From 4288779d0fb2dcc8d347d755d9d9cc1aad3b50e8 Mon Sep 17 00:00:00 2001 From: vjeffrey Date: Thu, 9 May 2024 07:51:19 -0600 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20aws=20ec2=20eips,=20vpc=20natgatewa?= =?UTF-8?q?ys,=20vpc=20peering=20conn,=20service=20endpoints=20(#3929)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/actions/spelling/expect.txt | 2 + providers/aws/resources/aws.lr | 128 +++ providers/aws/resources/aws.lr.go | 1056 ++++++++++++++++++ providers/aws/resources/aws.lr.manifest.yaml | 145 +++ providers/aws/resources/aws_ec2.go | 139 +++ providers/aws/resources/aws_vpc.go | 379 +++++++ 6 files changed, 1849 insertions(+) diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index eab7616298..2e79d115fd 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -22,6 +22,7 @@ dfw DIRECTORYID dlq dlv +eip ekm elbv exo @@ -50,6 +51,7 @@ messagestoragepolicy mfs mgroup Mpim +natgateway nodepool nullgroup nullstring diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr index 76125818c7..4bccc3e064 100644 --- a/providers/aws/resources/aws.lr +++ b/providers/aws/resources/aws.lr @@ -63,6 +63,12 @@ private aws.vpc @defaults("id isDefault cidrBlock region") { subnets() []aws.vpc.subnet // Tags on the VPC tags map[string]string + // NAT gateways + natGateways() []aws.vpc.natgateway + // List of service endpoints associated with the VPC + serviceEndpoints() []aws.vpc.serviceEndpoint + // List of peering connections associated with the VPC + peeringConnections() []aws.vpc.peeringConnection } // Amazon Virtual Private Cloud (VPC) route table @@ -2257,6 +2263,128 @@ aws.ec2 { networkAcls() []aws.ec2.networkacl // List of keypairs for the account keypairs() []aws.ec2.keypair + // List of Elastic IPs (EIPs) + eips() []aws.ec2.eip +} + +// Amazon Elastic IP (EIP) +private aws.ec2.eip { + // Public IP address of the EIP + publicIp string + // Whether the Elastic IP is associated with an instance (false if no allocationId is present) + attached bool + // Ec2 instance associated with the EIP + instance() aws.ec2.instance + // ID of the network interface + networkInterfaceId string + // ID of the network interface owner + networkInterfaceOwnerId string + // Private IP address for the EIP + privateIpAddress string + // IPv4 pool of the EIP + publicIpv4Pool string + // Tags for the EIP + tags map[string]string + // Region where the EIP is located + region string +} + +// Amazon VPC NAT Gateway +private aws.vpc.natgateway { + // Time when the gateway was created + createdAt time + // ID of the NAT gateway + natGatewayId string + // State of the NAT gateway (pending | failed | available | deleting | deleted) + state string + // Tags for the NAT gateway + tags map[string]string + // VPC associated with the NAT gateway + vpc() aws.vpc + // List of addresses associated with the NAT gateway + addresses []aws.vpc.natgateway.address +} + +// Amazon VPC NAT gateway address +private aws.vpc.natgateway.address { + // Allocation ID for the address + allocationId string + // Network interface ID for the address + networkInterfaceId string + // Private IP associated with the address + privateIp string + // EIP associated with the address + publicIp() aws.ec2.eip // AllocationId can get us back to the actual EIP + // Whether this is the primary address for the NAT gateway + isPrimary bool +} + +// Amazon VPC Service Endpoint +private aws.vpc.serviceEndpoint { + // True if acceptance required + acceptanceRequired bool + // List of availability zones for the service endpoint + availabilityZones []string + // List of base endpoint DNS names for the service endpoint + dnsNames []string + // Service ID + id string + // Whether the service endpoint manages VPC endpoints + managesVpcEndpoints bool + // Service name + name string + // Service owner + owner string + // Service payer responsibility + payerResponsibility string + // Service private DNS name verification state + privateDnsNameVerificationState string + // List of service private DNS names + privateDnsNames []string + // Tags for the service endpoint + tags map[string]string + // Service type + type string + // Whether the service supports VPC endpoint policy + vpcEndpointPolicySupported bool +} + +// Amazon VPC Peering Connection +private aws.vpc.peeringConnection { + // VPC for the peering connection acceptor + acceptorVpc() aws.vpc.peeringConnection.peeringVpc + // Expiration time for the peering connection + expirationTime time + // ID of the peering connection + id string + // VPC for the peering connection requestor + requestorVpc() aws.vpc.peeringConnection.peeringVpc + // Status of the peering connection + status string + // Tags for the peering connection + tags map[string]string +} + +// Amazon VPC Peering Connection Peering VPC +private aws.vpc.peeringConnection.peeringVpc { + // Whether DNS resolution from the remote VPC is allowed + allowDnsResolutionFromRemoteVpc bool + // Whether egress is allowed from a local classic link to the remote VPC + allowEgressFromLocalClassicLinkToRemoteVpc bool + // Whether egress is allowed from a local VPC to a classic link + allowEgressFromLocalVpcToRemoteClassicLink bool + // List of IPv4 CIDR blocks for peering connection + ipv4CiderBlocks []string + // List of IPv6 CIDR blocks for peering connection + ipv6CiderBlocks []string + // Owner ID of the peering connection + ownerID string + // Region of the peering connection + region string + // VPC associated with the peering connection (populated if it's in the same account) + vpc() aws.vpc + // ID of the VPC associated with the peering connection + vpcId string } // Amazon EC2 network ACL diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go index 48f2ada6ea..61b370b985 100644 --- a/providers/aws/resources/aws.lr.go +++ b/providers/aws/resources/aws.lr.go @@ -562,6 +562,30 @@ func init() { // to override args, implement: initAwsEc2(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createAwsEc2, }, + "aws.ec2.eip": { + Init: initAwsEc2Eip, + Create: createAwsEc2Eip, + }, + "aws.vpc.natgateway": { + // to override args, implement: initAwsVpcNatgateway(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createAwsVpcNatgateway, + }, + "aws.vpc.natgateway.address": { + // to override args, implement: initAwsVpcNatgatewayAddress(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createAwsVpcNatgatewayAddress, + }, + "aws.vpc.serviceEndpoint": { + // to override args, implement: initAwsVpcServiceEndpoint(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createAwsVpcServiceEndpoint, + }, + "aws.vpc.peeringConnection": { + // to override args, implement: initAwsVpcPeeringConnection(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createAwsVpcPeeringConnection, + }, + "aws.vpc.peeringConnection.peeringVpc": { + // to override args, implement: initAwsVpcPeeringConnectionPeeringVpc(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createAwsVpcPeeringConnectionPeeringVpc, + }, "aws.ec2.networkacl": { // to override args, implement: initAwsEc2Networkacl(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createAwsEc2Networkacl, @@ -797,6 +821,15 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "aws.vpc.tags": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsVpc).GetTags()).ToDataRes(types.Map(types.String, types.String)) }, + "aws.vpc.natGateways": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpc).GetNatGateways()).ToDataRes(types.Array(types.Resource("aws.vpc.natgateway"))) + }, + "aws.vpc.serviceEndpoints": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpc).GetServiceEndpoints()).ToDataRes(types.Array(types.Resource("aws.vpc.serviceEndpoint"))) + }, + "aws.vpc.peeringConnections": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpc).GetPeeringConnections()).ToDataRes(types.Array(types.Resource("aws.vpc.peeringConnection"))) + }, "aws.vpc.routetable.id": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsVpcRoutetable).GetId()).ToDataRes(types.String) }, @@ -3281,6 +3314,153 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "aws.ec2.keypairs": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsEc2).GetKeypairs()).ToDataRes(types.Array(types.Resource("aws.ec2.keypair"))) }, + "aws.ec2.eips": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2).GetEips()).ToDataRes(types.Array(types.Resource("aws.ec2.eip"))) + }, + "aws.ec2.eip.publicIp": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Eip).GetPublicIp()).ToDataRes(types.String) + }, + "aws.ec2.eip.attached": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Eip).GetAttached()).ToDataRes(types.Bool) + }, + "aws.ec2.eip.instance": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Eip).GetInstance()).ToDataRes(types.Resource("aws.ec2.instance")) + }, + "aws.ec2.eip.networkInterfaceId": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Eip).GetNetworkInterfaceId()).ToDataRes(types.String) + }, + "aws.ec2.eip.networkInterfaceOwnerId": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Eip).GetNetworkInterfaceOwnerId()).ToDataRes(types.String) + }, + "aws.ec2.eip.privateIpAddress": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Eip).GetPrivateIpAddress()).ToDataRes(types.String) + }, + "aws.ec2.eip.publicIpv4Pool": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Eip).GetPublicIpv4Pool()).ToDataRes(types.String) + }, + "aws.ec2.eip.tags": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Eip).GetTags()).ToDataRes(types.Map(types.String, types.String)) + }, + "aws.ec2.eip.region": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Eip).GetRegion()).ToDataRes(types.String) + }, + "aws.vpc.natgateway.createdAt": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgateway).GetCreatedAt()).ToDataRes(types.Time) + }, + "aws.vpc.natgateway.natGatewayId": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgateway).GetNatGatewayId()).ToDataRes(types.String) + }, + "aws.vpc.natgateway.state": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgateway).GetState()).ToDataRes(types.String) + }, + "aws.vpc.natgateway.tags": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgateway).GetTags()).ToDataRes(types.Map(types.String, types.String)) + }, + "aws.vpc.natgateway.vpc": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgateway).GetVpc()).ToDataRes(types.Resource("aws.vpc")) + }, + "aws.vpc.natgateway.addresses": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgateway).GetAddresses()