⭐️ new resource mondoo_iam_workload_identity_binding (#205)

* 🧹 update mondoo-go dependency * ⭐️ new resource mondoo_iam_workload_identity_binding * 📝 update example + docs * 🧹 update mondoo-go * 🔥 remove workaround, inconsistencies fixed * ✨ allow importing bindings --------- Signed-off-by: Salim Afiune Maya <[email protected]>
mondoohq · Jan 29, 2025 · 69ee5d7 · 69ee5d7
1 parent fe26527
commit 69ee5d7
Show file tree

Hide file tree

Showing 8 changed files with 463 additions and 38 deletions.
diff --git a/docs/resources/iam_workload_identity_binding.md b/docs/resources/iam_workload_identity_binding.md
@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "mondoo_iam_workload_identity_binding Resource - terraform-provider-mondoo"
+subcategory: ""
+description: |-
+  Allows management of a Mondoo Workload Identity Federation bindings.
+---
+
+# mondoo_iam_workload_identity_binding (Resource)
+
+Allows management of a Mondoo Workload Identity Federation bindings.
+
+## Example Usage
+
+```terraform
+provider "mondoo" {
+  space = "hungry-poet-123456"
+}
+
+resource "mondoo_iam_workload_identity_binding" "example" {
+  name       = "GitHub binding example"
+  issuer_uri = "https://token.actions.githubusercontent.com"
+  subject    = "repo:mondoohq/server:ref:refs/heads/main"
+  expiration = 3600
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `issuer_uri` (String) URI for the token issuer, e.g. https://accounts.google.com.
+- `name` (String) Name of the binding.
+- `subject` (String) Unique identifier to confirm.
+
+### Optional
+
+- `allowed_audiences` (List of String) List of allowed audiences.
+- `description` (String) Description of the binding.
+- `expiration` (Number) Expiration in seconds associated with the binding.
+- `mappings` (Map of String) List of additional configurations to confirm.
+- `roles` (List of String) List of roles associated with the binding (e.g. agent mrn).
+- `space_id` (String) Mondoo space identifier. If there is no ID, the provider space is used.
+
+### Read-Only
+
+- `mrn` (String) The Mondoo resource name (MRN) of the created binding.
diff --git a/examples/resources/mondoo_iam_workload_identity_binding/main.tf b/examples/resources/mondoo_iam_workload_identity_binding/main.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    mondoo = {
+      source  = "mondoohq/mondoo"
+      version = ">= 0.19"
+    }
+  }
+}
diff --git a/examples/resources/mondoo_iam_workload_identity_binding/resource.tf b/examples/resources/mondoo_iam_workload_identity_binding/resource.tf
@@ -0,0 +1,10 @@
+provider "mondoo" {
+  space = "hungry-poet-123456"
+}
+
+resource "mondoo_iam_workload_identity_binding" "example" {
+  name       = "GitHub binding example"
+  issuer_uri = "https://token.actions.githubusercontent.com"
+  subject    = "repo:mondoohq/server:ref:refs/heads/main"
+  expiration = 3600
+}
diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/hashicorp/terraform-plugin-testing v1.11.0
 	github.com/stretchr/testify v1.10.0
 	go.mondoo.com/cnquery/v11 v11.37.1
-	go.mondoo.com/mondoo-go v0.0.0-20250108144440-673a4fac8289
+	go.mondoo.com/mondoo-go v0.0.0-20250129071639-c3de624e0c5a
 	gopkg.in/yaml.v2 v2.4.0
 )
 

diff --git a/go.sum b/go.sum
@@ -610,8 +610,10 @@ go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3
 go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY=
 go.mondoo.com/cnquery/v11 v11.37.1 h1:bzM4o7+k/WGrqFHaY0t1aUZjVG+ufOL8BwEphoFiL6w=
 go.mondoo.com/cnquery/v11 v11.37.1/go.mod h1:Fy0e1XJzZgtQyRAuPzoEapfxB2G5DjwWagJAPqKT/Ks=
-go.mondoo.com/mondoo-go v0.0.0-20250108144440-673a4fac8289 h1:D47xahKosrO4gjRtjnBte3tlHbtDAGYkEWyPXheRaac=
-go.mondoo.com/mondoo-go v0.0.0-20250108144440-673a4fac8289/go.mod h1:dGj5d8BoLzVppdYI2k0Oay9pcg7bqsCYbyiBH9uhKGc=
+go.mondoo.com/mondoo-go v0.0.0-20250127074240-22a812af6d20 h1:RkZ6b/BOuVVWn4vS+0e4Tv0G9MP0L4hZLvgEs+2ESmg=
+go.mondoo.com/mondoo-go v0.0.0-20250127074240-22a812af6d20/go.mod h1:0HMHhLaS0V1himFIJQxABmvqEAdWv1NUScXpSjrhxqo=
+go.mondoo.com/mondoo-go v0.0.0-20250129071639-c3de624e0c5a h1:DtwCDuKcXUVJZyKni8TlkxxlFdutPVK6JFCldIuq8cw=
+go.mondoo.com/mondoo-go v0.0.0-20250129071639-c3de624e0c5a/go.mod h1:0HMHhLaS0V1himFIJQxABmvqEAdWv1NUScXpSjrhxqo=
 go.mondoo.com/ranger-rpc v0.6.5 h1:KKoeTGPonJI3T6lrT9oxdH9eNlZC6pdqYvsuWZWyB6w=
 go.mondoo.com/ranger-rpc v0.6.5/go.mod h1:kwPJSYj32vZJjWoQSKEao5YoUO/ZRcjVGxBOL4tApf0=
 go.mongodb.org/mongo-driver v1.10.0 h1:UtV6N5k14upNp4LTduX0QCufG124fSu25Wz9tu94GLg=

diff --git a/internal/provider/gql.go b/internal/provider/gql.go
@@ -223,40 +223,6 @@ type SpaceReportPayload struct {
 	SpaceReport SpaceReport
 }
 
-func (c *ExtendedGqlClient) GetPolicySpaceReport(ctx context.Context, spaceMrn string) (*[]Policy, error) {
-	// Define the query struct according to the provided query
-	var spaceReportQuery struct {
-		Report struct {
-			SpaceReport SpaceReport `graphql:"... on SpaceReport"`
-		} `graphql:"spaceReport(input: $input)"`
-	}
-	// Define the input variable according to the provided query
-	input := mondoov1.SpaceReportInput{
-		SpaceMrn: mondoov1.String(spaceMrn),
-	}
-
-	variables := map[string]interface{}{
-		"input": input,
-	}
-
-	tflog.Trace(ctx, "GetSpaceReportInput", map[string]interface{}{
-		"input": fmt.Sprintf("%+v", input),
-	})
-
-	// Execute the query
-	err := c.Query(ctx, &spaceReportQuery, variables)
-	if err != nil {
-		return nil, err
-	}
-
-	var policies []Policy
-	for _, edges := range spaceReportQuery.Report.SpaceReport.PolicyReportSummaries.Edges {
-		policies = append(policies, edges.Node.Policy)
-	}
-
-	return &policies, nil
-}
-
 type ContentInput struct {
 	ScopeMrn     string
 	CatalogType  string
@@ -467,7 +433,7 @@ func (c *ExtendedGqlClient) CreateIntegration(ctx context.Context, spaceMrn, nam
 		ConfigurationOptions: opts,
 	}
 
-	tflog.Trace(ctx, "CreateSpaceInput", map[string]interface{}{
+	tflog.Trace(ctx, "CreateClientIntegrationInput", map[string]interface{}{
 		"input": fmt.Sprintf("%+v", createInput),
 	})