fix: made requested changes

Signed-off-by: Matthias Theuermann <[email protected]>
infralovers · Apr 26, 2024 · 87a6879 · 87a6879
1 parent 00a8145
commit 87a6879
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 47 deletions.
diff --git a/docs/resources/integration_azure.md b/docs/resources/integration_azure.md
@@ -3,43 +3,60 @@
 page_title: "mondoo_integration_azure Resource - terraform-provider-mondoo"
 subcategory: ""
 description: |-
-  
+  Azure integration
 ---
 
 # mondoo_integration_azure (Resource)
 
-
+Azure integration
 
 ## Example Usage
 
 ```terraform
 terraform {
   required_providers {
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "2.48.0"
+    }
     mondoo = {
       source = "mondoohq/mondoo"
     }
   }
 }
 
+provider "azuread" {}
+
+data "azuread_client_config" "current" {}
+
+data "azuread_application" "mondoo-security" {
+  display_name = "mondoo-security"
+}
+
 provider "mondoo" {
   region = "us"
 }
 
+variable "mondoo_org" {
+  description = "Mondoo Organization"
+  type        = string
+}
+
 // Create a new space
 resource "mondoo_space" "azure_space" {
-  name   = "Azure Integration w Terraform"
-  org_id = "your-org-1234567"
+  name   = "Azure ${data.azuread_application.mondoo-security.display_name}"
+  org_id = var.mondoo_org
 }
 
 // Setup the Azure integration
 resource "mondoo_integration_azure" "azure_integration" {
   space_id  = mondoo_space.azure_space.id
-  name      = "Azure Integration w Terraform"
-  tenant_id = "ffffffff-ffff-ffff-ffff-ffffffffffff"
-  client_id = "ffffffff-ffff-ffff-ffff-ffffffffffff"
+  name      = "Azure ${data.azuread_application.mondoo-security.display_name}"
+  tenant_id = data.azuread_client_config.current.tenant_id
+  client_id = data.azuread_application.mondoo-security.client_id
   scan_vms  = true
-  # subscription_whitelist = ["ffffffff-ffff-ffff-ffff-ffffffffffff", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
-  # subscription_blacklist = ["ffffffff-ffff-ffff-ffff-ffffffffffff", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
+  # subscription_allow_list= ["ffffffff-ffff-ffff-ffff-ffffffffffff", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
+  # subscription_deny_list = ["ffffffff-ffff-ffff-ffff-ffffffffffff", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
   credentials = {
     pem_file = <<EOT
 -----BEGIN PRIVATE KEY-----
@@ -61,15 +78,15 @@ EOT
 
 - `client_id` (String) Azure Client ID.
 - `credentials` (Attributes) (see [below for nested schema](#nestedatt--credentials))
+- `name` (String) Name of the integration.
 - `space_id` (String) Mondoo Space Identifier.
 - `tenant_id` (String) Azure Tenant ID.
 
 ### Optional
 
-- `name` (String) Name of the integration.
 - `scan_vms` (Boolean) Scan VMs.
-- `subscription_blacklist` (List of String) List of Azure subscriptions to exclude from scanning.
-- `subscription_whitelist` (List of String) List of Azure subscriptions to scan.
+- `subscription_allow_list` (List of String) List of Azure subscriptions to scan.
+- `subscription_deny_list` (List of String) List of Azure subscriptions to exclude from scanning.