).ToDataRes(types.Array(types.Resource("aws.vpc.natgateway.address"))) + }, + "aws.vpc.natgateway.address.allocationId": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgatewayAddress).GetAllocationId()).ToDataRes(types.String) + }, + "aws.vpc.natgateway.address.networkInterfaceId": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgatewayAddress).GetNetworkInterfaceId()).ToDataRes(types.String) + }, + "aws.vpc.natgateway.address.privateIp": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgatewayAddress).GetPrivateIp()).ToDataRes(types.String) + }, + "aws.vpc.natgateway.address.publicIp": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgatewayAddress).GetPublicIp()).ToDataRes(types.Resource("aws.ec2.eip")) + }, + "aws.vpc.natgateway.address.isPrimary": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcNatgatewayAddress).GetIsPrimary()).ToDataRes(types.Bool) + }, + "aws.vpc.serviceEndpoint.acceptanceRequired": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetAcceptanceRequired()).ToDataRes(types.Bool) + }, + "aws.vpc.serviceEndpoint.availabilityZones": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetAvailabilityZones()).ToDataRes(types.Array(types.String)) + }, + "aws.vpc.serviceEndpoint.dnsNames": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetDnsNames()).ToDataRes(types.Array(types.String)) + }, + "aws.vpc.serviceEndpoint.id": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetId()).ToDataRes(types.String) + }, + "aws.vpc.serviceEndpoint.managesVpcEndpoints": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetManagesVpcEndpoints()).ToDataRes(types.Bool) + }, + "aws.vpc.serviceEndpoint.name": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetName()).ToDataRes(types.String) + }, + "aws.vpc.serviceEndpoint.owner": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetOwner()).ToDataRes(types.String) + }, + "aws.vpc.serviceEndpoint.payerResponsibility": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetPayerResponsibility()).ToDataRes(types.String) + }, + "aws.vpc.serviceEndpoint.privateDnsNameVerificationState": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetPrivateDnsNameVerificationState()).ToDataRes(types.String) + }, + "aws.vpc.serviceEndpoint.privateDnsNames": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetPrivateDnsNames()).ToDataRes(types.Array(types.String)) + }, + "aws.vpc.serviceEndpoint.tags": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetTags()).ToDataRes(types.Map(types.String, types.String)) + }, + "aws.vpc.serviceEndpoint.type": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetType()).ToDataRes(types.String) + }, + "aws.vpc.serviceEndpoint.vpcEndpointPolicySupported": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcServiceEndpoint).GetVpcEndpointPolicySupported()).ToDataRes(types.Bool) + }, + "aws.vpc.peeringConnection.acceptorVpc": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnection).GetAcceptorVpc()).ToDataRes(types.Resource("aws.vpc.peeringConnection.peeringVpc")) + }, + "aws.vpc.peeringConnection.expirationTime": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnection).GetExpirationTime()).ToDataRes(types.Time) + }, + "aws.vpc.peeringConnection.id": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnection).GetId()).ToDataRes(types.String) + }, + "aws.vpc.peeringConnection.requestorVpc": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnection).GetRequestorVpc()).ToDataRes(types.Resource("aws.vpc.peeringConnection.peeringVpc")) + }, + "aws.vpc.peeringConnection.status": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnection).GetStatus()).ToDataRes(types.String) + }, + "aws.vpc.peeringConnection.tags": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnection).GetTags()).ToDataRes(types.Map(types.String, types.String)) + }, + "aws.vpc.peeringConnection.peeringVpc.allowDnsResolutionFromRemoteVpc": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnectionPeeringVpc).GetAllowDnsResolutionFromRemoteVpc()).ToDataRes(types.Bool) + }, + "aws.vpc.peeringConnection.peeringVpc.allowEgressFromLocalClassicLinkToRemoteVpc": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnectionPeeringVpc).GetAllowEgressFromLocalClassicLinkToRemoteVpc()).ToDataRes(types.Bool) + }, + "aws.vpc.peeringConnection.peeringVpc.allowEgressFromLocalVpcToRemoteClassicLink": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnectionPeeringVpc).GetAllowEgressFromLocalVpcToRemoteClassicLink()).ToDataRes(types.Bool) + }, + "aws.vpc.peeringConnection.peeringVpc.ipv4CiderBlocks": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnectionPeeringVpc).GetIpv4CiderBlocks()).ToDataRes(types.Array(types.String)) + }, + "aws.vpc.peeringConnection.peeringVpc.ipv6CiderBlocks": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnectionPeeringVpc).GetIpv6CiderBlocks()).ToDataRes(types.Array(types.String)) + }, + "aws.vpc.peeringConnection.peeringVpc.ownerID": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnectionPeeringVpc).GetOwnerID()).ToDataRes(types.String) + }, + "aws.vpc.peeringConnection.peeringVpc.region": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnectionPeeringVpc).GetRegion()).ToDataRes(types.String) + }, + "aws.vpc.peeringConnection.peeringVpc.vpc": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnectionPeeringVpc).GetVpc()).ToDataRes(types.Resource("aws.vpc")) + }, + "aws.vpc.peeringConnection.peeringVpc.vpcId": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsVpcPeeringConnectionPeeringVpc).GetVpcId()).ToDataRes(types.String) + }, "aws.ec2.networkacl.arn": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsEc2Networkacl).GetArn()).ToDataRes(types.String) }, @@ -3936,6 +4116,18 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAwsVpc).Tags, ok = plugin.RawToTValue[map[string]interface{}](v.Value, v.Error) return }, + "aws.vpc.natGateways": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpc).NatGateways, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoints": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpc).ServiceEndpoints, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnections": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpc).PeeringConnections, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, "aws.vpc.routetable.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsVpcRoutetable).__id, ok = v.Value.(string) return @@ -7776,6 +7968,226 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAwsEc2).Keypairs, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return }, + "aws.ec2.eips": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2).Eips, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.ec2.eip.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).__id, ok = v.Value.(string) + return + }, + "aws.ec2.eip.publicIp": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).PublicIp, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.ec2.eip.attached": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).Attached, ok = plugin.RawToTValue[bool](v.Value, v.Error) + return + }, + "aws.ec2.eip.instance": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).Instance, ok = plugin.RawToTValue[*mqlAwsEc2Instance](v.Value, v.Error) + return + }, + "aws.ec2.eip.networkInterfaceId": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).NetworkInterfaceId, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.ec2.eip.networkInterfaceOwnerId": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).NetworkInterfaceOwnerId, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.ec2.eip.privateIpAddress": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).PrivateIpAddress, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.ec2.eip.publicIpv4Pool": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).PublicIpv4Pool, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.ec2.eip.tags": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).Tags, ok = plugin.RawToTValue[map[string]interface{}](v.Value, v.Error) + return + }, + "aws.ec2.eip.region": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Eip).Region, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgateway).__id, ok = v.Value.(string) + return + }, + "aws.vpc.natgateway.createdAt": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgateway).CreatedAt, ok = plugin.RawToTValue[*time.Time](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.natGatewayId": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgateway).NatGatewayId, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.state": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgateway).State, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.tags": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgateway).Tags, ok = plugin.RawToTValue[map[string]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.vpc": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgateway).Vpc, ok = plugin.RawToTValue[*mqlAwsVpc](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.addresses": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgateway).Addresses, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.address.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgatewayAddress).__id, ok = v.Value.(string) + return + }, + "aws.vpc.natgateway.address.allocationId": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgatewayAddress).AllocationId, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.address.networkInterfaceId": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgatewayAddress).NetworkInterfaceId, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.address.privateIp": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgatewayAddress).PrivateIp, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.address.publicIp": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgatewayAddress).PublicIp, ok = plugin.RawToTValue[*mqlAwsEc2Eip](v.Value, v.Error) + return + }, + "aws.vpc.natgateway.address.isPrimary": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcNatgatewayAddress).IsPrimary, ok = plugin.RawToTValue[bool](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).__id, ok = v.Value.