aoss

JamesWoolfenden · Nov 27, 2023 · 0bb1fec · 0bb1fec
1 parent 4698590
commit 0bb1fec
Show file tree

Hide file tree

Showing 38 changed files with 474 additions and 96 deletions.
diff --git a/src/aws.go b/src/aws.go
@@ -8,7 +8,7 @@ import (
 
 const terraform string = "terraform"
 
-// GetAWSPermissions for AWS resources
+// GetAWSPermissions for AWS resources.
 func GetAWSPermissions(result ResourceV2) ([]string, error) {
 	var (
 		err         error
@@ -76,6 +76,10 @@ func AwsLookup(name string) interface{} {
 		"aws_alb_listener":                                   awsLbListener,
 		"aws_alb_target_group":                               awsLbTargetGroup,
 		"aws_alb_target_group_attachment":                    awsLbTargetGroupAttachment,
+		"aws_ami":                                            awsAmi,
+		"aws_ami_copy":                                       awsAmiCopy,
+		"aws_ami_from_instance":                              awsAmiFromInstance,
+		"aws_ami_launch_permission":                          awsAmiLauchPermission,
 		"aws_api_gateway_account":                            awsAPIGatewayAccount,
 		"aws_api_gateway_api_key":                            awsApigatewayv2Api,
 		"aws_api_gateway_authorizer":                         awsApigatewayv2Api,
@@ -142,9 +146,12 @@ func AwsLookup(name string) interface{} {
 		"aws_batch_job_queue":                                awsBatchJobQueue,
 		"aws_batch_scheduling_policy":                        awsBatchSchedulingPolicy,
 		"aws_budgets_budget":                                 awsBudgetsBudget,
+		"aws_budgets_budget_action":                          awsBudgetsBudgetAction,
 		"aws_cloud9_environment_ec2":                         awsCloud9EnvironmentEc2,
+		"aws_cloudformation_stack":                           awsCloudformationStack,
 		"aws_cloudformation_stack_set":                       awsCloudFormationStackSet,
 		"aws_cloudformation_stack_set_instance":              awsCloudFormationStackSetInstance,
+		"aws_cloudformation_type":                            awsCloudformationType,
 		"aws_cloudfront_distribution":                        awsCloudfrontDistribution,
 		"aws_cloudfront_field_level_encryption_config":       awsCloudfrontFieldLevelEncryptionConfig,
 		"aws_cloudfront_field_level_encryption_profile":      awsCloudfrontFieldLevelEncryptionProfile,
@@ -391,6 +398,14 @@ func AwsLookup(name string) interface{} {
 		"aws_networkfirewall_rule_group":                     awsNetworkfirewallRuleGroup,
 		"aws_opensearch_domain":                              awsElasticsearchDomain,
 		"aws_opensearch_domain_policy":                       awsElasticsearchDomainPolicy,
+		"aws_opensearchserverless_access_policy":             awsOpenseachserverlessAccessPolicy,
+		"aws_opensearchserverless_collection":                awsOpenseachserverlessCollection,
+		"aws_opensearchserverless_lifecycle_policy":          awsOpenseachserverlessLifecyclePolicy,
+		"aws_opensearchserverless_security_config":           awsOpenseachserverlessSecurityConfig,
+		"aws_opensearchserverless_security_policy":           awsOpenseachserverlessSecurityPolicy,
+		"aws_opensearchserverless_vpc_endpoint":              awsOpenseachserverlessVpcEndpoint,
+		"aws_organizations_policy":                           awsOrganizationsPolicy,
+		"aws_organizations_policy_attachment":                awsOrganizationsPolicyAttachment,
 		"aws_placement_group":                                awsPlacementGroup,
 		"aws_ram_principal_association":                      awsRAMPrincipleAssociation,
 		"aws_ram_resource_association":                       awsRAMResourceAssociation,
@@ -455,6 +470,8 @@ func AwsLookup(name string) interface{} {
 		"aws_sagemaker_endpoint_configuration":               awsSagemakerEndpointConfiguration,
 		"aws_sagemaker_model":                                awsSagemakerModel,
 		"aws_secretsmanager_secret":                          awsSecretsmanagerSecret,
+		"aws_secretsmanager_secret_policy":                   awsSecretsmanagerSecretPolicy,
+		"aws_secretsmanager_secret_rotation":                 awsSecretsmanagerSecretRotation,
 		"aws_secretsmanager_secret_version":                  awsSecretsmanagerSecretVersion,
 		"aws_security_group":                                 awsSecurityGroup,
 		"aws_security_group_rule":                            awsSecurityGroupRule,
@@ -469,6 +486,7 @@ func AwsLookup(name string) interface{} {
 		"aws_ses_receipt_rule":                               awsSesReceiptRule,
 		"aws_ses_receipt_rule_set":                           awsSesReceiptRuleSet,
 		"aws_sfn_activity":                                   awsSfnActivity,
+		"aws_sfn_alias":                                      awsSfnAlias,
 		"aws_sfn_state_machine":                              awsSfnStateMachine,
 		"aws_sns_sms_preferences":                            awsSnsSmsPreferences,
 		"aws_sns_topic":                                      awsSnsTopic,
@@ -521,24 +539,12 @@ func AwsLookup(name string) interface{} {
 		"aws_xray_group":                                     awsXrayGroup,
 		"aws_xray_sampling_rule":                             awsXraySamplingRule,
 		"backend":                                            s3backend,
-		"aws_ami":                                            awsAmi,
-		"aws_ami_copy":                                       awsAmiCopy,
-		"aws_ami_from_instance":                              awsAmiFromInstance,
-		"aws_ami_launch_permission":                          awsAmiLauchPermission,
-		"aws_budgets_budget_action":                          awsBudgetsBudgetAction,
-		"aws_cloudformation_stack":                           awsCloudformationStack,
-		"aws_cloudformation_type":                            awsCloudformationType,
-		"aws_organizations_policy":                           awsOrganizationsPolicy,
-		"aws_organizations_policy_attachment":                awsOrganizationsPolicyAttachment,
-		"aws_secretsmanager_secret_policy":                   awsSecretsmanagerSecretPolicy,
-		"aws_secretsmanager_secret_rotation":                 awsSecretsmanagerSecretRotation,
-		"aws_sfn_alias":                                      awsSfnAlias,
 	}
 
