From 9084308a918671ba60863d586fa2760e6245339d Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Fri, 24 Jan 2025 17:36:42 +0100 Subject: [PATCH] =?UTF-8?q?=E2=AD=90=EF=B8=8F=20expand=20default=20provide?= =?UTF-8?q?r=20example?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/index.md | 62 ++++++++++++++++++++++++++++++++--- examples/provider/provider.tf | 62 ++++++++++++++++++++++++++++++++--- 2 files changed, 116 insertions(+), 8 deletions(-) diff --git a/docs/index.md b/docs/index.md index 3b80f1e..91d32d6 100644 --- a/docs/index.md +++ b/docs/index.md @@ -21,14 +21,68 @@ terraform { required_providers { mondoo = { source = "mondoohq/mondoo" - version = ">= 0.19" + version = ">= 0.21" } } } -provider "mondoo" { - space = "hungry-poet-1988" - region = "us" +variable "org_id" { + description = "The organization id to create the spaces in" + type = string +} + +provider "mondoo" {} + +data "mondoo_organization" "org" { + id = var.org_id +} + +resource "mondoo_space" "my_space" { + name = "My Space New" + org_id = data.mondoo_organization.org.id +} + +# Assign policies to the space + +resource "mondoo_policy_assignment" "cis_policy_assignment_enabled" { + space_id = mondoo_space.my_space.id + + policies = [ + "//policy.api.mondoo.app/policies/cis-microsoft-windows-10-l1-ce", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-10-l1-bl", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-11-l1-ce", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-11-l1-bl", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2016-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2016-ms-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2019-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2019-ms-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2022-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2022-ms-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-azure-windows-server-2019-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-azure-windows-server-2019-ms-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-azure-windows-server-2022-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-azure-windows-server-2022-ms-level-1", + "//policy.api.mondoo.app/policies/mondoo-edr-policy", + ] + + state = "enabled" +} + +# Set exceptions for Windows policies in the space +resource "mondoo_exception" "windows_defender_exception" { + scope_mrn = mondoo_space.my_space.mrn + justification = "Windows Defender is disabled. Other EDR is used/configured instead." + action = "SNOOZE" + check_mrns = [ + "//policy.api.mondoo.app/queries/cis-microsoft-windows-10--18.10.42.5.1", + "//policy.api.mondoo.app/queries/cis-microsoft-windows-11--18.10.42.5.1", + "//policy.api.mondoo.app/queries/cis-microsoft-windows-server-2016--18.10.42.5.1", + "//policy.api.mondoo.app/queries/cis-microsoft-windows-server-2019--18.10.42.5.1", + "//policy.api.mondoo.app/queries/cis-microsoft-windows-server-2022--18.10.42.5.1", + ] + depends_on = [ + mondoo_policy_assignment.cis_policy_assignment_enabled + ] } ``` diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf index e32821d..06efd71 100644 --- a/examples/provider/provider.tf +++ b/examples/provider/provider.tf @@ -2,12 +2,66 @@ terraform { required_providers { mondoo = { source = "mondoohq/mondoo" - version = ">= 0.19" + version = ">= 0.21" } } } -provider "mondoo" { - space = "hungry-poet-1988" - region = "us" +variable "org_id" { + description = "The organization id to create the spaces in" + type = string } + +provider "mondoo" {} + +data "mondoo_organization" "org" { + id = var.org_id +} + +resource "mondoo_space" "my_space" { + name = "My Space New" + org_id = data.mondoo_organization.org.id +} + +# Assign policies to the space + +resource "mondoo_policy_assignment" "cis_policy_assignment_enabled" { + space_id = mondoo_space.my_space.id + + policies = [ + "//policy.api.mondoo.app/policies/cis-microsoft-windows-10-l1-ce", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-10-l1-bl", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-11-l1-ce", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-11-l1-bl", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2016-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2016-ms-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2019-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2019-ms-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2022-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-windows-server-2022-ms-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-azure-windows-server-2019-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-azure-windows-server-2019-ms-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-azure-windows-server-2022-dc-level-1", + "//policy.api.mondoo.app/policies/cis-microsoft-azure-windows-server-2022-ms-level-1", + "//policy.api.mondoo.app/policies/mondoo-edr-policy", + ] + + state = "enabled" +} + +# Set exceptions for Windows policies in the space +resource "mondoo_exception" "windows_defender_exception" { + scope_mrn = mondoo_space.my_space.mrn + justification = "Windows Defender is disabled. Other EDR is used/configured instead." + action = "SNOOZE" + check_mrns = [ + "//policy.api.mondoo.app/queries/cis-microsoft-windows-10--18.10.42.5.1", + "//policy.api.mondoo.app/queries/cis-microsoft-windows-11--18.10.42.5.1", + "//policy.api.mondoo.app/queries/cis-microsoft-windows-server-2016--18.10.42.5.1", + "//policy.api.mondoo.app/queries/cis-microsoft-windows-server-2019--18.10.42.5.1", + "//policy.api.mondoo.app/queries/cis-microsoft-windows-server-2022--18.10.42.5.1", + ] + depends_on = [ + mondoo_policy_assignment.cis_policy_assignment_enabled + ] +} \ No newline at end of file