🎉 configure Mondoo space at the provider level (#145)

Most of the resources we develop has a required field named `space_id`, this is because we need to know where do we have to create the resource and the Mondoo client doesn't have that information. We would see resources like: ```hcl provider "mondoo" {} resource "mondoo_space" "my_space" { name = "My Space" org_id = "my-org-123456" } resource "mondoo_policy_assignment" "space" { space_id = mondoo_space.my_space.id ... } resource "mondoo_custom_policy" "my_policy" { space_id = mondoo_space.my_space.id ... } resource "mondoo_integration_github" "gh_integration" { space_id = mondoo_space.my_space.id ... } ``` This change is making it so that users can configure the Mondoo space at the `provider` level, making it so that a single provider can manage N number of resources on that space without having to specify the space id every time. The code above would now look like: ```hcl provider "mondoo" { space = "hungry-poet-1988" } resource "mondoo_policy_assignment" "space" { ... } resource "mondoo_custom_policy" "my_policy" { ... } resource "mondoo_integration_github" "gh_integration" { ... } ``` This change is backwards compatible since all resources should continue to allow specifying the space where they belong via the `space_id` field. Additional changes: * ✅ update resource: integration_slack * ✨ add make cleanup-examples to remove leftover files * ✏️ add debug logs to provider code * ⭐️ New `Space` type to handle ID and MRN * ✅ update resource: registration_token * ✅ update resource: custom_policy * ✅ update resource: service_account * ✅ update resource: policy_assignment * ✅ update resource: querypack_assignment * ✅ update resource: space * ✅ update data-sources * ✅ update resource: integration_oci_tenant * ✅ update resource: integration_ms365 * ✅ update resource: integration_shodan * ✅ update resource: integration_github * 🧹 create generic ImportIntegration() * ✅ update resource: integration_gcp * ✅ update resource: integration_domain * ✅ update resource: integration_azure * ✅ update resource: integration_aws * ✅ update resource: integration_aws_serverless * ✅ update resource: framework_assignment * ✅ update resource: custom_querypack * ✅ update resource: custom_framework * 🤖 fix acceptance tests --------- Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
mondoohq · Oct 23, 2024 · f3869d3 · f3869d3
1 parent cf811d2
commit f3869d3
Show file tree

Hide file tree

Showing 98 changed files with 1,382 additions and 1,127 deletions.
diff --git a/GNUmakefile b/GNUmakefile
@@ -24,7 +24,7 @@ fmt: ## Runs go formatter
 	gofmt -s -w -e .
 
 .PHONY: dev/enter
-dev/enter: write-terraform-rc ## Updates the terraformrc to point to the DEV_BIN_PATH. Installs the provider to the DEV_BIN_PATH
+dev/enter: write-terraform-rc cleanup-examples ## Updates the terraformrc to point to the DEV_BIN_PATH. Installs the provider to the DEV_BIN_PATH
 	mkdir -vp $(PLUGINS_DIR)
 	go build -o $(PLUGINS_DIR)/$(DEV_BIN_PATH)
 
@@ -40,6 +40,12 @@ write-terraform-rc: ## Write to terraformrc file to mirror mondoohq/mondoo to DE
 remove-terraform-rc: ## Remove the terraformrc file
 	@rm -vf "$(HOME)/.terraformrc"
 
+.PHONY: cleanup-examples
+cleanup-examples: ## A quick way to clean up any left over Terraform files inside the examples/ folder
+	find . -name ".terraform*" -type f -exec rm -rf {} \;
+	find . -name "terraform.tfstate*" -type f -exec rm -rf {} \;
+	find . -name ".terraform.lock.hcl" -type f -exec rm -rf {} \;
+
 help: ## Show this help
 	@grep -E '^([a-zA-Z_/-]+):.*## ' $(MAKEFILE_LIST) | awk -F ':.*## ' '{printf "%-20s %s\n", $$1, $$2}'
 

diff --git a/docs/data-sources/space.md b/docs/data-sources/space.md
@@ -55,8 +55,8 @@ output "space_id" {
 ### Optional
 
 - `id` (String) Space ID
-- `mrn` (String) Space MRN
 
 ### Read-Only
 
+- `mrn` (String) Space MRN
 - `name` (String) Space name
diff --git a/docs/index.md b/docs/index.md
@@ -15,13 +15,14 @@ terraform {
   required_providers {
     mondoo = {
       source  = "mondoohq/mondoo"
-      version = ">= 0.4.0"
+      version = ">= 0.19"
     }
   }
 }
 
 provider "mondoo" {
-  region = "us" # use "eu" for the European region
+  space  = "hungry-poet-1988"
+  region = "us"
 }
 ```
 
@@ -47,5 +48,5 @@ You can alternatively use the `credentials` field, or any of the following envir
 
 - `credentials` (String) The contents of a service account key file in JSON format.
 - `endpoint` (String) The endpoint url of the server to manage resources
-- `region` (String) The default region to manage resources in.
+- `region` (String) The default region to manage resources in. Valid regions are `us` or `eu`.
 - `space` (String) The default space to manage resources in.
diff --git a/docs/resources/custom_framework.md b/docs/resources/custom_framework.md
@@ -14,13 +14,7 @@ Set custom Compliance Frameworks for a Mondoo Space.
 
