Formatting and complete example coverage for resources.

docs/resources/image_assurance_policy.md

@@ -44,7 +44,7 @@ Aqua Image Assurance covers the first part of the container lifecycle: image dev
 - `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant.
 - `cves_white_list` (List of String) List of cves whitelisted licenses
 - `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant.
-- `cvss_severity` (String) Identifier of the cvss severity.
+- `cvss_severity` (String) Identifier of the cvss severity. Only applied if `cvss_severity_enabled` is set to `true`. Valid options: `critical`, `high`, `medium`, `low`.
 - `cvss_severity_enabled` (Boolean) Indicates if the cvss severity is scanned.
 - `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore cvss cases that do not have a known fix.
 - `description` (String)

examples/data-sources/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aquasec = {
       //      version = "0.8.27"
-      source  = "aquasecurity/aquasec"
+      source = "aquasecurity/aquasec"
     }
   }
 }
@@ -37,17 +37,17 @@ output "service" {
 }
 
 data "aquasec_enforcer_groups" "testegdata" {
-	group_id = "default"
+  group_id = "default"
 }
 
-output "enforcergroups"{
+output "enforcergroups" {
   value = data.aquasec_enforcer_groups.testegdata
 }
 
 data "aquasec_image" "test" {
-  registry = "Docker Hub"
+  registry   = "Docker Hub"
   repository = "elasticsearch"
-  tag = "7.10.1"
+  tag        = "7.10.1"
 }
 
 output "image" {
@@ -87,7 +87,7 @@ output "gateways" {
 }
 
 data "aquasec_image_assurance_policy" "default-iap" {
-    name = "DTA"
+  name = "DTA"
 }
 
 output "image-assurance" {
@@ -106,23 +106,23 @@ output "permissions_sets_names" {
 
 
 data "aquasec_host_assurance_policy" "default-hap" {
-    name = "Default"
+  name = "Default"
 }
 
 output "host-assurance" {
   value = data.aquasec_host_assurance_policy.default-hap
 }
 
 data "aquasec_function_assurance_policy" "default-fap" {
-    name = "Default"
+  name = "Default"
 }
 
 output "function-assurance" {
   value = data.aquasec_function_assurance_policy.default-fap
 }
 
 data "aquasec_application_scope" "default" {
-    name = "Global"
+  name = "Global"
 }
 
 output "scopes" {

examples/provider/provider.tf

@@ -8,12 +8,12 @@ terraform {
 }
 
 provider "aquasec" {
-username = "IaC"                    // Alternatively sourced from $AQUA_USER
-  aqua_url = "https://aquaurl.com"  // Alternatively sourced from $AQUA_URL
-  password = "@password"            // Alternatively sourced from $AQUA_PASSWORD
+  username = "IaC"                 // Alternatively sourced from $AQUA_USER
+  aqua_url = "https://aquaurl.com" // Alternatively sourced from $AQUA_URL
+  password = "@password"           // Alternatively sourced from $AQUA_PASSWORD
 
   // If you are using unverifiable certificates (e.g. self-signed) you may need to disable certificate verification
-  verify_tls = false                // Alternatively sourced from $AQUA_TLS_VERIFY
+  verify_tls = false // Alternatively sourced from $AQUA_TLS_VERIFY
 
   // Alternatively, you can provide these configurations from a config file, and configure the provider as below
   // config_path = '/path/to/tf.config' // defaults to '~/.aqua/tf.config' -- Alternatively sourced from $AQUA_CONFIG

examples/resources/aquasec_acknowledge/resource.tf

@@ -1,28 +1,28 @@
 resource "aquasec_acknowledge" "acknowledge" {
-    comment = "comment"
-    issues {
-        docker_id = ""
-        image_name = "image:latest"
-        issue_name = "CVE-2022-1271"
-        issue_type = "vulnerability"
-        registry_name = "registry"
-        resource_cpe = "cpe:/a:gnu:gzip:1.10"
-        resource_name = "gzip"
-        resource_path = "/usr/bin/gzip"
-        resource_type = "executable"
-        resource_version = "1.10"
-    }
+  comment = "comment"
+  issues {
+    docker_id        = ""
+    image_name       = "image:latest"
+    issue_name       = "CVE-2022-1271"
+    issue_type       = "vulnerability"
+    registry_name    = "registry"
+    resource_cpe     = "cpe:/a:gnu:gzip:1.10"
+    resource_name    = "gzip"
+    resource_path    = "/usr/bin/gzip"
+    resource_type    = "executable"
+    resource_version = "1.10"
+  }
 
-    issues {
-        docker_id = "docker-id"
-        image_name = "image-name"
-        issue_name = "ALAS2-2021-1722"
-        issue_type = "vulnerability"
-        registry_name = "registry-name"
-        resource_cpe = "pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2"
-        resource_name = "nss-softokn"
-        resource_path = ""
-        resource_type = "package"
-        resource_version = "3.44.0-8.amzn2"
-    }
+  issues {
+    docker_id        = "docker-id"
+    image_name       = "image-name"
+    issue_name       = "ALAS2-2021-1722"
+    issue_type       = "vulnerability"
+    registry_name    = "registry-name"
+    resource_cpe     = "pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2"
+    resource_name    = "nss-softokn"
+    resource_path    = ""
+    resource_type    = "package"
+    resource_version = "3.44.0-8.amzn2"
+  }
 }

