feat: Add AWS SSM Parameters resource (#1222)

spangenberg · web-flow · commit 3fde7040afaa · 2022-08-16T18:47:20.000+02:00
diff --git a/plugins/source/aws/client/mocks/mock_ssm.go b/plugins/source/aws/client/mocks/mock_ssm.go
diff --git a/plugins/source/aws/client/services.go b/plugins/source/aws/client/services.go
@@ -786,6 +786,7 @@ type SSMClient interface {
 	DescribeDocument(ctx context.Context, params *ssm.DescribeDocumentInput, optFns ...func(*ssm.Options)) (*ssm.DescribeDocumentOutput, error)
 	DescribeDocumentPermission(ctx context.Context, params *ssm.DescribeDocumentPermissionInput, optFns ...func(*ssm.Options)) (*ssm.DescribeDocumentPermissionOutput, error)
 	DescribeInstanceInformation(ctx context.Context, params *ssm.DescribeInstanceInformationInput, optFns ...func(*ssm.Options)) (*ssm.DescribeInstanceInformationOutput, error)
+	DescribeParameters(ctx context.Context, params *ssm.DescribeParametersInput, optFns ...func(*ssm.Options)) (*ssm.DescribeParametersOutput, error)
 	ListComplianceItems(ctx context.Context, params *ssm.ListComplianceItemsInput, optFns ...func(*ssm.Options)) (*ssm.ListComplianceItemsOutput, error)
 	ListDocuments(ctx context.Context, params *ssm.ListDocumentsInput, optFns ...func(*ssm.Options)) (*ssm.ListDocumentsOutput, error)
 }
diff --git a/plugins/source/aws/docs/tables/aws_ssm_parameter_policies.md b/plugins/source/aws/docs/tables/aws_ssm_parameter_policies.md
@@ -0,0 +1,10 @@
+
+# Table: aws_ssm_parameter_policies
+One or more policies assigned to a parameter
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|parameter_cq_id|uuid|Unique CloudQuery ID of aws_ssm_parameters table (FK)|
+|policy_status|text|The status of the policy|
+|policy_text|text|The JSON text of the policy|
+|policy_type|text|The type of policy|
diff --git a/plugins/source/aws/docs/tables/aws_ssm_parameters.md b/plugins/source/aws/docs/tables/aws_ssm_parameters.md
@@ -0,0 +1,18 @@
+
+# Table: aws_ssm_parameters
+Metadata includes information like the ARN of the last user and the date/time the parameter was last used
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|account_id|text|The AWS Account ID of the resource|
+|region|text|The AWS Region of the resource|
+|allowed_pattern|text|A parameter name can include only the following letters and symbols a-zA-Z0-9_-|
+|data_type|text|The data type of the parameter, such as text or aws:ec2:image|
+|description|text|Description of the parameter actions|
+|key_id|text|The ID of the query key used for this parameter|
+|last_modified_date|timestamp without time zone|Date the parameter was last changed or updated|
+|last_modified_user|text|Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter|
+|name|text|The parameter name|
+|tier|text|The parameter tier|
+|type|text|The type of parameter|
+|version|bigint|The parameter version|
diff --git a/plugins/source/aws/resources/provider/provider.go b/plugins/source/aws/resources/provider/provider.go
@@ -283,6 +283,7 @@ func Provider() *provider.Provider {
 			"sqs.queues":                                 sqs.SQSQueues(),
 			"ssm.documents":                              ssm.SsmDocuments(),
 			"ssm.instances":                              ssm.SsmInstances(),
+			"ssm.parameters":                             ssm.Parameters(),
 			"waf.rule_groups":                            waf.WafRuleGroups(),
 			"waf.rules":                                  waf.WafRules(),
 			"waf.subscribed_rule_groups":                 waf.WafSubscribedRuleGroups(),
diff --git a/plugins/source/aws/resources/services/ssm/parameters.go b/plugins/source/aws/resources/services/ssm/parameters.go
@@ -0,0 +1,140 @@
+package ssm
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ssm"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client"
+	"github.com/cloudquery/cq-provider-sdk/provider/diag"
+	"github.com/cloudquery/cq-provider-sdk/provider/schema"
+)
+
+//go:generate cq-gen --resource parameters --config resources/services/ssm/parameters.hcl --output .
