Merge branch 'main' of github.com:aquasecurity/terraform-provider-aquasec into test_coverage

Author: sarvodayaKumar

DEVELOPMENT.md

@@ -32,7 +32,7 @@ git clone https://github.com/aquasecurity/terraform-provider-aquasec.git
 
 cd terraform-provider-aquasec
 
-git checkout v0.8.41
+git checkout v0.10.0
 ```
 
 **Build and install the provider**

GNUmakefile

@@ -6,7 +6,7 @@ HOSTNAME	 := github.com
 NAMESPACE	 := aquasec
 NAME 		 := aquasec
 BINARY		 := terraform-provider-${NAME}
-VERSION      := 0.8.41
+VERSION      := 0.10.0
 OS_ARCH      := $(shell go env GOOS)_$(shell go env GOARCH)
 
 default: build

README.md

@@ -43,7 +43,7 @@ To quickly get started using the Aquasec provider for Terraform, configure the p
 terraform {
   required_providers {
     aquasec = {
-      version = "0.8.41"
+      version = "0.10.0"
       source  = "aquasecurity/aquasec"
     }
   }

docs/data-sources/container_runtime_policy.md

@@ -278,6 +278,7 @@ Read-Only:
 - `enabled` (Boolean)
 - `exclude_directories` (List of String)
 - `exclude_processes` (List of String)
+- `file_forensic_collection` (Boolean)
 - `include_directories` (List of String)
 
 

docs/data-sources/enforcer_groups.md

@@ -94,7 +94,7 @@ output "group_details" {
 - `risk_explorer_auto_discovery` (Boolean) When set to `True` allows Enforcers to be discovered in the Risk Explorer.
 - `runtime_policy_name` (String) Function Runtime Policy that will applay on the nano enforcer.
 - `runtime_type` (String) The container runtime environment.
-- `schedule_scan_time` (Set of Object) Scheduling scan time for which you are creating the Enforcer group. (see [below for nested schema](#nestedatt--schedule_scan_time))
+- `schedule_scan_settings` (List of Object) Scheduling scan time for which you are creating the Enforcer group. (see [below for nested schema](#nestedatt--schedule_scan_settings))
 - `sync_host_images` (Boolean) When set to `True` configures Enforcers to discover local host images. Discovered images will be listed under Images > Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).
 - `syscall_enabled` (Boolean) When set to `True` allows profiling and monitoring system calls made by running containers.
 - `token` (String) The batch install token.
@@ -123,13 +123,13 @@ Read-Only:
 - `type` (String)
 
 
-<a id="nestedatt--schedule_scan_time"></a>
-### Nested Schema for `schedule_scan_time`
+<a id="nestedatt--schedule_scan_settings"></a>
+### Nested Schema for `schedule_scan_settings`
 
 Read-Only:
 
 - `days` (List of Number)
-- `disbled` (Boolean)
+- `disabled` (Boolean)
 - `is_custom` (Boolean)
 - `time` (List of Number)
 

docs/data-sources/gateways.md

@@ -54,13 +54,22 @@ output "gateway_grpc_address" {
 
 Read-Only:
 
+- `address` (String)
+- `commit` (String)
 - `description` (String)
+- `docker_version` (String)
 - `grpc_address` (String)
+- `host_os` (String)
 - `hostname` (String)
 - `id` (String)
+- `last_update` (Number)
 - `logicalname` (String)
+- `project_id` (Number)
 - `public_address` (String)
+- `server_id` (String)
+- `server_name` (String)
 - `status` (String)
+- `type` (String)
 - `version` (String)
 
 

docs/data-sources/host_runtime_policy.md

@@ -112,6 +112,10 @@ Optional:
 - `exclude_processes` (List of String) List of registry processes to be excluded from being protected.
 - `include_directories` (List of String) List of registry paths to be excluded from being protected.
 
+Read-Only:
+
+- `file_forensic_collection` (Boolean) Whether to enable file forensic collection.
+
 
 <a id="nestedblock--package_block"></a>
 ### Nested Schema for `package_block`

docs/data-sources/image_assurance_policy.md

@@ -212,7 +212,11 @@ Read-Only:
 
 Read-Only:
 
+- `author` (String)
+- `imagedigest` (String)
+- `imageid` (Number)
 - `imagename` (String)
+- `lastupdated` (Number)
 - `registry` (String)
 
 

docs/data-sources/users_saas.md

@@ -35,21 +35,22 @@ Read-Only:
 
 - `account_admin` (Boolean)
 - `confirmed` (Boolean)
+- `count_failed_signin` (Number)
 - `created` (String)
 - `csp_roles` (List of String)
 - `dashboard` (Boolean)
 - `email` (String)
 - `groups` (List of Object) (see [below for nested schema](#nestedobjatt--users--groups))
+- `id` (String)
+- `last_signin_attempt` (String)
 - `logins` (List of Object) (see [below for nested schema](#nestedobjatt--users--logins))
 - `mfa_enabled` (Boolean)
 - `multiaccount` (Boolean)
 - `password_reset` (Boolean)
-- `provider` (String)
 - `send_announcements` (Boolean)
