From a382007a0fcd7a323c30657ac6253be27d113b89 Mon Sep 17 00:00:00 2001 From: SevenEarth <391613297@qq.com> Date: Tue, 30 Jan 2024 14:37:30 +0800 Subject: [PATCH] feat/csip --- go.mod | 4 +- go.sum | 4 + .../csip/resource_tc_csip_risk_center.go | 63 ++++++------ .../csip/resource_tc_csip_risk_center.md | 85 +++++++++++----- .../csip/resource_tc_csip_risk_center_test.go | 37 ++----- .../tencentcloud/common/http/request.go | 2 +- vendor/modules.txt | 4 +- website/docs/r/csip_risk_center.html.markdown | 97 +++++++++++++------ 8 files changed, 181 insertions(+), 115 deletions(-) diff --git a/go.mod b/go.mod index 65b5777ccb..590106c364 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.847 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.544 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.711 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.849 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.853 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.692 @@ -108,7 +108,7 @@ require ( require ( github.com/hashicorp/go-uuid v1.0.3 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdwpg v1.0.772 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.849 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.853 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dasb v1.0.798 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/oceanus v1.0.831 github.com/wI2L/jsondiff v0.3.0 diff --git a/go.sum b/go.sum index 50445dc3d8..1459f498d2 100644 --- a/go.sum +++ b/go.sum @@ -956,8 +956,12 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.847 h1:ITZm github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.847/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.849 h1:ieRAJU2lnAcaDK25W29C9R7iyR5IR4E+5DujRfu5wls= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.849/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.853 h1:TNYjF1jDLLNTirAkq7zRT9iF9xC2ZjgwpXsVSEBQvgQ= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.853/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.849 h1:Q48wD8VMYTjasH0yAqCIoSkiIwtge3Gzem5pmJx9h54= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.849/go.mod h1:lTyS8mn+Au4aWFFHFsTmyAFYW5mxylw366QBJ0040eU= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.853 h1:Ofgedv4BWvDYX1Ff/5H2wYShan8mC1OtaHQJq+rG0pE= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.853/go.mod h1:iDYmWmDEfR74RzWU5kO1UWFsWu/c0pMtEtnoWRMvaJQ= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624 h1:nEZqsoqt1pEoaP9JjkHQy3/H00suCfzlHW1qOm2nYD8= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624/go.mod h1:+TXSVyeKwt1IhZRqKPbTREteBcP+K07Q846/ilNzLWA= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762 h1:2egy69SP/wPsmnfozcQVZ6tUY6F6N/TpEe/7xtXrc/8= diff --git a/tencentcloud/services/csip/resource_tc_csip_risk_center.go b/tencentcloud/services/csip/resource_tc_csip_risk_center.go index 6e0d4b6c16..6447236422 100644 --- a/tencentcloud/services/csip/resource_tc_csip_risk_center.go +++ b/tencentcloud/services/csip/resource_tc_csip_risk_center.go @@ -38,14 +38,9 @@ func ResourceTencentCloudCsipRiskCenter() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, Description: "Scan Project. Example: port/poc/weakpass/webcontent/configrisk/exposedserver.", }, - "scan_plan_type": { - Required: true, - Type: schema.TypeInt, - ValidateFunc: tccommon.ValidateAllowedIntValue(SCAN_PLAN_TYPE), - Description: "0- Periodic task,1- immediate scan,2- periodic scan,3- Custom; 0,2, and 3 are required for ScanPlanContent.", - }, "assets": { Optional: true, + Computed: true, Type: schema.TypeList, Description: "Scan the asset information list.", Elem: &schema.Resource{ @@ -95,9 +90,9 @@ func ResourceTencentCloudCsipRiskCenter() *schema.Resource { Description: "Ip/domain/url array.", }, "scan_from": { - Optional: true, + Computed: true, Type: schema.TypeString, - Description: "Request origin. The default value vss indicates the vulnerability scanning service. Users of the cloud security center please fill in the csip.", + Description: "Request origin.", }, "task_advance_cfg": { Optional: true, @@ -106,6 +101,35 @@ func ResourceTencentCloudCsipRiskCenter() *schema.Resource { Description: "Advanced configuration.