fix: aws read functionality

Signed-off-by: Matthias Theuermann <[email protected]>
infralovers · Dec 17, 2024 · 26bf54a · 26bf54a
1 parent 6d9d606
commit 26bf54a
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 25 deletions.
diff --git a/internal/provider/gql.go b/internal/provider/gql.go
@@ -582,7 +582,48 @@ type AWSConfigurationOptions struct {
 	ScanConfiguration ScanConfigurationInput
 	AccountIDs        []string
 	IsOrganization    bool
-	// V2Template bool
+	// V2Template        bool
+}
+
+type ScanConfigurationInput struct {
+	AccountScan       bool
+	Ec2Scan           bool `graphql:"ec2Scan"`
+	EcrScan           bool
+	EcsScan           bool
+	CronScaninHours   int64
+	EventScanTriggers []AWSEventPatternInput
+	Ec2ScanOptions    Ec2ScanOptionsInput `graphql:"ec2ScanOptions"`
+	VpcConfiguration  VPCConfigurationInput
+}
+
+type VPCConfigurationInput struct {
+	UseDefaultVPC bool   `graphql:"useDefaultVPC"`
+	UseMondooVPC  bool   `graphql:"useMondooVPC"`
+	CIDR          string `graphql:"CIDR"`
+}
+
+type AWSEventPatternInput struct {
+	ScanType        string
+	EventSource     string
+	EventDetailType string
+}
+
+type Ec2ScanOptionsInput struct {
+	Ssm                       bool
+	InstanceIDsFilter         []string
+	RegionsFilter             []string
+	TagsFilter                map[string]interface{}
+	EbsVolumeScan             bool
+	EbsScanOptions            EbsScanOptionsInput
+	InstanceConnect           bool
+	ExcludedInstanceIDsFilter []string
+	ExcludedRegionsFilter     []string
+	ExcludedTagsFilter        map[string]interface{}
+}
+
+type EbsScanOptionsInput struct {
+	TargetInstancesPerScanner int64
+	MaxAsgInstances           int64
 }
 
 type SlackConfigurationOptions struct {

diff --git a/internal/provider/integration_aws_resource.go b/internal/provider/integration_aws_resource.go
@@ -222,6 +222,16 @@ func (r *integrationAwsResource) Create(ctx context.Context, req resource.Create
 		return
 	}
 
+	// trigger integration to gather results quickly after the first setup
+	// NOTE: we ignore the error since the integration state does not depend on it
+	_, err = r.client.TriggerAction(ctx, string(integration.Mrn), mondoov1.ActionTypeRunScan)
+	if err != nil {
+		resp.Diagnostics.
+			AddWarning("Client Error",
+				fmt.Sprintf("Unable to trigger integration, got error: %s", err),
+			)
+	}
+
 	// Save space mrn into the Terraform state.
 	data.Mrn = types.StringValue(string(integration.Mrn))
 	data.Name = types.StringValue(string(integration.Name))
@@ -249,19 +259,23 @@ func (r *integrationAwsResource) Read(ctx context.Context, req resource.ReadRequ
 	}
 
 	model := integrationAwsResourceModel{
-		SpaceID: types.StringValue(integration.SpaceID()),
-		Mrn:     types.StringValue(integration.Mrn),
-		Name:    types.StringValue(integration.Name),
-		Credential: integrationAwsCredentialModel{
-			Role: &roleCredentialModel{
-				RoleArn:    types.StringValue(integration.ConfigurationOptions.HostedAwsConfigurationOptions.Role),
-				ExternalId: types.StringValue(data.Credential.Role.ExternalId.ValueString()),
-			},
-			Key: &accessKeyCredentialModel{
-				AccessKey: types.StringValue(integration.ConfigurationOptions.HostedAwsConfigurationOptions.AccessKeyId),
-				SecretKey: types.StringValue(data.Credential.Key.SecretKey.ValueString()),
-			},
-		},
+		SpaceID:    types.StringValue(integration.SpaceID()),
+		Mrn:        types.StringValue(integration.Mrn),
+		Name:       types.StringValue(integration.Name),
+		Credential: integrationAwsCredentialModel{},
+	}
+
+	if data.Credential.Role != nil && data.Credential.Role.ExternalId.ValueStringPointer() != nil {
+		model.Credential.Role = &roleCredentialModel{
+			RoleArn:    types.StringValue(integration.ConfigurationOptions.HostedAwsConfigurationOptions.Role),
+			ExternalId: types.StringValue(data.Credential.Role.ExternalId.ValueString()),
+		}
+	}
+	if data.Credential.Key != nil && data.Credential.Key.SecretKey.ValueStringPointer() != nil {
+		model.Credential.Key = &accessKeyCredentialModel{
+			AccessKey: types.StringValue(integration.ConfigurationOptions.HostedAwsConfigurationOptions.AccessKeyId),
+			SecretKey: types.StringValue(data.Credential.Key.SecretKey.ValueString()),
+		}
 	}
 
