diff --git a/cyral/internal/repository/confanalysis/constants.go b/cyral/internal/repository/confanalysis/constants.go new file mode 100644 index 00000000..5cb9c494 --- /dev/null +++ b/cyral/internal/repository/confanalysis/constants.go @@ -0,0 +1,5 @@ +package confanalysis + +const ( + resourceName = "cyral_repository_conf_analysis" +) diff --git a/cyral/internal/repository/confanalysis/model.go b/cyral/internal/repository/confanalysis/model.go new file mode 100644 index 00000000..386d3eaa --- /dev/null +++ b/cyral/internal/repository/confanalysis/model.go @@ -0,0 +1,89 @@ +package confanalysis + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +// TODO: v2 of this API should either return the repository ID +// or something else as an ID. Currently it accepts a `UserConfig` +// for the PUT payload, but returns a `RepositoryConfAnalysisData`. +// This makes the whole API confusing. + +type RepositoryConfAnalysisData struct { + UserConfig UserConfig `json:"userConfig"` +} + +type UserConfig struct { + AlertOnViolation bool `json:"alertOnViolation"` + BlockOnViolation bool `json:"blockOnViolation"` + CommentAnnotationGroups []string `json:"commentAnnotationGroups,omitempty"` + DisableFilterAnalysis bool `json:"disableFilterAnalysis"` + DisablePreConfiguredAlerts bool `json:"disablePreConfiguredAlerts"` + EnableDataMasking bool `json:"enableDataMasking"` + LogGroups []string `json:"logGroups,omitempty"` + Redact string `json:"redact"` + EnableDatasetRewrites bool `json:"enableDatasetRewrites"` +} + +func (r *RepositoryConfAnalysisData) WriteToSchema(d *schema.ResourceData) error { + d.SetId(d.Get("repository_id").(string)) + return r.UserConfig.WriteToSchema(d) +} + +func (r *UserConfig) WriteToSchema(d *schema.ResourceData) error { + logGroups := make([]interface{}, len(r.LogGroups)) + for index, logGroupItem := range r.LogGroups { + logGroups[index] = logGroupItem + } + logGroupsSet := schema.NewSet(schema.HashString, logGroups) + + annotationGroups := make([]interface{}, len(r.CommentAnnotationGroups)) + for index, annotationGroupItem := range r.CommentAnnotationGroups { + annotationGroups[index] = annotationGroupItem + } + annotationGroupsSet := schema.NewSet(schema.HashString, annotationGroups) + + d.Set("alert_on_violation", r.AlertOnViolation) + d.Set("block_on_violation", r.BlockOnViolation) + d.Set("comment_annotation_groups", annotationGroupsSet) + d.Set("disable_filter_analysis", r.DisableFilterAnalysis) + d.Set("disable_pre_configured_alerts", r.DisablePreConfiguredAlerts) + d.Set("enable_data_masking", r.EnableDataMasking) + d.Set("log_groups", logGroupsSet) + d.Set("redact", r.Redact) + d.Set("enable_dataset_rewrites", r.EnableDatasetRewrites) + + return nil +} + +func (r *RepositoryConfAnalysisData) ReadFromSchema(d *schema.ResourceData) error { + return r.UserConfig.ReadFromSchema(d) +} + +func (r *UserConfig) ReadFromSchema(d *schema.ResourceData) error { + var logGroups []string + if logGroupsSet, ok := d.GetOk("log_groups"); ok { + for _, logGroupItem := range logGroupsSet.(*schema.Set).List() { + logGroups = append(logGroups, logGroupItem.(string)) + } + } + + var annotationGroups []string + if annotationGroupsSet, ok := d.GetOk("comment_annotation_groups"); ok { + for _, annotationGroupItem := range annotationGroupsSet.(*schema.Set).List() { + annotationGroups = append(annotationGroups, annotationGroupItem.(string)) + } + } + + r.AlertOnViolation = d.Get("alert_on_violation").(bool) + r.BlockOnViolation = d.Get("block_on_violation").(bool) + r.DisableFilterAnalysis = d.Get("disable_filter_analysis").(bool) + r.DisablePreConfiguredAlerts = d.Get("disable_pre_configured_alerts").(bool) + r.EnableDataMasking = d.Get("enable_data_masking").(bool) + r.CommentAnnotationGroups = annotationGroups + r.LogGroups = logGroups + r.Redact = d.Get("redact").(string) + r.EnableDatasetRewrites = d.Get("enable_dataset_rewrites").