Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[New Resource]: Security Hub automation_rule resource #34781

Conversation

DanielRieske
Copy link
Contributor

@DanielRieske DanielRieske commented Dec 7, 2023

Description

This PR adds the aws_securityhub_automation_rule resource, automation rules can be used to automatically update findings in Security Hub.

https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html

Relations

Closes #32210

References

Output from Acceptance Testing

make testacc TESTS=TestAccSecurityHub_serial/AutomationRule PKG=securityhub
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/securityhub/... -v -count 1 -parallel 20 -run='TestAccSecurityHub_serial/AutomationRule'  -timeout 360m
=== RUN   TestAccSecurityHub_serial
=== PAUSE TestAccSecurityHub_serial
=== CONT  TestAccSecurityHub_serial
=== RUN   TestAccSecurityHub_serial/AutomationRule
=== RUN   TestAccSecurityHub_serial/AutomationRule/mapFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/tags
=== RUN   TestAccSecurityHub_serial/AutomationRule/basic
=== RUN   TestAccSecurityHub_serial/AutomationRule/full
=== RUN   TestAccSecurityHub_serial/AutomationRule/disappears
=== RUN   TestAccSecurityHub_serial/AutomationRule/stringFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/numberFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/dateFilters
--- PASS: TestAccSecurityHub_serial (373.10s)
    --- PASS: TestAccSecurityHub_serial/AutomationRule (373.10s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/mapFilters (50.03s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/tags (68.56s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/basic (30.19s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/full (49.12s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/disappears (28.03s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/stringFilters (49.08s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/numberFilters (49.03s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/dateFilters (49.05s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/securityhub        375.297s
make testacc TESTS=TestAccSecurityHub_serial PKG=securityhub       
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/securityhub/... -v -count 1 -parallel 20 -run='TestAccSecurityHub_serial'  -timeout 360m
=== RUN   TestAccSecurityHub_serial
=== PAUSE TestAccSecurityHub_serial
=== CONT  TestAccSecurityHub_serial
=== RUN   TestAccSecurityHub_serial/StandardsSubscription
=== RUN   TestAccSecurityHub_serial/StandardsSubscription/basic
=== RUN   TestAccSecurityHub_serial/StandardsSubscription/disappears
=== RUN   TestAccSecurityHub_serial/Account
=== RUN   TestAccSecurityHub_serial/Account/RemoveControlFindingGeneratorDefaultValue
=== RUN   TestAccSecurityHub_serial/Account/basic
=== RUN   TestAccSecurityHub_serial/Account/disappears
=== RUN   TestAccSecurityHub_serial/Account/EnableDefaultStandardsFalse
=== RUN   TestAccSecurityHub_serial/Account/MigrateV0
=== RUN   TestAccSecurityHub_serial/Account/Full
=== RUN   TestAccSecurityHub_serial/AutomationRule
=== RUN   TestAccSecurityHub_serial/AutomationRule/stringFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/numberFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/dateFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/mapFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/tags
=== RUN   TestAccSecurityHub_serial/AutomationRule/basic
=== RUN   TestAccSecurityHub_serial/AutomationRule/full
=== RUN   TestAccSecurityHub_serial/AutomationRule/disappears
=== RUN   TestAccSecurityHub_serial/Member
=== RUN   TestAccSecurityHub_serial/Member/basic
=== RUN   TestAccSecurityHub_serial/Member/invite
=== RUN   TestAccSecurityHub_serial/Insight
=== RUN   TestAccSecurityHub_serial/Insight/basic
=== RUN   TestAccSecurityHub_serial/Insight/Name
=== RUN   TestAccSecurityHub_serial/Insight/WorkflowStatus
=== RUN   TestAccSecurityHub_serial/Insight/KeywordFilters
=== RUN   TestAccSecurityHub_serial/Insight/MapFilters
=== RUN   TestAccSecurityHub_serial/Insight/MultipleFilters
=== RUN   TestAccSecurityHub_serial/Insight/NumberFilters
=== RUN   TestAccSecurityHub_serial/Insight/disappears
=== RUN   TestAccSecurityHub_serial/Insight/DateFilters
=== RUN   TestAccSecurityHub_serial/Insight/GroupByAttribute
=== RUN   TestAccSecurityHub_serial/Insight/IpFilters
=== RUN   TestAccSecurityHub_serial/ProductSubscription
=== RUN   TestAccSecurityHub_serial/ProductSubscription/basic
=== RUN   TestAccSecurityHub_serial/StandardsControl
=== RUN   TestAccSecurityHub_serial/StandardsControl/EnabledControlStatusAndDisabledReason
=== RUN   TestAccSecurityHub_serial/StandardsControl/basic
=== RUN   TestAccSecurityHub_serial/StandardsControl/DisabledControlStatus
=== RUN   TestAccSecurityHub_serial/ActionTarget
=== RUN   TestAccSecurityHub_serial/ActionTarget/disappears
=== RUN   TestAccSecurityHub_serial/ActionTarget/Description
=== RUN   TestAccSecurityHub_serial/ActionTarget/Name
=== RUN   TestAccSecurityHub_serial/ActionTarget/basic
=== RUN   TestAccSecurityHub_serial/InviteAccepter
=== RUN   TestAccSecurityHub_serial/InviteAccepter/basic
    acctest.go:848: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccSecurityHub_serial/OrganizationAdminAccount
=== RUN   TestAccSecurityHub_serial/OrganizationAdminAccount/MultiRegion
