aws code

src/aws.go

@@ -624,6 +624,15 @@ func AwsLookup(name string) interface{} {
 		"backend":                                              s3backend,
 		"aws_cloudfront_function":                              awsCloudfrontFunction,
 		"aws_cognito_identity_pool":                            awsCognitoIdentityPool,
+		"aws_timestreamwrite_database":                         awsTimestreamwriteDatabase,
+		"aws_timestreamwrite_table":                            awsTimestreamwriteTable,
+		"aws_codebuild_source_credential":                      awsCodebuildSourceCredential,
+		"aws_codecommit_approval_rule_template":                awsCodecommitApprovalRuleTemplate,
+		"aws_codecommit_approval_rule_template_association":    awsCodecommitApprovalRuleTemplateAssociation,
+		"aws_codecommit_trigger":                               awsCodecommitTrigger,
+		"aws_ebs_default_kms_key":                              awsEbsDefaultKmsKey,
+		"aws_ebs_encryption_by_default":                        awsEbsEncryptionByDefault,
+		"aws_kms_key_policy":                                   awsKmsKeyPolicy,
 	}
 
 	return TFLookup[name]

src/aws_datasource.go

@@ -536,6 +536,8 @@ func AwsDataLookup(find string) interface{} {
 		"aws_iot_registration_code":                                 dataAwsIotRegistrationCode,
 		"aws_opensearchserverless_lifecycle_policy":                 dataAwsOpensearchserverlessLifecyclePolicy,
 		"aws_emr_supported_instance_types":                          dataAwsEmrSupportedInstanceTypes,
+		"aws_lb_trust_store":                                        dataAwsLbTrustStore,
+		"aws_alb_trust_store":                                       dataAwsLbTrustStore,
 	}
 
 	return TFLookup[find]

src/coverage/aws.md

@@ -83,17 +83,8 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_cleanrooms_configured_table
 ./resource.ps1 aws_cloud9_environment_membership
 ./resource.ps1 aws_cloudcontrolapi_resource
-./resource.ps1 aws_cloudfront_realtime_log_config
 ./resource.ps1 aws_cloudhsm_v2_cluster
 ./resource.ps1 aws_cloudhsm_v2_hsm
-./resource.ps1 aws_codebuild_source_credential
-./resource.ps1 aws_codebuild_webhook
-./resource.ps1 aws_codecatalyst_dev_environment
-./resource.ps1 aws_codecatalyst_project
-./resource.ps1 aws_codecatalyst_source_repository
-./resource.ps1 aws_codecommit_approval_rule_template
-./resource.ps1 aws_codecommit_approval_rule_template_association
-./resource.ps1 aws_codecommit_trigger
 ./resource.ps1 aws_codegurureviewer_repository_association
 ./resource.ps1 aws_codepipeline_custom_action_type
 ./resource.ps1 aws_codepipeline_webhook
@@ -196,8 +187,6 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_dx_transit_virtual_interface
 ./resource.ps1 aws_dynamodb_kinesis_streaming_destination
 ./resource.ps1 aws_dynamodb_table_replica
-./resource.ps1 aws_ebs_default_kms_key
-./resource.ps1 aws_ebs_encryption_by_default
 ./resource.ps1 aws_ebs_snapshot_import
 ./resource.ps1 aws_ec2_availability_zone_group
 ./resource.ps1 aws_ec2_carrier_gateway
@@ -362,7 +351,6 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_kms_ciphertext
 ./resource.ps1 aws_kms_custom_key_store
 ./resource.ps1 aws_kms_external_key
-./resource.ps1 aws_kms_key_policy
 ./resource.ps1 aws_kms_replica_external_key
 ./resource.ps1 aws_kms_replica_key
 ./resource.ps1 aws_lakeformation_data_lake_settings
@@ -689,8 +677,6 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_synthetics_canary
 ./resource.ps1 aws_synthetics_group
 ./resource.ps1 aws_synthetics_group_association
-./resource.ps1 aws_timestreamwrite_database
-./resource.ps1 aws_timestreamwrite_table
 ./resource.ps1 aws_transcribe_language_model
 ./resource.ps1 aws_transcribe_medical_vocabulary
 ./resource.ps1 aws_transcribe_vocabulary
@@ -736,5 +722,3 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_worklink_website_certificate_authority_association
 ./resource.ps1 aws_workspaces_connection_alias
 ./resource.ps1 aws_workspaces_ip_group
-./resource.ps1 aws_lb_trust_store -type data
-./resource.ps1 aws_s3_directory_buckets -type data

