⭐️ add the SCIM group mapping resource (#48)

mondoohq · Mar 3, 2024 · 4b97c45 · 4b97c45
1 parent c1859ce
commit 4b97c45
Show file tree

Hide file tree

Showing 9 changed files with 443 additions and 3 deletions.
diff --git a/docs/resources/querypack_assignment.md b/docs/resources/querypack_assignment.md
@@ -0,0 +1,58 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "mondoo_querypack_assignment Resource - terraform-provider-mondoo"
+subcategory: ""
+description: |-
+  
+---
+
+# mondoo_querypack_assignment (Resource)
+
+
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    mondoo = {
+      source = "mondoohq/mondoo"
+    }
+  }
+}
+
+provider "mondoo" {
+  region = "us"
+}
+
+resource "mondoo_space" "my_space" {
+  name   = "My Space Name"
+  org_id = "your-org-1234567"
+}
+
+resource "mondoo_querypack_assignment" "space" {
+  space_id = mondoo_space.my_space.id
+
+  querypacks = [
+    "//policy.api.mondoo.app/policies/mondoo-incident-response-aws",
+  ]
+
+  state = "enabled" # default is enabled, we also support preview and disabled
+
+  depends_on = [
+    mondoo_space.my_space
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `space_id` (String) Mondoo Space Identifier.
+
+### Optional
+
+- `querypacks` (List of String) QueryPacks to assign to the space.
+- `state` (String) QueryPack Assignment State (enabled, disabled).
diff --git a/docs/resources/scim_group_mapping.md b/docs/resources/scim_group_mapping.md
@@ -0,0 +1,73 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "mondoo_scim_group_mapping Resource - terraform-provider-mondoo"
+subcategory: ""
+description: |-
+  This resource provides SCIM 2.0 Group Mapping. It allows the mapping of SCIM 2.0 groups to Mondoo organization or spaces and IAM roles.
+---
+
+# mondoo_scim_group_mapping (Resource)
+
+This resource provides SCIM 2.0 Group Mapping. It allows the mapping of SCIM 2.0 groups to Mondoo organization or spaces and IAM roles.
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    mondoo = {
+      source = "mondoohq/mondoo"
+    }
+  }
+}
+
+provider "mondoo" {
+}
+
+resource "mondoo_space" "my_space_1" {
+  name   = "My Space 1"
+  org_id = "your-org-1234567"
+}
+
+resource "mondoo_scim_group_mapping" "MondooAdmin" {
+  org_id = "your-org-1234567"
+  group  = "MondooAdmin"
+  mappings = [
+    # Give admin group access to the organization
+    {
+      org_mrn : "//captain.api.mondoo.app/organizations/your-org-1234567",
+      iam_role : "//iam.api.mondoo.app/roles/editor"
+    },
+    # Give admin group access to the space 
+    {
+      space_mrn : mondoo_space.my_space_1.mrn,
+      iam_role : "//iam.api.mondoo.app/roles/viewer"
+    }
+  ]
+
+  depends_on = [
+    mondoo_space.my_space_1
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group` (String) SCIM 2.0 Group Display Name.
+- `mappings` (Attributes List) (see [below for nested schema](#nestedatt--mappings))
+- `org_id` (String) Mondoo Organization Identifier.
+
+<a id="nestedatt--mappings"></a>
+### Nested Schema for `mappings`
+
+Required:
+
+- `iam_role` (String)
+
+Optional:
+
+- `org_mrn` (String)
+- `space_mrn` (String)
diff --git a/examples/resources/mondoo_querypack_assignment/resource.tf b/examples/resources/mondoo_querypack_assignment/resource.tf
@@ -0,0 +1,30 @@
+terraform {
+  required_providers {
+    mondoo = {
+      source = "mondoohq/mondoo"
+    }
+  }
+}
+
+provider "mondoo" {
+  region = "us"
+}
+
+resource "mondoo_space" "my_space" {
+  name   = "My Space Name"
+  org_id = "your-org-1234567"
+}
+
+resource "mondoo_querypack_assignment" "space" {
+  space_id = mondoo_space.my_space.id
+
+  querypacks = [
+    "//policy.api.mondoo.app/policies/mondoo-incident-response-aws",
+  ]
+
+  state = "enabled" # default is enabled, we also support preview and disabled
+
+  depends_on = [
+    mondoo_space.my_space
+  ]
+}
diff --git a/examples/resources/mondoo_scim_group_mapping/resource.tf b/examples/resources/mondoo_scim_group_mapping/resource.tf
@@ -0,0 +1,36 @@
+terraform {
+  required_providers {
+    mondoo = {
+      source = "mondoohq/mondoo"
+    }
+  }
+}
+
+provider "mondoo" {
+}
+
+resource "mondoo_space" "my_space_1" {
+  name   = "My Space 1"
+  org_id = "your-org-1234567"
+}
+
+resource "mondoo_scim_group_mapping" "MondooAdmin" {
+  org_id = "your-org-1234567"
+  group  = "MondooAdmin"
+  mappings = [
+    # Give admin group access to the organization
+    {
+      org_mrn : "//captain.api.mondoo.app/organizations/your-org-1234567",
+      iam_role : "//iam.api.mondoo.app/roles/editor"
+    },
+    # Give admin group access to the space 
+    {
+      space_mrn : mondoo_space.my_space_1.mrn,
+      iam_role : "//iam.api.mondoo.app/roles/viewer"
+    }
+  ]
+
+  depends_on = [
+    mondoo_space.my_space_1
+  ]
+}
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/hashicorp/terraform-plugin-testing v1.6.0
 	github.com/stretchr/testify v1.9.0
-	go.mondoo.com/mondoo-go v0.0.0-20240302214252-fc86ebca9dba
+	go.mondoo.com/mondoo-go v0.0.0-20240303102235-bc102d6ef0cb
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -510,8 +510,8 @@ github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgr
 go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
 go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY=
-go.mondoo.com/mondoo-go v0.0.0-20240302214252-fc86ebca9dba h1:V3K0LlllLhWDd7nrB9N04MeaBR908XkkiNl7g2pfNgA=
-go.mondoo.com/mondoo-go v0.0.0-20240302214252-fc86ebca9dba/go.mod h1:JDTzAPQ3y9bVoDOBrkhcd1zFKHKjmeuJ0jZRTeQ46QA=
+go.mondoo.com/mondoo-go v0.0.0-20240303102235-bc102d6ef0cb h1:37qJkE0oehPTtpnRJ4PKzXpBh4v3KVCHyRiWAY3RRF4=
+go.mondoo.com/mondoo-go v0.0.0-20240303102235-bc102d6ef0cb/go.mod h1:JDTzAPQ3y9bVoDOBrkhcd1zFKHKjmeuJ0jZRTeQ46QA=
 go.mongodb.org/mongo-driver v1.10.0 h1:UtV6N5k14upNp4LTduX0QCufG124fSu25Wz9tu94GLg=
 go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=

