diff --git a/aquasec/data_function_assurance_policy.go b/aquasec/data_function_assurance_policy.go index b5c19f6..c864833 100644 --- a/aquasec/data_function_assurance_policy.go +++ b/aquasec/data_function_assurance_policy.go @@ -78,7 +78,7 @@ func dataFunctionAssurancePolicy() *schema.Resource { }, "cves_black_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves blacklist is relevant.", + Description: "Indicates if CVEs blacklist is relevant.", Computed: true, }, "packages_black_list_enabled": { @@ -142,7 +142,7 @@ func dataFunctionAssurancePolicy() *schema.Resource { }, "blacklisted_licenses_enabled": { Type: schema.TypeBool, - Description: "Lndicates if license blacklist is relevant.", + Description: "Indicates if license blacklist is relevant.", Computed: true, }, "blacklisted_licenses": { @@ -282,7 +282,7 @@ func dataFunctionAssurancePolicy() *schema.Resource { }, "cves_black_list": { Type: schema.TypeList, - Description: "List of cves blacklisted items.", + Description: "List of CVEs blacklisted items.", Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, @@ -290,7 +290,7 @@ func dataFunctionAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of backlisted images.", + Description: "List of blacklist images.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -412,12 +412,14 @@ func dataFunctionAssurancePolicy() *schema.Resource { Computed: true, }, "docker_cis_enabled": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Description: "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.", + Computed: true, }, "kube_cis_enabled": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Description: "Performs a Kubernetes CIS benchmark check for the host.", + Computed: true, }, "enforce_excessive_permissions": { Type: schema.TypeBool, @@ -433,7 +435,7 @@ func dataFunctionAssurancePolicy() *schema.Resource { }, "cves_white_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves whitelist is relevant.", + Description: "Indicates if CVEs whitelist is relevant.", Computed: true, }, "cves_white_list": { diff --git a/aquasec/data_host_assurance_policy.go b/aquasec/data_host_assurance_policy.go index f7cb691..62f8801 100644 --- a/aquasec/data_host_assurance_policy.go +++ b/aquasec/data_host_assurance_policy.go @@ -78,7 +78,7 @@ func dataHostAssurancePolicy() *schema.Resource { }, "cves_black_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves blacklist is relevant.", + Description: "Indicates if CVEs blacklist is relevant.", Computed: true, }, "packages_black_list_enabled": { @@ -142,7 +142,7 @@ func dataHostAssurancePolicy() *schema.Resource { }, "blacklisted_licenses_enabled": { Type: schema.TypeBool, - Description: "Lndicates if license blacklist is relevant.", + Description: "Indicates if license blacklist is relevant.", Computed: true, }, "blacklisted_licenses": { @@ -282,7 +282,7 @@ func dataHostAssurancePolicy() *schema.Resource { }, "cves_black_list": { Type: schema.TypeList, - Description: "List of cves blacklisted items.", + Description: "List of CVEs blacklisted items.", Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, @@ -290,7 +290,7 @@ func dataHostAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of backlisted images.", + Description: "List of blacklist images.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -412,12 +412,14 @@ func dataHostAssurancePolicy() *schema.Resource { Computed: true, }, "docker_cis_enabled": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Description: "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.", + Computed: true, }, "kube_cis_enabled": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Description: "Performs a Kubernetes CIS benchmark check for the host.", + Computed: true, }, "enforce_excessive_permissions": { Type: schema.TypeBool, @@ -433,7 +435,7 @@ func dataHostAssurancePolicy() *schema.Resource { }, "cves_white_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves whitelist is relevant.", + Description: "Indicates if CVEs whitelist is relevant.", Computed: true, }, "cves_white_list": { diff --git a/aquasec/data_image_assurance_policy.go b/aquasec/data_image_assurance_policy.go index 941503b..c30a598 100644 --- a/aquasec/data_image_assurance_policy.go +++ b/aquasec/data_image_assurance_policy.go @@ -78,7 +78,7 @@ func dataImageAssurancePolicy() *schema.Resource { }, "cves_black_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves blacklist is relevant.", + Description: "Indicates if CVEs blacklist is relevant.", Computed: true, }, "packages_black_list_enabled": { @@ -142,7 +142,7 @@ func dataImageAssurancePolicy() *schema.Resource { }, "blacklisted_licenses_enabled": { Type: schema.TypeBool, - Description: "Lndicates if license blacklist is relevant.", + Description: "Indicates if license blacklist is relevant.", Computed: true, }, "blacklisted_licenses": { @@ -282,7 +282,7 @@ func dataImageAssurancePolicy() *schema.Resource { }, "cves_black_list": { Type: schema.TypeList, - Description: "List of cves blacklisted items.", + Description: "List of CVEs blacklisted items.", Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, @@ -290,7 +290,7 @@ func dataImageAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of backlisted images.", + Description: "List of blacklist images.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -412,12 +412,14 @@ func dataImageAssurancePolicy() *schema.Resource { Computed: true, }, "docker_cis_enabled": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Description: "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.", + Computed: true, }, "kube_cis_enabled": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Description: "Performs a Kubernetes CIS benchmark check for the host.", + Computed: true, }, "enforce_excessive_permissions": { Type: schema.TypeBool, @@ -433,7 +435,7 @@ func dataImageAssurancePolicy() *schema.Resource { }, "cves_white_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves whitelist is relevant.", + Description: "Indicates if CVEs whitelist is relevant.", Computed: true, }, "cves_white_list": { diff --git a/aquasec/data_kubernetes_assurance_policy.go b/aquasec/data_kubernetes_assurance_policy.go index 7da64b3..74f7886 100644 --- a/aquasec/data_kubernetes_assurance_policy.go +++ b/aquasec/data_kubernetes_assurance_policy.go @@ -35,17 +35,17 @@ func dataKubernetesAssurancePolicy() *schema.Resource { }, "cvss_severity_enabled": { Type: schema.TypeBool, - Description: "Indicates if the cvss severity is scanned.", + Description: "Indicates if the CVSS severity is scanned.", Computed: true, }, "cvss_severity": { Type: schema.TypeString, - Description: "Identifier of the cvss severity.", + Description: "Identifier of the CVSS severity.", Computed: true, }, "cvss_severity_exclude_no_fix": { Type: schema.TypeBool, - Description: "Indicates that policy should ignore cvss cases that do not have a known fix.", + Description: "Indicates that policy should ignore CVSS cases that do not have a known fix.", Computed: true, }, "custom_severity_enabled": { @@ -73,12 +73,12 @@ func dataKubernetesAssurancePolicy() *schema.Resource { }, "scap_enabled": { Type: schema.TypeBool, - Description: "Indicates if scanning should include scap.", + Description: "Indicates if scanning should include SCAP.", Computed: true, }, "cves_black_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves blacklist is relevant.", + Description: "Indicates if CVEs blacklist is relevant.", Computed: true, }, "kubernetes_controls_names": { @@ -121,7 +121,7 @@ func dataKubernetesAssurancePolicy() *schema.Resource { }, "fail_cicd": { Type: schema.TypeBool, - Description: "Indicates if cicd failures will fail the image.", + Description: "Indicates if CI/CD failures will fail the image.", Computed: true, }, "block_failed": { @@ -135,22 +135,24 @@ func dataKubernetesAssurancePolicy() *schema.Resource { Computed: true, }, "monitored_malware_paths": { - Type: schema.TypeList, - Computed: true, + Type: schema.TypeList, + Description: "Directories to be monitored.", + Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, }, }, "exceptional_monitored_malware_paths": { - Type: schema.TypeList, - Computed: true, + Type: schema.TypeList, + Description: "Directories to be excluded from monitoring.", + Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, }, }, "blacklisted_licenses_enabled": { Type: schema.TypeBool, - Description: "Lndicates if license blacklist is relevant.", + Description: "Indicates if license blacklist is relevant.", Computed: true, }, "blacklisted_licenses": { @@ -290,7 +292,7 @@ func dataKubernetesAssurancePolicy() *schema.Resource { }, "cves_black_list": { Type: schema.TypeList, - Description: "List of cves blacklisted items.", + Description: "List of CVEs blacklisted items.", Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, @@ -298,7 +300,7 @@ func dataKubernetesAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of backlisted images.", + Description: "List of blacklist images.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -420,12 +422,14 @@ func dataKubernetesAssurancePolicy() *schema.Resource { Computed: true, }, "docker_cis_enabled": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Description: "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.", + Computed: true, }, "kube_cis_enabled": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Description: "Performs a Kubernetes CIS benchmark check for the host.", + Computed: true, }, "enforce_excessive_permissions": { Type: schema.TypeBool, @@ -441,12 +445,12 @@ func dataKubernetesAssurancePolicy() *schema.Resource { }, "cves_white_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves whitelist is relevant.", + Description: "Indicates if CVEs whitelist is relevant.", Computed: true, }, "cves_white_list": { Type: schema.TypeList, - Description: "List of cves whitelisted licenses", + Description: "List of CVEs whitelisted licenses", Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, diff --git a/aquasec/resource_function_assurance_policy.go b/aquasec/resource_function_assurance_policy.go index 9746eb5..1454306 100644 --- a/aquasec/resource_function_assurance_policy.go +++ b/aquasec/resource_function_assurance_policy.go @@ -91,7 +91,7 @@ func resourceFunctionAssurancePolicy() *schema.Resource { }, "cves_black_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves blacklist is relevant.", + Description: "Indicates if CVEs blacklist is relevant.", Optional: true, }, "packages_black_list_enabled": { @@ -158,7 +158,7 @@ func resourceFunctionAssurancePolicy() *schema.Resource { }, "blacklisted_licenses_enabled": { Type: schema.TypeBool, - Description: "Lndicates if license blacklist is relevant.", + Description: "Indicates if license blacklist is relevant.", Optional: true, }, "blacklisted_licenses": { @@ -302,7 +302,7 @@ func resourceFunctionAssurancePolicy() *schema.Resource { }, "cves_black_list": { Type: schema.TypeList, - Description: "List of cves blacklisted items.", + Description: "List of CVEs blacklisted items.", Optional: true, Elem: &schema.Schema{ Type: schema.TypeString, @@ -310,7 +310,7 @@ func resourceFunctionAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of backlisted images.", + Description: "List of blacklist images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -432,12 +432,14 @@ func resourceFunctionAssurancePolicy() *schema.Resource { Optional: true, }, "docker_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.", + Optional: true, }, "kube_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Performs a Kubernetes CIS benchmark check for the host.", + Optional: true, }, "enforce_excessive_permissions": { Type: schema.TypeBool, @@ -453,7 +455,7 @@ func resourceFunctionAssurancePolicy() *schema.Resource { }, "cves_white_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves whitelist is relevant.", + Description: "Indicates if CVEs whitelist is relevant.", Optional: true, }, "cves_white_list": { diff --git a/aquasec/resource_host_assurance_policy.go b/aquasec/resource_host_assurance_policy.go index 8f57eef..6207986 100644 --- a/aquasec/resource_host_assurance_policy.go +++ b/aquasec/resource_host_assurance_policy.go @@ -89,7 +89,7 @@ func resourceHostAssurancePolicy() *schema.Resource { }, "cves_black_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves blacklist is relevant.", + Description: "Indicates if CVEs blacklist is relevant.", Optional: true, }, "packages_black_list_enabled": { @@ -156,7 +156,7 @@ func resourceHostAssurancePolicy() *schema.Resource { }, "blacklisted_licenses_enabled": { Type: schema.TypeBool, - Description: "Lndicates if license blacklist is relevant.", + Description: "Indicates if license blacklist is relevant.", Optional: true, }, "blacklisted_licenses": { @@ -300,7 +300,7 @@ func resourceHostAssurancePolicy() *schema.Resource { }, "cves_black_list": { Type: schema.TypeList, - Description: "List of cves blacklisted items.", + Description: "List of CVEs blacklisted items.", Optional: true, Elem: &schema.Schema{ Type: schema.TypeString, @@ -308,7 +308,7 @@ func resourceHostAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of backlisted images.", + Description: "List of blacklist images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -430,12 +430,14 @@ func resourceHostAssurancePolicy() *schema.Resource { Optional: true, }, "docker_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.", + Optional: true, }, "kube_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Performs a Kubernetes CIS benchmark check for the host.", + Optional: true, }, "enforce_excessive_permissions": { Type: schema.TypeBool, @@ -451,7 +453,7 @@ func resourceHostAssurancePolicy() *schema.Resource { }, "cves_white_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves whitelist is relevant.", + Description: "Indicates if CVEs whitelist is relevant.", Optional: true, }, "cves_white_list": { diff --git a/aquasec/resource_image_assurance_policy.go b/aquasec/resource_image_assurance_policy.go index 02fa944..20e1380 100644 --- a/aquasec/resource_image_assurance_policy.go +++ b/aquasec/resource_image_assurance_policy.go @@ -91,7 +91,7 @@ func resourceImageAssurancePolicy() *schema.Resource { }, "cves_black_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves blacklist is relevant.", + Description: "Indicates if CVEs blacklist is relevant.", Optional: true, }, "packages_black_list_enabled": { @@ -158,7 +158,7 @@ func resourceImageAssurancePolicy() *schema.Resource { }, "blacklisted_licenses_enabled": { Type: schema.TypeBool, - Description: "Lndicates if license blacklist is relevant.", + Description: "Indicates if license blacklist is relevant.", Optional: true, }, "blacklisted_licenses": { @@ -310,7 +310,7 @@ func resourceImageAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of backlisted images.", + Description: "List of blacklist images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -432,12 +432,14 @@ func resourceImageAssurancePolicy() *schema.Resource { Optional: true, }, "docker_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.", + Optional: true, }, "kube_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Performs a Kubernetes CIS benchmark check for the host.", + Optional: true, }, "enforce_excessive_permissions": { Type: schema.TypeBool, diff --git a/aquasec/resource_kubernetes_assurance_policy.go b/aquasec/resource_kubernetes_assurance_policy.go index 622ab83..5fc591f 100644 --- a/aquasec/resource_kubernetes_assurance_policy.go +++ b/aquasec/resource_kubernetes_assurance_policy.go @@ -90,7 +90,7 @@ func resourceKubernetesAssurancePolicy() *schema.Resource { }, "cves_black_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves blacklist is relevant.", + Description: "Indicates if CVEs blacklist is relevant.", Optional: true, }, "packages_black_list_enabled": { @@ -157,7 +157,7 @@ func resourceKubernetesAssurancePolicy() *schema.Resource { }, "blacklisted_licenses_enabled": { Type: schema.TypeBool, - Description: "Lndicates if license blacklist is relevant.", + Description: "Indicates if license blacklist is relevant.", Optional: true, }, "blacklisted_licenses": { @@ -301,7 +301,7 @@ func resourceKubernetesAssurancePolicy() *schema.Resource { }, "cves_black_list": { Type: schema.TypeList, - Description: "List of cves blacklisted items.", + Description: "List of CVEs blacklisted items.", Optional: true, Elem: &schema.Schema{ Type: schema.TypeString, @@ -309,7 +309,7 @@ func resourceKubernetesAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of backlisted images.", + Description: "List of blacklist images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -431,12 +431,14 @@ func resourceKubernetesAssurancePolicy() *schema.Resource { Optional: true, }, "docker_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.", + Optional: true, }, "kube_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Performs a Kubernetes CIS benchmark check for the host.", + Optional: true, }, "enforce_excessive_permissions": { Type: schema.TypeBool, @@ -452,7 +454,7 @@ func resourceKubernetesAssurancePolicy() *schema.Resource { }, "cves_white_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves whitelist is relevant.", + Description: "Indicates if CVEs whitelist is relevant.", Optional: true, }, "cves_white_list": { diff --git a/aquasec/resource_vmware_assurance_policy.go b/aquasec/resource_vmware_assurance_policy.go index 2f414bb..0f26e3a 100644 --- a/aquasec/resource_vmware_assurance_policy.go +++ b/aquasec/resource_vmware_assurance_policy.go @@ -90,7 +90,7 @@ func resourceVMwareAssurancePolicy() *schema.Resource { }, "cves_black_list_enabled": { Type: schema.TypeBool, - Description: "Indicates if cves blacklist is relevant.", + Description: "Indicates if CVEs blacklist is relevant.", Optional: true, }, "packages_black_list_enabled": { @@ -157,7 +157,7 @@ func resourceVMwareAssurancePolicy() *schema.Resource { }, "blacklisted_licenses_enabled": { Type: schema.TypeBool, - Description: "Lndicates if license blacklist is relevant.", + Description: "Indicates if license blacklist is relevant.", Optional: true, }, "blacklisted_licenses": { @@ -309,7 +309,7 @@ func resourceVMwareAssurancePolicy() *schema.Resource { }, "packages_black_list": { Type: schema.TypeSet, - Description: "List of backlisted images.", + Description: "List of blacklist images.