From cafbce4c515b00e0bbe266f4c7988eaedfacdbb5 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Wed, 4 Dec 2024 16:03:22 -0800 Subject: [PATCH 1/3] Update the spellcheck pattern files (#173) Catch more things Signed-off-by: Tim Smith --- .../actions/spelling/line_forbidden.patterns | 93 +++++++++++++++---- .github/actions/spelling/reject.txt | 1 + 2 files changed, 77 insertions(+), 17 deletions(-) diff --git a/.github/actions/spelling/line_forbidden.patterns b/.github/actions/spelling/line_forbidden.patterns index 3f6bacd..03e9d21 100644 --- a/.github/actions/spelling/line_forbidden.patterns +++ b/.github/actions/spelling/line_forbidden.patterns @@ -10,35 +10,46 @@ # PR links left in the release notes \bhttps:\/\/github.com\/mondoohq\/.*\/pull\/\d* +# +# Overly formal style +# + +# s.b. Whether +\bIndicates whether\b +\bIndicates if\b +\bIndicates\b +\bWhether or not\b +\bDenotes if\b + # # Terms to avoid # # s.b. Allow list -\s[Ww]hitelist\b -\s[Ww]hitelisting\b -\s[Ww]hitelisted\b -\s[Ww]hite list\b -\s[Ww]hite listing\b -\s[Ww]hite listed\b +\b[Ww]hitelist\b +\b[Ww]hitelisting\b +\b[Ww]hitelisted\b +\b[Ww]hite list\b +\b[Ww]hite listing\b +\b[Ww]hite listed\b # s.b. Block list -\s[Bb]lacklist\b -\s[Bb]lacklisting\b -\s[Bb]lacklisted\b -\s[Bb]lack list\b -\s[Bb]lack listing\b -\s[Bb]lack listed\b +\b[Bb]lacklist\b +\b[Bb]lacklisting\b +\b[Bb]lacklisted\b +\b[Bb]lack list\b +\b[Bb]lack listing\b +\b[Bb]lack listed\b # # Our Terms # # s.b. Mondoo Platform -\sMondoo platform\b +\bMondoo platform\b # s.b. Compliance Hub -\s[Cc]ompliance hub\b +\b[Cc]ompliance hub\b # # Compliance Terms @@ -47,6 +58,9 @@ # s.b. SOC 2 \bSOC2\b +# s.b. NIS2 +\bNIS 2\b + # s.b. ISO 270001 \bISO270001\b @@ -54,6 +68,9 @@ # Industry Terms # +# s.b. NetFlow +\bNetflow\b + # s.b. Side scanning \b[Ss]idescanning\b @@ -66,6 +83,7 @@ # s.b. Docker Hub \bDocker[Hh]ub\b +\bdocker hub\b # s.b. REST API \b[Rr]est API\b @@ -87,6 +105,12 @@ # Product Names # +# s.b. Cloudflare +\bCloudFlare\b + +# s.b. Memcached +\bMemCached\b + # s.b. Jira \bJIRA\b @@ -150,6 +174,10 @@ # s.b. AlmaLinux \bAlma Linux\b +# s.b. CloudLinux +\bCloud Linux\b +\bCloudlinux\b + # s.b. openSUSE \bOpenSUSE\b @@ -196,13 +224,25 @@ # s.b. SentinelOne \bSentinal[Oo]ne\b -\bSentinelone\b -\bSentinal One\b +\bSentin[ae]lone\b +\bSentin[ae]l One\b # s.b. CrowdStrike \bCrowd Strike\b \b[Cc]rowdstrike\b +# s.b. Zendesk +\bZenDesk\b + +# s.b. ServiceNow +\bService Now\b +\bServicenow\b + +# disabled due to docs false positives +# s.b. name server +# \bnameserver\b +# \bnameservers\b + # # Kubernetes Terms # @@ -290,6 +330,13 @@ \bLinked In\b \bLinkedin\b +# s.b. Microsoft IIS +\bIIS Server\b + +# s.b. Microsoft SQL Server +\bSQL server\b +\bMSSQL\b + # # VMware Products # @@ -459,7 +506,7 @@ \bWorkmail\b # -# GCP Products +# Google Cloud Products # # s.b. AlloyDB @@ -470,9 +517,11 @@ # s.b. BigLake \bBig Lake\b +\bBiglake\b # s.b. BigQuery \bBig Query\b +\bBigquery\b # s.b. Cloud Build \bCloudBuild\b @@ -532,6 +581,16 @@ \bVMware engine\b \bVMWare Engine\b +# s.b. Bigtable +\bBigTable\b +\bBig Table\b + +# s.b. Datastore +\bDataStore\b + +# s.b. Memorystore +\bMemoryStore\b + # # Azure Products # diff --git a/.github/actions/spelling/reject.txt b/.github/actions/spelling/reject.txt index 83ecc82..a59551a 100644 --- a/.github/actions/spelling/reject.txt +++ b/.github/actions/spelling/reject.txt @@ -12,3 +12,4 @@ Sorce ^wether.