SLK-77487 - Add windows_cis_enabled

aquasecurity · Jan 17, 2024 · d57e3ad · d57e3ad
1 parent c47ac78
commit d57e3ad
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 17 deletions.
diff --git a/aquasec/data_enforcer_group.go b/aquasec/data_enforcer_group.go
@@ -9,7 +9,8 @@ import (
 
 func dataSourceEnforcerGroup() *schema.Resource {
 	return &schema.Resource{
-		Read: dataEnforcerGroupRead,
+		Description: "The data source `aquasec_enforcer_groups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command.",
+		Read:        dataEnforcerGroupRead,
 		Schema: map[string]*schema.Schema{
 			"group_id": {
 				Type:        schema.TypeString,

diff --git a/aquasec/resource_function_assurance_policy.go b/aquasec/resource_function_assurance_policy.go
@@ -9,10 +9,11 @@ import (
 
 func resourceFunctionAssurancePolicy() *schema.Resource {
 	return &schema.Resource{
-		Create: resourceFunctionAssurancePolicyCreate,
-		Read:   resourceFunctionAssurancePolicyRead,
-		Update: resourceFunctionAssurancePolicyUpdate,
-		Delete: resourceFunctionAssurancePolicyDelete,
+		Description: "Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes:\nScanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions.\nEvaluating function risks based on scan results, according to Function Assurance Policies.\nChecking function compliance with these policies.\nFor AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline.\nProviding comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system.",
+		Create:      resourceFunctionAssurancePolicyCreate,
+		Read:        resourceFunctionAssurancePolicyRead,
+		Update:      resourceFunctionAssurancePolicyUpdate,
+		Delete:      resourceFunctionAssurancePolicyDelete,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},

diff --git a/aquasec/resource_host_assurance_policy.go b/aquasec/resource_host_assurance_policy.go
@@ -9,10 +9,11 @@ import (
 
 func resourceHostAssurancePolicy() *schema.Resource {
 	return &schema.Resource{
-		Create: resourceHostAssurancePolicyCreate,
-		Read:   resourceHostAssurancePolicyRead,
-		Update: resourceHostAssurancePolicyUpdate,
-		Delete: resourceHostAssurancePolicyDelete,
+		Description: "Host Assurance is a subsystem of Aqua. It is responsible for:\n Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks.\nEvaluates scan findings according to defined Host Assurance Policies.\nDetermines host compliance based on these policies.\nGenerates an audit event for host assurance failure.  ",
+		Create:      resourceHostAssurancePolicyCreate,
+		Read:        resourceHostAssurancePolicyRead,
+		Update:      resourceHostAssurancePolicyUpdate,
+		Delete:      resourceHostAssurancePolicyDelete,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},
@@ -751,6 +752,11 @@ func resourceHostAssurancePolicy() *schema.Resource {
 				Description: "",
 				Optional:    true,
 			}, //bool
+			"windows_cis_enabled": {
+				Type:        schema.TypeBool,
+				Description: "Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).",
+				Optional:    true,
+			}, //bool
 			"openshift_hardening_enabled": {
 				Type:        schema.TypeBool,
 				Description: "",
@@ -896,6 +902,7 @@ func resourceHostAssurancePolicyUpdate(d *schema.ResourceData, m interface{}) er
 		"policy_settings",
 		"exclude_application_scopes",
 		"linux_cis_enabled",
+		"windows_cis_enabled",
 		"openshift_hardening_enabled",
 		"kubernetes_controls_avd_ids",
 		"vulnerability_score_range",
@@ -1021,6 +1028,7 @@ func resourceHostAssurancePolicyRead(d *schema.ResourceData, m interface{}) erro
 	d.Set("policy_settings", flattenPolicySettings(iap.PolicySettings))
 	d.Set("exclude_application_scopes", iap.ExcludeApplicationScopes)
 	d.Set("linux_cis_enabled", iap.LinuxCisEnabled)
+	d.Set("windows_cis_enabled", iap.WindowsCisEnabled)
 	d.Set("openshift_hardening_enabled", iap.OpenshiftHardeningEnabled)
 	d.Set("kubernetes_controls_avd_ids", iap.KubernetesControlsAvdIds)
 	d.Set("vulnerability_score_range", iap.VulnerabilityScoreRange)

diff --git a/aquasec/resource_image_assurance_policy.go b/aquasec/resource_image_assurance_policy.go
@@ -9,10 +9,11 @@ import (
 
 func resourceImageAssurancePolicy() *schema.Resource {
 	return &schema.Resource{
-		Create: resourceImageAssurancePolicyCreate,
-		Read:   resourceImageAssurancePolicyRead,
-		Update: resourceImageAssurancePolicyUpdate,
-		Delete: resourceImageAssurancePolicyDelete,
+		Description: "Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images.",
+		Create:      resourceImageAssurancePolicyCreate,
+		Read:        resourceImageAssurancePolicyRead,
+		Update:      resourceImageAssurancePolicyUpdate,
+		Delete:      resourceImageAssurancePolicyDelete,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},

diff --git a/aquasec/resource_kubernetes_assurance_policy.go b/aquasec/resource_kubernetes_assurance_policy.go
@@ -9,10 +9,11 @@ import (
 
 func resourceKubernetesAssurancePolicy() *schema.Resource {
 	return &schema.Resource{
-		Create: resourceKubernetesAssurancePolicyCreate,
-		Read:   resourceKubernetesAssurancePolicyRead,
-		Update: resourceKubernetesAssurancePolicyUpdate,
-		Delete: resourceKubernetesAssurancePolicyDelete,
+		Description: "Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements.",
+		Create:      resourceKubernetesAssurancePolicyCreate,
+		Read:        resourceKubernetesAssurancePolicyRead,
+		Update:      resourceKubernetesAssurancePolicyUpdate,
+		Delete:      resourceKubernetesAssurancePolicyDelete,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},

diff --git a/client/assurance_policy.go b/client/assurance_policy.go
@@ -103,6 +103,7 @@ type AssurancePolicy struct {
 	PolicySettings              PolicySettings          `json:"policy_settings,omitempty"`
 	ExcludeApplicationScopes    []string                `json:"exclude_application_scopes"`
 	LinuxCisEnabled             bool                    `json:"linux_cis_enabled"`
+	WindowsCisEnabled           bool                    `json:"windows_cis_enabled"`
 	OpenshiftHardeningEnabled   bool                    `json:"openshift_hardening_enabled"`
 	KubernetesControlsAvdIds    []string                `json:"kubernetes_controls_avd_ids"`
 	VulnerabilityScoreRange     []int                   `json:"vulnerability_score_range"`