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -431,12 +431,14 @@ func resourceVMwareAssurancePolicy() *schema.Resource { Optional: true, }, "docker_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.", + Optional: true, }, "kube_cis_enabled": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Description: "Performs a Kubernetes CIS benchmark check for the host.", + Optional: true, }, "enforce_excessive_permissions": { Type: schema.TypeBool, diff --git a/docs/data-sources/enforcer_groups.md b/docs/data-sources/enforcer_groups.md index 2be1e1a..c5101ed 100644 --- a/docs/data-sources/enforcer_groups.md +++ b/docs/data-sources/enforcer_groups.md @@ -3,12 +3,12 @@ page_title: "aquasec_enforcer_groups Data Source - terraform-provider-aquasec" subcategory: "" description: |- - + The data source aquasec_enforcer_groups provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command. --- # aquasec_enforcer_groups (Data Source) - +The data source `aquasec_enforcer_groups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command. ## Example Usage diff --git a/docs/data-sources/function_assurance_policy.md b/docs/data-sources/function_assurance_policy.md index f3d74b0..99c581e 100644 --- a/docs/data-sources/function_assurance_policy.md +++ b/docs/data-sources/function_assurance_policy.md @@ -31,22 +31,22 @@ description: |- - `blacklist_permissions` (List of String) List of function's forbidden permissions. - `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant. - `blacklisted_licenses` (List of String) List of blacklisted licenses. -- `blacklisted_licenses_enabled` (Boolean) Lndicates if license blacklist is relevant. +- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. - `block_failed` (Boolean) Indicates if failed images are blocked. - `control_exclude_no_fix` (Boolean) - `custom_checks` (List of Object) List of Custom user scripts for checks. (see [below for nested schema](#nestedatt--custom_checks)) - `custom_checks_enabled` (Boolean) Indicates if scanning should include custom checks. - `custom_severity_enabled` (Boolean) -- `cves_black_list` (List of String) List of cves blacklisted items. -- `cves_black_list_enabled` (Boolean) Indicates if cves blacklist is relevant. +- `cves_black_list` (List of String) List of CVEs blacklisted items. +- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant. - `cves_white_list` (List of String) List of cves whitelisted licenses -- `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant. +- `cves_white_list_enabled` (Boolean) Indicates if CVEs whitelist is relevant. - `cvss_severity` (String) Identifier of the cvss severity. - `cvss_severity_enabled` (Boolean) Indicates if the cvss severity is scanned. - `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore cvss cases that do not have a known fix. - `description` (String) - `disallow_malware` (Boolean) Indicates if malware should block the image. -- `docker_cis_enabled` (Boolean) +- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host. - `domain` (String) Name of the container image. - `domain_name` (String) - `dta_enabled` (Boolean) @@ -67,7 +67,7 @@ description: |- - `ignore_risk_resources_enabled` (Boolean) Indicates if risk resources are ignored. - `ignored_risk_resources` (List of String) List of ignored risk resources. - `images` (List of String) List of images. -- `kube_cis_enabled` (Boolean) +- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host. - `labels` (List of String) List of labels. - `malware_action` (String) - `maximum_score` (Number) Value of allowed maximum score. @@ -75,7 +75,7 @@ description: |- - `maximum_score_exclude_no_fix` (Boolean) Indicates that policy should ignore cases that do not have a known fix. - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. -- `packages_black_list` (Set of Object) List of backlisted images. (see [below for nested schema](#nestedatt--packages_black_list)) +- `packages_black_list` (Set of Object) List of blacklist images. (see [below for nested schema](#nestedatt--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Set of Object) List of whitelisted images. (see [below for nested schema](#nestedatt--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/data-sources/host_assurance_policy.md b/docs/data-sources/host_assurance_policy.md index 6592b1d..c29bb9e 100644 --- a/docs/data-sources/host_assurance_policy.md +++ b/docs/data-sources/host_assurance_policy.md @@ -31,22 +31,22 @@ description: |- - `blacklist_permissions` (List of String) List of function's forbidden permissions. - `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant. - `blacklisted_licenses` (List of String) List of blacklisted licenses. -- `blacklisted_licenses_enabled` (Boolean) Lndicates if license blacklist is relevant. +- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. - `block_failed` (Boolean) Indicates if failed images are blocked. - `control_exclude_no_fix` (Boolean) - `custom_checks` (List of Object) List of Custom user scripts for checks. (see [below for nested schema](#nestedatt--custom_checks)) - `custom_checks_enabled` (Boolean) Indicates if scanning should include custom checks. - `custom_severity_enabled` (Boolean) -- `cves_black_list` (List of String) List of cves blacklisted items. -- `cves_black_list_enabled` (Boolean) Indicates if cves blacklist is relevant. +- `cves_black_list` (List of String) List of CVEs blacklisted items. +- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant. - `cves_white_list` (List of String) List of cves whitelisted licenses -- `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant. +- `cves_white_list_enabled` (Boolean) Indicates if CVEs whitelist is relevant. - `cvss_severity` (String) Identifier of the cvss severity. - `cvss_severity_enabled` (Boolean) Indicates if the cvss severity is scanned. - `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore cvss cases that do not have a known fix. - `description` (String) - `disallow_malware` (Boolean) Indicates if malware should block the image. -- `docker_cis_enabled` (Boolean) +- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host. - `domain` (String) Name of the container image. - `domain_name` (String) - `dta_enabled` (Boolean) @@ -67,7 +67,7 @@ description: |- - `ignore_risk_resources_enabled` (Boolean) Indicates if risk resources are ignored. - `ignored_risk_resources` (List of String) List of ignored risk resources. - `images` (List of String) List of images. -- `kube_cis_enabled` (Boolean) +- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host. - `labels` (List of String) List of labels. - `malware_action` (String) - `maximum_score` (Number) Value of allowed maximum score. @@ -75,7 +75,7 @@ description: |- - `maximum_score_exclude_no_fix` (Boolean) Indicates that policy should ignore cases that do not have a known