* deets organisation + From 708004c4e58121b7d735ce99d1ab51365d702f3d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:27:33 +0100 Subject: [PATCH 2/3] Bump go.mondoo.com/cnquery/v11 in the gomodupdates group (#172) Bumps the gomodupdates group with 1 update: [go.mondoo.com/cnquery/v11](https://github.com/mondoohq/cnquery). Updates `go.mondoo.com/cnquery/v11` from 11.32.0 to 11.33.0 - [Release notes](https://github.com/mondoohq/cnquery/releases) - [Changelog](https://github.com/mondoohq/cnquery/blob/main/.goreleaser.yml) - [Commits](https://github.com/mondoohq/cnquery/compare/v11.32.0...v11.33.0) --- updated-dependencies: - dependency-name: go.mondoo.com/cnquery/v11 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomodupdates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 28 +++++++++++++-------------- go.sum | 60 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 44 insertions(+), 44 deletions(-) diff --git a/go.mod b/go.mod index feb8f5a..3c0369e 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/hashicorp/terraform-plugin-log v0.9.0 github.com/hashicorp/terraform-plugin-testing v1.11.0 github.com/stretchr/testify v1.10.0 - go.mondoo.com/cnquery/v11 v11.32.0 + go.mondoo.com/cnquery/v11 v11.33.0 go.mondoo.com/mondoo-go v0.0.0-20241118222255-5299c9adc97c gopkg.in/yaml.v2 v2.4.0 ) @@ -25,24 +25,24 @@ require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.2.0 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect - github.com/ProtonMail/go-crypto v1.1.2 // indirect + github.com/ProtonMail/go-crypto v1.1.3 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/armon/go-radix v1.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect - github.com/aws/aws-sdk-go-v2 v1.32.5 // indirect - github.com/aws/aws-sdk-go-v2/config v1.28.5 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.46 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect + github.com/aws/aws-sdk-go-v2 v1.32.6 // indirect + github.com/aws/aws-sdk-go-v2/config v1.28.6 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.47 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect - github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect + github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 // indirect github.com/aws/smithy-go v1.22.1 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/bgentry/speakeasy v0.1.0 // indirect @@ -169,7 +169,7 @@ require ( golang.org/x/text v0.20.0 // indirect golang.org/x/tools v0.27.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a // indirect google.golang.org/grpc v1.68.0 // indirect google.golang.org/protobuf v1.35.2 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index b789e13..d0dc833 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,8 @@ github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s= github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/ProtonMail/go-crypto v1.1.2 h1:A7JbD57ThNqh7XjmHE+PXpQ3Dqt3BrSAC0AL0Go3KS0= -github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= +github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -44,21 +44,21 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGLmAjMPwCCCo7Jf0W6f9slllCkkv7vyc1yOSg= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go-v2 v1.9.2/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= -github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo= -github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2 v1.32.6 h1:7BokKRgRPuGmKkFMhEg/jSul+tB9VvXhcViILtfG8b4= +github.com/aws/aws-sdk-go-v2 v1.32.6/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= github.com/aws/aws-sdk-go-v2/config v1.8.3/go.mod h1:4AEiLtAb8kLs7vgw2ZV3p2VZ1+hBavOc84hqxVNpCyw= -github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0= -github.com/aws/aws-sdk-go-v2/config v1.28.5/go.mod h1:4VsPbHP8JdcdUDmbTVgNL/8w9SqOkM5jyY8ljIxLO3o= +github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo= +github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko= github.com/aws/aws-sdk-go-v2/credentials v1.4.3/go.mod h1:FNNC6nQZQUuyhq5aE5c7ata8o9e4ECGmS4lAXC7o1mQ= -github.com/aws/aws-sdk-go-v2/credentials v1.17.46 h1:AU7RcriIo2lXjUfHFnFKYsLCwgbz1E7Mm95ieIRDNUg= -github.com/aws/aws-sdk-go-v2/credentials v1.17.46/go.mod h1:1FmYyLGL08KQXQ6mcTlifyFXfJVCNJTVGuQP4m0d/UA= +github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw= +github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.6.0/go.mod