diff --git a/internal/provider/gql.go b/internal/provider/gql.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	mondoov1 "go.mondoo.com/mondoo-go"
 )
@@ -293,3 +294,19 @@ func (c *ExtendedGqlClient) DeleteIntegration(ctx context.Context, mrn string) (
 	}
 	return &deleteMutation.DeleteClientIntegration, nil
 }
+
+func (c *ExtendedGqlClient) SetScimGroupMapping(ctx context.Context, orgMrn string, group string, mappings []mondoov1.ScimGroupMapping) error {
+	var setScimGroupMappingMutation struct {
+		SetScimGroupMapping struct {
+			Group mondoov1.String
+		} `graphql:"setScimGroupMapping(input: $input)"`
+	}
+
+	setScimGroupMappingInput := mondoov1.SetScimGroupMappingInput{
+		OrgMrn:   mondoov1.String(orgMrn),
+		Group:    mondoov1.String(group),
+		Mappings: mappings,
+	}
+
+	return c.Mutate(ctx, &setScimGroupMappingMutation, setScimGroupMappingInput, nil)
+}
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -163,6 +163,7 @@ func (p *MondooProvider) Resources(ctx context.Context) []func() resource.Resour
 		NewQueryPackAssigmentResource,
 		NewIntegrationGcpResource,
 		NewIntegrationOciTenantResource,
+		NewScimGroupMappingResource,
 	}
 }