 	// Save updated data into Terraform state

diff --git a/internal/provider/integration_aws_serverless_resource.go b/internal/provider/integration_aws_serverless_resource.go
@@ -32,8 +32,8 @@ type integrationAwsServerlessResourceModel struct {
 	Name  types.String `tfsdk:"name"`
 	Token types.String `tfsdk:"token"`
 
-	Region            types.String           `tfsdk:"region"`
-	ScanConfiguration ScanConfigurationInput `tfsdk:"scan_configuration"`
+	Region            types.String                                   `tfsdk:"region"`
+	ScanConfiguration integrationAwsServerlessScanConfigurationModel `tfsdk:"scan_configuration"`
 
 	// (Optional.)
 	AccountIDs types.List `tfsdk:"account_ids"`
@@ -46,7 +46,7 @@ type integrationAwsServerlessResourceModel struct {
 	InstanceStateChangeTrigger types.Bool `tfsdk:"instance_state_change_trigger"`
 }
 
-type ScanConfigurationInput struct {
+type integrationAwsServerlessScanConfigurationModel struct {
 	// (Optional.)
 	Ec2Scan types.Bool `tfsdk:"ec2_scan"`
 	// (Optional.)
@@ -56,20 +56,20 @@ type ScanConfigurationInput struct {
 	// (Optional.)
 	CronScaninHours types.Int64 `tfsdk:"cron_scan_in_hours"`
 	// (Optional.)
-	EventScanTriggers *[]*AWSEventPatternInput `tfsdk:"event_scan_triggers"`
+	EventScanTriggers *[]*integrationAwsServerlessAWSEventPatternModel `tfsdk:"event_scan_triggers"`
 	// (Optional.)
-	Ec2ScanOptions *Ec2ScanOptionsInput `tfsdk:"ec2_scan_options"`
+	Ec2ScanOptions *integrationAwsServerlessEc2ScanModel `tfsdk:"ec2_scan_options"`
 	// (Optional.)
-	VpcConfiguration *VPCConfigurationInput `tfsdk:"vpc_configuration"`
+	VpcConfiguration *integrationAwsServerlessVPCConfigurationModel `tfsdk:"vpc_configuration"`
 }
 
-type VPCConfigurationInput struct {
+type integrationAwsServerlessVPCConfigurationModel struct {
 	UseMondooVPC types.Bool `tfsdk:"use_mondoo_vpc"`
 	// (Optional.)
 	CIDR types.String `tfsdk:"cidr_block"`
 }
 
-type AWSEventPatternInput struct {
+type integrationAwsServerlessAWSEventPatternModel struct {
 	// (Required.)
 	ScanType types.String `tfsdk:"scan_type"`
 	// (Required.)
@@ -78,7 +78,7 @@ type AWSEventPatternInput struct {
 	EventDetailType types.String `tfsdk:"event_detail_type"`
 }
 
-type Ec2ScanOptionsInput struct {
+type integrationAwsServerlessEc2ScanModel struct {
 	// (Optional.)
 	Ssm types.Bool `tfsdk:"ssm"`
 	// (Optional.)
@@ -96,12 +96,12 @@ type Ec2ScanOptionsInput struct {
 	// (Optional.)
 	EbsVolumeScan types.Bool `tfsdk:"ebs_volume_scan"`
 	// (Optional.)
-	EbsScanOptions *EbsScanOptionsInput `tfsdk:"ebs_scan_options"`
+	EbsScanOptions *integrationAwsServerlessEbsScanModel `tfsdk:"ebs_scan_options"`
 	// (Optional.)
 	InstanceConnect types.Bool `tfsdk:"instance_connect"`
 }
 
-type EbsScanOptionsInput struct {
+type integrationAwsServerlessEbsScanModel struct {
 	// (Optional.)
 	TargetInstancesPerScanner types.Int64 `tfsdk:"target_instances_per_scanner"`
 	// (Optional.)