more datasources

JamesWoolfenden · Sep 8, 2023 · a1a27dc · a1a27dc
1 parent a213bb0
commit a1a27dc
Show file tree

Hide file tree

Showing 28 changed files with 265 additions and 32 deletions.
diff --git a/src/aws_datasource.go b/src/aws_datasource.go
@@ -261,6 +261,9 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_kms_custom_key_store":                             dataAwsKmsCustomKeyStore,
 		"aws_kms_key":                                          dataAwsKmsKey,
 		"aws_kms_secrets":                                      dataAwsKmsSecrets,
+		"aws_lakeformation_data_lake_settings":                 dataAwsLakeformationDataLakeSettings,
+		"aws_lakeformation_permissions":                        dataAwsLakeformationPermissions,
+		"aws_lakeformation_resource":                           dataAwsLakeformationResource,
 		"aws_lambda_code_signing_config":                       dataAwsLambdaCodeSigningConfig,
 		"aws_lambda_function":                                  dataAwsLambdaFunction,
 		"aws_lambda_invocation":                                dataAwsLambdaInvocation,
@@ -274,10 +277,15 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_location_tracker_association":                     dataAwsLocationTrackerAssociation,
 		"aws_location_tracker_associations":                    dataAwsLocationTrackerAssociations,
 		"aws_mq_broker":                                        dataAwsMqBroker,
+		"aws_mq_broker_instance_type_offerings":                dataAwsMqBrokerInstanceTypeOfferings,
 		"aws_msk_broker_nodes":                                 dataAwsBrokerNodes,
 		"aws_msk_cluster":                                      dataAwsMskCluster,
 		"aws_msk_configuration":                                dataAwsMskConfiguration,
 		"aws_msk_kafka_version":                                dataAwsMskKafkaVersion,
+		"aws_msk_vpc_connection":                               dataAwsMskVpcConnection,
+		"aws_mskconnect_connector":                             dataAwsMskconnectConnector,
+		"aws_mskconnect_custom_plugin":                         dataAwsMskconnectCustomPlugin,
+		"aws_mskconnect_worker_configuration":                  dataAwsMskconnectWorkerConfiguration,
 		"aws_nat_gateway":                                      dataAwsNatGateway,
 		"aws_nat_gateways":                                     dataAwsNatGateways,
 		"aws_neptune_engine_version":                           dataAwsNeptuneEngineVersion,
@@ -296,6 +304,7 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_quicksight_group":                                 dataAwsQuicksightGroup,
 		"aws_quicksight_theme":                                 dataAwsQuicksightTheme,
 		"aws_quicksight_user":                                  dataAwsQuicksightUser,
+		"aws_ram_resource_share":                               dataAwsRamResourceShare,
 		"aws_rds_certificate":                                  dataAwsRdsCertificate,
 		"aws_rds_cluster":                                      dataAwsRdsCluster,
 		"aws_rds_clusters":                                     dataAwsRdsClusters,
@@ -310,6 +319,7 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_redshiftserverless_credentials":                   placeholder,
 		"aws_region":                                           placeholder,
 		"aws_regions":                                          dataAwsRegions,
+		"aws_resourcegroupstaggingapi_resources":               dataAwsResourcegroupstaggingapiResources,
 		"aws_route":                                            dataAwsRoute,
 		"aws_route53_resolver_firewall_config":                 dataAwsRoute53ResolverFirewallConfig,
 		"aws_route53_resolver_firewall_domain_list":            dataAwsRoute53ResolverFirewallDomainList,
@@ -329,10 +339,14 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_s3_objects":                                       dataAwsS3Objects,
 		"aws_s3control_multi_region_access_point":              dataAwsS3controlMultiRegionAccessPoint,
 		"aws_sagemaker_prebuilt_ecr_image":                     placeholder,
+		"aws_secretsmanager_random_password":                   dataAwsSecretsmanagerRandomPassword,
 		"aws_secretsmanager_secret":                            dataAwsSecretsmanagerSecret,
+		"aws_secretsmanager_secret_rotation":                   dataAwsSecretsmanagerSecretRotation,
 		"aws_secretsmanager_secret_version":                    dataAwsSecretsmanagerSecretVersion,
+		"aws_secretsmanager_secrets":                           dataAwsSecretsmanagerSecrets,
 		"aws_security_group":                                   dataAwsSecurityGroup,
 		"aws_security_groups":                                  dataAwsSecurityGroup,
+		"aws_serverlessapplicationrepository_application":      dataAwsServerlessapplicationrepositoryApplication,
