Merge pull request #7 from imperva/matt/SCV-2658-log-aggregator-audit…

…-types

Support "slow_query" audit_type values [SCV-2694] [SCV-2658]

GNUmakefile

@@ -5,7 +5,7 @@ HOSTNAME=registry.terraform.io
 NAMESPACE=terraform-providers
 PKG_NAME=dsfhub
 BINARY=terraform-provider-${PKG_NAME}
-VERSION=1.2.43
+VERSION=1.2.44
 OS_ARCH=darwin_amd64
 
 default: install

dsfhub/resource_common.go

@@ -386,6 +386,15 @@ func getSchema() AssetSchema {
 	return assetSchema
 }
 
+func contains(l []string, x string) bool {
+	for _, a := range l {
+		if a == x {
+			return true
+		}
+	}
+	return false
+}
+
 // ConnectionData resource hash functions
 func resourceConnectionDataAmazonSecretHash(v interface{}) int {
 	var buf bytes.Buffer

dsfhub/resource_log_aggregator.go

@@ -67,12 +67,12 @@ func resourceLogAggregator() *schema.Resource {
 				Computed:    true,
 			},
 			"audit_type": {
-				Type:         schema.TypeString,
-				Description:  "Used to indicate what mechanism should be used to fetch logs on systems supporting multiple ways to get logs, see asset specific documentation for details.  Example: \"BIGQUERY\",\"BIGTABLE\",\"BUCKET\",\"MSSQL\",\"MYSQL\",\"POSTGRESQL\",\"SPANNER\"",
-				Required:     false,
-				Optional:     true,
-				Default:      nil,
-				ValidateFunc: validation.StringInSlice([]string{"BIGQUERY", "BIGTABLE", "BUCKET", "MSSQL", "MYSQL", "POSTGRESQL", "SPANNER"}, false),
+				Type:        schema.TypeString,
+				Description: "Used to indicate what mechanism should be used to fetch logs on systems supporting multiple ways to get logs, see asset specific documentation for details.  Example: \"BIGQUERY\",\"BIGTABLE\",\"BUCKET\",\"MSSQL\",\"MYSQL\",\"POSTGRESQL\",\"SPANNER\"",
+				Required:    false,
+				Optional:    true,
+				Default:     nil,
+				// ValidateFunc: validation.StringInSlice([]string{"BIGQUERY", "BIGTABLE", "BUCKET", "MSSQL", "MYSQL", "POSTGRESQL", "SPANNER"}, false),
 			},
 			"available_regions": {
 				Type:        schema.TypeString,
@@ -636,23 +636,50 @@ func resourceLogAggregatorCreate(d *schema.ResourceData, m interface{}) error {
 	d.SetId(logAggregatorId)
 
 	auditPullEnabled := d.Get("audit_pull_enabled").(bool)
+	auditType := d.Get("audit_type").(string)
+	assetId := d.Get("asset_id").(string)
 	parentAssetId := d.Get("parent_asset_id")
-	if parentAssetId != nil && auditPullEnabled == true {
+
+	if auditPullEnabled {
 		wait := 6 * time.Second
-		parentAssetId := d.Get("parent_asset_id").(string)
-		log.Printf("[INFO] Disabling and enabling audit for DSF data source parentAssetId: %s \n", parentAssetId)
-		_, err1 := client.DisableAuditDSFDataSource(parentAssetId)
-		if err1 != nil {
-			log.Printf("[INFO] Error disabling audit for parentAssetId: %s\n", parentAssetId)
-			return err1
-		}
-		time.Sleep(wait)
-		_, err2 := client.EnableAuditDSFDataSource(parentAssetId)
-		if err2 != nil {
-			log.Printf("[INFO] Error enabling audit for parentAssetId: %s\n", parentAssetId)
-			return err2
+
+		// if using one of slow_query audit types, enable audit on log aggregator
+		if contains(slowQueryAuditTypes, auditType) {
+			log.Printf("[INFO] Disabling and enabling audit for DSF data source assetId: %s \n", assetId)
+
+			_, err1 := client.DisableAuditDSFDataSource(assetId)
+			if err1 != nil {
+				log.Printf("[INFO] Error disabling audit for assetId: %s\n", assetId)
+				return err1
+			}
+			time.Sleep(wait)
+
+			_, err2 := client.EnableAuditDSFDataSource(assetId)
+			if err2 != nil {
+				log.Printf("[INFO] Error enabling audit for assetId: %s\n", assetId)
+				return err2
+			}
+			time.Sleep(wait)
+			// if not, enable audit against parent
+		} else if parentAssetId != nil {
+			parentAssetId := d.Get("parent_asset_id").(string)
+
+			log.Printf("[INFO] Disabling and enabling audit for DSF data source parentAssetId: %s \n", parentAssetId)
+			_, err1 := client.DisableAuditDSFDataSource(parentAssetId)
+			if err1 != nil {
+				log.Printf("[INFO] Error disabling audit for parentAssetId: %s\n", parentAssetId)
+				return err1
+			}
+			time.Sleep(wait)
+
+			_, err2 := client.EnableAuditDSFDataSource(parentAssetId)
+			if err2 != nil {
+				log.Printf("[INFO] Error enabling audit for parentAssetId: %s\n", parentAssetId)
+				return err2
+			}
+			time.Sleep(wait)
 		}
-		time.Sleep(wait)
+
 	}
 
 	// Set the rest of the state from the resource read

dsfhub/resource_log_aggregator_schema.go

@@ -161,3 +161,9 @@ var requiredLogAggregatorJson = `{
 		}
 	}
 }`
+
+var slowQueryAuditTypes = []string{
+	"AWS_RDS_AURORA_MYSQL_SLOW",
+	"AWS_RDS_MYSQL_SLOW",
+	"AWS_NEPTUNE_SLOW",
+}