feat: Added glue data catalog encryption settings (#1356)

* feat: Added glue data catalog encryption settings

* mock generate

client/services.go

@@ -760,6 +760,7 @@ type GlueClient interface {
 	GetTables(ctx context.Context, params *glue.GetTablesInput, optFns ...func(*glue.Options)) (*glue.GetTablesOutput, error)
 	GetMLTransforms(ctx context.Context, params *glue.GetMLTransformsInput, optFns ...func(*glue.Options)) (*glue.GetMLTransformsOutput, error)
 	GetMLTaskRuns(ctx context.Context, params *glue.GetMLTaskRunsInput, optFns ...func(*glue.Options)) (*glue.GetMLTaskRunsOutput, error)
+	GetDataCatalogEncryptionSettings(ctx context.Context, params *glue.GetDataCatalogEncryptionSettingsInput, optFns ...func(*glue.Options)) (*glue.GetDataCatalogEncryptionSettingsOutput, error)
 }
 
 //go:generate mockgen -package=mocks -destination=./mocks/kinesis.go . KinesisClient

docs/tables/aws_glue_datacatalog_encryption_settings.md

@@ -0,0 +1,12 @@
+
+# Table: aws_glue_datacatalog_encryption_settings
+Contains configuration information for maintaining Data Catalog security
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|account_id|text|The AWS Account ID of the resource.|
+|region|text|The AWS Region of the resource.|
+|return_connection_password_encrypted|boolean|When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections|
+|aws_kms_key_id|text|An KMS key that is used to encrypt the connection password|
+|encryption_at_rest_catalog_encryption_mode|text|The encryption-at-rest mode for encrypting Data Catalog data|
+|encryption_at_rest_sse_aws_kms_key_id|text|The ID of the KMS key to use for encryption at rest|

resources/provider/provider.go

@@ -169,6 +169,7 @@ func Provider() *provider.Provider {
 			"emr.clusters":                            emr.EmrClusters(),
 			"fsx.backups":                             fsx.FsxBackups(),
 			"glue.databases":                          glue.Databases(),
+			"glue.datacatalog_encryption_settings":    glue.DatacatalogEncryptionSettings(),
 			"glue.jobs":                               glue.Jobs(),
 			"glue.ml_transforms":                      glue.MlTransforms(),
 			"glue.workflows":                          glue.Workflows(),

resources/services/glue/datacatalog_encryption_settings.go

@@ -0,0 +1,79 @@
+package glue
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/glue"
+	"github.com/cloudquery/cq-provider-aws/client"
+	"github.com/cloudquery/cq-provider-sdk/provider/diag"
+	"github.com/cloudquery/cq-provider-sdk/provider/schema"
+)
+
+//go:generate cq-gen --resource datacatalog_encryption_settings --config datacatalog_encryption_settings.hcl --output .
+func DatacatalogEncryptionSettings() *schema.Table {
+	return &schema.Table{
+		Name:         "aws_glue_datacatalog_encryption_settings",
+		Description:  "Contains configuration information for maintaining Data Catalog security",
+		Resolver:     fetchGlueDatacatalogEncryptionSettings,
+		Multiplex:    client.ServiceAccountRegionMultiplexer("glue"),
+		IgnoreError:  client.IgnoreAccessDeniedServiceDisabled,
+		DeleteFilter: client.DeleteAccountRegionFilter,
+		Options:      schema.TableCreationOptions{PrimaryKeys: []string{"account_id"}},
+		Columns: []schema.Column{
+			{
+				Name:        "account_id",
+				Description: "The AWS Account ID of the resource.",
+				Type:        schema.TypeString,
+				Resolver:    client.ResolveAWSAccount,
+			},
+			{
+				Name:        "region",
+				Description: "The AWS Region of the resource.",
+				Type:        schema.TypeString,
+				Resolver:    client.ResolveAWSRegion,
+			},
+			{
+				Name:        "return_connection_password_encrypted",
+				Description: "When the ReturnConnectionPasswordEncrypted flag is set to \"true\", passwords remain encrypted in the responses of GetConnection and GetConnections",
+				Type:        schema.TypeBool,
+				Resolver:    schema.PathResolver("ConnectionPasswordEncryption.ReturnConnectionPasswordEncrypted"),
+			},
+			{
+				Name:        "aws_kms_key_id",
+				Description: "An KMS key that is used to encrypt the connection password",
+				Type:        schema.TypeString,
+				Resolver:    schema.PathResolver("ConnectionPasswordEncryption.AwsKmsKeyId"),
+			},
+			{
+				Name:        "encryption_at_rest_catalog_encryption_mode",
+				Description: "The encryption-at-rest mode for encrypting Data Catalog data",
+				Type:        schema.TypeString,
+				Resolver:    schema.PathResolver("EncryptionAtRest.CatalogEncryptionMode"),
+			},
+			{
+				Name:        "encryption_at_rest_sse_aws_kms_key_id",
+				Description: "The ID of the KMS key to use for encryption at rest",
+				Type:        schema.TypeString,
+				Resolver:    schema.PathResolver("EncryptionAtRest.SseAwsKmsKeyId"),
+			},
+		},
+	}
+}
+
+// ====================================================================================================================
+//                                               Table Resolver Functions
+// ====================================================================================================================
+
+func fetchGlueDatacatalogEncryptionSettings(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error {
+	cl := meta.(*client.Client)
+	svc := cl.Services().Glue
+	result, err := svc.GetDataCatalogEncryptionSettings(ctx, &glue.GetDataCatalogEncryptionSettingsInput{})
+	if err != nil {
+		if cl.IsNotFoundError(err) {
+			return nil
+		}
+		return diag.WrapError(err)
+	}
+	res <- result.DataCatalogEncryptionSettings
+	return nil
+}