(string) + return + }, + "aws.vpc.serviceEndpoint.acceptanceRequired": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).AcceptanceRequired, ok = plugin.RawToTValue[bool](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.availabilityZones": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).AvailabilityZones, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.dnsNames": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).DnsNames, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).Id, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.managesVpcEndpoints": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).ManagesVpcEndpoints, ok = plugin.RawToTValue[bool](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.name": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).Name, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.owner": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).Owner, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.payerResponsibility": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).PayerResponsibility, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.privateDnsNameVerificationState": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).PrivateDnsNameVerificationState, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.privateDnsNames": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).PrivateDnsNames, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.tags": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).Tags, ok = plugin.RawToTValue[map[string]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.type": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).Type, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.serviceEndpoint.vpcEndpointPolicySupported": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcServiceEndpoint).VpcEndpointPolicySupported, ok = plugin.RawToTValue[bool](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnection).__id, ok = v.Value.(string) + return + }, + "aws.vpc.peeringConnection.acceptorVpc": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnection).AcceptorVpc, ok = plugin.RawToTValue[*mqlAwsVpcPeeringConnectionPeeringVpc](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.expirationTime": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnection).ExpirationTime, ok = plugin.RawToTValue[*time.Time](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnection).Id, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.requestorVpc": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnection).RequestorVpc, ok = plugin.RawToTValue[*mqlAwsVpcPeeringConnectionPeeringVpc](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.status": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnection).Status, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.tags": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnection).Tags, ok = plugin.RawToTValue[map[string]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.peeringVpc.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).__id, ok = v.Value.(string) + return + }, + "aws.vpc.peeringConnection.peeringVpc.allowDnsResolutionFromRemoteVpc": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).AllowDnsResolutionFromRemoteVpc, ok = plugin.RawToTValue[bool](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.peeringVpc.allowEgressFromLocalClassicLinkToRemoteVpc": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).AllowEgressFromLocalClassicLinkToRemoteVpc, ok = plugin.RawToTValue[bool](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.peeringVpc.allowEgressFromLocalVpcToRemoteClassicLink": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).AllowEgressFromLocalVpcToRemoteClassicLink, ok = plugin.RawToTValue[bool](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.peeringVpc.ipv4CiderBlocks": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).Ipv4CiderBlocks, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.peeringVpc.ipv6CiderBlocks": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).Ipv6CiderBlocks, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.peeringVpc.ownerID": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).OwnerID, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.peeringVpc.region": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).Region, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.peeringVpc.vpc": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).Vpc, ok = plugin.RawToTValue[*mqlAwsVpc](v.Value, v.Error) + return + }, + "aws.vpc.peeringConnection.peeringVpc.vpcId": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsVpcPeeringConnectionPeeringVpc).VpcId, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "aws.ec2.networkacl.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsEc2Networkacl).__id, ok = v.Value.(string) return @@ -8840,6 +9252,9 @@ type mqlAwsVpc struct { RouteTables plugin.TValue[[]interface{}] Subnets plugin.TValue[[]interface{}] Tags plugin.TValue[map[string]interface{}] + NatGateways plugin.TValue[[]interface{}] + ServiceEndpoints plugin.TValue[[]interface{}] + PeeringConnections plugin.TValue[[]interface{}] } // createAwsVpc creates a new instance of this resource @@ -8975,6 +9390,54 @@ func (c *mqlAwsVpc) GetTags() *plugin.TValue[map[string]interface{}] { return &c.Tags } +func (c *mqlAwsVpc) GetNatGateways() *plugin.TValue[[]interface{}] { + return plugin.GetOrCompute[[]interface{}](&c.NatGateways, func() ([]interface{}, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.vpc", c.__id, "natGateways") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.([]interface{}), nil + } + } + + return c.natGateways() + }) +} + +func (c *mqlAwsVpc) GetServiceEndpoints() *plugin.TValue[[]interface{}] { + return plugin.GetOrCompute[[]interface{}](&c.ServiceEndpoints, func() ([]interface{}, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.vpc", c.__id, "serviceEndpoints") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.([]interface{}), nil + } + } + + return c.serviceEndpoints() + }) +} + +func (c *mqlAwsVpc) GetPeeringConnections() *plugin.TValue[[]interface{}] { + return plugin.GetOrCompute[[]interface{}](&c.PeeringConnections, func() ([]interface{}, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.vpc", c.__id, "peeringConnections") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.([]interface{}), nil + } + } + + return c.peeringConnections() + }) +} + // mqlAwsVpcRoutetable for the aws.vpc.routetable resource type mqlAwsVpcRoutetable struct { MqlRuntime *plugin.Runtime @@ -19986,6 +20449,7 @@ type mqlAwsEc2 struct { VpnConnections plugin.TValue[[]interface{}] NetworkAcls plugin.TValue[[]interface{}] Keypairs plugin.TValue[[]interface{}] + Eips plugin.TValue[[]interface{}] } // createAwsEc2 creates a new instance of this resource @@ -20159,6 +20623,598 @@ func (c *mqlAwsEc2) GetKeypairs() *plugin.TValue[[]interface{}] { }) } +func (c *mqlAwsEc2) GetEips() *plugin.TValue[[]interface{}] { + return plugin.GetOrCompute[[]interface{}](&c.Eips, func() ([]interface{}, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.ec2", c.__id, "eips") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.([]interface{}), nil + } + } + + return c.eips() + }) +} + +// mqlAwsEc2Eip for the aws.ec2.eip resource +type mqlAwsEc2Eip struct { + MqlRuntime *plugin.Runtime + __id string + mqlAwsEc2EipInternal + PublicIp plugin.TValue[string] + Attached plugin.TValue[bool] + Instance plugin.TValue[*mqlAwsEc2Instance] + NetworkInterfaceId plugin.TValue[string] + NetworkInterfaceOwnerId plugin.TValue[string] + PrivateIpAddress plugin.TValue[string] + PublicIpv4Pool plugin.TValue[string] + Tags plugin.TValue[map[string]interface{}] + Region plugin.TValue[string] +} + +// createAwsEc2Eip creates a new instance of this resource +func createAwsEc2Eip(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlAwsEc2Eip{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + if res.__id == "" { + res.__id, err = res.id() + if err != nil { + return nil, err + } + } + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("aws.ec2.eip", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlAwsEc2Eip) MqlName() string { + return "aws.ec2.eip" +} + +func (c *mqlAwsEc2Eip) MqlID() string { + return c.__id +} + +func (c *mqlAwsEc2Eip) GetPublicIp() *plugin.TValue[string] { + return &c.PublicIp +} + +func (c *mqlAwsEc2Eip) GetAttached() *plugin.TValue[bool] { + return &c.Attached +} + +func (c *mqlAwsEc2Eip) GetInstance() *plugin.TValue[*mqlAwsEc2Instance] { + return plugin.GetOrCompute[*mqlAwsEc2Instance](&c.Instance, func() (*mqlAwsEc2Instance, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.ec2.eip", c.__id, "instance") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.(*mqlAwsEc2Instance), nil + } + } + + return c.instance() + }) +} + +func (c *mqlAwsEc2Eip) GetNetworkInterfaceId() *plugin.TValue[string] { + return &c.NetworkInterfaceId +} + +func (c *mqlAwsEc2Eip) GetNetworkInterfaceOwnerId() *plugin.TValue[string] { + return &c.NetworkInterfaceOwnerId +} + +func (c *mqlAwsEc2Eip) GetPrivateIpAddress() *plugin.TValue[string] { + return &c.PrivateIpAddress +} + +func (c *mqlAwsEc2Eip) GetPublicIpv4Pool() *plugin.TValue[string] { + return &c.PublicIpv4Pool +} + +func (c *mqlAwsEc2Eip) GetTags() *plugin.TValue[map[string]interface{}] { + return &c.Tags +} + +func (c *mqlAwsEc2Eip) GetRegion() *plugin.TValue[string] { + return &c.Region +} + +// mqlAwsVpcNatgateway for the aws.vpc.natgateway resource +type mqlAwsVpcNatgateway struct { + MqlRuntime *plugin.Runtime + __id string + mqlAwsVpcNatgatewayInternal + CreatedAt plugin.TValue[*time.Time] + NatGatewayId plugin.TValue[string] + State plugin.TValue[string] + Tags plugin.TValue[map[string]interface{}] + Vpc plugin.TValue[*mqlAwsVpc] + Addresses plugin.TValue[[]interface{}] +} + +// createAwsVpcNatgateway creates a new instance of this resource +func createAwsVpcNatgateway(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlAwsVpcNatgateway{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + if res.__id == "" { + res.__id, err = res.id() + if err != nil { + return nil, err + } + } + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("aws.vpc.natgateway", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlAwsVpcNatgateway) MqlName() string { + return "aws.vpc.natgateway" +} + +func (c *mqlAwsVpcNatgateway) MqlID() string { + return c.