 - `send_new_plugins` (Boolean)
 - `send_new_risks` (Boolean)
 - `send_scan_results` (Boolean)
-- `user_id` (String)
 
 <a id="nestedobjatt--users--groups"></a>
 ### Nested Schema for `users.groups`
@@ -67,8 +68,10 @@ Read-Only:
 Read-Only:
 
 - `created` (String)
+- `csp_roles` (List of String)
+- `cspm_groups` (List of String)
+- `groups` (List of String)
 - `id` (Number)
 - `ip_address` (String)
-- `user_id` (Number)
 
 

docs/data-sources/vmware_assurance_policy.md

@@ -0,0 +1,248 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "aquasec_vmware_assurance_policy Data Source - terraform-provider-aquasec"
+subcategory: ""
+description: |-
+  
+---
+
+# aquasec_vmware_assurance_policy (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String)
+
+### Read-Only
+
+- `aggregated_vulnerability` (List of Object) Aggregated vulnerability information. (see [below for nested schema](#nestedatt--aggregated_vulnerability))
+- `allowed_images` (List of String) List of explicitly allowed images.
+- `application_scopes` (List of String)
+- `assurance_type` (String) What type of assurance policy is described.
+- `audit_on_failure` (Boolean) Indicates if auditing for failures.
+- `author` (String) Name of user account that created the policy.
+- `auto_scan_configured` (Boolean)
+- `auto_scan_enabled` (Boolean)
+- `auto_scan_time` (Set of Object) (see [below for nested schema](#nestedatt--auto_scan_time))
+- `blacklist_permissions` (List of String) List of function's forbidden permissions.
+- `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant.
+- `blacklisted_licenses` (List of String) List of blacklisted licenses.
+- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant.
+- `block_failed` (Boolean) Indicates if failed images are blocked.
+- `category` (String)
+- `control_exclude_no_fix` (Boolean)
+- `custom_checks` (List of Object) List of Custom user scripts for checks. (see [below for nested schema](#nestedatt--custom_checks))
+- `custom_checks_enabled` (Boolean) Indicates if scanning should include custom checks.
+- `custom_severity` (String)
+- `custom_severity_enabled` (Boolean)
+- `cves_black_list` (List of String) List of CVEs blacklisted items.
+- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant.
+- `cves_white_list` (List of String) List of cves whitelisted licenses
+- `cves_white_list_enabled` (Boolean) Indicates if CVEs whitelist is relevant.
+- `cvss_severity` (String) Identifier of the cvss severity.
+- `cvss_severity_enabled` (Boolean) Indicates if the cvss severity is scanned.
+- `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore cvss cases that do not have a known fix.
+- `description` (String)
+- `disallow_exploit_types` (List of String)
+- `disallow_malware` (Boolean) Indicates if malware should block the image.
+- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
+- `domain` (String) Name of the container image.
+- `domain_name` (String)
+- `dta_enabled` (Boolean)
+- `dta_severity` (String)
+- `enabled` (Boolean)
+- `enforce` (Boolean)
+- `enforce_after_days` (Number)
+- `enforce_excessive_permissions` (Boolean)
+- `exceptional_monitored_malware_paths` (List of String)
+- `exclude_application_scopes` (List of String)
+- `fail_cicd` (Boolean) Indicates if cicd failures will fail the image.
+- `forbidden_labels` (Set of Object) (see [below for nested schema](#nestedatt--forbidden_labels))
+- `forbidden_labels_enabled` (Boolean)
+- `force_microenforcer` (Boolean)
+- `function_integrity_enabled` (Boolean)
+- `id` (String) The ID of this resource.
+- `ignore_base_image_vln` (Boolean)
+- `ignore_recently_published_fix_vln` (Boolean)
+- `ignore_recently_published_fix_vln_period` (Number)
+- `ignore_recently_published_vln` (Boolean)
+- `ignore_recently_published_vln_period` (Number)
+- `ignore_risk_resources_enabled` (Boolean) Indicates if risk resources are ignored.
+- `ignored_risk_resources` (List of String) List of ignored risk resources.
+- `ignored_sensitive_resources` (List of String)
+- `images` (List of String) List of images.
+- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host.
+- `kubernetes_controls` (List of String)
+- `kubernetes_controls_avd_ids` (List of String)
+- `kubernetes_controls_names` (List of String)
+- `labels` (List of String) List of labels.
+- `linux_cis_enabled` (Boolean)
+- `malware_action` (String)
+- `maximum_score` (Number) Value of allowed maximum score.
+- `maximum_score_enabled` (Boolean) Indicates if exceeding the maximum score is scanned.
