From 212ccb05936ad7a58c2a33a2b0737a148832fb36 Mon Sep 17 00:00:00 2001
From: Scott Ford <scott@scottford.io>
Date: Sat, 6 Jan 2024 23:34:22 -0500
Subject: [PATCH] Adds initial version of Terraform asset inventory query pack

Signed-off-by: Scott Ford <scott@scottford.io>
---
 core/mondoo-terraform-inventory.mql.yaml | 58 ++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 core/mondoo-terraform-inventory.mql.yaml

diff --git a/core/mondoo-terraform-inventory.mql.yaml b/core/mondoo-terraform-inventory.mql.yaml
new file mode 100644
index 0000000..65a1578
--- /dev/null
+++ b/core/mondoo-terraform-inventory.mql.yaml
@@ -0,0 +1,58 @@
+# Copyright (c) Mondoo, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+packs:
+  - uid: mondoo-asset-inventory-terraform
+    name: Terraform Asset Inventory Pack
+    version: 1.0.0
+    license: BUSL-1.1
+    authors:
+      - name: Mondoo, Inc
+        email: hello@mondoo.com
+    tags:
+      mondoo.com/platform: terraform,
+      mondoo.com/category: inventory
+    docs:
+      desc: |
+        The Terraform Asset Inventory Pack retrieves information about Terraform HCL, Terraform Plan, and Terraform State for asset inventory.
+    groups: 
+      - title: Terraform State Asset inventory for AWS
+        filters: asset.platform == "terraform-state" && terraform.state.resources.any( type == /^aws_/ )  
+        queries:
+          - uid: mondoo-asset-inventory-terraform-state-version
+          - uid: mondoo-asset-inventory-terraform-state-aws-resources
+      - title: Terraform State Asset inventory for Google Cloud
+        filters: asset.platform == "terraform-state" && terraform.state.resources.any( type == /^google_/ )  
+        queries:
+          - uid: mondoo-asset-inventory-terraform-state-version
+          - uid: mondoo-asset-inventory-terraform-state-gcp-resources 
+      - title: Terraform State Asset inventory for Microsoft Azure
+        filters: asset.platform == "terraform-state" && terraform.state.resources.any( type == /^azurerm_/ )  
+        queries:
+          - uid: mondoo-asset-inventory-terraform-state-version
+          - uid: mondoo-asset-inventory-terraform-state-azure-resources 
+queries:
+  - uid: mondoo-asset-inventory-terraform-state-version 
+    title: Terraform State Terraform Version 
+    docs: 
+      desc: |
+        This query gathers the version of Terraform that was used to execute a Terraform run. 
+    mql: terraform.state.terraformVersion
+  - uid: mondoo-asset-inventory-terraform-state-aws-resources 
+    title: AWS Terraform State resources
+    docs: 
+      desc: | 
+        This query gathers the resources stored in Terraform state files that manage any AWS resources. The data is only gather if any of the resources match 'aws_' such as 'aws_s3_bucket'.  
+    mql: terraform.state.resources { type providerName values['arn']  values['owner_id'] }
+  - uid: mondoo-asset-inventory-terraform-state-gcp-resources 
+    title: Google Cloud Terraform State resources
+    docs: 
+      desc: | 
+        This query gathers the resources stored in Terraform state files that manage any Google Cloud resources. The data is only gather if any of the resources match 'google_' such as 'google_compute_instance'.
+    mql: terraform.state.resources { type providerName values['project'] values['id'] } 
+  - uid: mondoo-asset-inventory-terraform-state-azure-resources 
+    title: Microsoft Azure Terraform State resources
+    docs: 
+      desc: | 
+        This query gathers the resources stored in Terraform state files that manage any Microsoft Azure resources. The data is only gather if any of the resources match 'azurerm_' such as 'azurerm_resource_group'.
+    mql: terraform.state.resources { type providerName values['id'] } 
\ No newline at end of file