From d051f47847013a8ff9ac78092f60d162f3f3f5fa Mon Sep 17 00:00:00 2001 From: Miguel Campos Date: Wed, 18 Dec 2024 11:30:43 -0800 Subject: [PATCH] Add support for isSudoEnabled to AWS SSH installations (#43) Adds a new management property, `is_sudo_enabled`, to the AWS SSH installation resource. The parameter defaults to "false" and can be omitted. ### Examples ##### Disabled ``` resource "p0_ssh_aws" "aws-example" { account_id = "123456789012" group_key = "Customer" } ``` ``` resource "p0_ssh_aws" "aws-example" { account_id = "123456789012" group_key = "Customer" is_sudo_enabled = false } ``` ##### Enabled ``` resource "p0_ssh_aws" "aws-example" { account_id = "123456789012" group_key = "Customer" is_sudo_enabled = true } ``` --- docs/resources/ssh_aws.md | 1 + .../provider/resources/install/ssh/aws.go | 37 +++++++++++++++---- 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/docs/resources/ssh_aws.md b/docs/resources/ssh_aws.md index 21461dd..8633c69 100644 --- a/docs/resources/ssh_aws.md +++ b/docs/resources/ssh_aws.md @@ -32,6 +32,7 @@ resource "p0_ssh_aws" "example" { ### Optional - `group_key` (String) If present, AWS instances will be grouped by the value of this tag. Access can be requested, in one request, to all instances with a shared tag value +- `is_sudo_enabled` (Boolean) If true, users will be able to request sudo access to the instances - `label` (String) The AWS account's alias (if available) ### Read-Only diff --git a/internal/provider/resources/install/ssh/aws.go b/internal/provider/resources/install/ssh/aws.go index a46d389..57d40ec 100644 --- a/internal/provider/resources/install/ssh/aws.go +++ b/internal/provider/resources/install/ssh/aws.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/p0-security/terraform-provider-p0/internal" @@ -29,16 +30,18 @@ type sshAwsIamWrite struct { } type sshAwsIamWriteModel struct { - AccountId types.String `tfsdk:"account_id" json:"accountId,omitempty"` - GroupKey types.String `tfsdk:"group_key" json:"groupKey,omitempty"` - State types.String `tfsdk:"state" json:"state,omitempty"` - Label types.String `tfsdk:"label" json:"label,omitempty"` + AccountId types.String `tfsdk:"account_id" json:"accountId,omitempty"` + IsSudoEnabled types.Bool `tfsdk:"is_sudo_enabled" json:"isSudoEnabled,omitempty"` + GroupKey types.String `tfsdk:"group_key" json:"groupKey,omitempty"` + State types.String `tfsdk:"state" json:"state,omitempty"` + Label types.String `tfsdk:"label" json:"label,omitempty"` } type sshAwsIamWriteJson struct { - GroupKey *string `json:"groupKey"` - State string `json:"state"` - Label *string `json:"label,omitempty"` + GroupKey *string `json:"groupKey"` + IsSudoEnabled *bool `json:"isSudoEnabled,omitempty"` + State string `json:"state"` + Label *string `json:"label,omitempty"` } type sshAwsIamWriteApi struct { @@ -72,6 +75,12 @@ Installing SSH allows you to manage access to your servers on AWS.`, MarkdownDescription: `If present, AWS instances will be grouped by the value of this tag. Access can be requested, in one request, to all instances with a shared tag value`, Optional: true, }, + "is_sudo_enabled": schema.BoolAttribute{ + MarkdownDescription: `If true, users will be able to request sudo access to the instances`, + Optional: true, + Computed: true, + Default: booldefault.StaticBool(false), + }, "state": schema.StringAttribute{ MarkdownDescription: installresources.StateMarkdownDescription, Computed: true, @@ -126,19 +135,26 @@ func (r *sshAwsIamWrite) fromJson(ctx context.Context, diags *diag.Diagnostics, // remove the aws prefix. accountId := strings.TrimPrefix(id, awsPrefix) data.AccountId = types.StringValue(accountId) + data.State = types.StringValue(jsonv.State) + data.Label = types.StringNull() if jsonv.Label != nil { label := types.StringValue(*jsonv.Label) data.Label = label } - data.State = types.StringValue(jsonv.State) data.GroupKey = types.StringNull() if jsonv.GroupKey != nil { group := types.StringValue(*jsonv.GroupKey) data.GroupKey = group } + data.IsSudoEnabled = types.BoolNull() + if jsonv.IsSudoEnabled != nil { + isSudoEnabled := types.BoolValue(*jsonv.IsSudoEnabled) + data.IsSudoEnabled = isSudoEnabled + } + return &data } @@ -160,6 +176,11 @@ func (r *sshAwsIamWrite) toJson(data any) any { json.GroupKey = &group } + if !datav.IsSudoEnabled.IsNull() { + isSudoEnabled := datav.IsSudoEnabled.ValueBool() + json.IsSudoEnabled = &isSudoEnabled + } + // can omit state here as it's filled by the backend return &json }