Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

guardduty: Migrate to AWS SDK v2 #38400

Merged
merged 23 commits into from
Aug 2, 2024
Merged

guardduty: Migrate to AWS SDK v2 #38400

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
d1e450b
guardduty: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
4396c56
make gen
mattburgess Jul 17, 2024
ae411c3
d/guardduty_detector,r/guardduty_detector: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
f813cd2
r/guardduty_detector_feature.go: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
0f24685
r/guardduty_filter: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
bddcca6
d/guardduty_finding_ids: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
4e900cb
r/guardduty_invite_accepter: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
87d327e
r/guardduty_ipset: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
5a5fb9a
r/guardduty_member: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
5f08f82
r/guardduty_organization_admin_account: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
e2a1fd7
r/guardduty_organization_configuration_feature: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
9ac1da9
r/guardduty_organization_configuration: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
44bb8fd
r/guardduty_publishing_destination: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
cdf818c
r/guardduty_threatintelset: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
440932e
guardduty: misc: Migrate to AWS SDK v2
mattburgess Jul 17, 2024
5498d7a
Fix lints
mattburgess Jul 17, 2024
ec99a7c
resolve merge conflicts
johnsonaj Aug 2, 2024
d0ec475
aws_guardduty_ipsec: fix tests
johnsonaj Aug 2, 2024
ef237ff
aws_guardduty_threatintelset: fix tests
johnsonaj Aug 2, 2024
c840b6f
add error precheck for access denied
johnsonaj Aug 2, 2024
04d6e34
chore: linter
johnsonaj Aug 2, 2024
f057711
chore: linter
johnsonaj Aug 2, 2024
e147264
chore: linter
johnsonaj Aug 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions internal/conns/awsclient_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

117 changes: 55 additions & 62 deletions internal/service/guardduty/detector.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,15 @@ import (
"fmt"
"log"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/arn"
"github.com/aws/aws-sdk-go/service/guardduty"
"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/arn"
"github.com/aws/aws-sdk-go-v2/service/guardduty"
awstypes "github.com/aws/aws-sdk-go-v2/service/guardduty/types"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-aws/internal/conns"
"github.com/hashicorp/terraform-provider-aws/internal/errs"
"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
Expand Down Expand Up @@ -146,7 +147,7 @@ func ResourceDetector() *schema.Resource {

func resourceDetectorCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).GuardDutyConn(ctx)
conn := meta.(*conns.AWSClient).GuardDutyClient(ctx)

input := &guardduty.CreateDetectorInput{
Enable: aws.Bool(d.Get("enable").(bool)),
Expand All @@ -158,23 +159,23 @@ func resourceDetectorCreate(ctx context.Context, d *schema.ResourceData, meta in
}

if v, ok := d.GetOk("finding_publishing_frequency"); ok {
input.FindingPublishingFrequency = aws.String(v.(string))
input.FindingPublishingFrequency = awstypes.FindingPublishingFrequency(v.(string))
}

output, err := conn.CreateDetectorWithContext(ctx, input)
output, err := conn.CreateDetector(ctx, input)

if err != nil {
return sdkdiag.AppendErrorf(diags, "creating GuardDuty Detector: %s", err)
}

d.SetId(aws.StringValue(output.DetectorId))
d.SetId(aws.ToString(output.DetectorId))

return append(diags, resourceDetectorRead(ctx, d, meta)...)
}

func resourceDetectorRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).GuardDutyConn(ctx)
conn := meta.(*conns.AWSClient).GuardDutyClient(ctx)

gdo, err := FindDetectorByID(ctx, conn, d.Id())

Expand Down Expand Up @@ -205,7 +206,7 @@ func resourceDetectorRead(ctx context.Context, d *schema.ResourceData, meta inte
} else {
d.Set("datasources", nil)
}
d.Set("enable", aws.StringValue(gdo.Status) == guardduty.DetectorStatusEnabled)
d.Set("enable", gdo.Status == awstypes.DetectorStatusEnabled)
d.Set("finding_publishing_frequency", gdo.FindingPublishingFrequency)

setTagsOut(ctx, gdo.Tags)
Expand All @@ -215,20 +216,20 @@ func resourceDetectorRead(ctx context.Context, d *schema.ResourceData, meta inte

func resourceDetectorUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).GuardDutyConn(ctx)
conn := meta.(*conns.AWSClient).GuardDutyClient(ctx)

if d.HasChangesExcept(names.AttrTags, names.AttrTagsAll) {
input := &guardduty.UpdateDetectorInput{
DetectorId: aws.String(d.Id()),
Enable: aws.Bool(d.Get("enable").(bool)),
FindingPublishingFrequency: aws.String(d.Get("finding_publishing_frequency").(string)),
FindingPublishingFrequency: awstypes.FindingPublishingFrequency(d.Get("finding_publishing_frequency").(string)),
}

if d.HasChange("datasources") {
input.DataSources = expandDataSourceConfigurations(d.Get("datasources").([]interface{})[0].(map[string]interface{}))
}

