From 668ea91620f85994606935d3b7a8f171a7d8e8a7 Mon Sep 17 00:00:00 2001 From: mlozoya2 <98921034+mlozoya2@users.noreply.github.com> Date: Wed, 15 Jun 2022 05:59:57 -0400 Subject: [PATCH] feat: Add VPC Endpoint Services and Configurations (#1029) --- client/mocks/mock_ec2.go | 40 +++ client/services.go | 2 + ...ec2_vpc_endpoint_service_configurations.md | 26 ++ docs/tables/aws_ec2_vpc_endpoint_services.md | 23 ++ resources/provider/provider.go | 324 +++++++++--------- .../ec2/vpc_endpoint_service_configuration.go | 177 ++++++++++ ...dpoint_service_configurations_mock_test.go | 31 ++ .../services/ec2/vpc_endpoint_services.go | 163 +++++++++ .../ec2/vpc_endpoint_services_mock_test.go | 31 ++ 9 files changed, 656 insertions(+), 161 deletions(-) create mode 100644 docs/tables/aws_ec2_vpc_endpoint_service_configurations.md create mode 100644 docs/tables/aws_ec2_vpc_endpoint_services.md create mode 100644 resources/services/ec2/vpc_endpoint_service_configuration.go create mode 100644 resources/services/ec2/vpc_endpoint_service_configurations_mock_test.go create mode 100644 resources/services/ec2/vpc_endpoint_services.go create mode 100644 resources/services/ec2/vpc_endpoint_services_mock_test.go diff --git a/client/mocks/mock_ec2.go b/client/mocks/mock_ec2.go index d7b91b8c9..402af2e35 100644 --- a/client/mocks/mock_ec2.go +++ b/client/mocks/mock_ec2.go @@ -575,6 +575,46 @@ func (mr *MockEc2ClientMockRecorder) DescribeVolumes(arg0, arg1 interface{}, arg return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeVolumes", reflect.TypeOf((*MockEc2Client)(nil).DescribeVolumes), varargs...) } +// DescribeVpcEndpointServiceConfigurations mocks base method. +func (m *MockEc2Client) DescribeVpcEndpointServiceConfigurations(arg0 context.Context, arg1 *ec2.DescribeVpcEndpointServiceConfigurationsInput, arg2 ...func(*ec2.Options)) (*ec2.DescribeVpcEndpointServiceConfigurationsOutput, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "DescribeVpcEndpointServiceConfigurations", varargs...) + ret0, _ := ret[0].(*ec2.DescribeVpcEndpointServiceConfigurationsOutput) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DescribeVpcEndpointServiceConfigurations indicates an expected call of DescribeVpcEndpointServiceConfigurations. +func (mr *MockEc2ClientMockRecorder) DescribeVpcEndpointServiceConfigurations(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeVpcEndpointServiceConfigurations", reflect.TypeOf((*MockEc2Client)(nil).DescribeVpcEndpointServiceConfigurations), varargs...) +} + +// DescribeVpcEndpointServices mocks base method. +func (m *MockEc2Client) DescribeVpcEndpointServices(arg0 context.Context, arg1 *ec2.DescribeVpcEndpointServicesInput, arg2 ...func(*ec2.Options)) (*ec2.DescribeVpcEndpointServicesOutput, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "DescribeVpcEndpointServices", varargs...) + ret0, _ := ret[0].(*ec2.DescribeVpcEndpointServicesOutput) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DescribeVpcEndpointServices indicates an expected call of DescribeVpcEndpointServices. +func (mr *MockEc2ClientMockRecorder) DescribeVpcEndpointServices(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeVpcEndpointServices", reflect.TypeOf((*MockEc2Client)(nil).DescribeVpcEndpointServices), varargs...) +} + // DescribeVpcEndpoints mocks base method. func (m *MockEc2Client) DescribeVpcEndpoints(arg0 context.Context, arg1 *ec2.DescribeVpcEndpointsInput, arg2 ...func(*ec2.Options)) (*ec2.DescribeVpcEndpointsOutput, error) { m.ctrl.T.Helper() diff --git a/client/services.go b/client/services.go index 4664b0ab1..d7df3d65f 100644 --- a/client/services.go +++ b/client/services.go @@ -264,6 +264,8 @@ type Ec2Client interface { DescribeSnapshotAttribute(ctx context.Context, params *ec2.DescribeSnapshotAttributeInput, optFns ...func(*ec2.Options)) (*ec2.DescribeSnapshotAttributeOutput, error) DescribeVpcs(ctx context.Context, params *ec2.DescribeVpcsInput, optFns ...func(*ec2.Options)) (*ec2.DescribeVpcsOutput, error) DescribeVpcEndpoints(ctx context.Context, params *ec2.DescribeVpcEndpointsInput, optFns ...func(*ec2.Options)) (*ec2.DescribeVpcEndpointsOutput, error) + DescribeVpcEndpointServices(ctx context.Context, params *ec2.DescribeVpcEndpointServicesInput, optFns ...func(*ec2.Options)) (*ec2.DescribeVpcEndpointServicesOutput, error) + DescribeVpcEndpointServiceConfigurations(ctx context.Context, params *ec2.DescribeVpcEndpointServiceConfigurationsInput, optFns ...func(*ec2.Options)) (*ec2.DescribeVpcEndpointServiceConfigurationsOutput, error) DescribeVpnGateways(ctx context.Context, params *ec2.DescribeVpnGatewaysInput, optFns ...func(*ec2.Options)) (*ec2.DescribeVpnGatewaysOutput, error) DescribeAddresses(ctx context.Context, params *ec2.DescribeAddressesInput, optFns ...func(*ec2.Options)) (*ec2.DescribeAddressesOutput, error) GetEbsEncryptionByDefault(ctx context.Context, params *ec2.GetEbsEncryptionByDefaultInput, optFns ...func(*ec2.Options)) (*ec2.GetEbsEncryptionByDefaultOutput, error) diff --git a/docs/tables/aws_ec2_vpc_endpoint_service_configurations.md b/docs/tables/aws_ec2_vpc_endpoint_service_configurations.md new file mode 100644 index 000000000..d4a5336ae --- /dev/null +++ b/docs/tables/aws_ec2_vpc_endpoint_service_configurations.md @@ -0,0 +1,26 @@ + +# Table: aws_ec2_vpc_endpoint_service_configurations +Describes a service configuration for a VPC endpoint service. +## Columns +| Name | Type | Description | +| ------------- | ------------- | ----- | +|account_id|text|The AWS Account ID of the resource.