wip

.github/workflows/codeql-analysis.yml

@@ -43,7 +43,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4b6aa0b07da05d6e43d0e5f9c8596a6532ce1c85 # codeql-bundle-v2.15.3
+        uses: github/codeql-action/init@382a50a0284c0de445104889a9d6003acb4b3c1d # codeql-bundle-v2.15.4
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -57,7 +57,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@4b6aa0b07da05d6e43d0e5f9c8596a6532ce1c85 # codeql-bundle-v2.15.3
+        uses: github/codeql-action/autobuild@382a50a0284c0de445104889a9d6003acb4b3c1d # codeql-bundle-v2.15.4
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -70,4 +70,4 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4b6aa0b07da05d6e43d0e5f9c8596a6532ce1c85 # codeql-bundle-v2.15.3
+        uses: github/codeql-action/analyze@382a50a0284c0de445104889a9d6003acb4b3c1d # codeql-bundle-v2.15.4

src/aws.go

@@ -622,6 +622,8 @@ func AwsLookup(name string) interface{} {
 		"aws_xray_group":                                       awsXrayGroup,
 		"aws_xray_sampling_rule":                               awsXraySamplingRule,
 		"backend":                                              s3backend,
+		"aws_timestreamwrite_database":                         awsTimestreamwriteDatabase,
+		"aws_timestreamwrite_table":                            awsTimestreamwriteTable,
 	}
 
 	return TFLookup[name]

src/aws_datasource.go

@@ -536,6 +536,8 @@ func AwsDataLookup(find string) interface{} {
 		"aws_iot_registration_code":                                 dataAwsIotRegistrationCode,
 		"aws_opensearchserverless_lifecycle_policy":                 dataAwsOpensearchserverlessLifecyclePolicy,
 		"aws_emr_supported_instance_types":                          dataAwsEmrSupportedInstanceTypes,
+		"aws_lb_trust_store":                                        dataAwsLbTrustStore,
+		"aws_alb_trust_store":                                       dataAwsLbTrustStore,
 	}
 
 	return TFLookup[find]

src/coverage/aws.md

@@ -83,17 +83,8 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_cleanrooms_configured_table
 ./resource.ps1 aws_cloud9_environment_membership
 ./resource.ps1 aws_cloudcontrolapi_resource
-./resource.ps1 aws_cloudfront_realtime_log_config
 ./resource.ps1 aws_cloudhsm_v2_cluster
 ./resource.ps1 aws_cloudhsm_v2_hsm
-./resource.ps1 aws_codebuild_source_credential
-./resource.ps1 aws_codebuild_webhook
-./resource.ps1 aws_codecatalyst_dev_environment
-./resource.ps1 aws_codecatalyst_project
-./resource.ps1 aws_codecatalyst_source_repository
-./resource.ps1 aws_codecommit_approval_rule_template
-./resource.ps1 aws_codecommit_approval_rule_template_association
-./resource.ps1 aws_codecommit_trigger
 ./resource.ps1 aws_codegurureviewer_repository_association
 ./resource.ps1 aws_codepipeline_custom_action_type
 ./resource.ps1 aws_codepipeline_webhook
@@ -196,8 +187,6 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_dx_transit_virtual_interface
 ./resource.ps1 aws_dynamodb_kinesis_streaming_destination
 ./resource.ps1 aws_dynamodb_table_replica
-./resource.ps1 aws_ebs_default_kms_key
-./resource.ps1 aws_ebs_encryption_by_default
 ./resource.ps1 aws_ebs_snapshot_import
 ./resource.ps1 aws_ec2_availability_zone_group
 ./resource.ps1 aws_ec2_carrier_gateway
@@ -362,7 +351,6 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_kms_ciphertext
 ./resource.ps1 aws_kms_custom_key_store
 ./resource.ps1 aws_kms_external_key
-./resource.ps1 aws_kms_key_policy
 ./resource.ps1 aws_kms_replica_external_key
 ./resource.ps1 aws_kms_replica_key
 ./resource.ps1 aws_lakeformation_data_lake_settings
@@ -689,8 +677,6 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_synthetics_canary
 ./resource.ps1 aws_synthetics_group
 ./resource.ps1 aws_synthetics_group_association
-./resource.ps1 aws_timestreamwrite_database
-./resource.ps1 aws_timestreamwrite_table
 ./resource.ps1 aws_transcribe_language_model
 ./resource.ps1 aws_transcribe_medical_vocabulary
 ./resource.ps1 aws_transcribe_vocabulary
@@ -736,5 +722,3 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_worklink_website_certificate_authority_association
 ./resource.ps1 aws_workspaces_connection_alias
 ./resource.ps1 aws_workspaces_ip_group
-./resource.ps1 aws_lb_trust_store -type data
-./resource.ps1 aws_s3_directory_buckets -type data