+func Parameters() *schema.Table {
+	return &schema.Table{
+		Name:         "aws_ssm_parameters",
+		Description:  "Metadata includes information like the ARN of the last user and the date/time the parameter was last used",
+		Resolver:     fetchSsmParameters,
+		Multiplex:    client.ServiceAccountRegionMultiplexer("ssm"),
+		IgnoreError:  client.IgnoreAccessDeniedServiceDisabled,
+		DeleteFilter: client.DeleteAccountRegionFilter,
+		Options:      schema.TableCreationOptions{PrimaryKeys: []string{"account_id", "region", "name"}},
+		Columns: []schema.Column{
+			{
+				Name:        "account_id",
+				Description: "The AWS Account ID of the resource",
+				Type:        schema.TypeString,
+				Resolver:    client.ResolveAWSAccount,
+			},
+			{
+				Name:        "region",
+				Description: "The AWS Region of the resource",
+				Type:        schema.TypeString,
+				Resolver:    client.ResolveAWSRegion,
+			},
+			{
+				Name:        "allowed_pattern",
+				Description: "A parameter name can include only the following letters and symbols a-zA-Z0-9_-",
+				Type:        schema.TypeString,
+			},
+			{
+				Name:        "data_type",
+				Description: "The data type of the parameter, such as text or aws:ec2:image",
+				Type:        schema.TypeString,
+			},
+			{
+				Name:        "description",
+				Description: "Description of the parameter actions",
+				Type:        schema.TypeString,
+			},
+			{
+				Name:        "key_id",
+				Description: "The ID of the query key used for this parameter",
+				Type:        schema.TypeString,
+			},
+			{
+				Name:        "last_modified_date",
+				Description: "Date the parameter was last changed or updated",
+				Type:        schema.TypeTimestamp,
+			},
+			{
+				Name:        "last_modified_user",
+				Description: "Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter",
+				Type:        schema.TypeString,
+			},
+			{
+				Name:        "name",
+				Description: "The parameter name",
+				Type:        schema.TypeString,
+			},
+			{
+				Name:        "tier",
+				Description: "The parameter tier",
+				Type:        schema.TypeString,
+			},
+			{
+				Name:        "type",
+				Description: "The type of parameter",
+				Type:        schema.TypeString,
+			},
+			{
+				Name:        "version",
+				Description: "The parameter version",
+				Type:        schema.TypeBigInt,
+			},
+		},
+		Relations: []*schema.Table{
+			{
+				Name:        "aws_ssm_parameter_policies",
+				Description: "One or more policies assigned to a parameter",
+				Resolver:    schema.PathTableResolver("Policies"),
+				Columns: []schema.Column{
+					{
+						Name:        "parameter_cq_id",
+						Description: "Unique CloudQuery ID of aws_ssm_parameters table (FK)",
+						Type:        schema.TypeUUID,
+						Resolver:    schema.ParentIdResolver,
+					},
+					{
+						Name:        "policy_status",
+						Description: "The status of the policy",
+						Type:        schema.TypeString,
+					},
+					{
+						Name:        "policy_text",
+						Description: "The JSON text of the policy",
+						Type:        schema.TypeString,
+					},
+					{
+						Name:        "policy_type",
+						Description: "The type of policy",
+						Type:        schema.TypeString,
+					},
+				},
+			},
+		},
+	}
+}
+
+// ====================================================================================================================
+//                                               Table Resolver Functions
+// ====================================================================================================================
+
+func fetchSsmParameters(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error {
+	cl := meta.(*client.Client)
+	svc := cl.Services().SSM
+	params := ssm.DescribeParametersInput{}
+	for {
+		output, err := svc.DescribeParameters(ctx, &params)
+		if err != nil {
+			return diag.WrapError(err)
+		}
+		res <- output.Parameters
+		if aws.ToString(output.NextToken) == "" {
+			break
+		}
+		params.NextToken = output.NextToken
+	}
+	return nil
+}
diff --git a/plugins/source/aws/resources/services/ssm/parameters.hcl b/plugins/source/aws/resources/services/ssm/parameters.hcl
@@ -0,0 +1,40 @@
+service          = "aws"
+output_directory = "."
