forked from hashicorp/terraform-provider-aws
/
resource_aws_securityhub_product_subscription.go
134 lines (102 loc) · 3.8 KB
/
resource_aws_securityhub_product_subscription.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package aws
import (
"fmt"
"log"
"strings"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/securityhub"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAwsSecurityHubProductSubscription() *schema.Resource {
return &schema.Resource{
Create: resourceAwsSecurityHubProductSubscriptionCreate,
Read: resourceAwsSecurityHubProductSubscriptionRead,
Delete: resourceAwsSecurityHubProductSubscriptionDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"product_arn": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateArn,
},
"arn": {
Type: schema.TypeString,
Computed: true,
},
},
}
}
func resourceAwsSecurityHubProductSubscriptionCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).securityhubconn
productArn := d.Get("product_arn").(string)
log.Printf("[DEBUG] Enabling Security Hub product subscription for product %s", productArn)
resp, err := conn.EnableImportFindingsForProduct(&securityhub.EnableImportFindingsForProductInput{
ProductArn: aws.String(productArn),
})
if err != nil {
return fmt.Errorf("Error enabling Security Hub product subscription for product %s: %s", productArn, err)
}
d.SetId(fmt.Sprintf("%s,%s", productArn, *resp.ProductSubscriptionArn))
return resourceAwsSecurityHubProductSubscriptionRead(d, meta)
}
func resourceAwsSecurityHubProductSubscriptionRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).securityhubconn
productArn, productSubscriptionArn, err := resourceAwsSecurityHubProductSubscriptionParseId(d.Id())
if err != nil {
return err
}
log.Printf("[DEBUG] Reading Security Hub product subscriptions to find %s", d.Id())
exists, err := resourceAwsSecurityHubProductSubscriptionCheckExists(conn, productSubscriptionArn)
if err != nil {
return fmt.Errorf("Error reading Security Hub product subscriptions to find %s: %s", d.Id(), err)
}
if !exists {
log.Printf("[WARN] Security Hub product subscriptions (%s) not found, removing from state", d.Id())
d.SetId("")
}
d.Set("product_arn", productArn)
d.Set("arn", productSubscriptionArn)
return nil
}
func resourceAwsSecurityHubProductSubscriptionCheckExists(conn *securityhub.SecurityHub, productSubscriptionArn string) (bool, error) {
input := &securityhub.ListEnabledProductsForImportInput{}
exists := false
err := conn.ListEnabledProductsForImportPages(input, func(page *securityhub.ListEnabledProductsForImportOutput, lastPage bool) bool {
for _, readProductSubscriptionArn := range page.ProductSubscriptions {
if aws.StringValue(readProductSubscriptionArn) == productSubscriptionArn {
exists = true
return false
}
}
return !lastPage
})
if err != nil {
return false, err
}
return exists, nil
}
func resourceAwsSecurityHubProductSubscriptionParseId(id string) (string, string, error) {
parts := strings.SplitN(id, ",", 2)
if len(parts) != 2 {
return "", "", fmt.Errorf("Expected Security Hub product subscription ID in format <product_arn>,<arn> - received: %s", id)
}
return parts[0], parts[1], nil
}
func resourceAwsSecurityHubProductSubscriptionDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).securityhubconn
log.Printf("[DEBUG] Disabling Security Hub product subscription %s", d.Id())
_, productSubscriptionArn, err := resourceAwsSecurityHubProductSubscriptionParseId(d.Id())
if err != nil {
return err
}
_, err = conn.DisableImportFindingsForProduct(&securityhub.DisableImportFindingsForProductInput{
ProductSubscriptionArn: aws.String(productSubscriptionArn),
})
if err != nil {
return fmt.Errorf("Error disabling Security Hub product subscription %s: %s", d.Id(), err)
}
return nil
}