cloudquery
diff --git a/‎plugins/source/aws/docs/tables/README.md‎
Lines changed: 5 additions & 1 deletion b/‎plugins/source/aws/docs/tables/README.md‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎plugins/source/aws/resources/services/ssoadmin/account_assignments.go‎
Lines changed: 25 additions & 6 deletions b/‎plugins/source/aws/resources/services/ssoadmin/account_assignments.go‎
Lines changed: 25 additions & 6 deletions
diff --git a/‎plugins/source/aws/resources/services/ssoadmin/customer_managed_policies.go‎
Lines changed: 59 additions & 0 deletions b/‎plugins/source/aws/resources/services/ssoadmin/customer_managed_policies.go‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎plugins/source/aws/resources/services/ssoadmin/inline_policies.go‎
Lines changed: 82 additions & 0 deletions b/‎plugins/source/aws/resources/services/ssoadmin/inline_policies.go‎
Lines changed: 82 additions & 0 deletions
diff --git a/‎plugins/source/aws/resources/services/ssoadmin/instances.go‎
Lines changed: 1 addition & 1 deletion b/‎plugins/source/aws/resources/services/ssoadmin/instances.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎plugins/source/aws/resources/services/ssoadmin/instances_mock_test.go‎
Lines changed: 29 additions & 1 deletion b/‎plugins/source/aws/resources/services/ssoadmin/instances_mock_test.go‎
Lines changed: 29 additions & 1 deletion
diff --git a/‎plugins/source/aws/resources/services/ssoadmin/managed_policies.go‎
Lines changed: 59 additions & 0 deletions b/‎plugins/source/aws/resources/services/ssoadmin/managed_policies.go‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎plugins/source/aws/resources/services/ssoadmin/permission_boundaries.go‎
Lines changed: 58 additions & 0 deletions b/‎plugins/source/aws/resources/services/ssoadmin/permission_boundaries.go‎
Lines changed: 58 additions & 0 deletions
@@ -574,7 +574,11 @@
 - [aws_ssm_sessions](../../../../../website/tables/aws/aws_ssm_sessions.md)
 - [aws_ssoadmin_instances](../../../../../website/tables/aws/aws_ssoadmin_instances.md)
   - [aws_ssoadmin_permission_sets](../../../../../website/tables/aws/aws_ssoadmin_permission_sets.md)
-    - [aws_ssoadmin_account_assignments](../../../../../website/tables/aws/aws_ssoadmin_account_assignments.md)
+    - [aws_ssoadmin_permission_set_account_assignments](../../../../../website/tables/aws/aws_ssoadmin_permission_set_account_assignments.md)
+    - [aws_ssoadmin_permission_set_customer_managed_policies](../../../../../website/tables/aws/aws_ssoadmin_permission_set_customer_managed_policies.md)
+    - [aws_ssoadmin_permission_set_inline_policies](../../../../../website/tables/aws/aws_ssoadmin_permission_set_inline_policies.md)
+    - [aws_ssoadmin_permission_set_managed_policies](../../../../../website/tables/aws/aws_ssoadmin_permission_set_managed_policies.md)
+    - [aws_ssoadmin_permission_set_permissions_boundaries](../../../../../website/tables/aws/aws_ssoadmin_permission_set_permissions_boundaries.md)
 - [aws_stepfunctions_activities](../../../../../website/tables/aws/aws_stepfunctions_activities.md)
 - [aws_stepfunctions_state_machines](../../../../../website/tables/aws/aws_stepfunctions_state_machines.md)
   - [aws_stepfunctions_executions](../../../../../website/tables/aws/aws_stepfunctions_executions.md)
 
@@ -3,6 +3,7 @@ package ssoadmin
 import (
 	"context"
 
+	"github.com/apache/arrow/go/v13/arrow"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ssoadmin"
 	"github.com/aws/aws-sdk-go-v2/service/ssoadmin/types"
@@ -12,13 +13,31 @@ import (
 )
 
