aws datasources

JamesWoolfenden · Sep 22, 2023 · 527b755 · 527b755
1 parent d02d5c7
commit 527b755
Show file tree

Hide file tree

Showing 38 changed files with 333 additions and 64 deletions.
diff --git a/.checkov.yaml b/.checkov.yaml
@@ -11,8 +11,6 @@ framework:
   - github_actions
   - json
   - yaml
-  - sca_package
-  - sca_image
 mask: [ ]
 secrets-history-timeout: 12h
 secrets-scan-file-type: [ ]

diff --git a/src/aws_datasource.go b/src/aws_datasource.go
@@ -14,7 +14,7 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) {
 	if temp := AwsDataLoookup(result.Name); temp != nil {
 		Permissions, err = GetPermissionMap(temp.([]byte), result.Attributes)
 	} else {
-		return nil, fmt.Errorf("resource not found")
+		return nil, fmt.Errorf("%s not implemented", result.Name)
 	}
 
 	return Permissions, err
@@ -287,6 +287,9 @@ func AwsDataLoookup(find string) interface{} {
 		"aws_lb_listener":                                      dataAwsLbListener,
 		"aws_lb_target_group":                                  dataAwsLbTargetGroup,
 		"aws_lbs":                                              dataAwsLbs,
+		"aws_licensemanager_grants":                            dataAwsLicensemanagerGrants,
+		"aws_licensemanager_received_license":                  dataAwsLicensemanagerReceivedLicense,
+		"aws_licensemanager_received_licenses":                 dataAwsLicensemanagerReceivedLicenses,
 		"aws_location_tracker_association":                     dataAwsLocationTrackerAssociation,
 		"aws_location_tracker_associations":                    dataAwsLocationTrackerAssociations,
 		"aws_mq_broker":                                        dataAwsMqBroker,
@@ -305,6 +308,9 @@ func AwsDataLoookup(find string) interface{} {
 		"aws_neptune_orderable_db_instance":                    dataAwsNeptuneOrderableDBInstance,
 		"aws_network_acls":                                     dataAwsNetworkAcls,
 		"aws_network_interfaces":                               dataAwsNetworkInterfaces,
+		"aws_networkfirewall_firewall":                         dataAwsNetworkfirewallFirewall,
+		"aws_networkfirewall_firewall_policy":                  dataAwsNetworkfirewallFirewallPolicy,
+		"aws_networkfirewall_resource_policy":                  dataAwsNetworkfirewallResourcePolicy,
 		"aws_opensearch_domain":                                placeholder,
 		"aws_organizations_organization":                       dataAwsOrganizationsOrganization,
 		"aws_outposts_outpost":                                 dataAwsOutpostsOutpost,
@@ -313,6 +319,7 @@ func AwsDataLoookup(find string) interface{} {
 		"aws_pricing_product":                                  placeholder,
 		"aws_prometheus_workspace":                             dataAwsPrometheusWorkspace,
 		"aws_prometheus_workspaces":                            dataAwsPrometheusWorkspaces,
+		"aws_qldb_ledger":                                      dataAwsQldbLedger,
 		"aws_quicksight_data_set":                              placeholder,
 		"aws_quicksight_group":                                 dataAwsQuicksightGroup,
 		"aws_quicksight_theme":                                 dataAwsQuicksightTheme,
@@ -330,6 +337,8 @@ func AwsDataLoookup(find string) interface{} {
 		"aws_redshift_service_account":                         placeholder,
 		"aws_redshift_subnet_group":                            dataAwsRedshiftSubnetGroup,
 		"aws_redshiftserverless_credentials":                   placeholder,
+		"aws_redshiftserverless_namespace":                     dataAwsRedshiftserverlessNamespace,
+		"aws_redshiftserverless_workgroup":                     dataAwsRedshiftserverlessWorkgroup,
 		"aws_region":                                           placeholder,
 		"aws_regions":                                          dataAwsRegions,
 		"aws_resourcegroupstaggingapi_resources":               dataAwsResourcegroupstaggingapiResources,
@@ -423,15 +432,23 @@ func AwsDataLoookup(find string) interface{} {
 		"aws_workspaces_bundle":                                dataAwsWorkspacesBundle,
 		"aws_workspaces_directory":                             dataAwsWorkspaceDirectory,
 		"aws_workspaces_image":                                 dataAwsWorkspaceImage,
-		"aws_licensemanager_grants":                            dataAwsLicensemanagerGrants,
-		"aws_licensemanager_received_license":                  dataAwsLicensemanagerReceivedLicense,
-		"aws_licensemanager_received_licenses":                 dataAwsLicensemanagerReceivedLicenses,
-		"aws_networkfirewall_firewall":                         dataAwsNetworkfirewallFirewall,
-		"aws_networkfirewall_firewall_policy":                  dataAwsNetworkfirewallFirewallPolicy,
-		"aws_networkfirewall_resource_policy":                  dataAwsNetworkfirewallResourcePolicy,
-		"aws_qldb_ledger":                                      dataAwsQldbLedger,
-		"aws_redshiftserverless_namespace":                     dataAwsRedshiftserverlessNamespace,
-		"aws_redshiftserverless_workgroup":                     dataAwsRedshiftserverlessWorkgroup,
+		"aws_location_geofence_collection":                     dataAwsLocationGeofenceCollection,
+		"aws_location_map":                                     dataAwsLocationMap,
+		"aws_location_place_index":                             dataAwsLocationPlaceIndex,
+		"aws_location_route_calculator":                        dataAwsLocationRouteCalculator,
+		"aws_location_tracker":                                 dataAwsLocationTracker,
+		"aws_vpclattice_auth_policy":                           dataAwsVpclatticeAuthPolicy,
+		"aws_vpclattice_listener":                              dataAwsVpclatticeListener,
+		"aws_vpclattice_resource_policy":                       dataAwsVpclatticeResourcePolicy,
+		"aws_vpclattice_service":                               dataAwsVpclatticeService,
+		"aws_vpclattice_service_network":                       dataAwsVpclatticeServiceNetwork,
+		"aws_codecatalyst_dev_environment":                     placeholder,
+		"aws_dms_certificate":                                  dataAwsDmsCertificate,
+		"aws_kms_secret":                                       placeholder,
+		"aws_s3_bucket_objects":                                placeholder,
+		"aws_ses_active_receipt_rule_set":                      dataAwsSesActiveReceiptRuleSet,
+		"aws_ses_domain_identity":                              dataAwsSesDomainIdentity,
+		"aws_ses_email_identity":                               dataAwsSesEmailIdentity,
 	}
 