 	return TFLookup[name]
 }
 
-// Contains looks if slice contains string
+// Contains looks if slice contains string.
 func Contains(s []string, e string) bool {
 	for _, a := range s {
 		if a == e {
@@ -549,7 +555,7 @@ func Contains(s []string, e string) bool {
 	return false
 }
 
-// GetPermissionMap Anonymous parsing
+// GetPermissionMap Anonymous parsing.
 func GetPermissionMap(raw []byte, attributes []string) ([]string, error) {
 	var mappings []interface{}
 	err := json.Unmarshal(raw, &mappings)

diff --git a/src/azure_datasource.go b/src/azure_datasource.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 )
 
-// GetAZUREDataPermissions gets permissions required for datasources
+// GetAZUREDataPermissions gets permissions required for datasources.
 func GetAZUREDataPermissions(result ResourceV2) ([]string, error) {
 	temp := AzureDataLookup(result.Name)
 
@@ -48,8 +48,8 @@ func AzureDataLookup(name string) interface{} {
 		"azurerm_app_service_environment":                    dataAzurermAppServiceEnvironment,
 		"azurerm_app_service_environment_v3":                 dataAzurermAppServiceEnvironmentV3,
 		"azurerm_app_service_plan":                           dataAzurermAppServicePlan,
-		"azurerm_public_ip":                                  dataAzurermPublicIp,
-		"azurerm_public_ip_prefix":                           dataAzurermPublicIpPrefix,
+		"azurerm_public_ip":                                  dataAzurermPublicIP,
+		"azurerm_public_ip_prefix":                           dataAzurermPublicIPPrefix,
 		"azurerm_public_ips":                                 dataAzurermPublicIps,
 		"azurerm_windows_function_app":                       dataAzurermWindowsFunctionApp,
 		"azurerm_windows_web_app":                            dataAzurermWindowsWebApp,

diff --git a/src/azure_policy.go b/src/azure_policy.go
@@ -11,18 +11,18 @@ import (
 //go:embed terraform.azurepolicy.template
 var policyAZURETemplate []byte
 
-// AZUREPolicy creates an Azure role definition
+// AZUREPolicy creates an Azure role definition.
 func AZUREPolicy(permissions []string) (string, error) {
 	test := strings.Join(permissions, "\",\n    \"")
 
-	type AzurePolicyDetails struct {
+	type azurePolicyDetails struct {
 		Name        string
 		Permissions string
 	}
 
 	policyName := "terraform_pike"
 
