From 438b81a535aa2ebac3b97a82eec9437adcf72f3f Mon Sep 17 00:00:00 2001 From: Kim Chiu <65937808+kim-cloudconformity@users.noreply.github.com> Date: Wed, 31 Jan 2024 16:05:00 +1100 Subject: [PATCH] Increase custom rule condition data types accepted (#74) * chore: update version and OS architecture * chore: format packages and add new region * impr: custom rule resource can transform multiple data types * chore: add terraform log library * fix: udpate request address * impr: update Value data type to interface * chore: remove region * impr: comment to explain new logic * docs: update use and example for custom rule page * impr: remove omitempty for a required attribute * chore: update go version used * fix: add beginning slash to path * chore: add go mod file * fix: add in trailing slash for endpoint address * docs: update custom rule documentation * docs: describe custom rule value in depth * fix: get API call can handle multiple data types as well * fix: remove debugging lines --- .github/workflows/check.yml | 2 +- Makefile | 4 +- conformity/provider.go | 1 + conformity/resource_conformity_custom_rule.go | 31 +- docs/resources/conformity_custom_rule.md | 587 +++--------------- go.mod | 5 +- pkg/cloudconformity/models.go | 8 +- 7 files changed, 130 insertions(+), 508 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 641673a..cb0e86d 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -30,7 +30,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.17 + go-version: 1.18 - name: Install Terraform uses: hashicorp/setup-terraform@v2 diff --git a/Makefile b/Makefile index df9c04f..73ec3c3 100644 --- a/Makefile +++ b/Makefile @@ -3,8 +3,8 @@ HOSTNAME=trendmicro.com NAMESPACE=cloudone NAME=conformity BINARY=terraform-provider-${NAME} -VERSION=0.3 -OS_ARCH=linux_amd64 +VERSION=0.4 +OS_ARCH=darwin_arm64 default: install diff --git a/conformity/provider.go b/conformity/provider.go index 63f3073..cdec207 100644 --- a/conformity/provider.go +++ b/conformity/provider.go @@ -2,6 +2,7 @@ package conformity import ( "context" + "github.com/trendmicro/terraform-provider-conformity/pkg/cloudconformity" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" diff --git a/conformity/resource_conformity_custom_rule.go b/conformity/resource_conformity_custom_rule.go index 898f849..8e54b47 100644 --- a/conformity/resource_conformity_custom_rule.go +++ b/conformity/resource_conformity_custom_rule.go @@ -2,12 +2,21 @@ package conformity import ( "context" + "encoding/json" + "strconv" + "strings" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/trendmicro/terraform-provider-conformity/pkg/cloudconformity" ) +type ObjectValue struct { + Days int `json:"days"` + Operator string `json:"operator"` +} + func resourceConformityCustomRule() *schema.Resource { return &schema.Resource{ CreateContext: resourceConformityCustomRuleCreate, @@ -349,7 +358,24 @@ func processInputCustomRuleConditions(conditionsIn []interface{}) []cloudconform obj := cloudconformity.CustomRuleCondition{} obj.Fact = m["fact"].(string) obj.Path = m["path"].(string) - obj.Value = m["value"].(string) + /* + Custom Rule Conditions has an attribute of `value` that can accept a + string, boolean, integer, or an object. Anything other than string needs + to be encoded using the built-in Terraform function `jsonencode()`. + Below we are assigning objValue with an instance of the ObjectValue struct + that defines the variables that the Custom Rules API will accept. + */ + objValue := ObjectValue{} + if strings.ToLower(m["value"].(string)) == "true" || strings.ToLower(m["value"].(string)) == "false" { + obj.Value, _ = strconv.ParseBool(m["value"].(string)) + } else if numValue, err := strconv.Atoi(m["value"].(string)); err == nil { + obj.Value = numValue + } else if err := json.Unmarshal([]byte(m["value"].(string)), &objValue); err == nil { + obj.Value = objValue + } else { + obj.Value = m["value"] + } + if operator, ok := m["operator"]; ok { obj.Operator = operator.(string) } @@ -397,7 +423,8 @@ func flattenConditions(conditionsIn []cloudconformity.CustomRuleCondition) []int m["fact"] = conditions.Fact m["operator"] = conditions.Operator m["path"] = conditions.Path - m["value"] = conditions.Value + conditionsValueByte, _ := json.Marshal(conditions.Value) + m["value"] = string(conditionsValueByte) conditionsOut[i] = m } return conditionsOut diff --git a/docs/resources/conformity_custom_rule.md b/docs/resources/conformity_custom_rule.md index 843608f..498e021 100644 --- a/docs/resources/conformity_custom_rule.md +++ b/docs/resources/conformity_custom_rule.md @@ -2,515 +2,108 @@ page_title: "conformity_custom_rule Resource" subcategory: "Custom Rules" description: |- - Allows you to create and Run Custom Rules on Conformity. + Allows you to create and run Custom Rules on Conformity. --- -# Resource `conformity_custom_rule` -Allows you to create Custom Rules on Conformity +# Resource: conformity_custom_rule +Allows you to create Custom Rules on Trend Cloud OneTM - Conformity. -There are 6 Custom rule that is being tested - 1.Storage Naming for all 3 clouds (aws,azure and gcp) - 2.MongoDB port restriction for all 3 clouds.