This repository has been archived by the owner on Aug 16, 2022. It is now read-only.
/
rule_groups.go
153 lines (143 loc) · 4.86 KB
/
rule_groups.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package waf
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/waf"
"github.com/aws/aws-sdk-go-v2/service/waf/types"
"github.com/cloudquery/cq-provider-aws/client"
"github.com/cloudquery/cq-provider-sdk/provider/diag"
"github.com/cloudquery/cq-provider-sdk/provider/schema"
)
func WafRuleGroups() *schema.Table {
return &schema.Table{
Name: "aws_waf_rule_groups",
Description: "This is AWS WAF Classic documentation",
Resolver: fetchWafRuleGroups,
Multiplex: client.AccountMultiplex,
IgnoreError: client.IgnoreCommonErrors,
DeleteFilter: client.DeleteAccountFilter,
Options: schema.TableCreationOptions{PrimaryKeys: []string{"account_id", "id"}},
Columns: []schema.Column{
{
Name: "account_id",
Description: "The AWS Account ID of the resource.",
Type: schema.TypeString,
Resolver: client.ResolveAWSAccount,
},
{
Name: "arn",
Type: schema.TypeString,
Resolver: resolveWafRuleGroupArn,
},
{
Name: "rule_ids",
Type: schema.TypeStringArray,
Resolver: resolveWafRuleGroupRuleIds,
IgnoreInTests: true,
},
{
Name: "tags",
Type: schema.TypeJSON,
Resolver: resolveWafRuleGroupTags,
},
{
Name: "id",
Description: "A unique identifier for a RuleGroup",
Type: schema.TypeString,
Resolver: schema.PathResolver("RuleGroupId"),
},
{
Name: "metric_name",
Description: "A friendly name or description for the metrics for this RuleGroup",
Type: schema.TypeString,
},
{
Name: "name",
Description: "The friendly name or description for the RuleGroup",
Type: schema.TypeString,
},
},
}
}
// ====================================================================================================================
// Table Resolver Functions
// ====================================================================================================================
func fetchWafRuleGroups(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error {
c := meta.(*client.Client)
service := c.Services().Waf
config := waf.ListRuleGroupsInput{}
for {
output, err := service.ListRuleGroups(ctx, &config)
if err != nil {
return diag.WrapError(err)
}
for _, rG := range output.RuleGroups {
ruleGroup, err := service.GetRuleGroup(ctx, &waf.GetRuleGroupInput{RuleGroupId: rG.RuleGroupId}, func(options *waf.Options) {
options.Region = c.Region
})
if err != nil {
return diag.WrapError(err)
}
res <- ruleGroup.RuleGroup
}
if aws.ToString(output.NextMarker) == "" {
break
}
config.NextMarker = output.NextMarker
}
return nil
}
func resolveWafRuleGroupArn(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error {
cl := meta.(*client.Client)
ruleGroup := resource.Item.(*types.RuleGroup)
return diag.WrapError(resource.Set(c.Name, cl.ARN("waf", "rulegroup", aws.ToString(ruleGroup.RuleGroupId))))
}
func resolveWafRuleGroupRuleIds(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error {
ruleGroup := resource.Item.(*types.RuleGroup)
// Resolves rule group rules
awsClient := meta.(*client.Client)
service := awsClient.Services().Waf
listActivatedRulesConfig := waf.ListActivatedRulesInRuleGroupInput{RuleGroupId: ruleGroup.RuleGroupId}
var ruleIDs []string
for {
rules, err := service.ListActivatedRulesInRuleGroup(ctx, &listActivatedRulesConfig)
if err != nil {
return diag.WrapError(err)
}
for _, rule := range rules.ActivatedRules {
ruleIDs = append(ruleIDs, aws.ToString(rule.RuleId))
}
if aws.ToString(rules.NextMarker) == "" {
break
}
listActivatedRulesConfig.NextMarker = rules.NextMarker
}
return diag.WrapError(resource.Set("rule_ids", ruleIDs))
}
func resolveWafRuleGroupTags(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error {
ruleGroup := resource.Item.(*types.RuleGroup)
// Resolve tags for resource
cl := meta.(*client.Client)
service := cl.Services().Waf
// Generate arn
arnStr := cl.AccountGlobalARN("waf", "rulegroup", aws.ToString(ruleGroup.RuleGroupId))
outputTags := make(map[string]*string)
tagsConfig := waf.ListTagsForResourceInput{ResourceARN: aws.String(arnStr)}
for {
tags, err := service.ListTagsForResource(ctx, &tagsConfig, func(options *waf.Options) {
// Set region to default global region
options.Region = "us-east-1"
})
if err != nil {
return diag.WrapError(err)
}
for _, t := range tags.TagInfoForResource.TagList {
outputTags[*t.Key] = t.Value
}
if aws.ToString(tags.NextMarker) == "" {
break
}
tagsConfig.NextMarker = tags.NextMarker
}
return diag.WrapError(resource.Set("tags", outputTags))
}