    acctest.go:981: skipping tests; this AWS account must not be an existing member of an AWS Organization
=== RUN   TestAccSecurityHub_serial/OrganizationAdminAccount/basic
    acctest.go:981: skipping tests; this AWS account must not be an existing member of an AWS Organization
=== RUN   TestAccSecurityHub_serial/OrganizationAdminAccount/disappears
    acctest.go:981: skipping tests; this AWS account must not be an existing member of an AWS Organization
=== RUN   TestAccSecurityHub_serial/OrganizationConfiguration
=== RUN   TestAccSecurityHub_serial/OrganizationConfiguration/basic
    acctest.go:1010: this AWS account must be the management account of an AWS Organization
=== RUN   TestAccSecurityHub_serial/OrganizationConfiguration/AutoEnableStandards
    acctest.go:1010: this AWS account must be the management account of an AWS Organization
=== RUN   TestAccSecurityHub_serial/FindingAggregator
=== RUN   TestAccSecurityHub_serial/FindingAggregator/basic
=== RUN   TestAccSecurityHub_serial/FindingAggregator/disappears
--- PASS: TestAccSecurityHub_serial (2197.10s)
    --- PASS: TestAccSecurityHub_serial/StandardsSubscription (136.10s)
        --- PASS: TestAccSecurityHub_serial/StandardsSubscription/basic (68.73s)
        --- PASS: TestAccSecurityHub_serial/StandardsSubscription/disappears (67.37s)
    --- PASS: TestAccSecurityHub_serial/Account (205.58s)
        --- PASS: TestAccSecurityHub_serial/Account/RemoveControlFindingGeneratorDefaultValue (36.79s)
        --- PASS: TestAccSecurityHub_serial/Account/basic (29.31s)
        --- PASS: TestAccSecurityHub_serial/Account/disappears (28.89s)
        --- PASS: TestAccSecurityHub_serial/Account/EnableDefaultStandardsFalse (26.62s)
        --- PASS: TestAccSecurityHub_serial/Account/MigrateV0 (38.92s)
        --- PASS: TestAccSecurityHub_serial/Account/Full (45.04s)
    --- PASS: TestAccSecurityHub_serial/AutomationRule (560.57s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/stringFilters (66.38s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/numberFilters (65.95s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/dateFilters (65.26s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/mapFilters (65.22s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/tags (89.59s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/basic (40.85s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/full (127.59s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/disappears (39.73s)
    --- PASS: TestAccSecurityHub_serial/Member (79.76s)
        --- PASS: TestAccSecurityHub_serial/Member/basic (39.48s)
        --- PASS: TestAccSecurityHub_serial/Member/invite (40.28s)
    --- PASS: TestAccSecurityHub_serial/Insight (577.86s)
        --- PASS: TestAccSecurityHub_serial/Insight/basic (39.94s)
        --- PASS: TestAccSecurityHub_serial/Insight/Name (61.69s)
        --- PASS: TestAccSecurityHub_serial/Insight/WorkflowStatus (38.91s)
        --- PASS: TestAccSecurityHub_serial/Insight/KeywordFilters (38.88s)
        --- PASS: TestAccSecurityHub_serial/Insight/MapFilters (41.67s)
        --- PASS: TestAccSecurityHub_serial/Insight/MultipleFilters (61.49s)
        --- PASS: TestAccSecurityHub_serial/Insight/NumberFilters (88.94s)
        --- PASS: TestAccSecurityHub_serial/Insight/disappears (38.50s)
        --- PASS: TestAccSecurityHub_serial/Insight/DateFilters (65.33s)
        --- PASS: TestAccSecurityHub_serial/Insight/GroupByAttribute (63.30s)
        --- PASS: TestAccSecurityHub_serial/Insight/IpFilters (39.20s)
    --- PASS: TestAccSecurityHub_serial/ProductSubscription (89.55s)
        --- PASS: TestAccSecurityHub_serial/ProductSubscription/basic (89.55s)
    --- PASS: TestAccSecurityHub_serial/StandardsControl (215.33s)
        --- PASS: TestAccSecurityHub_serial/StandardsControl/EnabledControlStatusAndDisabledReason (53.54s)
        --- PASS: TestAccSecurityHub_serial/StandardsControl/basic (83.06s)
        --- PASS: TestAccSecurityHub_serial/StandardsControl/DisabledControlStatus (78.74s)
    --- PASS: TestAccSecurityHub_serial/ActionTarget (199.96s)
        --- PASS: TestAccSecurityHub_serial/ActionTarget/disappears (38.78s)
        --- PASS: TestAccSecurityHub_serial/ActionTarget/Description (61.24s)
        --- PASS: TestAccSecurityHub_serial/ActionTarget/Name (61.10s)
        --- PASS: TestAccSecurityHub_serial/ActionTarget/basic (38.85s)
    --- PASS: TestAccSecurityHub_serial/InviteAccepter (0.00s)
        --- SKIP: TestAccSecurityHub_serial/InviteAccepter/basic (0.00s)
    --- PASS: TestAccSecurityHub_serial/OrganizationAdminAccount (2.35s)
        --- SKIP: TestAccSecurityHub_serial/OrganizationAdminAccount/MultiRegion (0.54s)
        --- SKIP: TestAccSecurityHub_serial/OrganizationAdminAccount/basic (0.20s)
        --- SKIP: TestAccSecurityHub_serial/OrganizationAdminAccount/disappears (1.60s)
    --- PASS: TestAccSecurityHub_serial/OrganizationConfiguration (2.41s)
        --- SKIP: TestAccSecurityHub_serial/OrganizationConfiguration/basic (2.08s)
        --- SKIP: TestAccSecurityHub_serial/OrganizationConfiguration/AutoEnableStandards (0.33s)
    --- PASS: TestAccSecurityHub_serial/FindingAggregator (127.63s)
        --- PASS: TestAccSecurityHub_serial/FindingAggregator/basic (88.06s)
        --- PASS: TestAccSecurityHub_serial/FindingAggregator/disappears (39.57s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/securityhub        2199.304s