 		"aws_service":                                          placeholder,
 		"aws_service_discovery_dns_namespace":                  dataAwsServiceDiscoveryDNSNamespace,
 		"aws_service_discovery_http_namespace":                 dataAwsServiceDiscoveryHTTPNamespace,
@@ -344,6 +358,8 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_sfn_alias":                                        dataAwsSfnAlias,
 		"aws_sfn_state_machine":                                dataAwsSfnStateMachine,
 		"aws_sfn_state_machine_versions":                       dataAwsSfnStateMachineVersion,
+		"aws_signer_signing_job":                               dataAwsSignerSigningJob,
+		"aws_signer_signing_profile":                           dataAwsSignerSigningProfile,
 		"aws_sns_topic":                                        dataAwsSnsTopic,
 		"aws_sqs_queue":                                        dataAwsSqsQueue,
 		"aws_sqs_queues":                                       dataAwsSqsQueues,
@@ -353,7 +369,14 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_ssm_parameter":                                    dataAwsSsmParameter,
 		"aws_ssm_parameters_by_path":                           dataAwsSsmParametersByPath,
 		"aws_ssm_patch_baseline":                               dataAwsSsmPatchBaseline,
+		"aws_ssmcontacts_contact":                              placeholder,
+		"aws_ssmcontacts_contact_channel":                      placeholder,
+		"aws_ssmcontacts_plan":                                 placeholder,
+		"aws_ssmincidents_replication_set":                     dataAwsSsmincidentsReplicationSet,
+		"aws_ssmincidents_response_plan":                       placeholder,
 		"aws_ssoadmin_instances":                               dataAwsSsoadminInstances,
+		"aws_ssoadmin_permission_set":                          dataAwsSsoadminPermissionSet,
+		"aws_storagegateway_local_disk":                        placeholder,
 		"aws_subnet":                                           dataAwsSubnetIds,
 		"aws_subnet_ids":                                       dataAwsSubnetIds,
 		"aws_subnets":                                          dataAwsSubnetIds,
@@ -365,6 +388,11 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_vpc_ipam_pool":                                    dataAwsVpcIpamPoolCidrs,
 		"aws_vpc_ipam_pool_cidrs":                              dataAwsVpcIpamPoolCidrs,
 		"aws_vpc_ipam_pools":                                   dataAwsVpcIpamPools,
+		"aws_vpc_ipam_preview_next_cidr":                       placeholder,
+		"aws_vpc_peering_connection":                           dataAwsVpcPeeringConnection,
+		"aws_vpc_peering_connections":                          dataAwsVpcPeeringConnections,
+		"aws_vpc_security_group_rule":                          dataAwsVpcSecurityGroupRule,
+		"aws_vpc_security_group_rules":                         dataAwsVpcSecurityGroupRules,
 		"aws_vpcs":                                             dataAwsVpcs,
 		"aws_vpn_gateway":                                      dataAwsVpnGateway,
 		"aws_waf_ipset":                                        dataAwsWafIpset,
@@ -382,20 +410,6 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_workspaces_bundle":                                dataAwsWorkspacesBundle,
 		"aws_workspaces_directory":                             dataAwsWorkspaceDirectory,
 		"aws_workspaces_image":                                 dataAwsWorkspaceImage,
-		"aws_lakeformation_data_lake_settings":                 dataAwsLakeformationDataLakeSettings,
-		"aws_lakeformation_permissions":                        dataAwsLakeformationPermissions,
-		"aws_lakeformation_resource":                           dataAwsLakeformationResource,
-		"aws_mq_broker_instance_type_offerings":                dataAwsMqBrokerInstanceTypeOfferings,
-		"aws_secretsmanager_random_password":                   dataAwsSecretsmanagerRandomPassword,
-		"aws_secretsmanager_secret_rotation":                   dataAwsSecretsmanagerSecretRotation,
-		"aws_secretsmanager_secrets":                           dataAwsSecretsmanagerSecrets,
-		"aws_ssoadmin_permission_set":                          dataAwsSsoadminPermissionSet,
-		"aws_storagegateway_local_disk":                        placeholder,
-		"aws_vpc_ipam_preview_next_cidr":                       placeholder,
-		"aws_vpc_peering_connection":                           dataAwsVpcPeeringConnection,
-		"aws_vpc_peering_connections":                          dataAwsVpcPeeringConnections,
-		"aws_vpc_security_group_rule":                          dataAwsVpcSecurityGroupRule,
-		"aws_vpc_security_group_rules":                         dataAwsVpcSecurityGroupRules,
 	}
 
