✨ Deprecate use_mondoo_vpc bool and introduce enum instead (#224)

* Deprecate use_mondoo_vpc bool and introduce enum instead * accept NATGW
mondoohq · Mar 7, 2025 · b51aa68 · b51aa68
1 parent 870ed50
commit b51aa68
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 5 deletions.
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -4,13 +4,12 @@ ADk
 appsettings
 ashburn
 AThq
+CIDs
 codegen
 concat
 connectionstrings
-Cwj
-CIDs
 crowdstrike
-sentinelone
+Cwj
 DXhjr
 FIGc
 Gci
@@ -24,6 +23,7 @@ ljq
 LQV
 mrns
 msdefender
+NATGW
 NCIs
 nestedatt
 NHar
@@ -38,6 +38,7 @@ qpbi
 querypack
 Qwc
 scim
+sentinelone
 startswith
 Tcy
 testacc

diff --git a/docs/resources/integration_aws_serverless.md b/docs/resources/integration_aws_serverless.md
@@ -169,4 +169,5 @@ Optional:
 Optional:
 
 - `cidr_block` (String) CIDR block for the Mondoo VPC.
-- `use_mondoo_vpc` (Boolean) Use Mondoo VPC.
+- `use_mondoo_vpc` (Boolean, Deprecated) Use Mondoo VPC.
+- `vpc_flavour` (String) VPC flavour, one of: DEFAULT_VPC, MONDOO_NATGW, MONDOO_IGW
diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/hashicorp/terraform-plugin-testing v1.11.0
 	github.com/stretchr/testify v1.10.0
 	go.mondoo.com/cnquery/v11 v11.40.0
-	go.mondoo.com/mondoo-go v0.0.0-20250129071639-c3de624e0c5a
+	go.mondoo.com/mondoo-go v0.0.0-20250307104419-3781f16e04aa
 	gopkg.in/yaml.v2 v2.4.0
 )
 

diff --git a/go.sum b/go.sum
@@ -600,6 +600,8 @@ go.mondoo.com/cnquery/v11 v11.40.0 h1:nqVVz2ECIChemM7rl0NwbyCtJSgct4zNRQnPRJjnh6
 go.mondoo.com/cnquery/v11 v11.40.0/go.mod h1:kSnnow+FANisAAubIWu3ZfdbZXgvnH0IfW6f6LR1ChI=
 go.mondoo.com/mondoo-go v0.0.0-20250129071639-c3de624e0c5a h1:DtwCDuKcXUVJZyKni8TlkxxlFdutPVK6JFCldIuq8cw=
 go.mondoo.com/mondoo-go v0.0.0-20250129071639-c3de624e0c5a/go.mod h1:0HMHhLaS0V1himFIJQxABmvqEAdWv1NUScXpSjrhxqo=
+go.mondoo.com/mondoo-go v0.0.0-20250307104419-3781f16e04aa h1:SycZqHRFW+M1sZMlLvgmoVep2Fa+9IBIcOwQKTKmLQE=
+go.mondoo.com/mondoo-go v0.0.0-20250307104419-3781f16e04aa/go.mod h1:0HMHhLaS0V1himFIJQxABmvqEAdWv1NUScXpSjrhxqo=
 go.mondoo.com/ranger-rpc v0.6.5 h1:KKoeTGPonJI3T6lrT9oxdH9eNlZC6pdqYvsuWZWyB6w=
 go.mondoo.com/ranger-rpc v0.6.5/go.mod h1:kwPJSYj32vZJjWoQSKEao5YoUO/ZRcjVGxBOL4tApf0=
 go.mongodb.org/mongo-driver v1.10.0 h1:UtV6N5k14upNp4LTduX0QCufG124fSu25Wz9tu94GLg=

diff --git a/internal/provider/integration_aws_serverless_resource.go b/internal/provider/integration_aws_serverless_resource.go
@@ -3,6 +3,7 @@ package provider
 import (
 	"context"
 	"fmt"
+	"slices"
 