 func accountAssignments() *schema.Table {
-	tableName := "aws_ssoadmin_account_assignments"
+	tableName := "aws_ssoadmin_permission_set_account_assignments"
 	return &schema.Table{
-		Name:        tableName,
-		Description: `https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AccountAssignment.html`,
-		Resolver:    fetchSsoadminAccountAssignments,
-		Transform:   transformers.TransformWithStruct(&types.AccountAssignment{}),
-		Multiplex:   client.ServiceAccountRegionMultiplexer(tableName, "identitystore"),
+		Name: tableName,
+		Description: `https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AccountAssignment.html
+The 'request_account_id' and 'request_region' columns are added to show the account_id and region of where the request was made from.`,
+		Resolver:  fetchSsoadminAccountAssignments,
+		Transform: transformers.TransformWithStruct(&types.AccountAssignment{}, transformers.WithPrimaryKeys("PermissionSetArn", "PrincipalId", "PrincipalType", "AccountId")),
+		Columns: schema.ColumnList{
+			{
+				Name:     "request_account_id",
+				Type:     arrow.BinaryTypes.String,
+				Resolver: client.ResolveAWSAccount,
+			},
+			{
+				Name:     "request_region",
+				Type:     arrow.BinaryTypes.String,
+				Resolver: client.ResolveAWSRegion,
+			},
+			{
+				Name:       "instance_arn",
+				Type:       arrow.BinaryTypes.String,
+				Resolver:   schema.ParentColumnResolver("instance_arn"),
+				PrimaryKey: true,
+			},
+		},
 	}
 }
 
 
@@ -0,0 +1,59 @@
+package ssoadmin
+
+import (
+	"context"
+
+	"github.com/apache/arrow/go/v13/arrow"
+	"github.com/aws/aws-sdk-go-v2/service/ssoadmin"
+	"github.com/aws/aws-sdk-go-v2/service/ssoadmin/types"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client"
+	"github.com/cloudquery/plugin-sdk/v3/schema"
+	"github.com/cloudquery/plugin-sdk/v3/transformers"
+)
+
+func customerManagedPolicies() *schema.Table {
+	tableName := "aws_ssoadmin_permission_set_customer_managed_policies"
+	return &schema.Table{
+		Name:        tableName,
+		Description: `https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListManagedPoliciesInPermissionSet.html`,
+		Resolver:    fetchCustomerManagedPolicies,
+		Transform:   transformers.TransformWithStruct(&types.CustomerManagedPolicyReference{}, transformers.WithPrimaryKeys("Name", "Path")),
+		Columns: []schema.Column{
+			{
+				Name:       "permission_set_arn",
+				Type:       arrow.BinaryTypes.String,
+				Resolver:   schema.ParentColumnResolver("permission_set_arn"),
+				PrimaryKey: true,
+			},
+			{
+				Name:       "instance_arn",
+				Type:       arrow.BinaryTypes.String,
+				Resolver:   schema.ParentColumnResolver("instance_arn"),
+				PrimaryKey: true,
+			},
+		},
+	}
+}
+
+func fetchCustomerManagedPolicies(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- any) error {
+	cl := meta.(*client.Client)
+	svc := cl.Services().Ssoadmin
+
+	permissionSetARN := parent.Item.(*types.PermissionSet).PermissionSetArn
+	instanceARN := parent.Parent.Item.(types.InstanceMetadata).InstanceArn
+	config := ssoadmin.ListCustomerManagedPolicyReferencesInPermissionSetInput{
+		InstanceArn:      instanceARN,
+		PermissionSetArn: permissionSetARN,
+	}
+	paginator := ssoadmin.NewListCustomerManagedPolicyReferencesInPermissionSetPaginator(svc, &config)
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx, func(o *ssoadmin.Options) {
+			o.Region = cl.Region
+		})
+		if err != nil {
+			return err
+		}
+		res <- page.CustomerManagedPolicyReferences
+	}
+	return nil
+}
@@ -0,0 +1,82 @@
+package ssoadmin
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/apache/arrow/go/v13/arrow"
+	"github.com/aws/aws-sdk-go-v2/service/ssoadmin"
+	"github.com/aws/aws-sdk-go-v2/service/ssoadmin/types"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client"
+	"github.com/cloudquery/plugin-sdk/v3/schema"
+	"github.com/cloudquery/plugin-sdk/v3/transformers"
+	sdkTypes "github.com/cloudquery/plugin-sdk/v3/types"
+)
+
+func inlinePolicies() *schema.Table {
+	tableName := "aws_ssoadmin_permission_set_inline_policies"
+	return &schema.Table{
+		Name:        tableName,
+		Description: `https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetInlinePolicyForPermissionSet.html`,
+		Resolver:    fetchInlinePolicies,
+		Transform:   transformers.TransformWithStruct(&ssoadmin.GetInlinePolicyForPermissionSetOutput{}, transformers.WithSkipFields("ResultMetadata")),
+		Columns: []schema.Column{
+			{
+				Name:       "permission_set_arn",
+				Type:       arrow.BinaryTypes.String,
+				Resolver:   schema.ParentColumnResolver("permission_set_arn"),
+				PrimaryKey: true,
+			},
+			{
+				Name:       "instance_arn",
+				Type:       arrow.BinaryTypes.String,
+				Resolver:   schema.ParentColumnResolver("instance_arn"),
+				PrimaryKey: true,
+			},
+			{
+				Name:     "inline_policy_json",
+				Type:     sdkTypes.ExtensionTypes.JSON,
+				Resolver: resolveInlinePolicyJSON,
+			},
+		},
+	}
+}
+
+func fetchInlinePolicies(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- any) error {
+	cl := meta.(*client.Client)
+	svc := cl.Services().Ssoadmin
+
+	permissionSetARN := parent.Item.(*types.PermissionSet).PermissionSetArn
+	instanceARN := parent.Parent.Item.(types.InstanceMetadata).InstanceArn
+	config := ssoadmin.GetInlinePolicyForPermissionSetInput{
+		InstanceArn:      instanceARN,
+		PermissionSetArn: permissionSetARN,
+	}
+
+	response, err := svc.GetInlinePolicyForPermissionSet(ctx, &config, func(o *ssoadmin.Options) {
+		o.Region = cl.Region
+	})
+	if err != nil {
+		return err
+	}
+
+	res <- response
+	return nil
+}
+
+func resolveInlinePolicyJSON(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error {
+	r := resource.Item.(*ssoadmin.GetInlinePolicyForPermissionSetOutput)
+
+	decodedDocument, err := url.QueryUnescape(*r.InlinePolicy)
+	if err != nil {
+		return err
+	}
+
+	var document map[string]any
+	err = json.Unmarshal([]byte(decodedDocument), &document)
+	if err != nil {
+		return err
+	}
+	return resource.Set(c.Name, document)
+}
@@ -16,7 +16,7 @@ func Instances() *schema.Table {
 		Name:        tableName,
 		Description: `https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_InstanceMetadata.html`,
 		Resolver:    fetchSsoadminInstances,
-		Transform:   transformers.TransformWithStruct(&types.InstanceMetadata{}),
+		Transform:   transformers.TransformWithStruct(&types.InstanceMetadata{}, transformers.WithPrimaryKeys("InstanceArn")),
 		Multiplex:   client.ServiceAccountRegionMultiplexer(tableName, "identitystore"),
 
