From 26bf54ac701a57995f1098621f0da8a3201def00 Mon Sep 17 00:00:00 2001 From: Matthias Theuermann Date: Tue, 17 Dec 2024 10:26:54 +0100 Subject: [PATCH] fix: aws read functionality Signed-off-by: Matthias Theuermann --- internal/provider/gql.go | 43 ++++++++++++++++++- internal/provider/integration_aws_resource.go | 40 +++++++++++------ .../integration_aws_serverless_resource.go | 22 +++++----- 3 files changed, 80 insertions(+), 25 deletions(-) diff --git a/internal/provider/gql.go b/internal/provider/gql.go index 8503f26..7b8e6e8 100644 --- a/internal/provider/gql.go +++ b/internal/provider/gql.go @@ -582,7 +582,48 @@ type AWSConfigurationOptions struct { ScanConfiguration ScanConfigurationInput AccountIDs []string IsOrganization bool - // V2Template bool + // V2Template bool +} + +type ScanConfigurationInput struct { + AccountScan bool + Ec2Scan bool `graphql:"ec2Scan"` + EcrScan bool + EcsScan bool + CronScaninHours int64 + EventScanTriggers []AWSEventPatternInput + Ec2ScanOptions Ec2ScanOptionsInput `graphql:"ec2ScanOptions"` + VpcConfiguration VPCConfigurationInput +} + +type VPCConfigurationInput struct { + UseDefaultVPC bool `graphql:"useDefaultVPC"` + UseMondooVPC bool `graphql:"useMondooVPC"` + CIDR string `graphql:"CIDR"` +} + +type AWSEventPatternInput struct { + ScanType string + EventSource string + EventDetailType string +} + +type Ec2ScanOptionsInput struct { + Ssm bool + InstanceIDsFilter []string + RegionsFilter []string + TagsFilter map[string]interface{} + EbsVolumeScan bool + EbsScanOptions EbsScanOptionsInput + InstanceConnect bool + ExcludedInstanceIDsFilter []string + ExcludedRegionsFilter []string + ExcludedTagsFilter map[string]interface{} +} + +type EbsScanOptionsInput struct { + TargetInstancesPerScanner int64 + MaxAsgInstances int64 } type SlackConfigurationOptions struct { diff --git a/internal/provider/integration_aws_resource.go b/internal/provider/integration_aws_resource.go index 4e3bf13..16d414f 100644 --- a/internal/provider/integration_aws_resource.go +++ b/internal/provider/integration_aws_resource.go @@ -222,6 +222,16 @@ func (r *integrationAwsResource) Create(ctx context.Context, req resource.Create return } + // trigger integration to gather results quickly after the first setup + // NOTE: we ignore the error since the integration state does not depend on it + _, err = r.client.TriggerAction(ctx, string(integration.Mrn), mondoov1.ActionTypeRunScan) + if err != nil { + resp.Diagnostics. + AddWarning("Client Error", + fmt.Sprintf("Unable to trigger integration, got error: %s", err), + ) + } + // Save space mrn into the Terraform state. data.Mrn = types.StringValue(string(integration.Mrn)) data.Name = types.StringValue(string(integration.Name)) @@ -249,19 +259,23 @@ func (r *integrationAwsResource) Read(ctx context.Context, req resource.ReadRequ } model := integrationAwsResourceModel{ - SpaceID: types.StringValue(integration.SpaceID()), - Mrn: types.StringValue(integration.Mrn), - Name: types.StringValue(integration.Name), - Credential: integrationAwsCredentialModel{ - Role: &roleCredentialModel{ - RoleArn: types.StringValue(integration.ConfigurationOptions.HostedAwsConfigurationOptions.Role), - ExternalId: types.StringValue(data.Credential.Role.ExternalId.ValueString()), - }, - Key: &accessKeyCredentialModel{ - AccessKey: types.StringValue(integration.ConfigurationOptions.HostedAwsConfigurationOptions.AccessKeyId), - SecretKey: types.StringValue(data.Credential.Key.SecretKey.ValueString()), - }, - }, + SpaceID: types.StringValue(integration.SpaceID()), + Mrn: types.StringValue(integration.Mrn), + Name: types.StringValue(integration.Name), + Credential: integrationAwsCredentialModel{}, + } + + if data.Credential.Role != nil && data.Credential.Role.ExternalId.ValueStringPointer() != nil { + model.Credential.Role = &roleCredentialModel{ + RoleArn: types.StringValue(integration.ConfigurationOptions.HostedAwsConfigurationOptions.Role), + ExternalId: types.StringValue(data.Credential.Role.ExternalId.ValueString()), + } + } + if data.Credential.Key != nil && data.Credential.Key.SecretKey.ValueStringPointer() != nil { + model.Credential.Key = &accessKeyCredentialModel{ + AccessKey: types.StringValue(integration.ConfigurationOptions.HostedAwsConfigurationOptions.AccessKeyId), + SecretKey: types.StringValue(data.Credential.Key.SecretKey.ValueString()), + } } // Save updated data into Terraform state diff --git a/internal/provider/integration_aws_serverless_resource.go b/internal/provider/integration_aws_serverless_resource.go index 5e8b1fa..4743454 100644 --- a/internal/provider/integration_aws_serverless_resource.go +++ b/internal/provider/integration_aws_serverless_resource.go @@ -32,8 +32,8 @@ type integrationAwsServerlessResourceModel struct { Name types.String `tfsdk:"name"` Token types.String `tfsdk:"token"` - Region types.String `tfsdk:"region"` - ScanConfiguration ScanConfigurationInput `tfsdk:"scan_configuration"` + Region types.String `tfsdk:"region"` + ScanConfiguration integrationAwsServerlessScanConfigurationModel `tfsdk:"scan_configuration"` // (Optional.) AccountIDs types.List `tfsdk:"account_ids"` @@ -46,7 +46,7 @@ type integrationAwsServerlessResourceModel struct { InstanceStateChangeTrigger types.Bool `tfsdk:"instance_state_change_trigger"` } -type ScanConfigurationInput struct { +type integrationAwsServerlessScanConfigurationModel struct { // (Optional.) Ec2Scan types.Bool `tfsdk:"ec2_scan"` // (Optional.) @@ -56,20 +56,20 @@ type ScanConfigurationInput struct { // (Optional.) CronScaninHours types.Int64 `tfsdk:"cron_scan_in_hours"` // (Optional.) - EventScanTriggers *[]*AWSEventPatternInput `tfsdk:"event_scan_triggers"` + EventScanTriggers *[]*integrationAwsServerlessAWSEventPatternModel `tfsdk:"event_scan_triggers"` // (Optional.) - Ec2ScanOptions *Ec2ScanOptionsInput `tfsdk:"ec2_scan_options"` + Ec2ScanOptions *integrationAwsServerlessEc2ScanModel `tfsdk:"ec2_scan_options"` // (Optional.) - VpcConfiguration *VPCConfigurationInput `tfsdk:"vpc_configuration"` + VpcConfiguration *integrationAwsServerlessVPCConfigurationModel `tfsdk:"vpc_configuration"` } -type VPCConfigurationInput struct { +type integrationAwsServerlessVPCConfigurationModel struct { UseMondooVPC types.Bool `tfsdk:"use_mondoo_vpc"` // (Optional.) CIDR types.String `tfsdk:"cidr_block"` } -type AWSEventPatternInput struct { +type integrationAwsServerlessAWSEventPatternModel struct { // (Required.) ScanType types.String `tfsdk:"scan_type"` // (Required.) @@ -78,7 +78,7 @@ type AWSEventPatternInput struct { EventDetailType types.String `tfsdk:"event_detail_type"` } -type Ec2ScanOptionsInput struct { +type integrationAwsServerlessEc2ScanModel struct { // (Optional.) Ssm types.Bool `tfsdk:"ssm"` // (Optional.) @@ -96,12 +96,12 @@ type Ec2ScanOptionsInput struct { // (Optional.) EbsVolumeScan types.Bool `tfsdk:"ebs_volume_scan"` // (Optional.) - EbsScanOptions *EbsScanOptionsInput `tfsdk:"ebs_scan_options"` + EbsScanOptions *integrationAwsServerlessEbsScanModel `tfsdk:"ebs_scan_options"` // (Optional.) InstanceConnect types.Bool `tfsdk:"instance_connect"` } -type EbsScanOptionsInput struct { +type integrationAwsServerlessEbsScanModel struct { // (Optional.) TargetInstancesPerScanner types.Int64 `tfsdk:"target_instances_per_scanner"` // (Optional.)