Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform Provider: mondoo_aws_integration leaves the integration in a "Pending" state #139

Open
RARYates opened this issue Oct 16, 2024 · 0 comments
Open

Terraform Provider: mondoo_aws_integration leaves the integration in a "Pending" state #139

RARYates opened this issue Oct 16, 2024 · 0 comments

Comments

@RARYates
Copy link

Bug:
When generating a new mondoo AWS Integration via terraform, such as:

resource "mondoo_integration_aws" "name" {
  space_id = mondoo_space.my_space.id
  name     = "AWS Integration"

  credentials = {
    key = {
      access_key = var.aws_access_key
      secret_key = var.aws_secret_key
    }
  }
}

An integration will be started, but will not finish and remain in the pending state. Generating a second integration via the portal and providing AWS_ACCESS_KEY and AWS_SECRET_KEY via the portal will finish the process and result in a finished integration.

Importing this successful integration into state will actually show both styles of credentials: credentials.key and credentials.role.

The pending integration will not return a credentials.role, nor does the provider allow for passing of both credentials.key and credentials.role.

On inspection, the generated mondoo_integration_aws will NOT have credentials.role in the statefile, which are likely returned via AWS itself.

Reproducing:

https://registry.terraform.io/providers/mondoohq/mondoo/latest/docs/resources/integration_aws

Follow the example posted on the registry page, and link an integration to a space. On terraform apply, you will successfully build the space and create a pending AWS integration.

To compare to a functioning integration, create a second AWS integration by hand, generate a second mondoo_integation_aws resource:

#main.tf
resource "mondoo_integration_aws" "original" {
  space_id = mondoo_space.my_space.id
  name     = "AWS Integration"

  credentials = {
    key = {
      access_key = var.aws_access_key
      secret_key = var.aws_secret_key
    }
  }
}

resource "mondoo_integration_aws" "import" {
  space_id = mondoo_space.my_space.id
  name     = "My_Very_Manual_AWS_Integration"

  credentials = {
    key = {
      access_key = var.aws_access_key
      secret_key = var.aws_secret_key
    }
  }
}

and then run:

terraform import mondoo_integration_aws.import <mrn>

this will bring this into your statefile for cross compares. You can then open this up in terraform console for exploration:

terraform init
terraform console

$ mondoo_integration_aws.import
# You'll see an output that includes role_arn

$ mondoo_integration_aws.original
# You'll see an output that does NOT include role_arn - This is the pending state integration.

Expected Behavior:

  • Generation of the AWS Integration that successfully exits the pending state and arrives at the "success" state.

Desktop:

  • OSX
  • Terraform Provider Version: 0.18.0
  • Terraform Version: 1.9.8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RARYates