 		Relations: []*schema.Table{
 
@@ -16,6 +16,9 @@ func buildInstances(t *testing.T, ctrl *gomock.Controller) client.Services {
 	im := types.InstanceMetadata{}
 	ps := types.PermissionSet{}
 	as := types.AccountAssignment{}
+	pb := types.PermissionsBoundary{}
+	cmpr := types.CustomerManagedPolicyReference{}
+	amp := types.AttachedManagedPolicy{}
 	ip := `{"key": "value"}`
 	err := faker.FakeObject(&ps)
 	if err != nil {
@@ -29,7 +32,18 @@ func buildInstances(t *testing.T, ctrl *gomock.Controller) client.Services {
 	if err != nil {
 		t.Fatal(err)
 	}
-
+	err = faker.FakeObject(&pb)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = faker.FakeObject(&cmpr)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = faker.FakeObject(&amp)
+	if err != nil {
+		t.Fatal(err)
+	}
 	mSSOAdmin.EXPECT().ListInstances(gomock.Any(), gomock.Any(), gomock.Any()).Return(
 		&ssoadmin.ListInstancesOutput{
 			Instances: []types.InstanceMetadata{im},
@@ -58,6 +72,20 @@ func buildInstances(t *testing.T, ctrl *gomock.Controller) client.Services {
 			InlinePolicy: &ip,
 		}, nil)
 
+	mSSOAdmin.EXPECT().GetPermissionsBoundaryForPermissionSet(gomock.Any(), gomock.Any(), gomock.Any()).Return(
+		&ssoadmin.GetPermissionsBoundaryForPermissionSetOutput{
+			PermissionsBoundary: &pb,
+		}, nil)
+
+	mSSOAdmin.EXPECT().ListCustomerManagedPolicyReferencesInPermissionSet(gomock.Any(), gomock.Any(), gomock.Any()).Return(
+		&ssoadmin.ListCustomerManagedPolicyReferencesInPermissionSetOutput{
+			CustomerManagedPolicyReferences: []types.CustomerManagedPolicyReference{cmpr},
+		}, nil)
+	mSSOAdmin.EXPECT().ListManagedPoliciesInPermissionSet(gomock.Any(), gomock.Any(), gomock.Any()).Return(
+		&ssoadmin.ListManagedPoliciesInPermissionSetOutput{
+			AttachedManagedPolicies: []types.AttachedManagedPolicy{amp},
+		}, nil)
+
 	return client.Services{
 		Ssoadmin: mSSOAdmin,
 	}
 
