Merge pull request #29 from trendmicro/gcp_acc_doc_update

Gcp acc doc update

CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.4.2
+* Made GCP private key sensitive through schema
+* GCP Account Doc
+* conformity_azure_account: environment field should not be required
+
 ## 0.4.1
 * GCP read issue fixed
 * Cloudone URL changes and region support

conformity/resource_azure_account.go

@@ -22,7 +22,7 @@ func resourceAzureAccount() *schema.Resource {
  },
  "environment": {
  Type: schema.TypeString,
- Required: true,
+ Optional: true,
  },
  "subscription_id": {
  Type: schema.TypeString,

conformity/resource_gcp_org.go

@@ -34,6 +34,7 @@ func resourceGCPOrg() *schema.Resource {
  "private_key": {
  Type: schema.TypeString,
  Required: true,
+ Sensitive: true,
  },
  "client_email": {
  Type: schema.TypeString,

docs/guides/aws/aws_provider.md

@@ -32,7 +32,6 @@ Note: You can always change the values declared according to your choice.
 terraform {
  required_providers {
  conformity = {
- version = "0.4.1"
  source = "trendmicro/conformity"
  }
  aws = {

docs/guides/azure/azure_provider.md

@@ -32,7 +32,6 @@ Note: You can always change the values declared according to your choice.
 terraform {
  required_providers {
  conformity = {
- version = "0.4.1"
  source = "trendmicro/conformity"
  }
  }

docs/guides/communication_setting/communication_setting_provider.md

@@ -29,7 +29,6 @@ Note: You can always change the values declared according to your choice.
 terraform {
  required_providers {
  conformity = {
- version = "0.4.1"
  source = "trendmicro/conformity"
  }
  }

docs/guides/group/group_provider.md

@@ -36,7 +36,6 @@ Note: You can always change the values declared according to your choice.
 terraform {
  required_providers {
  conformity = {
- version = "0.4.1"
  source = "trendmicro/conformity"
  }
  }

docs/guides/profile_settings/profile_settings_provider.md

@@ -29,7 +29,6 @@ Note: You can always change the values declared according to your choice.
 terraform {
  required_providers {
  conformity = {
- version = "0.4.1"
  source = "trendmicro/conformity"
  }
  }

docs/guides/report_config/report_config_provider.md

@@ -29,7 +29,6 @@ Note: You can always change the values declared according to your choice.
 terraform {
  required_providers {
  conformity = {
- version = "0.4.1"
  source = "trendmicro/conformity"
  }
  }

docs/guides/sso_user/sso_user_provider.md

@@ -44,7 +44,6 @@ Note: You can always change the values declared according to your choice.
 terraform {
  required_providers {
  conformity = {
- version = "0.4.1"
  source = "trendmicro/conformity"
  }
  }

docs/guides/user/user_provider.md

@@ -44,7 +44,6 @@ Note: You can always change the values declared according to your choice.
 terraform {
  required_providers {
  conformity = {
- version = "0.4.1"
  source = "trendmicro/conformity"
  }
  }

docs/index.md

@@ -77,7 +77,7 @@ provider "aws" {
 terraform {
  required_providers {
  conformity = {
- version = "0.4.1"
+ version = "0.4.2"
  source = "trendmicro/conformity"
  }
  aws = {

docs/resources/aws_cloudformation_stack.md

@@ -47,14 +47,13 @@ terraform import aws_cloudformation_stack.stack CloudConformity
 | Name | Version |
 |------|---------|
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.44.0 |
-| <a name="requirement_conformity"></a> [conformity](#requirement\_conformity) | 0.4.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.44.0 |
-| <a name="provider_conformity"></a> [conformity](#provider\_conformity) | 0.4.1 |
+
 
 ## Resources
 

docs/resources/conformity_aws_account.md

@@ -263,14 +263,14 @@ terraform show -no-color >> main.tf
 | Name | Version |
 |------|---------|
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.44.0 |
-| <a name="requirement_conformity"></a> [conformity](#requirement\_conformity) | 0.4.1 |
+
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.44.0 |
-| <a name="provider_conformity"></a> [conformity](#provider\_conformity) | 0.4.1 |
+
 
