Fix account settings: rule extraSettings item (#62)

* Fix bug for account-settings tags field in extraSettings * Update the example of aws account rule settings * Update doc
trendmicro · Jul 28, 2023 · 3ab0f9a · 3ab0f9a
1 parent 3984941
commit 3ab0f9a
Show file tree

Hide file tree

Showing 4 changed files with 224 additions and 135 deletions.
diff --git a/conformity/account_settings.go b/conformity/account_settings.go
@@ -127,6 +127,9 @@ func flattenExtraSettings(extra []*cloudconformity.RuleSettingExtra) []interface
 
 				e["multiple_object_values"] = flattenRuleMultipleObject(values[0].(map[string]interface{}))
 
+			case "tags":
+				e["tags"] = expandStringList(values)
+
 			default:
 
 				e["values"] = flattenRuleValues(values)
@@ -398,7 +401,6 @@ func processRuleExtraSettings(es []interface{}) []cloudconformity.RuleSettingExt
 		switch extraSetting[i].Type {
 
 		case "single-string-value", "single-number-value", "ttl", "single-value-regex":
-
 			extraSetting[i].Value = item["value"].(string)
 
 		case "regions":
@@ -407,6 +409,14 @@ func processRuleExtraSettings(es []interface{}) []cloudconformity.RuleSettingExt
 			regions := true
 			extraSetting[i].Regions = &regions
 
+		case "ignored-regions":
+
+			extraSetting[i].Values = expandStringList(item["regions"].(*schema.Set).List())
+
+		case "tags":
+
+			extraSetting[i].Values = expandStringList(item["tags"].(*schema.Set).List())
+
 		case "multiple-object-values":
 
 			extraSetting[i].Values = processRuleMultipleIp(item["multiple_object_values"].(*schema.Set).List())

diff --git a/conformity/rule_settings_schema.go b/conformity/rule_settings_schema.go
@@ -56,7 +56,7 @@ func ExtraSettingSchema() *schema.Schema {
 					Required: true,
 					ValidateFunc: validation.StringInSlice([]string{"multiple-string-values", "multiple-number-values", "multiple-aws-account-values",
 						"choice-multiple-value", "choice-single-value", "single-number-value", "single-string-value", "ttl", "single-value-regex", "tags",
-						"countries", "multiple-ip-values", "regions", "multiple-object-values", "multiple-vpc-gateway-mappings"}, true),
+						"countries", "multiple-ip-values", "regions", "ignored-regions", "multiple-object-values", "multiple-vpc-gateway-mappings"}, true),
 				},
 				"value": {
 					Type:     schema.TypeString,
@@ -71,6 +71,13 @@ func ExtraSettingSchema() *schema.Schema {
 						// region should follow the correct syntax
 					},
 				},
+				"tags": {
+					Type:     schema.TypeSet,
+					Optional: true,
+					Elem: &schema.Schema{
+						Type: schema.TypeString,
+					},
+				},
 				"multiple_object_values": {
 					Type:     schema.TypeSet,
 					Optional: true,

diff --git a/docs/resources/conformity_aws_account.md b/docs/resources/conformity_aws_account.md
@@ -142,6 +142,42 @@ resource "conformity_aws_account" "aws" {
                 }
             }
         }
+        // implement ignored-regions
+        rule {
+            rule_id = "Config-001"
+            settings {
+                enabled     = true
+                risk_level  = "HIGH"
+
+                extra_settings {
+                    name = "ignoredRegions"
+                    regions = [
+                        "ap-southeast-2",
+                        "us-west-2",
+                        "us-east-2"
+                    ]
+                    type = "ignored-regions"
+                }
+            }
+        }
+        // implement tags
+        rule {
+            rule_id = "CWE-002"
+            settings {
+                enabled     = true
+                risk_level  = "HIGH"
+
+                extra_settings {
+                    name = "accountTags"
+                    tags = [
+                        "Ta1",
+                        "Ta2",
+                        "Ta3"
+                    ]
+                    type = "tags"
+                }
+            }
+        }
     }
 }
 ```