-
Notifications
You must be signed in to change notification settings - Fork 650
/
data_source_ibm_cd_toolchain_tool_securitycompliance.go
234 lines (211 loc) · 10.2 KB
/
data_source_ibm_cd_toolchain_tool_securitycompliance.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
// Copyright IBM Corp. 2024 All Rights Reserved.
// Licensed under the Mozilla Public License v2.0
package cdtoolchain
import (
"context"
"fmt"
"log"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
"github.com/IBM/continuous-delivery-go-sdk/cdtoolchainv2"
)
func DataSourceIBMCdToolchainToolSecuritycompliance() *schema.Resource {
return &schema.Resource{
ReadContext: dataSourceIBMCdToolchainToolSecuritycomplianceRead,
Schema: map[string]*schema.Schema{
"toolchain_id": &schema.Schema{
Type: schema.TypeString,
Required: true,
Description: "ID of the toolchain.",
},
"tool_id": &schema.Schema{
Type: schema.TypeString,
Required: true,
Description: "ID of the tool bound to the toolchain.",
},
"resource_group_id": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "Resource group where the tool is located.",
},
"crn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "Tool CRN.",
},
"toolchain_crn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "CRN of toolchain which the tool is bound to.",
},
"href": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "URI representing the tool.",
},
"referent": &schema.Schema{
Type: schema.TypeList,
Computed: true,
Description: "Information on URIs to access this resource through the UI or API.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"ui_href": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "URI representing this resource through the UI.",
},
"api_href": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "URI representing this resource through an API.",
},
},
},
},
"name": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "Name of the tool.",
},
"updated_at": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "Latest tool update timestamp.",
},
"parameters": &schema.Schema{
Type: schema.TypeList,
Computed: true,
Description: "Unique key-value pairs representing parameters to be used to create the tool. A list of parameters for each tool integration can be found in the <a href=\"https://cloud.ibm.com/docs/ContinuousDelivery?topic=ContinuousDelivery-integrations\">Configuring tool integrations page</a>.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "The name for this tool integration, shown on the toolchain page.",
},
"evidence_namespace": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "The kind of pipeline evidence to be displayed in Security and Compliance Center for this toolchain. The values are; `cd` which will use evidence generated by a Continuous Deployment (CD) pipeline, or `cc` which will use evidence generated by a Continuous Compliance (CC) pipeline. The default behavior is to use the CD evidence.",
},
"use_profile_attachment": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "Set to `enabled` to enable use profile with attachment, so that the scripts in the pipeline can interact with the Security and Compliance Center service to perform pre-deploy validation against compliance rules for Continuous Deployment (CD) and compliance monitoring for Continuous Compliance (CC). When enabled, other parameters become relevant; `scc_api_key`, `instance_crn`, `profile_name`, `profile_version`, `attachment_id`.",
},
"scc_api_key": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Sensitive: true,
Description: "The IBM Cloud API key used to access the Security and Compliance Center service, for the use profile with attachment setting. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`. You can use a toolchain secret reference for this parameter. For more information, see [Protecting your sensitive data in Continuous Delivery](https://cloud.ibm.com/docs/ContinuousDelivery?topic=ContinuousDelivery-cd_data_security#cd_secure_credentials).",
},
"instance_crn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "The Security and Compliance Center service instance CRN (Cloud Resource Name). It is recommended to provide an instance CRN, but when absent, the oldest service instance will be used. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.",
},
