Merge pull request #229 from yossig-aquasec/drifting_fix_when_resourc…

…e_not_exist bug: Fixing drifting issue, when delete a resource outside the tf scope.
aquasecurity · Jan 22, 2023 · 784ae36 · 784ae36
2 parents ddfe052 + f0db185
commit 784ae36
Show file tree

Hide file tree

Showing 21 changed files with 782 additions and 642 deletions.
diff --git a/aquasec/resource_acknowledge.go b/aquasec/resource_acknowledge.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"github.com/aquasecurity/terraform-provider-aquasec/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"strings"
 	"time"
 )
 
@@ -226,15 +227,20 @@ func resourceAcknowledgeRead(d *schema.ResourceData, m interface{}) error {
 	}
 
 	currentAcknowledges, err := ac.AcknowledgeRead()
-	if err == nil {
-		updateIssuesFromReadList(&acknowledgePost, currentAcknowledges)
-	} else {
+
+	if err != nil {
+		if strings.Contains(fmt.Sprintf("%s", err), "404 Not Found") {
+			d.SetId("")
+			return nil
+		}
 		return err
 	}
 
-	err = d.Set("comment", acknowledgePost.Comment)
+	updateIssuesFromReadList(&acknowledgePost, currentAcknowledges)
+
+	d.Set("comment", acknowledgePost.Comment)
 	flattenIssues, id := flattenIssues(acknowledgePost.Issues)
-	err = d.Set("issues", flattenIssues)
+	d.Set("issues", flattenIssues)
 	d.SetId(id)
 
 	return nil

diff --git a/aquasec/resource_application_scope.go b/aquasec/resource_application_scope.go
@@ -2,9 +2,9 @@ package aquasec
 
 import (
 	"fmt"
-
 	"github.com/aquasecurity/terraform-provider-aquasec/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"strings"
 )
 
 func resourceApplicationScope() *schema.Resource {
@@ -42,6 +42,7 @@ func resourceApplicationScope() *schema.Resource {
 				Type:        schema.TypeSet,
 				Description: "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).",
 				Optional:    true,
+				Computed:    true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"artifacts": {
@@ -405,36 +406,39 @@ func resourceApplicationScopeRead(d *schema.ResourceData, m interface{}) error {
 	ac := m.(*client.Client)
 
 	iap, err := ac.GetApplicationScope(d.Id())
-	if err == nil {
-
-		err = d.Set("name", iap.Name)
-		if err != nil {
-			return err
-		}
-		err = d.Set("description", iap.Description)
-		if err != nil {
-			return err
-		}
-		err = d.Set("author", iap.Author)
-		if err != nil {
-			return err
-		}
-		err = d.Set("owner_email", iap.OwnerEmail)
-		if err != nil {
-			return err
+	if err != nil {
+		if strings.Contains(fmt.Sprintf("%s", err), "404 Not Found") {
+			d.SetId("")
+			return nil
 		}
+		return err
+	}
 
-		err = d.Set("categories", flattenCategories(iap.Categories))
+	err = d.Set("name", iap.Name)
+	if err != nil {
+		return err
+	}
+	err = d.Set("description", iap.Description)
+	if err != nil {
+		return err
+	}
+	err = d.Set("author", iap.Author)
+	if err != nil {
+		return err
+	}
+	err = d.Set("owner_email", iap.OwnerEmail)
+	if err != nil {
+		return err
+	}
 
-		if err != nil {
-			return err
-		}
+	err = d.Set("categories", flattenCategories(iap.Categories))
 
-		d.SetId(iap.Name)
-	} else {
+	if err != nil {
 		return err
 	}
 
+	d.SetId(iap.Name)
+
 	return nil
 }
 

diff --git a/aquasec/resource_aqua_labels.go b/aquasec/resource_aqua_labels.go
@@ -1,7 +1,9 @@
 package aquasec
 
 import (
+	"fmt"
 	"log"
+	"strings"
 
 	"github.com/aquasecurity/terraform-provider-aquasec/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -67,8 +69,13 @@ func resourceAquaLabelRead(d *schema.ResourceData, m interface{}) error {
 	r, err := c.GetAquaLabel(d.Id())
 
 	if err != nil {
+		if strings.Contains(fmt.Sprintf("%s", err), "404 Not Found") {
+			d.SetId("")
+			return nil
+		}
 		return err
 	}
+
 	d.Set("name", r.Name)
 	d.Set("description", r.Description)
 	d.Set("created", r.Created)

diff --git a/aquasec/resource_container_runtime_policy.go b/aquasec/resource_container_runtime_policy.go
@@ -2,6 +2,8 @@ package aquasec
 
 import (
 	"context"
+	"fmt"
+	"strings"
 