examples/resources/aquasec_application_scope/resource.tf

@@ -1,48 +1,48 @@
 resource "aquasec_application_scope" "terraformiap" {
-    description = "test123"
-    name        = "test18"
-    // Categories is a nested block of artifacts, workloads and infrastructure
-    categories {
-        // Artifacts is a nested block of Image, Function, CF
-        artifacts {
-            // Every object requires expression(logical combinations of variables v1, v2, v3...) and list of variables consists of attribute(pre-defined) and value
-            image {
-                expression = "v1 && v2"
-                variables {
-                    attribute = "aqua.registry"
-                    value     = "test-registry"
-                }
-                variables {
-                    attribute = "image.repo"
-                    value     = "nginx"
-                }
-            }
+  description = "test123"
+  name        = "test18"
+  // Categories is a nested block of artifacts, workloads and infrastructure
+  categories {
+    // Artifacts is a nested block of Image, Function, CF
+    artifacts {
+      // Every object requires expression(logical combinations of variables v1, v2, v3...) and list of variables consists of attribute(pre-defined) and value
+      image {
+        expression = "v1 && v2"
+        variables {
+          attribute = "aqua.registry"
+          value     = "test-registry"
         }
-        // Workloads is a nested block of Kubernetes, OS, CF
-        workloads {
-            // Every object requires expression(logical combinations of variables v1, v2, v3...) and list of variables consists of attribute(pre-defined) and value
-            kubernetes {
-                expression = "v1 && v2"
-                variables {
-                    attribute = "kubernetes.cluster"
-                    value     = "aqua"
-                }
-                variables {
-                    attribute = "kubernetes.namespace"
-                    value     = "aqua"
-                }
-            }
+        variables {
+          attribute = "image.repo"
+          value     = "nginx"
         }
-        // Infrastructure is a nested block of Kubernetes, OS
-        infrastructure {
-            // Every object requires expression and list of variables consists of attribute(pre-defined) and value
-            kubernetes {
-                expression = "v1"
-                variables {
-                    attribute = "kubernetes.cluster"
-                    value     = "aqua"
-                }
-            }
+      }
+    }
+    // Workloads is a nested block of Kubernetes, OS, CF
+    workloads {
+      // Every object requires expression(logical combinations of variables v1, v2, v3...) and list of variables consists of attribute(pre-defined) and value
+      kubernetes {
+        expression = "v1 && v2"
+        variables {
+          attribute = "kubernetes.cluster"
+          value     = "aqua"
+        }
+        variables {
+          attribute = "kubernetes.namespace"
+          value     = "aqua"
+        }
+      }
+    }
+    // Infrastructure is a nested block of Kubernetes, OS
+    infrastructure {
+      // Every object requires expression and list of variables consists of attribute(pre-defined) and value
+      kubernetes {
+        expression = "v1"
+        variables {
+          attribute = "kubernetes.cluster"
+          value     = "aqua"
         }
+      }
     }
+  }
 }

examples/resources/aquasec_aqua_label/resource.tf

@@ -0,0 +1,4 @@
+resource "aquasec_aqua_label" "aqua_label" {
+  name        = "example_label"
+  description = "example_description"
+}

examples/resources/aquasec_container_runtime_policy/resource.tf

@@ -1,31 +1,31 @@
 resource "aquasec_container_runtime_policy" "container_runtime_policy" {
-  name = "container_runtime_policy"
-  description = "container_runtime_policy"
+  name             = "container_runtime_policy"
+  description      = "container_runtime_policy"
   scope_expression = "v1 || v2"
   scope_variables {
     attribute = "kubernetes.cluster"
-    value = "default"
+    value     = "default"
   }
   scope_variables {
-      attribute = "kubernetes.label"
-      name = "app"
-      value = "aqua"
+    attribute = "kubernetes.label"
+    name      = "app"
+    value     = "aqua"
   }
 
   application_scopes = [
     "Global",
   ]
-  enabled = true
-  enforce = false
-  block_container_exec          = true
+  enabled              = true
+  enforce              = false
+  block_container_exec = true
   container_exec_allowed_processes = [
     "proc1",
     "proc2"
   ]
-  block_cryptocurrency_mining = true
-  block_fileless_exec = true
+  block_cryptocurrency_mining   = true
+  block_fileless_exec           = true
   block_non_compliant_workloads = true
-  block_non_k8s_containers = true
+  block_non_k8s_containers      = true
   blocked_capabilities = [
     "AUDIT_CONTROL",
     "AUDIT_WRITE"
@@ -44,7 +44,7 @@ resource "aquasec_container_runtime_policy" "container_runtime_policy" {
   ]
   malware_scan_options {
     enabled = true
-    action = "alert"
+    action  = "alert"
     #exclude_directories = [ "/var/run/" ]
   }
   file_integrity_monitoring {
@@ -60,21 +60,21 @@ resource "aquasec_container_runtime_policy" "container_runtime_policy" {
     monitored_users     = ["user"]
     excluded_users      = ["expuser"]
   }
-  audit_all_processes_activity  = true
-  audit_full_command_arguments  = true
-  audit_all_network_activity    = true
-  enable_fork_guard             = true
-  fork_guard_process_limit      = 13
-  block_access_host_network     = true
-  block_adding_capabilities     = true
-  block_root_user               = true
-  block_privileged_containers   = true
-  block_use_ipc_namespace       = true
-  block_use_pid_namespace       = true
-  block_use_user_namespace      = true
-  block_use_uts_namespace       = true
-  block_low_port_binding        = true
-  limit_new_privileges          = true
+  audit_all_processes_activity = true
+  audit_full_command_arguments = true
+  audit_all_network_activity   = true
+  enable_fork_guard            = true
+  fork_guard_process_limit     = 13
+  block_access_host_network    = true
+  block_adding_capabilities    = true
+  block_root_user              = true
+  block_privileged_containers  = true
+  block_use_ipc_namespace      = true
+  block_use_pid_namespace      = true
+  block_use_user_namespace     = true
+  block_use_uts_namespace      = true
+  block_low_port_binding       = true
+  limit_new_privileges         = true
   blocked_packages = [
     "pkg",
     "pkg2"