aquasecurity · BaruchBilanski · Jan 1, 2024 · Dec 10, 2023 · Dec 10, 2023 · Dec 11, 2023
diff --git a/aquasec/provider.go b/aquasec/provider.go
@@ -77,6 +77,7 @@ func Provider(v string) *schema.Provider {
 			"aquasec_function_runtime_policy":     resourceFunctionRuntimePolicy(),
 			"aquasec_host_runtime_policy":         resourceHostRuntimePolicy(),
 			"aquasec_host_assurance_policy":       resourceHostAssurancePolicy(),
+			"aquasec_vmware_assurance_policy":     resourceVMwareAssurancePolicy(),
 			"aquasec_image_assurance_policy":      resourceImageAssurancePolicy(),
 			"aquasec_kubernetes_assurance_policy": resourceKubernetesAssurancePolicy(),
 			"aquasec_function_assurance_policy":   resourceFunctionAssurancePolicy(),

diff --git a/aquasec/resource_function_assurance_policy.go b/aquasec/resource_function_assurance_policy.go
@@ -17,17 +17,18 @@ func resourceFunctionAssurancePolicy() *schema.Resource {
 			StateContext: schema.ImportStatePassthroughContext,
 		},
 		Schema: map[string]*schema.Schema{
-			/*
-				"assurance_type": {
-					Type:        schema.TypeString,
-					Description: "What type of assurance policy is described.",
-					Optional:    true,
-					Computed:    true,
-				},
-			*/
+
+			"assurance_type": {
+				Type:        schema.TypeString,
+				Description: "What type of assurance policy is described.",
+				Optional:    true,
+				Computed:    true,
+			},
+
 			"id": {
 				Type:     schema.TypeString,
 				Computed: true,
+				Optional: true,
 			},
 			"name": {
 				Type:     schema.TypeString,
@@ -38,6 +39,7 @@ func resourceFunctionAssurancePolicy() *schema.Resource {
 				Type:        schema.TypeString,
 				Description: "Name of user account that created the policy.",
 				Computed:    true,
+				Optional:    true,
 			},
 			"registry": {
 				Type:     schema.TypeString,
@@ -493,6 +495,7 @@ func resourceFunctionAssurancePolicy() *schema.Resource {
 			"ignore_recently_published_vln_period": {
 				Type:     schema.TypeInt,
 				Computed: true,
+				Optional: true,
 			},
 			"ignore_risk_resources_enabled": {
 				Type:        schema.TypeBool,
@@ -623,8 +626,198 @@ func resourceFunctionAssurancePolicy() *schema.Resource {
 			},
 			"maximum_score_exclude_no_fix": {
 				Type:        schema.TypeBool,
-				Description: "Indicates that policy should ignore cases that do not have a known fix.",
+				Description: "",
+				Optional:    true,
+			},
+			//JSON
+			"lastupdate": {
+				Type:        schema.TypeString,
+				Description: "",
+				Optional:    true,
+				Computed:    true,
+			}, // String
+			"custom_severity": {
+				Type:        schema.TypeString,
+				Description: "",
+				Optional:    true,
+				Computed:    true,
+			}, // string
+			"vulnerability_exploitability": {
+				Type:        schema.TypeBool,
+				Description: "",
+				Optional:    true,
+			}, //bool
+			"disallow_exploit_types": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			}, // list
+			"ignore_base_image_vln": {
+				Type:        schema.TypeBool,
+				Description: "",
+				Optional:    true,
+			}, //bool
+			"ignored_sensitive_resources": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"permission": {
+				Type:        schema.TypeString,
+				Description: "",
+				Optional:    true,
+				Computed:    true,
+			}, // string
+			"scan_malware_in_archives": {
+				Type:        schema.TypeBool,
+				Description: "",
+				Optional:    true,
+			}, //bool
+			"kubernetes_controls": {
+				Type:        schema.TypeList,
+				Description: "List of Kubernetes controls.",
+				Optional:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"script_id": {
+							Type:        schema.TypeInt,
+							Description: "",
+							Optional:    true,
+						},
+						"name": {
+							Type:        schema.TypeString,
+							Description: "",
+							Optional:    true,
+						},
+						"description": {
+							Type:        schema.TypeString,
+							Description: "",
+							Optional:    true,
+						},
+						"enabled": {
+							Type:        schema.TypeBool,
+							Description: "",
+							Optional:    true,
+						},
+						"severity": {
+							Type:        schema.TypeString,
+							Description: "",
+							Optional:    true,
+						},
+						"kind": {
