WIP

JamesWoolfenden · Nov 20, 2024 · 5750ff3 · 5750ff3
1 parent 14354c3
commit 5750ff3
Show file tree

Hide file tree

Showing 366 changed files with 9,349 additions and 2,009 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -43,6 +43,6 @@ jobs:
         run: go test ./... -coverprofile=./cover.out
 
       - name: Upload coverage reports to Codecov
-        uses: codecov/codecov-action@0f8570b1a125f4937846a11fcfa3bcd548bd8c97 # v4.6.0
+        uses: codecov/codecov-action@a2f73fb6db51fcd2e0aa085dfb36dea90c5e3689 # v5.0.2
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
diff --git a/README.md b/README.md
@@ -36,29 +36,31 @@ unrecorded intentions can be impossible to infer.
 ## Table of Contents
 
 <!--toc:start-->
+
 - [Pike](#pike)
-  - [Table of Contents](#table-of-contents)
-  - [Install](#install)
-    - [MacOS](#macos)
-    - [Windows](#windows)
-    - [Docker](#docker)
-  - [Usage](#usage)
-    - [Scan](#scan)
-    - [Output](#output)
-    - [Make](#make)
-    - [Invoke](#invoke)
-    - [Inspect](#inspect)
-    - [Apply](#apply)
-    - [Remote](#remote)
-    - [Readme](#readme)
-    - [Pull](#pull)
-  - [Compare](#compare)
-  - [Help](#help)
-  - [Building](#building)
-  - [Extending](#extending)
-    - [Add Import mapping file](#add-import-mapping-file)
-    - [Add to provider Scan](#add-to-provider-scan)
-  - [Related Tools](#related-tools)
+    - [Table of Contents](#table-of-contents)
+    - [Install](#install)
+        - [MacOS](#macos)
+        - [Windows](#windows)
+        - [Docker](#docker)
+    - [Usage](#usage)
+        - [Scan](#scan)
+        - [Output](#output)
+        - [Make](#make)
+        - [Invoke](#invoke)
+        - [Inspect](#inspect)
+        - [Apply](#apply)
+        - [Remote](#remote)
+        - [Readme](#readme)
+        - [Pull](#pull)
+    - [Compare](#compare)
+    - [Help](#help)
+    - [Building](#building)
+    - [Extending](#extending)
+        - [Add Import mapping file](#add-import-mapping-file)
+        - [Add to provider Scan](#add-to-provider-scan)
+    - [Related Tools](#related-tools)
+
 <!--toc:end-->
 
 ## Install

diff --git a/resource.ps1 b/resource.ps1
@@ -49,5 +49,5 @@ else
     $tffile = path terraform $provider "$resource.tf"
 }
 
-$tffile=path $PSScriptRoot $tffile
+$tffile = path $PSScriptRoot $tffile
 new-item $tffile -value $content
diff --git a/src/aws.go b/src/aws.go
@@ -6,17 +6,22 @@ import (
 	"fmt"
 )
 
-const terraform string = "terraform"
+const (
+	terraform string = "terraform"
+	module    string = "module"
+	resource  string = "resource"
+	data      string = "data"
+)
 
 // GetAWSPermissions for AWS resources.
 func GetAWSPermissions(result ResourceV2) ([]string, error) {
 	// Validate the input
 	if result.TypeName == "" {
-		return nil, errors.New("TypeName cannot be empty")
+		return nil, errors.New("typeName cannot be empty")
 	}
 
 	if result.Name == "" {
-		return nil, errors.New("Name cannot be empty")
+		return nil, errors.New("name cannot be empty")
 	}
 
 	var (
@@ -25,22 +30,22 @@ func GetAWSPermissions(result ResourceV2) ([]string, error) {
 	)
 
 	switch result.TypeName {
-	case "resource", terraform:
+	case resource, terraform:
 		{
 			Permissions, err = GetAWSResourcePermissions(result)
 
 			if err != nil {
 				return Permissions, err
 			}
 		}
-	case "data":
+	case data:
 		{
 			Permissions, err = GetAWSDataPermissions(result)
 			if err != nil {
 				return Permissions, err
 			}
 		}
-	case "module":
+	case module:
 		{
 			// do nothing this is a module not a base resource type, and
 			// we shouldn't really be able to get here unless well bad naming
@@ -72,6 +77,7 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) {
 	return Permissions, err
 }
 