(bool) + + return nil +} diff --git a/cyral/internal/repository/confanalysis/resource.go b/cyral/internal/repository/confanalysis/resource.go new file mode 100644 index 00000000..e52fc59e --- /dev/null +++ b/cyral/internal/repository/confanalysis/resource.go @@ -0,0 +1,193 @@ +package confanalysis + +import ( + "context" + "fmt" + "net/http" + + "github.com/cyralinc/terraform-provider-cyral/cyral/client" + "github.com/cyralinc/terraform-provider-cyral/cyral/core" + "github.com/cyralinc/terraform-provider-cyral/cyral/core/types/operationtype" + "github.com/cyralinc/terraform-provider-cyral/cyral/core/types/resourcetype" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +var urlFactory = func(d *schema.ResourceData, c *client.Client) string { + return fmt.Sprintf("https://%s/v1/repos/%s/conf/analysis", + c.ControlPlane, + d.Get("repository_id"), + ) +} + +var resourceContextHandler = core.DefaultContextHandler{ + ResourceName: resourceName, + ResourceType: resourcetype.Resource, + SchemaReaderFactory: func() core.SchemaReader { return &UserConfig{} }, + SchemaWriterFactoryGetMethod: func(_ *schema.ResourceData) core.SchemaWriter { return &RepositoryConfAnalysisData{} }, + BaseURLFactory: urlFactory, + IdBasedURLFactory: urlFactory, +} + +func resourceSchema() *schema.Resource { + return &schema.Resource{ + Description: "Manages Repository Analysis Configuration. This resource allows configuring both " + + "[Log Settings](https://cyral.com/docs/manage-repositories/repo-log-volume) " + + "and [Advanced settings](https://cyral.com/docs/manage-repositories/repo-advanced-settings) " + + "(Logs, Alerts, Analysis and Enforcement) configurations for Data Repositories.", + CreateContext: core.CreateResource( + core.ResourceOperationConfig{ + ResourceName: resourceName, + Type: operationtype.Create, + HttpMethod: http.MethodPut, + URLFactory: urlFactory, + SchemaReaderFactory: func() core.SchemaReader { return &UserConfig{} }, + SchemaWriterFactory: func(_ *schema.ResourceData) core.SchemaWriter { return &RepositoryConfAnalysisData{} }, + }, + core.ResourceOperationConfig{ + ResourceName: resourceName, + Type: operationtype.Read, + HttpMethod: http.MethodGet, + URLFactory: urlFactory, + SchemaWriterFactory: func(_ *schema.ResourceData) core.SchemaWriter { return &RepositoryConfAnalysisData{} }, + RequestErrorHandler: &core.ReadIgnoreHttpNotFound{}, + }, + ), + ReadContext: resourceContextHandler.ReadContext(), + UpdateContext: resourceContextHandler.UpdateContext(), + DeleteContext: resourceContextHandler.DeleteContext(), + + SchemaVersion: 1, + StateUpgraders: []schema.StateUpgrader{ + { + Version: 0, + Type: repositoryConfAnalysisResourceSchemaV0(). + CoreConfigSchema().ImpliedType(), + Upgrade: UpgradeRepositoryConfAnalysisV0, + }, + }, + + Schema: repositoryConfAnalysisResourceSchemaV0().Schema, + + Importer: &schema.ResourceImporter{ + StateContext: func( + ctx context.Context, + d *schema.ResourceData, + m interface{}, + ) ([]*schema.ResourceData, error) { + d.Set("repository_id", d.Id()) + return []*schema.ResourceData{d}, nil + }, + }, + } +} + +func repositoryConfAnalysisResourceSchemaV0() *schema.Resource { + return &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Description: "ID of this resource in Cyral environment", + Type: schema.TypeString, + Computed: true, + }, + "repository_id": { + Description: "The ID of an existing data repository resource that will be configured.", + Type: schema.TypeString, + Required: true, + }, + "redact": { + Description: "Valid values are: `all`, `none` and `watched`. If set to `all` it will enable the redact of all literal values, `none` will disable it, and `watched` will only redact values from tracked fields set in the Datamap.", + Type: schema.TypeString, + Optional: true, + Default: "all", + ValidateFunc: client.ValidateRepositoryConfAnalysisRedact(), + }, + "alert_on_violation": { + Description: "If set to `true` it will enable alert on