diff --git a/.changelog/34049.txt b/.changelog/34049.txt new file mode 100644 index 00000000000..66f8750f909 --- /dev/null +++ b/.changelog/34049.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/aws_imagebuilder_image: Add `image_scanning_configuration` configuration block +``` + +```release-note:enhancement +data-source/aws_imagebuilder_image: Add `image_scanning_configuration` attribute +``` diff --git a/internal/acctest/acctest.go b/internal/acctest/acctest.go index 35fda5149a7..25e0073293b 100644 --- a/internal/acctest/acctest.go +++ b/internal/acctest/acctest.go @@ -19,6 +19,8 @@ import ( "github.com/YakDriver/regexache" ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/aws/aws-sdk-go-v2/service/inspector2" + inspector2types "github.com/aws/aws-sdk-go-v2/service/inspector2/types" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/arn" "github.com/aws/aws-sdk-go/aws/endpoints" @@ -41,6 +43,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-aws/internal/conns" "github.com/hashicorp/terraform-provider-aws/internal/envvar" + "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" "github.com/hashicorp/terraform-provider-aws/internal/provider" tfacmpca "github.com/hashicorp/terraform-provider-aws/internal/service/acmpca" @@ -919,6 +922,20 @@ func PreCheckPartitionNot(t *testing.T, partitions ...string) { } } +func PreCheckInspector2(ctx context.Context, t *testing.T) { + conn := Provider.Meta().(*conns.AWSClient).Inspector2Client(ctx) + + _, err := conn.ListDelegatedAdminAccounts(ctx, &inspector2.ListDelegatedAdminAccountsInput{}) + + if errs.IsA[*inspector2types.AccessDeniedException](err) { + t.Skipf("Amazon Inspector not available: %s", err) + } + + if err != nil { + t.Fatalf("listing Inspector2 delegated administrators: %s", err) + } +} + func PreCheckOrganizationsAccount(ctx context.Context, t *testing.T) { _, err := tforganizations.FindOrganization(ctx, Provider.Meta().(*conns.AWSClient).OrganizationsConn(ctx)) diff --git a/internal/service/imagebuilder/image.go b/internal/service/imagebuilder/image.go index 18e1e7fbd8f..51a3d98b7e6 100644 --- a/internal/service/imagebuilder/image.go +++ b/internal/service/imagebuilder/image.go @@ -31,9 +31,11 @@ func ResourceImage() *schema.Resource { ReadWithoutTimeout: resourceImageRead, UpdateWithoutTimeout: resourceImageUpdate, DeleteWithoutTimeout: resourceImageDelete, + Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, + Timeouts: &schema.ResourceTimeout{ Create: schema.DefaultTimeout(60 * time.Minute), }, @@ -43,10 +45,6 @@ func ResourceImage() *schema.Resource { Type: schema.TypeString, Computed: true, }, - "date_created": { - Type: schema.TypeString, - Computed: true, - }, "container_recipe_arn": { Type: schema.TypeString, Optional: true, @@ -54,6 +52,10 @@ func ResourceImage() *schema.Resource { ValidateFunc: validation.StringMatch(regexache.MustCompile(`^arn:aws[^:]*:imagebuilder:[^:]+:(?:\d{12}|aws):container-recipe/[0-9a-z_-]+/\d+\.\d+\.\d+$`), "valid container recipe ARN must be provided"), ExactlyOneOf: []string{"container_recipe_arn", "image_recipe_arn"}, }, + "date_created": { + Type: schema.TypeString, + Computed: true, + }, "distribution_configuration_arn": { Type: schema.TypeString, Optional: true, @@ -73,6 +75,42 @@ func ResourceImage() *schema.Resource { ValidateFunc: validation.StringMatch(regexache.MustCompile(`^arn:aws[^:]*:imagebuilder:[^:]+:(?:\d{12}|aws):image-recipe/[0-9a-z_-]+/\d+\.\d+\.\d+$`), "valid image recipe ARN must be provided"), ExactlyOneOf: []string{"container_recipe_arn", "image_recipe_arn"}, }, + "image_scanning_configuration": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ecr_configuration": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "container_tags": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "repository_name": { + Type: schema.TypeString, + Optional: true, + }, + }, + }, + }, + "image_scanning_enabled": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, + }, + }, + }, "image_tests_configuration": { Type: schema.TypeList, Optional: true, @@ -202,6 +240,10 @@ func resourceImageCreate(ctx context.Context, d *schema.ResourceData, meta inter input.ImageRecipeArn = aws.String(v.(string)) } + if v, ok := d.GetOk("image_scanning_configuration"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil { + input.ImageScanningConfiguration = expandImageScanningConfiguration(v.