 ## Resources
 

docs/resources/conformity_azure_account.md

@@ -130,15 +130,3 @@ Run `terraform show -no-color >> main.tf` to import the resources on the `main.t
 ```hcl
 terraform show -no-color >> main.tf
 ```
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_conformity"></a> [conformity](#requirement\_conformity) | 0.4.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_conformity"></a> [conformity](#provider\_conformity) | 0.4.1 |

docs/resources/conformity_communication_settings.md

@@ -154,15 +154,3 @@ Run `terraform show -no-color >> main.tf` to import the resources on the `main.t
 ```hcl
 terraform show -no-color >> main.tf
 ```
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_conformity"></a> [conformity](#requirement\_conformity) | 0.4.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_conformity"></a> [conformity](#provider\_conformity) | 0.4.1 |

docs/resources/conformity_gcp_account.md

@@ -0,0 +1,120 @@
+---
+page_title: "conformity_gcp_account Resource"
+subcategory: "GCP"
+description: |-
+ Provides a Conformity Account.
+---
+
+# Resource `conformity_gcp_account`
+Provides a Conformity GCP Account.
+
+## Example Usage With GCP Conformity To Create Account Only
+```hcl
+
+resource "conformity_gcp_account" "gcp" {
+ name = "MyProject"
+ project_id = "conformity-346910"
+ project_name = "conformity"
+ service_account_unique_id = "10307221"
+ environment = "dev"
+ tags = ["staging"]
+ settings {
+ bot {
+ delay = 1
+ disabled = false
+ disabled_regions = [ "ap-east-1", "ap-south-1" ]
+ }
+ // implement multiple-object-values
+ rule {
+ rule_id = "CloudAPI-001"
+ settings {
+ enabled = true
+ risk_level = "MEDIUM"
+ extra_settings {
+ name = "rotatingPeriod"
+ type = "single-number-value"
+ value = 90
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument reference
+ - `name` (String) - (Required) The name of your account.
+ - `environment` (String) - (Required) The environment for your account.
+ - `projectId` (String) - (Required) The ID of your GCP Project.
+ - `projectName` (String) - (Required) The name of your GCP Project.
+ - `serviceAccountUniqueId` (String) - (Required) The unique ID of your GCP Service Account.
+ - `settings` - (Optional) List: (Can be multiple declaration)
+
+ Inside `settings` there can be a `bot` set.
+
+ - `bot` - (Optional) List: (Can be multiple declaration)
+ * `disabled` (Bool) - (Optional) True to disable or false to enable the Conformity Bot.
+ * `disabled_regions` (Array of Strings) - (Optional) - Possible values are "af-south-1", "ap-east-1", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ca-central-1", "eu-central-1", "eu-north-1", "eu-south-1", "eu-west-1", "eu-west-2", "eu-west-3", "me-south-1", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2". This field can only be applied to AWS accounts. An attribute object containing a list of AWS regions for which Conformity Bot runs will be disabled.
+ * `delay` (Int) - (Optional) Sets the number of hours delay between Conformity Bot runs.
+
+ - `settings` - (Optional)
+ * `enabled` (Bool) - (Optional) True for inclusion in bot detection, false for exclusion.
+ * `rule_exists` (Bool) - (Optional) True if rule exists.
+ * `risk_level` (String) - (Optional) - Risk level of the Conformity rule. Enum: "LOW" "MEDIUM" "HIGH" "VERY_HIGH" "EXTREME"
+
+ Inside `settings` under `rule` set, there can be one `exceptions` set. 
+
+ - `exceptions` - (Optional) List: 
+ * `filter_tags` (Array of Strings)- (Optional) An array of resource tags, resource tag keys or resource tag values that are exempted from the rule when it runs, e.g filterTags ["dev"] will exempt resource with tag "environment::dev from the rule".
+ * `resources` (Array of Strings) - (Optional) An array of resource IDs that are exempted from the rule when it runs.
+ * `tags` (Array of Strings) - (Optional) An array of resource tags that are exempted from the rule when it runs.
+
+ Inside `settings` under `rule` set, there can be multiple `extra_settings` set. 
+
+ - `extra_settings` - (Optional) List: (Can be multiple declaration)
+ * `name` (String) - (Optional) (Keyword) Name of the extra setting.
+ * `type` (String) - (Required) Rule specific property. Values can be: "multiple-string-values", "multiple-number-values" "multiple-aws-account-values", "choice-multiple-value" "choice-single-value", "single-number-value", "single-string-value", "ttl", "single-value-regex", "countries", "multiple-ip-values", and "tags".
+ * `value` (String) - (Optional) Customisable value for rules that take on single name/value pairs.
+ * `regions` (Array of Strings) - (Optional) Rule specific property.
+ * `multiple-object-values` (Array of Strings) - (Optional) Rule specific property.
+
+ Inside `extra_settings` under `settings` of `rule` set, there can be multiple declaration of `multiple-object-values` set.
+
+ - `multiple-object-values` - (Optional) List: (Can be multiple declaration). 
+ * `event_name` (String) - (Optional) Name of the event.
+ * `event_source` (String) - (Optional) Name of the event source
+ * `user_identity_type` (String) - (Required) Type of the Identity of the user.
+
+ Inside `extra_settings` under `settings` of `rule` set, there can be multiple declaration of `mappings` set. And under `mappings` set, here can be multiple declaration of `values` set.
+
+ - `values` - (Required) List: (Can be multiple declaration). An array (sometimes of objects) rules that take on a set of of values
+ * `name` (String) - (Optional) (Keyword) Name of the values.
+ * `type` (String) - (Required) Rule specific property. Values can be: "multiple-string-values", "multiple-number-values" "multiple-aws-account-values", "choice-multiple-value" "choice-single-value", "single-number-value", "single-string-value", "ttl", "single-value-regex", "countries", "multiple-ip-values", and "tags".
+ * `value` (String) - (Required) Description of the checkbox.
+ Note: `values` is required when you use `mappings`.
+
+ Inside `values`, there can be multiple declaration of `values` set.
+
+ - `values` - (Required) List: (Can be multiple declaration).
+ * `value` (String) - (Required) Description of the checkbox.
+ Note: If inside the `values` under the `mappings` has set `values` declared, you cannot use `value` anymore. Inside mappings, its either `values` with `values` set inside it or `values` with declared `value` inside it.
+
+  Note: There is a condition for `type` attribute. If the specified is attribute is `value`, the possible values are "single-number-value", "single-string-value", "single-value-regex" and "ttl". If the specified is attribute is `values`, the declaration of it is inside the extra settings which can be a list and the possible values are "choice-multiple-value", "choice-single-value", "multiple-string-values", "multiple-number-values", "countries", "multiple-ip-values", "multiple-aws-account-values" and "tags". You cannot declare both `values` and `value` at the same time.See the table below:
+
+| type | possible value | Sample declaration |
+|----------|-------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `value` | single-number-value, single-string-value, single-value-regex, ttl | included { …. exceptions { …. } extra_settings { …. type = "ttl" value = "72" } } |
+| `values` | choice-multiple-value, choice-single-value, multiple-string-values, multiple-number-values, countries, multiple-ip-values, multiple-aws-account-values, tags | included { …. exceptions { …. } extra_settings { …. type = "choice-multiple-value" values { …. 
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+ - `id` - The ID of the AWS account in Conformity managed by this resource
+
+Example usage on the template:
+
+```hcl
+account {
+ id = conformity_aws_account.aws.id
+}
+```