@@ -0,0 +1,59 @@
+package ssoadmin
+
+import (
+	"context"
+
+	"github.com/apache/arrow/go/v13/arrow"
+	"github.com/aws/aws-sdk-go-v2/service/ssoadmin"
+	"github.com/aws/aws-sdk-go-v2/service/ssoadmin/types"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client"
+	"github.com/cloudquery/plugin-sdk/v3/schema"
+	"github.com/cloudquery/plugin-sdk/v3/transformers"
+)
+
+func managedPolicies() *schema.Table {
+	tableName := "aws_ssoadmin_permission_set_managed_policies"
+	return &schema.Table{
+		Name:        tableName,
+		Description: `https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListManagedPoliciesInPermissionSet.html`,
+		Resolver:    fetchManagedPolicies,
+		Transform:   transformers.TransformWithStruct(&types.AttachedManagedPolicy{}, transformers.WithPrimaryKeys("Arn")),
+		Columns: []schema.Column{
+			{
+				Name:       "permission_set_arn",
+				Type:       arrow.BinaryTypes.String,
+				Resolver:   schema.ParentColumnResolver("permission_set_arn"),
+				PrimaryKey: true,
+			},
+			{
+				Name:       "instance_arn",
+				Type:       arrow.BinaryTypes.String,
+				Resolver:   schema.ParentColumnResolver("instance_arn"),
+				PrimaryKey: true,
+			},
+		},
+	}
+}
+
+func fetchManagedPolicies(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- any) error {
+	cl := meta.(*client.Client)
+	svc := cl.Services().Ssoadmin
+
+	permissionSetARN := parent.Item.(*types.PermissionSet).PermissionSetArn
+	instanceARN := parent.Parent.Item.(types.InstanceMetadata).InstanceArn
+	config := ssoadmin.ListManagedPoliciesInPermissionSetInput{
+		InstanceArn:      instanceARN,
+		PermissionSetArn: permissionSetARN,
+	}
+	paginator := ssoadmin.NewListManagedPoliciesInPermissionSetPaginator(svc, &config)
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx, func(o *ssoadmin.Options) {
+			o.Region = cl.Region
+		})
+		if err != nil {
+			return err
+		}
+		res <- page.AttachedManagedPolicies
+	}
+	return nil
+}
@@ -0,0 +1,58 @@
+package ssoadmin
+
+import (
+	"context"
+
+	"github.com/apache/arrow/go/v13/arrow"
+	"github.com/aws/aws-sdk-go-v2/service/ssoadmin"
+	"github.com/aws/aws-sdk-go-v2/service/ssoadmin/types"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client"
+	"github.com/cloudquery/plugin-sdk/v3/schema"
+	"github.com/cloudquery/plugin-sdk/v3/transformers"
+)
+
+func permissionsBoundaries() *schema.Table {
+	tableName := "aws_ssoadmin_permission_set_permissions_boundaries"
+	return &schema.Table{
+		Name:        tableName,
+		Description: `https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetPermissionsBoundaryForPermissionSet.html`,
+		Resolver:    fetchPermissionBoundaries,
+		Transform:   transformers.TransformWithStruct(&types.PermissionsBoundary{}, transformers.WithSkipFields("ResultMetadata")),
+		Columns: []schema.Column{
+			{
+				Name:       "permission_set_arn",
+				Type:       arrow.BinaryTypes.String,
+				Resolver:   schema.ParentColumnResolver("permission_set_arn"),
+				PrimaryKey: true,
+			},
+			{
+				Name:       "instance_arn",
+				Type:       arrow.BinaryTypes.String,
+				Resolver:   schema.ParentColumnResolver("instance_arn"),
+				PrimaryKey: true,
+			},
+		},
+	}
+}
+
+func fetchPermissionBoundaries(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- any) error {
+	cl := meta.(*client.Client)
+	svc := cl.Services().Ssoadmin
+
+	permissionSetARN := parent.Item.(*types.PermissionSet).PermissionSetArn
+	instanceARN := parent.Parent.Item.(types.InstanceMetadata).InstanceArn
+	config := ssoadmin.GetPermissionsBoundaryForPermissionSetInput{
+		InstanceArn:      instanceARN,
+		PermissionSetArn: permissionSetARN,
+	}
+
+	response, err := svc.GetPermissionsBoundaryForPermissionSet(ctx, &config, func(o *ssoadmin.Options) {
+		o.Region = cl.Region
+	})
+	if err != nil {
+		return err
+	}
+
+	res <- response.PermissionsBoundary
+	return nil
+}