policy violations.", + Type: schema.TypeBool, + Optional: true, + Default: true, + }, + "disable_pre_configured_alerts": { + Description: "If set to `true` it will *disable* preconfigured alerts.", + Type: schema.TypeBool, + Optional: true, + }, + "enable_data_masking": { + Description: "If set to `true` it will allow policies to force the masking " + + " of specified data fields in the results of queries. " + + "[Learn more](https://cyral.com/docs/using-cyral/masking/).", + Type: schema.TypeBool, + Optional: true, + }, + "block_on_violation": { + Description: "If set to `true` it will enable query blocking in case of a " + + "policy violation.", + Type: schema.TypeBool, + Optional: true, + }, + "disable_filter_analysis": { + Description: "If set to `true` it will *disable* filter analysis.", + Type: schema.TypeBool, + Optional: true, + }, + "enable_dataset_rewrites": { + Description: "If set to `true` it will enable rewriting queries.", + Type: schema.TypeBool, + Optional: true, + }, + "comment_annotation_groups": { + Description: "Valid values are: `identity`, `client`, `repo`, `sidecar`. The " + + "default behavior is to set only the `identity` when this option is " + + "enabled, but you can also opt to add the contents of `client`, `repo`, " + + " `sidecar` logging blocks as query comments. " + + " [Learn more](https://support.cyral.com/support/solutions/articles/44002218978).", + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: client.ValidateRepositoryConfAnalysisCommentAnnotationGroups(), + }, + }, + "log_groups": { + Description: "Responsible for configuring the Log Settings. Valid values are documented below. The `log_groups` list support the following values: " + + "\n - `everything` - Enables all the Log Settings." + + "\n - `dql` - Enables the `DQLs` setting for `all requests`." + + "\n - `dml` - Enables the `DMLs` setting for `all requests`." + + "\n - `ddl` - Enables the `DDLs` setting for `all requests`." + + "\n - `sensitive & dql` - Enables the `DQLs` setting for `logged fields`." + + "\n - `sensitive & dml` - Enables the `DMLs` setting for `logged fields`." + + "\n - `sensitive & ddl` - Enables the `DDLs` setting for `logged fields`." + + "\n - `privileged` - Enables the `Privileged commands` setting." + + "\n - `port-scan` - Enables the `Port scans` setting." + + "\n - `auth-failure` - Enables the `Authentication failures` setting." + + "\n - `full-table-scan` - Enables the `Full scans` setting." + + "\n - `violations` - Enables the `Policy violations` setting." + + "\n - `connections` - Enables the `Connection activity` setting." + + "\n - `sensitive` - Log all queries manipulating sensitive fields (watches)" + + "\n - `data-classification` - Log all queries whose response was automatically classified as sensitive (credit card numbers, emails and so on)." + + "\n - `audit` - Log `sensitive`, `DQLs`, `DDLs`, `DMLs` and `privileged`." + + "\n - `error` - Log analysis errors." + + "\n - `new-connections` - Log new connections." + + "\n - `closed-connections` - Log closed connections.", + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: client.ValidateRepositoryConfAnalysisLogSettings(), + }, + }, + }, + } +} + +// Previously, the ID for cyral_repository_conf_analysis had the format +// {repository_id}/ConfAnalysis. The goal of this state upgrade is to remove +// this suffix `ConfAnalysis`. +func UpgradeRepositoryConfAnalysisV0( + _ context.Context, + rawState map[string]interface{}, + _ interface{}, +) (map[string]interface{}, error) { + rawState["id"] = rawState["repository_id"] + return rawState, nil +} diff --git a/cyral/internal/repository/confanalysis/resource_cyral_repository_conf_analysis.go b/cyral/internal/repository/confanalysis/resource_cyral_repository_conf_analysis.go deleted file mode 100644 index 77762704..00000000 --- a/cyral/internal/repository/confanalysis/resource_cyral_repository_conf_analysis.go +++ /dev/null @@ -1,322 +0,0 @@ -package confanalysis - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - - "github.com/cyralinc/terraform-provider-cyral/cyral/client" - "github.com/cyralinc/terraform-provider-cyral/cyral/utils" - "github.com/hashicorp/terraform-plugin-log/tflog" - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" -) - -type RepositoryConfAnalysisData struct { - Config UserFacingConfig `json:"userConfig"` -} - -type UserFacingConfig struct { - AlertOnViolation bool `json:"alertOnViolation"` - BlockOnViolation bool `json:"blockOnViolation"` - CommentAnnotationGroups []string `json:"commentAnnotationGroups,omitempty"` - DisableFilterAnalysis bool `json:"disableFilterAnalysis"` - DisablePreConfiguredAlerts bool `json:"disablePreConfiguredAlerts"` - EnableDataMasking bool `json:"enableDataMasking"` - LogGroups []string `json:"logGroups,omitempty"` - Redact string `json:"redact"` - EnableDatasetRewrites bool `json:"enableDatasetRewrites"` -} - -func repositoryConfAnalysisResourceSchemaV0() *schema.Resource { - return &schema.Resource{ - Schema: map[string]*schema.Schema{ - "id": { - Description: "ID of this resource in Cyral environment", - Type: schema.TypeString, - Computed: true, - }, - "repository_id": { - Description: "The ID of an existing data repository resource that will be configured.", - Type: schema.TypeString, - Required: true, - }, - "redact": { - Description: "Valid values are: `all`, `none` and `watched`. If set to `all` it will enable the redact of all literal values, `none` will disable it, and `watched` will only redact values from tracked fields set in the Datamap.", - Type: schema.TypeString, - Optional: true, - Default: "all", - ValidateFunc: client.ValidateRepositoryConfAnalysisRedact(), - }, - "alert_on_violation": { - Description: "If set to `true` it will enable alert on policy violations.", - Type: schema.TypeBool, - Optional: true, - Default: true, - }, - "disable_pre_configured_alerts": { - Description: "If set to `true` it will *disable* preconfigured alerts.", - Type: schema.TypeBool, - Optional: true, - }, - "enable_data_masking": { - Description: "If set to `true` it will allow policies to force the masking " + - " of specified data fields in the results of queries. " + - "[Learn more](https://cyral.com/docs/using-cyral/masking/).", - Type: schema.TypeBool, - Optional: true, - }, - "block_on_violation": { - Description: "If set to `true` it will enable query blocking in case of a " + - "policy violation.", - Type: schema.TypeBool, - Optional: true, - }, - "disable_filter_analysis": { - Description: "If set to `true` it will *disable* filter analysis.", - Type: schema.TypeBool, - Optional: true, - }, - "enable_dataset_rewrites": { - Description: "If set to `true` it will enable rewriting queries.", - Type: schema.TypeBool, - Optional: true, - }, - "comment_annotation_groups": { - Description: "Valid values are: `identity`, `client`, `repo`, `sidecar`. The " + - "default behavior is to set only the `identity` when this option is " + - "enabled, but you can also opt to add the contents of `client`, `repo`, " + - " `sidecar` logging blocks as query comments. " + - " [Learn more](https://support.cyral.com/support/solutions/articles/44002218978).", - Type: schema.TypeSet, - Optional: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - ValidateFunc: client.ValidateRepositoryConfAnalysisCommentAnnotationGroups(), - }, - }, - "log_groups": { - Description: "Responsible for configuring the Log Settings. Valid values are documented below. The `log_groups` list support the following values: " + - "\n - `everything` - Enables all the Log Settings." + - "\n - `dql` - Enables the `DQLs` setting for `all requests`." + - "\n - `dml` - Enables the `DMLs` setting for `all requests`." + - "\n - `ddl` - Enables the `DDLs` setting for `all requests`." + - "\n - `sensitive & dql` - Enables the `DQLs` setting for `logged fields`." + - "\n - `sensitive & dml` - Enables the `DMLs` setting for `logged fields`." + - "\n - `sensitive & ddl` - Enables the `DDLs` setting for `logged fields`." + - "\n - `privileged` - Enables the `Privileged commands` setting." + - "\n - `port-scan` - Enables the `Port scans` setting." + - "\n - `auth-failure` - Enables the `Authentication failures` setting." + - "\n - `full-table-scan` - Enables the `Full scans` setting." + - "\n - `violations` - Enables the `Policy violations` setting." + - "\n - `connections` - Enables the `Connection activity` setting." + - "\n - `sensitive` - Log all queries manipulating sensitive fields (watches)" + - "\n - `data-classification` - Log all queries whose response was automatically classified as sensitive (credit card numbers, emails and so on)." + - "\n - `audit` - Log `sensitive`, `DQLs`, `DDLs`, `DMLs` and `privileged`." + - "\n - `error` - Log analysis errors." + - "\n - `new-connections` - Log new connections." + - "\n - `closed-connections` - Log closed connections.", - Type: schema.TypeSet, - Optional: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - ValidateFunc: client.ValidateRepositoryConfAnalysisLogSettings(), - }, - }, - }, - } -} - -// Previously, the ID for cyral_repository_conf_analysis had the format -// {repository_id}/ConfAnalysis. The goal of this state upgrade is to remove -// this suffix `ConfAnalysis`. -func UpgradeRepositoryConfAnalysisV0( - _ context.Context, - rawState map[string]interface{}, - _ interface{}, -) (map[string]interface{}, error) { - rawState["id"] = rawState["repository_id"] - return rawState, nil -} - -func ResourceRepositoryConfAnalysis() *schema.Resource { - return &schema.Resource{ - Description: "Manages Repository Analysis Configuration. This resource allows configuring both " + - "[Log Settings](https://cyral.com/docs/manage-repositories/repo-log-volume) " + - "and [Advanced settings](https://cyral.com/docs/manage-repositories/repo-advanced-settings) " + - "(Logs, Alerts, Analysis and Enforcement) configurations for Data Repositories.", - CreateContext: resourceRepositoryConfAnalysisCreate, - ReadContext: resourceRepositoryConfAnalysisRead, - UpdateContext: resourceRepositoryConfAnalysisUpdate, - DeleteContext: resourceRepositoryConfAnalysisDelete, - - SchemaVersion: 1, - StateUpgraders: []schema.StateUpgrader{ - { - Version: 0, - Type: repositoryConfAnalysisResourceSchemaV0(). - CoreConfigSchema().ImpliedType(), - Upgrade: UpgradeRepositoryConfAnalysisV0, - }, - }, - - Schema: repositoryConfAnalysisResourceSchemaV0().Schema, - - Importer: &schema.ResourceImporter{ - StateContext: func( - ctx context.Context, - d *schema.ResourceData, - m interface{}, - ) ([]*schema.ResourceData, error) { - d.Set("repository_id", d.Id()) - return []*schema.ResourceData{d}, nil - }, - }, - } -} - -func resourceRepositoryConfAnalysisCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { - tflog.Debug(ctx, "Init resourceRepositoryConfAnalysisCreate") - c := m.(*client.Client) - - resourceData, err := getConfAnalysisDataFromResource(d) - if err != nil { - return utils.CreateError("Unable to create conf analysis", fmt.Sprintf("%v", err)) - } - - url := fmt.Sprintf("https://%s/v1/repos/%s/conf/analysis", c.ControlPlane, d.Get("repository_id")) - - body, err := c.DoRequest(ctx, url, http.MethodPut, resourceData.Config) - if err != nil { - return utils.CreateError("Unable to create conf analysis", fmt.Sprintf("%v", err)) - } - - response := RepositoryConfAnalysisData{} - if err := json.Unmarshal(body, &response); err != nil { - return utils.CreateError("Unable to unmarshall JSON", fmt.Sprintf("%v", err)) - } - - tflog.Debug(ctx, fmt.Sprintf("Response body (unmarshalled): %#v", response)) - - d.SetId(d.Get("repository_id").(string)) - - tflog.Debug(ctx, "End resourceRepositoryConfAnalysisCreate") - - return resourceRepositoryConfAnalysisRead(ctx, d, m) -} - -func resourceRepositoryConfAnalysisRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { - tflog.Debug(ctx, "Init resourceRepositoryConfAnalysisRead") - c := m.