+- `maximum_score_exclude_no_fix` (Boolean) Indicates that policy should ignore cases that do not have a known fix.
+- `monitored_malware_paths` (List of String)
+- `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root.
+- `openshift_hardening_enabled` (Boolean)
+- `packages_black_list` (Set of Object) List of blacklisted images. (see [below for nested schema](#nestedatt--packages_black_list))
+- `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant.
+- `packages_white_list` (Set of Object) List of whitelisted images. (see [below for nested schema](#nestedatt--packages_white_list))
+- `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant.
+- `partial_results_image_fail` (Boolean)
+- `permission` (String)
+- `policy_settings` (List of Object) (see [below for nested schema](#nestedatt--policy_settings))
+- `read_only` (Boolean)
+- `registries` (List of String) List of registries.
+- `registry` (String)
+- `required_labels` (Set of Object) (see [below for nested schema](#nestedatt--required_labels))
+- `required_labels_enabled` (Boolean)
+- `scan_malware_in_archives` (Boolean)
+- `scan_nfs_mounts` (Boolean)
+- `scan_process_memory` (Boolean)
+- `scan_sensitive_data` (Boolean) Indicates if scan should include sensitive data in the image.
+- `scan_windows_registry` (Boolean)
+- `scap_enabled` (Boolean) Indicates if scanning should include scap.
+- `scap_files` (List of String) List of SCAP user scripts for checks.
+- `scope` (Set of Object) (see [below for nested schema](#nestedatt--scope))
+- `trusted_base_images` (Set of Object) List of trusted images. (see [below for nested schema](#nestedatt--trusted_base_images))
+- `trusted_base_images_enabled` (Boolean) Indicates if list of trusted base images is relevant.
+- `vulnerability_exploitability` (Boolean)
+- `vulnerability_score_range` (List of Number)
+- `whitelisted_licenses` (List of String) List of whitelisted licenses.
+- `whitelisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant.
+- `windows_cis_enabled` (Boolean) Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
+
+<a id="nestedatt--aggregated_vulnerability"></a>
+### Nested Schema for `aggregated_vulnerability`
+
+Read-Only:
+
+- `custom_severity_enabled` (Boolean)
+- `enabled` (Boolean)
+- `score_range` (List of Number)
+- `severity` (String)
+
+
+<a id="nestedatt--auto_scan_time"></a>
+### Nested Schema for `auto_scan_time`
+
+Read-Only:
+
+- `iteration` (Number)
+- `iteration_type` (String)
+- `time` (String)
+- `week_days` (List of String)
+
+
+<a id="nestedatt--custom_checks"></a>
+### Nested Schema for `custom_checks`
+
+Read-Only:
+
+- `author` (String)
+- `description` (String)
+- `engine` (String)
+- `last_modified` (Number)
+- `name` (String)
+- `path` (String)
+- `read_only` (Boolean)
+- `script_id` (String)
+- `severity` (String)
+- `snippet` (String)
+
+
+<a id="nestedatt--forbidden_labels"></a>
+### Nested Schema for `forbidden_labels`
+
+Read-Only:
+
+- `key` (String)
+- `value` (String)
+
+
+<a id="nestedatt--packages_black_list"></a>
+### Nested Schema for `packages_black_list`
+
+Read-Only:
+
+- `arch` (String)
+- `display` (String)
+- `epoch` (String)
+- `format` (String)
+- `license` (String)
+- `name` (String)
+- `release` (String)
+- `version` (String)
+- `version_range` (String)
+
+
+<a id="nestedatt--packages_white_list"></a>
+### Nested Schema for `packages_white_list`
+
+Read-Only:
+
+- `arch` (String)
+- `display` (String)
+- `epoch` (String)
+- `format` (String)
+- `license` (String)
+- `name` (String)
+- `release` (String)
+- `version` (String)
+- `version_range` (String)
+
+
+<a id="nestedatt--policy_settings"></a>
+### Nested Schema for `policy_settings`
+
+Read-Only:
+
+- `enforce` (Boolean)
+- `is_audit_checked` (Boolean)
+- `warn` (Boolean)
+- `warning_message` (String)
+
+
+<a id="nestedatt--required_labels"></a>
+### Nested Schema for `required_labels`
+
+Read-Only:
+
+- `key` (String)
+- `value` (String)
+
+
+<a id="nestedatt--scope"></a>
+### Nested Schema for `scope`
+
+Read-Only:
+
+- `expression` (String)
+- `variables` (Set of Object) (see [below for nested schema](#nestedobjatt--scope--variables))
+
+<a id="nestedobjatt--scope--variables"></a>
+### Nested Schema for `scope.variables`
+
+Read-Only:
+
+- `attribute` (String)
+- `name` (String)
+- `value` (String)
+
+
+
+<a id="nestedatt--trusted_base_images"></a>
+### Nested Schema for `trusted_base_images`
+
+Read-Only:
+
+- `imagename` (String)
+- `registry` (String)
+
+