From 681e6ad5ffd95775502fcc5287ffbe2c415da6a3 Mon Sep 17 00:00:00 2001 From: Paul Date: Fri, 21 Jun 2024 14:59:03 +0200 Subject: [PATCH 1/3] fix: added space validations Signed-off-by: Paul --- internal/provider/space_resource.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/internal/provider/space_resource.go b/internal/provider/space_resource.go index f88eb01..c3ee9f9 100644 --- a/internal/provider/space_resource.go +++ b/internal/provider/space_resource.go @@ -6,12 +6,15 @@ package provider import ( "context" "fmt" + "regexp" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" mondoov1 "go.mondoo.com/mondoo-go" @@ -56,6 +59,12 @@ func (r *SpaceResource) Schema(ctx context.Context, req resource.SchemaRequest, "name": schema.StringAttribute{ MarkdownDescription: "Name of the space.", Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches( + regexp.MustCompile(`^([a-zA-Z \-'_]|\d){2,30}$`), + "must contain 2 to 30 characters, where each character can be a letter (uppercase or lowercase), a space, a dash, an underscore, or a digit", + ), + }, }, "id": schema.StringAttribute{ MarkdownDescription: "Id of the space. Must be globally unique.", @@ -64,6 +73,12 @@ func (r *SpaceResource) Schema(ctx context.Context, req resource.SchemaRequest, PlanModifiers: []planmodifier.String{ stringplanmodifier.UseStateForUnknown(), }, + Validators: []validator.String{ + stringvalidator.RegexMatches( + regexp.MustCompile(`^[a-z]([\d-_]|[a-z]){6,35}[a-z\d]$`), + "must contain 6 to 35 digits, dashes, underscores, or lowercase letters, and ending with either a lowercase letter or a digit", + ), + }, }, "mrn": schema.StringAttribute{ MarkdownDescription: "Mrn of the space.", @@ -75,6 +90,12 @@ func (r *SpaceResource) Schema(ctx context.Context, req resource.SchemaRequest, "org_id": schema.StringAttribute{ MarkdownDescription: "Id of the organization.", Required: true, + Validators: []validator.String{ + stringvalidator.RegexMatches( + regexp.MustCompile(`^[a-z]([\d-_]|[a-z]){6,35}[a-z\d]$`), + "must contain 6 to 35 digits, dashes, underscores, or lowercase letters, and ending with either a lowercase letter or a digit", + ), + }, }, }, } From 59b77be0aefc541ab387c5a2d7f10af738c71bb2 Mon Sep 17 00:00:00 2001 From: Paul Date: Wed, 26 Jun 2024 15:34:09 +0200 Subject: [PATCH 2/3] added input validations for integrations Signed-off-by: Paul --- internal/provider/integration_aws_resource.go | 18 +++++++++++++ .../provider/integration_azure_resource.go | 18 +++++++++++++ .../provider/integration_domain_resource.go | 9 +++++++ internal/provider/integration_gcp_resource.go | 5 ++++ .../provider/integration_github_resource.go | 25 +++++++++++++++++++ .../provider/integration_ms365_resource.go | 5 ++++ internal/provider/integration_oci_tenant.go | 5 ++++ .../provider/integration_slack_resource.go | 12 +++++++++ 8 files changed, 97 insertions(+) diff --git a/internal/provider/integration_aws_resource.go b/internal/provider/integration_aws_resource.go index 2cadd9d..7a0ba55 100644 --- a/internal/provider/integration_aws_resource.go +++ b/internal/provider/integration_aws_resource.go @@ -6,7 +6,10 @@ package provider import ( "context" "fmt" + "regexp" + "github.com/hashicorp/terraform-plugin-framework-validators/objectvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" @@ -102,6 +105,9 @@ func (r *integrationAwsResource) Schema(ctx context.Context, req resource.Schema "name": schema.StringAttribute{ MarkdownDescription: "Name of the integration.", Required: true, + Validators: []validator.String{ + stringvalidator.LengthAtMost(250), + }, }, "credentials": schema.SingleNestedAttribute{ Required: true, @@ -131,10 +137,22 @@ func (r *integrationAwsResource) Schema(ctx context.Context, req resource.Schema "access_key": schema.StringAttribute{ Required: true, Sensitive: true, + Validators: []validator.String{ + stringvalidator.RegexMatches( + regexp.MustCompile(`^([A-Z0-9]{20})$`), + "must be a 20 character string with uppercase letters and numbers only", + ), + }, }, "secret_key": schema.StringAttribute{ Required: true, Sensitive: true, + Validators: []validator.String{ + stringvalidator.RegexMatches( + regexp.MustCompile(`^([a-zA-Z0-9+/]{40})$`), + "must be a 40 character string with alphanumeric values and + and / only", + ), + }, }, }, }, diff --git a/internal/provider/integration_azure_resource.go b/internal/provider/integration_azure_resource.go index 9673149..6ce9799 100644 --- a/internal/provider/integration_azure_resource.go +++ b/internal/provider/integration_azure_resource.go @@ -4,11 +4,14 @@ import ( "context" "fmt" + "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" mondoov1 "go.mondoo.com/mondoo-go" ) @@ -66,6 +69,9 @@ func (r *integrationAzureResource) Schema(ctx context.Context, req resource.Sche "name": schema.StringAttribute{ MarkdownDescription: "Name of the integration.", Required: true, + Validators: []validator.String{ + stringvalidator.LengthAtMost(250), + }, }, "client_id": schema.StringAttribute{ MarkdownDescription: "Azure Client ID.", @@ -83,11 +89,23 @@ func (r *integrationAzureResource) Schema(ctx context.Context, req resource.Sche MarkdownDescription: "List of Azure subscriptions to scan.", Optional: true, ElementType: types.StringType, + Validators: []validator.List{ + // Validate only this attribute or other_attr is configured. + listvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("subscription_deny_list"), + }...), + }, }, "subscription_deny_list": schema.ListAttribute{ MarkdownDescription: "List of Azure subscriptions to exclude from scanning.", Optional: true, ElementType: types.StringType, + Validators: []validator.List{ + // Validate only this attribute or other_attr is configured. + listvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("subscription_allow_list"), + }...), + }, }, "credentials": schema.SingleNestedAttribute{ Required: true, diff --git a/internal/provider/integration_domain_resource.go b/internal/provider/integration_domain_resource.go index e88e03b..6f91b03 100644 --- a/internal/provider/integration_domain_resource.go +++ b/internal/provider/integration_domain_resource.go @@ -3,12 +3,15 @@ package provider import ( "context" "fmt" + "regexp" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" mondoov1 "go.mondoo.com/mondoo-go" ) @@ -56,6 +59,12 @@ func (r *integrationDomainResource) Schema(ctx context.Context, req resource.Sch "host": schema.StringAttribute{ MarkdownDescription: "Domain name or IP address.", Required: true, + Validators: []validator.String{ + stringvalidator.RegexMatches( + regexp.MustCompile(`^((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])$|^([a-z0-9-]+\.)+[a-z]{2,}$`), + "must contain only lowercase letters and at least one dot or be an IPv4 address", + ), + }, }, "https": schema.BoolAttribute{ MarkdownDescription: "Enable HTTPS port.", diff --git a/internal/provider/integration_gcp_resource.go b/internal/provider/integration_gcp_resource.go index 13c1fe6..1979928 100644 --- a/internal/provider/integration_gcp_resource.go +++ b/internal/provider/integration_gcp_resource.go @@ -7,11 +7,13 @@ import ( "context" "fmt" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" mondoov1 "go.mondoo.com/mondoo-go" ) @@ -65,6 +67,9 @@ func (r *integrationGcpResource) Schema(ctx context.Context, req resource.Schema "name": schema.StringAttribute{ MarkdownDescription: "Name of the integration.", Required: true, + Validators: []validator.String{ + stringvalidator.LengthAtMost(250), + }, }, "project_id": schema.StringAttribute{ MarkdownDescription: "GCP project id", diff --git a/internal/provider/integration_github_resource.go b/internal/provider/integration_github_resource.go index 71ed6f0..efa2cae 100644 --- a/internal/provider/integration_github_resource.go +++ b/internal/provider/integration_github_resource.go @@ -3,12 +3,16 @@ package provider import ( "context" "fmt" + "regexp" + "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" mondoov1 "go.mondoo.com/mondoo-go" ) @@ -101,6 +105,9 @@ func (r *integrationGithubResource) Schema(ctx context.Context, req resource.Sch "name": schema.StringAttribute{ MarkdownDescription: "Name of the integration.", Required: true, + Validators: []validator.String{ + stringvalidator.LengthAtMost(250), + }, }, "owner": schema.StringAttribute{ MarkdownDescription: "GitHub Owner.", @@ -114,11 +121,23 @@ func (r *integrationGithubResource) Schema(ctx context.Context, req resource.Sch MarkdownDescription: "List of GitHub repositories to scan.", Optional: true, ElementType: types.StringType, + Validators: []validator.List{ + // Validate only this attribute or other_attr is configured. + listvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("repository_deny_list"), + }...), + }, }, "repository_deny_list": schema.ListAttribute{ MarkdownDescription: "List of GitHub repositories to exclude from scanning.", Optional: true, ElementType: types.StringType, + Validators: []validator.List{ + // Validate only this attribute or other_attr is configured. + listvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("repository_allow_list"), + }...), + }, }, "credentials": schema.SingleNestedAttribute{ Required: true, @@ -127,6 +146,12 @@ func (r *integrationGithubResource) Schema(ctx context.Context, req resource.Sch MarkdownDescription: "Token for GitHub integration.", Required: true, Sensitive: true, + Validators: []validator.String{ + stringvalidator.RegexMatches( + regexp.MustCompile(`^(ghp_[a-zA-Z0-9]{36}|github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59})$`), + "must be a