 
 ### Read-Only
 

diff --git a/examples/resources/mondoo_integration_azure/resource.tf b/examples/resources/mondoo_integration_azure/resource.tf
@@ -1,30 +1,47 @@
 terraform {
   required_providers {
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "2.48.0"
+    }
     mondoo = {
       source = "mondoohq/mondoo"
     }
   }
 }
 
+provider "azuread" {}
+
+data "azuread_client_config" "current" {}
+
+data "azuread_application" "mondoo-security" {
+  display_name = "mondoo-security"
+}
+
 provider "mondoo" {
   region = "us"
 }
 
+variable "mondoo_org" {
+  description = "Mondoo Organization"
+  type        = string
+}
+
 // Create a new space
 resource "mondoo_space" "azure_space" {
-  name   = "Azure Integration w Terraform"
-  org_id = "your-org-1234567"
+  name   = "Azure ${data.azuread_application.mondoo-security.display_name}"
+  org_id = var.mondoo_org
 }
 
 // Setup the Azure integration
 resource "mondoo_integration_azure" "azure_integration" {
   space_id  = mondoo_space.azure_space.id
-  name      = "Azure Integration w Terraform"
-  tenant_id = "ffffffff-ffff-ffff-ffff-ffffffffffff"
-  client_id = "ffffffff-ffff-ffff-ffff-ffffffffffff"
+  name      = "Azure ${data.azuread_application.mondoo-security.display_name}"
+  tenant_id = data.azuread_client_config.current.tenant_id
+  client_id = data.azuread_application.mondoo-security.client_id
   scan_vms  = true
-  # subscription_whitelist = ["ffffffff-ffff-ffff-ffff-ffffffffffff", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
-  # subscription_blacklist = ["ffffffff-ffff-ffff-ffff-ffffffffffff", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
+  # subscription_allow_list= ["ffffffff-ffff-ffff-ffff-ffffffffffff", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
+  # subscription_deny_list = ["ffffffff-ffff-ffff-ffff-ffffffffffff", "ffffffff-ffff-ffff-ffff-ffffffffffff"]
   credentials = {
     pem_file = <<EOT
 -----BEGIN PRIVATE KEY-----

diff --git a/internal/provider/integration_azure_resource.go b/internal/provider/integration_azure_resource.go
@@ -28,13 +28,13 @@ type integrationAzureResourceModel struct {
 	SpaceId types.String `tfsdk:"space_id"`
 
 	// integration details
-	Mrn                    types.String `tfsdk:"mrn"`
-	Name                   types.String `tfsdk:"name"`
-	ClientId               types.String `tfsdk:"client_id"`
-	TenantId               types.String `tfsdk:"tenant_id"`
-	SubscriptionsWhitelist types.List   `tfsdk:"subscription_whitelist"`
-	SubscriptionsBlacklist types.List   `tfsdk:"subscription_blacklist"`
-	ScanVms                types.Bool   `tfsdk:"scan_vms"`
+	Mrn                   types.String `tfsdk:"mrn"`
+	Name                  types.String `tfsdk:"name"`
+	ClientId              types.String `tfsdk:"client_id"`
+	TenantId              types.String `tfsdk:"tenant_id"`
+	SubscriptionAllowList types.List   `tfsdk:"subscription_allow_list"`
+	SubscriptionDenyList  types.List   `tfsdk:"subscription_deny_list"`
+	ScanVms               types.Bool   `tfsdk:"scan_vms"`
 
 	// credentials
 	Credential integrationAzureCredentialModel `tfsdk:"credentials"`
@@ -50,6 +50,7 @@ func (r *integrationAzureResource) Metadata(ctx context.Context, req resource.Me
 
 func (r *integrationAzureResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
 	resp.Schema = schema.Schema{
+		MarkdownDescription: "Azure integration",
 		Attributes: map[string]schema.Attribute{
 			"space_id": schema.StringAttribute{
 				MarkdownDescription: "Mondoo Space Identifier.",
@@ -64,7 +65,7 @@ func (r *integrationAzureResource) Schema(ctx context.Context, req resource.Sche
 			},
 			"name": schema.StringAttribute{
 				MarkdownDescription: "Name of the integration.",
-				Optional:            true,
+				Required:            true,
 			},
 			"client_id": schema.StringAttribute{
 				MarkdownDescription: "Azure Client ID.",
@@ -78,12 +79,12 @@ func (r *integrationAzureResource) Schema(ctx context.Context, req resource.Sche
 				MarkdownDescription: "Scan VMs.",
 				Optional:            true,
 			},
-			"subscription_whitelist": schema.ListAttribute{
+			"subscription_allow_list": schema.ListAttribute{
 				MarkdownDescription: "List of Azure subscriptions to scan.",
 				Optional:            true,
 				ElementType:         types.StringType,
 			},
-			"subscription_blacklist": schema.ListAttribute{
+			"subscription_deny_list": schema.ListAttribute{
 				MarkdownDescription: "List of Azure subscriptions to exclude from scanning.",
 				Optional:            true,
 				ElementType:         types.StringType,
@@ -139,17 +140,17 @@ func (r *integrationAzureResource) Create(ctx context.Context, req resource.Crea
 		spaceMrn = spacePrefix + data.SpaceId.ValueString()
 	}
 
-	var listWhite []mondoov1.String
-	whitelist, _ := data.SubscriptionsWhitelist.ToListValue(ctx)
-	whitelist.ElementsAs(ctx, &listWhite, true)
+	var listAllow []mondoov1.String
+	allowlist, _ := data.SubscriptionAllowList.ToListValue(ctx)
+	allowlist.ElementsAs(ctx, &listAllow, true)
 
-	var listBlack []mondoov1.String
-	blacklist, _ := data.SubscriptionsBlacklist.ToListValue(ctx)
-	blacklist.ElementsAs(ctx, &listBlack, true)
+	var listDeny []mondoov1.String
+	denylist, _ := data.SubscriptionDenyList.ToListValue(ctx)
+	denylist.ElementsAs(ctx, &listDeny, true)
 
 	// Check if both whitelist and blacklist are provided
-	if len(listBlack) > 0 && len(listWhite) > 0 {
-		resp.Diagnostics.AddError("ConflictingAttributesError", "Both subscription_whitelist and subscription_blacklist cannot be provided simultaneously.")
