feat: implement support for log management resource and data source

DEVELOPMENT.md

@@ -32,7 +32,7 @@ git clone https://github.com/aquasecurity/terraform-provider-aquasec.git
 
 cd terraform-provider-aquasec
 
-git checkout v0.11.0
+git checkout v0.12.0
 ```
 
 **Build and install the provider**

GNUmakefile

@@ -6,7 +6,7 @@ HOSTNAME	 := github.com
 NAMESPACE	 := aquasec
 NAME 		 := aquasec
 BINARY		 := terraform-provider-${NAME}
-VERSION      := 0.11.0
+VERSION      := 0.12.0
 OS_ARCH      := $(shell go env GOOS)_$(shell go env GOARCH)
 
 default: build

README.md

@@ -43,7 +43,7 @@ To quickly get started using the Aquasec provider for Terraform, configure the p
 terraform {
   required_providers {
     aquasec = {
-      version = "0.11.0"
+      version = "0.12.0"
       source  = "aquasecurity/aquasec"
     }
   }

aquasec/data_log_management.go

@@ -0,0 +1,277 @@
+package aquasec
+
+import (
+	"context"
+
+	"github.com/aquasecurity/terraform-provider-aquasec/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataLogManagement() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataLogManagementRead,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Description: "The name of the log-management configuration to look up.",
+				Required:    true,
+			},
+			"enable": {
+				Type:        schema.TypeBool,
+				Description: "Indicates whether the log-management configuration is enabled (true) or disabled (false).",
+				Computed:    true,
+			},
+			"audit_filter": {
+				Type:        schema.TypeString,
+				Description: "The audit filter expression applied by the log-management service to narrow down logs.",
+				Computed:    true,
+			},
+			"url": {
+				Type:        schema.TypeString,
+				Description: "The endpoint URL of the log-management service, where logs are sent or retrieved from.",
+				Computed:    true,
+			},
+			"network": {
+				Type:        schema.TypeString,
+				Description: "Optional network or connectivity identifier used by the log-management service.",
+				Computed:    true,
+			},
+			"user": {
+				Type:        schema.TypeString,
+				Description: "Username used for authentication with the log-management service (sensitive).",
+				Computed:    true,
+				Sensitive:   true,
+			},
+			"password": {
+				Type:        schema.TypeString,
+				Description: "Password used for authentication with the log-management service (sensitive).",
+				Computed:    true,
+				Sensitive:   true,
+			},
+			"token": {
+				Type:        schema.TypeString,
+				Description: "Bearer token used for authentication with the log-management service (sensitive).",
+				Computed:    true,
+				Sensitive:   true,
+			},
+			"workspace": {
+				Type:        schema.TypeString,
+				Description: "Workspace or tenant identifier within the log-management service.",
+				Computed:    true,
+			},
+			"key": {
+				Type:        schema.TypeString,
+				Description: "API key or secret key generated for this log-management configuration (sensitive, may be generated by the service).",
+				Computed:    true,
+				Sensitive:   true,
+			},
+			"verify_cert": {
+				Type:        schema.TypeBool,
+				Description: "Whether SSL/TLS certificate verification is enabled when connecting to the service.",
+				Computed:    true,
+			},
+			"ca_cert": {
+				Type:        schema.TypeString,
+				Description: "Custom CA certificate used to verify the log-management service’s TLS certificate (sensitive).",
+				Computed:    true,
+				Sensitive:   true,
+			},
+			"enable_alphanumeric_sorting": {
+				Type:        schema.TypeBool,
+				Description: "When enabled, logs are sorted alphanumerically before being processed.",
+				Computed:    true,
+			},
+			"index": {
+				Type:        schema.TypeString,
+				Description: "Index name or bucket name where the logs are stored or retrieved from in the service.",
+				Computed:    true,
+			},
+			"source": {
+				Type:        schema.TypeString,
+				Description: "Fixed source identifier used by the log-management service; default set to aquasec.",
+				Computed:    true,
+			},
+			"sourcetype": {
