Skip to content

Commit 5159f3e

Browse files
SLK-106518: Add 'unified_mode' attribute to Enforcer Group resource and data source
Implemantation: - Updated `resource_enforcer_group.go` to include the `unified_mode` attribute in the schema, allowing users to set and retrieve this property. - Modified `data_enforcer_group.go` to read the `unified_mode` attribute from the API response and set it in the Terraform state. - Updated `resource_enforcer_group_test.go` to include test cases that verify the correct handling of the `unified_mode` attribute during creation, update, and read operations. - Revised documentation in `docs/resources/enforcer_groups.md` and `docs/data-sources/enforcer_groups.md` to reflect the addition of the `unified_mode` attribute, including usage examples.
1 parent 236f9b2 commit 5159f3e

File tree

6 files changed

+29
-0
lines changed

6 files changed

+29
-0
lines changed

aquasec/data_enforcer_group.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -419,6 +419,11 @@ func dataSourceEnforcerGroup() *schema.Resource {
419419
},
420420
},
421421
},
422+
"unified_mode": {
423+
Type: schema.TypeBool,
424+
Description: "Indicates whether the Enforcer group is in unified mode.",
425+
Computed: true,
426+
},
422427
},
423428
}
424429
}
@@ -490,6 +495,7 @@ func dataEnforcerGroupRead(ctx context.Context, d *schema.ResourceData, m interf
490495
d.Set("allowed_applications", group.AllowedApplications)
491496
d.Set("allowed_labels", group.AllowedLabels)
492497
d.Set("allowed_registries", group.AllowedRegistries)
498+
d.Set("unified_mode", group.UnifiedMode)
493499

494500
log.Println("[DEBUG] setting id: ", name)
495501
d.SetId(name)

aquasec/resource_enforcer_group.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -438,6 +438,11 @@ func resourceEnforcerGroup() *schema.Resource {
438438
Description: "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA_RUNC_INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.",
439439
Optional: true,
440440
},
441+
"unified_mode": {
442+
Type: schema.TypeBool,
443+
Description: "",
444+
Optional: true,
445+
},
441446
},
442447
}
443448
}
@@ -543,6 +548,7 @@ func resourceEnforcerGroupRead(ctx context.Context, d *schema.ResourceData, m in
543548
d.Set("allowed_applications", r.AllowedApplications)
544549
d.Set("allowed_labels", r.AllowedLabels)
545550
d.Set("allowed_registries", r.AllowedRegistries)
551+
d.Set("unified_mode", r.UnifiedMode)
546552

547553
return nil
548554
}
@@ -590,6 +596,7 @@ func resourceEnforcerGroupUpdate(ctx context.Context, d *schema.ResourceData, m
590596
"user_access_control",
591597
"orchestrator",
592598
"schedule_scan_settings",
599+
"unified_mode",
593600
) {
594601

595602
ac := m.(*client.Client)
@@ -841,6 +848,11 @@ func expandEnforcerGroup(d *schema.ResourceData) client.EnforcerGroup {
841848
enforcerGroup.UserAccessControl = userAccessControl.(bool)
842849
}
843850

851+
unifiedMode, ok := d.GetOk("unified_mode")
852+
if ok {
853+
enforcerGroup.UnifiedMode = unifiedMode.(bool)
854+
}
855+
844856
token, ok := d.GetOk("token")
845857
if ok {
846858
enforcerGroup.Token = token.(string)

aquasec/resource_enforcer_group_test.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ func TestAquasecEnforcerGroupResource(t *testing.T) {
2424
EnforcerImageName: "registry.aquasec.com/enforcer:6.5.22034",
2525
Orchestrator: client.EnforcerOrchestrator{},
2626
ScheduleScanSettings: client.EnforcerScheduleScanSettings{},
27+
UnifiedMode: false,
2728
}
2829

