diff --git a/cloudnetworkquerydestination.go b/cloudnetworkquerydestination.go index 8308ee029..9723b3976 100644 --- a/cloudnetworkquerydestination.go +++ b/cloudnetworkquerydestination.go @@ -27,6 +27,9 @@ const ( // CloudNetworkQueryDestinationTypeK8sService represents the value K8sService. CloudNetworkQueryDestinationTypeK8sService CloudNetworkQueryDestinationTypeValue = "K8sService" + // CloudNetworkQueryDestinationTypeLambdaFunction represents the value LambdaFunction. + CloudNetworkQueryDestinationTypeLambdaFunction CloudNetworkQueryDestinationTypeValue = "LambdaFunction" + // CloudNetworkQueryDestinationTypeLoadBalancer represents the value LoadBalancer. CloudNetworkQueryDestinationTypeLoadBalancer CloudNetworkQueryDestinationTypeValue = "LoadBalancer" @@ -45,6 +48,12 @@ const ( // CloudNetworkQueryDestinationTypePublicIP represents the value PublicIP. CloudNetworkQueryDestinationTypePublicIP CloudNetworkQueryDestinationTypeValue = "PublicIP" + // CloudNetworkQueryDestinationTypeRDSDBInstance represents the value RDSDBInstance. + CloudNetworkQueryDestinationTypeRDSDBInstance CloudNetworkQueryDestinationTypeValue = "RDSDBInstance" + + // CloudNetworkQueryDestinationTypeRedshiftCluster represents the value RedshiftCluster. + CloudNetworkQueryDestinationTypeRedshiftCluster CloudNetworkQueryDestinationTypeValue = "RedshiftCluster" + // CloudNetworkQueryDestinationTypeSQLServer represents the value SQLServer. CloudNetworkQueryDestinationTypeSQLServer CloudNetworkQueryDestinationTypeValue = "SQLServer" ) @@ -142,7 +151,7 @@ func (o *CloudNetworkQueryDestination) Validate() error { errors := elemental.Errors{} requiredErrors := elemental.Errors{} - if err := elemental.ValidateStringInList("type", string(o.Type), []string{"Interface", "Instance", "LoadBalancer", "PublicIP", "K8sService", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer"}, true); err != nil { + if err := elemental.ValidateStringInList("type", string(o.Type), []string{"Interface", "Instance", "LoadBalancer", "PublicIP", "K8sService", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer", "LambdaFunction", "RDSDBInstance", "RedshiftCluster"}, true); err != nil { errors = errors.Append(err) } @@ -228,7 +237,7 @@ var CloudNetworkQueryDestinationAttributesMap = map[string]elemental.AttributeSp Type: "boolean", }, "Type": { - AllowedChoices: []string{"Interface", "Instance", "LoadBalancer", "PublicIP", "K8sService", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer"}, + AllowedChoices: []string{"Interface", "Instance", "LoadBalancer", "PublicIP", "K8sService", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer", "LambdaFunction", "RDSDBInstance", "RedshiftCluster"}, Autogenerated: true, ConvertedName: "Type", Description: `Returns the type of the destination.`, @@ -282,7 +291,7 @@ var CloudNetworkQueryDestinationLowerCaseAttributesMap = map[string]elemental.At Type: "boolean", }, "type": { - AllowedChoices: []string{"Interface", "Instance", "LoadBalancer", "PublicIP", "K8sService", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer"}, + AllowedChoices: []string{"Interface", "Instance", "LoadBalancer", "PublicIP", "K8sService", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer", "LambdaFunction", "RDSDBInstance", "RedshiftCluster"}, Autogenerated: true, ConvertedName: "Type", Description: `Returns the type of the destination.`, diff --git a/cloudnode.go b/cloudnode.go index c504185af..5c9cab82a 100644 --- a/cloudnode.go +++ b/cloudnode.go @@ -40,6 +40,9 @@ const ( // CloudNodeTypeK8sService represents the value K8sService. CloudNodeTypeK8sService CloudNodeTypeValue = "K8sService" + // CloudNodeTypeLambdaFunction represents the value LambdaFunction. + CloudNodeTypeLambdaFunction CloudNodeTypeValue = "LambdaFunction" + // CloudNodeTypeLoadBalancer represents the value LoadBalancer. CloudNodeTypeLoadBalancer CloudNodeTypeValue = "LoadBalancer" @@ -64,6 +67,12 @@ const ( // CloudNodeTypePublicIPAddress represents the value PublicIPAddress. CloudNodeTypePublicIPAddress CloudNodeTypeValue = "PublicIPAddress" + // CloudNodeTypeRDSDBInstance represents the value RDSDBInstance. + CloudNodeTypeRDSDBInstance