-	theDetails := AzurePolicyDetails{policyName, test}
+	theDetails := azurePolicyDetails{policyName, test}
 
 	var output bytes.Buffer
 

diff --git a/src/compare.go b/src/compare.go
@@ -12,7 +12,7 @@ import (
 	"github.com/yudai/gojsondiff/formatter"
 )
 
-// Compare IAC codebase to AWS policy
+// Compare IAC codebase to AWS policy.
 func Compare(directory string, arn string, init bool) (bool, error) {
 	var theSame bool
 	// Load the Shared AWS Configuration (~/.aws/config)
@@ -48,7 +48,7 @@ func Compare(directory string, arn string, init bool) (bool, error) {
 	return theSame, err
 }
 
-// CompareIAMPolicy takes to IAm policies and compares
+// CompareIAMPolicy takes to IAm policies and compares.
 func CompareIAMPolicy(policy string, oldPolicy string) (bool, error) {
 	differ := diff.New()
 	compare, err := differ.Compare([]byte(policy), []byte(oldPolicy))

diff --git a/src/coverage/aws.md b/src/coverage/aws.md
@@ -1,7 +1,7 @@
 # todo aws
 
-Resource percentage coverage   36.31
-Datasource percentage coverage 98.80
+Resource percentage coverage   36.75
+Datasource percentage coverage 99.80
 
 ./resource.ps1 aws_accessanalyzer_analyzer
 ./resource.ps1 aws_accessanalyzer_archive_rule
@@ -33,6 +33,7 @@ Datasource percentage coverage 98.80
 ./resource.ps1 aws_apprunner_auto_scaling_configuration_version
 ./resource.ps1 aws_apprunner_connection
 ./resource.ps1 aws_apprunner_custom_domain_association
+./resource.ps1 aws_apprunner_default_auto_scaling_configuration_version
 ./resource.ps1 aws_apprunner_observability_configuration
 ./resource.ps1 aws_apprunner_service
 ./resource.ps1 aws_apprunner_vpc_connector
@@ -493,12 +494,6 @@ Datasource percentage coverage 98.80
 ./resource.ps1 aws_opensearch_package
 ./resource.ps1 aws_opensearch_package_association
 ./resource.ps1 aws_opensearch_vpc_endpoint
-./resource.ps1 aws_opensearchserverless_access_policy
-./resource.ps1 aws_opensearchserverless_collection
-./resource.ps1 aws_opensearchserverless_lifecycle_policy
-./resource.ps1 aws_opensearchserverless_security_config
-./resource.ps1 aws_opensearchserverless_security_policy
-./resource.ps1 aws_opensearchserverless_vpc_endpoint
 ./resource.ps1 aws_opsworks_application
 ./resource.ps1 aws_opsworks_custom_layer
 ./resource.ps1 aws_opsworks_ecs_cluster_layer
@@ -817,9 +812,4 @@ Datasource percentage coverage 98.80
 ./resource.ps1 aws_worklink_website_certificate_authority_association
 ./resource.ps1 aws_workspaces_connection_alias
 ./resource.ps1 aws_workspaces_ip_group
-./resource.ps1 aws_apigatewayv2_vpc_link -type data
-./resource.ps1 aws_athena_named_query -type data
-./resource.ps1 aws_bedrock_foundation_model -type data
-./resource.ps1 aws_bedrock_foundation_models -type data
-./resource.ps1 aws_iot_registration_code -type data
-./resource.ps1 aws_opensearchserverless_lifecycle_policy -type data
+./resource.ps1 aws_emr_supported_instance_types -type data
diff --git a/src/coverage/coverage.go b/src/coverage/coverage.go
@@ -45,6 +45,7 @@ func coverageAWS() error {
 
 	target = Prepend + target
 	err := os.WriteFile("aws.md", []byte(target), 0o700)
+
 	if err != nil {
 		return err
 	}
@@ -129,6 +130,7 @@ func importMembers(targetMembers string) members {
 
 func percent(missing []string, data []string) float64 {
 	var source float64
+
 	var target float64
 
 	source = float64(len(missing))

diff --git a/src/data.go b/src/data.go
@@ -12,7 +12,7 @@ import (
 	"github.com/rs/zerolog/log"
 )
 
-// GetResources retrieves all the resources in a tf file
+// GetResources retrieves all the resources in a tf file.
 func GetResources(file string, dirName string) ([]ResourceV2, error) {
 	var Resources []ResourceV2
 