Copy link

github-actions bot commented Dec 7, 2023

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added size/XL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/securityhub Issues and PRs that pertain to the securityhub service. generators Relates to code generators. labels Dec 7, 2023
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Dec 7, 2023
@DanielRieske DanielRieske changed the title [New Resource] Security Hub automation_rule resource [New Resource]: Security Hub automation_rule resource Dec 7, 2023
@DanielRieske
Copy link
Contributor Author

DanielRieske commented Dec 7, 2023

I had to fix a test scenario in member_test. The API returns an BadRequestException when it cannot find the resource and securityhub is disabled.

To accommodate the testAccCheckMemberDestroy we have to return an NotFound in this scenario. Unfortunatly this error code isn't in the types for this service therefore I had to manually add it.

@ewbankkit Do you mind if I fix this in this PR? Or would you prefer a seperate PR?

make testacc TESTS=TestAccSecurityHub_serial/Member PKG=securityhub
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/securityhub/... -v -count 1 -parallel 20 -run='TestAccSecurityHub_serial/Member'  -timeout 360m
=== RUN   TestAccSecurityHub_serial
=== PAUSE TestAccSecurityHub_serial
=== CONT  TestAccSecurityHub_serial
=== RUN   TestAccSecurityHub_serial/Member
=== RUN   TestAccSecurityHub_serial/Member/basic
    testing_new.go:91: Error running post-test destroy, there may be dangling resources: operation error SecurityHub: GetMembers, https response error StatusCode: 400, RequestID: f0a5747b-2635-41f5-8f6e-c0020989543c, api error BadRequestException: The request is rejected since no such resource found.
=== RUN   TestAccSecurityHub_serial/Member/invite
    testing_new.go:91: Error running post-test destroy, there may be dangling resources: operation error SecurityHub: GetMembers, https response error StatusCode: 400, RequestID: cb38a7cf-5573-410b-a8af-f639f5f83353, api error BadRequestException: The request is rejected since no such resource found.