resources/services/glue/datacatalog_encryption_settings.hcl

@@ -0,0 +1,42 @@
+service          = "aws"
+output_directory = "."
+add_generate     = true
+
+description_modifier "remove_read_only" {
+  words = ["  This member is required."]
+}
+
+resource "aws" "glue" "datacatalog_encryption_settings" {
+  path = "github.com/aws/aws-sdk-go-v2/service/glue/types.DataCatalogEncryptionSettings"
+  ignoreError "IgnoreAccessDenied" {
+    path = "github.com/cloudquery/cq-provider-aws/client.IgnoreAccessDeniedServiceDisabled"
+  }
+  deleteFilter "AccountRegionFilter" {
+    path = "github.com/cloudquery/cq-provider-aws/client.DeleteAccountRegionFilter"
+  }
+  multiplex "AwsAccountRegion" {
+    path   = "github.com/cloudquery/cq-provider-aws/client.ServiceAccountRegionMultiplexer"
+    params = ["glue"]
+  }
+  options {
+    primary_keys = ["account_id"]
+  }
+  userDefinedColumn "account_id" {
+    description = "The AWS Account ID of the resource."
+    type        = "string"
+    resolver "resolveAWSAccount" {
+      path = "github.com/cloudquery/cq-provider-aws/client.ResolveAWSAccount"
+    }
+  }
+  userDefinedColumn "region" {
+    type        = "string"
+    description = "The AWS Region of the resource."
+    resolver "resolveAWSRegion" {
+      path = "github.com/cloudquery/cq-provider-aws/client.ResolveAWSRegion"
+    }
+  }
+
+  column "connection_password_encryption" {
+    skip_prefix = true
+  }
+}

resources/services/glue/datacatalog_encryption_settings_test.go

@@ -0,0 +1,31 @@
+package glue
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/service/glue"
+	"github.com/cloudquery/cq-provider-aws/client"
+	"github.com/cloudquery/cq-provider-aws/client/mocks"
+	"github.com/cloudquery/faker/v3"
+	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/require"
+)
+
+func buildDatacatalogEncryptionSettingsMock(t *testing.T, ctrl *gomock.Controller) client.Services {
+	m := mocks.NewMockGlueClient(ctrl)
+
+	var s glue.GetDataCatalogEncryptionSettingsOutput
+	require.NoError(t, faker.FakeData(&s))
+	m.EXPECT().GetDataCatalogEncryptionSettings(
+		gomock.Any(),
+		gomock.Any(),
+	).Return(&s, nil)
+
+	return client.Services{
+		Glue: m,
+	}
+}
+
+func TestDatacatalogEncryptionSettings(t *testing.T) {
+	client.AwsMockTestHelper(t, DatacatalogEncryptionSettings(), buildDatacatalogEncryptionSettingsMock, client.TestOptions{})
+}