/
security_configurations.go
119 lines (114 loc) · 4.36 KB
/
security_configurations.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package glue
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/glue"
"github.com/cloudquery/cloudquery/plugins/source/aws/client"
"github.com/cloudquery/cq-provider-sdk/provider/diag"
"github.com/cloudquery/cq-provider-sdk/provider/schema"
)
//go:generate cq-gen --resource security_configurations --config security_configurations.hcl --output .
func SecurityConfigurations() *schema.Table {
return &schema.Table{
Name: "aws_glue_security_configurations",
Description: "Specifies a security configuration",
Resolver: fetchGlueSecurityConfigurations,
Multiplex: client.ServiceAccountRegionMultiplexer("glue"),
IgnoreError: client.IgnoreAccessDeniedServiceDisabled,
DeleteFilter: client.DeleteAccountRegionFilter,
Options: schema.TableCreationOptions{PrimaryKeys: []string{"account_id", "region", "name"}},
Columns: []schema.Column{
{
Name: "account_id",
Description: "The AWS Account ID of the resource.",
Type: schema.TypeString,
Resolver: client.ResolveAWSAccount,
},
{
Name: "region",
Description: "The AWS Region of the resource.",
Type: schema.TypeString,
Resolver: client.ResolveAWSRegion,
},
{
Name: "created_time_stamp",
Description: "The time at which this security configuration was created",
Type: schema.TypeTimestamp,
},
{
Name: "cloud_watch_encryption_mode",
Description: "The encryption mode to use for CloudWatch data",
Type: schema.TypeString,
Resolver: schema.PathResolver("EncryptionConfiguration.CloudWatchEncryption.CloudWatchEncryptionMode"),
},
{
Name: "cloud_watch_encryption_kms_key_arn",
Description: "The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data",
Type: schema.TypeString,
Resolver: schema.PathResolver("EncryptionConfiguration.CloudWatchEncryption.KmsKeyArn"),
},
{
Name: "job_bookmarks_encryption_mode",
Description: "The encryption mode to use for job bookmarks data",
Type: schema.TypeString,
Resolver: schema.PathResolver("EncryptionConfiguration.JobBookmarksEncryption.JobBookmarksEncryptionMode"),
},
{
Name: "job_bookmarks_encryption_kms_key_arn",
Description: "The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data",
Type: schema.TypeString,
Resolver: schema.PathResolver("EncryptionConfiguration.JobBookmarksEncryption.KmsKeyArn"),
},
{
Name: "name",
Description: "The name of the security configuration",
Type: schema.TypeString,
},
},
Relations: []*schema.Table{
{
Name: "aws_glue_security_configuration_s3_encryption",
Description: "Specifies how Amazon Simple Storage Service (Amazon S3) data should be encrypted",
Resolver: schema.PathTableResolver("EncryptionConfiguration.S3Encryption"),
Columns: []schema.Column{
{
Name: "security_configuration_cq_id",
Description: "Unique CloudQuery ID of aws_glue_security_configurations table (FK)",
Type: schema.TypeUUID,
Resolver: schema.ParentIdResolver,
},
{
Name: "kms_key_arn",
Description: "The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data",
Type: schema.TypeString,
},
{
Name: "s3_encryption_mode",
Description: "The encryption mode to use for Amazon S3 data",
Type: schema.TypeString,
},
},
},
},
}
}
// ====================================================================================================================
// Table Resolver Functions
// ====================================================================================================================
func fetchGlueSecurityConfigurations(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error {
cl := meta.(*client.Client)
svc := cl.Services().Glue
input := glue.GetSecurityConfigurationsInput{}
for {
result, err := svc.GetSecurityConfigurations(ctx, &input)
if err != nil {
return diag.WrapError(err)
}
res <- result.SecurityConfigurations
if aws.ToString(result.NextToken) == "" {
break
}
input.NextToken = result.NextToken
}
return nil
}