src/files.go

@@ -1524,3 +1524,30 @@ var awsCloudfrontFunction []byte
 
 //go:embed mapping/aws/resource/cognito-idp/aws_cognito_identity_pool.json
 var awsCognitoIdentityPool []byte
+
+//go:embed mapping/aws/resource/timestreamwrite/aws_timestreamwrite_database.json
+var awsTimestreamwriteDatabase []byte
+
+//go:embed mapping/aws/resource/timestreamwrite/aws_timestreamwrite_table.json
+var awsTimestreamwriteTable []byte
+
+//go:embed mapping/aws/resource/codebuild/aws_codebuild_source_credential.json
+var awsCodebuildSourceCredential []byte
+
+//go:embed mapping/aws/resource/codecommit/aws_codecommit_approval_rule_template.json
+var awsCodecommitApprovalRuleTemplate []byte
+
+//go:embed mapping/aws/resource/codecommit/aws_codecommit_approval_rule_template_association.json
+var awsCodecommitApprovalRuleTemplateAssociation []byte
+
+//go:embed mapping/aws/resource/codecommit/aws_codecommit_trigger.json
+var awsCodecommitTrigger []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ebs_default_kms_key.json
+var awsEbsDefaultKmsKey []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ebs_encryption_by_default.json
+var awsEbsEncryptionByDefault []byte
+
+//go:embed mapping/aws/resource/kms/aws_kms_key_policy.json
+var awsKmsKeyPolicy []byte

src/files_datasource.go

@@ -1359,3 +1359,6 @@ var dataAwsOpensearchserverlessLifecyclePolicy []byte
 
 //go:embed mapping/aws/data/elasticmapreduce/aws_emr_supported_instance_types.json
 var dataAwsEmrSupportedInstanceTypes []byte
+
+//go:embed mapping/aws/data/elasticloadbalancing/aws_lb_trust_store.json
+var dataAwsLbTrustStore []byte

src/gitHub.go

@@ -4,13 +4,17 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"strconv"
+	"strings"
 
 	"github.com/google/go-github/v47/github"
 	"github.com/rs/zerolog/log"
 )
 
+const lastOK = 299
+
 // InvokeGithubDispatchEvent uses your gitHub api key (if sufficiently enabled) to invoke a gitHub action workflow.
 func InvokeGithubDispatchEvent(repository string, workflowFileName string, branch string) error {
 	owner, repo, err := SplitHub(repository)
@@ -48,6 +52,15 @@ func InvokeGithubDispatchEvent(repository string, workflowFileName string, branc
 		repo,
 		workflowFileName,
 		event)
+
+	if response == nil {
+		return fmt.Errorf("query failed")
+	}
+
+	if response.StatusCode > lastOK {
+		return fmt.Errorf("non success status code %s for %s", response.Status, url)
+	}
+
 	if err != nil {
 		log.Printf("invoke failed %s", response.Response.Status)
 
@@ -62,6 +75,7 @@ func InvokeGithubDispatchEvent(repository string, workflowFileName string, branc
 		if left == 0 {
 			return errors.New("you are being gitHub rate limited")
 		}
+
 		log.Printf("Invoked: Github rate limit remaining: %s", remains[0])
 	}
 
@@ -85,6 +99,7 @@ func VerifyBranch(client *github.Client, owner string, repo string, branch strin
 			found = true
 		}
 	}
+
 	if found {
 		return nil
 	}
@@ -94,17 +109,33 @@ func VerifyBranch(client *github.Client, owner string, repo string, branch strin
 