_, err := conn.UpdateDetectorWithContext(ctx, input)
_, err := conn.UpdateDetector(ctx, input)

if err != nil {
return sdkdiag.AppendErrorf(diags, "updating GuardDuty Detector (%s): %s", d.Id(), err)
Expand All @@ -240,16 +241,16 @@ func resourceDetectorUpdate(ctx context.Context, d *schema.ResourceData, meta in

func resourceDetectorDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).GuardDutyConn(ctx)
conn := meta.(*conns.AWSClient).GuardDutyClient(ctx)

log.Printf("[DEBUG] Deleting GuardDuty Detector: %s", d.Id())
_, err := tfresource.RetryWhenAWSErrMessageContains(ctx, membershipPropagationTimeout, func() (interface{}, error) {
return conn.DeleteDetectorWithContext(ctx, &guardduty.DeleteDetectorInput{
_, err := tfresource.RetryWhenIsAErrorMessageContains[*awstypes.BadRequestException](ctx, membershipPropagationTimeout, func() (interface{}, error) {
return conn.DeleteDetector(ctx, &guardduty.DeleteDetectorInput{
DetectorId: aws.String(d.Id()),
})
}, guardduty.ErrCodeBadRequestException, "cannot delete detector while it has invited or associated members")
}, "cannot delete detector while it has invited or associated members")

if tfawserr.ErrMessageContains(err, guardduty.ErrCodeBadRequestException, "The request is rejected because the input detectorId is not owned by the current account.") {
if errs.IsAErrorMessageContains[*awstypes.BadRequestException](err, "The request is rejected because the input detectorId is not owned by the current account.") {
return diags
}

Expand All @@ -260,12 +261,12 @@ func resourceDetectorDelete(ctx context.Context, d *schema.ResourceData, meta in
return diags
}

func expandDataSourceConfigurations(tfMap map[string]interface{}) *guardduty.DataSourceConfigurations {
func expandDataSourceConfigurations(tfMap map[string]interface{}) *awstypes.DataSourceConfigurations {
if tfMap == nil {
return nil
}

apiObject := &guardduty.DataSourceConfigurations{}
apiObject := &awstypes.DataSourceConfigurations{}

if v, ok := tfMap["kubernetes"].([]interface{}); ok && len(v) > 0 {
apiObject.Kubernetes = expandKubernetesConfiguration(v[0].(map[string]interface{}))
Expand All @@ -282,7 +283,7 @@ func expandDataSourceConfigurations(tfMap map[string]interface{}) *guardduty.Dat
return apiObject
}

func expandKubernetesConfiguration(tfMap map[string]interface{}) *guardduty.KubernetesConfiguration {
func expandKubernetesConfiguration(tfMap map[string]interface{}) *awstypes.KubernetesConfiguration {
if tfMap == nil {
return nil
}
Expand All @@ -297,17 +298,17 @@ func expandKubernetesConfiguration(tfMap map[string]interface{}) *guardduty.Kube
return nil
}

return &guardduty.KubernetesConfiguration{
return &awstypes.KubernetesConfiguration{
AuditLogs: expandKubernetesAuditLogsConfiguration(m),
}
}

func expandKubernetesAuditLogsConfiguration(tfMap map[string]interface{}) *guardduty.KubernetesAuditLogsConfiguration {
func expandKubernetesAuditLogsConfiguration(tfMap map[string]interface{}) *awstypes.KubernetesAuditLogsConfiguration {
if tfMap == nil {
return nil
}

apiObject := &guardduty.KubernetesAuditLogsConfiguration{}
apiObject := &awstypes.KubernetesAuditLogsConfiguration{}

if v, ok := tfMap["enable"].(bool); ok {
apiObject.Enable = aws.Bool(v)
Expand All @@ -316,7 +317,7 @@ func expandKubernetesAuditLogsConfiguration(tfMap map[string]interface{}) *guard
return apiObject
}