([]interface{})[0].(map[string]interface{})) + } + if v, ok := d.GetOk("image_tests_configuration"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil { input.ImageTestsConfiguration = expandImageTestConfiguration(v.([]interface{})[0].(map[string]interface{})) } @@ -272,6 +314,12 @@ func resourceImageRead(ctx context.Context, d *schema.ResourceData, meta interfa d.Set("image_recipe_arn", image.ImageRecipe.Arn) } + if image.ImageScanningConfiguration != nil { + d.Set("image_scanning_configuration", []interface{}{flattenImageScanningConfiguration(image.ImageScanningConfiguration)}) + } else { + d.Set("image_scanning_configuration", nil) + } + if image.ImageTestsConfiguration != nil { d.Set("image_tests_configuration", []interface{}{flattenImageTestsConfiguration(image.ImageTestsConfiguration)}) } else { diff --git a/internal/service/imagebuilder/image_data_source.go b/internal/service/imagebuilder/image_data_source.go index e54fbfa494f..c9118fe1471 100644 --- a/internal/service/imagebuilder/image_data_source.go +++ b/internal/service/imagebuilder/image_data_source.go @@ -51,6 +51,37 @@ func DataSourceImage() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "image_scanning_configuration": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ecr_configuration": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "container_tags": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "repository_name": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "image_scanning_enabled": { + Type: schema.TypeBool, + Computed: true, + }, + }, + }, + }, "image_tests_configuration": { Type: schema.TypeList, Computed: true, @@ -193,6 +224,12 @@ func dataSourceImageRead(ctx context.Context, d *schema.ResourceData, meta inter d.Set("image_recipe_arn", image.ImageRecipe.Arn) } + if image.ImageScanningConfiguration != nil { + d.Set("image_scanning_configuration", []interface{}{flattenImageScanningConfiguration(image.ImageScanningConfiguration)}) + } else { + d.Set("image_scanning_configuration", nil) + } + if image.ImageTestsConfiguration != nil { d.Set("image_tests_configuration", []interface{}{flattenImageTestsConfiguration(image.ImageTestsConfiguration)}) } else { diff --git a/internal/service/imagebuilder/image_data_source_test.go b/internal/service/imagebuilder/image_data_source_test.go index f4c2136cf6b..bc2aa227058 100644 --- a/internal/service/imagebuilder/image_data_source_test.go +++ b/internal/service/imagebuilder/image_data_source_test.go @@ -33,6 +33,7 @@ func TestAccImageBuilderImageDataSource_ARN_aws(t *testing.T) { // nosemgrep:ci. resource.TestCheckNoResourceAttr(dataSourceName, "distribution_configuration_arn"), resource.TestCheckResourceAttr(dataSourceName, "enhanced_image_metadata_enabled", "false"), resource.TestCheckNoResourceAttr(dataSourceName, "image_recipe_arn"), + resource.TestCheckResourceAttr(dataSourceName, "image_scanning_configuration.#", "0"), resource.TestCheckResourceAttr(dataSourceName, "image_tests_configuration.#", "0"), resource.TestCheckNoResourceAttr(dataSourceName, "infrastructure_configuration_arn"), resource.TestCheckResourceAttr(dataSourceName, "name", "Amazon Linux 2 x86"), @@ -69,6 +70,7 @@ func TestAccImageBuilderImageDataSource_ARN_self(t *testing.T) { resource.TestCheckResourceAttrPair(dataSourceName, "distribution_configuration_arn", resourceName, "distribution_configuration_arn"), resource.TestCheckResourceAttrPair(dataSourceName, "enhanced_image_metadata_enabled", resourceName, "enhanced_image_metadata_enabled"), resource.TestCheckResourceAttrPair(dataSourceName, "image_recipe_arn", resourceName, "image_recipe_arn"), + resource.TestCheckResourceAttrPair(dataSourceName, "image_scanning_configuration.#", resourceName, "image_scanning_configuration.#"), resource.TestCheckResourceAttrPair(dataSourceName, "image_tests_configuration.#", resourceName, "image_tests_configuration.#"), resource.TestCheckResourceAttrPair(dataSourceName, "infrastructure_configuration_arn", resourceName, "infrastructure_configuration_arn"), resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), @@ -100,6 +102,7 @@ func TestAccImageBuilderImageDataSource_ARN_containerRecipe(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair(dataSourceName, "arn", resourceName, "arn"), resource.TestCheckResourceAttrPair(dataSourceName, "container_recipe_arn", resourceName, "container_recipe_arn"), + resource.TestCheckResourceAttrPair(dataSourceName, "image_scanning_configuration.