src/files.go

@@ -1518,3 +1518,9 @@ var awsCeCostAllocationTag []byte
 
 //go:embed mapping/aws/resource/ce/aws_ce_cost_category.json
 var awsCeCostCategory []byte
+
+//go:embed mapping/aws/resource/timestreamwrite/aws_timestreamwrite_database.json
+var awsTimestreamwriteDatabase []byte
+
+//go:embed mapping/aws/resource/timestreamwrite/aws_timestreamwrite_table.json
+var awsTimestreamwriteTable []byte

src/files_datasource.go

@@ -1359,3 +1359,6 @@ var dataAwsOpensearchserverlessLifecyclePolicy []byte
 
 //go:embed mapping/aws/data/elasticmapreduce/aws_emr_supported_instance_types.json
 var dataAwsEmrSupportedInstanceTypes []byte
+
+//go:embed mapping/aws/data/elasticloadbalancing/aws_lb_trust_store.json
+var dataAwsLbTrustStore []byte

src/gitHub.go

@@ -4,13 +4,17 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"strconv"
+	"strings"
 
 	"github.com/google/go-github/v47/github"
 	"github.com/rs/zerolog/log"
 )
 
+const lastOK = 299
+
 // InvokeGithubDispatchEvent uses your gitHub api key (if sufficiently enabled) to invoke a gitHub action workflow.
 func InvokeGithubDispatchEvent(repository string, workflowFileName string, branch string) error {
 	owner, repo, err := SplitHub(repository)
@@ -48,6 +52,15 @@ func InvokeGithubDispatchEvent(repository string, workflowFileName string, branc
 		repo,
 		workflowFileName,
 		event)
+
+	if response == nil {
+		return fmt.Errorf("query failed")
+	}
+
+	if response.StatusCode > lastOK {
+		return fmt.Errorf("non success status code %s for %s", response.Status, url)
+	}
+
 	if err != nil {
 		log.Printf("invoke failed %s", response.Response.Status)
 
@@ -62,6 +75,7 @@ func InvokeGithubDispatchEvent(repository string, workflowFileName string, branc
 		if left == 0 {
 			return errors.New("you are being gitHub rate limited")
 		}
+
 		log.Printf("Invoked: Github rate limit remaining: %s", remains[0])
 	}
 
@@ -85,6 +99,7 @@ func VerifyBranch(client *github.Client, owner string, repo string, branch strin
 			found = true
 		}
 	}
+
 	if found {
 		return nil
 	}
@@ -94,17 +109,33 @@ func VerifyBranch(client *github.Client, owner string, repo string, branch strin
 
 // VerifyURL tests a url.
 func VerifyURL(url string) error {
+	if //goland:noinspection HttpUrlsUsage
+	strings.Contains(strings.ToLower(url), "http://") {
+		return errors.New("http is insecure")
+	}
+
 	resp, err := http.Get(url)
+
+	if resp == nil {
+		return errors.New("response was nil")
+	}
+
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+
+		}
+	}(resp.Body)
+
+	if resp.StatusCode > lastOK {
+		return fmt.Errorf("non success status code %s for %s", resp.Status, url)
+	}
+
 	if err != nil {
 		log.Printf("failed to reach %s for %s", url, resp.Status)
 
 		return err
 	}
 
-	if resp.StatusCode != http.StatusOK {
-		log.Printf("non ok status code %s for %s", resp.Status, url)
-		return errors.New(resp.Status)
-	}
-
 	return nil
 }

src/gitHub_test.go

@@ -38,3 +38,25 @@ func TestInvokeGithubDispatchEvent(t *testing.T) {
 		})
 	}
 }
+
+func TestVerifyURL(t *testing.T) {
+	type args struct {
+		url string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{"google", args{"www.google.com"}, true},
+		{"http", args{"http://www.google.com"}, true},
+		{"https", args{"https://www.google.com"}, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := pike.VerifyURL(tt.args.url); (err != nil) != tt.wantErr {
+				t.Errorf("VerifyURL() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}

src/mapping/aws/data/elasticloadbalancing/aws_lb_trust_store.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "elasticloadbalancing:DescribeTrustStores"
+    ]
+  }
+]

src/mapping/aws/resource/aws_codebuild_source_credential.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_codebuild_webhook.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_codecatalyst_dev_environment.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_codecatalyst_project.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_codecatalyst_source_repository.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_codecommit_approval_rule_template.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_codecommit_approval_rule_template_association.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_codecommit_trigger.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_ebs_default_kms_key.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_ebs_encryption_by_default.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_kms_key_policy.json

@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]