(aws,azure and gcp) +## Example Usage +### Using a string value for a custom rule creation -1.Storage Naming for all 3 clouds (aws,azure and gcp) - -## Storage Naming for aws - - ### For Running the Create Custom Rule API for aws - 1.First you have the aws access so that you can create a bucket for it - 2.while creating the bucket give appropriate name to bucket - 3.Run the Create Custom Rule api by giving required value - -> resourceType,service and provider - -> resourceType and service you can find from the documentation of the api - there was a link for resourceType and services just click that you will get response - find the appropriate resourceType and services - 4.After giving the reesourceType and services and provider set the rule appropriately and also the condition which will check for the bucket name which you have created - 5.Run the api - - ### Checking the custom rule - 6.Copy the id from the successfull response - 7.Run the Run Custom Rule api by passing the accountId of your aws account and rule id (which you will get in Create Custom Rule api response) - 8.Copy the same body of Create Custom Rule api - 9.Run the api you will see your bucket details over there and your rule status whether its failed / Success - - ### If you dont know the Bucket Details and also what to pass in path of attributes and rules - 1.You need to run the Run Custom Rule api by providing the aws accoundid and the rule idand also the set the resourceData=true - 2. In body you need to pass - ``` - { - "configuration": { - "name": "S3 bucket logging enabled", - "description": "S3 buckets have logging enabled", - "service": "S3", - "resourceType": "s3-bucket", - "attributes": [ - { - "name": "bucketLogging", - "path": "data.LoggingEnabled", - "required": true - } - ], - "rules": [ - { - "conditions": { - "all": [ - { - "value": null, - "operator": "notEqual", - "fact": "bucketLogging" - } - ] - }, - "event": { - "type": "Bucket has logging enabled" - } - } - ], - "severity": "MEDIUM", - "categories": [ - "security" - ], - "provider": "aws", - "enabled": true - } - } - - - ``` - 3.Change the resourceType,services and provider appropriately - 4.Put the same rule as Create Custom Rule Api - 5.Save and send you will see your bucketdetails and status of your rule and the resourceData details in which you can see all the bucket details where you can create a rule in any of the attributes - - -## Example Usage of Create Custom Rule API for aws ```hcl -AWS Storage Naming-: - resource "conformity_custom_rule" "example"{ - name= "S3 Bucket Custom Rule" - description = "This custom rule ensures S3 buckets follow our best practice updated" - remediation_notes = "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n updated" - service = "S3" - resource_type = "s3-bucket" - categories = ["security"] - severity = "HIGH" - cloud_provider = "aws" - enabled = true - attributes { - name = "bucketName" - path = "data.Name" - required = true - } - rules { - operation = "all" - conditions { - fact = "bucketName" - operator = "pattern" - value = "^shunyekaa$" - } - event_type = "Bucket name is longer than 32 characters" - } +resource "conformity_custom_rule" "s3_example" { + name = "S3 Bucket Name Character Limit" + description = "Limit number of characters used to name a S3 Bucket" + remediation_notes = "Reduce the number of characters for S3 Bucket name" + service = "S3" + resource_type = "s3-bucket" + categories = ["sustainability"] + severity = "MEDIUM" + cloud_provider = "aws" + enabled = true + attributes { + name = "bucketName" + path = "data.Name" + required = true } - -``` - -## Storage Naming for Azure - - ### For Running the Create Custom Rule API for azure - - 1.First you have the azure access so that you can create a Storage Accounts in it - 2.while creating the Storage Accounts give appropriate name - 3.Run the Create Custom Rule api by giving required value - -> resourceType,service and provider - -> resourceType and service you can find from the documentation of the api - there was a link for resourceType and services just click that you will get response - find the appropriate resourceType and services - 4.After giving the resourceType and services and provider set the rule appropriately and also the condition which will check for the Storage Account name which you have created - 5.Run the api - - ### Checking the custom rule - 6.Copy the id from the successfull response - 7.Run the Run Custom Rule