func expandMalwareProtectionConfiguration(tfMap map[string]interface{}) *guardduty.MalwareProtectionConfiguration {
func expandMalwareProtectionConfiguration(tfMap map[string]interface{}) *awstypes.MalwareProtectionConfiguration {
if tfMap == nil {
return nil
}
Expand All @@ -331,12 +332,12 @@ func expandMalwareProtectionConfiguration(tfMap map[string]interface{}) *guarddu
return nil
}

return &guardduty.MalwareProtectionConfiguration{
return &awstypes.MalwareProtectionConfiguration{
ScanEc2InstanceWithFindings: expandScanEc2InstanceWithFindings(m),
}
}

func expandScanEc2InstanceWithFindings(tfMap map[string]interface{}) *guardduty.ScanEc2InstanceWithFindings { // nosemgrep:ci.caps3-in-func-name
func expandScanEc2InstanceWithFindings(tfMap map[string]interface{}) *awstypes.ScanEc2InstanceWithFindings { // nosemgrep:ci.caps3-in-func-name
if tfMap == nil {
return nil
}
Expand All @@ -351,7 +352,7 @@ func expandScanEc2InstanceWithFindings(tfMap map[string]interface{}) *guardduty.
return nil
}

apiObject := &guardduty.ScanEc2InstanceWithFindings{
apiObject := &awstypes.ScanEc2InstanceWithFindings{
EbsVolumes: expandMalwareProtectionEBSVolumesConfiguration(m),
}

Expand All @@ -372,12 +373,12 @@ func expandMalwareProtectionEBSVolumesConfiguration(tfMap map[string]interface{}
return apiObject
}

func expandS3LogsConfiguration(tfMap map[string]interface{}) *guardduty.S3LogsConfiguration {
func expandS3LogsConfiguration(tfMap map[string]interface{}) *awstypes.S3LogsConfiguration {
if tfMap == nil {
return nil
}

apiObject := &guardduty.S3LogsConfiguration{}
apiObject := &awstypes.S3LogsConfiguration{}

if v, ok := tfMap["enable"].(bool); ok {
apiObject.Enable = aws.Bool(v)
Expand All @@ -386,7 +387,7 @@ func expandS3LogsConfiguration(tfMap map[string]interface{}) *guardduty.S3LogsCo
return apiObject
}

func flattenDataSourceConfigurationsResult(apiObject *guardduty.DataSourceConfigurationsResult) map[string]interface{} {
func flattenDataSourceConfigurationsResult(apiObject *awstypes.DataSourceConfigurationsResult) map[string]interface{} {
if apiObject == nil {
return nil
}
Expand All @@ -408,7 +409,7 @@ func flattenDataSourceConfigurationsResult(apiObject *guardduty.DataSourceConfig
return tfMap
}

func flattenKubernetesConfiguration(apiObject *guardduty.KubernetesConfigurationResult) map[string]interface{} {
func flattenKubernetesConfiguration(apiObject *awstypes.KubernetesConfigurationResult) map[string]interface{} {
if apiObject == nil {
return nil
}
Expand All @@ -422,21 +423,19 @@ func flattenKubernetesConfiguration(apiObject *guardduty.KubernetesConfiguration
return tfMap
}

func flattenKubernetesAuditLogsConfiguration(apiObject *guardduty.KubernetesAuditLogsConfigurationResult) map[string]interface{} {
func flattenKubernetesAuditLogsConfiguration(apiObject *awstypes.KubernetesAuditLogsConfigurationResult) map[string]interface{} {
if apiObject == nil {
return nil
}

tfMap := map[string]interface{}{}

if v := apiObject.Status; v != nil {
tfMap["enable"] = aws.StringValue(v) == guardduty.DataSourceStatusEnabled
}
tfMap["enable"] = apiObject.Status == awstypes.DataSourceStatusEnabled

return tfMap
}

func flattenMalwareProtectionConfiguration(apiObject *guardduty.MalwareProtectionConfigurationResult) map[string]interface{} {
func flattenMalwareProtectionConfiguration(apiObject *awstypes.MalwareProtectionConfigurationResult) map[string]interface{} {
if apiObject == nil {
return nil
}
Expand All @@ -450,7 +449,7 @@ func flattenMalwareProtectionConfiguration(apiObject *guardduty.MalwareProtectio
return tfMap
}

func flattenScanEc2InstanceWithFindingsResult(apiObject *guardduty.ScanEc2InstanceWithFindingsResult) map[string]interface{} { // nosemgrep:ci.caps3-in-func-name
func flattenScanEc2InstanceWithFindingsResult(apiObject *awstypes.ScanEc2InstanceWithFindingsResult) map[string]interface{} { // nosemgrep:ci.caps3-in-func-name
if apiObject == nil {
return nil
}
Expand All @@ -464,42 +463,38 @@ func flattenScanEc2InstanceWithFindingsResult(apiObject *guardduty.ScanEc2Instan
return tfMap
}

