new aws resources and policy writing change

JamesWoolfenden · Oct 9, 2024 · 105506a · 105506a
1 parent 78626ef
commit 105506a
Show file tree

Hide file tree

Showing 47 changed files with 5,350 additions and 4,810 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,7 +32,7 @@ jobs:
 
       ## checks out our code locally, so we can work with the files
       - name: Checkout code
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       ## runs go test ./...
       - name: Build

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -39,11 +39,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0
+        uses: github/codeql-action/init@cf5b0a9041d3c1d336516f1944c96d96598193cc # codeql-bundle-v2.19.1
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -57,7 +57,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0
+        uses: github/codeql-action/autobuild@cf5b0a9041d3c1d336516f1944c96d96598193cc # codeql-bundle-v2.19.1
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -70,4 +70,4 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0
+        uses: github/codeql-action/analyze@cf5b0a9041d3c1d336516f1944c96d96598193cc # codeql-bundle-v2.19.1
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -6,13 +6,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: Install Go
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
           go-version: 1.22.x
       - name: Restore cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
@@ -31,13 +31,13 @@ jobs:
         with:
           terraform_version: 1.5.4
       - name: Checkout code
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: Install Go
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
           go-version: ${{ matrix.go-version }}
       - name: Restore cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
@@ -49,7 +49,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: Install Go
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: Unshallow
         run: git fetch --prune --unshallow
       - name: Set up Go
@@ -41,7 +41,7 @@ jobs:
     needs:
       - goreleaser
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: Publish to Registry
         uses: elgohr/Publish-Docker-Github-Action@82556589c08f584cb95411629a94e6c2b68b9b80 # v5
         with:

diff --git a/.github/workflows/resources.yml b/.github/workflows/resources.yml
@@ -17,15 +17,15 @@ jobs:
 
         ## checks out our code locally, so we can work with the files
         - name: Checkout code
-          uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+          uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
         ## runs go test ./...
         - name: Build
           run: go build -o ${{ github.workspace }} ./...
 
 
         - name: Checkout AWS
-          uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+          uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
           with:
             repository: hashicorp/terraform-provider-aws
             path: aws
@@ -34,7 +34,7 @@ jobs:
           run: ${{ github.workspace }}/pike parse -d ${{ github.workspace }}/aws -name aws
 
         - name: Checkout AZURERM
-          uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+          uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
           with:
             repository: hashicorp/terraform-provider-azurerm
             path: azurerm
@@ -43,7 +43,7 @@ jobs:
           run: ${{ github.workspace }}/pike parse -d ${{ github.workspace }}/azurerm -name azurerm
 
         - name: Generate Google
-          uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+          uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
           with:
             repository: hashicorp/terraform-provider-google
             path: google

diff --git a/src/aws.go b/src/aws.go
@@ -1094,6 +1094,20 @@ func AwsLookup(name string) interface{} {
 		"aws_verifiedpermissions_policy":                                   awsVerifiedpermissionsPolicy,
 		"aws_verifiedpermissions_policy_store":                             awsVerifiedpermissionsPolicyStore,
 		"aws_verifiedpermissions_policy_template":                          awsVerifiedpermissionsPolicyTemplate,
+		"aws_ebs_snapshot_block_public_access":                             awsEbsSnapshotBlockPublicAccess,
+		"aws_ec2_image_block_public_access":                                awsEc2ImageBlockPublicAccess,
+		"aws_ec2_serial_console_access":                                    awsEc2SerialConsoleAccess,
+		"aws_emr_block_public_access_configuration":                        awsEmrBlockPublicAccessConfiguration,
+		"aws_s3_account_public_access_block":                               awsS3AccountPublicAccessBlock,
+		"aws_s3control_access_point_policy":                                awsS3controlAccessPointPolicy,
+		"aws_iam_group_policies_exclusive":                                 awsIamGroupPoliciesExclusive,
+		"aws_iam_role_policies_exclusive":                                  awsIamRolePoliciesExclusive,
+		"aws_iam_user_policies_exclusive":                                  awsIamUserPoliciesExclusive,
+		"aws_m2_application":                                               awsM2Application,
+		"aws_m2_deployment":                                                awsM2Deployment,
+		"aws_m2_environment":                                               awsM2Environment,
+		"aws_memorydb_user":                                                awsMemorydbUser,
+		"aws_sagemaker_human_task_ui":                                      awsSagemakerHumanTaskUi,
 	}
 
 	return TFLookup[name]

diff --git a/src/coverage/aws.md b/src/coverage/aws.md
@@ -1,7 +1,7 @@
 # todo aws
 