(*client.Client) - - url := fmt.Sprintf("https://%s/v1/repos/%s/conf/analysis", c.ControlPlane, d.Get("repository_id")) - - body, err := c.DoRequest(ctx, url, http.MethodGet, nil) - if err != nil { - return utils.CreateError(fmt.Sprintf("Unable to read conf analysis. Conf Analysis Id: %s", - d.Id()), fmt.Sprintf("%v", err)) - } - - response := RepositoryConfAnalysisData{} - if err := json.Unmarshal(body, &response); err != nil { - return utils.CreateError("Unable to unmarshall JSON", fmt.Sprintf("%v", err)) - } - - tflog.Debug(ctx, fmt.Sprintf("Response body (unmarshalled): %#v", response)) - - setConfAnalysisDataToResource(d, response) - - tflog.Debug(ctx, "End resourceRepositoryConfAnalysisRead") - - return diag.Diagnostics{} -} - -func resourceRepositoryConfAnalysisUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { - tflog.Debug(ctx, "Init resourceRepositoryConfAnalysisUpdate") - c := m.(*client.Client) - - resourceData, err := getConfAnalysisDataFromResource(d) - if err != nil { - return utils.CreateError("Unable to update conf analysis", fmt.Sprintf("%v", err)) - } - - url := fmt.Sprintf("https://%s/v1/repos/%s/conf/analysis", c.ControlPlane, d.Get("repository_id")) - - if _, err := c.DoRequest(ctx, url, http.MethodPut, resourceData.Config); err != nil { - return utils.CreateError("Unable to update conf analysis", fmt.Sprintf("%v", err)) - } - - tflog.Debug(ctx, "End resourceRepositoryConfAnalysisUpdate") - - return resourceRepositoryConfAnalysisRead(ctx, d, m) -} - -func resourceRepositoryConfAnalysisDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { - tflog.Debug(ctx, "Init resourceRepositoryConfAnalysisDelete") - c := m.(*client.Client) - - url := fmt.Sprintf("https://%s/v1/repos/%s/conf/analysis", c.ControlPlane, d.Get("repository_id")) - - if _, err := c.DoRequest(ctx, url, http.MethodDelete, nil); err != nil { - return utils.CreateError("Unable to delete conf analysis", fmt.Sprintf("%v", err)) - } - - tflog.Debug(ctx, "End resourceRepositoryConfAnalysisDelete") - - return diag.Diagnostics{} -} - -func getConfAnalysisDataFromResource(d *schema.ResourceData) (RepositoryConfAnalysisData, error) { - var logGroups []string - if logGroupsSet, ok := d.GetOk("log_groups"); ok { - for _, logGroupItem := range logGroupsSet.(*schema.Set).List() { - logGroups = append(logGroups, logGroupItem.(string)) - } - } - - var annotationGroups []string - if annotationGroupsSet, ok := d.GetOk("comment_annotation_groups"); ok { - for _, annotationGroupItem := range annotationGroupsSet.(*schema.Set).List() { - annotationGroups = append(annotationGroups, annotationGroupItem.(string)) - } - } - - return RepositoryConfAnalysisData{ - Config: UserFacingConfig{ - AlertOnViolation: d.Get("alert_on_violation").(bool), - BlockOnViolation: d.Get("block_on_violation").(bool), - DisableFilterAnalysis: d.Get("disable_filter_analysis").(bool), - DisablePreConfiguredAlerts: d.Get("disable_pre_configured_alerts").(bool), - EnableDataMasking: d.Get("enable_data_masking").(bool), - CommentAnnotationGroups: annotationGroups, - LogGroups: logGroups, - Redact: d.Get("redact").(string), - EnableDatasetRewrites: d.Get("enable_dataset_rewrites").(bool), - }, - }, nil -} - -func setConfAnalysisDataToResource(d *schema.ResourceData, resourceData RepositoryConfAnalysisData) { - logGroups := make([]interface{}, len(resourceData.Config.LogGroups)) - for index, logGroupItem := range resourceData.Config.LogGroups { - logGroups[index] = logGroupItem - } - logGroupsSet := schema.NewSet(schema.HashString, logGroups) - - annotationGroups := make([]interface{}, len(resourceData.Config.CommentAnnotationGroups)) - for index, annotationGroupItem := range resourceData.Config.CommentAnnotationGroups { - annotationGroups[index] = annotationGroupItem - } - annotationGroupsSet := schema.NewSet(schema.HashString, annotationGroups) - - d.Set("alert_on_violation", resourceData.Config.AlertOnViolation) - d.Set("block_on_violation", resourceData.Config.BlockOnViolation) - d.Set("comment_annotation_groups", annotationGroupsSet) - d.Set("disable_filter_analysis", resourceData.Config.DisableFilterAnalysis) - d.Set("disable_pre_configured_alerts", resourceData.Config.DisablePreConfiguredAlerts) - d.Set("enable_data_masking", resourceData.Config.EnableDataMasking) - d.Set("log_groups", logGroupsSet) - d.Set("redact", resourceData.Config.Redact) - d.Set("enable_dataset_rewrites", resourceData.Config.EnableDatasetRewrites) -} diff --git a/cyral/internal/repository/confanalysis/resource_cyral_repository_conf_analysis_test.go b/cyral/internal/repository/confanalysis/resource_test.go similarity index 100% rename from cyral/internal/repository/confanalysis/resource_cyral_repository_conf_analysis_test.go rename to cyral/internal/repository/confanalysis/resource_test.go diff --git a/cyral/internal/repository/confanalysis/schema_loader.go b/cyral/internal/repository/confanalysis/schema_loader.go new file mode 100644 index 00000000..5eec9304 --- /dev/null +++ b/cyral/internal/repository/confanalysis/schema_loader.go @@ -0,0 +1,26 @@ +package confanalysis + +import ( + "github.com/cyralinc/terraform-provider-cyral/cyral/core" +) + +type packageSchema struct { +} + +func (p *packageSchema) Name() string { + return "confanalysis" +} + +func (p *packageSchema) Schemas() []*core.SchemaDescriptor { + return []*core.SchemaDescriptor{ + { + Name: resourceName, + Type: core.ResourceSchemaType, + Schema: resourceSchema, + }, + } +} + +func PackageSchema() core.PackageSchema { + return &packageSchema{} +} diff --git a/cyral/provider/provider.go b/cyral/provider/provider.go index 6d79dfc7..8ed9257c 100644 --- a/cyral/provider/provider.go +++ b/cyral/provider/provider.go @@ -21,7 +21,6 @@ import ( "github.com/cyralinc/terraform-provider-cyral/cyral/internal/policy" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/policy/rule" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/regopolicy" - "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/confanalysis" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/confauth" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/network" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/role" @@ -163,7 +162,6 @@ func getResourceMap(ps []core.PackageSchema) map[string]*schema.Resource { schemaMap["cyral_policy_rule"] = rule.ResourcePolicyRule() schemaMap["cyral_rego_policy_instance"] = regopolicy.ResourceRegoPolicyInstance() schemaMap["cyral_repository_conf_auth"] = confauth.ResourceRepositoryConfAuth() - schemaMap["cyral_repository_conf_analysis"] = confanalysis.ResourceRepositoryConfAnalysis() schemaMap["cyral_repository_network_access_policy"] = network.ResourceRepositoryNetworkAccessPolicy() schemaMap["cyral_role"] = role.ResourceRole() schemaMap["cyral_role_sso_groups"] = role.ResourceRoleSSOGroups() diff --git a/cyral/provider/schema_loader.go b/cyral/provider/schema_loader.go index 3af6c113..3e0fb792 100644 --- a/cyral/provider/schema_loader.go +++ b/cyral/provider/schema_loader.go @@ -10,6 +10,7 @@ import ( "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/accessgateway" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/accessrules" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/binding" + "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/confanalysis" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/datamap" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/useraccount" "github.com/cyralinc/terraform-provider-cyral/cyral/internal/samlcertificate" @@ -23,6 +24,7 @@ func packagesSchemas() []core.PackageSchema { accessgateway.PackageSchema(), accessrules.PackageSchema(), binding.PackageSchema(), + confanalysis.PackageSchema(), credentials.PackageSchema(), datalabel.PackageSchema(), datamap.PackageSchema(),