h1:gqlclDEZp4aqJOancXK6TN24aKhT0W0Ae9MHk3wzTMM= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 h1:sDSXIrlsFSFJtWKLQS4PUWRvrT580rrnuLydJrCQ/yA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20/go.mod h1:WZ/c+w0ofps+/OUqMwWgnfrgzZH1DZO1RIkktICsqnY= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 h1:s/fF4+yDQDoElYhfIVvSNyeCydfbuTKzhxSXDXCPasU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25/go.mod h1:IgPfDv5jqFIzQSNbUEMoitNooSMXjRSDkhXv8jiROvU= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 h1:ZntTCl5EsYnhN/IygQEUugpdwbhdkom9uHcbCftiGgA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25/go.mod h1:DBdPrgeocww+CSl1C8cEV8PN1mHMBhuCDLpXezyvWkE= github.com/aws/aws-sdk-go-v2/internal/ini v1.2.4/go.mod h1:ZcBrrI3zBKlhGFNYWvju0I3TR93I7YIgAfy82Fh4lcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= @@ -66,18 +66,18 @@ github.com/aws/aws-sdk-go-v2/service/appconfig v1.4.2/go.mod h1:FZ3HkCe+b10uFZZk github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.3.2/go.mod h1:72HRZDLMtmVQiLG2tLfQcaWLCssELvGl+Zf2WVxMmR8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E= -github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0 h1:mADKqoZaodipGgiZfuAjtlcr4IVBtXPZKVjkzUZCCYM= -github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0/go.mod h1:l9qF25TzH95FhcIak6e4vt79KE4I7M2Nf59eMUVjj6c= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1 h1:cfVjoEwOMOJOI6VoRQua0nI0KjZV9EAnR8bKaMeSppE= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1/go.mod h1:fGHwAnTdNrLKhgl+UEeq9uEL4n3Ng4MJucA+7Xi3sC4= github.com/aws/aws-sdk-go-v2/service/sso v1.4.2/go.mod h1:NBvT9R1MEF+Ud6ApJKM0G+IkPchKS7p7c2YPKwHmBOk= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 h1:3zu537oLmsPfDMyjnUS2g+F2vITgy5pB74tHI+JBNoM= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.6/go.mod h1:WJSZH2ZvepM6t6jwu4w/Z45Eoi75lPN7DcydSRtJg6Y= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 h1:K0OQAsDywb0ltlFrZm0JHPY3yZp/S9OaoLU33S7vPS8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5/go.mod h1:ORITg+fyuMoeiQFiVGoqB3OydVTLkClw/ljbblMq6Cc= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.7/go.mod h1:ZHtuQJ6t9A/+YDuxOLnbryAmITtr8UysSny3qcyvJTc= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 h1:JnhTZR3PiYDNKlXy50/pNeix9aGMo6lLpXwJ1mw8MD4= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6/go.mod h1:URronUEGfXZN1VpdktPSD1EkAL9mfrV+2F4sjH38qOY= github.com/aws/aws-sdk-go-v2/service/sts v1.7.2/go.mod h1:8EzeIqfWt2wWT4rJVu3f21TfrhJ8AEMzVybRNSb/b4g= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 h1:s4074ZO1Hk8qv65GqNXqDjmkf4HSQqJukaLuuW0TpDA= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.2/go.mod h1:mVggCnIWoM09jP71Wh+ea7+5gAp53q+49wDFs1SW5z8= github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= @@ -192,8 +192,8 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -605,8 +605,8 @@ go.abhg.dev/goldmark/frontmatter v0.2.0/go.mod h1:XqrEkZuM57djk7zrlRUB02x8I5J0px go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY= -go.mondoo.com/cnquery/v11 v11.32.0 h1:v+e+lCr02a6gj86Pxn+lqBZC2q7fT8HdMrD8AsMXRKc= -go.mondoo.com/cnquery/v11 v11.32.0/go.mod h1:MWxO9KkPw9ZBsfWeT1O47t3vBqjzkDsmhLJBfEMdTP4= +go.mondoo.com/cnquery/v11 v11.33.0 h1:lXLEPwt+7D3GW2hKMNmHlQlD6YhEd3izGnmHIo2a3Kg= +go.mondoo.com/cnquery/v11 v11.33.0/go.mod h1:ynuOojMFVuwUAq7nC0Dk6Ut/2MS9T/R+hHmWQdP491Q= go.mondoo.com/mondoo-go v0.0.0-20241118222255-5299c9adc97c h1:0u12icLFjeTLzNQHjPs8Mw65VG1Wl8LxHoGRihwaSmg= go.mondoo.com/mondoo-go v0.0.0-20241118222255-5299c9adc97c/go.mod h1:VTTbqYTjin1hKSnwKHVYeOTEyJrAZarNlf1I8M2rlpM= go.mondoo.com/ranger-rpc v0.6.4 h1:q01kjESvF2HSnbFO+TjpUQSiI2IM8JWGJLH3u0vNxZA= @@ -808,8 +808,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a h1:hgh8P4EuoxpsuKMXX/To36nOFD7vixReXgn8lPGnt+o= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= From 8272dc9ee6bad5d51e4e98042cc108fe7af2e33c Mon Sep 17 00:00:00 2001 From: Matthias Theuermann <73223147+mati007thm@users.noreply.github.com> Date: Thu, 5 Dec 2024 21:59:25 +0100 Subject: [PATCH 3/3] =?UTF-8?q?