support report format and collector mode

mondoohq · Jun 29, 2019 · 9b6d042 · 9b6d042
1 parent aa03c54
commit 9b6d042
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 45 deletions.
diff --git a/terraform-provisioner-mondoo/Makefile b/terraform-provisioner-mondoo/Makefile
@@ -24,6 +24,6 @@ HOST=52.31.244.47
 test/noop:
 	pushd ./test/noop && \
 	terraform init && \
-	rm terraform.tfstat* && \
-	terraform apply -auto-approve -var conn=${CONN} -var user=${USER} -var host=${HOST}  && \ 
+	rm terraform.tfstat* || true && \
+	TF_LOG=ERROR terraform apply -auto-approve -var conn=${CONN} -var user=${USER} -var host=${HOST}  && \
 	popd
diff --git a/terraform-provisioner-mondoo/mondoo/connection.go b/terraform-provisioner-mondoo/mondoo/connection.go
@@ -0,0 +1,50 @@
+package mondoo
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/hashicorp/terraform/communicator/shared"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/mitchellh/mapstructure"
+)
+
+// see https://www.terraform.io/docs/provisioners/connection.html
+type ProvisionerConnection struct {
+	Type       string `mapstructure:"type"`
+	User       string `mapstructure:"user"`
+	Password   string `mapstructure:"password"`
+	PrivateKey string `mapstructure:"private_key"`
+	Host       string `mapstructure:"host"`
+	Port       int    `mapstructure:"port"`
+}
+
+func (p *ProvisionerConnection) ToMondooConnection() (string, error) {
+	switch p.Type {
+	case "ssh":
+		return fmt.Sprintf("ssh://%s@%s", p.User, p.Host), nil
+	case "local":
+		return "local://", nil
+	}
+
+	return "", errors.New(fmt.Sprintf("the requested %s connection type is not supported by mondoo terraform provisioner", p.Type))
+}
+
+func tfConnection(s *terraform.InstanceState) (*ProvisionerConnection, error) {
+	connInfo := &ProvisionerConnection{}
+	decConf := &mapstructure.DecoderConfig{
+		WeaklyTypedInput: true,
+		Result:           connInfo,
+	}
+	dec, err := mapstructure.NewDecoder(decConf)
+	if err != nil {
+		return nil, err
+	}
+	if err := dec.Decode(s.Ephemeral.ConnInfo); err != nil {
+		return nil, err
+	}
+
+	// format the host if needed, needed for IPv6
+	connInfo.Host = shared.IpFormat(connInfo.Host)
+	return connInfo, nil
+}
diff --git a/terraform-provisioner-mondoo/mondoo/mondoo.go b/terraform-provisioner-mondoo/mondoo/mondoo.go
@@ -2,7 +2,6 @@ package mondoo
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/terraform"
@@ -17,18 +16,27 @@ func applyFn(ctx context.Context) error {
 	data := ctx.Value(schema.ProvConfigDataKey).(*schema.ResourceData)
 	o := ctx.Value(schema.ProvOutputKey).(terraform.UIOutput)
 
+	o.Output("start mondoo provisioner")
+
 	// read ssh connection information
-	sshConfig, err := tfConnInfo(s)
+	connInfo, err := tfConnection(s)
+	if err != nil {
+		return err
+	}
+
+	// convert tf connection to mondoo connection string
+	mondooConn, err := connInfo.ToMondooConnection()
 	if err != nil {
 		return err
 	}
 
 	// build mondoo config
 	conf := &VulnOpts{
 		Asset: &VulnOptsAsset{
-			Connection: fmt.Sprintf("ssh://%s@%s", sshConfig.User, sshConfig.Host),
+			Connection: mondooConn,
 		},
-		Report: tfReportConfig(data),
+		Report:    tfReportConfig(data),
+		Collector: tfCollector(data),
 	}
 
 	// run mondoo vuln command
@@ -38,7 +46,11 @@ func applyFn(ctx context.Context) error {
 func Provisioner() terraform.ResourceProvisioner {
 	return &schema.Provisioner{
 		Schema: map[string]*schema.Schema{
-			"reporter": &schema.Schema{
+			"collector": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"report": &schema.Schema{
 				Type:     schema.TypeMap,
 				Optional: true,
 				Elem: &schema.Resource{

diff --git a/terraform-provisioner-mondoo/mondoo/options.go b/terraform-provisioner-mondoo/mondoo/options.go
@@ -35,6 +35,14 @@ func tfReportConfig(data *schema.ResourceData) *VulnOptsReport {
 	return conf
 }
 
+func tfCollector(data *schema.ResourceData) string {
+	collector, ok := data.Get("collector").(string)
+	if !ok {
+		return ""
+	}
+	return collector
+}
+
 func StringValue(keymap map[string]interface{}, key string) string {
 	v, ok := keymap[key]
 	if ok {

diff --git a/terraform-provisioner-mondoo/mondoo/ssh.go b/terraform-provisioner-mondoo/mondoo/ssh.go
diff --git a/terraform-provisioner-mondoo/test/noop/main.tf b/terraform-provisioner-mondoo/test/noop/main.tf
@@ -2,16 +2,16 @@ provider "null" {}
 
 resource "null_resource" "mondoo" {
   provisioner "mondoo" {
-    reporter = {
-      format = "yaml"
+    report = {
+      format = "cli"
     }
 
+    # this is for testing here, normallly this does not need to be overridden
     connection {
       type = "${var.conn}"
       host = "${var.host}"
       user = "${var.user}"
+      password = "${var.password}"
     }
-
-    on_failure = "continue"
   }
 }
diff --git a/terraform-provisioner-mondoo/test/noop/vars.tf b/terraform-provisioner-mondoo/test/noop/vars.tf
@@ -10,6 +10,11 @@ variable "user" {
   default = "ec2-user"
 }
 
+variable "password" {
+  type = "string"
+  default = ""
+}
+
 variable "host" {
   type = "string"
   default = "52.31.244.47"