-Resource percentage coverage   72.23
-Datasource percentage coverage 100.00
+Resource percentage coverage   72.56
+Datasource percentage coverage 99.82
 
 ./resource.ps1 aws_amplify_backend_environment
 ./resource.ps1 aws_amplify_webhook
@@ -34,7 +34,9 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_appsync_graphql_api
 ./resource.ps1 aws_appsync_source_api_association
 ./resource.ps1 aws_appsync_type
+./resource.ps1 aws_backup_logically_air_gapped_vault
 ./resource.ps1 aws_bedrock_guardrail
+./resource.ps1 aws_bedrock_guardrail_version
 ./resource.ps1 aws_bedrockagent_agent_knowledge_base_association
 ./resource.ps1 aws_cloud9_environment_membership
 ./resource.ps1 aws_cloudcontrolapi_resource
@@ -67,6 +69,7 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_datazone_form_type
 ./resource.ps1 aws_datazone_glossary
 ./resource.ps1 aws_datazone_glossary_term
+./resource.ps1 aws_datazone_user_profile
 ./resource.ps1 aws_detective_member
 ./resource.ps1 aws_detective_organization_configuration
 ./resource.ps1 aws_devicefarm_device_pool
@@ -104,22 +107,21 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_dynamodb_table_export
 ./resource.ps1 aws_dynamodb_table_replica
 ./resource.ps1 aws_ebs_fast_snapshot_restore
-./resource.ps1 aws_ebs_snapshot_block_public_access
 ./resource.ps1 aws_ebs_snapshot_import
 ./resource.ps1 aws_ec2_capacity_block_reservation
-./resource.ps1 aws_ec2_image_block_public_access
 ./resource.ps1 aws_ec2_instance
 ./resource.ps1 aws_ec2_instance_connect_endpoint
 ./resource.ps1 aws_ec2_instance_metadata_defaults
 ./resource.ps1 aws_ec2_instance_state
 ./resource.ps1 aws_ec2_managed_prefix_list_entry
-./resource.ps1 aws_ec2_serial_console_access
 ./resource.ps1 aws_ec2_subnet_cidr_reservation
 ./resource.ps1 aws_ec2_traffic_mirror_filter
 ./resource.ps1 aws_ec2_traffic_mirror_filter_rule
 ./resource.ps1 aws_ec2_traffic_mirror_session
 ./resource.ps1 aws_ec2_traffic_mirror_target
 ./resource.ps1 aws_ec2_transit_gateway_connect_peer
+./resource.ps1 aws_ec2_transit_gateway_default_route_table_association
+./resource.ps1 aws_ec2_transit_gateway_default_route_table_propagation
 ./resource.ps1 aws_ec2_transit_gateway_peering_attachment_accepter
 ./resource.ps1 aws_ec2_transit_gateway_policy_table
 ./resource.ps1 aws_ec2_transit_gateway_policy_table_association
@@ -137,7 +139,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_elasticsearch_vpc_endpoint
 ./resource.ps1 aws_elastictranscoder_pipeline
 ./resource.ps1 aws_elastictranscoder_preset
-./resource.ps1 aws_emr_block_public_access_configuration
 ./resource.ps1 aws_emr_instance_fleet
 ./resource.ps1 aws_emr_instance_group
 ./resource.ps1 aws_emrcontainers_job_template
@@ -168,7 +169,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_guardduty_organization_configuration
 ./resource.ps1 aws_guardduty_organization_configuration_feature
 ./resource.ps1 aws_guardduty_publishing_destination
-./resource.ps1 aws_iam_role_policies_exclusive
 ./resource.ps1 aws_identitystore_group
 ./resource.ps1 aws_identitystore_group_membership
 ./resource.ps1 aws_identitystore_user
@@ -217,9 +217,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_lightsail_lb_certificate_attachment
 ./resource.ps1 aws_lightsail_lb_https_redirection_policy
 ./resource.ps1 aws_lightsail_lb_stickiness_policy
-./resource.ps1 aws_m2_application
-./resource.ps1 aws_m2_deployment
-./resource.ps1 aws_m2_environment
 ./resource.ps1 aws_macie2_account
 ./resource.ps1 aws_macie2_classification_export_configuration
 ./resource.ps1 aws_macie2_classification_job
@@ -230,7 +227,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_media_store_container
 ./resource.ps1 aws_media_store_container_policy
 ./resource.ps1 aws_medialive_channel
-./resource.ps1 aws_memorydb_user
 ./resource.ps1 aws_mskconnect_connector
 ./resource.ps1 aws_mskconnect_custom_plugin
 ./resource.ps1 aws_mskconnect_worker_configuration
