DEV Community

Artem
Artem

Posted on • Edited on

2 2

Starting with Terraform Provider | Prisma Cloud Compute

#security #terraform #devops #tutorial

Automating your security is crucial, especially for companies operating in the cloud! I have recently made a video tutorial on how to use Terraform provider for Prisma Cloud Compute.

It would help anyone using Palo Alto Network's security platform to start building automation around their security practices.

I will include code snippets from this tutorial below:

creds.json

{
  "username": "test",
  "password": "test",
  "console_url": "https://192.168.64.2:32677"
}
Enter fullscreen mode Exit fullscreen mode

main.tf

terraform {
  required_providers {
    prismacloudcompute = {
      source = "PaloAltoNetworks/prismacloudcompute"
      version = "0.1.0"
    }
  }
}

provider "prismacloudcompute" {
  config_file = "creds.json"
}

resource "prismacloudcompute_collection" "node_alpine" {
  name              = "node-alpine-collection"
  description       = "Collection for Node images based on Alpine"
  color             = "#68A063"
  application_ids   = ["*"]
  code_repositories = ["*"]
  images            = ["node:17-alpine3.12", "*/node:17-alpine3.12"]
  labels            = ["*"]
  namespaces        = ["*"]
}
resource "prismacloudcompute_ci_image_vulnerability_policy" "ruleset" {
  depends_on = [
    prismacloudcompute_collection.node_alpine,
  ]

  rule {
    collections = [
      prismacloudcompute_collection.node_alpine.name,
    ]
    disabled   = false
    effect     = "alert, block"
    grace_days = 30
    name       = "${prismacloudcompute_collection.node_alpine.name}-ci-policy"
    notes      = "CI policy for ${prismacloudcompute_collection.node_alpine.name}"
    only_fixed = true
    verbose    = false

    alert_threshold {
      disabled = false
      value    = 1
    }

    block_threshold {
      enabled = true
      value   = 2
    }

    cve_rule {
      description = "Ignore ansi-regex"
      effect      = "ignore"
      id          = "CVE-2021-3807"

      expiration {
        date    = "2022-01-06T06:00:00Z"
        enabled = true
      }
    }
    cve_rule {
      description = "Ignore busybox"
      effect      = "ignore"
      id          = "CVE-2021-28831"

      expiration {
        date    = "2022-01-06T06:00:00Z"
        enabled = true
      }
    }
  }

  rule {
    collections = [
      "All",
    ]
    disabled   = false
    effect     = "alert, block"
    grace_days = 30
    name       = "default"
    notes      = "Default policy for CI scans"
    only_fixed = true
    verbose    = false

    alert_threshold {
      disabled = false
      value    = 1
    }

    block_threshold {
      enabled = true
      value   = 2
    }
  }
}
Enter fullscreen mode Exit fullscreen mode
profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Top comments (0)

profile
Neon
 Promoted

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

Read next

0x2e_tech profile image

Debugging HTTPS localhost: httponly cookie issues

0x2e Tech -

0x2e_tech profile image

Combine 5 Trained Models: A Practical Guide

0x2e Tech -

0x2e_tech profile image

Fixing Z-Axis Character Jitter: A Practical Guide

0x2e Tech -

0x2e_tech profile image

React's 'Uncaught TypeError: Cannot read properties of undefined (reading 'jsx')': A Quick Fix

0x2e Tech -