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "port_risk": { + Type: schema.TypeList, + Optional: true, + Description: "Advanced Port Risk Configuration.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "port_sets": { + Type: schema.TypeString, + Required: true, + Description: "Port collection, separated by commas.", + }, + "check_type": { + Type: schema.TypeInt, + Required: true, + Description: "Detection item type, 0-system defined, 1-user-defined.", + }, + "detail": { + Type: schema.TypeString, + Required: true, + Description: "Description of detection items.", + }, + "enable": { + Type: schema.TypeInt, + Required: true, + Description: "Whether to enable, 0- No, 1- Enable.", + }, + }, + }, + }, "vul_risk": { Type: schema.TypeList, Optional: true, @@ -211,9 +235,7 @@ func resourceTencentCloudCsipRiskCenterCreate(d *schema.ResourceData, meta inter } } - if v, ok := d.GetOkExists("scan_plan_type"); ok { - request.ScanPlanType = helper.IntInt64(v.(int)) - } + request.ScanPlanType = helper.IntInt64(1) if v, ok := d.GetOk("assets"); ok { for _, item := range v.([]interface{}) { @@ -261,9 +283,7 @@ func resourceTencentCloudCsipRiskCenterCreate(d *schema.ResourceData, meta inter } } - if v, ok := d.GetOk("scan_from"); ok { - request.ScanFrom = helper.String(v.(string)) - } + request.ScanFrom = helper.String("csip") if dMap, ok := helper.InterfacesHeadMap(d, "task_advance_cfg"); ok { taskAdvanceCFG := csip.TaskAdvanceCFG{} @@ -278,7 +298,6 @@ func resourceTencentCloudCsipRiskCenterCreate(d *schema.ResourceData, meta inter if v, ok := vulRiskMap["enable"]; ok { taskCenterVulRiskInputParam.Enable = helper.IntInt64(v.(int)) } - taskAdvanceCFG.VulRisk = append(taskAdvanceCFG.VulRisk, &taskCenterVulRiskInputParam) } } @@ -362,7 +381,7 @@ func resourceTencentCloudCsipRiskCenterCreate(d *schema.ResourceData, meta inter }, } - err = resource.Retry(tccommon.ReadRetryTimeout*5, func() *resource.RetryError { + err = resource.Retry(tccommon.ReadRetryTimeout*40, func() *resource.RetryError { result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseCsipClient().DescribeScanTaskList(waitRequest) if e != nil { return tccommon.RetryError(e) @@ -424,10 +443,6 @@ func resourceTencentCloudCsipRiskCenterRead(d *schema.ResourceData, meta interfa _ = d.Set("scan_item", riskCenter.ScanItem) } - if riskCenter.TaskType != nil { - _ = d.Set("scan_plan_type", riskCenter.TaskType) - } - if riskCenter.Assets != nil { assetsList := []interface{}{} for _, assets := range riskCenter.Assets { @@ -493,14 +508,6 @@ func resourceTencentCloudCsipRiskCenterUpdate(d *schema.ResourceData, meta inter taskId = d.Id() ) - immutableArgs := []string{"scan_from"} - - for _, v := range immutableArgs { - if d.HasChange(v) { - return fmt.Errorf("argument `%s` cannot be changed", v) - } - } - request.TaskId = &taskId if v, ok := d.GetOk("task_name"); ok { diff --git a/tencentcloud/services/csip/resource_tc_csip_risk_center.md b/tencentcloud/services/csip/resource_tc_csip_risk_center.md index 46f6615309..17f9c1c774 100644 --- a/tencentcloud/services/csip/resource_tc_csip_risk_center.md +++ b/tencentcloud/services/csip/resource_tc_csip_risk_center.md @@ -2,38 +2,75 @@ Provides a resource to create a csip risk_center Example Usage +If task_mode is 0 + +```hcl +resource "tencentcloud_csip_risk_center" "example" { + task_name = "tf_example" + scan_asset_type = 1 + scan_item = ["port", "poc", "weakpass"] + scan_plan_content = "46 51 16 */1 * * *" + task_mode = 0 + + assets { + asset_name = "iac-test" + instance_type = "1" + asset_type = "PublicIp" + asset = "49.232.172.248" + region = "ap-beijing" + } +} +``` + +If task_mode is 1 + +```hcl +resource "tencentcloud_csip_risk_center" "example" { + task_name = "tf_example" + scan_asset_type = 3 + scan_item = ["port", "poc"] + scan_plan_type = 0 + scan_plan_content = "46 51 16 */1 * * *" + task_mode = 