feat: Add support for Inspector Classic & Inspector V2 findings (#1305)…

… (#1412) * service calls * impl * lint * skip simplify * tests * add //check-for-changes header * Revert "skip simplify" This reverts commit 97a9666. * chmod * proper names * add resolver for arn
cloudquery · Aug 12, 2022 · 1f1ae96 · 1f1ae96
1 parent 2d6d138
commit 1f1ae96
Show file tree

Hide file tree

Showing 18 changed files with 816 additions and 4 deletions.
diff --git a/client/client.go b/client/client.go
@@ -52,6 +52,8 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/glue"
 	"github.com/aws/aws-sdk-go-v2/service/guardduty"
 	"github.com/aws/aws-sdk-go-v2/service/iam"
+	"github.com/aws/aws-sdk-go-v2/service/inspector"
+	"github.com/aws/aws-sdk-go-v2/service/inspector2"
 	"github.com/aws/aws-sdk-go-v2/service/iot"
 	"github.com/aws/aws-sdk-go-v2/service/kinesis"
 	"github.com/aws/aws-sdk-go-v2/service/kms"
@@ -161,6 +163,8 @@ type Services struct {
 	Glue                   GlueClient
 	GuardDuty              GuardDutyClient
 	IAM                    IamClient
+	Inspector              InspectorClient
+	InspectorV2            InspectorV2Client
 	IOT                    IOTClient
 	Kinesis                KinesisClient
 	KMS                    KmsClient
@@ -663,6 +667,8 @@ func initServices(region string, c aws.Config) Services {
 		Glue:                   glue.NewFromConfig(awsCfg),
 		GuardDuty:              guardduty.NewFromConfig(awsCfg),
 		IAM:                    iam.NewFromConfig(awsCfg),
+		Inspector:              inspector.NewFromConfig(awsCfg),
+		InspectorV2:            inspector2.NewFromConfig(awsCfg),
 		IOT:                    iot.NewFromConfig(awsCfg),
 		Kinesis:                kinesis.NewFromConfig(awsCfg),
 		KMS:                    kms.NewFromConfig(awsCfg),

diff --git a/client/client_test.go b/client/client_test.go
@@ -2,7 +2,6 @@ package client
 
 import (
 	"context"
-	"io/ioutil"
 	"log"
 	"os"
 	"reflect"
@@ -194,7 +193,7 @@ func (m mockAssumeRole) AssumeRole(ctx context.Context, params *sts.AssumeRoleIn
 func Test_Configure(t *testing.T) {
 	ctx := context.Background()
 	logger := hclog.New(&hclog.LoggerOptions{})
-	f, err := ioutil.TempFile("", "")
+	f, err := os.CreateTemp("", "")
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/client/mocks/inspector.go b/client/mocks/inspector.go
diff --git a/client/mocks/inspector_v2.go b/client/mocks/inspector_v2.go
diff --git a/client/services.go b/client/services.go
@@ -42,6 +42,8 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/glue"
 	"github.com/aws/aws-sdk-go-v2/service/guardduty"
 	"github.com/aws/aws-sdk-go-v2/service/iam"
+	"github.com/aws/aws-sdk-go-v2/service/inspector"
+	"github.com/aws/aws-sdk-go-v2/service/inspector2"
 	"github.com/aws/aws-sdk-go-v2/service/iot"
 	"github.com/aws/aws-sdk-go-v2/service/kinesis"
 	"github.com/aws/aws-sdk-go-v2/service/kms"
@@ -489,6 +491,17 @@ type IamClient interface {
 	GetAccountSummary(ctx context.Context, params *iam.GetAccountSummaryInput, optFns ...func(*iam.Options)) (*iam.GetAccountSummaryOutput, error)
 }
 
