Merge pull request #309 from aquasecurity/SLK-94730-schema-fix-host-runtime-policy

Fix host runtime policy  schema

Author: semyonmor

DEVELOPMENT.md

@@ -32,7 +32,7 @@ git clone https://github.com/aquasecurity/terraform-provider-aquasec.git
 
 cd terraform-provider-aquasec
 
-git checkout v0.8.37
+git checkout v0.8.38
 ```
 
 **Build and install the provider**

GNUmakefile

@@ -6,7 +6,7 @@ HOSTNAME	 := github.com
 NAMESPACE	 := aquasec
 NAME 		 := aquasec
 BINARY		 := terraform-provider-${NAME}
-VERSION      := 0.8.37
+VERSION      := 0.8.38
 OS_ARCH      := $(shell go env GOOS)_$(shell go env GOARCH)
 
 default: build

README.md

@@ -43,7 +43,7 @@ To quickly get started using the Aquasec provider for Terraform, configure the p
 terraform {
   required_providers {
     aquasec = {
-      version = "0.8.37"
+      version = "0.8.38"
       source  = "aquasecurity/aquasec"
     }
   }

aquasec/resource_host_assurance_policy_test.go

@@ -141,7 +141,7 @@ resource "aquasec_host_assurance_policy" "terraformiap" {
     }
 
     vulnerability_exploitability = true
-    disallow_exploit_types = ["remote_exploit", "local_exploit"]
+    disallow_exploit_types = ["remote", "local"]
     ignore_base_image_vln = false
     ignored_sensitive_resources = ["/etc/passwd", "/etc/shadow"]
     

aquasec/resource_host_runtime_policy.go

@@ -3,10 +3,11 @@ package aquasec
 import (
 	"context"
 	"fmt"
+	"strings"
+
 	"github.com/aquasecurity/terraform-provider-aquasec/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-	"strings"
 )
 
 func resourceHostRuntimePolicy() *schema.Resource {
@@ -1268,6 +1269,10 @@ func resourceHostRuntimePolicy() *schema.Resource {
 										Description: "Variable value.",
 										Required:    true,
 									},
+									"name": {
+										Type:     schema.TypeString,
+										Optional: true,
+									},
 								},
 							},
 						},
@@ -3007,7 +3012,7 @@ func flattenVariables(variables []interface{}) []client.Variable {
 		val := v.(map[string]interface{})
 		result = append(result, client.Variable{
 			Attribute: val["attribute"].(string),
-                        Name:      val["name"].(string),
+			Name:      val["name"].(string),
 			Value:     val["value"].(string),
 		})
 	}

docs/index.md

@@ -21,7 +21,7 @@ Use the navigation to the left to read about the available resources and data so
 terraform {
   required_providers {
     aquasec = {
-      version = "0.8.37"
+      version = "0.8.38"
       source  = "aquasecurity/aquasec"
     }
   }

docs/resources/host_runtime_policy.md

@@ -16,15 +16,25 @@ description: |-
 resource "aquasec_host_runtime_policy" "host_runtime_policy" {
   name        = "host_runtime_policy"
   description = "host_runtime_policy"
-  scope_variables {
-    attribute = "kubernetes.cluster"
-    value     = "default"
-  }
-  scope_variables {
-    attribute = "kubernetes.label"
-    name      = "app"
-    value     = "aqua"
+
+  scope {
+    expression = "v1 && v2 || v3"
+
+    variables {
+      attribute = "aqua.hostgroup"
+      value     = "production"
+    }
+    variables {
+      attribute = "cloud.awsaccount"
+      value     = "xxxxxxxxx"
+    }
+    variables {
+      attribute  = "os.hostname"
+      name       = "name"
+      value      = "10.0.0.1"
+    }
   }
+  
 
   application_scopes = [
     "Global",
@@ -37,19 +47,19 @@ resource "aquasec_host_runtime_policy" "host_runtime_policy" {
     "blocked",
   ]
   file_integrity_monitoring {
-    monitor_create      = true
-    monitor_read        = true
-    monitor_modify      = true
-    monitor_delete      = true
-    monitor_attributes  = true
-    monitored_paths     = ["paths"]
-    excluded_paths      = ["expaths"]
-    monitored_processes = ["process"]
-    excluded_processes  = ["exprocess"]
-    monitored_users     = ["user"]
-    excluded_users      = ["expuser"]
+    enabled                               = true
+    monitored_files_read                  = true
+    monitored_files_modify                = true
+    monitored_files_delete                = true
+    monitored_files_attributes            = false
+    monitored_files                       = ["paths"]
+    exceptional_monitored_files           = ["expaths"]
+    monitored_files_processes             = ["process"]
+    exceptional_monitored_files_processes = ["exprocess"]
+    monitored_files_users                 = ["user"]
+    exceptional_monitored_files_users     = ["expuser"]
   }
-  audit_all_os_user_activity         = true
+
   audit_full_command_arguments       = true
   audit_host_successful_login_events = true
   audit_host_failed_login_events     = true
@@ -66,9 +76,7 @@ resource "aquasec_host_runtime_policy" "host_runtime_policy" {
   os_groups_blocked = [
     "group2",
   ]
-  package_block = [
-    "package1"
-  ]
+
   monitor_system_time_changes  = true
   monitor_windows_services     = true
   monitor_system_log_integrity = true
@@ -461,6 +469,10 @@ Required:
 - `attribute` (String) Variable attribute.
 - `value` (String) Variable value.
 
+Optional:
+
+- `name` (String)
+
 
 
 <a id="nestedblock--scope_variables"></a>

examples/data-sources/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     aquasec = {
-      //      version = "0.8.37"
+      //      version = "0.8.38"
       source = "aquasecurity/aquasec"
     }
   }

examples/provider/provider.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     aquasec = {
-      version = "0.8.37"
+      version = "0.8.38"
       source  = "aquasecurity/aquasec"
     }
   }

examples/resources/aquasec_host_runtime_policy/resource.tf

@@ -1,15 +1,25 @@
 resource "aquasec_host_runtime_policy" "host_runtime_policy" {
   name        = "host_runtime_policy"
   description = "host_runtime_policy"
-  scope_variables {
-    attribute = "kubernetes.cluster"
-    value     = "default"
-  }
-  scope_variables {
-    attribute = "kubernetes.label"
-    name      = "app"
-    value     = "aqua"
+
+  scope {
+    expression = "v1 && v2 || v3"
+
+    variables {
+      attribute = "aqua.hostgroup"
+      value     = "production"
+    }
+    variables {
+      attribute = "cloud.awsaccount"
+      value     = "xxxxxxxxx"
+    }
+    variables {
+      attribute  = "os.hostname"
+      name       = "name"
+      value      = "10.0.0.1"
+    }
   }
+  
 
   application_scopes = [
     "Global",