+							Type:        schema.TypeString,
+							Description: "",
+							Optional:    true,
+						},
+						"ootb": {
+							Type:        schema.TypeBool,
+							Description: "",
+							Optional:    true,
+						},
+						"avd_id": {
+							Type:        schema.TypeString,
+							Description: "",
+							Optional:    true,
+						},
+					},
+				},
+			},
+			"kubernetes_controls_names": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"scan_windows_registry": {
+				Type:        schema.TypeBool,
+				Description: "",
+				Optional:    true,
+			}, //bool
+			"scan_process_memory": {
+				Type:        schema.TypeBool,
+				Description: "",
+				Optional:    true,
+			}, //bool
+			"policy_settings": {
+				Type:        schema.TypeList,
+				MaxItems:    1,
+				Description: "",
 				Optional:    true,
+				Computed:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"enforce": {
+							Type:        schema.TypeBool,
+							Description: "",
+							Optional:    true,
+							Default:     false,
+						},
+						"warn": {
+							Type:        schema.TypeBool,
+							Description: "",
+							Optional:    true,
+							Default:     false,
+						},
+						"warning_message": {
+							Type:        schema.TypeString,
+							Description: "",
+							Optional:    true,
+							Default:     "",
+						},
+						"is_audit_checked": {
+							Type:        schema.TypeBool,
+							Description: "",
+							Optional:    true,
+							Default:     false,
+						},
+					},
+				},
+			}, // list
+			"exclude_application_scopes": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"linux_cis_enabled": {
+				Type:        schema.TypeBool,
+				Description: "",
+				Optional:    true,
+			}, //bool
+			"openshift_hardening_enabled": {
+				Type:        schema.TypeBool,
+				Description: "",
+				Optional:    true,
+			}, //bool
+			"kubernetes_controls_avd_ids": {
+				Type:        schema.TypeList,
+				Description: "",
+				Optional:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			}, // list
+			"vulnerability_score_range": {
+				Type:        schema.TypeList,
+				Description: "",
+				Optional:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeInt,
+				},
+			}, // list
+			"aggregated_vulnerability": {
+				Type:        schema.TypeMap,
+				Description: "Aggregated vulnerability information.",
+				Optional:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
 			},
 		},
 	}
@@ -650,13 +843,98 @@ func resourceFunctionAssurancePolicyUpdate(d *schema.ResourceData, m interface{}
 	ac := m.(*client.Client)
 	assurance_type := "function"
 
-	if d.HasChanges("description", "registry", "cvss_severity_enabled", "cvss_severity", "cvss_severity_exclude_no_fix", "custom_severity_enabled", "maximum_score_enabled", "maximum_score", "control_exclude_no_fix", "custom_checks_enabled",
-		"scap_enabled", "cves_black_list_enabled", "packages_black_list_enabled", "packages_white_list_enabled", "only_none_root_users", "trusted_base_images_enabled", "scan_sensitive_data", "audit_on_failure", "fail_cicd", "block_failed",
-		"disallow_malware", "monitored_malware_paths", "exceptional_monitored_malware_paths", "blacklisted_licenses_enabled", "blacklisted_licenses", "whitelisted_licenses_enabled", "whitelisted_licenses", "custom_checks", "scap_files", "scope",
-		"registries", "labels", "images", "cves_black_list", "packages_black_list", "packages_white_list", "allowed_images", "trusted_base_images", "read_only", "force_microenforcer", "docker_cis_enabled", "kube_cis_enabled", "enforce_excessive_permissions",
-		"function_integrity_enabled", "dta_enabled", "cves_white_list", "cves_white_list_enabled", "blacklist_permissions_enabled", "blacklist_permissions", "enabled", "enforce", "enforce_after_days", "ignore_recently_published_vln", "ignore_recently_published_vln_period",
-		"ignore_risk_resources_enabled", "ignored_risk_resources", "application_scopes", "auto_scan_enabled", "auto_scan_configured", "auto_scan_time", "required_labels_enabled", "required_labels", "forbidden_labels_enabled", "forbidden_labels", "domain_name",
-		"domain", "description", "dta_severity", "scan_nfs_mounts", "malware_action", "partial_results_image_fail", "maximum_score_exclude_no_fix") {
+	if d.HasChanges("description",