+add_generate     = true
+
+description_modifier "remove_read_only" {
+  words = ["  This member is required"]
+}
+
+resource "aws" "ssm" "parameters" {
+  path = "github.com/aws/aws-sdk-go-v2/service/ssm/types.ParameterMetadata"
+  ignoreError "IgnoreAccessDenied" {
+    path = "github.com/cloudquery/cloudquery/plugins/source/aws/client.IgnoreAccessDeniedServiceDisabled"
+  }
+  deleteFilter "AccountRegionFilter" {
+    path = "github.com/cloudquery/cloudquery/plugins/source/aws/client.DeleteAccountRegionFilter"
+  }
+  multiplex "AwsAccountRegion" {
+    path   = "github.com/cloudquery/cloudquery/plugins/source/aws/client.ServiceAccountRegionMultiplexer"
+    params = ["ssm"]
+  }
+
+  userDefinedColumn "account_id" {
+    description = "The AWS Account ID of the resource"
+    type        = "string"
+    resolver "resolveAWSAccount" {
+      path = "github.com/cloudquery/cloudquery/plugins/source/aws/client.ResolveAWSAccount"
+    }
+  }
+  userDefinedColumn "region" {
+    type        = "string"
+    description = "The AWS Region of the resource"
+    resolver "resolveAWSRegion" {
+      path = "github.com/cloudquery/cloudquery/plugins/source/aws/client.ResolveAWSRegion"
+    }
+  }
+
+  options {
+    primary_keys = ["account_id", "region", "name"]
+  }
+}
diff --git a/plugins/source/aws/resources/services/ssm/parameters_mock_test.go b/plugins/source/aws/resources/services/ssm/parameters_mock_test.go
@@ -0,0 +1,32 @@
+package ssm
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/service/ssm"
+	"github.com/aws/aws-sdk-go-v2/service/ssm/types"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client/mocks"
+	"github.com/cloudquery/faker/v3"
+	"github.com/golang/mock/gomock"
+)
+
+func buildParameters(t *testing.T, ctrl *gomock.Controller) client.Services {
+	mock := mocks.NewMockSSMClient(ctrl)
+	var pm types.ParameterMetadata
+	if err := faker.FakeData(&pm); err != nil {
+		t.Fatal(err)
+	}
+	mock.EXPECT().DescribeParameters(
+		gomock.Any(),
+		&ssm.DescribeParametersInput{},
+	).Return(
+		&ssm.DescribeParametersOutput{Parameters: []types.ParameterMetadata{pm}},
+		nil,
+	)
+	return client.Services{SSM: mock}
+}
+
+func TestParameters(t *testing.T) {
+	client.AwsMockTestHelper(t, Parameters(), buildParameters, client.TestOptions{})
+}

Original file line number	Diff line number	Diff line change
`@@ -786,6 +786,7 @@ type SSMClient interface {`
`786`	`786`	`DescribeDocument(ctx context.Context, params ssm.DescribeDocumentInput, optFns ...func(ssm.Options)) (*ssm.DescribeDocumentOutput, error)`
`787`	`787`	`DescribeDocumentPermission(ctx context.Context, params ssm.DescribeDocumentPermissionInput, optFns ...func(ssm.Options)) (*ssm.DescribeDocumentPermissionOutput, error)`
`788`	`788`	`DescribeInstanceInformation(ctx context.Context, params ssm.DescribeInstanceInformationInput, optFns ...func(ssm.Options)) (*ssm.DescribeInstanceInformationOutput, error)`
	`789`	`+ DescribeParameters(ctx context.Context, params ssm.DescribeParametersInput, optFns ...func(ssm.Options)) (*ssm.DescribeParametersOutput, error)`
`789`	`790`	`ListComplianceItems(ctx context.Context, params ssm.ListComplianceItemsInput, optFns ...func(ssm.Options)) (*ssm.ListComplianceItemsOutput, error)`
`790`	`791`	`ListDocuments(ctx context.Context, params ssm.ListDocumentsInput, optFns ...func(ssm.Options)) (*ssm.ListDocumentsOutput, error)`
`791`	`792`	`}`