+//goland:noinspection LongLine
 func AwsLookup(name string) interface{} {
 	TFLookup := map[string]interface{}{
 		"aws_accessanalyzer_analyzer":                                      awsAccessAnalyzer,
@@ -1140,6 +1146,8 @@ func AwsLookup(name string) interface{} {
 		"aws_quicksight_template_alias":                                    awsQuicksightTemplateAlias,
 		"aws_quicksight_vpc_connection":                                    awsQuicksightVpcConnection,
 		"aws_s3_bucket_analytics_configuration":                            awsS3BucketAnalyticsConfiguration,
+		"aws_backup_logically_air_gapped_vault":                            awsBackupLogicallyAirGappedVault,
+		"aws_kinesis_resource_policy":                                      awsKinesisResourcePolicy,
 	}
 
 	return TFLookup[name]

diff --git a/src/aws_datasource.go b/src/aws_datasource.go
@@ -21,6 +21,7 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) {
 // AwsDataLookup is a map to connect resource name to an object map
 //
 //nolint:funlen
+//goland:noinspection GoLinter
 func AwsDataLookup(find string) interface{} { //nolint:maintidx
 	//goland:noinspection LongLine
 	TFLookup := map[string]interface{}{

diff --git a/src/aws_datasource_test.go b/src/aws_datasource_test.go
@@ -64,12 +64,15 @@ func TestGetAWSDataPermissions(t *testing.T) {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
+
 			got, err := pike.GetAWSDataPermissions(tt.args.result)
+
 			if (err != nil) != tt.wantErr {
 				t.Errorf("GetAWSDataPermissions() error = %v, wantErr %v", err, tt.wantErr)
 
 				return
 			}
+
 			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("GetAWSDataPermissions() = %v, want %v", got, tt.want)
 			}

diff --git a/src/aws_test.go b/src/aws_test.go
@@ -110,12 +110,15 @@ func TestGetAWSPermissions(t *testing.T) {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
+
 			got, err := pike.GetAWSPermissions(tt.args.result)
+
 			if (err != nil) != tt.wantErr {
 				t.Errorf("GetAWSPermissions() error = %v, wantErr %v", err, tt.wantErr)
 
 				return
 			}
+
 			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("GetAWSPermissions() = %v, want %v", got, tt.want)
 			}
@@ -176,11 +179,13 @@ func TestGetAWSResourcePermissions(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got, err := pike.GetAWSResourcePermissions(tt.args.result)
+
 			if (err != nil) != tt.wantErr {
 				t.Errorf("GetAWSResourcePermissions() error = %v, wantErr %v", err, tt.wantErr)
 
 				return
 			}
+
 			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("GetAWSResourcePermissions() = %v, want %v", got, tt.want)
 			}
@@ -355,10 +360,13 @@ func TestIsTypeOK(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got, err := pike.IsTypeOK(tt.args)
+
 			if (err != nil) != tt.wantErr {
 				t.Errorf("IsTypeOK() error = %v, wantErr %v", err, tt.wantErr)
+
 				return
 			}
+
 			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("IsTypeOK() = %v, want %v", got, tt.want)
 			}

diff --git a/src/azure_datasource_test.go b/src/azure_datasource_test.go
@@ -47,12 +47,15 @@ func TestGetAZUREDataPermissions(t *testing.T) {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
+
 			got, err := pike.GetAZUREDataPermissions(tt.args.result)
+
 			if (err != nil) != tt.wantErr {
 				t.Errorf("GetAZUREDataPermissions() error = %v, wantErr %v", err, tt.wantErr)
 
 				return
 			}
+
 			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("GetAZUREDataPermissions() = %v, want %v", got, tt.want)
 			}

diff --git a/src/coverage/aws.md b/src/coverage/aws.md
@@ -1,7 +1,7 @@
-# todo aws
+# todo aws 
 
-Resource percentage coverage   73.70
-Datasource percentage coverage 100.00
+Resource percentage coverage   73.79 
+Datasource percentage coverage 100.00 
 
 ./resource.ps1 aws_amplify_backend_environment
 ./resource.ps1 aws_amplify_webhook
@@ -34,7 +34,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_appsync_graphql_api
 ./resource.ps1 aws_appsync_source_api_association
 ./resource.ps1 aws_appsync_type
-./resource.ps1 aws_backup_logically_air_gapped_vault
 ./resource.ps1 aws_bedrock_guardrail
 ./resource.ps1 aws_bedrock_guardrail_version
 ./resource.ps1 aws_bedrockagent_agent_knowledge_base_association
@@ -179,7 +178,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_kendra_query_suggestions_block_list
 ./resource.ps1 aws_kendra_thesaurus
 ./resource.ps1 aws_kinesis_analytics_application
-./resource.ps1 aws_kinesis_resource_policy
 ./resource.ps1 aws_kinesisanalyticsv2_application_snapshot
 ./resource.ps1 aws_lakeformation_data_lake_settings
 ./resource.ps1 aws_lakeformation_lf_tag
@@ -379,6 +377,7 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_vpc_ipam_organization_admin_account
 ./resource.ps1 aws_vpc_ipv6_cidr_block_association
 ./resource.ps1 aws_vpc_network_performance_metric_subscription
+./resource.ps1 aws_vpc_security_group_vpc_association
 ./resource.ps1 aws_wafregional_web_acl_association
 ./resource.ps1 aws_worklink_fleet
 ./resource.ps1 aws_worklink_website_certificate_authority_association
diff --git a/src/coverage/azure.md b/src/coverage/azure.md
@@ -1,7 +1,7 @@
-# todo azure
+# todo azure 
 
-Resource percentage coverage   4.64
-Datasource percentage coverage 36.20
+Resource percentage coverage   4.62 
+Datasource percentage coverage 35.88 
 
