more datasources

JamesWoolfenden · Sep 8, 2023 · c37e9b2 · c37e9b2
1 parent a1a27dc
commit c37e9b2
Show file tree

Hide file tree

Showing 26 changed files with 324 additions and 29 deletions.
diff --git a/src/aws.go b/src/aws.go
@@ -484,6 +484,7 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) {
 		"aws_workspaces_directory":                           awsWorkspacesDirectory,
 		"aws_acmpca_certificate_authority_certificate":       awsAcmpcaCertificateAuthorityCertificate,
 		"aws_acmpca_certificate":                             awsAcmpcaCertificate,
+		"aws_networkfirewall_resource_policy":                awsNetworkfirewallResourcePolicy,
 	}
 
 	var (

diff --git a/src/aws_datasource.go b/src/aws_datasource.go
@@ -410,6 +410,15 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { //nolint:maint
 		"aws_workspaces_bundle":                                dataAwsWorkspacesBundle,
 		"aws_workspaces_directory":                             dataAwsWorkspaceDirectory,
 		"aws_workspaces_image":                                 dataAwsWorkspaceImage,
+		"aws_licensemanager_grants":                            dataAwsLicensemanagerGrants,
+		"aws_licensemanager_received_license":                  dataAwsLicensemanagerReceivedLicense,
+		"aws_licensemanager_received_licenses":                 dataAwsLicensemanagerReceivedLicenses,
+		"aws_networkfirewall_firewall":                         dataAwsNetworkfirewallFirewall,
+		"aws_networkfirewall_firewall_policy":                  dataAwsNetworkfirewallFirewallPolicy,
+		"aws_networkfirewall_resource_policy":                  dataAwsNetworkfirewallResourcePolicy,
+		"aws_qldb_ledger":                                      dataAwsQldbLedger,
+		"aws_redshiftserverless_namespace":                     dataAwsRedshiftserverlessNamespace,
+		"aws_redshiftserverless_workgroup":                     dataAwsRedshiftserverlessWorkgroup,
 	}
 
 	var (

diff --git a/src/files.go b/src/files.go
@@ -4,6 +4,9 @@ import (
 	_ "embed" // required for embed
 )
 
+//go:embed mapping/aws/resource/network-firewall/aws_networkfirewall_resource_policy.json
+var awsNetworkfirewallResourcePolicy []byte
+
 //go:embed mapping/aws/resource/elasticloadbalancing/aws_lb_target_group.json
 var awsLbTargetGroup []byte
 

diff --git a/src/files_datasource.go b/src/files_datasource.go
@@ -1047,3 +1047,30 @@ var dataAwsSignerSigningProfile []byte
 
