This repository has been archived by the owner on Aug 16, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Added glue data catalog encryption settings (#1356)
* feat: Added glue data catalog encryption settings * mock generate
- Loading branch information
Showing
7 changed files
with
186 additions
and
0 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
|
||
# Table: aws_glue_datacatalog_encryption_settings | ||
Contains configuration information for maintaining Data Catalog security | ||
## Columns | ||
| Name | Type | Description | | ||
| ------------- | ------------- | ----- | | ||
|account_id|text|The AWS Account ID of the resource.| | ||
|region|text|The AWS Region of the resource.| | ||
|return_connection_password_encrypted|boolean|When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections| | ||
|aws_kms_key_id|text|An KMS key that is used to encrypt the connection password| | ||
|encryption_at_rest_catalog_encryption_mode|text|The encryption-at-rest mode for encrypting Data Catalog data| | ||
|encryption_at_rest_sse_aws_kms_key_id|text|The ID of the KMS key to use for encryption at rest| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
resources/services/glue/datacatalog_encryption_settings.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
package glue | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/aws/aws-sdk-go-v2/service/glue" | ||
"github.com/cloudquery/cq-provider-aws/client" | ||
"github.com/cloudquery/cq-provider-sdk/provider/diag" | ||
"github.com/cloudquery/cq-provider-sdk/provider/schema" | ||
) | ||
|
||
//go:generate cq-gen --resource datacatalog_encryption_settings --config datacatalog_encryption_settings.hcl --output . | ||
func DatacatalogEncryptionSettings() *schema.Table { | ||
return &schema.Table{ | ||
Name: "aws_glue_datacatalog_encryption_settings", | ||
Description: "Contains configuration information for maintaining Data Catalog security", | ||
Resolver: fetchGlueDatacatalogEncryptionSettings, | ||
Multiplex: client.ServiceAccountRegionMultiplexer("glue"), | ||
IgnoreError: client.IgnoreAccessDeniedServiceDisabled, | ||
DeleteFilter: client.DeleteAccountRegionFilter, | ||
Options: schema.TableCreationOptions{PrimaryKeys: []string{"account_id"}}, | ||
Columns: []schema.Column{ | ||
{ | ||
Name: "account_id", | ||
Description: "The AWS Account ID of the resource.", | ||
Type: schema.TypeString, | ||
Resolver: client.ResolveAWSAccount, | ||
}, | ||
{ | ||
Name: "region", | ||
Description: "The AWS Region of the resource.", | ||
Type: schema.TypeString, | ||
Resolver: client.ResolveAWSRegion, | ||
}, | ||
{ | ||
Name: "return_connection_password_encrypted", | ||
Description: "When the ReturnConnectionPasswordEncrypted flag is set to \"true\", passwords remain encrypted in the responses of GetConnection and GetConnections", | ||
Type: schema.TypeBool, | ||
Resolver: schema.PathResolver("ConnectionPasswordEncryption.ReturnConnectionPasswordEncrypted"), | ||
}, | ||
{ | ||
Name: "aws_kms_key_id", | ||
Description: "An KMS key that is used to encrypt the connection password", | ||
Type: schema.TypeString, | ||
Resolver: schema.PathResolver("ConnectionPasswordEncryption.AwsKmsKeyId"), | ||
}, | ||
{ | ||
Name: "encryption_at_rest_catalog_encryption_mode", | ||
Description: "The encryption-at-rest mode for encrypting Data Catalog data", | ||
Type: schema.TypeString, | ||
Resolver: schema.PathResolver("EncryptionAtRest.CatalogEncryptionMode"), | ||
}, | ||
{ | ||
Name: "encryption_at_rest_sse_aws_kms_key_id", | ||
Description: "The ID of the KMS key to use for encryption at rest", | ||
Type: schema.TypeString, | ||
Resolver: schema.PathResolver("EncryptionAtRest.SseAwsKmsKeyId"), | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
// ==================================================================================================================== | ||
// Table Resolver Functions | ||
// ==================================================================================================================== | ||
|
||
func fetchGlueDatacatalogEncryptionSettings(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error { | ||
cl := meta.(*client.Client) | ||
svc := cl.Services().Glue | ||
result, err := svc.GetDataCatalogEncryptionSettings(ctx, &glue.GetDataCatalogEncryptionSettingsInput{}) | ||
if err != nil { | ||
if cl.IsNotFoundError(err) { | ||
return nil | ||
} | ||
return diag.WrapError(err) | ||
} | ||
res <- result.DataCatalogEncryptionSettings | ||
return nil | ||
} |
42 changes: 42 additions & 0 deletions
42
resources/services/glue/datacatalog_encryption_settings.hcl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
service = "aws" | ||
output_directory = "." | ||
add_generate = true | ||
|
||
description_modifier "remove_read_only" { | ||
words = [" This member is required."] | ||
} | ||
|
||
resource "aws" "glue" "datacatalog_encryption_settings" { | ||
path = "github.com/aws/aws-sdk-go-v2/service/glue/types.DataCatalogEncryptionSettings" | ||
ignoreError "IgnoreAccessDenied" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.IgnoreAccessDeniedServiceDisabled" | ||
} | ||
deleteFilter "AccountRegionFilter" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.DeleteAccountRegionFilter" | ||
} | ||
multiplex "AwsAccountRegion" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.ServiceAccountRegionMultiplexer" | ||
params = ["glue"] | ||
} | ||
options { | ||
primary_keys = ["account_id"] | ||
} | ||
userDefinedColumn "account_id" { | ||
description = "The AWS Account ID of the resource." | ||
type = "string" | ||
resolver "resolveAWSAccount" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.ResolveAWSAccount" | ||
} | ||
} | ||
userDefinedColumn "region" { | ||
type = "string" | ||
description = "The AWS Region of the resource." | ||
resolver "resolveAWSRegion" { | ||
path = "github.com/cloudquery/cq-provider-aws/client.ResolveAWSRegion" | ||
} | ||
} | ||
|
||
column "connection_password_encryption" { | ||
skip_prefix = true | ||
} | ||
} |
31 changes: 31 additions & 0 deletions
31
resources/services/glue/datacatalog_encryption_settings_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
package glue | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/aws/aws-sdk-go-v2/service/glue" | ||
"github.com/cloudquery/cq-provider-aws/client" | ||
"github.com/cloudquery/cq-provider-aws/client/mocks" | ||
"github.com/cloudquery/faker/v3" | ||
"github.com/golang/mock/gomock" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func buildDatacatalogEncryptionSettingsMock(t *testing.T, ctrl *gomock.Controller) client.Services { | ||
m := mocks.NewMockGlueClient(ctrl) | ||
|
||
var s glue.GetDataCatalogEncryptionSettingsOutput | ||
require.NoError(t, faker.FakeData(&s)) | ||
m.EXPECT().GetDataCatalogEncryptionSettings( | ||
gomock.Any(), | ||
gomock.Any(), | ||
).Return(&s, nil) | ||
|
||
return client.Services{ | ||
Glue: m, | ||
} | ||
} | ||
|
||
func TestDatacatalogEncryptionSettings(t *testing.T) { | ||
client.AwsMockTestHelper(t, DatacatalogEncryptionSettings(), buildDatacatalogEncryptionSettingsMock, client.TestOptions{}) | ||
} |