From 3a237752d5ddf902372ae52bd19a6c64653ca591 Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Tue, 24 Jan 2023 17:26:12 +0000 Subject: [PATCH] Add two outputs for dlp job trigger: outputting to SCC and DataCatalog (#6855) Co-authored-by: Shuya Ma <87669292+shuyama1@users.noreply.github.com> Fixes https://github.com/hashicorp/terraform-provider-google/issues/11861 Signed-off-by: Modular Magician --- .changelog/6855.txt | 3 + ...source_data_loss_prevention_job_trigger.go | 88 ++++++++++++- ...s_prevention_job_trigger_generated_test.go | 122 ++++++++++++++++++ ..._loss_prevention_job_trigger.html.markdown | 10 +- 4 files changed, 219 insertions(+), 4 deletions(-) create mode 100644 .changelog/6855.txt diff --git a/.changelog/6855.txt b/.changelog/6855.txt new file mode 100644 index 00000000000..41605db2a05 --- /dev/null +++ b/.changelog/6855.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +dlp: added `publish_findings_to_cloud_data_catalog` and `publish_summary_to_cscc` to `google_data_loss_prevention_job_trigger` resource +``` diff --git a/google/resource_data_loss_prevention_job_trigger.go b/google/resource_data_loss_prevention_job_trigger.go index d442170eee5..aae22eed0dc 100644 --- a/google/resource_data_loss_prevention_job_trigger.go +++ b/google/resource_data_loss_prevention_job_trigger.go @@ -118,10 +118,30 @@ A duration in seconds with up to nine fractional digits, terminated by 's'. Exam }, ExactlyOneOf: []string{}, }, + "publish_findings_to_cloud_data_catalog": { + Type: schema.TypeList, + Optional: true, + Description: `Publish findings of a DlpJob to Data Catalog.`, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{}, + }, + ExactlyOneOf: []string{}, + }, + "publish_summary_to_cscc": { + Type: schema.TypeList, + Optional: true, + Description: `Publish the result summary of a DlpJob to the Cloud Security Command Center.`, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{}, + }, + ExactlyOneOf: []string{}, + }, "save_findings": { Type: schema.TypeList, Optional: true, - Description: `Schedule for triggered jobs`, + Description: `If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk`, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -1235,8 +1255,10 @@ func flattenDataLossPreventionJobTriggerInspectJobActions(v interface{}, d *sche continue } transformed = append(transformed, map[string]interface{}{ - "save_findings": flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindings(original["saveFindings"], d, config), - "pub_sub": flattenDataLossPreventionJobTriggerInspectJobActionsPubSub(original["pubSub"], d, config), + "save_findings": flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindings(original["saveFindings"], d, config), + "pub_sub": flattenDataLossPreventionJobTriggerInspectJobActionsPubSub(original["pubSub"], d, config), + "publish_summary_to_cscc": flattenDataLossPreventionJobTriggerInspectJobActionsPublishSummaryToCscc(original["publishSummaryToCscc"], d, config), + "publish_findings_to_cloud_data_catalog": flattenDataLossPreventionJobTriggerInspectJobActionsPublishFindingsToCloudDataCatalog(original["publishFindingsToCloudDataCatalog"], d, config), }) } return transformed @@ -1319,6 +1341,22 @@ func flattenDataLossPreventionJobTriggerInspectJobActionsPubSubTopic(v interface return v } +func flattenDataLossPreventionJobTriggerInspectJobActionsPublishSummaryToCscc(v interface{}, d *schema.ResourceData, config *Config) interface{} { + if v == nil { + return nil + } + transformed := make(map[string]interface{}) + return []interface{}{transformed} +} + +func flattenDataLossPreventionJobTriggerInspectJobActionsPublishFindingsToCloudDataCatalog(v interface{}, d *schema.ResourceData, config *Config) interface{} { + if v == nil { + return nil + } + transformed := make(map[string]interface{}) + return []interface{}{transformed} +} + func expandDataLossPreventionJobTriggerDescription(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { return v, nil } @@ -1914,6 +1952,20 @@ func expandDataLossPreventionJobTriggerInspectJobActions(v interface{}, d Terraf transformed["pubSub"] = transformedPubSub } + transformedPublishSummaryToCscc, err := expandDataLossPreventionJobTriggerInspectJobActionsPublishSummaryToCscc(original["publish_summary_to_cscc"], d, config) + if err != nil { + return nil, err + } else { + transformed["publishSummaryToCscc"] = transformedPublishSummaryToCscc + } + + transformedPublishFindingsToCloudDataCatalog, err := expandDataLossPreventionJobTriggerInspectJobActionsPublishFindingsToCloudDataCatalog(original["publish_findings_to_cloud_data_catalog"], d, config) + if err != nil { + return nil, err + } else { + transformed["publishFindingsToCloudDataCatalog"] = transformedPublishFindingsToCloudDataCatalog + } + req = append(req, transformed) } return req, nil @@ -2036,6 +2088,36 @@ func expandDataLossPreventionJobTriggerInspectJobActionsPubSubTopic(v interface{ return v, nil } +func