1 +} +``` + +If task_mode is 2 + ```hcl resource "tencentcloud_csip_risk_center" "example" { task_name = "tf_example" - scan_asset_type = 0 - scan_item = [] - scan_plan_type = 1 + scan_asset_type = 2 + scan_item = ["port", "poc"] + task_mode = 2 + + assets { + asset_name = "iac-test" + instance_type = "1" + asset_type = "PublicIp" + asset = "49.232.172.248" + region = "ap-beijing" + } + assets { - asset_name = "" - instance_type = "" - asset_type = "" - asset = "" - region = "" - arn = "" + asset_name = "iac-test" + instance_type = "POSTGRES" + asset_type = "Db" + asset = "postgres-fnexv5bj" + region = "ap-guangzhou" } - scan_plan_content = "" - self_defining_assets = [] - scan_from = "" + task_advance_cfg { - vul_risk { - risk_id = "" - enable = 0 - } - weak_pwd_risk { - check_item_id = "" - enable = 0 + port_risk { + check_type = 0 + detail = "22、8080、80、443、3380、3389常见流量端口" + port_sets = "常见端口" + enable = 1 } - cfg_risk { - item_id = "" - enable = 0 - resource_type = "" + vul_risk { + risk_id = "b52a4fcc1f24fa323b87cc41f370aa43" + enable = 1 } } - task_mode = 0 } ``` diff --git a/tencentcloud/services/csip/resource_tc_csip_risk_center_test.go b/tencentcloud/services/csip/resource_tc_csip_risk_center_test.go index 1151af1343..36f0014c85 100644 --- a/tencentcloud/services/csip/resource_tc_csip_risk_center_test.go +++ b/tencentcloud/services/csip/resource_tc_csip_risk_center_test.go @@ -38,36 +38,11 @@ func TestAccTencentCloudCsipRiskCenterResource_basic(t *testing.T) { const testAccCsipRiskCenter = ` resource "tencentcloud_csip_risk_center" "example" { - task_name = "tf_example" - scan_asset_type = 0 - scan_item = [] - scan_plan_type = 1 - assets { - asset_name = "" - instance_type = "" - asset_type = "" - asset = "" - region = "" - arn = "" - } - scan_plan_content = "" - self_defining_assets = [] - scan_from = "" - task_advance_cfg { - vul_risk { - risk_id = "" - enable = 0 - } - weak_pwd_risk { - check_item_id = "" - enable = 0 - } - cfg_risk { - item_id = "" - enable = 0 - resource_type = "" - } - } - task_mode = 0 + task_name = "tf_example" + scan_asset_type = 3 + scan_item = ["port", "poc"] + scan_plan_type = 0 + scan_plan_content = "46 51 16 */1 * * *" + task_mode = 1 } ` diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go index c727d6de46..fc27bae73a 100644 --- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go +++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go @@ -265,7 +265,7 @@ func CompleteCommonParams(request Request, region string, requestClient string) params["Action"] = request.GetAction() params["Timestamp"] = strconv.FormatInt(time.Now().Unix(), 10) params["Nonce"] = strconv.Itoa(rand.Int()) - params["RequestClient"] = "SDK_GO_1.0.849" + params["RequestClient"] = "SDK_GO_1.0.853" if requestClient != "" { params["RequestClient"] += ": " + requestClient } diff --git a/vendor/modules.txt b/vendor/modules.txt index d5d024a50f..19d4549a78 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1157,7 +1157,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit/v20190319 # github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.711 ## explicit; go 1.14 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls/v20201016 -# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.849 +# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.853 ## explicit; go 1.11 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/errors @@ -1165,7 +1165,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/json github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/regions -# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.849 +# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.853 ## explicit; go 1.14 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip/v20221121 # github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624 diff --git a/website/docs/r/csip_risk_center.html.markdown b/website/docs/r/csip_risk_center.html.markdown index 7bd08ab589..d1002124fa 100644 --- a/website/docs/r/csip_risk_center.html.markdown +++ b/website/docs/r/csip_risk_center.html.markdown @@ -13,39 +13,76 @@ Provides a resource to create a csip risk_center ## Example Usage +### If task_mode is 0 + +```hcl +resource "tencentcloud_csip_risk_center" "example" { + task_name = "tf_example" + scan_asset_type = 1 + scan_item = ["port", "poc", "weakpass"] + scan_plan_content = "46 51 16 */1 * * *" + task_mode = 0 + + assets { + asset_name = "iac-test" + instance_type = "1" + asset_type = "PublicIp" + asset = "49.232.172.248" + region = "ap-beijing" + } +} +``` + +### If task_mode is 1 + +```hcl +resource "tencentcloud_csip_risk_center" "example" { + task_name = "tf_example" + scan_asset_type = 3 + scan_item = ["port", "poc"] + scan_plan_type = 0 + scan_plan_content = "46 51 16 */1 * * *" + task_mode = 1 +} +``` + +### If task_mode is 2 + ```hcl resource "tencentcloud_csip_risk_center" "example" { task_name = "tf_example" - scan_asset_type = 0 - scan_item = [] - scan_plan_type = 1 + scan_asset_type = 2 + scan_item = ["port", "poc"] + task_mode = 2 + assets { - asset_name = "" - instance_type = "" - asset_type = "" - asset = "" - region = "" - arn = "" + asset_name = "iac-test" + instance_type = "1" + asset_type = "PublicIp" + asset = "49.232.172.248" + region = "ap-beijing" } - scan_plan_content = "" - self_defining_assets = [] - scan_from = "" + + assets { + asset_name = "iac-test" + instance_type = "POSTGRES" + asset_type = "Db" + asset = "postgres-fnexv5bj" + region = "ap-guangzhou" + } + task_advance_cfg { - vul_risk { - risk_id = "" - enable = 0 - } - weak_pwd_risk { - check_item_id = "" - enable = 0 + port_risk { + check_type = 0 + detail = "22、8080、80、443、3380、3389常见流量端口" + port_sets = "常见端口" + enable = 1 } - cfg_risk { - item_id = "" - enable = 0 - resource_type = "" + vul_risk { + risk_id = "b52a4fcc1f24fa323b87cc41f370aa43" + enable = 1 } } - task_mode = 0 } ``` @@ -55,10 +92,8 @@ The following arguments are supported: * `scan_asset_type` - (Required, Int) 0- Full scan, 1- Specify asset scan, 2- Exclude asset scan, 3- Manually fill in the scan. If 1 and 2 are required, the Assets field is required. If 3 is required, SelfDefiningAssets is required. * `scan_item` - (Required, Set: [`String`]) Scan Project. Example: port/poc/weakpass/webcontent/configrisk/exposedserver. -* `scan_plan_type` - (Required, Int) 0- Periodic task,1- immediate scan,2- periodic scan,3- Custom; 0,2, and 3 are required for ScanPlanContent. * `task_name` - (Required, String) Task Name. * `assets` - (Optional, List) Scan the asset information list. -* `scan_from` - (Optional, String) Request origin. The default value vss indicates the vulnerability scanning service. Users of the cloud security center please fill in the csip. * `scan_plan_content` - (Optional, String) Scan plan details. * `self_defining_assets` - (Optional, Set: [`String`]) Ip/domain/url array. * `task_advance_cfg` - (Optional, List) Advanced configuration. @@ -79,9 +114,17 @@ The `cfg_risk` object of `task_advance_cfg` supports the following: * `item_id` - (Required, String) Detection item ID. * `resource_type` - (Required, String) Resource type. +The `port_risk` object of `task_advance_cfg` supports the following: + +* `check_type` - (Required, Int) Detection item type, 0-system defined, 1-user-defined. +* `detail` - (Required, String) Description of detection items. +* `enable` - (Required, Int) Whether to enable, 0- No, 1- Enable. +* `port_sets` - (Required, String) Port collection, separated by commas. + The `task_advance_cfg` object supports the following: * `cfg_risk` - (Optional, List) Configure advanced risk Settings. +* `port_risk` - (Optional, List) Advanced Port Risk Configuration. * `vul_risk` - (Optional, List) Advanced vulnerability risk configuration. * `weak_pwd_risk` - (Optional, List) Weak password risk advanced configuration. @@ -100,6 +143,6 @@ The `weak_pwd_risk` object of `task_advance_cfg` supports the following: In addition to all arguments above, the following attributes are exported: * `id` - ID of the resource. - +* `scan_from` - Request origin.