| +|region|text|The AWS Region of the resource.| +|arn|text|The Amazon Resource Name (ARN) for the resource.| +|acceptance_required|boolean|Indicates whether requests from other AWS accounts to create an endpoint to the service must first be accepted.| +|availability_zones|text[]|The Availability Zones in which the service is available.| +|base_endpoint_dns_names|text[]|The DNS names for the service.| +|gateway_load_balancer_arns|text[]|The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service.| +|manages_vpc_endpoints|boolean|Indicates whether the service manages its VPC endpoints.| +|network_load_balancer_arns|text[]|The Amazon Resource Names (ARNs) of the Network Load Balancers for the service.| +|payer_responsibility|text|The payer responsibility.| +|private_dns_name|text|The private DNS name for the service.| +|private_dns_name_configuration_name|text|The name of the record subdomain the service provider needs to create.| +|private_dns_name_configuration_state|text|The verification state of the VPC endpoint service.| +|private_dns_name_configuration_type|text|The endpoint service verification type, for example TXT.| +|private_dns_name_configuration_value|text|The value the service provider adds to the private DNS name domain record before verification.| +|service_id|text|The ID of the service.| +|service_name|text|The name of the service.| +|service_state|text|The service state.| +|service_type|text[]|The type of service.| +|tags|jsonb|Any tags assigned to the service.| diff --git a/docs/tables/aws_ec2_vpc_endpoint_services.md b/docs/tables/aws_ec2_vpc_endpoint_services.md new file mode 100644 index 000000000..70593cc9b --- /dev/null +++ b/docs/tables/aws_ec2_vpc_endpoint_services.md @@ -0,0 +1,23 @@ + +# Table: aws_ec2_vpc_endpoint_services +Describes a VPC endpoint service. +## Columns +| Name | Type | Description | +| ------------- | ------------- | ----- | +|account_id|text|The AWS Account ID of the resource.| +|region|text|The AWS Region of the resource.| +|arn|text|The Amazon Resource Name (ARN) for the resource.| +|acceptance_required|boolean|Indicates whether VPC endpoint connection requests to the service must be accepted by the service owner.| +|availability_zones|text[]|The Availability Zones in which the service is available.| +|base_endpoint_dns_names|text[]|The DNS names for the service.| +|manages_vpc_endpoints|boolean|Indicates whether the service manages its VPC endpoints.| +|owner|text|The Amazon Web Services account ID of the service owner.| +|payer_responsibility|text|The payer responsibility.| +|private_dns_name|text|The private DNS name for the service.| +|private_dns_name_verification_state|text|The verification state of the VPC endpoint service.| +|private_dns_names|text[]|The private DNS names assigned to the VPC endpoint service.| +|id|text|The ID of the endpoint service.| +|service_name|text|The Amazon Resource Name (ARN) of the service.| +|service_type|text[]|The type of service.| +|tags|jsonb|Any tags assigned to the service.| +|vpc_endpoint_policy_supported|boolean|Indicates whether the service supports endpoint policies.| diff --git a/resources/provider/provider.go b/resources/provider/provider.go index b34c27058..981bc31b1 100644 --- a/resources/provider/provider.go +++ b/resources/provider/provider.go @@ -79,167 +79,169 @@ func Provider() *provider.Provider { ErrorClassifier: client.ErrorClassifier, ModuleInfoReader: module.EmbeddedReader(moduleData, "moduledata"), ResourceMap: map[string]*schema.Table{ - "accessanalyzer.analyzers": accessanalyzer.Analyzers(), - "acm.certificates": acm.AcmCertificates(), - "apigateway.api_keys": apigateway.ApigatewayAPIKeys(), - "apigateway.client_certificates": apigateway.ApigatewayClientCertificates(), - "apigateway.domain_names": apigateway.ApigatewayDomainNames(), - "apigateway.rest_apis": apigateway.ApigatewayRestApis(), - "apigateway.usage_plans": apigateway.ApigatewayUsagePlans(), - "apigateway.vpc_links": apigateway.ApigatewayVpcLinks(), - "apigatewayv2.apis": apigatewayv2.Apigatewayv2Apis(), - "apigatewayv2.domain_names": apigatewayv2.Apigatewayv2DomainNames(), - "apigatewayv2.vpc_links": apigatewayv2.Apigatewayv2VpcLinks(), - "applicationautoscaling.policies": applicationautoscaling.ApplicationautoscalingPolicies(), - "athena.data_catalogs": athena.DataCatalogs(), - "athena.work_groups": athena.WorkGroups(), - "autoscaling.groups": autoscaling.AutoscalingGroups(), - "autoscaling.launch_configurations": autoscaling.AutoscalingLaunchConfigurations(), - "autoscaling.scheduled_actions": autoscaling.AutoscalingScheduledActions(), - "aws.regions": ec2.AwsRegions(), - "backup.plans": backup.Plans(), - "backup.vaults": backup.Vaults(), - "backup.global_settings": backup.GlobalSettings(), - "backup.region_settings": backup.RegionSettings(), - "cloudformation.stacks": cloudformation.Stacks(), - "cloudfront.cache_policies": cloudfront.CloudfrontCachePolicies(), - "cloudfront.distributions": cloudfront.CloudfrontDistributions(), - "cloudtrail.trails": cloudtrail.CloudtrailTrails(), - "cloudwatch.alarms": cloudwatch.CloudwatchAlarms(), - "cloudwatchlogs.filters": cloudwatchlogs.CloudwatchlogsFilters(), - "codebuild.projects": codebuild.CodebuildProjects(), - "codepipeline.pipelines": codepipeline.Pipelines(), - "codepipeline.webhooks": codepipeline.Webhooks(), - "cognito.identity_pools": cognito.CognitoIdentityPools(), - "cognito.user_pools": cognito.CognitoUserPools(), - "config.configuration_recorders": config.ConfigConfigurationRecorders(), - "config.conformance_packs": config.ConfigConformancePack(), - "dax.clusters": dax.DaxClusters(), - "directconnect.connections": directconnect.DirectconnectConnections(), - "directconnect.gateways": directconnect.DirectconnectGateways(), - "directconnect.lags": directconnect.DirectconnectLags(), - "directconnect.virtual_gateways": directconnect.DirectconnectVirtualGateways(), - "directconnect.virtual_interfaces": directconnect.DirectconnectVirtualInterfaces(), - "dms.replication_instances": dms.DmsReplicationInstances(), - "dynamodb.tables": dynamodb.DynamodbTables(), - "ec2.byoip_cidrs": ec2.Ec2ByoipCidrs(), - "ec2.customer_gateways": ec2.Ec2CustomerGateways(), - "ec2.ebs_snapshots": ec2.Ec2EbsSnapshots(), - "ec2.ebs_volumes": ec2.Ec2EbsVolumes(), - "ec2.egress_only_internet_gateways": ec2.EgressOnlyInternetGateways(), - "ec2.eips": ec2.Ec2Eips(), - "ec2.hosts": ec2.Hosts(), - "ec2.flow_logs": ec2.Ec2FlowLogs(), - "ec2.images": ec2.Ec2Images(), - "ec2.instance_statuses": ec2.Ec2InstanceStatuses(), - "ec2.instances": ec2.Ec2Instances(), - "ec2.internet_gateways": ec2.Ec2InternetGateways(), - "ec2.network_interfaces": ec2.NetworkInterfaces(), - "ec2.nat_gateways": ec2.Ec2NatGateways(), - "ec2.network_acls": ec2.Ec2NetworkAcls(), - "ec2.regional_config": ec2.Ec2RegionalConfig(), - "ec2.route_tables": ec2.Ec2RouteTables(), - "ec2.security_groups": ec2.Ec2SecurityGroups(), - "ec2.subnets": ec2.Ec2Subnets(), - "ec2.transit_gateways": ec2.Ec2TransitGateways(), - "ec2.vpc_endpoints": ec2.Ec2VpcEndpoints(), - "ec2.vpc_peering_connections": ec2.Ec2VpcPeeringConnections(), - "ec2.vpcs": ec2.Ec2Vpcs(), - "ec2.vpn_gateways": ec2.Ec2VpnGateways(), - "ecr.repositories": ecr.EcrRepositories(), - "ecs.clusters": ecs.Clusters(), - "ecs.task_definitions": ecs.EcsTaskDefinitions(), - "efs.filesystems": efs.EfsFilesystems(), - "eks.clusters": eks.EksClusters(), - "elasticbeanstalk.applications": elasticbeanstalk.ElasticbeanstalkApplications(), - "elasticbeanstalk.application_versions": elasticbeanstalk.ApplicationVersions(), - "elasticbeanstalk.environments": elasticbeanstalk.ElasticbeanstalkEnvironments(), - "elasticsearch.domains": elasticsearch.ElasticsearchDomains(), - "elbv1.load_balancers": elbv1.Elbv1LoadBalancers(), - "elbv2.load_balancers": elbv2.Elbv2LoadBalancers(), - "elbv2.target_groups": elbv2.Elbv2TargetGroups(), - "emr.block_public_access_configs": emr.EmrBlockPublicAccessConfigs(), - "emr.clusters": emr.EmrClusters(), - "fsx.backups": fsx.FsxBackups(), - "guardduty.detectors": guardduty.GuarddutyDetectors(), - "iam.accounts": iam.IamAccounts(), - "iam.groups": iam.IamGroups(), - "iam.openid_connect_identity_providers": iam.IamOpenidConnectIdentityProviders(), - "iam.password_policies": iam.IamPasswordPolicies(), - "iam.policies": iam.IamPolicies(), - "iam.roles": iam.IamRoles(), - "iam.saml_identity_providers": iam.IamSamlIdentityProviders(), - "iam.server_certificates": iam.IamServerCertificates(), - "iam.users": iam.IamUsers(), - "iam.virtual_mfa_devices": iam.IamVirtualMfaDevices(), - "iot.billing_groups": iot.IotBillingGroups(), - "iot.ca_certificates": iot.IotCaCertificates(), - "iot.certificates": iot.IotCertificates(), - "iot.policies": iot.IotPolicies(), - "iot.streams": iot.IotStreams(), - "iot.thing_groups": iot.IotThingGroups(), - "iot.thing_types": iot.IotThingTypes(), - "iot.things": iot.IotThings(), - "iot.topic_rules": iot.IotTopicRules(), - "kms.keys": kms.Keys(), - "lambda.functions": lambda.Functions(), - "lambda.layers": lambda.LambdaLayers(), - "lambda.runtimes": lambda.LambdaRuntimes(), - "mq.brokers": mq.Brokers(), - "organizations.accounts": organizations.Accounts(), - "qldb.ledgers": qldb.Ledgers(), - "rds.certificates": rds.RdsCertificates(), - "rds.cluster_parameter_groups": rds.RdsClusterParameterGroups(), - "rds.cluster_snapshots": rds.RdsClusterSnapshots(), - "rds.clusters": rds.RdsClusters(), - "rds.db_parameter_groups": rds.RdsDbParameterGroups(), - "rds.db_security_groups": rds.RdsDbSecurityGroups(), - "rds.db_snapshots": rds.RdsDbSnapshots(), - "rds.db_subnet_groups": rds.RdsSubnetGroups(), - "rds.event_subscriptions": rds.RdsEventSubscriptions(), - "rds.instances": rds.RdsInstances(), - "redshift.event_subscriptions": redshift.EventSubscriptions(), - "redshift.clusters": redshift.RedshiftClusters(), - "redshift.subnet_groups": redshift.RedshiftSubnetGroups(), - "route53.domains": route53.Route53Domains(), - "route53.health_checks": route53.Route53HealthChecks(), - "route53.hosted_zones": route53.Route53HostedZones(), - "route53.reusable_delegation_sets": route53.Route53ReusableDelegationSets(), - "route53.traffic_policies": route53.Route53TrafficPolicies(), - "s3.accounts": s3.S3Accounts(), - "s3.buckets": s3.S3Buckets(), - "sagemaker.endpoint_configurations": sagemaker.SagemakerEndpointConfigurations(), - "sagemaker.models": sagemaker.SagemakerModels(), - "sagemaker.notebook_instances": sagemaker.SagemakerNotebookInstances(), - "sagemaker.training_jobs": sagemaker.SagemakerTrainingJobs(), - "secretsmanager.secrets": secretsmanager.SecretsmanagerSecrets(), - "shield.attacks": shield.Attacks(), - "shield.subscriptions": shield.Subscriptions(), - "shield.protections_groups": shield.ProtectionGroups(), - "shield.protections": shield.Protections(), - "sns.subscriptions": sns.SnsSubscriptions(), - "sns.topics": sns.SnsTopics(), - "sqs.queues": sqs.SQSQueues(), - "ssm.documents": ssm.SsmDocuments(), - "ssm.instances": ssm.SsmInstances(), - "waf.rule_groups": waf.WafRuleGroups(), - "waf.rules": waf.WafRules(), - "waf.subscribed_rule_groups": waf.WafSubscribedRuleGroups(), - "waf.web_acls": waf.WafWebAcls(), - "wafv2.ipsets": wafv2.Ipsets(), - "wafv2.managed_rule_groups": wafv2.Wafv2ManagedRuleGroups(), - "wafv2.regex_pattern_sets": wafv2.RegexPatternSets(), - "wafv2.rule_groups": wafv2.Wafv2RuleGroups(), - "wafv2.web_acls": wafv2.Wafv2WebAcls(), - "wafregional.rate_based_rules": wafregional.RateBasedRules(), - "wafregional.rule_groups": wafregional.RuleGroups(), - "wafregional.rules": wafregional.Rules(), - "wafregional.web_acls": wafregional.WebAcls(), - "workspaces.workspaces": workspaces.Workspaces(), - "workspaces.directories": workspaces.Directories(), - "xray.encryption_config": xray.EncryptionConfigs(), - "xray.groups": xray.Groups(), - "xray.sampling_rules": xray.SamplingRules(), + "accessanalyzer.analyzers": accessanalyzer.Analyzers(), + "acm.certificates": acm.AcmCertificates(), + "apigateway.api_keys": apigateway.ApigatewayAPIKeys(), + "apigateway.client_certificates": apigateway.ApigatewayClientCertificates(), + "apigateway.domain_names": apigateway.ApigatewayDomainNames(), + "apigateway.rest_apis": apigateway.ApigatewayRestApis(), + "apigateway.usage_plans": apigateway.ApigatewayUsagePlans(), + "apigateway.vpc_links": apigateway.ApigatewayVpcLinks(), + "apigatewayv2.apis": apigatewayv2.Apigatewayv2Apis(), + "apigatewayv2.domain_names": apigatewayv2.Apigatewayv2DomainNames(), + "apigatewayv2.vpc_links": apigatewayv2.Apigatewayv2VpcLinks(), + "applicationautoscaling.policies": applicationautoscaling.ApplicationautoscalingPolicies(), + "athena.data_catalogs": athena.DataCatalogs(), + "athena.work_groups": athena.WorkGroups(), + "autoscaling.groups": autoscaling.AutoscalingGroups(), + "autoscaling.launch_configurations": autoscaling.AutoscalingLaunchConfigurations(), + "autoscaling.scheduled_actions": autoscaling.AutoscalingScheduledActions(), + "aws.regions": ec2.AwsRegions(), + "backup.plans": backup.Plans(), + "backup.vaults": backup.Vaults(), + "backup.global_settings": backup.GlobalSettings(), + "backup.region_settings": backup.RegionSettings(), + "cloudformation.stacks": cloudformation.Stacks(), + "cloudfront.cache_policies": cloudfront.CloudfrontCachePolicies(), + "cloudfront.distributions": cloudfront.CloudfrontDistributions(), + "cloudtrail.trails": cloudtrail.CloudtrailTrails(), + "cloudwatch.alarms": cloudwatch.CloudwatchAlarms(), + "cloudwatchlogs.filters": cloudwatchlogs.CloudwatchlogsFilters(), + "codebuild.projects": codebuild.CodebuildProjects(), + "codepipeline.pipelines": codepipeline.Pipelines(), + "codepipeline.webhooks": codepipeline.Webhooks(), + "cognito.identity_pools": cognito.CognitoIdentityPools(), + "cognito.user_pools": cognito.CognitoUserPools(), + "config.configuration_recorders": config.ConfigConfigurationRecorders(), + "config.conformance_packs": config.ConfigConformancePack(), + "dax.clusters": dax.DaxClusters(), + "directconnect.connections": directconnect.DirectconnectConnections(), + "directconnect.gateways": directconnect.DirectconnectGateways(), + "directconnect.lags": directconnect.DirectconnectLags(), + "directconnect.virtual_gateways": directconnect.DirectconnectVirtualGateways(), + "directconnect.virtual_interfaces": directconnect.DirectconnectVirtualInterfaces(), + "dms.replication_instances": dms.DmsReplicationInstances(), + "dynamodb.tables": dynamodb.DynamodbTables(), + "ec2.byoip_cidrs": ec2.Ec2ByoipCidrs(), + "ec2.customer_gateways": ec2.Ec2CustomerGateways(), + "ec2.ebs_snapshots": ec2.Ec2EbsSnapshots(), + "ec2.ebs_volumes": ec2.Ec2EbsVolumes(), + "ec2.egress_only_internet_gateways": ec2.EgressOnlyInternetGateways(), + "ec2.eips": ec2.Ec2Eips(), + "ec2.hosts": ec2.Hosts(), + "ec2.flow_logs": ec2.Ec2FlowLogs(), + "ec2.images": ec2.Ec2Images(), + "ec2.instance_statuses": ec2.Ec2InstanceStatuses(), + "ec2.instances": ec2.Ec2Instances(), + "ec2.internet_gateways": ec2.Ec2InternetGateways(), + "ec2.network_interfaces": ec2.NetworkInterfaces(), + "ec2.nat_gateways": ec2.Ec2NatGateways(), + "ec2.network_acls": ec2.Ec2NetworkAcls(), + "ec2.regional_config": ec2.Ec2RegionalConfig(), + "ec2.route_tables": ec2.Ec2RouteTables(), + "ec2.security_groups": ec2.Ec2SecurityGroups(), + "ec2.subnets": ec2.Ec2Subnets(), + "ec2.transit_gateways": ec2.Ec2TransitGateways(), + "ec2.vpc_endpoint_service_configurations": ec2.Ec2VpcEndpointServiceConfigurations(), + "ec2.vpc_endpoint_services": ec2.Ec2VpcEndpointServices(), + "ec2.vpc_endpoints": ec2.Ec2VpcEndpoints(), + "ec2.vpc_peering_connections": ec2.Ec2VpcPeeringConnections(), + "ec2.vpcs": ec2.Ec2Vpcs(), + "ec2.vpn_gateways": ec2.Ec2VpnGateways(), + "ecr.repositories": ecr.EcrRepositories(), + "ecs.clusters": ecs.Clusters(), + "ecs.task_definitions": ecs.EcsTaskDefinitions(), + "efs.filesystems": efs.EfsFilesystems(), + "eks.clusters": eks.EksClusters(), + "elasticbeanstalk.applications": elasticbeanstalk.ElasticbeanstalkApplications(), + "elasticbeanstalk.application_versions": elasticbeanstalk.ApplicationVersions(), + "elasticbeanstalk.environments": elasticbeanstalk.ElasticbeanstalkEnvironments(), + "elasticsearch.domains": elasticsearch.ElasticsearchDomains(), + "elbv1.load_balancers": elbv1.Elbv1LoadBalancers(), + "elbv2.load_balancers": elbv2.Elbv2LoadBalancers(), + "elbv2.target_groups": elbv2.Elbv2TargetGroups(), + "emr.block_public_access_configs": emr.EmrBlockPublicAccessConfigs(), + "emr.clusters": emr.EmrClusters(), + "fsx.backups": fsx.FsxBackups(), + "guardduty.detectors": guardduty.GuarddutyDetectors(), + "iam.accounts": iam.IamAccounts(), + "iam.groups": iam.IamGroups(), + "iam.openid_connect_identity_providers": iam.IamOpenidConnectIdentityProviders(), + "iam.password_policies": iam.IamPasswordPolicies(), + "iam.policies": iam.IamPolicies(), + "iam.roles": iam.IamRoles(), + "iam.saml_identity_providers": iam.IamSamlIdentityProviders(), + "iam.server_certificates": iam.IamServerCertificates(), + "iam.users": iam.IamUsers(), + "iam.virtual_mfa_devices": iam.IamVirtualMfaDevices(), + "iot.billing_groups": iot.IotBillingGroups(), + "iot.ca_certificates": iot.IotCaCertificates(), + "iot.certificates": iot.IotCertificates(), + "iot.policies": iot.IotPolicies(), + "iot.streams": iot.IotStreams(), + "iot.thing_groups": iot.IotThingGroups(), + "iot.thing_types": iot.IotThingTypes(), + "iot.things": iot.IotThings(), + "iot.topic_rules": iot.IotTopicRules(), + "kms.keys": kms.Keys(), + "lambda.functions": lambda.Functions(), + "lambda.layers": lambda.LambdaLayers(), + "lambda.runtimes": lambda.LambdaRuntimes(), + "mq.brokers": mq.Brokers(), + "organizations.accounts": organizations.Accounts(), + "qldb.ledgers": qldb.Ledgers(), + "rds.certificates": rds.RdsCertificates(), + "rds.cluster_parameter_groups": rds.RdsClusterParameterGroups(), + "rds.cluster_snapshots": rds.RdsClusterSnapshots(), + "rds.clusters": rds.RdsClusters(), + "rds.db_parameter_groups": rds.RdsDbParameterGroups(), + "rds.db_security_groups": rds.RdsDbSecurityGroups(), + "rds.db_snapshots": rds.RdsDbSnapshots(), + "rds.db_subnet_groups": rds.RdsSubnetGroups(), + "rds.event_subscriptions": rds.RdsEventSubscriptions(), + "rds.instances": rds.RdsInstances(), + "redshift.event_subscriptions": redshift.EventSubscriptions(), + "redshift.clusters": redshift.RedshiftClusters(), + "redshift.subnet_groups": redshift.RedshiftSubnetGroups(), + "route53.domains": route53.Route53Domains(), + "route53.health_checks": route53.Route53HealthChecks(), + "route53.hosted_zones": route53.Route53HostedZones(), + "route53.reusable_delegation_sets": route53.Route53ReusableDelegationSets(), + "route53.traffic_policies": route53.Route53TrafficPolicies(), + "s3.accounts": s3.S3Accounts(), + "s3.buckets": s3.S3Buckets(), + "sagemaker.endpoint_configurations": sagemaker.SagemakerEndpointConfigurations(), + "sagemaker.models": sagemaker.SagemakerModels(), + "sagemaker.notebook_instances": sagemaker.SagemakerNotebookInstances(), + "sagemaker.training_jobs": sagemaker.SagemakerTrainingJobs(), + "secretsmanager.secrets": secretsmanager.SecretsmanagerSecrets(), + "shield.attacks": shield.Attacks(), + "shield.subscriptions": shield.Subscriptions(), + "shield.protections_groups": shield.ProtectionGroups(), + "shield.protections": shield.Protections(), + "sns.subscriptions": sns.SnsSubscriptions(), + "sns.topics": sns.SnsTopics(), + "sqs.queues": sqs.SQSQueues(), + "ssm.documents": ssm.SsmDocuments(), + "ssm.instances": ssm.SsmInstances(), + "waf.rule_groups": waf.WafRuleGroups(), + "waf.rules": waf.WafRules(), + "waf.subscribed_rule_groups": waf.WafSubscribedRuleGroups(), + "waf.web_acls": waf.WafWebAcls(), + "wafv2.ipsets": wafv2.Ipsets(), + "wafv2.managed_rule_groups": wafv2.Wafv2ManagedRuleGroups(), + "wafv2.regex_pattern_sets": wafv2.RegexPatternSets(), + "wafv2.rule_groups": wafv2.Wafv2RuleGroups(), + "wafv2.web_acls": wafv2.Wafv2WebAcls(), + "wafregional.rate_based_rules": wafregional.RateBasedRules(), + "wafregional.rule_groups": wafregional.RuleGroups(), + "wafregional.rules": wafregional.Rules(), + "wafregional.web_acls": wafregional.WebAcls(), + "workspaces.workspaces": workspaces.Workspaces(), + "workspaces.directories": workspaces.Directories(), + "xray.encryption_config": xray.EncryptionConfigs(), + "xray.groups": xray.Groups(), + "xray.sampling_rules": xray.SamplingRules(), //"iot.security_profiles": iot.IotSecurityProfiles(), //TODO disabled because of api error NotFoundException: No method found matching route security-profiles for http method GET. }, Config: func() provider.Config { diff --git a/resources/services/ec2/vpc_endpoint_service_configuration.go b/resources/services/ec2/vpc_endpoint_service_configuration.go new file mode 100644 index 000000000..d2c47010b --- /dev/null +++ b/resources/services/ec2/vpc_endpoint_service_configuration.go @@ -0,0 +1,177 @@ +package ec2 + +import ( + "context" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ec2" + "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/cloudquery/cq-provider-aws/client" + "github.com/cloudquery/cq-provider-sdk/provider/diag" + "github.com/cloudquery/cq-provider-sdk/provider/schema" +) + +func Ec2VpcEndpointServiceConfigurations() *schema.Table { + return &schema.Table{ + Name: "aws_ec2_vpc_endpoint_service_configurations", + Description: "Describes a service configuration for a VPC endpoint service.", + Resolver: fetchEc2VpcEndpointServiceConfigurations, + Multiplex: client.ServiceAccountRegionMultiplexer("ec2"), + IgnoreError: client.IgnoreCommonErrors, + DeleteFilter: client.DeleteAccountRegionFilter, + Options: schema.TableCreationOptions{PrimaryKeys: []string{"arn"}}, + Columns: []schema.Column{ + { + Name: "account_id", + Description: "The AWS Account ID of the resource.", + Type: schema.TypeString, + Resolver: client.ResolveAWSAccount, + }, + { + Name: "region", + Description: "The AWS Region of the resource.", + Type: schema.TypeString, + Resolver: client.ResolveAWSRegion, + }, + { + Name: "arn", + Description: "The Amazon Resource Name (ARN) for the resource.", + Type: schema.TypeString, + Resolver: client.ResolveARN(client.EC2Service, func(resource *schema.Resource) ([]string, error) { + return []string{"vpc-endpoint-service-configuration", *resource.Item.(types.ServiceConfiguration).ServiceId}, nil + }), + }, + { + Name: "acceptance_required", + Description: "Indicates whether requests from other AWS accounts to create an endpoint to the service must first be accepted.", + Type: schema.TypeBool, + }, + { + Name: "availability_zones", + Description: "The Availability Zones in which the service is available.", + Type: schema.TypeStringArray, + }, + { + Name: "base_endpoint_dns_names", + Description: "The DNS names for the service.", + Type: schema.TypeStringArray, + }, + { + Name: "gateway_load_balancer_arns", + Description: "The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service.", + Type: schema.TypeStringArray, + IgnoreInTests: true, + }, + { + Name: "manages_vpc_endpoints", + Description: "Indicates whether the service manages its VPC endpoints.", + Type: schema.TypeBool, + }, + { + Name: "network_load_balancer_arns", + Description: "The Amazon Resource Names (ARNs) of the Network Load Balancers for the service.", + Type: schema.TypeStringArray, + }, + { + Name: "payer_responsibility", + Description: "The payer responsibility.", + Type: schema.TypeString, + }, + { + Name: "private_dns_name", + Description: "The private DNS name for the service.", + Type: schema.TypeString, + IgnoreInTests: true, + }, + { + Name: "private_dns_name_configuration_name", + Description: "The name of the record subdomain the service provider needs to create.", + Type: schema.TypeString, + Resolver: schema.PathResolver("PrivateDnsNameConfiguration.Name"), + IgnoreInTests: true, + }, + { + Name: "private_dns_name_configuration_state", + Description: "The verification state of the VPC endpoint service.", + Type: schema.TypeString, + Resolver: schema.PathResolver("PrivateDnsNameConfiguration.State"), + }, + { + Name: "private_dns_name_configuration_type", + Description: "The endpoint service verification type, for example TXT.", + Type: schema.TypeString, + Resolver: schema.PathResolver("PrivateDnsNameConfiguration.Type"), + IgnoreInTests: true, + }, + { + Name: "private_dns_name_configuration_value", + Description: "The value the service provider adds to the private DNS name domain record before verification.", + Type: schema.TypeString, + Resolver: schema.PathResolver("PrivateDnsNameConfiguration.Value"), + IgnoreInTests: true, + }, + { + Name: "service_id", + Description: "The ID of the service.", + Type: schema.TypeString, + }, + { + Name: "service_name", + Description: "The name of the service.", + Type: schema.TypeString, + }, + { + Name: "service_state", + Description: "The service state.", + Type: schema.TypeString, + }, + { + Name: "service_type", + Description: "The type of service.", + Type: schema.TypeStringArray, + Resolver: resolveEc2VpcEndpointServiceConfigurationServiceType, + }, + { + Name: "tags", + Description: "Any tags assigned to the service.", + Type: schema.TypeJSON, + Resolver: resolveEc2VpcEndpointServiceConfigurationTags, + }, + }, + } +} + +// ==================================================================================================================== +// Table Resolver Functions +// ==================================================================================================================== +func fetchEc2VpcEndpointServiceConfigurations(ctx context.Context, meta schema.ClientMeta, _ *schema.Resource, res chan<- interface{}) error { + var config ec2.DescribeVpcEndpointServiceConfigurationsInput + c := meta.(*client.Client) + svc := c.Services().EC2 + for { + output, err := svc.DescribeVpcEndpointServiceConfigurations(ctx, &config, func(options *ec2.Options) { + options.Region = c.Region + }) + if err != nil { + return diag.WrapError(err) + } + res <- output.ServiceConfigurations + if aws.ToString(output.NextToken) == "" { + break + } + config.NextToken = output.NextToken + } + return nil +} +func resolveEc2VpcEndpointServiceConfigurationServiceType(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r := resource.Item.(types.ServiceConfiguration) + st := make([]string, 0, len(r.ServiceType)) + for _, std := range r.ServiceType { + st = append(st, string(std.ServiceType)) + } + return diag.WrapError(resource.Set(c.Name, st)) +} +func resolveEc2VpcEndpointServiceConfigurationTags(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r := resource.Item.(types.ServiceConfiguration) + return diag.WrapError(resource.Set(c.Name, client.TagsToMap(r.Tags))) +} diff --git a/resources/services/ec2/vpc_endpoint_service_configurations_mock_test.go b/resources/services/ec2/vpc_endpoint_service_configurations_mock_test.go new file mode 100644 index 000000000..fccafbb97 --- /dev/null +++ b/resources/services/ec2/vpc_endpoint_service_configurations_mock_test.go @@ -0,0 +1,31 @@ +package ec2 + +import ( + "testing" + + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2Types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/cloudquery/cq-provider-aws/client" + "github.com/cloudquery/cq-provider-aws/client/mocks" + "github.com/cloudquery/faker/v3" + "github.com/golang/mock/gomock" +) + +func buildEc2VpcEndpointServiceConfigurations(t *testing.T, ctrl *gomock.Controller) client.Services { + m := mocks.NewMockEc2Client(ctrl) + sc := ec2Types.ServiceConfiguration{} + if err := faker.FakeData(&sc); err != nil { + t.Fatal(err) + } + m.EXPECT().DescribeVpcEndpointServiceConfigurations(gomock.Any(), gomock.Any(), gomock.Any()).Return( + &ec2.DescribeVpcEndpointServiceConfigurationsOutput{ + ServiceConfigurations: []ec2Types.ServiceConfiguration{sc}, + }, nil) + return client.Services{ + EC2: m, + } +} + +func TestEc2VpcEndpointServiceConfigurations(t *testing.T) { + client.AwsMockTestHelper(t, Ec2VpcEndpointServiceConfigurations(), buildEc2VpcEndpointServiceConfigurations, client.TestOptions{}) +} diff --git a/resources/services/ec2/vpc_endpoint_services.go b/resources/services/ec2/vpc_endpoint_services.go new file mode 100644 index 000000000..766fa7bd4 --- /dev/null +++ b/resources/services/ec2/vpc_endpoint_services.go @@ -0,0 +1,163 @@ +package ec2 + +import ( + "context" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ec2" + "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/cloudquery/cq-provider-aws/client" + "github.com/cloudquery/cq-provider-sdk/provider/diag" + "github.com/cloudquery/cq-provider-sdk/provider/schema" +) + +func Ec2VpcEndpointServices() *schema.Table { + return &schema.Table{ + Name: "aws_ec2_vpc_endpoint_services", + Description: "Describes a VPC endpoint service.", + Resolver: fetchEc2VpcEndpointServices, + Multiplex: client.ServiceAccountRegionMultiplexer("ec2"), + IgnoreError: client.IgnoreCommonErrors, + DeleteFilter: client.DeleteAccountRegionFilter, + Options: schema.TableCreationOptions{PrimaryKeys: []string{"account_id", "id"}}, + Columns: []schema.Column{ + { + Name: "account_id", + Description: "The AWS Account ID of the resource.", + Type: schema.TypeString, + Resolver: client.ResolveAWSAccount, + }, + { + Name: "region", + Description: "The AWS Region of the resource.", + Type: schema.TypeString, + Resolver: client.ResolveAWSRegion, + }, + { + Name: "arn", + Description: "The Amazon Resource Name (ARN) for the resource.", + Type: schema.TypeString, + Resolver: client.ResolveARN(client.EC2Service, func(resource *schema.Resource) ([]string, error) { + return []string{"vpc-endpoint-service", *resource.Item.