 ./resource.ps1 azurerm_aadb2c_directory
 ./resource.ps1 azurerm_active_directory_domain_service
@@ -337,6 +337,7 @@ Datasource percentage coverage 36.20
 ./resource.ps1 azurerm_dns_ptr_record
 ./resource.ps1 azurerm_dns_srv_record
 ./resource.ps1 azurerm_dns_txt_record
+./resource.ps1 azurerm_dynatrace_monitor
 ./resource.ps1 azurerm_elastic_cloud_elasticsearch
 ./resource.ps1 azurerm_elastic_san
 ./resource.ps1 azurerm_elastic_san_volume
@@ -604,6 +605,8 @@ Datasource percentage coverage 36.20
 ./resource.ps1 azurerm_nat_gateway_public_ip_prefix_association
 ./resource.ps1 azurerm_netapp_account
 ./resource.ps1 azurerm_netapp_account_encryption
+./resource.ps1 azurerm_netapp_backup_policy
+./resource.ps1 azurerm_netapp_backup_vault
 ./resource.ps1 azurerm_netapp_pool
 ./resource.ps1 azurerm_netapp_snapshot
 ./resource.ps1 azurerm_netapp_snapshot_policy
@@ -853,6 +856,7 @@ Datasource percentage coverage 36.20
 ./resource.ps1 azurerm_stack_hci_extension
 ./resource.ps1 azurerm_stack_hci_logical_network
 ./resource.ps1 azurerm_stack_hci_marketplace_gallery_image
+./resource.ps1 azurerm_stack_hci_network_interface
 ./resource.ps1 azurerm_stack_hci_storage_path
 ./resource.ps1 azurerm_stack_hci_virtual_hard_disk
 ./resource.ps1 azurerm_static_site
@@ -1117,6 +1121,7 @@ Datasource percentage coverage 36.20
 ./resource.ps1 azurerm_iothub_shared_access_policy -type data
 ./resource.ps1 azurerm_ip_group -type data
 ./resource.ps1 azurerm_ip_groups -type data
+./resource.ps1 azurerm_key_vault_managed_hardware_security_module_key -type data
 ./resource.ps1 azurerm_key_vault_managed_hardware_security_module_role_definition -type data
 ./resource.ps1 azurerm_kubernetes_cluster -type data
 ./resource.ps1 azurerm_kubernetes_cluster_node_pool -type data
@@ -1226,3 +1231,5 @@ Datasource percentage coverage 36.20
 ./resource.ps1 azurerm_virtual_desktop_workspace -type data
 ./resource.ps1 azurerm_virtual_network_peering -type data
 ./resource.ps1 azurerm_vpn_server_configuration -type data
+./resource.ps1 netapp_backup_policy -type data
+./resource.ps1 netapp_backup_vault -type data
diff --git a/src/coverage/coverage_test.go b/src/coverage/coverage_test.go
@@ -48,6 +48,7 @@ func Test_percent(t *testing.T) {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
+
 			got := percent(tt.args.missing, tt.args.data)
 
 			if !pike.AlmostEqual(got, tt.want) {

diff --git a/src/coverage/google.md b/src/coverage/google.md
@@ -1,7 +1,7 @@
-# todo google
+# todo google 
 
-Resource percentage coverage   19.25
-Datasource percentage coverage 75.70
+Resource percentage coverage   19.19 
+Datasource percentage coverage 75.47 
 
 ./resource.ps1 google_access_context_manager_access_level_condition
 ./resource.ps1 google_access_context_manager_service_perimeter_dry_run_egress_policy
@@ -359,6 +359,7 @@ Datasource percentage coverage 75.70
 ./resource.ps1 google_dataproc_cluster_iam_policy
 ./resource.ps1 google_dataproc_gdc_application_environment
 ./resource.ps1 google_dataproc_gdc_service_instance
+./resource.ps1 google_dataproc_gdc_spark_application
 ./resource.ps1 google_dataproc_job
 ./resource.ps1 google_dataproc_job_iam_binding
 ./resource.ps1 google_dataproc_job_iam_member
@@ -500,6 +501,8 @@ Datasource percentage coverage 75.70
 ./resource.ps1 google_healthcare_workspace
 ./resource.ps1 google_iam_access_boundary_policy
 ./resource.ps1 google_iam_deny_policy
+./resource.ps1 google_iam_folders_policy_binding
+./resource.ps1 google_iam_organizations_policy_binding
 ./resource.ps1 google_iam_principal_access_boundary_policy
 ./resource.ps1 google_iam_workforce_pool
 ./resource.ps1 google_iam_workforce_pool_provider
@@ -817,6 +820,7 @@ Datasource percentage coverage 75.70
 ./resource.ps1 google_workstations_workstation_iam_binding
 ./resource.ps1 google_workstations_workstation_iam_member
 ./resource.ps1 google_workstations_workstation_iam_policy
+./resource.ps1 google_access_context_manager_access_policy -type data
 ./resource.ps1 google_apphub_application -type data
 ./resource.ps1 google_apphub_discovered_service -type data
 ./resource.ps1 google_apphub_discovered_workload -type data