Automating your security is crucial, especially for companies operating in the cloud! I have recently made a video tutorial on how to use Terraform provider for Prisma Cloud Compute.
It would help anyone using Palo Alto Network's security platform to start building automation around their security practices.
I will include code snippets from this tutorial below:
creds.json
{
"username": "test",
"password": "test",
"console_url": "https://192.168.64.2:32677"
}
main.tf
terraform {
required_providers {
prismacloudcompute = {
source = "PaloAltoNetworks/prismacloudcompute"
version = "0.1.0"
}
}
}
provider "prismacloudcompute" {
config_file = "creds.json"
}
resource "prismacloudcompute_collection" "node_alpine" {
name = "node-alpine-collection"
description = "Collection for Node images based on Alpine"
color = "#68A063"
application_ids = ["*"]
code_repositories = ["*"]
images = ["node:17-alpine3.12", "*/node:17-alpine3.12"]
labels = ["*"]
namespaces = ["*"]
}
resource "prismacloudcompute_ci_image_vulnerability_policy" "ruleset" {
depends_on = [
prismacloudcompute_collection.node_alpine,
]
rule {
collections = [
prismacloudcompute_collection.node_alpine.name,
]
disabled = false
effect = "alert, block"
grace_days = 30
name = "${prismacloudcompute_collection.node_alpine.name}-ci-policy"
notes = "CI policy for ${prismacloudcompute_collection.node_alpine.name}"
only_fixed = true
verbose = false
alert_threshold {
disabled = false
value = 1
}
block_threshold {
enabled = true
value = 2
}
cve_rule {
description = "Ignore ansi-regex"
effect = "ignore"
id = "CVE-2021-3807"
expiration {
date = "2022-01-06T06:00:00Z"
enabled = true
}
}
cve_rule {
description = "Ignore busybox"
effect = "ignore"
id = "CVE-2021-28831"
expiration {
date = "2022-01-06T06:00:00Z"
enabled = true
}
}
}
rule {
collections = [
"All",
]
disabled = false
effect = "alert, block"
grace_days = 30
name = "default"
notes = "Default policy for CI scans"
only_fixed = true
verbose = false
alert_threshold {
disabled = false
value = 1
}
block_threshold {
enabled = true
value = 2
}
}
}
Top comments (0)