(types.ServiceDetail).ServiceId}, nil + }), + }, + { + Name: "acceptance_required", + Description: "Indicates whether VPC endpoint connection requests to the service must be accepted by the service owner.", + Type: schema.TypeBool, + }, + { + Name: "availability_zones", + Description: "The Availability Zones in which the service is available.", + Type: schema.TypeStringArray, + }, + { + Name: "base_endpoint_dns_names", + Description: "The DNS names for the service.", + Type: schema.TypeStringArray, + }, + { + Name: "manages_vpc_endpoints", + Description: "Indicates whether the service manages its VPC endpoints.", + Type: schema.TypeBool, + }, + { + Name: "owner", + Description: "The Amazon Web Services account ID of the service owner.", + Type: schema.TypeString, + }, + { + Name: "payer_responsibility", + Description: "The payer responsibility.", + Type: schema.TypeString, + }, + { + Name: "private_dns_name", + Description: "The private DNS name for the service.", + Type: schema.TypeString, + }, + { + Name: "private_dns_name_verification_state", + Description: "The verification state of the VPC endpoint service.", + Type: schema.TypeString, + }, + { + Name: "private_dns_names", + Description: "The private DNS names assigned to the VPC endpoint service.", + Type: schema.TypeStringArray, + Resolver: resolveEc2VpcEndpointServicePrivateDnsNames, + }, + { + Name: "id", + Description: "The ID of the endpoint service.", + Type: schema.TypeString, + Resolver: schema.PathResolver("ServiceId"), + }, + { + Name: "service_name", + Description: "The Amazon Resource Name (ARN) of the service.", + Type: schema.TypeString, + }, + { + Name: "service_type", + Description: "The type of service.", + Type: schema.TypeStringArray, + Resolver: resolveEc2VpcEndpointServiceServiceType, + }, + { + Name: "tags", + Description: "Any tags assigned to the service.", + Type: schema.TypeJSON, + Resolver: resolveEc2VpcEndpointServiceTags, + }, + { + Name: "vpc_endpoint_policy_supported", + Description: "Indicates whether the service supports endpoint policies.", + Type: schema.TypeBool, + }, + }, + } +} + +// ==================================================================================================================== +// Table Resolver Functions +// ==================================================================================================================== +func fetchEc2VpcEndpointServices(ctx context.Context, meta schema.ClientMeta, _ *schema.Resource, res chan<- interface{}) error { + var config ec2.DescribeVpcEndpointServicesInput + c := meta.(*client.Client) + svc := c.Services().EC2 + for { + output, err := svc.DescribeVpcEndpointServices(ctx, &config, func(options *ec2.Options) { + options.Region = c.Region + }) + if err != nil { + return diag.WrapError(err) + } + res <- output.ServiceDetails + if aws.ToString(output.NextToken) == "" { + break + } + config.NextToken = output.NextToken + } + return nil +} +func resolveEc2VpcEndpointServicePrivateDnsNames(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r := resource.Item.(types.ServiceDetail) + pdn := make([]string, 0, len(r.PrivateDnsNames)) + for _, n := range r.PrivateDnsNames { + pdn = append(pdn, *n.PrivateDnsName) + } + return diag.WrapError(resource.Set(c.Name, pdn)) +} +func resolveEc2VpcEndpointServiceServiceType(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r := resource.Item.(types.ServiceDetail) + st := make([]string, 0, len(r.ServiceType)) + for _, std := range r.ServiceType { + st = append(st, string(std.ServiceType)) + } + return diag.WrapError(resource.Set(c.Name, st)) +} +func resolveEc2VpcEndpointServiceTags(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r := resource.Item.(types.ServiceDetail) + return diag.WrapError(resource.Set(c.Name, client.TagsToMap(r.Tags))) +} diff --git a/resources/services/ec2/vpc_endpoint_services_mock_test.go b/resources/services/ec2/vpc_endpoint_services_mock_test.go new file mode 100644 index 000000000..8d80390df --- /dev/null +++ b/resources/services/ec2/vpc_endpoint_services_mock_test.go @@ -0,0 +1,31 @@ +package ec2 + +import ( + "testing" + + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2Types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/cloudquery/cq-provider-aws/client" + "github.com/cloudquery/cq-provider-aws/client/mocks" + "github.com/cloudquery/faker/v3" + "github.com/golang/mock/gomock" +) + +func buildEc2VpcEndpointServices(t *testing.T, ctrl *gomock.Controller) client.Services { + m := mocks.NewMockEc2Client(ctrl) + sd := ec2Types.ServiceDetail{} + if err := faker.FakeData(&sd); err != nil { + t.Fatal(err) + } + m.EXPECT().DescribeVpcEndpointServices(gomock.Any(), gomock.Any(), gomock.Any()).Return( + &ec2.DescribeVpcEndpointServicesOutput{ + ServiceDetails: []ec2Types.ServiceDetail{sd}, + }, nil) + return client.Services{ + EC2: m, + } +} + +func TestEc2VpcEndpointServices(t *testing.T) { + client.AwsMockTestHelper(t, Ec2VpcEndpointServices(), buildEc2VpcEndpointServices, client.TestOptions{}) +}