init commit for code

.env.template

@@ -0,0 +1,2 @@
+TRENDMICRO_HOST_URL=
+TRENDMICRO_APIKEY=

.github/workflows/release.yml

@@ -0,0 +1,54 @@
+# This GitHub action can publish assets for release when a tag is created.
+# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
+#
+# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your 
+# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
+# secret. If you would rather own your own GPG handling, please fork this action
+# or use an alternative one for key handling.
+#
+# You will need to pass the `--batch` flag to `gpg` in your signing step 
+# in `goreleaser` to indicate this is being used in a non-interactive mode.
+#
+name: release
+on:
+  push:
+    tags:
+      - 'v*'
+jobs:
+  goreleaser:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      -
+        name: Unshallow
+        run: git fetch --prune --unshallow
+      -
+        name: Set up Go
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        with:
+          go-version-file: 'go.mod'
+      -
+        name: Import GPG key
+        id: import_gpg
+        # uses: hashicorp/[email protected] Depricated https://github.com/hashicorp/ghaction-import-gpg
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          # These secrets will need to be configured for the repository:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+      -
+        name: List keys
+        run: gpg -K
+      -
+        name: Run GoReleaser
+        uses: goreleaser/[email protected]
+        with:
+          version: latest
+          args: release --clean
+        env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          # GitHub sets this automatically
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,36 @@
+### Serverless ###
+admin.env
+.env
+_meta
+.serverless
+node_modules/
+
+### Go ###
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+
+bin/
+**/handler
+*.zip
+**/bootstrap
+
+.idea/

Makefile

@@ -0,0 +1,46 @@
+TEST?=$$(go list ./... | grep -v 'vendor')
+HOSTNAME=trendmicro.com
+NAMESPACE=visionone
+NAME=vision-one
+BINARY=terraform-provider-${NAME}
+VERSION=0.4
+OS_ARCH=darwin_arm64
+
+default: install
+
+build:
+	go build -o ${BINARY}
+
+release:
+	GOOS=darwin GOARCH=amd64 go build -o ./bin/${BINARY}_${VERSION}_darwin_amd64
+	GOOS=freebsd GOARCH=386 go build -o ./bin/${BINARY}_${VERSION}_freebsd_386
+	GOOS=freebsd GOARCH=amd64 go build -o ./bin/${BINARY}_${VERSION}_freebsd_amd64
+	GOOS=freebsd GOARCH=arm go build -o ./bin/${BINARY}_${VERSION}_freebsd_arm
+	GOOS=linux GOARCH=386 go build -o ./bin/${BINARY}_${VERSION}_linux_386
+	GOOS=linux GOARCH=amd64 go build -o ./bin/${BINARY}_${VERSION}_linux_amd64
+	GOOS=linux GOARCH=arm go build -o ./bin/${BINARY}_${VERSION}_linux_arm
+	GOOS=openbsd GOARCH=386 go build -o ./bin/${BINARY}_${VERSION}_openbsd_386
+	GOOS=openbsd GOARCH=amd64 go build -o ./bin/${BINARY}_${VERSION}_openbsd_amd64
+	GOOS=solaris GOARCH=amd64 go build -o ./bin/${BINARY}_${VERSION}_solaris_amd64
+	GOOS=windows GOARCH=386 go build -o ./bin/${BINARY}_${VERSION}_windows_386
+	GOOS=windows GOARCH=amd64 go build -o ./bin/${BINARY}_${VERSION}_windows_amd64
+
+install: build
+	mkdir -p ~/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH}
+	mv ${BINARY} ~/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH}
+
+test:  
+	@go test $(TEST) -race -coverprofile=coverage.txt -covermode=atomic -timeout=30s -parallel=4
+	go tool cover -html=coverage.txt 
+	go tool cover -func coverage.txt 
+	rm coverage.txt                   
+
+testacc-local: 
+	TF_ACC=1 go test $(TEST) -v $(TESTARGS) -timeout 120m -coverprofile=coverage.txt -covermode=atomic
+	go tool cover -html=coverage.txt 
+	go tool cover -func coverage.txt
+	rm coverage.txt
+
+testacc:
+	TF_ACC=1 go test $(TEST) $(TESTARGS) -timeout 120m -coverprofile=count.out
+	go tool cover -func=count.out

docs/index.md

@@ -0,0 +1,45 @@
+---
+page_title: "Provider: Vision One"
+description: |-
+  Introduction of Vision One Provider.
+---
+
+# Vision One Provider
+
+The Vision One provider is a plugin for Terraform that allows for the full lifecycle management of Vision One resources. This provider is maintained internally by the Vision One team.
+
+To use the Vision One provider, you need to provide your API key and regional FQDN. You can do this by setting the `api_key` and `regional_fqdn` variables in your Terraform configuration file:
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    visionone = {
+      source  = "trendmicro/vision-one"
+      version = "~> 1.0"
+    }
+  }
+}
+
+provider "visionone" {
+  api_key       = "<your-api-key>"
+  regional_fqdn = "<your-regional-fqdn>"
+}
+```
+
+## Schema
+
+### Required
+
+- `api_key` (String) This is the API key for your Vision One account. The API key is a unique identifier for authenticating your account. Keep this key confidential to protect your account from unauthorized access, so tread this key as sensitive information. Generate the API key in your Vision One account settings or using the `VISIONONE_API_KEY` environment variable. For more information on the API key, see the [API Key Guide](https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-__api-keys-2#GUID-E88BBD1F-EA82-4490-9C7F-E141E3BEE8F4-4).
+
+- `regional_fqdn` (String) This is the regional Fully Qualified Domain Name (FQDN) to call the API in the backend. Get this FQDN using the `VISIONONE_REGIONAL_FQDN` environment variable. For a full list of FQDNs, see the [Regional Domains Guide](Trend Vision One Automation Center ).
+
+## Bugs and Issues
+
+If you find an issue, open an issue in the [GitHub Repository](https://github.com/trendmicro/terraform-provider-vision-one/issues).
+
+## Further Reading
+
+For more information about the Vision One provider, see the [API Reference](https://automation.trendmicro.com/xdr/api-v3#).