 ```terraform
 provider "mondoo" {
-  region = "us"
-}
-
-variable "mondoo_org" {
-  description = "The Mondoo Organization ID"
-  type        = string
-  default     = "my-org-1234567"
+  space = "hungry-poet-123456"
 }
 
 variable "my_custom_framework" {
@@ -29,14 +23,7 @@ variable "my_custom_framework" {
   default     = "framework.mql.yaml"
 }
 
-# Create a new space
-resource "mondoo_space" "my_space" {
-  name   = "Custom Framework Space"
-  org_id = var.mondoo_org
-}
-
 resource "mondoo_custom_framework" "custom_framework" {
-  space_id = mondoo_space.my_space.id
   data_url = var.my_custom_framework
 }
 ```
@@ -47,7 +34,10 @@ resource "mondoo_custom_framework" "custom_framework" {
 ### Required
 
 - `data_url` (String) URL to the custom Compliance Framework data.
-- `space_id` (String) Mondoo Space Identifier.
+
+### Optional
+
+- `space_id` (String) Mondoo Space Identifier. If it is not provided, the provider space is used.
 
 ### Read-Only
 

diff --git a/docs/resources/custom_policy.md b/docs/resources/custom_policy.md
@@ -13,53 +13,40 @@ Custom Policy resource
 ## Example Usage
 
 ```terraform
-provider "mondoo" {}
-
-resource "mondoo_space" "my_space" {
-  name   = "My Custom Space"
-  org_id = "your-org-1234567"
-}
-
 variable "my_custom_policy" {
   description = "Path to the custom policy file. The file must be in MQL format."
   type        = string
   default     = "policy.mql.yaml"
 }
 
+provider "mondoo" {
+  space = "hungry-poet-123456"
+}
+
 resource "mondoo_custom_policy" "my_policy" {
-  space_id  = mondoo_space.my_space.id
   source    = var.my_custom_policy
   overwrite = true
 }
 
 resource "mondoo_policy_assignment" "space" {
-  space_id = mondoo_space.my_space.id
-
   policies = concat(
     mondoo_custom_policy.my_policy.mrns,
     [],
   )
 
   state = "enabled"
-
-  depends_on = [
-    mondoo_space.my_space
-  ]
 }
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
-
-- `space_id` (String) Mondoo Space Identifier.
-
 ### Optional
 
 - `content` (String, Sensitive) Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.
 - `overwrite` (Boolean) If set to true, existing policies are overwritten.
 - `source` (String) A path to the data you want to upload. Must be defined if content is not.
+- `space_id` (String) Mondoo Space Identifier. If it is not provided, the provider space is used.
 
 ### Read-Only
 

diff --git a/docs/resources/custom_querypack.md b/docs/resources/custom_querypack.md
@@ -13,59 +13,39 @@ Custom Query Pack resource
 ## Example Usage
 
 ```terraform
-provider "mondoo" {
-  region = "us"
-}
-
-variable "mondoo_org" {
-  description = "Mondoo Organization"
-  type        = string
-}
-
-resource "mondoo_space" "my_space" {
-  name   = "My Space Name"
-  org_id = var.mondoo_org
-}
-
 variable "my_custom_querypack" {
   description = "Path to custom querypack file. File must be in MQL format."
   type        = string
   default     = "querypack.mql.yaml"
 }
 
+provider "mondoo" {
+  space = "hungry-poet-123456"
+}
+
 resource "mondoo_custom_querypack" "my_query_pack" {
-  space_id = mondoo_space.my_space.id
-  source   = var.my_custom_querypack
+  source = var.my_custom_querypack
 }
 
 resource "mondoo_querypack_assignment" "space" {
-  space_id = mondoo_space.my_space.id
-
   querypacks = concat(
     mondoo_custom_querypack.my_query_pack.mrns,
     [],
   )
 
   state = "enabled"
-
-  depends_on = [
-    mondoo_space.my_space
-  ]
 }
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
-
-- `space_id` (String) Mondoo Space Identifier.
-
 ### Optional
 
 - `content` (String, Sensitive) Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.
 - `overwrite` (Boolean) If set to true, existing policies are overwritten.
 - `source` (String) A path to the data you want to upload. Must be defined if content is not.
+- `space_id` (String) Mondoo Space Identifier. If it is not provided, the provider space is used.
 
 ### Read-Only
 

diff --git a/docs/resources/framework_assignment.md b/docs/resources/framework_assignment.md
@@ -14,25 +14,14 @@ Set Compliance Frameworks for a Mondoo Space.
 