"profile_name": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "The name of a Security and Compliance Center profile. Usually, use the \"IBM Cloud Framework for Financial Services\" predefined profile, which contains the DevSecOps Toolchain rules. Or use a user-authored customized profile that has been configured to contain those rules. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.",
},
"profile_version": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "The version of a Security and Compliance Center profile, in SemVer format, like '0.0.0'. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.",
},
"attachment_id": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.",
},
"evidence_repo_url": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "The URL to a Git repository evidence locker. The DevSecOps toolchain templates will collect and store evidence for scans and tasks in an evidence repository. This evidence URL should match the `repo_url` for a Git tool integration in this toolchain. The DevSecOps toolchain goals in the Security and Compliance Center will check the evidence repository for the pass or fail results for those goals.",
},
},
},
},
"state": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "Current configuration state of the tool.",
},
},
}
}
func dataSourceIBMCdToolchainToolSecuritycomplianceRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
cdToolchainClient, err := meta.(conns.ClientSession).CdToolchainV2()
if err != nil {
return diag.FromErr(err)
}
getToolByIDOptions := &cdtoolchainv2.GetToolByIDOptions{}
getToolByIDOptions.SetToolchainID(d.Get("toolchain_id").(string))
getToolByIDOptions.SetToolID(d.Get("tool_id").(string))
toolchainTool, response, err := cdToolchainClient.GetToolByIDWithContext(context, getToolByIDOptions)
if err != nil {
log.Printf("[DEBUG] GetToolByIDWithContext failed %s\n%s", err, response)
return diag.FromErr(fmt.Errorf("GetToolByIDWithContext failed %s\n%s", err, response))
}
if *toolchainTool.ToolTypeID != "security_compliance" {
return diag.FromErr(fmt.Errorf("Retrieved tool is not the correct type: %s", *toolchainTool.ToolTypeID))
}
d.SetId(fmt.Sprintf("%s/%s", *getToolByIDOptions.ToolchainID, *getToolByIDOptions.ToolID))
if err = d.Set("resource_group_id", toolchainTool.ResourceGroupID); err != nil {
return diag.FromErr(fmt.Errorf("Error setting resource_group_id: %s", err))
}
if err = d.Set("crn", toolchainTool.CRN); err != nil {
return diag.FromErr(fmt.Errorf("Error setting crn: %s", err))
}
if err = d.Set("toolchain_crn", toolchainTool.ToolchainCRN); err != nil {
return diag.FromErr(fmt.Errorf("Error setting toolchain_crn: %s", err))
}
if err = d.Set("href", toolchainTool.Href); err != nil {
return diag.FromErr(fmt.Errorf("Error setting href: %s", err))
}
referent := []map[string]interface{}{}
if toolchainTool.Referent != nil {
modelMap, err := dataSourceIBMCdToolchainToolSecuritycomplianceToolModelReferentToMap(toolchainTool.Referent)
if err != nil {
return diag.FromErr(err)
}
referent = append(referent, modelMap)
}
if err = d.Set("referent", referent); err != nil {
return diag.FromErr(fmt.Errorf("Error setting referent %s", err))
}
if err = d.Set("name", toolchainTool.Name); err != nil {
return diag.FromErr(fmt.Errorf("Error setting name: %s", err))
}
if err = d.Set("updated_at", flex.DateTimeToString(toolchainTool.UpdatedAt)); err != nil {
return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err))
}
parameters := []map[string]interface{}{}
if toolchainTool.Parameters != nil {
remapFields := map[string]string{
"evidence_repo_url": "evidence_repo_name",
}
modelMap := GetParametersFromRead(toolchainTool.Parameters, DataSourceIBMCdToolchainToolSecuritycompliance(), remapFields)
parameters = append(parameters, modelMap)
}
if err = d.Set("parameters", parameters); err != nil {
return diag.FromErr(fmt.Errorf("Error setting parameters %s", err))
}
if err = d.Set("state", toolchainTool.State); err != nil {
return diag.FromErr(fmt.Errorf("Error setting state: %s", err))
}
return nil
}
func dataSourceIBMCdToolchainToolSecuritycomplianceToolModelReferentToMap(model *cdtoolchainv2.ToolModelReferent) (map[string]interface{}, error) {
modelMap := make(map[string]interface{})
if model.UIHref != nil {
modelMap["ui_href"] = model.UIHref
}
if model.APIHref != nil {
modelMap["api_href"] = model.APIHref
}
return modelMap, nil
}