This repository has been archived by the owner on Aug 16, 2022. It is now read-only.
/
rate_based_rules.go
175 lines (168 loc) · 6.45 KB
/
rate_based_rules.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
package wafregional
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/wafregional"
"github.com/aws/aws-sdk-go-v2/service/wafregional/types"
"github.com/cloudquery/cq-provider-aws/client"
"github.com/cloudquery/cq-provider-sdk/provider/diag"
"github.com/cloudquery/cq-provider-sdk/provider/schema"
)
//go:generate cq-gen --resource rate_based_rules --config rate_based_rules.hcl --output .
func RateBasedRules() *schema.Table {
return &schema.Table{
Name: "aws_wafregional_rate_based_rules",
Description: "A combination of identifiers for web requests that you want to allow, block, or count, including rate limit.",
Resolver: fetchWafregionalRateBasedRules,
Multiplex: client.ServiceAccountRegionMultiplexer("waf-regional"),
IgnoreError: client.IgnoreCommonErrors,
DeleteFilter: client.DeleteAccountRegionFilter,
Options: schema.TableCreationOptions{PrimaryKeys: []string{"account_id", "region", "id"}},
Columns: []schema.Column{
{
Name: "account_id",
Description: "The AWS Account ID of the resource.",
Type: schema.TypeString,
Resolver: client.ResolveAWSAccount,
},
{
Name: "region",
Description: "The AWS Region of the resource.",
Type: schema.TypeString,
Resolver: client.ResolveAWSRegion,
},
{
Name: "arn",
Description: "ARN of the rate based rule.",
Type: schema.TypeString,
Resolver: resolveWafregionalRateBasedRuleArn,
},
{
Name: "tags",
Description: "Rule tags.",
Type: schema.TypeJSON,
Resolver: resolveWafregionalRateBasedRuleTags,
},
{
Name: "rate_key",
Description: "The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring",
Type: schema.TypeString,
},
{
Name: "rate_limit",
Description: "The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period",
Type: schema.TypeBigInt,
},
{
Name: "id",
Description: "A unique identifier for a RateBasedRule",
Type: schema.TypeString,
Resolver: schema.PathResolver("RuleId"),
},
{
Name: "metric_name",
Description: "A friendly name or description for the metrics for a RateBasedRule",
Type: schema.TypeString,
},
{
Name: "name",
Description: "A friendly name or description for a RateBasedRule",
Type: schema.TypeString,
},
},
Relations: []*schema.Table{
{
Name: "aws_wafregional_rate_based_rule_match_predicates",
Description: "Contains one Predicate element for each ByteMatchSet, IPSet, or SqlInjectionMatchSet object that you want to include in a RateBasedRule.",
Resolver: schema.PathTableResolver("MatchPredicates"),
Columns: []schema.Column{
{
Name: "rate_based_rule_cq_id",
Description: "Unique CloudQuery ID of aws_wafregional_rate_based_rules table (FK)",
Type: schema.TypeUUID,
Resolver: schema.ParentIdResolver,
},
{
Name: "data_id",
Description: "A unique identifier for a predicate in a Rule, such as ByteMatchSetId or IPSetId",
Type: schema.TypeString,
},
{
Name: "negated",
Description: "Set Negated to False if you want AWS WAF to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or SizeConstraintSet",
Type: schema.TypeBool,
},
{
Name: "type",
Description: "The type of predicate in a Rule, such as ByteMatch or IPSet. This member is required.",
Type: schema.TypeString,
},
},
},
},
}
}
// ====================================================================================================================
// Table Resolver Functions
// ====================================================================================================================
func fetchWafregionalRateBasedRules(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error {
cl := meta.(*client.Client)
svc := cl.Services().WafRegional
var params wafregional.ListRateBasedRulesInput
for {
result, err := svc.ListRateBasedRules(ctx, ¶ms, func(o *wafregional.Options) { o.Region = cl.Region })
if err != nil {
return diag.WrapError(err)
}
for _, item := range result.Rules {
detail, err := svc.GetRateBasedRule(
ctx,
&wafregional.GetRateBasedRuleInput{RuleId: item.RuleId},
func(o *wafregional.Options) { o.Region = cl.Region },
)
if err != nil {
return diag.WrapError(err)
}
if detail.Rule == nil {
continue
}
res <- *detail.Rule
}
if aws.ToString(result.NextMarker) == "" {
break
}
params.NextMarker = result.NextMarker
}
return nil
}
func resolveWafregionalRateBasedRuleArn(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error {
return diag.WrapError(resource.Set(c.Name, rateBasedRuleARN(meta, *resource.Item.(types.RateBasedRule).RuleId)))
}
func resolveWafregionalRateBasedRuleTags(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error {
cl := meta.(*client.Client)
svc := cl.Services().WafRegional
arn := rateBasedRuleARN(meta, *resource.Item.(types.RateBasedRule).RuleId)
params := wafregional.ListTagsForResourceInput{ResourceARN: &arn}
tags := make(map[string]string)
for {
result, err := svc.ListTagsForResource(ctx, ¶ms)
if err != nil {
return diag.WrapError(err)
}
if result.TagInfoForResource != nil {
client.TagsIntoMap(result.TagInfoForResource.TagList, tags)
}
if aws.ToString(result.NextMarker) == "" {
break
}
params.NextMarker = result.NextMarker
}
return diag.WrapError(resource.Set(c.Name, tags))
}
// ====================================================================================================================
// User Defined Helpers
// ====================================================================================================================
func rateBasedRuleARN(meta schema.ClientMeta, id string) string {
cl := meta.(*client.Client)
return cl.ARN(client.WAFRegional, "ratebasedrule", id)
}