=E2=AD=90=EF=B8=8F=20new=20resource=20mondo?= =?UTF-8?q?o=5Fintegration=5Fgitlab=20(#167)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matthias Theuermann --- docs/resources/integration_gitlab.md | 82 +++++ .../mondoo_integration_gitlab/main.tf | 8 + .../mondoo_integration_gitlab/resource.tf | 29 ++ internal/provider/gql.go | 11 +- .../provider/integration_gitlab_resource.go | 329 ++++++++++++++++++ internal/provider/provider.go | 1 + 6 files changed, 459 insertions(+), 1 deletion(-) create mode 100644 docs/resources/integration_gitlab.md create mode 100644 examples/resources/mondoo_integration_gitlab/main.tf create mode 100644 examples/resources/mondoo_integration_gitlab/resource.tf create mode 100644 internal/provider/integration_gitlab_resource.go diff --git a/docs/resources/integration_gitlab.md b/docs/resources/integration_gitlab.md new file mode 100644 index 0000000..775f550 --- /dev/null +++ b/docs/resources/integration_gitlab.md @@ -0,0 +1,82 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "mondoo_integration_gitlab Resource - terraform-provider-mondoo" +subcategory: "" +description: |- + Continuously scan GitLab for misconfigurations. +--- + +# mondoo_integration_gitlab (Resource) + +Continuously scan GitLab for misconfigurations. + +## Example Usage + +```terraform +variable "gitlab_token" { + description = "The GitLab Token" + type = string + sensitive = true +} + +provider "mondoo" { + space = "hungry-poet-123456" +} + +# Setup the GitLab integration +resource "mondoo_integration_gitlab" "gitlab_integration" { + name = "GitLab Integration" + + # base_url = "https://my-self-hosted-gitlab.com" + # group = "my-group" + + # configure discovery options + discovery = { + groups = true + projects = true + terraform = true + k8s_manifests = true + } + + credentials = { + token = var.gitlab_token + } +} +``` + + +## Schema + +### Required + +- `credentials` (Attributes) (see [below for nested schema](#nestedatt--credentials)) +- `name` (String) Name of the integration. + +### Optional + +- `base_url` (String) Base URL of the GitLab instance (only set this if your instance is self-hosted). +- `discovery` (Attributes) (see [below for nested schema](#nestedatt--discovery)) +- `group` (String) Group to assign the integration to (by default all groups are discovered). +- `space_id` (String) Mondoo Space Identifier. If it is not provided, the provider space is used. + +### Read-Only + +- `mrn` (String) Integration identifier + + +### Nested Schema for `credentials` + +Required: + +- `token` (String, Sensitive) Token for GitLab integration. + + + +### Nested Schema for `discovery` + +Optional: + +- `groups` (Boolean) Enable discovery of GitLab groups. +- `k8s_manifests` (Boolean) Enable discovery of Kubernetes manifests. +- `projects` (Boolean) Enable discovery of GitLab projects. +- `terraform` (Boolean) Enable discovery of Terraform configurations. diff --git a/examples/resources/mondoo_integration_gitlab/main.tf b/examples/resources/mondoo_integration_gitlab/main.tf new file mode 100644 index 0000000..24d24a1 --- /dev/null +++ b/examples/resources/mondoo_integration_gitlab/main.