expandDataLossPreventionJobTriggerInspectJobActionsPublishSummaryToCscc(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 { + return nil, nil + } + + if l[0] == nil { + transformed := make(map[string]interface{}) + return transformed, nil + } + transformed := make(map[string]interface{}) + + return transformed, nil +} + +func expandDataLossPreventionJobTriggerInspectJobActionsPublishFindingsToCloudDataCatalog(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 { + return nil, nil + } + + if l[0] == nil { + transformed := make(map[string]interface{}) + return transformed, nil + } + transformed := make(map[string]interface{}) + + return transformed, nil +} + func resourceDataLossPreventionJobTriggerEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { newObj := make(map[string]interface{}) newObj["jobTrigger"] = obj diff --git a/google/resource_data_loss_prevention_job_trigger_generated_test.go b/google/resource_data_loss_prevention_job_trigger_generated_test.go index 3077a07a1f4..813e584ef76 100644 --- a/google/resource_data_loss_prevention_job_trigger_generated_test.go +++ b/google/resource_data_loss_prevention_job_trigger_generated_test.go @@ -222,6 +222,128 @@ resource "google_data_loss_prevention_job_trigger" "bigquery_row_limit_percentag `, context) } +func TestAccDataLossPreventionJobTrigger_dlpJobTriggerDataCatalogOutputExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "project": getTestProjectFromEnv(), + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckDataLossPreventionJobTriggerDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDataLossPreventionJobTrigger_dlpJobTriggerDataCatalogOutputExample(context), + }, + { + ResourceName: "google_data_loss_prevention_job_trigger.data_catalog_output", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"parent"}, + }, + }, + }) +} + +func testAccDataLossPreventionJobTrigger_dlpJobTriggerDataCatalogOutputExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_data_loss_prevention_job_trigger" "data_catalog_output" { + parent = "projects/%{project}" + description = "Description" + display_name = "Displayname" + + triggers { + schedule { + recurrence_period_duration = "86400s" + } + } + + inspect_job { + inspect_template_name = "fake" + actions { + publish_findings_to_cloud_data_catalog { + } + } + storage_config { + big_query_options { + table_reference { + project_id = "project" + dataset_id = "dataset" + table_id = "table_to_scan" + } + rows_limit_percent = 50 + sample_method = "RANDOM_START" + } + } + } +} +`, context) +} + +func TestAccDataLossPreventionJobTrigger_dlpJobTriggerSccOutputExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "project": getTestProjectFromEnv(), + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckDataLossPreventionJobTriggerDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDataLossPreventionJobTrigger_dlpJobTriggerSccOutputExample(context), + }, + { + ResourceName: "google_data_loss_prevention_job_trigger.scc_output", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"parent"}, + }, + }, + }) +} + +func testAccDataLossPreventionJobTrigger_dlpJobTriggerSccOutputExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_data_loss_prevention_job_trigger" "scc_output" { + parent = "projects/%{project}" + description = "Description" + display_name = "Displayname" + + triggers { + schedule { + recurrence_period_duration = "86400s" + } + } + + inspect_job { + inspect_template_name = "fake" + actions { + publish_summary_to_cscc { + } + } + storage_config { + big_query_options { + table_reference { + project_id = "project" + dataset_id = "dataset" + table_id = "table_to_scan" + } + rows_limit_percent = 50 + sample_method = "RANDOM_START" + } + } + } +} +`, context) +} + func testAccCheckDataLossPreventionJobTriggerDestroyProducer(t *testing.T) func(s *terraform.State) error { return func(s *terraform.State) error { for name, rs := range s.RootModule().Resources { diff --git a/website/docs/r/data_loss_prevention_job_trigger.html.markdown b/website/docs/r/data_loss_prevention_job_trigger.html.markdown index 575030d0e67..bb8a3accea1 100644 --- a/website/docs/r/data_loss_prevention_job_trigger.html.markdown +++ b/website/docs/r/data_loss_prevention_job_trigger.html.markdown @@ -437,7 +437,7 @@ The following arguments are supported: * `save_findings` - (Optional) - Schedule for triggered jobs + If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk Structure is [documented below](#nested_save_findings). * `pub_sub` - @@ -445,6 +445,14 @@ The following arguments are supported: Publish a message into a given Pub/Sub topic when the job completes. Structure is [documented below](#nested_pub_sub). +* `publish_summary_to_cscc` - + (Optional) + Publish the result summary of a DlpJob to the Cloud Security Command Center. + +* `publish_findings_to_cloud_data_catalog` - + (Optional) + Publish findings of a DlpJob to Data Catalog. + The `save_findings` block supports: