From 46986c28e251febfe53517bb87cfb09cd1aa87bc Mon Sep 17 00:00:00 2001 From: Boris Bakshiyev Date: Wed, 29 Jun 2022 11:49:49 +0300 Subject: [PATCH] Adding new posture check action- Warning --- docs/data-sources/posture_check.md | 5 +++-- docs/resources/posture_check.md | 5 +++-- internal/provider/acc_tests/posture_check_test.go | 14 +++++++------- internal/provider/posture_check/common.go | 10 ++++++---- internal/provider/posture_check/resource.go | 5 +++-- 5 files changed, 22 insertions(+), 17 deletions(-) diff --git a/docs/data-sources/posture_check.md b/docs/data-sources/posture_check.md index a4abbad0..827cd018 100644 --- a/docs/data-sources/posture_check.md +++ b/docs/data-sources/posture_check.md @@ -39,9 +39,10 @@ output "check" { ### Read-Only -- **action** (String) Action to take in case a posture check fails. ENUM: `DISCONNECT`, `NONE`: +- **action** (String) Action to take in case a posture check fails. ENUM: `DISCONNECT`, `NONE`, `WARNING`: - **Disconnect** - disconnect device from Proofpoint NaaS. - - **None** - do nothing, useful during the discovery phase. + - **None** - do nothing, useful during the discovery phase. + - **Warning** - pop up a warning message, useful during the discovery phase. - **apply_to_entities** (List of String) Entities (users, groups or network elements) to be applied in the posture check. - **apply_to_org** (Boolean) Whether to apply to all devices on the organization. Note: this attribute overrides `apply_to_entities` - **check** (List of Object) Predefined checks. cannot be set with `osquery`. (see [below for nested schema](#nestedatt--check)) diff --git a/docs/resources/posture_check.md b/docs/resources/posture_check.md index bb874f85..937d4437 100644 --- a/docs/resources/posture_check.md +++ b/docs/resources/posture_check.md @@ -71,9 +71,10 @@ resource "pfptmeta_posture_check" "min_client_version" { ### Optional -- **action** (String) Action to take in case a posture check fails. ENUM: `DISCONNECT`, `NONE`: +- **action** (String) Action to take in case a posture check fails. ENUM: `DISCONNECT`, `NONE`, `WARNING`: - **Disconnect** - disconnect device from Proofpoint NaaS. - - **None** - do nothing, useful during the discovery phase. + - **None** - do nothing, useful during the discovery phase. + - **Warning** - pop up a warning message, useful during the discovery phase. - **apply_to_entities** (List of String) Entities (users, groups or network elements) to be applied in the posture check. - **apply_to_org** (Boolean) Whether to apply to all devices on the organization. Note: this attribute overrides `apply_to_entities` - **check** (Block List, Max: 1) Predefined checks. cannot be set with `osquery`. (see [below for nested schema](#nestedblock--check)) diff --git a/internal/provider/acc_tests/posture_check_test.go b/internal/provider/acc_tests/posture_check_test.go index 6248d337..939ac780 100644 --- a/internal/provider/acc_tests/posture_check_test.go +++ b/internal/provider/acc_tests/posture_check_test.go @@ -1,9 +1,10 @@ package acc_tests import ( - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "regexp" "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) const ( @@ -22,8 +23,8 @@ resource "pfptmeta_posture_check" "check" { osquery = "select * from processes where name='falcon-sensor' and state='S';" platform = "Linux" enabled = true - action = "NONE" - when = ["PERIODIC", "PRE_CONNECT"] + action = "WARNING" + when = ["PERIODIC"] interval = 60 user_message_on_fail = "check failed" } @@ -43,6 +44,7 @@ resource "pfptmeta_posture_check" "check" { user_message_on_fail = "check failed1" } ` + dataSourcePostureCheck = ` data "pfptmeta_posture_check" "check" { id = pfptmeta_posture_check.check.id @@ -66,9 +68,8 @@ func TestAccResourcePostureCheck(t *testing.T) { resource.TestCheckResourceAttr("pfptmeta_posture_check.check", "osquery", "select * from processes where name='falcon-sensor' and