CloudNodeTypeValue = "RDSDBInstance" + + // CloudNodeTypeRedshiftCluster represents the value RedshiftCluster. + CloudNodeTypeRedshiftCluster CloudNodeTypeValue = "RedshiftCluster" + // CloudNodeTypeRouteTable represents the value RouteTable. CloudNodeTypeRouteTable CloudNodeTypeValue = "RouteTable" @@ -1090,7 +1099,7 @@ func (o *CloudNode) Validate() error { requiredErrors = requiredErrors.Append(err) } - if err := elemental.ValidateStringInList("type", string(o.Type), []string{"Endpoint", "Subnet", "VPC", "Interface", "RouteTable", "Gateway", "NetworkRuleSet", "LoadBalancer", "LoadBalancerRoute", "PublicIPAddress", "ScaleSet", "ScaleGroup", "K8sNode", "K8sService", "K8sNamespace", "K8sPod", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer"}, false); err != nil { + if err := elemental.ValidateStringInList("type", string(o.Type), []string{"Endpoint", "Subnet", "VPC", "Interface", "RouteTable", "Gateway", "NetworkRuleSet", "LoadBalancer", "LoadBalancerRoute", "PublicIPAddress", "ScaleSet", "ScaleGroup", "K8sNode", "K8sService", "K8sNamespace", "K8sPod", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer", "LambdaFunction", "RDSDBInstance", "RedshiftCluster"}, false); err != nil { errors = errors.Append(err) } @@ -1599,7 +1608,7 @@ var CloudNodeAttributesMap = map[string]elemental.AttributeSpecification{ Type: "string", }, "Type": { - AllowedChoices: []string{"Endpoint", "Subnet", "VPC", "Interface", "RouteTable", "Gateway", "NetworkRuleSet", "LoadBalancer", "LoadBalancerRoute", "PublicIPAddress", "ScaleSet", "ScaleGroup", "K8sNode", "K8sService", "K8sNamespace", "K8sPod", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer"}, + AllowedChoices: []string{"Endpoint", "Subnet", "VPC", "Interface", "RouteTable", "Gateway", "NetworkRuleSet", "LoadBalancer", "LoadBalancerRoute", "PublicIPAddress", "ScaleSet", "ScaleGroup", "K8sNode", "K8sService", "K8sNamespace", "K8sPod", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer", "LambdaFunction", "RDSDBInstance", "RedshiftCluster"}, BSONFieldName: "type", ConvertedName: "Type", Description: `Type of the endpoint.`, @@ -2068,7 +2077,7 @@ var CloudNodeLowerCaseAttributesMap = map[string]elemental.AttributeSpecificatio Type: "string", }, "type": { - AllowedChoices: []string{"Endpoint", "Subnet", "VPC", "Interface", "RouteTable", "Gateway", "NetworkRuleSet", "LoadBalancer", "LoadBalancerRoute", "PublicIPAddress", "ScaleSet", "ScaleGroup", "K8sNode", "K8sService", "K8sNamespace", "K8sPod", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer"}, + AllowedChoices: []string{"Endpoint", "Subnet", "VPC", "Interface", "RouteTable", "Gateway", "NetworkRuleSet", "LoadBalancer", "LoadBalancerRoute", "PublicIPAddress", "ScaleSet", "ScaleGroup", "K8sNode", "K8sService", "K8sNamespace", "K8sPod", "MySQLServer", "MySQLFlexibleServer", "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", "SQLServer", "LambdaFunction", "RDSDBInstance", "RedshiftCluster"}, BSONFieldName: "type", ConvertedName: "Type", Description: `Type of the endpoint.`, diff --git a/custom_validations.go b/custom_validations.go index 36e7b61bf..09d3c64d0 100644 --- a/custom_validations.go +++ b/custom_validations.go @@ -1704,16 +1704,26 @@ func ValidateCloudNetworkQueryFilter(attribute string, f *CloudNetworkQueryFilte return makeValidationError(attribute, fmt.Sprintf("paas filtering only allowed for selectors with resource type: %s", CloudNetworkQueryFilterResourceTypePaaS)) } - var azure bool + var ( + isAzure bool + isAWS bool + ) for _, ct := range f.CloudTypes { if strings.EqualFold(ct, constants.CloudTypeAzure) { - azure = true + isAzure = true + break + } + if strings.EqualFold(ct, constants.CloudTypeAWS) { + isAWS = true break } } - if f.ResourceType == CloudNetworkQueryFilterResourceTypePaaS && !azure { - return makeValidationError(attribute, "paas filtering only allowed for Azure queries") + isPaaS := f.ResourceType == CloudNetworkQueryFilterResourceTypePaaS + if isPaaS && !isAzure && !isAWS { + return makeValidationError( + attribute, "PaaS filtering only allowed for Azure or AWS queries", + ) } return nil diff --git a/custom_validations_test.go b/custom_validations_test.go