Skip to content

Commit

Permalink
oam
Browse files Browse the repository at this point in the history
  • Loading branch information
@JamesWoolfenden
JamesWoolfenden committed Jun 21, 2024
1 parent 7b99c1b commit 151b324
Show file tree
Hide file tree
Showing 11 changed files with 129 additions and 70 deletions.
3 changes: 3 additions & 0 deletions src/aws.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -825,6 +825,9 @@ func AwsLookup(name string) interface{} {
"aws_transcribe_medical_vocabulary": awsTranscribeMedicalVocabulary,
"aws_transcribe_vocabulary": awsTranscribeVocabulary,
"aws_transcribe_vocabulary_filter": awsTranscribeVocabularyFilter,
"aws_oam_link": awsOamLink,
"aws_oam_sink": awsOamSink,
"aws_oam_sink_policy": awsOamSinkPolicy,
}

return TFLookup[name]
Expand Down
6 changes: 2 additions & 4 deletions src/coverage/aws.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# todo aws

Resource percentage coverage 54.11
Resource percentage coverage 55.13
Datasource percentage coverage 100.00

./resource.ps1 aws_amplify_app
Expand Down Expand Up @@ -127,6 +127,7 @@ Datasource percentage coverage 100.00
./resource.ps1 aws_directory_service_shared_directory
./resource.ps1 aws_directory_service_shared_directory_accepter
./resource.ps1 aws_directory_service_trust
./resource.ps1 aws_dms_replication_config
./resource.ps1 aws_docdbelastic_cluster
./resource.ps1 aws_dx_bgp_peer
./resource.ps1 aws_dx_connection
Expand Down Expand Up @@ -387,9 +388,6 @@ Datasource percentage coverage 100.00
./resource.ps1 aws_networkmanager_transit_gateway_registration
./resource.ps1 aws_networkmanager_transit_gateway_route_table_attachment
./resource.ps1 aws_networkmanager_vpc_attachment
./resource.ps1 aws_oam_link
./resource.ps1 aws_oam_sink
./resource.ps1 aws_oam_sink_policy
./resource.ps1 aws_opensearch_domain_saml_options
./resource.ps1 aws_opensearch_inbound_connection_accepter
./resource.ps1 aws_opensearch_outbound_connection
Expand Down
3 changes: 3 additions & 0 deletions src/coverage/coverage_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ func Test_percent(t *testing.T) {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
got := percent(tt.args.missing, tt.args.data)

if !pike.AlmostEqual(got, tt.want) {
t.Errorf("percent() = %v, want %v", got, tt.want)
}
Expand All @@ -69,6 +70,7 @@ func Test_coverageAzure(t *testing.T) {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()

if err := coverageAzure(); (err != nil) != tt.wantErr {
t.Errorf("coverageAzure() error = %v, wantErr %v", err, tt.wantErr)
}
Expand All @@ -90,6 +92,7 @@ func Test_coverageGcp(t *testing.T) {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()

if err := coverageGcp(); (err != nil) != tt.wantErr {
t.Errorf("coverageGcp() error = %v, wantErr %v", err, tt.wantErr)
}
Expand Down
9 changes: 9 additions & 0 deletions src/files.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2115,3 +2115,12 @@ var awsTranscribeVocabulary []byte

//go:embed mapping/aws/resource/transcribe/aws_transcribe_vocabulary_filter.json
var awsTranscribeVocabularyFilter []byte