+		"registry",
+		"cvss_severity_enabled",
+		"cvss_severity",
+		"cvss_severity_exclude_no_fix",
+		"custom_severity_enabled",
+		"maximum_score_enabled",
+		"maximum_score",
+		"control_exclude_no_fix",
+		"custom_checks_enabled",
+		"scap_enabled",
+		"cves_black_list_enabled",
+		"packages_black_list_enabled",
+		"packages_white_list_enabled",
+		"only_none_root_users",
+		"trusted_base_images_enabled",
+		"scan_sensitive_data",
+		"audit_on_failure",
+		"fail_cicd",
+		"block_failed",
+		"disallow_malware",
+		"monitored_malware_paths",
+		"exceptional_monitored_malware_paths",
+		"blacklisted_licenses_enabled",
+		"blacklisted_licenses",
+		"whitelisted_licenses_enabled",
+		"whitelisted_licenses",
+		"custom_checks",
+		"scap_files",
+		"scope",
+		"registries",
+		"labels",
+		"images",
+		"cves_black_list",
+		"packages_black_list",
+		"packages_white_list",
+		"allowed_images",
+		"trusted_base_images",
+		"read_only",
+		"force_microenforcer",
+		"docker_cis_enabled",
+		"kube_cis_enabled",
+		"enforce_excessive_permissions",
+		"function_integrity_enabled",
+		"dta_enabled",
+		"cves_white_list",
+		"cves_white_list_enabled",
+		"blacklist_permissions_enabled",
+		"blacklist_permissions",
+		"enabled",
+		"enforce",
+		"enforce_after_days",
+		"ignore_recently_published_vln",
+		"ignore_recently_published_vln_period",
+		"ignore_risk_resources_enabled",
+		"ignored_risk_resources",
+		"application_scopes",
+		"auto_scan_enabled",
+		"auto_scan_configured",
+		"auto_scan_time",
+		"required_labels_enabled",
+		"required_labels",
+		"forbidden_labels_enabled",
+		"forbidden_labels",
+		"domain_name",
+		"domain",
+		"description",
+		"dta_severity",
+		"scan_nfs_mounts",
+		"malware_action",
+		"partial_results_image_fail",
+		"maximum_score_exclude_no_fix",
+		//JSOT
+		//"author",
+		"lastupdate",
+		"custom_severity",
+		"vulnerability_exploitability",
+		"disallow_exploit_types",
+		"ignore_base_image_vln",
+		"ignored_sensitive_resources",
+		"permission",
+		"scan_malware_in_archives",
+		"kubernetes_controls",
+		"kubernetes_controls_names",
+		"scan_windows_registry",
+		"scan_process_memory",
+		"policy_settings",
+		"exclude_application_scopes",
+		"linux_cis_enabled",
+		"openshift_hardening_enabled",
+		"kubernetes_controls_avd_ids",
+	) {
 		iap := expandAssurancePolicy(d, assurance_type)
 		err := ac.UpdateAssurancePolicy(iap, assurance_type)
 		if err == nil {
@@ -687,10 +965,10 @@ func resourceFunctionAssurancePolicyRead(d *schema.ResourceData, m interface{})
 		return err
 	}
 
-	//d.Set("assurance_type", iap.AssuranceType)
+	d.Set("assurance_type", iap.AssuranceType)
 	d.Set("name", iap.Name)
 	d.Set("description", iap.Description)
-	d.Set("author", iap.Author)
+	//d.Set("author", iap.Author)
 	d.Set("application_scopes", iap.ApplicationScopes)
 	d.Set("registry", iap.Registry)
 	d.Set("cvss_severity_enabled", iap.CvssSeverityEnabled)
@@ -762,6 +1040,24 @@ func resourceFunctionAssurancePolicyRead(d *schema.ResourceData, m interface{})
 	d.Set("malware_action", iap.MalwareAction)
 	d.Set("partial_results_image_fail", iap.PartialResultsImageFail)
 	d.Set("maximum_score_exclude_no_fix", iap.MaximumScoreExcludeNoFix)
+	//JSON
+	//d.Set("lastupdate", iap.Lastupdate)
+	d.Set("custom_severity", iap.CustomSeverity)
+	d.Set("vulnerability_exploitability", iap.VulnerabilityExploitability)
+	d.Set("disallow_exploit_types", iap.DisallowExploitTypes)
+	d.Set("ignore_base_image_vln", iap.IgnoreBaseImageVln)
+	d.Set("ignored_sensitive_resources", iap.IgnoredSensitiveResources)
+	d.Set("permission", iap.Permission)
+	d.Set("scan_malware_in_archives", iap.ScanMalwareInArchives)
+	d.Set("kubernetes_controls", flattenKubernetesControls(iap.KubernetesControls))
+	d.Set("kubernetes_controls_names", iap.KubernetesControlsNames)
+	d.Set("scan_windows_registry", iap.ScanWindowsRegistry)
+	d.Set("scan_process_memory", iap.ScanProcessMemory)
+	d.Set("policy_settings", flattenPolicySettings(iap.PolicySettings))
+	d.Set("exclude_application_scopes", iap.ExcludeApplicationScopes)
+	d.Set("linux_cis_enabled", iap.LinuxCisEnabled)
+	d.Set("openshift_hardening_enabled", iap.OpenshiftHardeningEnabled)
+	d.Set("kubernetes_controls_avd_ids", iap.KubernetesControlsAvdIds)
 
 	return nil
 }