api by passing the accountId of your azure account and rule id (which you will get in Create Custom Rule api response) - 8.Copy the same body of Create Custom Rule api - 9.Run the api you will see your Storage account Details over there and your rule status whether its failed / Success - - ### If you dont know the Storage Account Details and also what to pass in path of attributes and rules - 1.You need to run the Run Custom Rule api by providing the azure accoundId and the rule id and also the set the resourceData=true - 2. In body you need to pass the same "configuration details as passed above in aws" - 3.Just change the details of configuration (resourceType,services ,provider and rules) - 4.Run it and you can see in response resourceData where you can get your Storage Accounts Details and you can apply rule to any attributes -## Example Usage of Create Custom Rule API for Azure -``` - Azure Storage Naming-: - resource "conformity_custom_rule" "example"{ - "name": "Azure Storage Account Custom Rule testing", - "description": "This custom rule ensures Azure Storage Account follow our best practice", - "service": "StorageAccounts", - "resourceType": "storage-accounts", - "categories": [ - "security" - ], - "severity": "HIGH", - "provider": "azure", - "enabled": true, - "attributes": [ - { - "name": "storageName", - "path": "data.name", - "required": false - } - ], - "rules": [ - { - "conditions": { - "any": [ - { - "fact": "storageName", - "operator": "equal", - "value": "customruletesting" - } - ] - }, - "event": { - "type": "Storage Account Name should be customruletesting" - } - } - - ], - "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n" - } -``` -## Storage Naming for GCP - - ### For Running the Create Custom Rule API for GCP - - 1.First you have the gcp access so that you can create a Cloud Storage in it - 2.while creating the Cloud Storage give appropriate name - 3.Run the Create Custom Rule api by giving required value - -> resourceType,service and provider - -> resourceType and service you can find from the documentation of the api - there was a link for resourceType and services just click that you will get response - find the appropriate resourceType and services - 4.After giving the resourceType and services and provider set the rule appropriately and also the condition which will check for the Cloud Storage name which you have created - 5.Run the api - - ### Checking the custom rule - 6.Copy the id from the successfull response - 7.Run the Run Custom Rule api by passing the accountId of your gcp account and rule id (which you will get in Create Custom Rule api response) - 8.Copy the same body of Create Custom Rule api - 9.Run the api you will see your Cloud Storage Details over there and your rule status whether its Failed / Success - - ### If you dont know the Cloud Storage and also what to pass in path of attributes and rules - 1.You need to run the Run Custom Rule api by providing the gcp accoundId and the rule id and also the set the resourceData=true - 2. In body you need to pass the same "configuration details as passed above in aws" - 3.Just change the details of configuration (resourceType,services ,provider and rules) - 4.Run it and you can see in response resourceData where you can get your Cloud Storage Details and you can apply rule to any attributes - -## Example Usage of Create Custom Rule API for GCP -``` -GCP:- -resource "conformity_custom_rule" "example"{ - "name": "Gcp Google Cloud Custom Rule testing", - "description": "This custom rule ensures "Gcp Google Cloud follow our best practice", - "service": "CloudStorage", - "resourceType": "cloudstorage-buckets", - "categories": [ - "security" - ], - "severity": "HIGH", - "provider": "gcp", - "enabled": true, - "attributes": [ - { - "name": "cloudStorageName", - "path": "data.name", - "required": true + rules { + operation = "any" + conditions { + fact = "bucketName" + operator = "pattern" + value = "^([a-zA-Z0-9_-]){1,32}$" } - ], - "rules": [ - { - "conditions": { - "any": [ - { - "fact": "cloudStorageName", - "operator": "pattern", - "value": "^shunyekaa$" - } - ] - }, - "event": { - "type": "Cloud Storage Bucket Name should be shunyekaa" - } - } - - ], - "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n" + } } - -``` -2.MongoDB port restriction for all 3 clouds. - - ## Mongo DB Port Restriction for aws - ### For Running the Create Custom Rule API for aws - 1.First you have the aws access so that you can create a Security Group - 2.while creating the Security Group give appropriate name of security group - ->Set the Inbound and Outbound rule by giving the port,protocols and other details properly - 3.Run the Create Custom Rule api by giving required value - -> resourceType,service and provider - -> resourceType and service