 	var (

diff --git a/src/files_datasource.go b/src/files_datasource.go
@@ -1017,3 +1017,33 @@ var dataAwsVpcSecurityGroupRule []byte
 
 //go:embed mapping/aws/data/ec2/aws_vpc_security_group_rules.json
 var dataAwsVpcSecurityGroupRules []byte
+
+//go:embed mapping/aws/data/kafka/aws_msk_vpc_connection.json
+var dataAwsMskVpcConnection []byte
+
+//go:embed mapping/aws/data/kafka/aws_mskconnect_connector.json
+var dataAwsMskconnectConnector []byte
+
+//go:embed mapping/aws/data/kafka/aws_mskconnect_custom_plugin.json
+var dataAwsMskconnectCustomPlugin []byte
+
+//go:embed mapping/aws/data/kafka/aws_mskconnect_worker_configuration.json
+var dataAwsMskconnectWorkerConfiguration []byte
+
+//go:embed mapping/aws/data/ram/aws_ram_resource_share.json
+var dataAwsRamResourceShare []byte
+
+//go:embed mapping/aws/data/tag/aws_resourcegroupstaggingapi_resources.json
+var dataAwsResourcegroupstaggingapiResources []byte
+
+//go:embed mapping/aws/data/serverlessrepo/aws_serverlessapplicationrepository_application.json
+var dataAwsServerlessapplicationrepositoryApplication []byte
+
+//go:embed mapping/aws/data/signer/aws_signer_signing_job.json
+var dataAwsSignerSigningJob []byte
+
+//go:embed mapping/aws/data/signer/aws_signer_signing_profile.json
+var dataAwsSignerSigningProfile []byte
+
+//go:embed mapping/aws/data/ssm-incidents/aws_ssmincidents_replication_set.json
+var dataAwsSsmincidentsReplicationSet []byte
diff --git a/src/mapping/aws/data/kafka/aws_msk_vpc_connection.json b/src/mapping/aws/data/kafka/aws_msk_vpc_connection.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "kafka:DescribeVpcConnection"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/kafka/aws_mskconnect_connector.json b/src/mapping/aws/data/kafka/aws_mskconnect_connector.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "kafkaconnect:ListConnectors"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/kafka/aws_mskconnect_custom_plugin.json b/src/mapping/aws/data/kafka/aws_mskconnect_custom_plugin.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "kafkaconnect:ListCustomPlugins"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/kafka/aws_mskconnect_worker_configuration.json b/src/mapping/aws/data/kafka/aws_mskconnect_worker_configuration.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "kafkaconnect:ListWorkerConfigurations"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/ram/aws_ram_resource_share.json b/src/mapping/aws/data/ram/aws_ram_resource_share.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ram:GetResourceShares"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/serverlessrepo/aws_serverlessapplicationrepository_application.json b/src/mapping/aws/data/serverlessrepo/aws_serverlessapplicationrepository_application.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "serverlessrepo:GetApplication"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/signer/aws_signer_signing_job.json b/src/mapping/aws/data/signer/aws_signer_signing_job.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "Signer:DescribeSigningJob"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/signer/aws_signer_signing_profile.json b/src/mapping/aws/data/signer/aws_signer_signing_profile.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "Signer:GetSigningProfile"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/ssm-incidents/aws_ssmincidents_replication_set.json b/src/mapping/aws/data/ssm-incidents/aws_ssmincidents_replication_set.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ssm-incidents:ListReplicationSets"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/tag/aws_resourcegroupstaggingapi_resources.json b/src/mapping/aws/data/tag/aws_resourcegroupstaggingapi_resources.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "tag:GetResources"
+    ]
+  }
+]
diff --git a/terraform/aws/backup/data.aws_msk_vpc_connection.tf b/terraform/aws/backup/data.aws_msk_vpc_connection.tf
@@ -0,0 +1,3 @@
+data "aws_msk_vpc_connection" "pike" {
+  arn = "arn::aws:msk:eu-west-2:680235478471:shizzle"
+}
diff --git a/terraform/aws/backup/data.aws_mskconnect_connector.tf b/terraform/aws/backup/data.aws_mskconnect_connector.tf
@@ -0,0 +1,3 @@
+data "aws_mskconnect_connector" "pike" {
+  name = "pike"
+}
diff --git a/terraform/aws/backup/data.aws_mskconnect_custom_plugin.tf b/terraform/aws/backup/data.aws_mskconnect_custom_plugin.tf