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
@@ -64,9 +65,12 @@ type ScanConfigurationInput struct {
 }
 
 type VPCConfigurationInput struct {
+	// (Optional.)
 	UseMondooVPC types.Bool `tfsdk:"use_mondoo_vpc"`
 	// (Optional.)
 	CIDR types.String `tfsdk:"cidr_block"`
+	// (Optional.)
+	VPCFlavour types.String `tfsdk:"vpc_flavour"`
 }
 
 type AWSEventPatternInput struct {
@@ -190,10 +194,18 @@ func (m integrationAwsServerlessResourceModel) GetConfigurationOptions() *mondoo
 
 	if m.ScanConfiguration.VpcConfiguration != nil {
 		useMondooVPC := m.ScanConfiguration.VpcConfiguration.UseMondooVPC.ValueBool()
+
+		var vpcFlavourPtr *mondoov1.VPCFlavour
+		if m.ScanConfiguration.VpcConfiguration.VPCFlavour.ValueString() != "" {
+			vpcFlavour := mondoov1.VPCFlavour(m.ScanConfiguration.VpcConfiguration.VPCFlavour.ValueString())
+			vpcFlavourPtr = &vpcFlavour
+		}
+
 		opts.ScanConfiguration.VpcConfiguration = &mondoov1.VPCConfigurationInput{
 			UseMondooVPC:  mondoov1.NewBooleanPtr(mondoov1.Boolean(useMondooVPC)),
 			UseDefaultVPC: mondoov1.NewBooleanPtr(mondoov1.Boolean(!useMondooVPC)),
 			CIDR:          mondoov1.NewStringPtr(mondoov1.String(m.ScanConfiguration.VpcConfiguration.CIDR.ValueString())),
+			VpcFlavour:    vpcFlavourPtr,
 		}
 	}
 
@@ -271,11 +283,16 @@ func (r *integrationAwsServerlessResource) Schema(ctx context.Context, req resou
 							"use_mondoo_vpc": schema.BoolAttribute{
 								MarkdownDescription: "Use Mondoo VPC.",
 								Optional:            true,
+								DeprecationMessage:  "This field is deprecated and will be removed in the future.",
 							},
 							"cidr_block": schema.StringAttribute{
 								MarkdownDescription: "CIDR block for the Mondoo VPC.",
 								Optional:            true,
 							},
+							"vpc_flavour": schema.StringAttribute{
+								MarkdownDescription: "VPC flavour, one of: DEFAULT_VPC, MONDOO_NATGW, MONDOO_IGW",
+								Optional:            true,
+							},
 						},
 					},
 					"ec2_scan_options": schema.SingleNestedAttribute{
@@ -390,6 +407,28 @@ func (r integrationAwsServerlessResource) ValidateConfig(ctx context.Context, re
 			)
 		}
 	}
+
+	vpcFlavour := mondoov1.VPCFlavour(data.ScanConfiguration.VpcConfiguration.VPCFlavour.ValueString())
+	allowedVpcFlavours := []mondoov1.VPCFlavour{
+		mondoov1.VPCFlavourDefaultVpc, mondoov1.VPCFlavourMondooNatgw, mondoov1.VPCFlavourMondooIgw,
+	}
+	if vpcFlavour != "" {
+		if !slices.Contains(allowedVpcFlavours, vpcFlavour) {
+			resp.Diagnostics.AddError(
+				"InvalidAttributeValueError",
+				fmt.Sprintf("Attribute vpc_flavour must be one of %v, received: '%s'", allowedVpcFlavours, vpcFlavour),
+			)
+		}
+
+		if cidr := data.ScanConfiguration.VpcConfiguration.CIDR.ValueString(); slices.Contains([]mondoov1.VPCFlavour{
+			mondoov1.VPCFlavourMondooNatgw, mondoov1.VPCFlavourMondooIgw,
+		}, vpcFlavour) && cidr == "" {
+			resp.Diagnostics.AddError(
+				"MissingAttributeError",
+				"Attribute cidr_block must not be empty when Mondoo VPC is used.",
+			)
+		}
+	}
 }
 
 func (r *integrationAwsServerlessResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {