Support for vulnerability scanning- container scan recipes and targets

Author: varmax2511

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ### Added
 - Support for service AI Anomaly detection added
+- Support for container scan recipe and target for vulnerability scanning.
 
 ## 4.39.0 (August 11, 2021)
 

examples/vulnerability_scanning_service/main.tf

@@ -22,6 +22,9 @@ variable "host_scan_instance_ocid" {
 
 }
 
+variable "container_repo_name" {
+
+}
 
 provider "oci" {
   tenancy_ocid     = var.tenancy_ocid
@@ -79,3 +82,36 @@ resource "oci_vulnerability_scanning_host_scan_target" "test_host_scan_target" {
   freeform_tags = {"bar-key"= "value"}
   instance_ids = [var.host_scan_instance_ocid]
 }
+
+resource "oci_vulnerability_scanning_container_scan_target" "test_container_scan_target" {
+  #Required
+  compartment_id = var.compartment_ocid
+  container_scan_recipe_id = oci_vulnerability_scanning_container_scan_recipe.test_container_scan_recipe.id
+  target_registry {
+    #Required
+    compartment_id = var.compartment_ocid
+    type = "OCIR"
+
+    #Optional
+    repositories = [var.container_repo_name]
+    url = "https://us-ashburn-1.ocir.io/"
+  }
+
+  #Optional
+  description = "Container scan target example"
+  display_name = "TestContainerScanTarget"
+}
+
+resource "oci_vulnerability_scanning_container_scan_recipe" "test_container_scan_recipe" {
+  #Required
+  compartment_id = var.compartment_ocid
+  scan_settings {
+    #Required
+    scan_level = "NONE"
+  }
+
+  #Optional
+  defined_tags = {"foo-namespace.bar-key"= "value"}
+  display_name = "TestContainerScanRecipe"
+  freeform_tags = {"bar-key"= "value"}
+}

oci/export_definitions.go

@@ -2362,6 +2362,30 @@ var exportVulnerabilityScanningHostScanTargetHints = &TerraformResourceHints{
 	},
 }
 
+var exportVulnerabilityScanningContainerScanRecipeHints = &TerraformResourceHints{
+	resourceClass:          "oci_vulnerability_scanning_container_scan_recipe",
+	datasourceClass:        "oci_vulnerability_scanning_container_scan_recipes",
+	datasourceItemsAttr:    "container_scan_recipe_summary_collection",
+	isDatasourceCollection: true,
+	resourceAbbreviation:   "container_scan_recipe",
+	requireResourceRefresh: true,
+	discoverableLifecycleStates: []string{
+		string(oci_vulnerability_scanning.LifecycleStateActive),
+	},
+}
+
+var exportVulnerabilityScanningContainerScanTargetHints = &TerraformResourceHints{
+	resourceClass:          "oci_vulnerability_scanning_container_scan_target",
+	datasourceClass:        "oci_vulnerability_scanning_container_scan_targets",
+	datasourceItemsAttr:    "container_scan_target_summary_collection",
+	isDatasourceCollection: true,
+	resourceAbbreviation:   "container_scan_target",
+	requireResourceRefresh: true,
+	discoverableLifecycleStates: []string{
+		string(oci_vulnerability_scanning.LifecycleStateActive),
+	},
+}
+
 var exportWaasAddressListHints = &TerraformResourceHints{
 	resourceClass:          "oci_waas_address_list",
 	datasourceClass:        "oci_waas_address_lists",

oci/export_graphs.go

@@ -1010,6 +1010,8 @@ var vulnerabilityScanningResourceGraph = TerraformResourceGraph{
 	"oci_identity_compartment": {
 		{TerraformResourceHints: exportVulnerabilityScanningHostScanRecipeHints},
 		{TerraformResourceHints: exportVulnerabilityScanningHostScanTargetHints},
+		{TerraformResourceHints: exportVulnerabilityScanningContainerScanRecipeHints},
+		{TerraformResourceHints: exportVulnerabilityScanningContainerScanTargetHints},
 	},
 }
 