 // VerifyURL tests a url.
 func VerifyURL(url string) error {
+	if //goland:noinspection HttpUrlsUsage
+	strings.Contains(strings.ToLower(url), "http://") {
+		return errors.New("http is insecure")
+	}
+
 	resp, err := http.Get(url)
+
+	if resp == nil {
+		return errors.New("response was nil")
+	}
+
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+
+		}
+	}(resp.Body)
+
+	if resp.StatusCode > lastOK {
+		return fmt.Errorf("non success status code %s for %s", resp.Status, url)
+	}
+
 	if err != nil {
 		log.Printf("failed to reach %s for %s", url, resp.Status)
 
 		return err
 	}
 
-	if resp.StatusCode != http.StatusOK {
-		log.Printf("non ok status code %s for %s", resp.Status, url)
-		return errors.New(resp.Status)
-	}
-
 	return nil
 }

src/gitHub_test.go

@@ -38,3 +38,25 @@ func TestInvokeGithubDispatchEvent(t *testing.T) {
 		})
 	}
 }
+
+func TestVerifyURL(t *testing.T) {
+	type args struct {
+		url string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{"google", args{"www.google.com"}, true},
+		{"http", args{"http://www.google.com"}, true},
+		{"https", args{"https://www.google.com"}, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := pike.VerifyURL(tt.args.url); (err != nil) != tt.wantErr {
+				t.Errorf("VerifyURL() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}

src/mapping/aws/data/aws_lb_trust_store.json → src/mapping/aws/data/elasticloadbalancing/aws_lb_trust_store.json

@@ -6,6 +6,8 @@
     },
     "destroy": [],
     "modify": [],
-    "plan": []
+    "plan": [
+      "elasticloadbalancing:DescribeTrustStores"
+    ]
   }
 ]

src/mapping/aws/resource/codebuild/aws_codebuild_source_credential.json

@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "codebuild:ImportSourceCredentials",
+      "codebuild:ListSourceCredentials",
+      "codebuild:DeleteSourceCredentials"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "codebuild:DeleteSourceCredentials"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/codebuild/aws_codebuild_webhook.json

@@ -0,0 +1,19 @@
+[
+  {
+    "apply": [
+      "codebuild:CreateWebhook",
+      "codebuild:DeleteWebhook",
+      "codebuild:UpdateWebhook"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "codebuild:DeleteWebhook"
+    ],
+    "modify": [
+      "codebuild:UpdateWebhook"
+    ],
+    "plan": []
+  }
+]

src/mapping/aws/resource/codecommit/aws_codecommit_approval_rule_template.json

@@ -0,0 +1,19 @@
+[
+  {
+    "apply": [
+      "codecommit:CreateApprovalRuleTemplate",
+      "codecommit:GetApprovalRuleTemplate",
+      "codecommit:DeleteApprovalRuleTemplate",
+      "codecommit:DisassociateApprovalRuleTemplateFromRepository"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "codecommit:DeleteApprovalRuleTemplate",
+      "codecommit:DisassociateApprovalRuleTemplateFromRepository"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/codecommit/aws_codecommit_approval_rule_template_association.json

@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "codecommit:AssociateApprovalRuleTemplateWithRepository",
+      "codecommit:ListRepositoriesForApprovalRuleTemplate"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/codecommit/aws_codecommit_trigger.json

@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "codecommit:PutRepositoryTriggers",
+      "codecommit:GetRepositoryTriggers"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/ec2/aws_ebs_default_kms_key.json

@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "ec2:ModifyEbsDefaultKmsKeyId",
+      "ec2:GetEbsEncryptionByDefault",
+      "ec2:GetEbsDefaultKmsKeyId",
+      "ec2:ResetEbsDefaultKmsKeyId"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "ec2:ResetEbsDefaultKmsKeyId"
+    ],
+    "modify": [
+      "ec2:ModifyEbsDefaultKmsKeyId"
+    ],
+    "plan": []
+  }
+]

src/mapping/aws/resource/ec2/aws_ebs_encryption_by_default.json

@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "ec2:EnableEbsEncryptionByDefault",
+      "ec2:GetEbsEncryptionByDefault",
+      "ec2:DisableEbsEncryptionByDefault"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "ec2:DisableEbsEncryptionByDefault"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/kms/aws_kms_key_policy.json

@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "kms:PutKeyPolicy",
+      "kms:DescribeKey",
+      "kms:GetKeyPolicy",
+      "kms:GetKeyRotationStatus",
+      "kms:ListResourceTags"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]