search

opsgenie / terraform-provider-opsgenie

Terraform OpsGenie provider
https://registry.terraform.io/providers/opsgenie/opsgenie/latest/docs
Mozilla Public License 2.0
100 stars 136 forks source link

Add support for AmazonSecurityHub integration #229

Open fcoelho opened 3 years ago

fcoelho commented 3 years ago

Terraform Version

Terraform v0.14.7
+ provider registry.terraform.io/opsgenie/opsgenie v0.6.3

Affected Resource(s)

Terraform Configuration Files

terraform {
  required_providers {
    opsgenie = {
      source = "opsgenie/opsgenie"
    }
  }
  required_version = ">= 0.14"
}

provider "opsgenie" {
  api_url = "api.eu.opsgenie.com"
}

resource "opsgenie_api_integration" "security_hub" {
  name = "securityhub-integratino-test"
  type = "AmazonSecurityHub"

  enabled                = true
  allow_write_access     = false
  suppress_notifications = false
}

Debug Output

https://gist.github.com/fcoelho/39aa797507f61ad08abacc2a19162599

Creating an integration of type AmazonSecurityHub works, it gets created properly and you can reach the integration using the resource's api_key attribute. What doesn't work is supplying the extra parameters it needs or updating it in any way.

For example, change the suppress_notifications to true and you get this error from terraform apply:

Error: Error occurred with Status code: 422, Message: Request body is not processable. Please check the errors., Took: 0.002000, RequestId: 188eef21-9ac6-4d36-9954-7c6151596328, Error Detail: map[region:must not be null securityHubIamRoleArn:must not be null]

In order to support AmazonSecurityHub type integrations, the resource needs to add at least the region and securityHubIamRoleArn attributes from the API

fcoelho commented 3 years ago

I realise this will need support from https://github.com/opsgenie/opsgenie-go-sdk-v2 first, I'll create an issue over there as well