 	"github.com/aquasecurity/terraform-provider-aquasec/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -508,66 +510,71 @@ func resourceContainerRuntimePolicyCreate(ctx context.Context, d *schema.Resourc
 func resourceContainerRuntimePolicyRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	c := m.(*client.Client)
 	crp, err := c.GetRuntimePolicy(d.Id())
-	if err == nil {
-		d.Set("name", crp.Name)
-		d.Set("description", crp.Description)
-		d.Set("application_scopes", crp.ApplicationScopes)
-		d.Set("scope_expression", crp.Scope.Expression)
-		d.Set("scope_variables", flattenScopeVariables(crp.Scope.Variables))
-		d.Set("enabled", crp.Enabled)
-		d.Set("enforce", crp.Enforce)
-		d.Set("enforce_after_days", crp.EnforceAfterDays)
-		d.Set("author", crp.Author)
-		//controls
-		d.Set("block_container_exec", crp.ContainerExec.BlockContainerExec)
-		d.Set("container_exec_allowed_processes", crp.ContainerExec.ContainerExecProcWhiteList)
-		d.Set("block_cryptocurrency_mining", crp.EnableCryptoMiningDns)
-		d.Set("block_fileless_exec", crp.BlockFilelessExec)
-		d.Set("block_non_compliant_images", crp.BlockDisallowedImages)
-		d.Set("block_non_compliant_workloads", crp.BlockNonCompliantWorkloads)
-		d.Set("block_non_k8s_containers", crp.BlockNonK8sContainers)
-		d.Set("block_reverse_shell", crp.ReverseShell.BlockReverseShell)
-		d.Set("reverse_shell_allowed_processes", crp.ReverseShell.ReverseShellProcWhiteList)
-		d.Set("reverse_shell_allowed_ips", crp.ReverseShell.ReverseShellIpWhiteList)
-		d.Set("block_unregistered_images", crp.OnlyRegisteredImages)
-		d.Set("blocked_capabilities", crp.LinuxCapabilities.RemoveLinuxCapabilities)
-		d.Set("enable_ip_reputation_security", crp.EnableIPReputation)
-		d.Set("enable_drift_prevention", crp.DriftPrevention.Enabled && crp.DriftPrevention.ExecLockdown)
-		d.Set("exec_lockdown_white_list", crp.DriftPrevention.ExecLockdownWhiteList)
-		d.Set("allowed_executables", crp.AllowedExecutables.AllowExecutables)
-		d.Set("blocked_executables", crp.ExecutableBlacklist.Executables)
-		d.Set("blocked_files", crp.FileBlock.FilenameBlockList)
-		d.Set("file_integrity_monitoring", flattenFileIntegrityMonitoring(crp.FileIntegrityMonitoring))
-		d.Set("audit_all_processes_activity", crp.Auditing.AuditAllProcesses)
-		d.Set("audit_full_command_arguments", crp.Auditing.AuditProcessCmdline)
-		d.Set("audit_all_network_activity", crp.Auditing.AuditAllNetwork)
-		d.Set("enable_fork_guard", crp.EnableForkGuard)
-		d.Set("fork_guard_process_limit", crp.ForkGuardProcessLimit)
-		d.Set("block_access_host_network", crp.LimitContainerPrivileges.Netmode)
-		d.Set("block_adding_capabilities", crp.LimitContainerPrivileges.BlockAddCapabilities)
-		d.Set("block_root_user", crp.LimitContainerPrivileges.PreventRootUser)
-		d.Set("block_privileged_containers", crp.LimitContainerPrivileges.Privileged)
-		d.Set("block_use_ipc_namespace", crp.LimitContainerPrivileges.Ipcmode)
-		d.Set("block_use_pid_namespace", crp.LimitContainerPrivileges.Pidmode)
-		d.Set("block_use_user_namespace", crp.LimitContainerPrivileges.Usermode)
-		d.Set("block_use_uts_namespace", crp.LimitContainerPrivileges.Utsmode)
-		d.Set("block_low_port_binding", crp.LimitContainerPrivileges.PreventLowPortBinding)
-		d.Set("limit_new_privileges", crp.NoNewPrivileges)
-		d.Set("blocked_packages", crp.PackageBlock.PackagesBlackList)
-		d.Set("blocked_inbound_ports", crp.PortBlock.BlockInboundPorts)
-		d.Set("blocked_outbound_ports", crp.PortBlock.BlockOutboundPorts)
-		d.Set("enable_port_scan_detection", crp.EnablePortScanProtection)
-		d.Set("readonly_files_and_directories", crp.ReadonlyFiles.ReadonlyFiles)
-		d.Set("exceptional_readonly_files_and_directories", crp.ReadonlyFiles.ExceptionalReadonlyFiles)
-		d.Set("allowed_registries", crp.AllowedRegistries.AllowedRegistries)
-		d.Set("monitor_system_time_changes", crp.SystemIntegrityProtection.MonitorAuditLogIntegrity)
-		d.Set("blocked_volumes", crp.RestrictedVolumes.Volumes)
-		d.Set("malware_scan_options", flattenMalwareScanOptions(crp.MalwareScanOptions))
-		d.SetId(crp.Name)
-	} else {
+
+	if err != nil {
+		if strings.Contains(fmt.Sprintf("%s", err), "404 Not Found") {
+			d.SetId("")
+			return nil
+		}
 		return diag.FromErr(err)
 	}
 