+				Type:        schema.TypeString,
+				Description: "The type or classification of the log source as recognized by the service.",
+				Computed:    true,
+			},
+			"authentication_option": {
+				Type:        schema.TypeString,
+				Description: "The authentication method chosen for the service (e.g., API key, OAuth).",
+				Computed:    true,
+			},
+			"projectid": {
+				Type:        schema.TypeString,
+				Description: "Cloud project or subscription identifier under which logs are collected.",
+				Computed:    true,
+			},
+			"logname": {
+				Type:        schema.TypeString,
+				Description: "Name of the log stream or log source in the service.",
+				Computed:    true,
+			},
+			"credentials_json": {
+				Type:        schema.TypeString,
+				Description: "JSON-encoded credentials for service-account style authentication (sensitive).",
+				Computed:    true,
+				Sensitive:   true,
+			},
+			"external_id": {
+				Type:        schema.TypeString,
+				Description: "External identifier used for cross-account or cross-tenant authentication.",
+				Computed:    true,
+			},
+			"role_arn": {
+				Type:        schema.TypeString,
+				Description: "ARN of the IAM role assumed when interacting with the log-management service.",
+				Computed:    true,
+			},
+			"region": {
+				Type:        schema.TypeString,
+				Description: "Cloud region identifier where log ingestion or retrieval takes place.",
+				Computed:    true,
+			},
+			"loggroup": {
+				Type:        schema.TypeString,
+				Description: "Log-group or collection name within the service where logs are grouped.",
+				Computed:    true,
+			},
+			"keyid": {
+				Type:        schema.TypeString,
+				Description: "Identifier of the key or credential used by the log-management service.",
+				Computed:    true,
+			},
+			"rule": {
+				Type:        schema.TypeString,
+				Description: "Routing or processing rule name defined for this log-management configuration.",
+				Computed:    true,
+			},
+			"stream_name": {
+				Type:        schema.TypeString,
+				Description: "Name of the log stream or channel within the service where log events appear.",
+				Computed:    true,
+			},
+			"tenant_id": {
+				Type:        schema.TypeString,
+				Description: "Tenant or directory ID used in multi-tenant log-management environments.",
+				Computed:    true,
+			},
+			"client_id": {
+				Type:        schema.TypeString,
+				Description: "Client ID used in OAuth or service-account authentication with the service.",
+				Computed:    true,
+			},
+			"client_secret": {
+				Type:        schema.TypeString,
+				Description: "Client secret associated with the client ID for authentication (sensitive).",
+				Computed:    true,
+				Sensitive:   true,
+			},
+			"cloud": {
+				Type:        schema.TypeString,
+				Description: "Cloud provider identifier (for example ‘aws’, ‘azure’, ‘gcp’) associated with this log-management configuration.",
+				Computed:    true,
+			},
+			"displayname": {
+				Type:        schema.TypeString,
+				Description: "Display name for the log management configuration.",
+				Computed:    true,
+			},
+			"hasnewlabel": {
+				Type:        schema.TypeBool,
+				Description: "Indicates whether the log management configuration has a new label.",
+				Computed:    true,
+			},
+			"learnmore": {
+				Type:        schema.TypeString,
+				Description: "Link to learn more about the log management configuration.",
+				Computed:    true,
+			},
+			"logo": {
+				Type:        schema.TypeString,
+				Description: "URL or identifier for the logo associated with the log management configuration.",
+				Computed:    true,
+			},
+			"logofull": {
+				Type:        schema.TypeString,
+				Description: "Full URL or identifier for the logo associated with the log management configuration.",
+				Computed:    true,
+			},
+			"audit": {
+				Type:        schema.TypeString,
+				Description: "Audit information for the log management configuration.",
+				Computed:    true,
+			},
+		},
+	}
+}
+