docs/resources/conformity_gcp_org.md

@@ -0,0 +1,33 @@
+---
+page_title: "conformity_gcp_org Resource"
+subcategory: "GCP"
+description: |-
+ Provides a Conformity Organisation.
+---
+
+# Resource `conformity_gcp_org`
+Provides a Conformity GCP Organisation.
+
+## Example Usage With GCP Conformity To Create Account Only
+```hcl
+
+resource "conformity_gcp_org" "gcp_org" {
+ private_key = "privetkey"
+ service_account_name = "MySubscription"
+ type = "service_account"
+ project_id = "conformity-346910"
+ private_key_id = "c1c3688e7c"
+ client_email = "iam.gserviceaccount.com"
+ client_id = "811129548"
+ auth_uri = "https://accounts.google.com/o/oauth2/auth"
+ token_uri = "https://oauth2.googleapis.com/token"
+ auth_provider_x509_cert_url = "https://www.googleapis.com/oauth2/v1/certs"
+ client_x509_cert_url = "https://www.googleapis.com/robot/v1/metadata/x509/cloud-one-conformity-bot%40conformity-346910.iam.gserviceaccount.com"
+}
+```
+
+## Argument reference
+ - `serviceAccountName` (String) - (Required) The name of your organisation.
+
+ Other details you will get it from `serviceAccountKeyJson`
+

docs/resources/conformity_group.md

@@ -59,15 +59,3 @@ Run `terraform show -no-color >> main.tf` to import the resources on the `main.t
 ```hcl
 terraform show -no-color >> main.tf
 ```
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_conformity"></a> [conformity](#requirement\_conformity) | 0.4.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_conformity"></a> [conformity](#provider\_conformity) | 0.4.1 |

docs/resources/conformity_profile.md

@@ -167,15 +167,3 @@ Run `terraform show -no-color >> main.tf` to import the resources on the `main.t
 ```hcl
 terraform show -no-color >> main.tf
 ```
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_conformity"></a> [conformity](#requirement\_conformity) | 0.4.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_conformity"></a> [conformity](#provider\_conformity) | 0.4.1 |

docs/resources/conformity_report_config.md

@@ -127,15 +127,3 @@ Run `terraform show -no-color >> main.tf` to import the resources on the `main.t
 ```hcl
 terraform show -no-color >> main.tf
 ```
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_conformity"></a> [conformity](#requirement\_conformity) | 0.4.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_conformity"></a> [conformity](#provider\_conformity) | 0.4.1 |

docs/resources/conformity_sso_user.md

@@ -83,15 +83,3 @@ Run `terraform show -no-color >> main.tf` to import the resources on the `main.t
 ```hcl
 terraform show -no-color >> main.tf
 ```
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_conformity"></a> [conformity](#requirement\_conformity) | 0.4.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_conformity"></a> [conformity](#provider\_conformity) | 0.4.1 |