fix. - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. -- `packages_black_list` (Set of Object) List of backlisted images. (see [below for nested schema](#nestedatt--packages_black_list)) +- `packages_black_list` (Set of Object) List of blacklist images. (see [below for nested schema](#nestedatt--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Set of Object) List of whitelisted images. (see [below for nested schema](#nestedatt--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/data-sources/image_assurance_policy.md b/docs/data-sources/image_assurance_policy.md index a165300..07ff64f 100644 --- a/docs/data-sources/image_assurance_policy.md +++ b/docs/data-sources/image_assurance_policy.md @@ -31,22 +31,22 @@ description: |- - `blacklist_permissions` (List of String) List of function's forbidden permissions. - `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant. - `blacklisted_licenses` (List of String) List of blacklisted licenses. -- `blacklisted_licenses_enabled` (Boolean) Lndicates if license blacklist is relevant. +- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. - `block_failed` (Boolean) Indicates if failed images are blocked. - `control_exclude_no_fix` (Boolean) - `custom_checks` (List of Object) List of Custom user scripts for checks. (see [below for nested schema](#nestedatt--custom_checks)) - `custom_checks_enabled` (Boolean) Indicates if scanning should include custom checks. - `custom_severity_enabled` (Boolean) -- `cves_black_list` (List of String) List of cves blacklisted items. -- `cves_black_list_enabled` (Boolean) Indicates if cves blacklist is relevant. +- `cves_black_list` (List of String) List of CVEs blacklisted items. +- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant. - `cves_white_list` (List of String) List of cves whitelisted licenses -- `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant. +- `cves_white_list_enabled` (Boolean) Indicates if CVEs whitelist is relevant. - `cvss_severity` (String) Identifier of the cvss severity. - `cvss_severity_enabled` (Boolean) Indicates if the cvss severity is scanned. - `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore cvss cases that do not have a known fix. - `description` (String) - `disallow_malware` (Boolean) Indicates if malware should block the image. -- `docker_cis_enabled` (Boolean) +- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host. - `domain` (String) Name of the container image. - `domain_name` (String) - `dta_enabled` (Boolean) @@ -67,7 +67,7 @@ description: |- - `ignore_risk_resources_enabled` (Boolean) Indicates if risk resources are ignored. - `ignored_risk_resources` (List of String) List of ignored risk resources. - `images` (List of String) List of images. -- `kube_cis_enabled` (Boolean) +- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host. - `labels` (List of String) List of labels. - `malware_action` (String) - `maximum_score` (Number) Value of allowed maximum score. @@ -75,7 +75,7 @@ description: |- - `maximum_score_exclude_no_fix` (Boolean) Indicates that policy should ignore cases that do not have a known fix. - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. -- `packages_black_list` (Set of Object) List of backlisted images. (see [below for nested schema](#nestedatt--packages_black_list)) +- `packages_black_list` (Set of Object) List of blacklist images. (see [below for nested schema](#nestedatt--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Set of Object) List of whitelisted images. (see [below for nested schema](#nestedatt--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/data-sources/kubernetes_assurance_policy.md b/docs/data-sources/kubernetes_assurance_policy.md index 4010e91..87929ee 100644 --- a/docs/data-sources/kubernetes_assurance_policy.md +++ b/docs/data-sources/kubernetes_assurance_policy.md @@ -31,22 +31,22 @@ description: |- - `blacklist_permissions` (List of String) List of function's forbidden permissions. - `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant. - `blacklisted_licenses` (List of String) List of blacklisted licenses. -- `blacklisted_licenses_enabled` (Boolean) Lndicates if license blacklist is relevant. +- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. - `block_failed` (Boolean) Indicates if failed images are blocked. - `control_exclude_no_fix` (Boolean) - `custom_checks` (List of Object) List of Custom user scripts for checks. (see [below for nested schema](#nestedatt--custom_checks)) - `custom_checks_enabled` (Boolean) Indicates if scanning should include custom checks. - `custom_severity_enabled` (Boolean) -- `cves_black_list` (List of String) List of cves blacklisted items. -- `cves_black_list_enabled` (Boolean) Indicates if cves blacklist is relevant. -- `cves_white_list` (List of String) List of cves whitelisted licenses -- `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant. -- `cvss_severity` (String) Identifier of the cvss severity. -- `cvss_severity_enabled` (Boolean) Indicates if the cvss severity is scanned. -- `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore cvss cases that do not have a known fix. +- `cves_black_list` (List of String) List of CVEs blacklisted items. +- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant. +- `cves_white_list` (List of String) List of CVEs whitelisted licenses +- `cves_white_list_enabled` (Boolean) Indicates if CVEs whitelist is relevant. +- `cvss_severity` (String) Identifier of the CVSS severity. +- `cvss_severity_enabled` (Boolean) Indicates if the CVSS severity is scanned. +- `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore CVSS cases that do not have a known fix. - `description` (String) - `disallow_malware` (Boolean) Indicates if malware should block the image. -- `docker_cis_enabled` (Boolean) +- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host. - `domain` (String) Name of the container image. - `domain_name` (String) - `dta_enabled` (Boolean) @@ -55,8 +55,8 @@ description: |- - `enforce` (Boolean) - `enforce_after_days` (Number) - `enforce_excessive_permissions` (Boolean) -- `exceptional_monitored_malware_paths` (List of String) -- `fail_cicd` (Boolean) Indicates if cicd failures will fail the image. +- `exceptional_monitored_malware_paths` (List of String) Directories to be excluded from monitoring. +- `fail_cicd` (Boolean) Indicates