Add audit events data source and runable audit example

Author: ccushing

docs/Table of Contents.md

@@ -3,6 +3,7 @@
 This lists all of the available OCI resources and/or data sources.
 
 * **Audit**
+    * [Audit Events](audit/audit_events.md)
     * [Configurations](audit/configurations.md)
 * **Core**
     * [Boot Volume Attachments](core/boot_volume_attachments.md)

docs/audit/audit_events.md

@@ -0,0 +1,55 @@
+
+# oci_audit_events
+
+## AuditEvent DataSource
+
+Gets a list of audit_events.
+
+### List Operation
+Returns all audit events for the specified compartment that were processed within the specified time range.
+The following arguments are supported:
+
+* `compartment_id` - (Required) The OCID of the compartment.
+* `end_time` - (Required) Returns events that were processed before this end date and time, expressed in [RFC 3339](https://tools.ietf.org/html/rfc3339) timestamp format. For example, a start value of `2017-01-01T00:00:00Z` and an end value of `2017-01-02T00:00:00Z` will retrieve a list of all events processed on January 1, 2017. Similarly, a start value of `2017-01-01T00:00:00Z` and an end value of `2017-02-01T00:00:00Z` will result in a list of all events processed between January 1, 2017 and January 31, 2017. You can specify a value with granularity to the minute. Seconds (and milliseconds, if included) must be set to `0`. 
+* `start_time` - (Required) Returns events that were processed at or after this start date and time, expressed in [RFC 3339](https://tools.ietf.org/html/rfc3339) timestamp format. For example, a start value of `2017-01-15T11:30:00Z` will retrieve a list of all events processed since 30 minutes after the 11th hour of January 15, 2017, in Coordinated Universal Time (UTC). You can specify a value with granularity to the minute. Seconds (and milliseconds, if included) must be set to `0`.
+* `limit` - (Optional) The number of pages of events to request from the service. Default to 1. Large `start_time` and `end_time` ranges or very active tenancies may result in very large data sets that could cause performance issues running Terraform commands. This default value mitigates that risk by requiring intentionally setting a higher tolerance for slow running Terarform commands with potentially large statefiles.
+
+
+The following attributes are exported:
+
+* `audit_events` - The list of audit_events.
+
+### Example Usage
+
+```hcl
+data "oci_audit_events" "test_audit_events" {
+	#Required
+	compartment_id = "${var.compartment_id}"
+	end_time = "${var.audit_event_end_time}"
+	start_time = "${var.audit_event_start_time}"
+}
+```
+### AuditEvent Reference
+
+The following attributes are exported:
+
+* `compartment_id` - The OCID of the compartment.
+* `credential_id` - The credential ID of the user. This value is extracted from the HTTP 'Authorization' request header. It consists of the tenantId, userId, and user fingerprint, all delimited by a slash (/).
+* `event_id` - The GUID of the event.
+* `event_name` - The name of the event. Example: `LaunchInstance` 
+* `event_source` - The source of the event.
+* `event_time` - The time the event occurred, expressed in [RFC 3339](https://tools.ietf.org/html/rfc3339) timestamp format.
+* `event_type` - The type of the event.
+* `principal_id` - The OCID of the user whose action triggered the event.
+* `request_action` - The HTTP method of the request.
+* `request_agent` - The user agent of the client that made the request.
+* `request_headers` - The HTTP header fields and values in the request.
+* `request_id` - The opc-request-id of the request.
+* `request_origin` - The IP address of the source of the request.
+* `request_parameters` - The query parameter fields and values for the request.
+* `request_resource` - The resource targeted by the request.
+* `response_headers` - The headers of the response.
+* `response_payload` - Metadata of interest from the response payload. For example, the OCID of a resource.
+* `response_status` - The status code of the response.
+* `response_time` - The time of the response to the audited request, expressed in [RFC 3339](https://tools.ietf.org/html/rfc3339) timestamp format.
+* `tenant_id` - The OCID of the tenant.

docs/examples/audit/main.tf

@@ -0,0 +1,49 @@
+
+/*
+ * This example shows how to use the audit_configuration Resource to set the event retention period and list events with
+ * the audit_events Data Source.
+ */
+
+// These variables would commonly be defined as environment variables or sourced in a .env file
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "compartment_ocid" {}
+variable "region" {}
+
+
+provider "oci" {
+  region = "${var.region}"
+  tenancy_ocid = "${var.tenancy_ocid}"
+  user_ocid = "${var.user_ocid}"
+  fingerprint = "${var.fingerprint}"
+  private_key_path = "${var.private_key_path}"
+}
+
+
+resource "oci_audit_configuration" "audit_configuration" {
+  compartment_id = "${var.tenancy_ocid}"
+  retention_period_days = "99"
+}
+
+data "oci_audit_configuration" "audit_configuration" {
+  compartment_id = "${var.tenancy_ocid}"
+}
+
+output "retention_period_days" {
+  value = "${data.oci_audit_configuration.audit_configuration.retention_period_days}"
+}
+
+
+data "oci_audit_events" "audit_events" {
+  compartment_id = "${var.compartment_ocid}"
+  # NOTE: These dates should be updated to applicable ranges of events within your tenancy.
+  # CAUTION: Specifying wide date ranges may pull excessively large sets of event data from the Audit service.
+  start_time = "${timeadd(timestamp(), "-1m")}"
+  end_time = "${timestamp()}"
+}
+
+output "audit_events" {
+  value = "${data.oci_audit_events.audit_events.audit_events}"
+}

provider/audit_event_test.go

@@ -0,0 +1,56 @@
+// Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+
+package provider
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+const (
+	AuditEventResourceConfig = AuditEventResourceDependencies + `
+
+`
+	AuditEventResourceDependencies = ""
+)
+
+func TestAuditEventResource_basic(t *testing.T) {
+	provider := testAccProvider
+	config := testProviderConfig()
+
+	compartmentId := getEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	datasourceName := "data.oci_audit_events.test_audit_events"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() { testAccPreCheck(t) },
+		Providers: map[string]terraform.ResourceProvider{
+			"oci": provider,
+		},
+		Steps: []resource.TestStep{
+			// verify datasource
+			{
+				Config: config + `
+data "oci_audit_events" "test_audit_events" {
+	#Required
+	compartment_id = "${var.compartment_id}"
+	end_time = "${timestamp()}"
+	start_time = "${timeadd(timestamp(), "-1m")}"
+	limit = "1"
+}
+                ` + compartmentIdVariableStr + AuditEventResourceConfig,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(datasourceName, "compartment_id", compartmentId),
+					resource.TestCheckResourceAttrSet(datasourceName, "end_time"),
+					resource.TestCheckResourceAttrSet(datasourceName, "start_time"),
+
+					resource.TestCheckResourceAttrSet(datasourceName, "audit_events.#"),
+				),
+			},
+		},
+	})
+}