func flattenEbsVolumesResult(apiObject *guardduty.EbsVolumesResult) map[string]interface{} { // nosemgrep:ci.caps3-in-func-name
func flattenEbsVolumesResult(apiObject *awstypes.EbsVolumesResult) map[string]interface{} { // nosemgrep:ci.caps3-in-func-name
if apiObject == nil {
return nil
}

tfMap := map[string]interface{}{}

if v := apiObject.Status; v != nil {
tfMap["enable"] = aws.StringValue(v) == guardduty.DataSourceStatusEnabled
}
tfMap["enable"] = apiObject.Status == awstypes.DataSourceStatusEnabled

return tfMap
}

func flattenS3LogsConfigurationResult(apiObject *guardduty.S3LogsConfigurationResult) map[string]interface{} {
func flattenS3LogsConfigurationResult(apiObject *awstypes.S3LogsConfigurationResult) map[string]interface{} {
if apiObject == nil {
return nil
}

tfMap := map[string]interface{}{}

if v := apiObject.Status; v != nil {
tfMap["enable"] = aws.StringValue(v) == guardduty.DataSourceStatusEnabled
}
tfMap["enable"] = apiObject.Status == awstypes.DataSourceStatusEnabled

return tfMap
}

func FindDetectorByID(ctx context.Context, conn *guardduty.GuardDuty, id string) (*guardduty.GetDetectorOutput, error) {
func FindDetectorByID(ctx context.Context, conn *guardduty.Client, id string) (*guardduty.GetDetectorOutput, error) {
input := &guardduty.GetDetectorInput{
DetectorId: aws.String(id),
}

output, err := conn.GetDetectorWithContext(ctx, input)
output, err := conn.GetDetector(ctx, input)

if tfawserr.ErrMessageContains(err, guardduty.ErrCodeBadRequestException, "The request is rejected because the input detectorId is not owned by the current account.") {
if errs.IsAErrorMessageContains[*awstypes.BadRequestException](err, "The request is rejected because the input detectorId is not owned by the current account.") {
return nil, &retry.NotFoundError{
LastError: err,
LastRequest: input,
Expand All @@ -518,32 +513,30 @@ func FindDetectorByID(ctx context.Context, conn *guardduty.GuardDuty, id string)
}

// FindDetector returns the ID of the current account's active GuardDuty detector.
func FindDetector(ctx context.Context, conn *guardduty.GuardDuty) (*string, error) {
func FindDetector(ctx context.Context, conn *guardduty.Client) (*string, error) {
output, err := findDetectors(ctx, conn)

if err != nil {
return nil, err
}

return tfresource.AssertSinglePtrResult(output)
return tfresource.AssertSingleValueResult(output)
}

func findDetectors(ctx context.Context, conn *guardduty.GuardDuty) ([]*string, error) {
func findDetectors(ctx context.Context, conn *guardduty.Client) ([]string, error) {
input := &guardduty.ListDetectorsInput{}
var output []*string
var output []string

err := conn.ListDetectorsPagesWithContext(ctx, input, func(page *guardduty.ListDetectorsOutput, lastPage bool) bool {
if page == nil {
return !lastPage
}
pages := guardduty.NewListDetectorsPaginator(conn, input)

output = append(output, page.DetectorIds...)
for pages.HasMorePages() {
page, err := pages.NextPage(ctx)

return !lastPage
})
if err != nil {
return nil, err
}

if err != nil {
return nil, err
output = append(output, page.DetectorIds...)
}

return output, nil
Expand Down
6 changes: 3 additions & 3 deletions internal/service/guardduty/detector_data_source.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ package guardduty
import (
"context"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-aws/internal/conns"
Expand Down Expand Up @@ -75,7 +75,7 @@ func DataSourceDetector() *schema.Resource {

func dataSourceDetectorRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).GuardDutyConn(ctx)
conn := meta.(*conns.AWSClient).GuardDutyClient(ctx)

detectorID := d.Get(names.AttrID).(string)

Expand All @@ -86,7 +86,7 @@ func dataSourceDetectorRead(ctx context.Context, d *schema.ResourceData, meta in
return sdkdiag.AppendErrorf(diags, "reading this account's single GuardDuty Detector: %s", err)
}

detectorID = aws.StringValue(output)
detectorID = aws.ToString(output)
}

gdo, err := FindDetectorByID(ctx, conn, detectorID)
Expand Down
Loading
Loading