state='S';"), resource.TestCheckResourceAttr("pfptmeta_posture_check.check", "platform", "Linux"), resource.TestCheckResourceAttr("pfptmeta_posture_check.check", "enabled", "true"), - resource.TestCheckResourceAttr("pfptmeta_posture_check.check", "action", "NONE"), + resource.TestCheckResourceAttr("pfptmeta_posture_check.check", "action", "WARNING"), resource.TestCheckResourceAttr("pfptmeta_posture_check.check", "when.0", "PERIODIC"), - resource.TestCheckResourceAttr("pfptmeta_posture_check.check", "when.1", "PRE_CONNECT"), resource.TestCheckResourceAttr("pfptmeta_posture_check.check", "interval", "60"), resource.TestCheckResourceAttr("pfptmeta_posture_check.check", "user_message_on_fail", "check failed"), ), @@ -107,9 +108,8 @@ func TestAccDataSourcePostureCheck(t *testing.T) { resource.TestCheckResourceAttr("data.pfptmeta_posture_check.check", "osquery", "select * from processes where name='falcon-sensor' and state='S';"), resource.TestCheckResourceAttr("data.pfptmeta_posture_check.check", "platform", "Linux"), resource.TestCheckResourceAttr("data.pfptmeta_posture_check.check", "enabled", "true"), - resource.TestCheckResourceAttr("data.pfptmeta_posture_check.check", "action", "NONE"), + resource.TestCheckResourceAttr("data.pfptmeta_posture_check.check", "action", "WARNING"), resource.TestCheckResourceAttr("data.pfptmeta_posture_check.check", "when.0", "PERIODIC"), - resource.TestCheckResourceAttr("data.pfptmeta_posture_check.check", "when.1", "PRE_CONNECT"), resource.TestCheckResourceAttr("data.pfptmeta_posture_check.check", "interval", "60"), resource.TestCheckResourceAttr("data.pfptmeta_posture_check.check", "user_message_on_fail", "check failed"), ), diff --git a/internal/provider/posture_check/common.go b/internal/provider/posture_check/common.go index 69da510d..e969b55a 100644 --- a/internal/provider/posture_check/common.go +++ b/internal/provider/posture_check/common.go @@ -2,11 +2,12 @@ package posture_check import ( "context" + "log" + "net/http" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/nsofnetworks/terraform-provider-pfptmeta/internal/client" - "log" - "net/http" ) const ( @@ -17,9 +18,10 @@ The posture checks can be based on SQL query strings. The queries use the osquer Posture checks can be viewed and filtered by failure via security logs see [here](https://help.metanetworks.com/knowledgebase/posture_checks) for more details. ` enabledDesc = "Defaults to true" - actionDesc = "Action to take in case a posture check fails. ENUM: `DISCONNECT`, `NONE`:\n" + + actionDesc = "Action to take in case a posture check fails. ENUM: `DISCONNECT`, `NONE`, `WARNING`:\n" + " - **Disconnect** - disconnect device from Proofpoint NaaS.\n" + - " - **None** - do nothing, useful during the discovery phase." + " - **None** - do nothing, useful during the discovery phase. \n" + + " - **Warning** - pop up a warning message, useful during the discovery phase." checkDesc = "Predefined checks. cannot be set with `osquery`." minVersionDesc = "Minimum version required by the check. Required when `type` is `minimum_app_version` or `minimum_os_version`, format: major.minor.patch." typeDesc = "ENUM: `jailbroken_rooted`, `screen_lock_enabled`, `minimum_app_version`, `minimum_os_version`, `malicious_app_detection`, `developer_mode_enabled`." diff --git a/internal/provider/posture_check/resource.go b/internal/provider/posture_check/resource.go index 88e16a45..cecd644d 100644 --- a/internal/provider/posture_check/resource.go +++ b/internal/provider/posture_check/resource.go @@ -1,9 +1,10 @@ package posture_check import ( + "regexp" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/nsofnetworks/terraform-provider-pfptmeta/internal/provider/common" - "regexp" ) func Resource() *schema.Resource { @@ -42,7 +43,7 @@ func Resource() *schema.Resource { Description: actionDesc, Type: schema.TypeString, Optional: true, - ValidateDiagFunc: common.ValidateStringENUM("DISCONNECT", "NONE"), + ValidateDiagFunc: common.ValidateStringENUM("DISCONNECT", "NONE", "WARNING"), Default: "DISCONNECT", }, "check": {