@@ -73,7 +73,7 @@ func GetResources(file string, dirName string) ([]ResourceV2, error) {
 	return Resources, nil
 }
 
-// DetectBackend handles permissions for backend blocks
+// DetectBackend handles permissions for backend blocks.
 func DetectBackend(resource ResourceV2, block *hclsyntax.Block, resources []ResourceV2) ([]ResourceV2, error) {
 	if resource.TypeName == terraform {
 		if block.Body != nil && block.Body.Blocks != nil {
@@ -95,7 +95,7 @@ func DetectBackend(resource ResourceV2, block *hclsyntax.Block, resources []Reso
 	return nil, errors.New("no Backend found")
 }
 
-// GetResourceBlocks breaks down a file into resources
+// GetResourceBlocks breaks down a file into resources.
 func GetResourceBlocks(file string) (*hclsyntax.Body, error) {
 	temp, _ := filepath.Abs(file)
 	src, err := os.ReadFile(temp)
@@ -114,7 +114,7 @@ func GetResourceBlocks(file string) (*hclsyntax.Body, error) {
 	return parsedFile.Body.(*hclsyntax.Body), err
 }
 
-// GetLocalModules return resource from path
+// GetLocalModules return resource from a path.
 func GetLocalModules(block *hclsyntax.Block, dirName string) ([]ResourceV2, error) {
 	var Resources []ResourceV2
 
@@ -162,7 +162,7 @@ func GetModulePath(block *hclsyntax.Block) string {
 	return modulePath
 }
 
-// GetBlockAttributes walks through a blocks getting all blocks and attributes
+// GetBlockAttributes walks through a blocks getting all blocks and attributes.
 func GetBlockAttributes(attributes []string, block *hclsyntax.Block) []string {
 	for _, attribute := range block.Body.Attributes {
 		attributes = append(attributes, attribute.Name)

diff --git a/src/files.go b/src/files.go
@@ -1251,3 +1251,21 @@ var awsSecretsmanagerSecretRotation []byte
 
 //go:embed mapping/aws/resource/states/aws_sfn_alias.json
 var awsSfnAlias []byte
+
+//go:embed mapping/aws/resource/aoss/aws_opensearchserverless_access_policy.json
+var awsOpenseachserverlessAccessPolicy []byte
+
+//go:embed mapping/aws/resource/aoss/aws_opensearchserverless_collection.json
+var awsOpenseachserverlessCollection []byte
+
+//go:embed mapping/aws/resource/aoss/aws_opensearchserverless_lifecycle_policy.json
+var awsOpenseachserverlessLifecyclePolicy []byte
+
+//go:embed mapping/aws/resource/aoss/aws_opensearchserverless_security_config.json
+var awsOpenseachserverlessSecurityConfig []byte
+
+//go:embed mapping/aws/resource/aoss/aws_opensearchserverless_security_policy.json
+var awsOpenseachserverlessSecurityPolicy []byte
+
+//go:embed mapping/aws/resource/aoss/aws_opensearchserverless_vpc_endpoint.json
+var awsOpenseachserverlessVpcEndpoint []byte
diff --git a/src/files_azure_datasource.go b/src/files_azure_datasource.go
@@ -68,10 +68,10 @@ var dataAzurermAppServiceEnvironmentV3 []byte
 var dataAzurermAppServicePlan []byte
 
 //go:embed mapping/azurerm/data/network/azurerm_public_ip.json
-var dataAzurermPublicIp []byte
+var dataAzurermPublicIP []byte
 
 //go:embed mapping/azurerm/data/network/azurerm_public_ip_prefix.json
-var dataAzurermPublicIpPrefix []byte
+var dataAzurermPublicIPPrefix []byte
 
 //go:embed mapping/azurerm/data/network/azurerm_public_ips.json
 var dataAzurermPublicIps []byte

diff --git a/src/files_gcp.go b/src/files_gcp.go
@@ -203,7 +203,7 @@ var googleStorageBucketIamPolicy []byte
 var googleStorageDefaultObjectAccessControl []byte
 
 //go:embed mapping/google/resource/storage/google_storage_default_object_acl.json
-var googleStorageDefaultObjectAcl []byte
+var googleStorageDefaultObjectACL []byte
 