//go:embed mapping/aws/resource/oam/aws_oam_link.json
var awsOamLink []byte

//go:embed mapping/aws/resource/oam/aws_oam_sink.json
var awsOamSink []byte

//go:embed mapping/aws/resource/oam/aws_oam_sink_policy.json
var awsOamSinkPolicy []byte
21 changes: 21 additions & 0 deletions src/mapping/aws/resource/oam/aws_oam_link.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
[
{
"apply": [
"oam:CreateLink",
"oam:GetLink",
"oam:UpdateLink",
"oam:DeleteLink",
"cloudwatch:Link"
],
"attributes": {
"tags": []
},
"destroy": [
"oam:DeleteLink"
],
"modify": [
"oam:UpdateLink"
],
"plan": []
}
]
21 changes: 21 additions & 0 deletions src/mapping/aws/resource/oam/aws_oam_sink.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
[
{
"apply": [
"oam:CreateSink",
"oam:GetSink",
"oam:DeleteSink",
"oam:ListTagsForResource"
],
"attributes": {
"tags": [
"oam:TagResource",
"oam:UnTagResource"
]
},
"destroy": [
"oam:DeleteSink"
],
"modify": [],
"plan": []
}
]
14 changes: 14 additions & 0 deletions src/mapping/aws/resource/oam/aws_oam_sink_policy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
[
{
"apply": [
"oam:PutSinkPolicy",
"oam:GetSinkPolicy"
],
"attributes": {
"tags": []
},
"destroy": [],
"modify": [],
"plan": []
}
]
9 changes: 9 additions & 0 deletions terraform/aws/backup/aws_oam_link.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource "aws_oam_link" "pike" {
label_template = "$AccountName"
resource_types = ["AWS::CloudWatch::Metric"]
sink_identifier = aws_oam_sink.pike.id
tags = {
Env = "prod"
pike = "permissions"
}
}
7 changes: 7 additions & 0 deletions terraform/aws/backup/aws_oam_sink.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resource "aws_oam_sink" "pike" {
name = "ExampleSink"

tags = {
Env = "prod"
}
}
21 changes: 21 additions & 0 deletions terraform/aws/backup/aws_oam_sink_policy.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
resource "aws_oam_sink_policy" "pike" {
sink_identifier = aws_oam_sink.pike.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = ["oam:CreateLink", "oam:UpdateLink"]
Effect = "Allow"
Resource = "*"
Principal = {
"AWS" = ["1111111111111", "680235478471"]
}
Condition = {
"ForAllValues:StringEquals" = {
"oam:ResourceTypes" = ["AWS::CloudWatch::Metric", "AWS::Logs::LogGroup"]
}
}
}
]
})
}
85 changes: 19 additions & 66 deletions terraform/aws/role/aws_iam_policy.basic.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,73 +7,26 @@ resource "aws_iam_policy" "basic" {
"Sid" : "0",
"Effect" : "Allow",
"Action" : [
//aws_oam_sink
"oam:CreateSink",
"oam:GetSink",
"oam:DeleteSink",
"oam:ListTagsForResource",
"oam:TagResource",
"oam:UnTagResource",


//aws_oam_link
"oam:CreateLink",
"oam:GetLink",
"oam:UpdateLink",
"oam:DeleteLink",
"cloudwatch:Link",

//aws_oam_sink_policy
"oam:PutSinkPolicy",
"oam:GetSinkPolicy"

//aws_transcribe_language_model
"transcribe:CreateLanguageModel",
"transcribe:DescribeLanguageModel",
"transcribe:DeleteLanguageModel",
"iam:PassRole",
"transcribe:TagResource",
"transcribe:UntagResource",


//aws_transcribe_medical_vocabulary
"transcribe:CreateMedicalVocabulary",
"transcribe:GetMedicalVocabulary",
"transcribe:DeleteMedicalVocabulary",
"transcribe:TagResource",
"transcribe:UntagResource",

//aws_transcribe_vocabulary
"transcribe:CreateVocabulary",
"transcribe:GetVocabulary",
"transcribe:DeleteVocabulary",
"transcribe:TagResource",
"transcribe:UntagResource",

//aws_transcribe_vocabulary_filter
"transcribe:CreateVocabularyFilter",
"transcribe:GetVocabularyFilter",
"transcribe:UpdateVocabularyFilter",
"transcribe:ListTagsForResource",
"transcribe:DeleteVocabularyFilter",
"transcribe:TagResource",
"transcribe:UntagResource",

"dynamodb:DeleteItem",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:PutItem",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfilesForRole",
"iam:ListRolePolicies",
"iam:PutRolePolicy",
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetAccelerateConfiguration",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLogging",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketPolicy",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectTagging",
"s3:GetReplicationConfiguration",
"s3:ListBucket",
"s3:PutObject"
],
"Resource" : "*",
}
Expand Down

0 comments on commit 151b324

Please sign in to comment.