@DanielRieske DanielRieske marked this pull request as ready for review December 7, 2023 15:52
@bschaatsbergen bschaatsbergen removed the needs-triage Waiting for first response or review from a maintainer. label Dec 10, 2023
@ewbankkit ewbankkit self-assigned this Feb 23, 2024
@terraform-aws-provider terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Feb 23, 2024
ewbankkit and others added 18 commits February 26, 2024 11:20
…triggers

f/aws_codepipeline add support for triggers
…add_attribute

r/aws_mwaa_environment: add `endpoint_management` attribute
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccSecurityHub_serial/AutomationRule' PKG=securityhub      
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/securityhub/... -v -count 1 -parallel 20  -run=TestAccSecurityHub_serial/AutomationRule -timeout 360m
=== RUN   TestAccSecurityHub_serial
=== PAUSE TestAccSecurityHub_serial
=== CONT  TestAccSecurityHub_serial
=== RUN   TestAccSecurityHub_serial/AutomationRule
=== RUN   TestAccSecurityHub_serial/AutomationRule/disappears
=== RUN   TestAccSecurityHub_serial/AutomationRule/stringFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/numberFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/dateFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/mapFilters
=== RUN   TestAccSecurityHub_serial/AutomationRule/tags
=== RUN   TestAccSecurityHub_serial/AutomationRule/basic
=== RUN   TestAccSecurityHub_serial/AutomationRule/full
--- PASS: TestAccSecurityHub_serial (281.06s)
    --- PASS: TestAccSecurityHub_serial/AutomationRule (281.06s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/disappears (21.51s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/stringFilters (37.46s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/numberFilters (38.27s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/dateFilters (37.67s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/mapFilters (37.46s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/tags (50.62s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/basic (23.34s)
        --- PASS: TestAccSecurityHub_serial/AutomationRule/full (34.72s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/securityhub	293.445s

@ewbankkit
Copy link
Contributor

@DanielRieske Thanks for the contribution 🎉 👏.

…ub-automation-rule-resource

[New Resource]: Security Hub `automation_rule` resource
@ewbankkit ewbankkit closed this Feb 26, 2024
Copy link

Thank you for your contribution! 🚀

Please note that the CHANGELOG.md file contents are handled by the maintainers during merge. This is to prevent pull request merge conflicts, especially for contributions which may not be merged immediately. Please see the Contributing Guide for additional pull request review items.

Remove any changes to the CHANGELOG.md file and commit them in this pull request to prevent delays with reviewing and potentially merging this pull request.

@ewbankkit ewbankkit added this to the v5.39.0 milestone Feb 26, 2024
Copy link

Thank you for your contribution! 🚀

Please note that typically Go dependency changes are handled in this repository by dependabot or the maintainers. This is to prevent pull request merge conflicts and further delay reviews of contributions. Remove any changes to the go.mod or go.sum files and commit them into this pull request.

Additional details:

  • Check open pull requests with the dependencies label to view other dependency updates.
  • If this pull request includes an update the AWS Go SDK (or any other dependency) version, only updates submitted via dependabot will be merged. This pull request will need to remove these changes and will need to be rebased after the existing dependency update via dependabot has been merged for this pull request to be reviewed.
  • If this pull request is for supporting a new AWS service:
    • Ensure the new AWS service changes are following the Contributing Guide section on new services, in particular that the dependency addition and initial provider support are in a separate pull request from other changes (e.g. new resources). Contributions not following this item will not be reviewed until the changes are split.
    • If this pull request is already a separate pull request from the above item, you can ignore this message.

@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Mar 1, 2024
Copy link

github-actions bot commented Mar 1, 2024

This functionality has been released in v5.39.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. generators Relates to code generators. service/securityhub Issues and PRs that pertain to the securityhub service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[New Resource]: Add in Security Hub Automation Rules
10 participants