+	if len(listDeny) > 0 && len(listAllow) > 0 {
+		resp.Diagnostics.AddError("ConflictingAttributesError", "Both subscription_allow_list and subscription_deny_list cannot be provided simultaneously.")
 		return
 	}
 
@@ -161,8 +162,8 @@ func (r *integrationAzureResource) Create(ctx context.Context, req resource.Crea
 			AzureConfigurationOptions: &mondoov1.AzureConfigurationOptionsInput{
 				TenantID:               mondoov1.String(data.TenantId.ValueString()),
 				ClientID:               mondoov1.String(data.ClientId.ValueString()),
-				SubscriptionsWhitelist: &listWhite,
-				SubscriptionsBlacklist: &listBlack,
+				SubscriptionsWhitelist: &listAllow,
+				SubscriptionsBlacklist: &listDeny,
 				ScanVms:                mondoov1.NewBooleanPtr(mondoov1.Boolean(data.ScanVms.ValueBool())),
 				Certificate:            mondoov1.NewStringPtr(mondoov1.String(data.Credential.PEMFile.ValueString())),
 			},
@@ -208,20 +209,26 @@ func (r *integrationAzureResource) Update(ctx context.Context, req resource.Upda
 	}
 
 	// Do GraphQL request to API to update the resource.
-	var listWhite []mondoov1.String
-	whitelist, _ := data.SubscriptionsWhitelist.ToListValue(ctx)
-	whitelist.ElementsAs(ctx, &listWhite, true)
+	var listAllow []mondoov1.String
+	allowlist, _ := data.SubscriptionAllowList.ToListValue(ctx)
+	allowlist.ElementsAs(ctx, &listAllow, true)
+
+	var listDeny []mondoov1.String
+	denylist, _ := data.SubscriptionDenyList.ToListValue(ctx)
+	denylist.ElementsAs(ctx, &listDeny, true)
 
-	var listBlack []mondoov1.String
-	blacklist, _ := data.SubscriptionsBlacklist.ToListValue(ctx)
-	blacklist.ElementsAs(ctx, &listBlack, true)
+	// Check if both whitelist and blacklist are provided
+	if len(listDeny) > 0 && len(listAllow) > 0 {
+		resp.Diagnostics.AddError("ConflictingAttributesError", "Both subscription_allow_list and subscription_deny_list cannot be provided simultaneously.")
+		return
+	}
 
 	opts := mondoov1.ClientIntegrationConfigurationInput{
 		AzureConfigurationOptions: &mondoov1.AzureConfigurationOptionsInput{
 			TenantID:               mondoov1.String(data.TenantId.ValueString()),
 			ClientID:               mondoov1.String(data.ClientId.ValueString()),
-			SubscriptionsWhitelist: &listWhite,
-			SubscriptionsBlacklist: &listBlack,
+			SubscriptionsWhitelist: &listAllow,
+			SubscriptionsBlacklist: &listDeny,
 			ScanVms:                mondoov1.NewBooleanPtr(mondoov1.Boolean(data.ScanVms.ValueBool())),
 			Certificate:            mondoov1.NewStringPtr(mondoov1.String(data.Credential.PEMFile.ValueString())),
 		},