 	return TFLookup[find]

diff --git a/src/coverage/aws.md b/src/coverage/aws.md
@@ -1053,10 +1053,7 @@ Datasource percentage coverage 80.98
 ./resource.ps1 aws_workspaces_connection_alias
 ./resource.ps1 aws_workspaces_image
 ./resource.ps1 aws_workspaces_ip_group
-./resource.ps1 aws_codecatalyst_dev_environment -type data
-./resource.ps1 aws_cognito_identity_pool -type data
-./resource.ps1 aws_dms_certificate -type data
-./resource.ps1 aws_ec2_transitgateway_route_table_propagations -type data
+
 ./resource.ps1 aws_imagebuilder_component -type data
 ./resource.ps1 aws_imagebuilder_components -type data
 ./resource.ps1 aws_imagebuilder_container_recipe -type data
@@ -1075,17 +1072,10 @@ Datasource percentage coverage 80.98
 ./resource.ps1 aws_kendra_index -type data
 ./resource.ps1 aws_kendra_query_suggestions_block_list -type data
 ./resource.ps1 aws_kendra_thesaurus -type data
-./resource.ps1 aws_kms_secret -type data
-./resource.ps1 aws_lambda_alias -type data
 ./resource.ps1 aws_lex_bot -type data
 ./resource.ps1 aws_lex_bot_alias -type data
 ./resource.ps1 aws_lex_intent -type data
 ./resource.ps1 aws_lex_slot_type -type data
-./resource.ps1 aws_location_geofence_collection -type data
-./resource.ps1 aws_location_map -type data
-./resource.ps1 aws_location_place_index -type data
-./resource.ps1 aws_location_route_calculator -type data
-./resource.ps1 aws_location_tracker -type data
 ./resource.ps1 aws_networkmanager_connection -type data
 ./resource.ps1 aws_networkmanager_connections -type data
 ./resource.ps1 aws_networkmanager_core_network_policy_document -type data
@@ -1126,23 +1116,12 @@ Datasource percentage coverage 80.98
 ./resource.ps1 aws_route53_resolver_endpoint -type data
 ./resource.ps1 aws_route53_resolver_query_log_config -type data
 ./resource.ps1 aws_route53_resolver_rules -type data
-./resource.ps1 aws_s3_bucket_objects -type data
-./resource.ps1 aws_saml_provider -type data
 ./resource.ps1 aws_servicecatalog_constraint -type data
 ./resource.ps1 aws_servicecatalog_launch_paths -type data
 ./resource.ps1 aws_servicecatalog_portfolio -type data
 ./resource.ps1 aws_servicecatalog_portfolio_constraints -type data
 ./resource.ps1 aws_servicecatalog_product -type data
 ./resource.ps1 aws_servicecatalog_provisioning_artifacts -type data
-./resource.ps1 aws_ses_active_receipt_rule_set -type data
-./resource.ps1 aws_ses_domain_identity -type data
-./resource.ps1 aws_ses_email_identity -type data
 ./resource.ps1 aws_sesv2_configuration_set -type data
 ./resource.ps1 aws_sesv2_email_identity -type data
 ./resource.ps1 aws_sesv2_email_identity_mail_from_attributes -type data
-./resource.ps1 aws_vpclattice_auth_policy -type data
-./resource.ps1 aws_vpclattice_listener -type data
-./resource.ps1 aws_vpclattice_resource_policy -type data
-./resource.ps1 aws_vpclattice_service -type data
-./resource.ps1 aws_vpclattice_service_network -type data
-./resource.ps1 ssm_maintenance_windows -type data
diff --git a/src/files_datasource.go b/src/files_datasource.go
@@ -1074,3 +1074,45 @@ var dataAwsRedshiftserverlessNamespace []byte
 