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + mondoo = { + source = "mondoohq/mondoo" + version = ">= 0.19" + } + } +} \ No newline at end of file diff --git a/examples/resources/mondoo_integration_gitlab/resource.tf b/examples/resources/mondoo_integration_gitlab/resource.tf new file mode 100644 index 0000000..d0f6e74 --- /dev/null +++ b/examples/resources/mondoo_integration_gitlab/resource.tf @@ -0,0 +1,29 @@ +variable "gitlab_token" { + description = "The GitLab Token" + type = string + sensitive = true +} + +provider "mondoo" { + space = "hungry-poet-123456" +} + +# Setup the GitLab integration +resource "mondoo_integration_gitlab" "gitlab_integration" { + name = "GitLab Integration" + + # base_url = "https://my-self-hosted-gitlab.com" + # group = "my-group" + + # configure discovery options + discovery = { + groups = true + projects = true + terraform = true + k8s_manifests = true + } + + credentials = { + token = var.gitlab_token + } +} diff --git a/internal/provider/gql.go b/internal/provider/gql.go index 5915348..2553ab7 100644 --- a/internal/provider/gql.go +++ b/internal/provider/gql.go @@ -585,11 +585,19 @@ type GithubConfigurationOptions struct { Owner string Repository string Organization string - Type string ReposAllowList []string ReposDenyList []string } +type GitlabConfigurationOptions struct { + Group string + DiscoverGroups bool + DiscoverProjects bool + DiscoverTerraform bool + DiscoverK8sManifests bool + BaseURL string +} + type Ms365ConfigurationOptions struct { TenantId string ClientId string @@ -618,6 +626,7 @@ type ClientIntegrationConfigurationOptions struct { GithubConfigurationOptions GithubConfigurationOptions `graphql:"... on GithubConfigurationOptions"` HostedAwsConfigurationOptions HostedAwsConfigurationOptions `graphql:"... on HostedAwsConfigurationOptions"` ShodanConfigurationOptions ShodanConfigurationOptions `graphql:"... on ShodanConfigurationOptions"` + GitlabConfigurationOptions GitlabConfigurationOptions `graphql:"... on GitlabConfigurationOptions"` // Add other configuration options here } diff --git a/internal/provider/integration_gitlab_resource.go b/internal/provider/integration_gitlab_resource.go new file mode 100644 index 0000000..4f2baae --- /dev/null +++ b/internal/provider/integration_gitlab_resource.go @@ -0,0 +1,329 @@ +package provider + +import ( + "context" + "fmt" + "regexp" + + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + mondoov1 "go.mondoo.com/mondoo-go" +) + +var _ resource.Resource = (*integrationGitlabResource)(nil) + +func NewIntegrationGitlabResource() resource.Resource { + return &integrationGitlabResource{} +} + +type integrationGitlabResource struct { + client *ExtendedGqlClient +} + +type integrationGitlabResourceModel struct { + SpaceID types.String `tfsdk:"space_id"` + + // Integration details + Mrn types.String `tfsdk:"mrn"` + Name types.String `tfsdk:"name"` + // Configuration options + Group types.String `tfsdk:"group"` + BaseURL types.String `tfsdk:"base_url"` + Discovery *integrationGitlabDiscoveryModel `tfsdk:"discovery"` + // credentials + Credential *integrationGitlabCredentialModel `tfsdk:"credentials"` +} + +type integrationGitlabDiscoveryModel struct { + Groups types.Bool `tfsdk:"groups"` + Projects types.Bool `tfsdk:"projects"` + Terraform types.Bool `tfsdk:"terraform"` + K8sManifests types.Bool `tfsdk:"k8s_manifests"` +} + +type integrationGitlabCredentialModel struct { + Token types.String `tfsdk:"token"` +} + +func (r *integrationGitlabResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_integration_gitlab" +} + +func (m integrationGitlabResourceModel) GetConfigurationOptions() *mondoov1.GitlabConfigurationOptionsInput { + opts := &mondoov1.GitlabConfigurationOptionsInput{ + Group: mondoov1.NewStringPtr(mondoov1.String(m.Group.ValueString())), + BaseURL: mondoov1.NewStringPtr(mondoov1.String(m.BaseURL.ValueString())), + } + + gitlabType := mondoov1.GitlabIntegrationTypeNone + if *opts.Group != "" { + gitlabType = mondoov1.GitlabIntegrationTypeGroup + } + + opts.Type = gitlabType + + if m.Discovery != nil { + opts.DiscoverGroups = mondoov1.NewBooleanPtr(mondoov1.Boolean(m.Discovery.Groups.ValueBool())) + opts.DiscoverProjects = mondoov1.NewBooleanPtr(mondoov1.Boolean(m.Discovery.Projects.ValueBool())) + opts.DiscoverTerraform = mondoov1.NewBooleanPtr(mondoov1.Boolean(m.Discovery.Terraform.ValueBool())) + opts.DiscoverK8sManifests = mondoov1.NewBooleanPtr(mondoov1.Boolean(m.Discovery.K8sManifests.ValueBool())) + } + + token := m.Credential.Token.ValueString() + if token != "" { + opts.Token = mondoov1.NewStringPtr(mondoov1.String(token)) + } + + return opts +} + +func (r *integrationGitlabResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + MarkdownDescription: `Continuously scan GitLab for misconfigurations.