feat: Added glue security configurations (#1382)

* feat: Added glue security configurations

* fix

client/services.go

@@ -767,6 +767,7 @@ type GlueClient interface {
 	GetDataCatalogEncryptionSettings(ctx context.Context, params *glue.GetDataCatalogEncryptionSettingsInput, optFns ...func(*glue.Options)) (*glue.GetDataCatalogEncryptionSettingsOutput, error)
 	GetDevEndpoints(ctx context.Context, params *glue.GetDevEndpointsInput, optFns ...func(*glue.Options)) (*glue.GetDevEndpointsOutput, error)
 	GetCrawlers(ctx context.Context, params *glue.GetCrawlersInput, optFns ...func(*glue.Options)) (*glue.GetCrawlersOutput, error)
+	GetSecurityConfigurations(ctx context.Context, params *glue.GetSecurityConfigurationsInput, optFns ...func(*glue.Options)) (*glue.GetSecurityConfigurationsOutput, error)
 }
 
 //go:generate mockgen -package=mocks -destination=./mocks/kinesis.go . KinesisClient

docs/tables/aws_glue_security_configuration_s3_encryption.md

@@ -0,0 +1,9 @@
+
+# Table: aws_glue_security_configuration_s3_encryption
+Specifies how Amazon Simple Storage Service (Amazon S3) data should be encrypted
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|security_configuration_cq_id|uuid|Unique CloudQuery ID of aws_glue_security_configurations table (FK)|
+|kms_key_arn|text|The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data|
+|s3_encryption_mode|text|The encryption mode to use for Amazon S3 data|

docs/tables/aws_glue_security_configurations.md

@@ -0,0 +1,14 @@
+
+# Table: aws_glue_security_configurations
+Specifies a security configuration
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|account_id|text|The AWS Account ID of the resource.|
+|region|text|The AWS Region of the resource.|
+|created_time_stamp|timestamp without time zone|The time at which this security configuration was created|
+|cloud_watch_encryption_mode|text|The encryption mode to use for CloudWatch data|
+|cloud_watch_encryption_kms_key_arn|text|The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data|
+|job_bookmarks_encryption_mode|text|The encryption mode to use for job bookmarks data|
+|job_bookmarks_encryption_kms_key_arn|text|The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data|
+|name|text|The name of the security configuration|

resources/provider/provider.go

@@ -176,6 +176,7 @@ func Provider() *provider.Provider {
 			"glue.jobs":                               glue.Jobs(),
 			"glue.ml_transforms":                      glue.MlTransforms(),
 			"glue.triggers":                           glue.Triggers(),
+			"glue.security_configurations":            glue.SecurityConfigurations(),
 			"glue.workflows":                          glue.Workflows(),
 			"guardduty.detectors":                     guardduty.GuarddutyDetectors(),
 			"iam.accounts":                            iam.IamAccounts(),