valid classic GitHub Token with 40 characters in length, with a prefix of ghp_ or a fine-grained GitHub token with 93 characters in length, with a prefix of github_pat_", + ), + }, }, }, }, diff --git a/internal/provider/integration_ms365_resource.go b/internal/provider/integration_ms365_resource.go index ace14db..85d7b6e 100644 --- a/internal/provider/integration_ms365_resource.go +++ b/internal/provider/integration_ms365_resource.go @@ -4,11 +4,13 @@ import ( "context" "fmt" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" mondoov1 "go.mondoo.com/mondoo-go" ) @@ -63,6 +65,9 @@ func (r *integrationMs365Resource) Schema(ctx context.Context, req resource.Sche "name": schema.StringAttribute{ MarkdownDescription: "Name of the integration.", Required: true, + Validators: []validator.String{ + stringvalidator.LengthAtMost(250), + }, }, "client_id": schema.StringAttribute{ MarkdownDescription: "Azure Client ID.", diff --git a/internal/provider/integration_oci_tenant.go b/internal/provider/integration_oci_tenant.go index a45a14f..ae40ba1 100644 --- a/internal/provider/integration_oci_tenant.go +++ b/internal/provider/integration_oci_tenant.go @@ -7,11 +7,13 @@ import ( "context" "fmt" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" mondoov1 "go.mondoo.com/mondoo-go" @@ -75,6 +77,9 @@ func (r *integrationOciTenantResource) Schema(ctx context.Context, req resource. "name": schema.StringAttribute{ MarkdownDescription: "Name of the integration.", Optional: true, + Validators: []validator.String{ + stringvalidator.LengthAtMost(250), + }, }, "tenancy": schema.StringAttribute{ MarkdownDescription: "OCI tenancy", diff --git a/internal/provider/integration_slack_resource.go b/internal/provider/integration_slack_resource.go index 889de79..833b59e 100644 --- a/internal/provider/integration_slack_resource.go +++ b/internal/provider/integration_slack_resource.go @@ -3,12 +3,15 @@ package provider import ( "context" "fmt" + "regexp" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" mondoov1 "go.mondoo.com/mondoo-go" ) @@ -57,11 +60,20 @@ func (r *integrationSlackResource) Schema(ctx context.Context, req resource.Sche "name": schema.StringAttribute{ MarkdownDescription: "Name of the integration.", Required: true, + Validators: []validator.String{ + stringvalidator.LengthAtMost(250), + }, }, "slack_token": schema.StringAttribute{ Required: true, Sensitive: true, Description: "The Slack token to authenticate with the Slack API.", + Validators: []validator.String{ + stringvalidator.RegexMatches( + regexp.MustCompile(`^xox[baprs](-[0-9a-zA-Z]{10,48})+$`), + "must start with xox and one of the following characters b, a, p, r, s, followed by one or more blocks consisting of a dash and 10-48 alphanumeric characters", + ), + }, }, }, } From 586442756ecead2b27f0a68175e18f93138f24bd Mon Sep 17 00:00:00 2001 From: Paul Date: Wed, 26 Jun 2024 15:40:47 +0200 Subject: [PATCH 3/3] added input validations for policy/querypack assignment Signed-off-by: Paul --- internal/provider/policy_assignment_resource.go | 6 ++++++ internal/provider/querypack_assignment_resource.go | 8 +++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/internal/provider/policy_assignment_resource.go b/internal/provider/policy_assignment_resource.go index f0253ba..46ae153 100644 --- a/internal/provider/policy_assignment_resource.go +++ b/internal/provider/policy_assignment_resource.go @@ -6,9 +6,12 @@ package provider import ( "context" "fmt" + + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/resource/schema/listplanmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" mondoov1 "go.mondoo.com/mondoo-go" "github.com/hashicorp/terraform-plugin-framework/resource" @@ -62,6 +65,9 @@ func (r *policyAssignmentResource) Schema(ctx context.Context, req resource.Sche Default: stringdefault.StaticString("enabled"), Computed: true, Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("enabled", "disabled", "preview"), + }, }, }, } diff --git a/internal/provider/querypack_assignment_resource.go b/internal/provider/querypack_assignment_resource.go index dcbe9fc..de7f251 100644 --- a/internal/provider/querypack_assignment_resource.go +++ b/internal/provider/querypack_assignment_resource.go @@ -6,11 +6,14 @@ package provider import ( "context" "fmt" + "strings" + + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/resource/schema/listplanmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" mondoov1 "go.mondoo.com/mondoo-go" - "strings" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" @@ -63,6 +66,9 @@ func (r *queryPackAssignmentResource) Schema(ctx context.Context, req resource.S Default: stringdefault.StaticString("enabled"), Computed: true, Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("enabled", "disabled"), + }, }, }, }