 //go:embed mapping/aws/data/ssm-incidents/aws_ssmincidents_replication_set.json
 var dataAwsSsmincidentsReplicationSet []byte
+
+//go:embed mapping/aws/data/license-manager/aws_licensemanager_grants.json
+var dataAwsLicensemanagerGrants []byte
+
+//go:embed mapping/aws/data/license-manager/aws_licensemanager_received_license.json
+var dataAwsLicensemanagerReceivedLicense []byte
+
+//go:embed mapping/aws/data/license-manager/aws_licensemanager_received_licenses.json
+var dataAwsLicensemanagerReceivedLicenses []byte
+
+//go:embed mapping/aws/data/network-firewall/aws_networkfirewall_firewall.json
+var dataAwsNetworkfirewallFirewall []byte
+
+//go:embed mapping/aws/data/network-firewall/aws_networkfirewall_firewall_policy.json
+var dataAwsNetworkfirewallFirewallPolicy []byte
+
+//go:embed mapping/aws/data/network-firewall/aws_networkfirewall_resource_policy.json
+var dataAwsNetworkfirewallResourcePolicy []byte
+
+//go:embed mapping/aws/data/qldb/aws_qldb_ledger.json
+var dataAwsQldbLedger []byte
+
+//go:embed mapping/aws/data/redshift-serverless/awas_redshiftserverless_namespace.json
+var dataAwsRedshiftserverlessNamespace []byte
+
+//go:embed mapping/aws/data/redshift-serverless/awas_redshiftserverless_workgroups.json
+var dataAwsRedshiftserverlessWorkgroup []byte
diff --git a/src/mapping/aws/data/license-manager/aws_licensemanager_grants.json b/src/mapping/aws/data/license-manager/aws_licensemanager_grants.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "license-manager:ListDistributedGrants"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/license-manager/aws_licensemanager_received_license.json b/src/mapping/aws/data/license-manager/aws_licensemanager_received_license.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "license-manager:ListReceivedLicenses"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/license-manager/aws_licensemanager_received_licenses.json b/src/mapping/aws/data/license-manager/aws_licensemanager_received_licenses.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "license-manager:ListReceivedLicenses"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/network-firewall/aws_networkfirewall_firewall.json b/src/mapping/aws/data/network-firewall/aws_networkfirewall_firewall.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "network-firewall:DescribeFirewall"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/network-firewall/aws_networkfirewall_firewall_policy.json b/src/mapping/aws/data/network-firewall/aws_networkfirewall_firewall_policy.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "network-firewall:DescribeFirewallPolicy"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/network-firewall/aws_networkfirewall_resource_policy.json b/src/mapping/aws/data/network-firewall/aws_networkfirewall_resource_policy.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "network-firewall:DescribeResourcePolicy"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/qldb/aws_qldb_ledger.json b/src/mapping/aws/data/qldb/aws_qldb_ledger.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "qldb:DescribeLedger"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/redshift-serverless/awas_redshiftserverless_namespace.json b/src/mapping/aws/data/redshift-serverless/awas_redshiftserverless_namespace.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "redshift-serverless:ListNamespaces"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/redshift-serverless/awas_redshiftserverless_workgroups.json b/src/mapping/aws/data/redshift-serverless/awas_redshiftserverless_workgroups.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "redshift-serverless:ListWorkgroups"
+    ]
+  }
+]
diff --git a/src/mapping/aws/resource/network-firewall/aws_networkfirewall_resource_policy.json b/src/mapping/aws/resource/network-firewall/aws_networkfirewall_resource_policy.json
@@ -0,0 +1,19 @@
+[
+  {
+    "apply": [
+      "network-firewall:PutResourcePolicy",
+      "network-firewall:DescribeResourcePolicy",
+      "network-firewall:DeleteResourcePolicy"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "network-firewall:DeleteResourcePolicy"
+    ],
+    "modify": [],
+    "plan": [
+      "network-firewall:DescribeResourcePolicy"
+    ]
+  }
+]
diff --git a/terraform/aws/backup/aws_networkfirewall_resource_policy.tf b/terraform/aws/backup/aws_networkfirewall_resource_policy.tf
@@ -0,0 +1,23 @@
+resource "aws_networkfirewall_resource_policy" "pike" {
+  resource_arn = aws_networkfirewall_firewall_policy.pike.arn
+  # policy's Action element must include all of the following operations
+  policy = jsonencode({
+    Statement = [{
+      Action = [
+        "network-firewall:ListFirewallPolicies",
+        "network-firewall:CreateFirewall",
+        "network-firewall:UpdateFirewall",
+        "network-firewall:AssociateFirewallPolicy"
+      ]
+      Effect   = "Allow"
+      Resource = aws_networkfirewall_firewall_policy.pike.arn
+      Principal = {
+        AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+      }
+    }]
+    Version = "2012-10-17"
+  })
+
+}
+
+data "aws_caller_identity" "current" {}
diff --git a/terraform/aws/backup/data.aws_licensemanager_grants.tf b/terraform/aws/backup/data.aws_licensemanager_grants.tf
@@ -0,0 +1,5 @@
+data "aws_licensemanager_grants" "pike" {}
+
+output "grants" {
+  value = data.aws_licensemanager_grants.pike
+}
diff --git a/terraform/aws/backup/data.aws_licensemanager_received_license.tf b/terraform/aws/backup/data.aws_licensemanager_received_license.tf
@@ -0,0 +1,7 @@
+data "aws_licensemanager_received_license" "pike" {
+  license_arn = "arn:aws:license-manager::680235478471:license:l-1534f5bfb27f41bc8ad622b95e20e39d"
+}
+
+output "licence" {
+  value = data.aws_licensemanager_received_license.pike
+}
diff --git a/terraform/aws/backup/data.aws_licensemanager_received_licenses.tf b/terraform/aws/backup/data.aws_licensemanager_received_licenses.tf
@@ -0,0 +1,5 @@
+data "aws_licensemanager_received_licenses" "pike" {}
+
+output "licences" {
+  value = data.aws_licensemanager_received_licenses.pike
+}
diff --git a/terraform/aws/backup/data.aws_networkfirewall_firewall.tf b/terraform/aws/backup/data.aws_networkfirewall_firewall.tf
@@ -0,0 +1,3 @@
+data "aws_networkfirewall_firewall" "pike" {
+  name = "pike"
+}
diff --git a/terraform/aws/backup/data.aws_networkfirewall_firewall_policy.tf b/terraform/aws/backup/data.aws_networkfirewall_firewall_policy.tf
@@ -0,0 +1,3 @@
+data "aws_networkfirewall_firewall_policy" "pike" {
+  name = "pike"
+}
diff --git a/terraform/aws/backup/data.aws_networkfirewall_resource_policy.tf b/terraform/aws/backup/data.aws_networkfirewall_resource_policy.tf
@@ -0,0 +1,63 @@
+data "aws_networkfirewall_resource_policy" "pike" {
+  resource_arn = aws_networkfirewall_resource_policy.example.resource_arn
+}
+#
+#resource "aws_networkfirewall_resource_policy" "example" {
+#  resource_arn = aws_networkfirewall_firewall_policy.example.arn
+#  # policy's Action element must include all of the following operations
+#  policy = jsonencode({
+#    Statement = [{
+#      Action = [
+#        "network-firewall:ListFirewallPolicies",
+#        "network-firewall:CreateFirewall",
+#        "network-firewall:UpdateFirewall",
+#        "network-firewall:AssociateFirewallPolicy"
+#      ]
+#      Effect   = "Allow"
+#      Resource = aws_networkfirewall_firewall_policy.example.arn
+#      Principal = {
+#        AWS = "arn:aws:iam::123456789012:root"
+#      }
+#    }]
+#    Version = "2012-10-17"
+#  })
+#}
+#
+#resource "aws_networkfirewall_firewall_policy" "example" {
+#  name = "example"
+#
+#  firewall_policy {
+#    stateless_default_actions          = ["aws:pass"]
+#    stateless_fragment_default_actions = ["aws:drop"]
+#    stateless_rule_group_reference {
+#      priority     = 1
+#      resource_arn = aws_networkfirewall_rule_group.example.arn
+#    }
+#  }
+#
+#  tags = {
+#    Tag1 = "Value1"
+#    Tag2 = "Value2"
+#  }
+#}
+#
+#
+#resource "aws_networkfirewall_rule_group" "example" {
+#  capacity = 100
+#  name     = "example"
+#  type     = "STATEFUL"
+#  rule_group {
+#    rules_source {
+#      rules_source_list {
+#        generated_rules_type = "DENYLIST"
+#        target_types         = ["HTTP_HOST"]
+#        targets              = ["test.example.com"]
+#      }
+#    }
+#  }
+#
+#  tags = {
+#    Tag1 = "Value1"
+#    Tag2 = "Value2"
+#  }
+#}
diff --git a/terraform/aws/backup/data.aws_qldb_ledger.tf b/terraform/aws/backup/data.aws_qldb_ledger.tf
@@ -0,0 +1,3 @@
+data "aws_qldb_ledger" "pike" {
+  name = "pike"
+}
diff --git a/terraform/aws/backup/data.aws_redshiftserverless_namespace.tf b/terraform/aws/backup/data.aws_redshiftserverless_namespace.tf
@@ -0,0 +1,3 @@
+data "aws_redshiftserverless_namespace" "pike" {
+  namespace_name = "pike"
+}
diff --git a/terraform/aws/backup/data.aws_redshiftserverless_workgroup.tf b/terraform/aws/backup/data.aws_redshiftserverless_workgroup.tf
@@ -0,0 +1,3 @@
+data "aws_redshiftserverless_workgroup" "pike" {
+  workgroup_name = "pike"
+}
diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf
@@ -7,27 +7,37 @@ resource "aws_iam_policy" "basic" {
         "Sid" : "0",
         "Effect" : "Allow",
         "Action" : [
-          //aws_ssmincidents_replication_set
-          "ssm-incidents:ListReplicationSets",
-          //aws_resourcegroupstaggingapi_resources
-          "tag:GetResources",
-          //aws_ram_resource_share
-          "ram:GetResourceShares",
-          //aws_mskconnect_worker_configuration
-          "kafkaconnect:ListWorkerConfigurations",
-          //aws_mskconnect_custom_plugin
-          "kafkaconnect:ListCustomPlugins",
-          //aws_mskconnect_connector
-          "kafkaconnect:ListConnectors",
-          //aws_msk_vpc_connection
-          "kafka:DescribeVpcConnection",
-          //aws_serverlessapplicationrepository_application
-          "serverlessrepo:GetApplication",
-          //aws_signer_signing_profile
-          "Signer:GetSigningProfile",
-          //aws_signer_signing_job
-          "Signer:DescribeSigningJob"
 
+          #          //aws_networkfirewall_firewall_policy
+          #          "network-firewall:DescribeFirewallPolicy",
+          #          //aws_networkfirewall_firewall
+          #          "network-firewall:DescribeFirewall",
+          #          //aws_licensemanager_received_licenses, aws_licensemanager_received_license
+          #          "license-manager:ListReceivedLicenses",
+          #          //aws_licensemanager_grants
+          #          "license-manager:ListDistributedGrants"
+
+          //aws_networkfirewall_rule_group
+          "network-firewall:CreateRuleGroup",
+          "network-firewall:DescribeRuleGroup",
+          "network-firewall:DeleteRuleGroup",
+          "network-firewall:TagResource",
+          "network-firewall:UntagResource",
+          "network-firewall:UpdateRuleGroup",
+
+          //aws_networkfirewall_firewall_policy
+          "network-firewall:CreateFirewallPolicy",
+          "network-firewall:TagResource",
+          "network-firewall:UntagResource",
+          "network-firewall:ListRuleGroups",
+          "network-firewall:DescribeFirewallPolicy",
+          "network-firewall:DeleteFirewallPolicy",
+          "network-firewall:UpdateFirewallPolicy",
+
+          //aws_networkfirewall_resource_policy
+          "network-firewall:PutResourcePolicy",
+          "network-firewall:DescribeResourcePolicy",
+          "network-firewall:DeleteResourcePolicy"
         ],
         "Resource" : "*",
       }