resources/services/glue/security_configurations.go

@@ -0,0 +1,119 @@
+package glue
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/glue"
+	"github.com/cloudquery/cq-provider-aws/client"
+	"github.com/cloudquery/cq-provider-sdk/provider/diag"
+	"github.com/cloudquery/cq-provider-sdk/provider/schema"
+)
+
+//go:generate cq-gen --resource security_configurations --config security_configurations.hcl --output .
+func SecurityConfigurations() *schema.Table {
+	return &schema.Table{
+		Name:         "aws_glue_security_configurations",
+		Description:  "Specifies a security configuration",
+		Resolver:     fetchGlueSecurityConfigurations,
+		Multiplex:    client.ServiceAccountRegionMultiplexer("glue"),
+		IgnoreError:  client.IgnoreAccessDeniedServiceDisabled,
+		DeleteFilter: client.DeleteAccountRegionFilter,
+		Options:      schema.TableCreationOptions{PrimaryKeys: []string{"account_id", "region", "name"}},
+		Columns: []schema.Column{
+			{
+				Name:        "account_id",
+				Description: "The AWS Account ID of the resource.",
+				Type:        schema.TypeString,
+				Resolver:    client.ResolveAWSAccount,
+			},
+			{
+				Name:        "region",
+				Description: "The AWS Region of the resource.",
+				Type:        schema.TypeString,
+				Resolver:    client.ResolveAWSRegion,
+			},
+			{
+				Name:        "created_time_stamp",
+				Description: "The time at which this security configuration was created",
+				Type:        schema.TypeTimestamp,
+			},
+			{
+				Name:        "cloud_watch_encryption_mode",
+				Description: "The encryption mode to use for CloudWatch data",
+				Type:        schema.TypeString,
+				Resolver:    schema.PathResolver("EncryptionConfiguration.CloudWatchEncryption.CloudWatchEncryptionMode"),
+			},
+			{
+				Name:        "cloud_watch_encryption_kms_key_arn",
+				Description: "The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data",
+				Type:        schema.TypeString,
+				Resolver:    schema.PathResolver("EncryptionConfiguration.CloudWatchEncryption.KmsKeyArn"),
+			},
+			{
+				Name:        "job_bookmarks_encryption_mode",
+				Description: "The encryption mode to use for job bookmarks data",
+				Type:        schema.TypeString,
+				Resolver:    schema.PathResolver("EncryptionConfiguration.JobBookmarksEncryption.JobBookmarksEncryptionMode"),
+			},
+			{
+				Name:        "job_bookmarks_encryption_kms_key_arn",
+				Description: "The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data",
+				Type:        schema.TypeString,
+				Resolver:    schema.PathResolver("EncryptionConfiguration.JobBookmarksEncryption.KmsKeyArn"),
+			},
+			{
+				Name:        "name",
+				Description: "The name of the security configuration",
+				Type:        schema.TypeString,
+			},
+		},
+		Relations: []*schema.Table{
+			{
+				Name:        "aws_glue_security_configuration_s3_encryption",
+				Description: "Specifies how Amazon Simple Storage Service (Amazon S3) data should be encrypted",
+				Resolver:    schema.PathTableResolver("EncryptionConfiguration.S3Encryption"),
+				Columns: []schema.Column{
+					{
+						Name:        "security_configuration_cq_id",
+						Description: "Unique CloudQuery ID of aws_glue_security_configurations table (FK)",
+						Type:        schema.TypeUUID,
+						Resolver:    schema.ParentIdResolver,
+					},
+					{
+						Name:        "kms_key_arn",
+						Description: "The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data",
+						Type:        schema.TypeString,
+					},
+					{
+						Name:        "s3_encryption_mode",
+						Description: "The encryption mode to use for Amazon S3 data",
+						Type:        schema.TypeString,
+					},
+				},
+			},
+		},
+	}
+}
+
+// ====================================================================================================================
+//                                               Table Resolver Functions
+// ====================================================================================================================
+
+func fetchGlueSecurityConfigurations(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error {
+	cl := meta.(*client.Client)
+	svc := cl.Services().Glue
+	input := glue.GetSecurityConfigurationsInput{}
+	for {
+		result, err := svc.GetSecurityConfigurations(ctx, &input)
+		if err != nil {
+			return diag.WrapError(err)
+		}
+		res <- result.SecurityConfigurations
+		if aws.ToString(result.NextToken) == "" {
+			break
+		}
+		input.NextToken = result.NextToken
+	}
+	return nil
+}

resources/services/glue/security_configurations.hcl

@@ -0,0 +1,42 @@
+service          = "aws"
+output_directory = "."
+add_generate     = true
+
+
+description_modifier "remove_read_only" {
+  words = ["  This member is required."]
+}
+
+resource "aws" "glue" "security_configurations" {
+  path = "github.com/aws/aws-sdk-go-v2/service/glue/types.SecurityConfiguration"
+  ignoreError "IgnoreAccessDenied" {
+    path = "github.com/cloudquery/cq-provider-aws/client.IgnoreAccessDeniedServiceDisabled"
+  }
+  deleteFilter "AccountRegionFilter" {
+    path = "github.com/cloudquery/cq-provider-aws/client.DeleteAccountRegionFilter"
+  }
+  multiplex "AwsAccountRegion" {
+    path   = "github.com/cloudquery/cq-provider-aws/client.ServiceAccountRegionMultiplexer"
+    params = ["glue"]
+  }
+  options {
+    primary_keys = ["account_id", "region", "name"]
+  }
+  userDefinedColumn "account_id" {
+    description = "The AWS Account ID of the resource."
+    type        = "string"
+    resolver "resolveAWSAccount" {
+      path = "github.com/cloudquery/cq-provider-aws/client.ResolveAWSAccount"
+    }
+  }
+  userDefinedColumn "region" {
+    type        = "string"
+    description = "The AWS Region of the resource."
+    resolver "resolveAWSRegion" {
+      path = "github.com/cloudquery/cq-provider-aws/client.ResolveAWSRegion"
+    }
+  }
+  column "encryption_configuration" {
+    skip_prefix = true
+  }
+}

resources/services/glue/security_configurations_test.go

@@ -0,0 +1,32 @@
+package glue
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/service/glue"
+	"github.com/cloudquery/cq-provider-aws/client"
+	"github.com/cloudquery/cq-provider-aws/client/mocks"
+	"github.com/cloudquery/faker/v3"
+	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/require"
+)
+
+func buildSecurityConfigurationsMock(t *testing.T, ctrl *gomock.Controller) client.Services {
+	m := mocks.NewMockGlueClient(ctrl)
+
+	var s glue.GetSecurityConfigurationsOutput
+	require.NoError(t, faker.FakeData(&s))
+	s.NextToken = nil
+	m.EXPECT().GetSecurityConfigurations(
+		gomock.Any(),
+		gomock.Any(),
+	).Return(&s, nil)
+
+	return client.Services{
+		Glue: m,
+	}
+}
+
+func TestSecurityConfigurations(t *testing.T) {
+	client.AwsMockTestHelper(t, SecurityConfigurations(), buildSecurityConfigurationsMock, client.TestOptions{})
+}