#", resourceName, "image_scanning_configuration.#"), resource.TestCheckResourceAttrPair(dataSourceName, "output_resources.#", resourceName, "output_resources.#"), resource.TestCheckResourceAttrPair(dataSourceName, "output_resources.0.containers.#", resourceName, "output_resources.0.containers.#"), resource.TestCheckResourceAttrPair(dataSourceName, "output_resources.0.containers.0.image_uris.#", resourceName, "output_resources.0.containers.0.image_uris.#"), @@ -362,6 +365,15 @@ resource "aws_imagebuilder_infrastructure_configuration" "test" { resource "aws_imagebuilder_image" "test" { container_recipe_arn = aws_imagebuilder_container_recipe.test.arn infrastructure_configuration_arn = aws_imagebuilder_infrastructure_configuration.test.arn + + image_scanning_configuration { + image_scanning_enabled = true + + ecr_configuration { + repository_name = aws_ecr_repository.test.name + container_tags = ["foo", "bar"] + } + } } data "aws_imagebuilder_image" "test" { diff --git a/internal/service/imagebuilder/image_test.go b/internal/service/imagebuilder/image_test.go index f7e9404a079..3f3cfd7265f 100644 --- a/internal/service/imagebuilder/image_test.go +++ b/internal/service/imagebuilder/image_test.go @@ -18,6 +18,7 @@ import ( "github.com/hashicorp/terraform-provider-aws/internal/acctest" "github.com/hashicorp/terraform-provider-aws/internal/conns" tfimagebuilder "github.com/hashicorp/terraform-provider-aws/internal/service/imagebuilder" + "github.com/hashicorp/terraform-provider-aws/names" ) func TestAccImageBuilderImage_basic(t *testing.T) { @@ -266,6 +267,33 @@ func TestAccImageBuilderImage_containerRecipeARN(t *testing.T) { }) } +func TestAccImageBuilderImage_imageScanningConfiguration(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_imagebuilder_image.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) + acctest.PreCheckInspector2(ctx, t) + acctest.PreCheckOrganizationManagementAccount(ctx, t) + }, + ErrorCheck: acctest.ErrorCheck(t, imagebuilder.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckImageDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccImageConfig_imageScanningConfigurationEnabled(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckImageExists(ctx, resourceName), + resource.TestCheckResourceAttr(resourceName, "image_scanning_configuration.#", "1"), + ), + }, + }, + }) +} + func TestAccImageBuilderImage_outputResources_containers(t *testing.T) { ctx := acctest.Context(t) rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -562,7 +590,7 @@ resource "aws_imagebuilder_image" "test" { `, tagKey1, tagValue1, tagKey2, tagValue2)) } -func testAccImageConfig_containerRecipe(rName string) string { +func testAccImageConfig_containerRecipeBase(rName string) string { return fmt.Sprintf(` data "aws_region" "current" {} @@ -570,6 +598,10 @@ data "aws_partition" "current" {} resource "aws_vpc" "test" { cidr_block = "10.0.0.0/16" + + tags = { + Name = %[1]q + } } resource "aws_default_route_table" "test" { @@ -601,12 +633,20 @@ resource "aws_default_security_group" "test" { resource "aws_internet_gateway" "test" { vpc_id = aws_vpc.test.id + + tags = { + Name = %[1]q + } } resource "aws_subnet" "test" { cidr_block = cidrsubnet(aws_vpc.test.cidr_block, 8, 0) map_public_ip_on_launch = true vpc_id = aws_vpc.test.id + + tags = { + Name = %[1]q + } } resource "aws_iam_role" "test" { @@ -682,10 +722,45 @@ resource "aws_imagebuilder_infrastructure_configuration" "test" { depends_on = [aws_default_route_table.test] } + `, rName) +} +func testAccImageConfig_containerRecipe(rName string) string { + return acctest.ConfigCompose( + testAccImageConfig_containerRecipeBase(rName), + ` resource "aws_imagebuilder_image" "test" { container_recipe_arn = aws_imagebuilder_container_recipe.test.arn infrastructure_configuration_arn = aws_imagebuilder_infrastructure_configuration.test.arn } -`, rName) +`) +} + +func testAccImageConfig_imageScanningConfigurationEnabled(rName string) string { + return acctest.ConfigCompose( + testAccImageConfig_containerRecipeBase(rName), + ` +data "aws_caller_identity" "current" {} + +resource "aws_inspector2_enabler" "test" { + account_ids = [data.aws_caller_identity.current.account_id] + resource_types = ["ECR"] +} + +resource "aws_imagebuilder_image" "test" { + container_recipe_arn = aws_imagebuilder_container_recipe.test.arn + infrastructure_configuration_arn = aws_imagebuilder_infrastructure_configuration.test.arn + + image_scanning_configuration { + image_scanning_enabled = true + + ecr_configuration { + repository_name = aws_ecr_repository.test.name + container_tags = ["foo", "bar"] + } + } + + depends_on = [aws_inspector2_enabler.test] +} +`) } diff --git a/internal/service/inspector2/acc_test.go b/internal/service/inspector2/acc_test.go deleted file mode 100644 index 62ceafe4f96..00000000000 --- a/internal/service/inspector2/acc_test.go +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package inspector2_test - -import ( - "context" - "testing" - - "github.com/aws/aws-sdk-go-v2/service/inspector2" - "github.com/aws/aws-sdk-go-v2/service/inspector2/types" - "github.com/hashicorp/terraform-provider-aws/internal/acctest" - "github.com/hashicorp/terraform-provider-aws/internal/conns" - "github.com/hashicorp/terraform-provider-aws/internal/errs" -) - -func testAccPreCheck(ctx context.Context, t *testing.T) { - conn := acctest.Provider.Meta().(*conns.AWSClient).Inspector2Client(ctx) - - _, err := conn.ListDelegatedAdminAccounts(ctx, &inspector2.ListDelegatedAdminAccountsInput{}) - - if errs.IsA[*types.AccessDeniedException](err) { - t.Skipf("skipping acceptance testing: %s", err) - } - - if err != nil { - t.Fatalf("unexpected PreCheck error: %s", err) - } -} diff --git a/internal/service/inspector2/delegated_admin_account_test.go b/internal/service/inspector2/delegated_admin_account_test.go index adf3ad3dd03..9cfdb5f905b 100644 --- a/internal/service/inspector2/delegated_admin_account_test.go +++ b/internal/service/inspector2/delegated_admin_account_test.go @@ -28,7 +28,7 @@ func testAccDelegatedAdminAccount_basic(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -79,7 +79,7 @@ func testAccDelegatedAdminAccount_disappears(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), diff --git a/internal/service/inspector2/enabler_test.go b/internal/service/inspector2/enabler_test.go index db3898ab31d..e16da5d37e4 100644 --- a/internal/service/inspector2/enabler_test.go +++ b/internal/service/inspector2/enabler_test.go @@ -35,7 +35,7 @@ func testAccEnabler_basic(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -67,7 +67,7 @@ func testAccEnabler_accountID(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -100,7 +100,7 @@ func testAccEnabler_disappears(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -131,7 +131,7 @@ func testAccEnabler_updateResourceTypes(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -187,7 +187,7 @@ func testAccEnabler_updateResourceTypes_disjoint(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -230,7 +230,7 @@ func testAccEnabler_lambda(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -264,7 +264,7 @@ func testAccEnabler_memberAccount_basic(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) acctest.PreCheckAlternateAccount(t) }, @@ -299,7 +299,7 @@ func testAccEnabler_memberAccount_disappearsMemberAssociation(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) acctest.PreCheckAlternateAccount(t) }, @@ -331,7 +331,7 @@ func testAccEnabler_memberAccount_multiple(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) acctest.PreCheckAlternateAccount(t) acctest.PreCheckThirdAccount(t) @@ -371,7 +371,7 @@ func testAccEnabler_memberAccount_updateMemberAccounts(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) acctest.PreCheckAlternateAccount(t) acctest.PreCheckThirdAccount(t) @@ -439,7 +439,7 @@ func testAccEnabler_memberAccount_updateMemberAccountsAndScanTypes(t *testing.T) PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) acctest.PreCheckAlternateAccount(t) acctest.PreCheckThirdAccount(t) diff --git a/internal/service/inspector2/member_association_test.go b/internal/service/inspector2/member_association_test.go index 2908f133ac4..320d4b384fc 100644 --- a/internal/service/inspector2/member_association_test.go +++ b/internal/service/inspector2/member_association_test.go @@ -26,7 +26,7 @@ func testAccMemberAssociation_basic(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) acctest.PreCheckAlternateAccount(t) }, @@ -61,7 +61,7 @@ func testAccMemberAssociation_disappears(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) acctest.PreCheckAlternateAccount(t) }, diff --git