index c723d057c..718d66a4f 100644 --- a/custom_validations_test.go +++ b/custom_validations_test.go @@ -5005,24 +5005,39 @@ func TestValidateCloudGraphQuery(t *testing.T) { true, }, { - "paas filter is set for AWS", + "paas filter is set for GCP", args{ "invalid", &CloudNetworkQuery{ SourceIP: "1.1.1.0/24", DestinationSelector: &CloudNetworkQueryFilter{ ResourceType: CloudNetworkQueryFilterResourceTypePaaS, - CloudTypes: []string{"Aws"}, - PaasTypes: []string{"MicrosoftDBforMySQLFlexibleServers"}, + CloudTypes: []string{"GCP"}, + PaasTypes: []string{"Cloud Functions"}, }, }, }, true, }, + { + "paas filter is set for AWS", + args{ + "valid", + &CloudNetworkQuery{ + SourceIP: "1.1.1.0/24", + DestinationSelector: &CloudNetworkQueryFilter{ + ResourceType: CloudNetworkQueryFilterResourceTypePaaS, + CloudTypes: []string{"Aws"}, + PaasTypes: []string{"AWS Lambda"}, + }, + }, + }, + false, + }, { "paas filter is set for Azure", args{ - "invalid", + "valid", &CloudNetworkQuery{ SourceIP: "1.1.1.0/24", DestinationSelector: &CloudNetworkQueryFilter{ diff --git a/doc/documentation.md b/doc/documentation.md index eeef7f602..f13ca3e11 100644 --- a/doc/documentation.md +++ b/doc/documentation.md @@ -12788,7 +12788,7 @@ Returns true if the destination is reachable through routing. ##### `type` [`autogenerated`,`read_only`] -Type: `enum(Interface | Instance | LoadBalancer | PublicIP | K8sService | MySQLServer | MySQLFlexibleServer | PostgreSQLServer | PostgreSQLFlexibleServer | CosmosDB | SQLServer)` +Type: `enum(Interface | Instance | LoadBalancer | PublicIP | K8sService | MySQLServer | MySQLFlexibleServer | PostgreSQLServer | PostgreSQLFlexibleServer | CosmosDB | SQLServer | LambdaFunction | RDSDBInstance | RedshiftCluster)` Returns the type of the destination. @@ -13607,7 +13607,7 @@ The sub-type of the object as found in the parameters. Used for indexing. ##### `type` [`required`] -Type: `enum(Endpoint | Subnet | VPC | Interface | RouteTable | Gateway | NetworkRuleSet | LoadBalancer | LoadBalancerRoute | PublicIPAddress | ScaleSet | ScaleGroup | K8sNode | K8sService | K8sNamespace | K8sPod | MySQLServer | MySQLFlexibleServer | PostgreSQLServer | PostgreSQLFlexibleServer | CosmosDB | SQLServer)` +Type: `enum(Endpoint | Subnet | VPC | Interface | RouteTable | Gateway | NetworkRuleSet | LoadBalancer | LoadBalancerRoute | PublicIPAddress | ScaleSet | ScaleGroup | K8sNode | K8sService | K8sNamespace | K8sPod | MySQLServer | MySQLFlexibleServer | PostgreSQLServer | PostgreSQLFlexibleServer | CosmosDB | SQLServer | LambdaFunction | RDSDBInstance | RedshiftCluster)` Type of the endpoint. diff --git a/openapi3_autogen/cloudnetworkquerydestination.json b/openapi3_autogen/cloudnetworkquerydestination.json index 0578b6a40..917976604 100644 --- a/openapi3_autogen/cloudnetworkquerydestination.json +++ b/openapi3_autogen/cloudnetworkquerydestination.json @@ -32,7 +32,10 @@ "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", - "SQLServer" + "SQLServer", + "LambdaFunction", + "RDSDBInstance", + "RedshiftCluster" ], "readOnly": true }, diff --git a/openapi3_autogen/cloudnode.json b/openapi3_autogen/cloudnode.json index fdc44cfb3..c572a86cd 100644 --- a/openapi3_autogen/cloudnode.json +++ b/openapi3_autogen/cloudnode.json @@ -181,7 +181,10 @@ "PostgreSQLServer", "PostgreSQLFlexibleServer", "CosmosDB", - "SQLServer" + "SQLServer", + "LambdaFunction", + "RDSDBInstance", + "RedshiftCluster" ], "example": "Endpoint" }, diff --git a/specs/cloudnetworkquerydestination.spec b/specs/cloudnetworkquerydestination.spec index b5678ab61..689285b9a 100644 --- a/specs/cloudnetworkquerydestination.spec +++ b/specs/cloudnetworkquerydestination.spec @@ -50,6 +50,9 @@ attributes: - PostgreSQLFlexibleServer - CosmosDB - SQLServer + - LambdaFunction + - RDSDBInstance + - RedshiftCluster autogenerated: true - name: verdict diff --git a/specs/cloudnode.spec b/specs/cloudnode.spec index d0a30d1ed..6a30b3aa6 100644 --- a/specs/cloudnode.spec +++ b/specs/cloudnode.spec @@ -122,4 +122,7 @@ attributes: - PostgreSQLFlexibleServer - CosmosDB - SQLServer + - LambdaFunction + - RDSDBInstance + - RedshiftCluster example_value: Endpoint