@@ -278,6 +274,7 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_pinpoint_event_stream
 ./resource.ps1 aws_pinpoint_gcm_channel
 ./resource.ps1 aws_pinpoint_sms_channel
+./resource.ps1 aws_pinpointsmsvoicev2_configuration_set
 ./resource.ps1 aws_pinpointsmsvoicev2_opt_out_list
 ./resource.ps1 aws_pinpointsmsvoicev2_phone_number
 ./resource.ps1 aws_prometheus_alert_manager_definition
@@ -319,27 +316,28 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_resourcegroups_resource
 ./resource.ps1 aws_route53domains_delegation_signer_record
 ./resource.ps1 aws_route53domains_registered_domain
+./resource.ps1 aws_route53profiles_association
+./resource.ps1 aws_route53profiles_profile
+./resource.ps1 aws_route53profiles_resource_association
 ./resource.ps1 aws_rum_metrics_destination
-./resource.ps1 aws_s3_account_public_access_block
 ./resource.ps1 aws_s3_bucket_analytics_configuration
 ./resource.ps1 aws_s3_directory_bucket
 ./resource.ps1 aws_s3_object_copy
 ./resource.ps1 aws_s3control_access_grants_instance_resource_policy
-./resource.ps1 aws_s3control_access_point_policy
 ./resource.ps1 aws_s3control_bucket
 ./resource.ps1 aws_s3control_bucket_lifecycle_configuration
 ./resource.ps1 aws_s3control_bucket_policy
 ./resource.ps1 aws_s3control_object_lambda_access_point
 ./resource.ps1 aws_s3control_object_lambda_access_point_policy
 ./resource.ps1 aws_s3control_storage_lens_configuration
 ./resource.ps1 aws_sagemaker_flow_definition
-./resource.ps1 aws_sagemaker_human_task_ui
 ./resource.ps1 aws_securityhub_account
 ./resource.ps1 aws_securityhub_action_target
 ./resource.ps1 aws_securityhub_configuration_policy_association
 ./resource.ps1 aws_securityhub_invite_accepter
 ./resource.ps1 aws_securityhub_member
 ./resource.ps1 aws_securityhub_organization_admin_account
+./resource.ps1 aws_securityhub_standards_control_association
 ./resource.ps1 aws_securityhub_standards_subscription
 ./resource.ps1 aws_securitylake_custom_log_source
 ./resource.ps1 aws_serverlessapplicationrepository_cloudformation_stack
@@ -378,6 +376,7 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_ssoadmin_permission_set_inline_policy
 ./resource.ps1 aws_ssoadmin_permissions_boundary_attachment
 ./resource.ps1 aws_ssoadmin_trusted_token_issuer
+./resource.ps1 aws_standards_control_association
 ./resource.ps1 aws_transfer_access
 ./resource.ps1 aws_transfer_server
 ./resource.ps1 aws_transfer_ssh_key
@@ -397,3 +396,4 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_wafregional_web_acl_association
 ./resource.ps1 aws_worklink_fleet
 ./resource.ps1 aws_worklink_website_certificate_authority_association
+./resource.ps1 aws_route53profiles_profiles -type data
diff --git a/src/coverage/azure.md b/src/coverage/azure.md
@@ -588,13 +588,11 @@ Datasource percentage coverage 37.31
 ./resource.ps1 azurerm_mssql_virtual_machine_availability_group_listener
 ./resource.ps1 azurerm_mssql_virtual_machine_group
 ./resource.ps1 azurerm_mssql_virtual_network_rule
-./resource.ps1 azurerm_mysql_database
 ./resource.ps1 azurerm_mysql_flexible_database
 ./resource.ps1 azurerm_mysql_flexible_server
 ./resource.ps1 azurerm_mysql_flexible_server_active_directory_administrator
 ./resource.ps1 azurerm_mysql_flexible_server_configuration
 ./resource.ps1 azurerm_mysql_flexible_server_firewall_rule
-./resource.ps1 azurerm_mysql_server
 ./resource.ps1 azurerm_nat_gateway
 ./resource.ps1 azurerm_nat_gateway_public_ip_association
 ./resource.ps1 azurerm_nat_gateway_public_ip_prefix_association
@@ -845,6 +843,7 @@ Datasource percentage coverage 37.31
 ./resource.ps1 azurerm_stack_hci_deployment_setting
 ./resource.ps1 azurerm_stack_hci_logical_network
 ./resource.ps1 azurerm_stack_hci_storage_path
+./resource.ps1 azurerm_stack_hci_virtual_hard_disk
 ./resource.ps1 azurerm_static_site
 ./resource.ps1 azurerm_static_site_custom_domain
 ./resource.ps1 azurerm_static_web_app