2930
rootRef := enforcerGroupsRef(basicEnforcerGroup.ID)
@@ -44,6 +45,7 @@ func TestAquasecEnforcerGroupResource(t *testing.T) {
4445
resource.TestCheckResourceAttr(rootRef, "enforce", fmt.Sprintf("%v", basicEnforcerGroup.Enforce)),
4546
resource.TestCheckResourceAttr(rootRef, "gateways.0", basicEnforcerGroup.Gateways[0]),
4647
resource.TestCheckResourceAttr(rootRef, "type", basicEnforcerGroup.Type),
48+
resource.TestCheckResourceAttr(rootRef, "unified_mode", "false"),
4749
),
4850
},
4951
{
@@ -55,6 +57,7 @@ func TestAquasecEnforcerGroupResource(t *testing.T) {
5557
resource.TestCheckResourceAttr(rootRef, "enforce", fmt.Sprintf("%v", basicEnforcerGroup.Enforce)),
5658
resource.TestCheckResourceAttr(rootRef, "gateways.0", basicEnforcerGroup.Gateways[0]),
5759
resource.TestCheckResourceAttr(rootRef, "type", basicEnforcerGroup.Type),
60+
resource.TestCheckResourceAttr(rootRef, "unified_mode", "false"),
5861
),
5962
},
6063
{
@@ -66,6 +69,7 @@ func TestAquasecEnforcerGroupResource(t *testing.T) {
6669
resource.TestCheckResourceAttr(rootRef, "enforce", fmt.Sprintf("%v", basicEnforcerGroup.Enforce)),
6770
resource.TestCheckResourceAttr(rootRef, "gateways.0", basicEnforcerGroup.Gateways[0]),
6871
resource.TestCheckResourceAttr(rootRef, "type", basicEnforcerGroup.Type),
72+
resource.TestCheckResourceAttr(rootRef, "unified_mode", "false"),
6973
),
7074
},
7175
{
@@ -92,6 +96,7 @@ func getBasicEnforcerGroupResource(enforcerGroup client.EnforcerGroup) string {
9296
namespace = "%s"
9397
master = "%v"
9498
}
99+
unified_mode = %v
95100
}
96101
`, enforcerGroup.ID,
97102
enforcerGroup.ID,
@@ -104,6 +109,7 @@ func getBasicEnforcerGroupResource(enforcerGroup client.EnforcerGroup) string {
104109
enforcerGroup.Orchestrator.ServiceAccount,
105110
enforcerGroup.Orchestrator.Namespace,
106111
enforcerGroup.Orchestrator.Master,
112+
enforcerGroup.UnifiedMode,
107113
)
108114
}
109115

@@ -128,6 +134,7 @@ func getBasicEnforcerGroupResourceWithScheduleScanSettings(enforcerGroup client.
128134
days = [0,1,2,3,4,5,6]
129135
time = [4,0]
130136
}
137+
unified_mode = %v
131138
}
132139
`, enforcerGroup.ID,
133140
enforcerGroup.ID,
@@ -140,6 +147,7 @@ func getBasicEnforcerGroupResourceWithScheduleScanSettings(enforcerGroup client.
140147
enforcerGroup.Orchestrator.ServiceAccount,
141148
enforcerGroup.Orchestrator.Namespace,
142149
enforcerGroup.Orchestrator.Master,
150+
enforcerGroup.UnifiedMode,
143151
)
144152
}
145153

client/enforcers.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,7 @@ type EnforcerGroup struct {
9797
AllowedLabels []string `json:"allowed_labels"`
9898
AllowedRegistries []string `json:"allowed_registries"`
9999
ScheduleScanSettings EnforcerScheduleScanSettings `json:"schedule_scan_settings"`
100+
UnifiedMode bool `json:"unified_mode"`
100101
}
101102

102103
// GetEnforcerGroup - returns single Enforcer group

docs/data-sources/enforcer_groups.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,7 @@ output "group_details" {
9999
- `syscall_enabled` (Boolean) When set to `True` allows profiling and monitoring system calls made by running containers.
100100
- `token` (String) The batch install token.
101101
- `type` (String) Enforcer Type.
102+
- `unified_mode` (Boolean) Indicates whether the Enforcer group is in unified mode.
102103
- `user_access_control` (Boolean) When set to `True` applies User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA_RUNC_INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.
103104

104105
<a id="nestedatt--command"></a>

docs/resources/enforcer_groups.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ description: |-
6868
- `schedule_scan_settings` (Block List, Max: 1) Scheduling scan time for which you are creating the Enforcer group. (see [below for nested schema](#nestedblock--schedule_scan_settings))
6969
- `sync_host_images` (Boolean) Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images > Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).
7070
- `syscall_enabled` (Boolean) Set `True` will allow profiling and monitoring system calls made by running containers.
71+
- `unified_mode` (Boolean)
7172
- `user_access_control` (Boolean) Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA_RUNC_INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.
7273

7374
### Read-Only

0 commit comments

Comments
 (0)