you can find from the documentation of the api - there was a link for resourceType and services just click that you will get response - find the appropriate resourceType and services - 4.After giving the reesourceType and services and provider set the rule appropriately and also the condition which will check for the port restriction - 5.Run the api - - ### Checking the custom rule - 6.Copy the id from the successfull response - 7.Run the Run Custom Rule api by passing the accountId of your aws account and rule id (which you will get in Create Custom Rule api response) - 8.Copy the same body of Create Custom Rule api - 9.Run the api you will see your bucket details over there and your rule status whether its failed / Success - - ### If you dont know the Security Group Details and also what to pass in path of attributes and rules - 1.You need to run the Run Custom Rule api by providing the aws accoundid and the rule id and also the set the resourceData=true - 2. In body you need to pass "configuration details as passed above in aws" - 3.Just change the resourceType,service ,provider and other related details - 4.Run it and you can see in response resourceData where you can get your Security Group Details and you can apply rule to any attributes - - -## Example Usage of Create Custom Rule API for AWS - ``` - resource "conformity_custom_rule" "example" { - "name": "AWS Security Group for Mongo db port restriction", - "description": "This custom rule ensures AWS Security Group follow our best practice", - "service": "EC2", - "resourceType": "ec2-securitygroup", - "categories": [ - "security" - ], - "severity": "HIGH", - "provider": "aws", - "enabled": true, - "attributes": [ - { - "name": "portRestriction", - "path": "data.IpPermissions[:].FromPort", - "required": false - }, - { - "name": "IpPermissionCheck", - "path": "data.IpPermissions", - "required": false - } - ], - "rules": [ - { - "conditions": { - "any": [ - { - "path": "$.length", - "fact": "IpPermissionCheck", - "value": 0, - "operator": "equal" - }, - { - "value": 27017, - "operator": "doesNotContain", - "fact": "portRestriction" - } - ] - }, - "event": { - "type": "The Port should not be 27017" - } - } - ], - "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n" - } -``` - -## Mongo DB Port Restriction for azure - - ## Mongo DB Port Restriction for azure - ### For Running the Create Custom Rule API for azure - 1.First you have the azure access so that you can create a Network Security Group - 2.while creating the Network Security Group give appropriate name of Network security group - ->Set the Inbound and Outbound rule by giving the port,protocols and other details properly - 3.Run the Create Custom Rule api by giving required value - -> resourceType,service and provider - -> resourceType and service you can find from the documentation of the api - there was a link for resourceType and services just click that you will get response - find the appropriate resourceType and services - 4.After giving the resourceType and services and provider set the rule appropriately for port restriction - 5.Run the api - - ### Checking the custom rule - 6.Copy the id from the successfull response - 7.Run the Run Custom Rule api by passing the accountId of your azure account and rule id (which you will get in Create Custom Rule api response) - 8.Copy the same body of Create Custom Rule api - 9.Run the api you will see your bucket details over there and your rule status whether its failed / Success - - ### If you dont know the Network Security Group Details and also what to pass in path of attributes and rules - 1.You need to run the Run Custom Rule api by providing the azure accoundid and the rule id and also the set the resourceData=true - 2. In body you need to pass "configuration details as passed above in aws" - 3.Just change the resourceType,service ,provider and other related details - 4.Run it and you can see in response resourceData where you can get your Network Security Group Details and you can apply rule to any attributes - -## Example Usage of Create Custom Rule API for Azure - -``` - resource "conformity_custom_rule" "example" { - "name": "Azure Network Security Group Mongo db port Restriction", - "description": "This custom rule ensures Azure Network Security follow our best practice", - "service": "Network", - "resourceType": "network-network-security-groups", - "categories": [ - "security" - ], - "severity": "HIGH", - "provider": "azure", - "enabled": true, - "attributes": [ - { - "name": "networksecurity", - "path": "data.securityRules[:].destinationPortRange", - "required": false - }, - { - "name": "networksecurityCheck", - "path": "data.securityRules", - "required": false - } - ], - "rules": [ - { - "conditions": { - "any": [ - { - "value": "27017", - "operator": "doesNotContain", - "fact": "networksecurity" - }, - { - "path": "$.lenght", - "fact": "networksecurityCheck", - "value": 0, - "operator": "equal" - } - ] - }, - "event": { - "type": "The Port should not be 27017" - } - } - ], - "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n" - } - - -``` - - -## Mongo DB Port Restriction for gcp - - ### For Running the Create Custom Rule API for azure - 1.First you have the gcp access so that you can create a Firewall Rules - 2.while creating the Firewall Rules give appropriate name of Network security group - ->Set the Inbound and Outbound rule by giving the port,protocols and other details properly - 3.Run the Create Custom Rule api by giving required value - -> resourceType,service and provider - -> resourceType and service you can find from the documentation of the api - there was a link for resourceType and services just click that you will get response - find the appropriate resourceType and services - 4.After giving the resourceType and services and provider set the rule appropriately for port restriction - 5.Run the api - - ### Checking the custom rule - 6.Copy the id from the successfull response - 7.Run the Run Custom Rule api by passing the accountId of your gcp account and rule id (which you will get in Create Custom Rule api response) - 8.Copy the same body of Create Custom Rule api - 9.Run the api you will see your bucket details over there and your rule status whether its failed / Success - - ### If you dont know the Firewall Rule Details and also what to pass in path of attributes and rules - 1.You need to run the Run Custom Rule api by providing the azure accoundid and the rule id and also the set the resourceData=true - 2. In body you need to pass "configuration details as passed above in aws" - 3.Just change the resourceType,service ,provider and other related details - 4.Run it and you can see in response resourceData where you can get your Firewall Rule Details and you can apply rule to any attributes - -## Example Usage of Create Custom Rule API for Azure - -``` - resource "conformity_custom_rule" "example" { - "name": "GCP Firewalls Rules Mongo db port restriction", - "description": "This custom rule ensures GCP Firewalls Rules follow our best practice", - "service": "CloudVPC", - "resourceType": "cloudvpc-firewallrules", - "categories": [ - "security" - ], - "severity": "HIGH", - "provider": "gcp", - "enabled": true, - "attributes": [ - { - "name": "firewallrules", - "path": "data.allowed[:].ports[:]", - "required": false - }, - { - "name": "firewallrulescheck", - "path": "data.allowed[:].ports", - "required": false - } - ], - "rules": [ - { - "conditions": { - "any": [ - { - "value": "27017", - "operator": "doesNotContain", - "fact": "firewallrules" - }, - { - "path": "$.lenght", - "fact": "firewallrulescheck", - "value": 0, - "operator": "equal" - } - ] - }, - "event": { - "type": "The Port should not be 27017" - } - } - ], - "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n" - } +### Using a date comparison for a custom rule condition +```hcl +resource "conformity_custom_rule" "kms_example" { + name = "KMS Key Creation Date within 90 days" + description = "Check KMS Key was created less than 90 days ago" + remediation_notes = "Recreate the KMS Key" + service = "KMS" + resource_type = "kms-key" + categories = ["security"] + severity = "HIGH" + cloud_provider = "aws" + enabled = true + attributes { + name = "creationDate" + path = "data.CreationDate" + required = true + } + rules { + operation = "all" + conditions { + fact = "creationDate" + operator = "dateComparison" + value = jsonencode({"days"=90,"operator"="within"}) + } + } +} ``` -## Argument reference - -- `name` (String) - Name of the custom rule. -- `description` (String) - description of the custom rule. -- `remediation_notes` (String) - remediation_notes of the custom -- `service` (String) - service of the custom rule -- `resource_type` (String) - resource type of the custom rule -- `categories` (Array of String) - categories of the custom rule. Enum: ["security", "sustainability", "performance-efficiency", "operational-excellence"] -- `severity` (String) - severity of the custom rule. Enum :"LOW","MEDIUM","HIGH","VERY_HIGH","EXTREME" -- `cloud_provider` (String ) - Name of the cloud provider. Enum: "aws","azure","gcp". -- `enabled` (Bool) - This attributes determines whether this setting enabled or not (true ,false) - -- `attributes` List: Can be multiple declaration - * `name` (String) BucketName. - * `path` (String) Path of the Bucket. - * `required` (String) This determines whether the attribute is required or not. -- `rule` List: Can be multiple declaration - * `operation` (String) - operation of the rule. Enum: "any","all" - * `condition` List: Can be multiple declaration - * `fact` (String) - BucketName - * `operation` (String) - pattern - * `value` (String) - value of the operator - * `event_type` (String) - Message +## Argument Reference + +* `name` (Required) Name of the custom rule. +* `description` (Required) Description of the custom rule. +* `remediation_notes` (Optional) Notes or steps relevant to remediating the custom rule +* `service` (Required) The cloud provider service name (e.g. S3), a complete list of supported services can be found [here](https://us-west-2.cloudconformity.com/v1/services). +* `resource_type` (Required) - The type of resource this custom rule applies to (e.g. "s3-bucket"), a complete list of supported services can be found [here](https://us-west-2.cloudconformity.com/v1/resource-types). +* `categories` (Required) An array of categories for the custom rule. Can be any of the following: ["security","cost-optimisation", "reliability", "sustainability", "performance-efficiency", "operational-excellence"]. +* `severity` (Required) Risk/severity of the custom rule, can be one of the following: "LOW","MEDIUM","HIGH","VERY_HIGH","EXTREME". +* `cloud_provider` (Required) - Name of the cloud provider (e.g. "aws","azure", "gcp"), a complete list is available from (Conformity Providers Endpoint)[https://us-west-2.cloudconformity.com/v1/providers]. +* `enabled` (Optional) Boolean that indicates the status of this rule (true, false). Disabled rules (i.e. set to false) will not be run by Conformity Bot or Real-Time Threat Monitoring (RTM). +* `attributes` (Required) One or more blocks describing the attribute(s) from the resources needed for this rule. The structure of this block is described below. +* `rules` (Required) One or more blocks describing what needs to be checked from the attribute(s). The structure of this block is described below. + +An `attributes` block supports the following: +* `name` (Required) User defined to the value of the result of the path query. This value is used as the `fact` input to the rule condition. +* `path` (Required) JSONPath syntax to resource value. +* `required` (Required) Boolean that determines if this data value is required for the rule to run. + +A `rule` block supports the following +* `operation` (Required) Operation of the rule. Enum: "any","all" +* `condition` (Required) +* `event_type` (Required) Description of the result of the rule set. + +A `condition` block supports the following +* `fact` (Required) The input value from the corresponding attribute name. +* `operator` (Required) A string value of the operator used to evaluate the input value. +* `path` (Optional) Secondary JSONPath query to apply to further evaluate nested data. +* `value` (Required) The expected value from the JSONPath query. This can be a string, number, boolean, or object. + +~> **NOTE:** If the `value` is either a number, boolean, or object. It **must** be encoded using the built-in `jsonencode` function. e.g. +* Number: `value = jsonencode(86400)` +* Boolean: `value = jsonencode(true)` +* Object: `value=jsonencode({"days"=20,"operator"="within"})` + +A `value` block can be defined using the built-in Terraform `jsonencode()` function but must follow the structure below +* `days` (Required) The number of days to compare against. +* `operator` (Required) Date comparison operator, e.g. "within", "olderThan" diff --git a/go.mod b/go.mod index 5204cac..5dd58ea 100755 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/trendmicro/terraform-provider-conformity -go 1.17 +go 1.18 require ( github.com/hashicorp/terraform-plugin-sdk/v2 v2.16.0 @@ -9,6 +9,8 @@ require ( github.com/stretchr/testify v1.7.2 ) +require github.com/hashicorp/terraform-plugin-log v0.4.0 // indirect + require ( github.com/agext/levenshtein v1.2.2 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect @@ -31,7 +33,6 @@ require ( github.com/hashicorp/terraform-exec v0.16.1 // indirect github.com/hashicorp/terraform-json v0.13.0 // indirect github.com/hashicorp/terraform-plugin-go v0.9.0 // indirect - github.com/hashicorp/terraform-plugin-log v0.4.1 // indirect github.com/hashicorp/terraform-registry-address v0.0.0-20210412075316-9b2996cce896 // indirect github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect diff --git a/pkg/cloudconformity/models.go b/pkg/cloudconformity/models.go index 3b6edb4..28bb848 100644 --- a/pkg/cloudconformity/models.go +++ b/pkg/cloudconformity/models.go @@ -640,10 +640,10 @@ type CustomRuleEvent struct { } type CustomRuleCondition struct { - Fact string `json:"fact"` - Operator string `json:"operator"` - Path string `json:"path,omitempty"` - Value string `json:"value"` + Fact string `json:"fact"` + Operator string `json:"operator"` + Path string `json:"path,omitempty"` + Value interface{} `json:"value"` } type CustomRuleCreateResponse struct {