if CI/CD failures will fail the image. - `forbidden_labels` (Set of Object) (see [below for nested schema](#nestedatt--forbidden_labels)) - `forbidden_labels_enabled` (Boolean) - `force_microenforcer` (Boolean) @@ -67,16 +67,16 @@ description: |- - `ignore_risk_resources_enabled` (Boolean) Indicates if risk resources are ignored. - `ignored_risk_resources` (List of String) List of ignored risk resources. - `images` (List of String) List of images. -- `kube_cis_enabled` (Boolean) +- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host. - `kubernetes_controls_names` (List of String) List of kubernetes control names - `labels` (List of String) List of labels. - `malware_action` (String) - `maximum_score` (Number) Value of allowed maximum score. - `maximum_score_enabled` (Boolean) Indicates if exceeding the maximum score is scanned. - `maximum_score_exclude_no_fix` (Boolean) Indicates that policy should ignore cases that do not have a known fix. -- `monitored_malware_paths` (List of String) +- `monitored_malware_paths` (List of String) Directories to be monitored. - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. -- `packages_black_list` (Set of Object) List of backlisted images. (see [below for nested schema](#nestedatt--packages_black_list)) +- `packages_black_list` (Set of Object) List of blacklist images. (see [below for nested schema](#nestedatt--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Set of Object) List of whitelisted images. (see [below for nested schema](#nestedatt--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. @@ -88,7 +88,7 @@ description: |- - `required_labels_enabled` (Boolean) - `scan_nfs_mounts` (Boolean) - `scan_sensitive_data` (Boolean) Indicates if scan should include sensitive data in the image. -- `scap_enabled` (Boolean) Indicates if scanning should include scap. +- `scap_enabled` (Boolean) Indicates if scanning should include SCAP. - `scap_files` (List of String) List of SCAP user scripts for checks. - `scope` (Set of Object) (see [below for nested schema](#nestedatt--scope)) - `trusted_base_images` (Set of Object) List of trusted images. (see [below for nested schema](#nestedatt--trusted_base_images)) diff --git a/docs/resources/function_assurance_policy.md b/docs/resources/function_assurance_policy.md index da33fa7..60e257f 100644 --- a/docs/resources/function_assurance_policy.md +++ b/docs/resources/function_assurance_policy.md @@ -3,12 +3,22 @@ page_title: "aquasec_function_assurance_policy Resource - terraform-provider-aquasec" subcategory: "" description: |- - + Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes: + Scanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions. + Evaluating function risks based on scan results, according to Function Assurance Policies. + Checking function compliance with these policies. + For AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline. + Providing comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system. --- # aquasec_function_assurance_policy (Resource) - +Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes: +Scanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions. +Evaluating function risks based on scan results, according to Function Assurance Policies. +Checking function compliance with these policies. +For AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline. +Providing comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system. @@ -33,24 +43,24 @@ description: |- - `blacklist_permissions` (List of String) List of function's forbidden permissions. - `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant. - `blacklisted_licenses` (List of String) List of blacklisted licenses. -- `blacklisted_licenses_enabled` (Boolean) Lndicates if license blacklist is relevant. +- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. - `block_failed` (Boolean) Indicates if failed images are blocked. - `control_exclude_no_fix` (Boolean) - `custom_checks` (Block List) List of Custom user scripts for checks. (see [below for nested schema](#nestedblock--custom_checks)) - `custom_checks_enabled` (Boolean) Indicates if scanning should include custom checks. - `custom_severity` (String) - `custom_severity_enabled` (Boolean) -- `cves_black_list` (List of String) List of cves blacklisted items. -- `cves_black_list_enabled` (Boolean) Indicates if cves blacklist is relevant. +- `cves_black_list` (List of String) List of CVEs blacklisted items. +- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant. - `cves_white_list` (List of String) List of cves whitelisted licenses -- `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant. +- `cves_white_list_enabled` (Boolean) Indicates if CVEs whitelist is relevant. - `cvss_severity` (String) Identifier of the cvss severity. - `cvss_severity_enabled` (Boolean) Indicates if the cvss severity is scanned. - `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore cvss cases that do not have a known fix. - `description` (String) - `disallow_exploit_types` (List of String) - `disallow_malware` (Boolean) Indicates if malware should block the image. -- `docker_cis_enabled` (Boolean) +- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host. - `domain` (String) Name of the container image. - `domain_name` (String) - `dta_enabled` (Boolean) @@ -73,7 +83,7 @@ description: |- - `ignored_risk_resources` (List of String) List of ignored risk resources. - `ignored_sensitive_resources` (List of String) - `images` (List of String) List of images. -- `kube_cis_enabled` (Boolean) +- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host. - `kubernetes_controls` (Block List) List of Kubernetes controls. (see [below for nested schema](#nestedblock--kubernetes_controls)) - `kubernetes_controls_avd_ids` (List of String) - `kubernetes_controls_names` (List of String) @@ -87,7 +97,7 @@ description: |- - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of backlisted images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/resources/host_assurance_policy.md b/docs/resources/host_assurance_policy.md index d56acda..43092ce 100644 --- a/docs/resources/host_assurance_policy.md +++ b/docs/resources/host_assurance_policy.md @@ -3,12 +3,20 @@ page_title: "aquasec_host_assurance_policy Resource - terraform-provider-aquasec" subcategory: "" description: |- - + Host Assurance is a subsystem of Aqua. It is responsible for: + Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks. + Evaluates scan findings according to defined Host Assurance Policies. + Determines host compliance based on these policies. + Generates an audit event for host assurance failure. --- # aquasec_host_assurance_policy (Resource) - +Host Assurance is a subsystem of Aqua. It is responsible for: + Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks. +Evaluates scan findings according to defined Host Assurance Policies. +Determines host compliance based on these policies. +Generates an audit event for host assurance failure. @@ -33,24 +41,24 @@ description: |- - `blacklist_permissions` (List of String) List of function's forbidden permissions. - `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant. - `blacklisted_licenses` (List of String) List of blacklisted licenses. -- `blacklisted_licenses_enabled` (Boolean) Lndicates if license blacklist is relevant. +- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. - `block_failed` (Boolean) Indicates if failed images are blocked. - `control_exclude_no_fix` (Boolean) - `custom_checks` (Block List) List of Custom user scripts for checks. (see [below for nested schema](#nestedblock--custom_checks)) - `custom_checks_enabled` (Boolean) Indicates if scanning should include custom checks. - `custom_severity` (String) - `custom_severity_enabled` (Boolean) -- `cves_black_list` (List of String) List of cves blacklisted items. -- `cves_black_list_enabled` (Boolean) Indicates if cves blacklist is relevant. +- `cves_black_list` (List of String) List of CVEs blacklisted items. +- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant. - `cves_white_list` (List of String) List of cves whitelisted licenses -- `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant. +- `cves_white_list_enabled` (Boolean) Indicates if CVEs whitelist is relevant. - `cvss_severity` (String) Identifier of the cvss severity. - `cvss_severity_enabled` (Boolean) Indicates if the cvss severity is scanned. - `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore cvss cases that do not have a known fix. - `description` (String) - `disallow_exploit_types` (List of String) - `disallow_malware` (Boolean) Indicates if malware should block the image. -- `docker_cis_enabled` (Boolean) +- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host. - `domain` (String) Name of the container image. - `domain_name` (String) - `dta_enabled` (Boolean) @@ -73,7 +81,7 @@ description: |- - `ignored_risk_resources` (List of String) List of ignored risk resources. - `ignored_sensitive_resources` (List of String) - `images` (List of String) List of images. -- `kube_cis_enabled` (Boolean) +- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host. - `kubernetes_controls` (List of String) - `kubernetes_controls_avd_ids` (List of String) - `kubernetes_controls_names` (List of String) @@ -87,7 +95,7 @@ description: |- - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of backlisted images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. @@ -113,6 +121,7 @@ description: |- - `vulnerability_score_range` (List of Number) - `whitelisted_licenses` (List of String) List of whitelisted licenses. - `whitelisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. +- `windows_cis_enabled` (Boolean) Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). ### Read-Only diff --git a/docs/resources/image_assurance_policy.md b/docs/resources/image_assurance_policy.md index 3ed332f..c42899c 100644 --- a/docs/resources/image_assurance_policy.md +++ b/docs/resources/image_assurance_policy.md @@ -3,12 +3,12 @@ page_title: "aquasec_image_assurance_policy Resource - terraform-provider-aquasec" subcategory: "" description: |- - + Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images. --- # aquasec_image_assurance_policy (Resource) - +Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images. @@ -33,7 +33,7 @@ description: |- - `blacklist_permissions` (List of String) List of function's forbidden permissions. - `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant. - `blacklisted_licenses` (List of String) List of blacklisted licenses. -- `blacklisted_licenses_enabled` (Boolean) Lndicates if license blacklist is relevant. +- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. - `block_failed` (Boolean) Indicates if failed images are blocked. - `control_exclude_no_fix` (Boolean) - `custom_checks` (Block List) List of Custom user scripts for checks. (see [below for nested schema](#nestedblock--custom_checks)) @@ -41,7 +41,7 @@ description: |- - `custom_severity` (String) - `custom_severity_enabled` (Boolean) - `cves_black_list` (List of String) List of cves blacklisted items. -- `cves_black_list_enabled` (Boolean) Indicates if cves blacklist is relevant. +- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant. - `cves_white_list` (List of String) List of cves whitelisted licenses - `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant. - `cvss_severity` (String) Identifier of the cvss severity. @@ -50,7 +50,7 @@ description: |- - `description` (String) - `disallow_exploit_types` (List of String) - `disallow_malware` (Boolean) Indicates if malware should block the image. -- `docker_cis_enabled` (Boolean) +- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host. - `domain` (String) Name of the container image. - `domain_name` (String) - `dta_enabled` (Boolean) @@ -73,7 +73,7 @@ description: |- - `ignored_risk_resources` (List of String) List of ignored risk resources. - `ignored_sensitive_resources` (List of String) - `images` (List of String) List of images. -- `kube_cis_enabled` (Boolean) +- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host. - `kubernetes_controls` (Block List, Max: 1) List of Kubernetes controls. (see [below for nested schema](#nestedblock--kubernetes_controls)) - `kubernetes_controls_avd_ids` (List of String) - `kubernetes_controls_names` (List of String) @@ -87,7 +87,7 @@ description: |- - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of backlisted images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/resources/kubernetes_assurance_policy.md b/docs/resources/kubernetes_assurance_policy.md index 2945139..8b9647c 