 //go:embed mapping/google/resource/storage/google_storage_hmac_key.json
 var googleStorageHmacKey []byte

diff --git a/src/files_gcp_datasource.go b/src/files_gcp_datasource.go
@@ -341,13 +341,13 @@ var dataGoogleSourcerepoRepository []byte
 var dataGoogleSourcerepoRepositoryIamPolicy []byte
 
 //go:embed mapping/google/data/cloudsql/google_sql_database.json
-var dataGoogleSqlDatabase []byte
+var dataGoogleSQLDatabase []byte
 
 //go:embed mapping/google/data/cloudsql/google_sql_database_instance.json
-var dataGoogleSqlDatabaseInstance []byte
+var dataGoogleSQLDatabaseInstance []byte
 
 //go:embed mapping/google/data/cloudsql/google_sql_database_instances.json
-var dataGoogleSqlDatabaseInstances []byte
+var dataGoogleSQLDatabaseInstances []byte
 
 //go:embed mapping/google/data/cloudsql/google_sql_databases.json
-var dataGoogleSqlDatabases []byte
+var dataGoogleSQLDatabases []byte
diff --git a/src/gcp.go b/src/gcp.go
@@ -1,10 +1,6 @@
 package pike
 
-import (
-	"github.com/rs/zerolog/log"
-)
-
-// GetGCPPermissions for GCP resources
+// GetGCPPermissions for GCP resources.
 func GetGCPPermissions(result ResourceV2) ([]string, error) {
 	var (
 		err         error
@@ -26,19 +22,15 @@ func GetGCPPermissions(result ResourceV2) ([]string, error) {
 	return Permissions, err
 }
 
-// GetGCPResourcePermissions looks up permissions required for resources
+// GetGCPResourcePermissions looks up permissions required for resources.
 func GetGCPResourcePermissions(result ResourceV2) ([]string, error) {
-	temp := GCPLookup(result.Name)
-
 	var (
 		Permissions []string
 		err         error
 	)
 
-	if temp != nil {
+	if temp := GCPLookup(result.Name); temp != nil {
 		Permissions, err = GetPermissionMap(temp.([]byte), result.Attributes)
-	} else {
-		log.Printf("%s not implemented", result.Name)
 	}
 
 	return Permissions, err
@@ -125,7 +117,7 @@ func GCPLookup(result string) interface{} {
 		"google_storage_bucket_iam_member":                googleStorageBucketIamMember,
 		"google_storage_bucket_iam_policy":                googleStorageBucketIamPolicy,
 		"google_storage_default_object_access_control":    googleStorageDefaultObjectAccessControl,
-		"google_storage_default_object_acl":               googleStorageDefaultObjectAcl,
+		"google_storage_default_object_acl":               googleStorageDefaultObjectACL,
 		"google_storage_hmac_key":                         googleStorageHmacKey,
 		"google_storage_insights_report_config":           googleStorageInsightsReportConfig,
 		"google_storage_object_access_control":            googleStorageObjectAccessControl,

diff --git a/src/gcp_datasource.go b/src/gcp_datasource.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 )
 
-// GetGCPDataPermissions gets permissions required for datasources
+// GetGCPDataPermissions gets permissions required for datasources.
 func GetGCPDataPermissions(result ResourceV2) ([]string, error) {
 	temp := GCPDataLookup(result.Name)
 
@@ -153,10 +153,10 @@ func GCPDataLookup(result string) interface{} {
 		"google_spanner_database_iam_policy":                     dataGoogleSpannerDatabaseIamPolicy,
 		"google_spanner_instance":                                dataGoogleSpannerInstance,
 		"google_spanner_instance_iam_policy":                     dataGoogleSpannerInstanceIamPolicy,
-		"google_sql_database":                                    dataGoogleSqlDatabase,
-		"google_sql_database_instance":                           dataGoogleSqlDatabaseInstance,
-		"google_sql_database_instances":                          dataGoogleSqlDatabaseInstances,
-		"google_sql_databases":                                   dataGoogleSqlDatabases,
+		"google_sql_database":                                    dataGoogleSQLDatabase,
+		"google_sql_database_instance":                           dataGoogleSQLDatabaseInstance,
+		"google_sql_database_instances":                          dataGoogleSQLDatabaseInstances,
+		"google_sql_databases":                                   dataGoogleSQLDatabases,
 		"google_sql_tiers":                                       placeholder,
 		"google_storage_bucket":                                  dataGoogleStorageBucket,
 		"google_storage_bucket_iam_policy":                       dataGoogleStorageBucketIamPolicy,