(), - "aws_rules_packages": dataSourceAwsRulesPackages(), + "aws_inspector_rules_packages": dataSourceAwsInspectorRulesPackages(), "aws_s3_bucket": dataSourceAwsS3Bucket(), "aws_s3_bucket_object": dataSourceAwsS3BucketObject(), "aws_sns_topic": dataSourceAwsSnsTopic(), From 51063cdd098006ee1a9ce258dbad268ff8cffdfc Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 12 Feb 2018 20:48:03 +0100 Subject: [PATCH 4/6] Add docs --- website/aws.erb | 3 ++ .../d/inspector_rules_packages.html.markdown | 46 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 website/docs/d/inspector_rules_packages.html.markdown diff --git a/website/aws.erb b/website/aws.erb index 6975f28532c..f0697d00dfd 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -134,6 +134,9 @@ > aws_iam_user + > + aws_inspector_rules_packages + > aws_instance diff --git a/website/docs/d/inspector_rules_packages.html.markdown b/website/docs/d/inspector_rules_packages.html.markdown new file mode 100644 index 00000000000..14b10b9c73a --- /dev/null +++ b/website/docs/d/inspector_rules_packages.html.markdown @@ -0,0 +1,46 @@ +--- +layout: "aws" +page_title: "AWS: aws_inspector_rules_packages" +sidebar_current: "docs-aws-datasource-inspector-rules-packages" +description: |- + Provides a list of AWS Inspector Rules packages which can be used by AWS Inspector. +--- + +# Data Source: aws_inspector_rules_packages + +The AWS Inspector Rules Packages data source allows access to the list of AWS +Inspector Rules Packages which can be used by AWS Inspector within the region +configured in the provider. + +## Example Usage + +```hcl +# Declare the data source +data "aws_inspector_rules_packages" "rules" {} + +# e.g. Use in aws_inspector_assessment_template +resource "aws_inspector_resource_group" "group" { + tags { + test = "test" + } +} + +resource "aws_inspector_assessment_target" "assessment" { + name = "test" + resource_group_arn = "${aws_inspector_resource_group.group.arn}" +} + +resource "aws_inspector_assessment_template" "assessment" { + name = "Test" + target_arn = "${aws_inspector_assessment_target.assessment.arn}" + duration = "60" + + rules_package_arns = "${data.aws_inspector_rules_packages.rules.arns}" +} +``` + +## Attributes Reference + +The following attributes are exported: + +* `arns` - A list of the AWS Inspector Rules Packages arns available in the AWS region. From 907333eb23931cc5e5e82cc5a0d514322ce12f4c Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 12 Feb 2018 20:49:05 +0100 Subject: [PATCH 5/6] Change order --- aws/provider.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/provider.go b/aws/provider.go index 6ff6f52c8d3..236df014026 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -198,6 +198,7 @@ func Provider() terraform.ResourceProvider { "aws_iam_server_certificate": dataSourceAwsIAMServerCertificate(), "aws_iam_user": dataSourceAwsIAMUser(), "aws_internet_gateway": dataSourceAwsInternetGateway(), + "aws_inspector_rules_packages": dataSourceAwsInspectorRulesPackages(), "aws_instance": dataSourceAwsInstance(), "aws_instances": dataSourceAwsInstances(), "aws_ip_ranges": dataSourceAwsIPRanges(), @@ -214,7 +215,6 @@ func Provider() terraform.ResourceProvider { "aws_region": dataSourceAwsRegion(), "aws_route_table": dataSourceAwsRouteTable(), "aws_route53_zone": dataSourceAwsRoute53Zone(), - "aws_inspector_rules_packages": dataSourceAwsInspectorRulesPackages(), "aws_s3_bucket": dataSourceAwsS3Bucket(), "aws_s3_bucket_object": dataSourceAwsS3BucketObject(), "aws_sns_topic": dataSourceAwsSnsTopic(), From f762880b21de60289e8886f8e78f991f7ebb819e Mon Sep 17 00:00:00 2001 From: Mattias Gees Date: Mon, 12 Feb 2018 20:50:53 +0100 Subject: [PATCH 6/6] Rename test datasource --- aws/data_source_aws_inspector_rules_packages_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/data_source_aws_inspector_rules_packages_test.go b/aws/data_source_aws_inspector_rules_packages_test.go index 276adcf6937..159f8defc29 100644 --- a/aws/data_source_aws_inspector_rules_packages_test.go +++ b/aws/data_source_aws_inspector_rules_packages_test.go @@ -20,5 +20,5 @@ func TestAccAWSInspectorRulesPackages_basic(t *testing.T) { } const testAccCheckAWSInspectorRulesPackagesConfig = ` -data "aws_inspector_rules_packages" "rules_packages" { } +data "aws_inspector_rules_packages" "test" { } `