 ```terraform
 provider "mondoo" {
-  region = "us"
-}
-
-variable "mondoo_org" {
-  description = "The Mondoo Organization ID"
-  type        = string
-  default     = "my-org-1234567"
-}
-
-# Create a new space
-resource "mondoo_space" "my_space" {
-  name   = "Framework Space"
-  org_id = var.mondoo_org
+  space = "hungry-poet-123456"
 }
 
 resource "mondoo_framework_assignment" "framework_assignment" {
-  space_id = mondoo_space.my_space.id
-  framework_mrn = ["//policy.api.mondoo.app/frameworks/cis-controls-8",
-  "//policy.api.mondoo.app/frameworks/iso-27001-2022"]
+  framework_mrn = [
+    "//policy.api.mondoo.app/frameworks/cis-controls-8",
+    "//policy.api.mondoo.app/frameworks/iso-27001-2022"
+  ]
   enabled = true
 }
 ```
@@ -44,4 +33,7 @@ resource "mondoo_framework_assignment" "framework_assignment" {
 
 - `enabled` (Boolean) Enable or disable the Compliance Framework.
 - `framework_mrn` (List of String) Compliance Framework MRN.
-- `space_id` (String) Mondoo Space Identifier.
+
+### Optional
+
+- `space_id` (String) Mondoo Space Identifier. If it is not provided, the provider space is used.
diff --git a/docs/resources/integration_aws.md b/docs/resources/integration_aws.md
@@ -13,11 +13,6 @@ Continuously scan Google AWS organization and accounts for misconfigurations and
 ## Example Usage
 
 ```terraform
-variable "mondoo_org" {
-  description = "Mondoo Organization"
-  type        = string
-}
-
 variable "aws_access_key" {
   description = "AWS access key"
   type        = string
@@ -30,18 +25,13 @@ variable "aws_secret_key" {
   sensitive   = true
 }
 
-provider "mondoo" {}
-
-# Create a new space
-resource "mondoo_space" "my_space" {
-  name   = "AWS Terraform"
-  org_id = var.mondoo_org
+provider "mondoo" {
+  space = "hungry-poet-123456"
 }
 
 # Setup the AWS integration
 resource "mondoo_integration_aws" "name" {
-  space_id = mondoo_space.my_space.id
-  name     = "AWS Integration"
+  name = "AWS Integration"
 
   credentials = {
     key = {
@@ -59,7 +49,10 @@ resource "mondoo_integration_aws" "name" {
 
 - `credentials` (Attributes) (see [below for nested schema](#nestedatt--credentials))
 - `name` (String) Name of the integration.
-- `space_id` (String) Mondoo Space Identifier.
+
+### Optional
+
+- `space_id` (String) Mondoo Space Identifier. If it is not provided, the provider space is used.
 
 ### Read-Only
 

diff --git a/docs/resources/integration_aws_serverless.md b/docs/resources/integration_aws_serverless.md
@@ -13,11 +13,6 @@ Continuously scan AWS organization and accounts for misconfigurations and vulner
 ## Example Usage
 
 ```terraform
-variable "mondoo_org" {
-  description = "Mondoo Organization"
-  type        = string
-}
-
 variable "origin_aws_account" {
   description = "Origin AWS Account"
   type        = string
@@ -42,7 +37,7 @@ variable "aws_account_id" {
 }
 
 provider "mondoo" {
-  region = "us"
+  space = "hungry-poet-123456"
 }
 
 provider "aws" {
@@ -51,15 +46,8 @@ provider "aws" {
 
 data "aws_region" "current" {}
 
-# Create a new space
-resource "mondoo_space" "my_space" {
-  name   = "AWS Terraform"
-  org_id = var.mondoo_org
-}
-
 # Setup the AWS integration
 resource "mondoo_integration_aws_serverless" "aws_serverless" {
-  space_id                      = mondoo_space.my_space.id
   name                          = "AWS Integration"
   region                        = data.aws_region.current.name
   is_organization               = false
@@ -96,7 +84,7 @@ resource "aws_cloudformation_stack" "mondoo_stack" {
   }
 }
 
-# for organisation wide deploys use aws_cloudformation_stack_set and aws_cloudformation_stack_set_instance instead of aws_cloudformation_stack
+# for organization wide deployments use aws_cloudformation_stack_set and aws_cloudformation_stack_set_instance instead of aws_cloudformation_stack
 # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set
 # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set_instance
 ```
@@ -109,14 +97,14 @@ resource "aws_cloudformation_stack" "mondoo_stack" {
 - `name` (String) Name of the integration.
 - `region` (String) AWS region.
 - `scan_configuration` (Attributes) (see [below for nested schema](#nestedatt--scan_configuration))
-- `space_id` (String) Mondoo Space Identifier.
 
 ### Optional
 
 - `account_ids` (List of String) List of AWS account IDs.
 - `console_sign_in_trigger` (Boolean) Enable console sign in trigger.
 - `instance_state_change_trigger` (Boolean) Enable instance state change trigger.
 - `is_organization` (Boolean) Is organization.
+- `space_id` (String) Mondoo Space Identifier. If it is not provided, the provider space is used.
 
 ### Read-Only