+func dataLogManagementRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	ac := m.(*client.Client)
+	var diags diag.Diagnostics
+
+	name := d.Get("name").(string)
+	if name == "" {
+		return diag.Errorf("attribute \"name\" must be set")
+	}
+
+	logMgmt, err := ac.GetLogManagements()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	if logMgmt == nil {
+		return diag.Errorf("no log management configurations returned")
+	}
+
+	service, ok := (*logMgmt)[name]
+	if !ok {
+		return diag.Errorf("log management %q not found", name)
+	}
+
+	if service.Name == "" {
+		service.Name = name
+	}
+
+	d.SetId(service.Name)
+	_ = d.Set("name", service.Name)
+	_ = d.Set("enable", service.Enable)
+	_ = d.Set("audit_filter", service.AuditFilter)
+	_ = d.Set("url", service.URL)
+	_ = d.Set("network", service.Network)
+	_ = d.Set("user", service.User)
+	_ = d.Set("password", service.Password)
+	_ = d.Set("token", service.Token)
+	_ = d.Set("workspace", service.Workspace)
+	_ = d.Set("key", service.Key)
+	_ = d.Set("verify_cert", service.VerifyCert)
+	_ = d.Set("ca_cert", service.CACert)
+	_ = d.Set("enable_alphanumeric_sorting", service.EnableAlphanumericSorting)
+	_ = d.Set("index", service.Index)
+	_ = d.Set("source", service.Source)
+	_ = d.Set("sourcetype", service.SourceType)
+	_ = d.Set("authentication_option", service.AuthenticationOption)
+	_ = d.Set("projectid", service.ProjectID)
+	_ = d.Set("logname", service.LogName)
+	_ = d.Set("credentials_json", service.CredentialsJSON)
+	_ = d.Set("external_id", service.ExternalID)
+	_ = d.Set("role_arn", service.RoleArn)
+	_ = d.Set("region", service.Region)
+	_ = d.Set("loggroup", service.LogGroup)
+	_ = d.Set("keyid", service.KeyID)
+	_ = d.Set("rule", service.Rule)
+	_ = d.Set("stream_name", service.StreamName)
+	_ = d.Set("tenant_id", service.TenantID)
+	_ = d.Set("client_id", service.ClientID)
+	_ = d.Set("client_secret", service.ClientSecret)
+	_ = d.Set("cloud", service.Cloud)
+	_ = d.Set("displayname", service.DisplayName)
+	_ = d.Set("hasnewlabel", service.HasNewLabel)
+	_ = d.Set("learnmore", service.LearnMore)
+	_ = d.Set("logo", service.Logo)
+	_ = d.Set("logofull", service.LogoFull)
+	_ = d.Set("audit", service.Audit)
+
+	return diags
+}

aquasec/data_log_management_test.go

@@ -0,0 +1,47 @@
+package aquasec
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAquasecDataSourceLogManagement(t *testing.T) {
+	t.Skip("Skipping Log Management Data Source test")
+	t.Parallel()
+	name := "CloudWatch"
+	key := os.Getenv("AWS_SECRET_ACCESS_KEY")
+	keyid := os.Getenv("AWS_ACCESS_KEY_ID")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckLogManagementDataSource(name, key, keyid),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.aquasec_log_managements.logmanagement", "name", "CloudWatch"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckLogManagementDataSource(name, key, keyid string) string {
+	return fmt.Sprintf(`
+ resource "aquasec_log_management" "logmanagement" {
+   name   = "%s"
+   region = "us-west-1"
+   loggroup = "terraform-provider-log-group"
+   key    = "%s"
+   keyid  = "%s"
+   enable = true
+`, name, key, keyid) + `
+ }
+
+  data "aquasec_log_managements" "logmanagement" {
+    name = "CloudWatch"
+  }`
+}

aquasec/provider.go

@@ -143,6 +143,7 @@ func Provider(v string) *schema.Provider {
 			"aquasec_assurance_custom_script": resourceAssuranceScript(),
 			"aquasec_aqua_api_key":            resourceAPIKey(),
 			"aquasec_scanner_group":           resourceScannerGroup(),
+			"aquasec_log_management":          resourceLogManagement(),
 			"aquasec_serverless_application":  resourceServerlessApplication(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
@@ -179,6 +180,7 @@ func Provider(v string) *schema.Provider {
 			"aquasec_aqua_api_keys":           dataSourceAPIKeys(),
 			"aquasec_scanner_group":           dataSourceScannerGroup(),
 			"aquasec_vmware_assurance_policy": dataVmwareAssurancePolicy(),
+			"aquasec_log_managements":         dataLogManagement(),
 			"aquasec_serverless_applications": dataSourceServerlessApplication(),
 		},
 		ConfigureContextFunc: providerConfigure,