+//go:generate mockgen -package=mocks -destination=./moc—ks/inspector.go . InspectorClient
+type InspectorClient interface {
+	ListFindings(ctx context.Context, params *inspector.ListFindingsInput, optFns ...func(*inspector.Options)) (*inspector.ListFindingsOutput, error)
+	DescribeFindings(ctx context.Context, params *inspector.DescribeFindingsInput, optFns ...func(*inspector.Options)) (*inspector.DescribeFindingsOutput, error)
+}
+
+//go:generate mockgen -package=mocks -destination=./mocks/inspector_v2.go . InspectorV2Client
+type InspectorV2Client interface {
+	ListFindings(ctx context.Context, params *inspector2.ListFindingsInput, optFns ...func(*inspector2.Options)) (*inspector2.ListFindingsOutput, error)
+}
+
 //go:generate mockgen -package=mocks -destination=./mocks/mock_iot.go . IOTClient
 type IOTClient interface {
 	DescribeBillingGroup(ctx context.Context, params *iot.DescribeBillingGroupInput, optFns ...func(*iot.Options)) (*iot.DescribeBillingGroupOutput, error)

diff --git a/docs/tables/aws_inspector2_finding_resources.md b/docs/tables/aws_inspector2_finding_resources.md
@@ -0,0 +1,14 @@
+
+# Table: aws_inspector2_finding_resources
+Details about the resource involved in a finding
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|finding_cq_id|uuid|Unique CloudQuery ID of aws_inspector2_findings table (FK)|
+|id|text|The ID of the resource|
+|type|text|The type of resource|
+|aws_ec2_instance|jsonb|An object that contains details about the Amazon EC2 instance involved in the finding|
+|aws_ecr_container_image|jsonb|An object that contains details about the Amazon ECR container image involved in the finding|
+|partition|text|The partition of the resource|
+|region|text|The Amazon Web Services Region the impacted resource is located in|
+|tags|jsonb|The tags attached to the resource|
diff --git a/docs/tables/aws_inspector2_findings.md b/docs/tables/aws_inspector2_findings.md
@@ -0,0 +1,24 @@
+
+# Table: aws_inspector2_findings
+Details about an Amazon Inspector finding
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|arn|text|The Amazon Resource Name (ARN) of the finding|
+|region|text|The AWS Region of the resource|
+|account_id|text|The Amazon Web Services account ID associated with the finding|
+|description|text|The description of the finding|
+|finding_arn|text|The Amazon Resource Number (ARN) of the finding|
+|first_observed_at|timestamp without time zone|The date and time that the finding was first observed|
+|last_observed_at|timestamp without time zone|The date and time that the finding was last observed|
+|remediation_recommendation_text|text|The recommended course of action to remediate the finding|
+|remediation_recommendation_url|text|The URL address to the CVE remediation recommendations|
+|severity|text|The severity of the finding|
+|status|text|The status of the finding|
+|type|text|The type of the finding|
+|inspector_score|float|The Amazon Inspector score given to the finding|
+|inspector_score_details|jsonb|An object that contains details of the Amazon Inspector score|
+|network_reachability_details|jsonb|An object that contains the details of a network reachability finding|
+|package_vulnerability_details|jsonb|An object that contains the details of a package vulnerability finding|
+|title|text|The title of the finding|
+|updated_at|timestamp without time zone|The date and time the finding was last updated at|
diff --git a/docs/tables/aws_inspector_findings.md b/docs/tables/aws_inspector_findings.md
@@ -0,0 +1,26 @@
+
+# Table: aws_inspector_findings
+Contains information about an Amazon Inspector finding
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|account_id|text|The AWS Account ID of the resource|
+|region|text|The AWS Region of the resource|
+|arn|text|The ARN that specifies the finding|
+|attributes|jsonb|The system-defined attributes for the finding|
+|created_at|timestamp without time zone|The time when the finding was generated|
+|updated_at|timestamp without time zone|The time when AddAttributesToFindings is called|
+|user_attributes|jsonb|The user-defined attributes that are assigned to the finding|
+|asset_attributes|jsonb|A collection of attributes of the host from which the finding is generated|
+|asset_type|text|The type of the host from which the finding is generated|
+|confidence|bigint|This data element is currently not used|
+|description|text|The description of the finding|
+|id|text|The ID of the finding|
+|indicator_of_compromise|boolean|This data element is currently not used|
+|numeric_severity|float|The numeric value of the finding severity|
+|recommendation|text|The recommendation for the finding|
+|schema_version|bigint|The schema version of this data type|
+|service|text|The data element is set to "Inspector"|
+|service_attributes|jsonb|This data type is used in the Finding data type|
+|severity|text|The finding severity|
+|title|text|The name of the finding|
diff --git a/go.mod b/go.mod
@@ -42,6 +42,8 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/fsx v1.24.2
 	github.com/aws/aws-sdk-go-v2/service/guardduty v1.14.1
 	github.com/aws/aws-sdk-go-v2/service/iam v1.18.8
+	github.com/aws/aws-sdk-go-v2/service/inspector v1.12.11
+	github.com/aws/aws-sdk-go-v2/service/inspector2 v1.7.3
 	github.com/aws/aws-sdk-go-v2/service/iot v1.25.4
 	github.com/aws/aws-sdk-go-v2/service/kinesis v1.15.9
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.4

diff --git a/go.sum b/go.sum
@@ -162,6 +162,10 @@ github.com/aws/aws-sdk-go-v2/service/guardduty v1.14.1 h1:5bWqv1hwsELtYvmBpuOtOm
 github.com/aws/aws-sdk-go-v2/service/guardduty v1.14.1/go.mod h1:zeMwk8nXD/85ck1aCJs82TXj+QZcT4wNWmdU62+h9LM=
 github.com/aws/aws-sdk-go-v2/service/iam v1.18.8 h1:MYOkrSNwOUokctOnhGUNM9J/yNu87roEmdKcJ74d4eA=
 github.com/aws/aws-sdk-go-v2/service/iam v1.18.8/go.mod h1:xXYmwG+PAIuS9smWCqQ/YwVTGnDmw1K1Q796xVS96Ls=
+github.com/aws/aws-sdk-go-v2/service/inspector v1.12.11 h1:F71zQZGfbQlCEpvnZuF078NapUF9JyuowK1f4jg5YHA=
+github.com/aws/aws-sdk-go-v2/service/inspector v1.12.11/go.mod h1:P2FIUk9XTrgMYaBRR7FIKG1n8+MldC8TEjrB/9xYydU=
+github.com/aws/aws-sdk-go-v2/service/inspector2 v1.7.3 h1:wBMnRaQBlPu8aGTllfMhemDnOzYdhawOt+AsGaKqegU=
+github.com/aws/aws-sdk-go-v2/service/inspector2 v1.7.3/go.mod h1:eANO6mqiwJtCyp/fJ598J5OVMTxv6ocb3T+oRzBsoNQ=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.3 h1:4n4KCtv5SUoT5Er5XV41huuzrCqepxlW3SDI9qHQebc=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.3/go.mod h1:gkb2qADY+OHaGLKNTYxMaQNacfeyQpZ4csDTQMeFmcw=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.9 h1:gVv2vXOMqJeR4ZHHV32K7LElIJIIzyw/RU1b0lSfWTQ=

diff --git a/resources/provider/provider.go b/resources/provider/provider.go
@@ -42,6 +42,8 @@ import (
 	"github.com/cloudquery/cq-provider-aws/resources/services/glue"
 	"github.com/cloudquery/cq-provider-aws/resources/services/guardduty"
 	"github.com/cloudquery/cq-provider-aws/resources/services/iam"
+	"github.com/cloudquery/cq-provider-aws/resources/services/inspector"
+	"github.com/cloudquery/cq-provider-aws/resources/services/inspector2"
 	"github.com/cloudquery/cq-provider-aws/resources/services/iot"
 	"github.com/cloudquery/cq-provider-aws/resources/services/kinesis"
 	"github.com/cloudquery/cq-provider-aws/resources/services/kms"
@@ -199,6 +201,8 @@ func Provider() *provider.Provider {
 			"iam.server_certificates":                 iam.IamServerCertificates(),
 			"iam.users":                               iam.IamUsers(),
 			"iam.virtual_mfa_devices":                 iam.IamVirtualMfaDevices(),
+			"inspector.findings":                      inspector.Findings(),
+			"inspector2.findings":                     inspector2.Findings(),
 			"iot.billing_groups":                      iot.IotBillingGroups(),
 			"iot.ca_certificates":                     iot.IotCaCertificates(),
 			"iot.certificates":                        iot.IotCertificates(),