+	d.Set("name", crp.Name)
+	d.Set("description", crp.Description)
+	d.Set("application_scopes", crp.ApplicationScopes)
+	d.Set("scope_expression", crp.Scope.Expression)
+	d.Set("scope_variables", flattenScopeVariables(crp.Scope.Variables))
+	d.Set("enabled", crp.Enabled)
+	d.Set("enforce", crp.Enforce)
+	d.Set("enforce_after_days", crp.EnforceAfterDays)
+	d.Set("author", crp.Author)
+	//controls
+	d.Set("block_container_exec", crp.ContainerExec.BlockContainerExec)
+	d.Set("container_exec_allowed_processes", crp.ContainerExec.ContainerExecProcWhiteList)
+	d.Set("block_cryptocurrency_mining", crp.EnableCryptoMiningDns)
+	d.Set("block_fileless_exec", crp.BlockFilelessExec)
+	d.Set("block_non_compliant_images", crp.BlockDisallowedImages)
+	d.Set("block_non_compliant_workloads", crp.BlockNonCompliantWorkloads)
+	d.Set("block_non_k8s_containers", crp.BlockNonK8sContainers)
+	d.Set("block_reverse_shell", crp.ReverseShell.BlockReverseShell)
+	d.Set("reverse_shell_allowed_processes", crp.ReverseShell.ReverseShellProcWhiteList)
+	d.Set("reverse_shell_allowed_ips", crp.ReverseShell.ReverseShellIpWhiteList)
+	d.Set("block_unregistered_images", crp.OnlyRegisteredImages)
+	d.Set("blocked_capabilities", crp.LinuxCapabilities.RemoveLinuxCapabilities)
+	d.Set("enable_ip_reputation_security", crp.EnableIPReputation)
+	d.Set("enable_drift_prevention", crp.DriftPrevention.Enabled && crp.DriftPrevention.ExecLockdown)
+	d.Set("exec_lockdown_white_list", crp.DriftPrevention.ExecLockdownWhiteList)
+	d.Set("allowed_executables", crp.AllowedExecutables.AllowExecutables)
+	d.Set("blocked_executables", crp.ExecutableBlacklist.Executables)
+	d.Set("blocked_files", crp.FileBlock.FilenameBlockList)
+	d.Set("file_integrity_monitoring", flattenFileIntegrityMonitoring(crp.FileIntegrityMonitoring))
+	d.Set("audit_all_processes_activity", crp.Auditing.AuditAllProcesses)
+	d.Set("audit_full_command_arguments", crp.Auditing.AuditProcessCmdline)
+	d.Set("audit_all_network_activity", crp.Auditing.AuditAllNetwork)
+	d.Set("enable_fork_guard", crp.EnableForkGuard)
+	d.Set("fork_guard_process_limit", crp.ForkGuardProcessLimit)
+	d.Set("block_access_host_network", crp.LimitContainerPrivileges.Netmode)
+	d.Set("block_adding_capabilities", crp.LimitContainerPrivileges.BlockAddCapabilities)
+	d.Set("block_root_user", crp.LimitContainerPrivileges.PreventRootUser)
+	d.Set("block_privileged_containers", crp.LimitContainerPrivileges.Privileged)
+	d.Set("block_use_ipc_namespace", crp.LimitContainerPrivileges.Ipcmode)
+	d.Set("block_use_pid_namespace", crp.LimitContainerPrivileges.Pidmode)
+	d.Set("block_use_user_namespace", crp.LimitContainerPrivileges.Usermode)
+	d.Set("block_use_uts_namespace", crp.LimitContainerPrivileges.Utsmode)
+	d.Set("block_low_port_binding", crp.LimitContainerPrivileges.PreventLowPortBinding)
+	d.Set("limit_new_privileges", crp.NoNewPrivileges)
+	d.Set("blocked_packages", crp.PackageBlock.PackagesBlackList)
+	d.Set("blocked_inbound_ports", crp.PortBlock.BlockInboundPorts)
+	d.Set("blocked_outbound_ports", crp.PortBlock.BlockOutboundPorts)
+	d.Set("enable_port_scan_detection", crp.EnablePortScanProtection)
+	d.Set("readonly_files_and_directories", crp.ReadonlyFiles.ReadonlyFiles)
+	d.Set("exceptional_readonly_files_and_directories", crp.ReadonlyFiles.ExceptionalReadonlyFiles)
+	d.Set("allowed_registries", crp.AllowedRegistries.AllowedRegistries)
+	d.Set("monitor_system_time_changes", crp.SystemIntegrityProtection.MonitorAuditLogIntegrity)
+	d.Set("blocked_volumes", crp.RestrictedVolumes.Volumes)
+	d.Set("malware_scan_options", flattenMalwareScanOptions(crp.MalwareScanOptions))
+	d.SetId(crp.Name)
+
 	return nil
 }