100644 --- a/docs/resources/kubernetes_assurance_policy.md +++ b/docs/resources/kubernetes_assurance_policy.md @@ -3,12 +3,12 @@ page_title: "aquasec_kubernetes_assurance_policy Resource - terraform-provider-aquasec" subcategory: "" description: |- - + Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements. --- # aquasec_kubernetes_assurance_policy (Resource) - +Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements. @@ -33,24 +33,24 @@ description: |- - `blacklist_permissions` (List of String) List of function's forbidden permissions. - `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant. - `blacklisted_licenses` (List of String) List of blacklisted licenses. -- `blacklisted_licenses_enabled` (Boolean) Lndicates if license blacklist is relevant. +- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. - `block_failed` (Boolean) Indicates if failed images are blocked. - `control_exclude_no_fix` (Boolean) - `custom_checks` (Block List) List of Custom user scripts for checks. (see [below for nested schema](#nestedblock--custom_checks)) - `custom_checks_enabled` (Boolean) Indicates if scanning should include custom checks. - `custom_severity` (String) - `custom_severity_enabled` (Boolean) -- `cves_black_list` (List of String) List of cves blacklisted items. -- `cves_black_list_enabled` (Boolean) Indicates if cves blacklist is relevant. +- `cves_black_list` (List of String) List of CVEs blacklisted items. +- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant. - `cves_white_list` (List of String) List of cves whitelisted licenses -- `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant. +- `cves_white_list_enabled` (Boolean) Indicates if CVEs whitelist is relevant. - `cvss_severity` (String) Identifier of the cvss severity. - `cvss_severity_enabled` (Boolean) Indicates if the cvss severity is scanned. - `cvss_severity_exclude_no_fix` (Boolean) Indicates that policy should ignore cvss cases that do not have a known fix. - `description` (String) - `disallow_exploit_types` (List of String) - `disallow_malware` (Boolean) Indicates if malware should block the image. -- `docker_cis_enabled` (Boolean) +- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host. - `domain` (String) Name of the container image. - `domain_name` (String) - `dta_enabled` (Boolean) @@ -73,7 +73,7 @@ description: |- - `ignored_risk_resources` (List of String) List of ignored risk resources. - `ignored_sensitive_resources` (List of String) - `images` (List of String) List of images. -- `kube_cis_enabled` (Boolean) +- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host. - `kubernetes_controls` (Block List) List of Kubernetes controls. (see [below for nested schema](#nestedblock--kubernetes_controls)) - `kubernetes_controls_avd_ids` (List of String) - `kubernetes_controls_names` (List of String) List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' @@ -87,7 +87,7 @@ description: |- - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of backlisted images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant. diff --git a/docs/resources/vmware_assurance_policy.md b/docs/resources/vmware_assurance_policy.md index e58ae0e..5a9ed0c 100644 --- a/docs/resources/vmware_assurance_policy.md +++ b/docs/resources/vmware_assurance_policy.md @@ -33,7 +33,7 @@ description: |- - `blacklist_permissions` (List of String) List of function's forbidden permissions. - `blacklist_permissions_enabled` (Boolean) Indicates if blacklist permissions is relevant. - `blacklisted_licenses` (List of String) List of blacklisted licenses. -- `blacklisted_licenses_enabled` (Boolean) Lndicates if license blacklist is relevant. +- `blacklisted_licenses_enabled` (Boolean) Indicates if license blacklist is relevant. - `block_failed` (Boolean) Indicates if failed images are blocked. - `control_exclude_no_fix` (Boolean) - `custom_checks` (Block List) List of Custom user scripts for checks. (see [below for nested schema](#nestedblock--custom_checks)) @@ -41,7 +41,7 @@ description: |- - `custom_severity` (String) - `custom_severity_enabled` (Boolean) - `cves_black_list` (List of String) List of cves blacklisted items. -- `cves_black_list_enabled` (Boolean) Indicates if cves blacklist is relevant. +- `cves_black_list_enabled` (Boolean) Indicates if CVEs blacklist is relevant. - `cves_white_list` (List of String) List of cves whitelisted licenses - `cves_white_list_enabled` (Boolean) Indicates if cves whitelist is relevant. - `cvss_severity` (String) Identifier of the cvss severity. @@ -50,7 +50,7 @@ description: |- - `description` (String) - `disallow_exploit_types` (List of String) - `disallow_malware` (Boolean) Indicates if malware should block the image. -- `docker_cis_enabled` (Boolean) +- `docker_cis_enabled` (Boolean) Checks the host according to the Docker CIS benchmark, if Docker is found on the host. - `domain` (String) Name of the container image. - `domain_name` (String) - `dta_enabled` (Boolean) @@ -73,7 +73,7 @@ description: |- - `ignored_risk_resources` (List of String) List of ignored risk resources. - `ignored_sensitive_resources` (List of String) - `images` (List of String) List of images. -- `kube_cis_enabled` (Boolean) +- `kube_cis_enabled` (Boolean) Performs a Kubernetes CIS benchmark check for the host. - `kubernetes_controls` (Block Set) List of Kubernetes controls. (see [below for nested schema](#nestedblock--kubernetes_controls)) - `kubernetes_controls_avd_ids` (List of String) - `kubernetes_controls_names` (List of String) @@ -87,7 +87,7 @@ description: |- - `monitored_malware_paths` (List of String) - `only_none_root_users` (Boolean) Indicates if raise a warning for images that should only be run as root. - `openshift_hardening_enabled` (Boolean) -- `packages_black_list` (Block Set) List of backlisted images. (see [below for nested schema](#nestedblock--packages_black_list)) +- `packages_black_list` (Block Set) List of blacklist images. (see [below for nested schema](#nestedblock--packages_black_list)) - `packages_black_list_enabled` (Boolean) Indicates if packages blacklist is relevant. - `packages_white_list` (Block Set) List of whitelisted images. (see [below for nested schema](#nestedblock--packages_white_list)) - `packages_white_list_enabled` (Boolean) Indicates if packages whitelist is relevant.