@@ -0,0 +1,3 @@
+data "aws_mskconnect_custom_plugin" "pike" {
+  name = ""
+}
diff --git a/terraform/aws/backup/data.aws_mskconnect_worker_configuration.tf b/terraform/aws/backup/data.aws_mskconnect_worker_configuration.tf
@@ -0,0 +1,3 @@
+data "aws_mskconnect_worker_configuration" "pike" {
+  name = ""
+}
diff --git a/terraform/aws/backup/data.aws_ram_resource_share.tf b/terraform/aws/backup/data.aws_ram_resource_share.tf
@@ -0,0 +1,4 @@
+data "aws_ram_resource_share" "pike" {
+  name           = "pike"
+  resource_owner = "SELF"
+}
diff --git a/terraform/aws/backup/data.aws_resourcegroupstaggingapi_resources.tf b/terraform/aws/backup/data.aws_resourcegroupstaggingapi_resources.tf
@@ -0,0 +1,5 @@
+data "aws_resourcegroupstaggingapi_resources" "pike" {}
+
+output "tags" {
+  value = data.aws_resourcegroupstaggingapi_resources.pike
+}
diff --git a/terraform/aws/backup/data.aws_serverlessapplicationrepository_application.tf b/terraform/aws/backup/data.aws_serverlessapplicationrepository_application.tf
@@ -0,0 +1,3 @@
+data "aws_serverlessapplicationrepository_application" "pike" {
+  application_id = "arn:aws:serverlessrepo:eu-west-2:680235478471:applications/ExampleApplication"
+}
diff --git a/terraform/aws/backup/data.aws_signer_signing_job.tf b/terraform/aws/backup/data.aws_signer_signing_job.tf
@@ -0,0 +1,3 @@
+data "aws_signer_signing_job" "pike" {
+  job_id = "9ed7e5c3-b8d4-4da0-8459-44e0b068f7ee"
+}
diff --git a/terraform/aws/backup/data.aws_signer_signing_profile.tf b/terraform/aws/backup/data.aws_signer_signing_profile.tf
@@ -0,0 +1,3 @@
+data "aws_signer_signing_profile" "pike" {
+  name = "pike"
+}
diff --git a/terraform/aws/backup/data.aws_ssmcontacts_contact.tf b/terraform/aws/backup/data.aws_ssmcontacts_contact.tf
@@ -0,0 +1,3 @@
+data "aws_ssmcontacts_contact" "pike" {
+  arn = ""
+}
diff --git a/terraform/aws/backup/data.aws_ssmcontacts_contact_channel.tf b/terraform/aws/backup/data.aws_ssmcontacts_contact_channel.tf
@@ -0,0 +1,3 @@
+data "aws_ssmcontacts_contact_channel" "pike" {
+  arn = "arn:aws:ssm-contacts:eu-west-2:680235478471:contact-channel/example"
+}
diff --git a/terraform/aws/backup/data.aws_ssmcontacts_plan.tf b/terraform/aws/backup/data.aws_ssmcontacts_plan.tf
@@ -0,0 +1,3 @@
+data "aws_ssmcontacts_plan" "pike" {
+  contact_id = "arn:aws:ssm-contacts:us-west-2:680235478471:contact/contactalias"
+}
diff --git a/terraform/aws/backup/data.aws_ssmincidents_replication_set.tf b/terraform/aws/backup/data.aws_ssmincidents_replication_set.tf
@@ -0,0 +1 @@
+data "aws_ssmincidents_replication_set" "pike" {}
diff --git a/terraform/aws/backup/data.aws_ssmincidents_response_plan.tf b/terraform/aws/backup/data.aws_ssmincidents_response_plan.tf
@@ -0,0 +1,17 @@
+data "aws_ssmincidents_response_plan" "pike" {
+  arn = aws_ssmincidents_response_plan.example.arn
+}
+
+#resource "aws_ssmincidents_response_plan" "example" {
+#  name = "name"
+#
+#  incident_template {
+#    title  = "title"
+#    impact = "3"
+#  }
+#
+#  tags = {
+#    key = "value"
+#  }
+#
+#}
diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf
@@ -7,10 +7,26 @@ resource "aws_iam_policy" "basic" {
         "Sid" : "0",
         "Effect" : "Allow",
         "Action" : [
-          //aws_vpc_ipam_pool
-          "ec2:DescribeIpamPools",
-          //aws_vpc_peering_connection
-          ,
+          //aws_ssmincidents_replication_set
+          "ssm-incidents:ListReplicationSets",
+          //aws_resourcegroupstaggingapi_resources
+          "tag:GetResources",
+          //aws_ram_resource_share
+          "ram:GetResourceShares",
+          //aws_mskconnect_worker_configuration
+          "kafkaconnect:ListWorkerConfigurations",
+          //aws_mskconnect_custom_plugin
+          "kafkaconnect:ListCustomPlugins",
+          //aws_mskconnect_connector
+          "kafkaconnect:ListConnectors",
+          //aws_msk_vpc_connection
+          "kafka:DescribeVpcConnection",
+          //aws_serverlessapplicationrepository_application
+          "serverlessrepo:GetApplication",
+          //aws_signer_signing_profile
+          "Signer:GetSigningProfile",
+          //aws_signer_signing_job
+          "Signer:DescribeSigningJob"
 
         ],
         "Resource" : "*",
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		data "aws_ssmincidents_replication_set" "pike" {}