oci/vulnerability_scanning_container_scan_recipe_data_source.go

@@ -0,0 +1,105 @@
+// Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package oci
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	oci_vulnerability_scanning "github.com/oracle/oci-go-sdk/v45/vulnerabilityscanning"
+)
+
+func init() {
+	RegisterDatasource("oci_vulnerability_scanning_container_scan_recipe", VulnerabilityScanningContainerScanRecipeDataSource())
+}
+
+func VulnerabilityScanningContainerScanRecipeDataSource() *schema.Resource {
+	fieldMap := make(map[string]*schema.Schema)
+	fieldMap["container_scan_recipe_id"] = &schema.Schema{
+		Type:     schema.TypeString,
+		Required: true,
+	}
+	return GetSingularDataSourceItemSchema(VulnerabilityScanningContainerScanRecipeResource(), fieldMap, readSingularVulnerabilityScanningContainerScanRecipe)
+}
+
+func readSingularVulnerabilityScanningContainerScanRecipe(d *schema.ResourceData, m interface{}) error {
+	sync := &VulnerabilityScanningContainerScanRecipeDataSourceCrud{}
+	sync.D = d
+	sync.Client = m.(*OracleClients).vulnerabilityScanningClient()
+
+	return ReadResource(sync)
+}
+
+type VulnerabilityScanningContainerScanRecipeDataSourceCrud struct {
+	D      *schema.ResourceData
+	Client *oci_vulnerability_scanning.VulnerabilityScanningClient
+	Res    *oci_vulnerability_scanning.GetContainerScanRecipeResponse
+}
+
+func (s *VulnerabilityScanningContainerScanRecipeDataSourceCrud) VoidState() {
+	s.D.SetId("")
+}
+
+func (s *VulnerabilityScanningContainerScanRecipeDataSourceCrud) Get() error {
+	request := oci_vulnerability_scanning.GetContainerScanRecipeRequest{}
+
+	if containerScanRecipeId, ok := s.D.GetOkExists("container_scan_recipe_id"); ok {
+		tmp := containerScanRecipeId.(string)
+		request.ContainerScanRecipeId = &tmp
+	}
+
+	request.RequestMetadata.RetryPolicy = getRetryPolicy(false, "vulnerability_scanning")
+
+	response, err := s.Client.GetContainerScanRecipe(context.Background(), request)
+	if err != nil {
+		return err
+	}
+
+	s.Res = &response
+	return nil
+}
+
+func (s *VulnerabilityScanningContainerScanRecipeDataSourceCrud) SetData() error {
+	if s.Res == nil {
+		return nil
+	}
+
+	s.D.SetId(*s.Res.Id)
+
+	if s.Res.CompartmentId != nil {
+		s.D.Set("compartment_id", *s.Res.CompartmentId)
+	}
+
+	if s.Res.DefinedTags != nil {
+		s.D.Set("defined_tags", definedTagsToMap(s.Res.DefinedTags))
+	}
+
+	if s.Res.DisplayName != nil {
+		s.D.Set("display_name", *s.Res.DisplayName)
+	}
+
+	s.D.Set("freeform_tags", s.Res.FreeformTags)
+
+	if s.Res.ScanSettings != nil {
+		s.D.Set("scan_settings", []interface{}{ContainerScanSettingsToMap(s.Res.ScanSettings)})
+	} else {
+		s.D.Set("scan_settings", nil)
+	}
+
+	s.D.Set("state", s.Res.LifecycleState)
+
+	if s.Res.SystemTags != nil {
+		s.D.Set("system_tags", systemTagsToMap(s.Res.SystemTags))
+	}
+
+	if s.Res.TimeCreated != nil {
+		s.D.Set("time_created", s.Res.TimeCreated.String())
+	}
+
+	if s.Res.TimeUpdated != nil {
+		s.D.Set("time_updated", s.Res.TimeUpdated.String())
+	}
+
+	return nil
+}