⭐️ add Github integration (#97)

mondoohq · May 8, 2024 · eb84668 · eb84668
1 parent ae11ef3
commit eb84668
Show file tree

Hide file tree

Showing 7 changed files with 395 additions and 3 deletions.
diff --git a/docs/resources/integration_github.md b/docs/resources/integration_github.md
@@ -0,0 +1,81 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "mondoo_integration_github Resource - terraform-provider-mondoo"
+subcategory: ""
+description: |-
+  Continuously scan GitHub organizations and repositories for misconfigurations.
+---
+
+# mondoo_integration_github (Resource)
+
+Continuously scan GitHub organizations and repositories for misconfigurations.
+
+## Example Usage
+
+```terraform
+variable "mondoo_org" {
+  description = "The Mondoo Organization ID"
+  type        = string
+}
+
+variable "github_token" {
+  description = "The GitHub Token"
+  type        = string
+}
+
+provider "mondoo" {
+  region = "us"
+}
+
+# Create a new space
+resource "mondoo_space" "gh_space" {
+  name   = "My GitHub Space Name"
+  org_id = var.mondoo_org
+}
+
+# Setup the GitHub integration
+resource "mondoo_integration_github" "gh_integration" {
+  space_id = mondoo_space.gh_space.id
+  name     = "GitHub Integration"
+
+  owner = "lunalectric"
+
+  # define a repository if you want to restrict scan to a single repository
+  # repository  = "repo1"
+
+  # alternatively, you can define a list of repositories to allow or deny scanning
+  # repository_allow_list= ["repo1", "repo2"]
+  # repository_deny_list = ["repo1", "repo2"]
+
+  credentials = {
+    token = var.github_token
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `credentials` (Attributes) (see [below for nested schema](#nestedatt--credentials))
+- `name` (String) Name of the integration.
+- `owner` (String) GitHub Owner.
+- `space_id` (String) Mondoo Space Identifier.
+
+### Optional
+
+- `repository` (String) GitHub Repository.
+- `repository_allow_list` (List of String) List of GitHub repositories to scan.
+- `repository_deny_list` (List of String) List of GitHub repositories to exclude from scanning.
+
+### Read-Only
+
+- `mrn` (String) Integration identifier
+
+<a id="nestedatt--credentials"></a>
+### Nested Schema for `credentials`
+
+Required:
+
+- `token` (String, Sensitive) Token for GitHub integration.
diff --git a/examples/resources/mondoo_integration_github/main.tf b/examples/resources/mondoo_integration_github/main.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    mondoo = {
+      source  = "mondoohq/mondoo"
+      version = ">= 0.4.0"
+    }
+  }
+}
diff --git a/examples/resources/mondoo_integration_github/resource.tf b/examples/resources/mondoo_integration_github/resource.tf
@@ -0,0 +1,38 @@
+variable "mondoo_org" {
+  description = "The Mondoo Organization ID"
+  type        = string
+}
+
+variable "github_token" {
+  description = "The GitHub Token"
+  type        = string
+}
+
+provider "mondoo" {
+  region = "us"
+}
+
+# Create a new space
+resource "mondoo_space" "gh_space" {
+  name   = "My GitHub Space Name"
+  org_id = var.mondoo_org
+}
+
+# Setup the GitHub integration
+resource "mondoo_integration_github" "gh_integration" {
+  space_id = mondoo_space.gh_space.id
+  name     = "GitHub Integration"
+
+  owner = "lunalectric"
+
+  # define a repository if you want to restrict scan to a single repository
+  # repository  = "repo1"
+
+  # alternatively, you can define a list of repositories to allow or deny scanning
+  # repository_allow_list= ["repo1", "repo2"]
+  # repository_deny_list = ["repo1", "repo2"]
+
+  credentials = {
+    token = var.github_token
+  }
+}
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/hashicorp/terraform-plugin-testing v1.7.0
 	github.com/stretchr/testify v1.9.0
-	go.mondoo.com/mondoo-go v0.0.0-20240506203204-3376c6ce3451
+	go.mondoo.com/mondoo-go v0.0.0-20240507081602-aa7a34bcb66d
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -493,8 +493,8 @@ go.abhg.dev/goldmark/frontmatter v0.2.0/go.mod h1:XqrEkZuM57djk7zrlRUB02x8I5J0px
 go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
 go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY=
-go.mondoo.com/mondoo-go v0.0.0-20240506203204-3376c6ce3451 h1:uqvo/cgqwYj+NNizV5/7WtSBaZf/wWV5sXde928RL80=
-go.mondoo.com/mondoo-go v0.0.0-20240506203204-3376c6ce3451/go.mod h1:5HuspbubnZpXwjDu26q296sbnGYMprCztVShCIUchyw=
+go.mondoo.com/mondoo-go v0.0.0-20240507081602-aa7a34bcb66d h1:f/vvw9UYM/iZ3XODFcndiHiu5ikV35vLw1m+lOYxYtY=
+go.mondoo.com/mondoo-go v0.0.0-20240507081602-aa7a34bcb66d/go.mod h1:XY+tOP6vBFJKw5F3WLYEHNQxc+6YmfQ+hEbw3yRy3HI=
 go.mongodb.org/mongo-driver v1.15.0 h1:rJCKC8eEliewXjZGf0ddURtl7tTVy1TK3bfl0gkUSLc=
 go.mongodb.org/mongo-driver v1.15.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=