`, + Attributes: map[string]schema.Attribute{ + "space_id": schema.StringAttribute{ + MarkdownDescription: "Mondoo Space Identifier. If it is not provided, the provider space is used.", + Optional: true, + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "mrn": schema.StringAttribute{ + Computed: true, + MarkdownDescription: "Integration identifier", + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + MarkdownDescription: "Name of the integration.", + Required: true, + Validators: []validator.String{ + stringvalidator.LengthAtMost(250), + }, + }, + "group": schema.StringAttribute{ + MarkdownDescription: "Group to assign the integration to (by default all groups are discovered).", + Optional: true, + }, + "base_url": schema.StringAttribute{ + MarkdownDescription: "Base URL of the GitLab instance (only set this if your instance is self-hosted).", + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches( + regexp.MustCompile(`^https?:\/\/[a-zA-Z0-9\-._~:\/?#[\]@!$&'()*+,;=%]+$`), + "must be a valid URL", + ), + }, + }, + "discovery": schema.SingleNestedAttribute{ + Optional: true, + Attributes: map[string]schema.Attribute{ + "groups": schema.BoolAttribute{ + MarkdownDescription: "Enable discovery of GitLab groups.", + Optional: true, + }, + "projects": schema.BoolAttribute{ + MarkdownDescription: "Enable discovery of GitLab projects.", + Optional: true, + }, + "terraform": schema.BoolAttribute{ + MarkdownDescription: "Enable discovery of Terraform configurations.", + Optional: true, + }, + "k8s_manifests": schema.BoolAttribute{ + MarkdownDescription: "Enable discovery of Kubernetes manifests.", + Optional: true, + }, + }, + }, + "credentials": schema.SingleNestedAttribute{ + Required: true, + Attributes: map[string]schema.Attribute{ + "token": schema.StringAttribute{ + MarkdownDescription: "Token for GitLab integration.", + Required: true, + Sensitive: true, + }, + }, + }, + }, + } +} + +func (r *integrationGitlabResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + // Prevent panic if the provider has not been configured. + if req.ProviderData == nil { + return + } + + client, ok := req.ProviderData.(*ExtendedGqlClient) + + if !ok { + resp.Diagnostics.AddError( + "Unexpected Resource Configure Type", + fmt.Sprintf("Expected *http.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData), + ) + + return + } + + r.client = client +} + +func (r *integrationGitlabResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var data integrationGitlabResourceModel + + // Read Terraform plan data into the model + resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) + + if resp.Diagnostics.HasError() { + return + } + + // Compute and validate the space + space, err := r.client.ComputeSpace(data.SpaceID) + if err != nil { + resp.Diagnostics.AddError("Invalid Configuration", err.Error()) + return + } + ctx = tflog.SetField(ctx, "space_mrn", space.MRN()) + + // Create API call logic + tflog.Debug(ctx, "Creating integration") + integration, err := r.client.CreateIntegration(ctx, + space.MRN(), + data.Name.ValueString(), + mondoov1.ClientIntegrationTypeGitLab, + mondoov1.ClientIntegrationConfigurationInput{ + GitLabConfigurationOptions: data.GetConfigurationOptions(), + }) + if err != nil { + resp.Diagnostics. + AddError("Client Error", + fmt.Sprintf("Unable to create GitLab integration, got error: %s", err), + ) + return + } + + // trigger integration to gather results quickly after the first setup + // NOTE: we ignore the error since the integration state does not depend on it + _, err = r.client.TriggerAction(ctx, string(integration.Mrn), mondoov1.ActionTypeRunScan) + if err != nil { + resp.Diagnostics. + AddWarning("Client Error", + fmt.Sprintf("Unable to trigger integration, got error: %s", err), + ) + return + } + + // Save space mrn into the Terraform state. + data.Mrn = types.StringValue(string(integration.Mrn)) + data.Name = types.StringValue(data.Name.ValueString()) + data.SpaceID = types.StringValue(space.ID()) + + // Save data into Terraform state + resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) +} + +func (r *integrationGitlabResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var data integrationGitlabResourceModel + + // Read Terraform prior state data into the model + resp.Diagnostics.Append(req.State.Get(ctx, &data)...) + + if resp.Diagnostics.HasError() { + return + } + + // Read API call logic + + // Save updated data into Terraform state + resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) +} + +func (r *integrationGitlabResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var data integrationGitlabResourceModel + + // Read Terraform plan data into the model + resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) + + if resp.Diagnostics.HasError() { + return + } + + opts := mondoov1.ClientIntegrationConfigurationInput{ + GitLabConfigurationOptions: data.GetConfigurationOptions(), + } + // Update API call logic + _, err := r.client.UpdateIntegration(ctx, + data.Mrn.ValueString(), + data.Name.ValueString(), + mondoov1.ClientIntegrationTypeGitLab, + opts, + ) + if err != nil { + resp.Diagnostics. + AddError("Client Error", + fmt.Sprintf("Unable to update GitLab integration, got error: %s", err), + ) + return + } + + // Save updated data into Terraform state + resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) +} + +func (r *integrationGitlabResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var data integrationGitlabResourceModel + + // Read Terraform prior state data into the model + resp.Diagnostics.Append(req.State.Get(ctx, &data)...) + + if resp.Diagnostics.HasError() { + return + } + + // Delete API call logic + _, err := r.client.DeleteIntegration(ctx, data.Mrn.ValueString()) + if err != nil { + resp.Diagnostics. + AddError("Client Error", + fmt.Sprintf("Unable to delete GitLab integration, got error: %s", err), + ) + return + } +} + +func (r *integrationGitlabResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + integration, ok := r.client.ImportIntegration(ctx, req, resp) + if !ok { + return + } + + model := integrationGitlabResourceModel{ + Mrn: types.StringValue(integration.Mrn), + Name: types.StringValue(integration.Name), + SpaceID: types.StringValue(integration.SpaceID()), + Group: types.StringValue(integration.ConfigurationOptions.GitlabConfigurationOptions.Group), + BaseURL: types.StringValue(integration.ConfigurationOptions.GitlabConfigurationOptions.BaseURL), + Discovery: &integrationGitlabDiscoveryModel{ + Groups: types.BoolValue(integration.ConfigurationOptions.GitlabConfigurationOptions.DiscoverGroups), + Projects: types.BoolValue(integration.ConfigurationOptions.GitlabConfigurationOptions.DiscoverProjects), + Terraform: types.BoolValue(integration.ConfigurationOptions.GitlabConfigurationOptions.DiscoverTerraform), + K8sManifests: types.BoolValue(integration.ConfigurationOptions.GitlabConfigurationOptions.DiscoverK8sManifests), + }, + Credential: &integrationGitlabCredentialModel{ + Token: types.StringPointerValue(nil), + }, + } + + resp.State.Set(ctx, &model) +} diff --git a/internal/provider/provider.go b/internal/provider/provider.go index fe54ab6..4779b2f 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -204,6 +204,7 @@ func (p *MondooProvider) Resources(ctx context.Context) []func() resource.Resour NewIntegrationShodanResource, NewFrameworkAssignmentResource, NewCustomFrameworkResource, + NewIntegrationGitlabResource, } }