diff --git a/src/coverage/google.md b/src/coverage/google.md
@@ -1,7 +1,7 @@
 # todo google
 
-Resource percentage coverage   19.68
-Datasource percentage coverage 79.15
+Resource percentage coverage   19.58
+Datasource percentage coverage 78.90
 
 ./resource.ps1 google_access_context_manager_access_level_condition
 ./resource.ps1 google_access_context_manager_service_perimeter_dry_run_egress_policy
@@ -233,6 +233,7 @@ Datasource percentage coverage 79.15
 ./resource.ps1 google_compute_router
 ./resource.ps1 google_compute_router_interface
 ./resource.ps1 google_compute_router_nat
+./resource.ps1 google_compute_router_nat_address
 ./resource.ps1 google_compute_router_peer
 ./resource.ps1 google_compute_router_route_policy
 ./resource.ps1 google_compute_security_policy_rule
@@ -345,6 +346,7 @@ Datasource percentage coverage 79.15
 ./resource.ps1 google_dataproc_autoscaling_policy_iam_binding
 ./resource.ps1 google_dataproc_autoscaling_policy_iam_member
 ./resource.ps1 google_dataproc_autoscaling_policy_iam_policy
+./resource.ps1 google_dataproc_batch
 ./resource.ps1 google_dataproc_cluster
 ./resource.ps1 google_dataproc_cluster_iam_binding
 ./resource.ps1 google_dataproc_cluster_iam_member
@@ -560,6 +562,7 @@ Datasource percentage coverage 79.15
 ./resource.ps1 google_logging_folder_settings
 ./resource.ps1 google_logging_folder_sink
 ./resource.ps1 google_logging_linked_dataset
+./resource.ps1 google_logging_log_scope
 ./resource.ps1 google_logging_log_view
 ./resource.ps1 google_logging_log_view_iam_binding
 ./resource.ps1 google_logging_log_view_iam_member
@@ -729,6 +732,7 @@ Datasource percentage coverage 79.15
 ./resource.ps1 google_secret_manager_regional_secret_iam_member
 ./resource.ps1 google_secret_manager_regional_secret_iam_policy
 ./resource.ps1 google_secret_manager_regional_secret_version
+./resource.ps1 google_secure_source_manager_branch_rule
 ./resource.ps1 google_secure_source_manager_instance
 ./resource.ps1 google_secure_source_manager_instance_iam_binding
 ./resource.ps1 google_secure_source_manager_instance_iam_member
@@ -742,6 +746,7 @@ Datasource percentage coverage 79.15
 ./resource.ps1 google_service_networking_peered_dns_domain
 ./resource.ps1 google_service_networking_vpc_service_controls
 ./resource.ps1 google_service_usage_consumer_quota_override
+./resource.ps1 google_site_verification_owner
 ./resource.ps1 google_site_verification_web_resource
 ./resource.ps1 google_sourcerepo_repository_iam_binding
 ./resource.ps1 google_sourcerepo_repository_iam_member
@@ -812,6 +817,7 @@ Datasource percentage coverage 79.15
 ./resource.ps1 google_composer_user_workloads_secret -type data
 ./resource.ps1 google_compute_forwarding_rules -type data
 ./resource.ps1 google_compute_machine_types -type data
+./resource.ps1 google_compute_region_instance_group_manager -type data
 ./resource.ps1 google_compute_security_policy -type data
 ./resource.ps1 google_compute_subnetworks -type data
 ./resource.ps1 google_container_attached_install_manifest -type data