docs/resources/containersecurity_cluster.md

@@ -0,0 +1,143 @@
+---
+page_title: "visionone_containersecurity_cluster Resource - cluster"
+subcategory: ""
+description: |-
+  The containersecurity_cluster resource allows you to manage Kubernetes cluster.
+---
+
+# visionone_containersecurity_cluster (Resource)
+
+The `containersecurity_cluster` resource allows you to manage Kubernetes cluster.
+
+It's **strongly recommended** to use [Helm](https://registry.terraform.io/providers/hashicorp/helm/latest) to associate with the cluster resource.
+
+## Example Usage of Cluster
+
+```terraform
+resource "visionone_containersecurity_cluster" "example_cluster" {
+  name                       = "example_cluster"
+  description                = "This is a sample cluster"
+  resource_id                = "arn:aws:eks:xxx:xxx:cluster/xxx"
+  policy_id                  = "LogOnlyPolicy-xxx"
+  runtime_security_enabled   = true
+  vulnerability_scan_enabled = true
+  namespaces                 = ["kube-system"]
+  proxy = {
+    type          = "http"
+    proxy_address = "192.168.0.1"
+    port          = 8080
+    username      = "user"
+    password      = "password"
+  }
+}
+```
+
+## Example Usage of Helm
+
+```terraform
+resource "helm_release" "trendmicro" {
+  name             = "trendmicro"
+  chart            = "https://github.com/trendmicro/cloudone-container-security-helm/archive/master.tar.gz"
+  namespace        = "trendmicro-system"
+  create_namespace = true
+
+  set {
+    name  = "cloudOne.apiKey"
+    value = visionone_containersecurity_cluster.example_cluster.api_key
+  }
+  set {
+    name  = "cloudOne.endpoint"
+    value = visionone_containersecurity_cluster.example_cluster.endpoint
+  }
+  set_list {
+    name  = "cloudOne.exclusion.namespaces"
+    value = visionone_containersecurity_cluster.example_cluster.namespaces
+  }
+  set {
+    name  = "cloudOne.runtimeSecurity.enabled"
+    value = visionone_containersecurity_cluster.example_cluster.runtime_security_enabled
+  }
+  set {
+    name  = "cloudOne.vulnerabilityScanning.enabled"
+    value = visionone_containersecurity_cluster.example_cluster.vulnerability_scan_enabled
+  }
+  set {
+    name  = "cloudOne.inventoryCollection.enabled"
+    value = visionone_containersecurity_cluster.example_cluster.inventory_collection
+  }
+  set {
+    name  = "proxy.httpsProxy"
+    value = visionone_containersecurity_cluster.example_cluster.proxy.https_proxy
+  }
+  set {
+    name  = "proxy.username"
+    value = visionone_containersecurity_cluster.example_cluster.proxy.username
+  }
+  set {
+    name  = "proxy.password"
+    value = visionone_containersecurity_cluster.example_cluster.proxy.password
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the cluster.
+
+### Optional
+
+- `description` (String) The description of the cluster.
+- `namespaces` (Set of String) The namespaces of kubernetes you want to exclude from scanning. 
+Accepted values: `calico-system`, `istio-system`, `kube-system`, `openshift*` Default value: `kube-system`
+- `policy_id` (String) The ID of the policy associated with the cluster.
+- `proxy` (Attributes) The proxy server for in-cluster component connect to Vision One (see [below for nested schema](#nestedatt--proxy))
+- `resource_id` (String) The ID of the cluster of a different cloud provider.
+- `runtime_security_enabled` (Boolean) Whether runtime security is enabled for the cluster.
+- `vulnerability_scan_enabled` (Boolean) Whether vulnerability scan is enabled for the cluster.
+
+### Read-Only
+
+- `api_key` (String, Sensitive) The API key for cluster enrollment.
+- `created_date_time` (String) The time when the cluster was created.
+- `endpoint` (String) The regional endpoint URL for Container Security.
+- `id` (String) The unique ID of the cluster.
+- `inventory_collection` (Boolean)
+- `last_evaluated_date_time` (String) Last time of the cluster was evaluated against the policy rules.
+- `orchestrator` (String) The orchestrator of the cluster.
+- `updated_date_time` (String) The time when the cluster was last updated.
+
+<a id="nestedatt--proxy"></a>
+### Nested Schema for `proxy`
+
+Required:
+
+- `port` (Number) The port of proxy.
+- `proxy_address` (String) The address of proxy server.
+- `type` (String) The protocol of proxy. Accepted values: `HTTP` `SOCKS5`.
+
+Optional:
+
+- `password` (String, Sensitive) The password for proxy server authentication.
+- `username` (String) The username for proxy server authentication.
+
+Read-Only:
+
+- `https_proxy` (String) The endpoint of proxy server.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import visionone_containersecurity_cluster.example_cluster ${cluster_id}
+```
+
+### Limitations of Import API key
+ApiKey can not import with terraform command, you need to set it manually.
+Please locate your running cluster and try get values from helm.
+```shell
+helm get values trendmicro -n trendmicro-system | grep apiKey
+```