 //go:embed mapping/aws/data/redshift-serverless/awas_redshiftserverless_workgroups.json
 var dataAwsRedshiftserverlessWorkgroup []byte
+
+//go:embed mapping/aws/data/geo/aws_location_geofence_collection.json
+var dataAwsLocationGeofenceCollection []byte
+
+//go:embed mapping/aws/data/geo/aws_location_map.json
+var dataAwsLocationMap []byte
+
+//go:embed mapping/aws/data/geo/aws_location_place_index.json
+var dataAwsLocationPlaceIndex []byte
+
+//go:embed mapping/aws/data/geo/aws_location_route_calculator.json
+var dataAwsLocationRouteCalculator []byte
+
+//go:embed mapping/aws/data/geo/aws_location_tracker.json
+var dataAwsLocationTracker []byte
+
+//go:embed mapping/aws/data/vpc-lattice/aws_vpclattice_auth_policy.json
+var dataAwsVpclatticeAuthPolicy []byte
+
+//go:embed mapping/aws/data/vpc-lattice/aws_vpclattice_listener.json
+var dataAwsVpclatticeListener []byte
+
+//go:embed mapping/aws/data/vpc-lattice/aws_vpclattice_resource_policy.json
+var dataAwsVpclatticeResourcePolicy []byte
+
+//go:embed mapping/aws/data/vpc-lattice/aws_vpclattice_service.json
+var dataAwsVpclatticeService []byte
+
+//go:embed mapping/aws/data/vpc-lattice/aws_vpclattice_service_network.json
+var dataAwsVpclatticeServiceNetwork []byte
+
+//go:embed mapping/aws/data/dms/aws_dms_certificate.json
+var dataAwsDmsCertificate []byte
+
+//go:embed mapping/aws/data/ses/aws_ses_active_receipt_rule_set.json
+var dataAwsSesActiveReceiptRuleSet []byte
+
+//go:embed mapping/aws/data/ses/aws_ses_domain_identity.json
+var dataAwsSesDomainIdentity []byte
+
+//go:embed mapping/aws/data/ses/aws_ses_email_identity.json
+var dataAwsSesEmailIdentity []byte
diff --git a/src/mapping/aws/data/cognito-identity/aws_cognito_identity_pool.json b/src/mapping/aws/data/cognito-identity/aws_cognito_identity_pool.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "cognito-identity:DescribeIdentityPool"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/dms/aws_dms_certificate.json b/src/mapping/aws/data/dms/aws_dms_certificate.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "dms:DescribeCertificates"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/geo/aws_location_geofence_collection.json b/src/mapping/aws/data/geo/aws_location_geofence_collection.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "geo:DescribeGeofenceCollection"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/geo/aws_location_map.json b/src/mapping/aws/data/geo/aws_location_map.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "geo:DescribeMap"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/geo/aws_location_place_index.json b/src/mapping/aws/data/geo/aws_location_place_index.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "geo:DescribePlaceIndex"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/geo/aws_location_route_calculator.json b/src/mapping/aws/data/geo/aws_location_route_calculator.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "geo:DescribeRouteCalculator"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/geo/aws_location_tracker.json b/src/mapping/aws/data/geo/aws_location_tracker.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "geo:DescribeTracker"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/ses/aws_ses_active_receipt_rule_set.json b/src/mapping/aws/data/ses/aws_ses_active_receipt_rule_set.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ses:DescribeActiveReceiptRuleSet"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/ses/aws_ses_domain_identity.json b/src/mapping/aws/data/ses/aws_ses_domain_identity.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ses:GetIdentityVerificationAttributes"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/ses/aws_ses_email_identity.json b/src/mapping/aws/data/ses/aws_ses_email_identity.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ses:GetIdentityVerificationAttributes"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/vpc-lattice/aws_vpclattice_auth_policy.json b/src/mapping/aws/data/vpc-lattice/aws_vpclattice_auth_policy.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "vpc-lattice:GetAuthPolicy"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/vpc-lattice/aws_vpclattice_listener.json b/src/mapping/aws/data/vpc-lattice/aws_vpclattice_listener.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "vpc-lattice:GetListener"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/vpc-lattice/aws_vpclattice_resource_policy.json b/src/mapping/aws/data/vpc-lattice/aws_vpclattice_resource_policy.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "vpc-lattice:GetResourcePolicy"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/vpc-lattice/aws_vpclattice_service.json b/src/mapping/aws/data/vpc-lattice/aws_vpclattice_service.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "vpc-lattice:ListServices"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/vpc-lattice/aws_vpclattice_service_network.json b/src/mapping/aws/data/vpc-lattice/aws_vpclattice_service_network.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "vpc-lattice:GetServiceNetwork"
+    ]
+  }
+]