diff --git a/aws/resource_aws_ssm_patch_baseline.go b/aws/resource_aws_ssm_patch_baseline.go index 4109c50833b4..917cefe53f73 100644 --- a/aws/resource_aws_ssm_patch_baseline.go +++ b/aws/resource_aws_ssm_patch_baseline.go @@ -7,6 +7,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/ssm" "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/helper/validation" ) func resourceAwsSsmPatchBaseline() *schema.Resource { @@ -96,6 +97,22 @@ func resourceAwsSsmPatchBaseline() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, }, + + "operating_system": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Default: "WINDOWS", + ValidateFunc: validation.StringInSlice([]string{"WINDOWS", "AMAZON_LINUX", "UBUNTU", "REDHAT_ENTERPRISE_LINUX"}, false), + }, + + "approved_patches_compliance_level": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Default: "UNSPECIFIED", + ValidateFunc: validation.StringInSlice([]string{"CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL", "UNSPECIFIED"}, false), + }, }, } } @@ -105,6 +122,8 @@ func resourceAwsSsmPatchBaselineCreate(d *schema.ResourceData, meta interface{}) params := &ssm.CreatePatchBaselineInput{ Name: aws.String(d.Get("name").(string)), + ApprovedPatchesComplianceLevel: aws.String(d.Get("approved_patches_compliance_level").(string)), + OperatingSystem: aws.String(d.Get("operating_system").(string)), } if v, ok := d.GetOk("description"); ok { @@ -150,6 +169,8 @@ func resourceAwsSsmPatchBaselineRead(d *schema.ResourceData, meta interface{}) e d.Set("name", resp.Name) d.Set("description", resp.Description) + d.Set("operating_system", resp.OperatingSystem) + d.Set("approved_patches_compliance_level", resp.ApprovedPatchesComplianceLevel) d.Set("approved_patches", flattenStringList(resp.ApprovedPatches)) d.Set("rejected_patches", flattenStringList(resp.RejectedPatches)) diff --git a/aws/resource_aws_ssm_patch_baseline_test.go b/aws/resource_aws_ssm_patch_baseline_test.go index 6df3c627ba54..42a25a5747ad 100644 --- a/aws/resource_aws_ssm_patch_baseline_test.go +++ b/aws/resource_aws_ssm_patch_baseline_test.go @@ -48,6 +48,31 @@ func TestAccAWSSSMPatchBaseline_basic(t *testing.T) { }) } +func TestAccAWSSSMPatchBaselineWithOperatingSystem(t *testing.T) { + name := acctest.RandString(10) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSSSMPatchBaselineDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSSSMPatchBaselineConfigWithOperatingSystem(name), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSSSMPatchBaselineExists("aws_ssm_patch_baseline.foo"), + resource.TestCheckResourceAttr( + "aws_ssm_patch_baseline.foo", "approval_rule.#", "1"), + resource.TestCheckResourceAttr( + "aws_ssm_patch_baseline.foo", "approval_rule.0.approve_after_days", "7"), + resource.TestCheckResourceAttr( + "aws_ssm_patch_baseline.foo", "approval_rule.0.patch_filter.#", "2"), + resource.TestCheckResourceAttr( + "aws_ssm_patch_baseline.foo", "operating_system", "AMAZON_LINUX"), + ), + }, + }, + }) +} + func testAccCheckAWSSSMPatchBaselineExists(n string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -135,3 +160,28 @@ resource "aws_ssm_patch_baseline" "foo" { `, rName) } + +func testAccAWSSSMPatchBaselineConfigWithOperatingSystem(rName string) string { + return fmt.Sprintf(` + +resource "aws_ssm_patch_baseline" "foo" { + name = "patch-baseline-%s" + operating_system = "AMAZON_LINUX" + description = "Baseline containing all updates approved for production systems" + approval_rule { + approve_after_days = 7 + + patch_filter { + key = "PRODUCT" + values = ["AmazonLinux2016.03","AmazonLinux2016.09","AmazonLinux2017.03","AmazonLinux2017.09"] + } + + patch_filter { + key = "SEVERITY" + values = ["Critical","Important"] + } + } +} + +`, rName) +} diff --git a/website/docs/r/ssm_patch_baseline.html.markdown b/website/docs/r/ssm_patch_baseline.html.markdown index 48e224139e5a..a15755b50f6c 100644 --- a/website/docs/r/ssm_patch_baseline.html.markdown +++ b/website/docs/r/ssm_patch_baseline.html.markdown @@ -77,6 +77,8 @@ The following arguments are supported: * `name` - (Required) The name of the patch baseline. * `description` - (Optional) The description of the patch baseline. +* `operating_system` - (Optional) Defines the operating system the patch baseline applies to. Supported operating systems include `WINDOWS`, `AMAZON_LINUX`, `UBUNTU` and `REDHAT_ENTERPRISE_LINUX`. The Default value is `WINDOWS`. +* `approved_patches_compliance_level` - (Optional) Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance severity levels include the following: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFORMATIONAL`, `UNSPECIFIED`. The default value is `UNSPECIFIED`. * `approved_patches` - (Optional) A list of explicitly approved patches for the baseline. * `rejected_patches` - (Optional) A list of rejected patches. * `global_filter` - (Optional) A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are `PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID`.