a/internal/service/inspector2/organization_configuration_test.go b/internal/service/inspector2/organization_configuration_test.go index e9e9389771c..ce25b150978 100644 --- a/internal/service/inspector2/organization_configuration_test.go +++ b/internal/service/inspector2/organization_configuration_test.go @@ -30,7 +30,7 @@ func testAccOrganizationConfiguration_basic(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -57,7 +57,7 @@ func testAccOrganizationConfiguration_disappears(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -84,7 +84,7 @@ func testAccOrganizationConfiguration_ec2ECR(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), @@ -111,7 +111,7 @@ func testAccOrganizationConfiguration_lambda(t *testing.T) { PreCheck: func() { acctest.PreCheck(ctx, t) acctest.PreCheckPartitionHasService(t, names.Inspector2EndpointID) - testAccPreCheck(ctx, t) + acctest.PreCheckInspector2(ctx, t) acctest.PreCheckOrganizationManagementAccount(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.Inspector2EndpointID), diff --git a/website/docs/d/imagebuilder_image.html.markdown b/website/docs/d/imagebuilder_image.html.markdown index 0aa98afffe2..31ff08533fa 100644 --- a/website/docs/d/imagebuilder_image.html.markdown +++ b/website/docs/d/imagebuilder_image.html.markdown @@ -34,6 +34,11 @@ This data source exports the following attributes in addition to the arguments a * `distribution_configuration_arn` - ARN of the Image Builder Distribution Configuration. * `enhanced_image_metadata_enabled` - Whether additional information about the image being created is collected. * `image_recipe_arn` - ARN of the image recipe. +* `image_scanning_configuration` - List of an object with image scanning configuration fields. + * `image_scanning_enabled` - Indicates whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image. + * `ecr_configuration` - Configuration block with ECR configuration. + * `repository_name` - The name of the container repository that Amazon Inspector scans to identify findings for your container images. + * `container_tags` - Set of tags for Image Builder to apply to the output container image that that Amazon Inspector scans. * `image_tests_configuration` - List of an object with image tests configuration. * `image_tests_enabled` - Whether image tests are enabled. * `timeout_minutes` - Number of minutes before image tests time out. diff --git a/website/docs/r/imagebuilder_image.html.markdown b/website/docs/r/imagebuilder_image.html.markdown index 2f7be685e76..0314e4cc042 100644 --- a/website/docs/r/imagebuilder_image.html.markdown +++ b/website/docs/r/imagebuilder_image.html.markdown @@ -33,6 +33,7 @@ The following arguments are optional: * `enhanced_image_metadata_enabled` - (Optional) Whether additional information about the image being created is collected. Defaults to `true`. * `image_recipe_arn` - (Optional) Amazon Resource Name (ARN) of the image recipe. * `image_tests_configuration` - (Optional) Configuration block with image tests configuration. Detailed below. +* `image_scanning_configuration` - (Optional) Configuration block with image scanning configuration. Detailed below. * `tags` - (Optional) Key-value map of resource tags for the Image Builder Image. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level. ### image_tests_configuration @@ -42,6 +43,20 @@ The following arguments are optional: * `image_tests_enabled` - (Optional) Whether image tests are enabled. Defaults to `true`. * `timeout_minutes` - (Optional) Number of minutes before image tests time out. Valid values are between `60` and `1440`. Defaults to `720`. +### image_scanning_configuration + +The following arguments are optional: + +* `image_scanning_enabled` - (Optional) Indicates whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image. Defaults to `false`. +* `ecr_configuration` - (Optional) Configuration block with ECR configuration. Detailed below. + +### ecr_configuration + +The following arguments are optional: + +* `repository_name` - (Optional) The name of the container repository that Amazon Inspector scans to identify findings for your container images. +* `container_tags` - (Optional) Set of tags for Image Builder to apply to the output container image that that Amazon Inspector scans. + ## Attribute Reference This resource exports the following attributes in addition to the arguments above: