This repository has been archived by the owner on Aug 16, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Added glue security configurations (#1382)
* feat: Added glue security configurations * fix
- Loading branch information
Showing
8 changed files
with
238 additions
and
0 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
|
||
# Table: aws_glue_security_configuration_s3_encryption | ||
Specifies how Amazon Simple Storage Service (Amazon S3) data should be encrypted | ||
## Columns | ||
| Name | Type | Description | | ||
| ------------- | ------------- | ----- | | ||
|security_configuration_cq_id|uuid|Unique CloudQuery ID of aws_glue_security_configurations table (FK)| | ||
|kms_key_arn|text|The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data| | ||
|s3_encryption_mode|text|The encryption mode to use for Amazon S3 data| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
|
||
# Table: aws_glue_security_configurations | ||
Specifies a security configuration | ||
## Columns | ||
| Name | Type | Description | | ||
| ------------- | ------------- | ----- | | ||
|account_id|text|The AWS Account ID of the resource.| | ||
|region|text|The AWS Region of the resource.| | ||
|created_time_stamp|timestamp without time zone|The time at which this security configuration was created| | ||
|cloud_watch_encryption_mode|text|The encryption mode to use for CloudWatch data| | ||
|cloud_watch_encryption_kms_key_arn|text|The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data| | ||
|job_bookmarks_encryption_mode|text|The encryption mode to use for job bookmarks data| | ||
|job_bookmarks_encryption_kms_key_arn|text|The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data| | ||
|name|text|The name of the security configuration| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
package glue | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/aws/aws-sdk-go-v2/aws" | ||
"github.com/aws/aws-sdk-go-v2/service/glue" | ||
"github.com/cloudquery/cq-provider-aws/client" | ||
"github.com/cloudquery/cq-provider-sdk/provider/diag" | ||
"github.com/cloudquery/cq-provider-sdk/provider/schema" | ||
) | ||
|
||
//go:generate cq-gen --resource security_configurations --config security_configurations.hcl --output . | ||
func SecurityConfigurations() *schema.Table { | ||
return &schema.Table{ | ||
Name: "aws_glue_security_configurations", | ||
Description: "Specifies a security configuration", | ||
Resolver: fetchGlueSecurityConfigurations, | ||
Multiplex: client.ServiceAccountRegionMultiplexer("glue"), | ||
IgnoreError: client.IgnoreAccessDeniedServiceDisabled, | ||
DeleteFilter: client.DeleteAccountRegionFilter, | ||
Options: schema.TableCreationOptions{PrimaryKeys: []string{"account_id", "region", "name"}}, | ||
Columns: []schema.Column{ | ||
{ | ||
Name: "account_id", | ||
Description: "The AWS Account ID of the resource.", | ||
Type: schema.TypeString, | ||
Resolver: client.ResolveAWSAccount, | ||
}, | ||
{ | ||
Name: "region", | ||
Description: "The AWS Region of the resource.", | ||
Type: schema.TypeString, | ||
Resolver: client.ResolveAWSRegion, | ||
}, | ||
{ | ||
Name: "created_time_stamp", | ||
Description: "The time at which this security configuration was created", | ||
Type: schema.TypeTimestamp, | ||
}, | ||
{ | ||
Name: "cloud_watch_encryption_mode", | ||
Description: "The encryption mode to use for CloudWatch data", | ||
Type: schema.TypeString, | ||
Resolver: schema.PathResolver("EncryptionConfiguration.CloudWatchEncryption.CloudWatchEncryptionMode"), | ||
}, | ||
{ | ||
Name: "cloud_watch_encryption_kms_key_arn", | ||
Description: "The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data", | ||
Type: schema.TypeString, | ||
Resolver: schema.PathResolver("EncryptionConfiguration.CloudWatchEncryption.KmsKeyArn"), | ||
}, | ||
{ | ||
Name: "job_bookmarks_encryption_mode", | ||
Description: "The encryption mode to use for job bookmarks data", | ||
Type: schema.TypeString, | ||
Resolver: schema.PathResolver("EncryptionConfiguration.JobBookmarksEncryption.JobBookmarksEncryptionMode"), | ||
}, | ||
{ | ||
Name: "job_bookmarks_encryption_kms_key_arn", | ||
Description: "The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data", | ||
Type: schema.TypeString, | ||
Resolver: schema.PathResolver("EncryptionConfiguration.JobBookmarksEncryption.KmsKeyArn"), | ||
}, | ||
{ | ||
Name: "name", | ||
Description: "The name of the security configuration", | ||
Type: schema.TypeString, | ||
}, | ||
}, | ||
Relations: []*schema.Table{ | ||
{ | ||
Name: "aws_glue_security_configuration_s3_encryption", | ||
Description: "Specifies how Amazon Simple Storage Service (Amazon S3) data should be encrypted", | ||
Resolver: schema.PathTableResolver("EncryptionConfiguration.S3Encryption"), | ||
Columns: []schema.Column{ | ||
{ | ||
Name: "security_configuration_cq_id", | ||
Description: "Unique CloudQuery ID of aws_glue_security_configurations table (FK)", | ||
Type: schema.TypeUUID, | ||
Resolver: schema.ParentIdResolver, | ||
}, | ||
{ | ||
Name: "kms_key_arn", | ||
Description: "The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data", | ||
Type: schema.TypeString, | ||
}, | ||
{ | ||
Name: "s3_encryption_mode", | ||
Description: "The encryption mode to use for Amazon S3 data", | ||
Type: schema.TypeString, | ||
}, | ||
}, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
// ==================================================================================================================== | ||
// Table Resolver Functions | ||
// ==================================================================================================================== | ||
|
||
func fetchGlueSecurityConfigurations(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error { | ||
cl := meta.(*client.Client) | ||
svc := cl.Services().Glue | ||
input := glue.GetSecurityConfigurationsInput{} | ||
for { | ||
result, err := svc.GetSecurityConfigurations(ctx, &input) | ||
if err != nil { | ||
return diag.WrapError(err) | ||
} | ||
res <- result.SecurityConfigurations | ||
if aws.ToString(result.NextToken) == "" { | ||
break | ||
} | ||
input.NextToken = result.NextToken | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
service = "aws" | ||
output_directory = "." | ||
add_generate = true | ||
|
||
|
||
description_modifier "remove_read_only" { | ||
words = [" This member is required."] | ||
} | ||
|
||
resource "aws" "glue" "security_configurations" { | ||
path = "github.com/aws/aws-sdk-go-v2/service/glue/types.SecurityConfiguration" | ||
ignoreError "IgnoreAccessDenied" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.IgnoreAccessDeniedServiceDisabled" | ||
} | ||
deleteFilter "AccountRegionFilter" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.DeleteAccountRegionFilter" | ||
} | ||
multiplex "AwsAccountRegion" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.ServiceAccountRegionMultiplexer" | ||
params = ["glue"] | ||
} | ||
options { | ||
primary_keys = ["account_id", "region", "name"] | ||
} | ||
userDefinedColumn "account_id" { | ||
description = "The AWS Account ID of the resource." | ||
type = "string" | ||
resolver "resolveAWSAccount" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.ResolveAWSAccount" | ||
} | ||
} | ||
userDefinedColumn "region" { | ||
type = "string" | ||
description = "The AWS Region of the resource." | ||
resolver "resolveAWSRegion" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.ResolveAWSRegion" | ||
} | ||
} | ||
column "encryption_configuration" { | ||
skip_prefix = true | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package glue | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/aws/aws-sdk-go-v2/service/glue" | ||
"github.com/cloudquery/cq-provider-aws/client" | ||
"github.com/cloudquery/cq-provider-aws/client/mocks" | ||
"github.com/cloudquery/faker/v3" | ||
"github.com/golang/mock/gomock" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func buildSecurityConfigurationsMock(t *testing.T, ctrl *gomock.Controller) client.Services { | ||
m := mocks.NewMockGlueClient(ctrl) | ||
|
||
var s glue.GetSecurityConfigurationsOutput | ||
require.NoError(t, faker.FakeData(&s)) | ||
s.NextToken = nil | ||
m.EXPECT().GetSecurityConfigurations( | ||
gomock.Any(), | ||
gomock.Any(), | ||
).Return(&s, nil) | ||
|
||
return client.Services{ | ||
Glue: m, | ||
} | ||
} | ||
|
||
func TestSecurityConfigurations(t *testing.T) { | ||
client.AwsMockTestHelper(t, SecurityConfigurations(), buildSecurityConfigurationsMock, client.TestOptions{}) | ||
} |