__id +} + +func (c *mqlAwsVpcNatgateway) GetCreatedAt() *plugin.TValue[*time.Time] { + return &c.CreatedAt +} + +func (c *mqlAwsVpcNatgateway) GetNatGatewayId() *plugin.TValue[string] { + return &c.NatGatewayId +} + +func (c *mqlAwsVpcNatgateway) GetState() *plugin.TValue[string] { + return &c.State +} + +func (c *mqlAwsVpcNatgateway) GetTags() *plugin.TValue[map[string]interface{}] { + return &c.Tags +} + +func (c *mqlAwsVpcNatgateway) GetVpc() *plugin.TValue[*mqlAwsVpc] { + return plugin.GetOrCompute[*mqlAwsVpc](&c.Vpc, func() (*mqlAwsVpc, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.vpc.natgateway", c.__id, "vpc") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.(*mqlAwsVpc), nil + } + } + + return c.vpc() + }) +} + +func (c *mqlAwsVpcNatgateway) GetAddresses() *plugin.TValue[[]interface{}] { + return &c.Addresses +} + +// mqlAwsVpcNatgatewayAddress for the aws.vpc.natgateway.address resource +type mqlAwsVpcNatgatewayAddress struct { + MqlRuntime *plugin.Runtime + __id string + mqlAwsVpcNatgatewayAddressInternal + AllocationId plugin.TValue[string] + NetworkInterfaceId plugin.TValue[string] + PrivateIp plugin.TValue[string] + PublicIp plugin.TValue[*mqlAwsEc2Eip] + IsPrimary plugin.TValue[bool] +} + +// createAwsVpcNatgatewayAddress creates a new instance of this resource +func createAwsVpcNatgatewayAddress(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlAwsVpcNatgatewayAddress{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + if res.__id == "" { + res.__id, err = res.id() + if err != nil { + return nil, err + } + } + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("aws.vpc.natgateway.address", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlAwsVpcNatgatewayAddress) MqlName() string { + return "aws.vpc.natgateway.address" +} + +func (c *mqlAwsVpcNatgatewayAddress) MqlID() string { + return c.__id +} + +func (c *mqlAwsVpcNatgatewayAddress) GetAllocationId() *plugin.TValue[string] { + return &c.AllocationId +} + +func (c *mqlAwsVpcNatgatewayAddress) GetNetworkInterfaceId() *plugin.TValue[string] { + return &c.NetworkInterfaceId +} + +func (c *mqlAwsVpcNatgatewayAddress) GetPrivateIp() *plugin.TValue[string] { + return &c.PrivateIp +} + +func (c *mqlAwsVpcNatgatewayAddress) GetPublicIp() *plugin.TValue[*mqlAwsEc2Eip] { + return plugin.GetOrCompute[*mqlAwsEc2Eip](&c.PublicIp, func() (*mqlAwsEc2Eip, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.vpc.natgateway.address", c.__id, "publicIp") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.(*mqlAwsEc2Eip), nil + } + } + + return c.publicIp() + }) +} + +func (c *mqlAwsVpcNatgatewayAddress) GetIsPrimary() *plugin.TValue[bool] { + return &c.IsPrimary +} + +// mqlAwsVpcServiceEndpoint for the aws.vpc.serviceEndpoint resource +type mqlAwsVpcServiceEndpoint struct { + MqlRuntime *plugin.Runtime + __id string + // optional: if you define mqlAwsVpcServiceEndpointInternal it will be used here + AcceptanceRequired plugin.TValue[bool] + AvailabilityZones plugin.TValue[[]interface{}] + DnsNames plugin.TValue[[]interface{}] + Id plugin.TValue[string] + ManagesVpcEndpoints plugin.TValue[bool] + Name plugin.TValue[string] + Owner plugin.TValue[string] + PayerResponsibility plugin.TValue[string] + PrivateDnsNameVerificationState plugin.TValue[string] + PrivateDnsNames plugin.TValue[[]interface{}] + Tags plugin.TValue[map[string]interface{}] + Type plugin.TValue[string] + VpcEndpointPolicySupported plugin.TValue[bool] +} + +// createAwsVpcServiceEndpoint creates a new instance of this resource +func createAwsVpcServiceEndpoint(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlAwsVpcServiceEndpoint{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + if res.__id == "" { + res.__id, err = res.id() + if err != nil { + return nil, err + } + } + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("aws.vpc.serviceEndpoint", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlAwsVpcServiceEndpoint) MqlName() string { + return "aws.vpc.serviceEndpoint" +} + +func (c *mqlAwsVpcServiceEndpoint) MqlID() string { + return c.__id +} + +func (c *mqlAwsVpcServiceEndpoint) GetAcceptanceRequired() *plugin.TValue[bool] { + return &c.AcceptanceRequired +} + +func (c *mqlAwsVpcServiceEndpoint) GetAvailabilityZones() *plugin.TValue[[]interface{}] { + return &c.AvailabilityZones +} + +func (c *mqlAwsVpcServiceEndpoint) GetDnsNames() *plugin.TValue[[]interface{}] { + return &c.DnsNames +} + +func (c *mqlAwsVpcServiceEndpoint) GetId() *plugin.TValue[string] { + return &c.Id +} + +func (c *mqlAwsVpcServiceEndpoint) GetManagesVpcEndpoints() *plugin.TValue[bool] { + return &c.ManagesVpcEndpoints +} + +func (c *mqlAwsVpcServiceEndpoint) GetName() *plugin.TValue[string] { + return &c.Name +} + +func (c *mqlAwsVpcServiceEndpoint) GetOwner() *plugin.TValue[string] { + return &c.Owner +} + +func (c *mqlAwsVpcServiceEndpoint) GetPayerResponsibility() *plugin.TValue[string] { + return &c.PayerResponsibility +} + +func (c *mqlAwsVpcServiceEndpoint) GetPrivateDnsNameVerificationState() *plugin.TValue[string] { + return &c.PrivateDnsNameVerificationState +} + +func (c *mqlAwsVpcServiceEndpoint) GetPrivateDnsNames() *plugin.TValue[[]interface{}] { + return &c.PrivateDnsNames +} + +func (c *mqlAwsVpcServiceEndpoint) GetTags() *plugin.TValue[map[string]interface{}] { + return &c.Tags +} + +func (c *mqlAwsVpcServiceEndpoint) GetType() *plugin.TValue[string] { + return &c.Type +} + +func (c *mqlAwsVpcServiceEndpoint) GetVpcEndpointPolicySupported() *plugin.TValue[bool] { + return &c.VpcEndpointPolicySupported +} + +// mqlAwsVpcPeeringConnection for the aws.vpc.peeringConnection resource +type mqlAwsVpcPeeringConnection struct { + MqlRuntime *plugin.Runtime + __id string + mqlAwsVpcPeeringConnectionInternal + AcceptorVpc plugin.TValue[*mqlAwsVpcPeeringConnectionPeeringVpc] + ExpirationTime plugin.TValue[*time.Time] + Id plugin.TValue[string] + RequestorVpc plugin.TValue[*mqlAwsVpcPeeringConnectionPeeringVpc] + Status plugin.TValue[string] + Tags plugin.TValue[map[string]interface{}] +} + +// createAwsVpcPeeringConnection creates a new instance of this resource +func createAwsVpcPeeringConnection(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlAwsVpcPeeringConnection{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + if res.__id == "" { + res.__id, err = res.id() + if err != nil { + return nil, err + } + } + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("aws.vpc.peeringConnection", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlAwsVpcPeeringConnection) MqlName() string { + return "aws.vpc.peeringConnection" +} + +func (c *mqlAwsVpcPeeringConnection) MqlID() string { + return c.__id +} + +func (c *mqlAwsVpcPeeringConnection) GetAcceptorVpc() *plugin.TValue[*mqlAwsVpcPeeringConnectionPeeringVpc] { + return plugin.GetOrCompute[*mqlAwsVpcPeeringConnectionPeeringVpc](&c.AcceptorVpc, func() (*mqlAwsVpcPeeringConnectionPeeringVpc, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.vpc.peeringConnection", c.__id, "acceptorVpc") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.(*mqlAwsVpcPeeringConnectionPeeringVpc), nil + } + } + + return c.acceptorVpc() + }) +} + +func (c *mqlAwsVpcPeeringConnection) GetExpirationTime() *plugin.TValue[*time.Time] { + return &c.ExpirationTime +} + +func (c *mqlAwsVpcPeeringConnection) GetId() *plugin.TValue[string] { + return &c.Id +} + +func (c *mqlAwsVpcPeeringConnection) GetRequestorVpc() *plugin.TValue[*mqlAwsVpcPeeringConnectionPeeringVpc] { + return plugin.GetOrCompute[*mqlAwsVpcPeeringConnectionPeeringVpc](&c.RequestorVpc, func() (*mqlAwsVpcPeeringConnectionPeeringVpc, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.vpc.peeringConnection", c.__id, "requestorVpc") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.(*mqlAwsVpcPeeringConnectionPeeringVpc), nil + } + } + + return c.requestorVpc() + }) +} + +func (c *mqlAwsVpcPeeringConnection) GetStatus() *plugin.TValue[string] { + return &c.Status +} + +func (c *mqlAwsVpcPeeringConnection) GetTags() *plugin.TValue[map[string]interface{}] { + return &c.Tags +} + +// mqlAwsVpcPeeringConnectionPeeringVpc for the aws.vpc.peeringConnection.peeringVpc resource +type mqlAwsVpcPeeringConnectionPeeringVpc struct { + MqlRuntime *plugin.Runtime + __id string + // optional: if you define mqlAwsVpcPeeringConnectionPeeringVpcInternal it will be used here + AllowDnsResolutionFromRemoteVpc plugin.TValue[bool] + AllowEgressFromLocalClassicLinkToRemoteVpc plugin.TValue[bool] + AllowEgressFromLocalVpcToRemoteClassicLink plugin.TValue[bool] + Ipv4CiderBlocks plugin.TValue[[]interface{}] + Ipv6CiderBlocks plugin.TValue[[]interface{}] + OwnerID plugin.TValue[string] + Region plugin.TValue[string] + Vpc plugin.TValue[*mqlAwsVpc] + VpcId plugin.TValue[string] +} + +// createAwsVpcPeeringConnectionPeeringVpc creates a new instance of this resource +func createAwsVpcPeeringConnectionPeeringVpc(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlAwsVpcPeeringConnectionPeeringVpc{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + if res.__id == "" { + res.__id, err = res.id() + if err != nil { + return nil, err + } + } + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("aws.vpc.peeringConnection.peeringVpc", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) MqlName() string { + return "aws.vpc.peeringConnection.peeringVpc" +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) MqlID() string { + return c.__id +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) GetAllowDnsResolutionFromRemoteVpc() *plugin.TValue[bool] { + return &c.AllowDnsResolutionFromRemoteVpc +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) GetAllowEgressFromLocalClassicLinkToRemoteVpc() *plugin.TValue[bool] { + return &c.AllowEgressFromLocalClassicLinkToRemoteVpc +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) GetAllowEgressFromLocalVpcToRemoteClassicLink() *plugin.TValue[bool] { + return &c.AllowEgressFromLocalVpcToRemoteClassicLink +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) GetIpv4CiderBlocks() *plugin.TValue[[]interface{}] { + return &c.Ipv4CiderBlocks +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) GetIpv6CiderBlocks() *plugin.TValue[[]interface{}] { + return &c.Ipv6CiderBlocks +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) GetOwnerID() *plugin.TValue[string] { + return &c.OwnerID +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) GetRegion() *plugin.TValue[string] { + return &c.Region +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) GetVpc() *plugin.TValue[*mqlAwsVpc] { + return plugin.GetOrCompute[*mqlAwsVpc](&c.Vpc, func() (*mqlAwsVpc, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("aws.vpc.peeringConnection.peeringVpc", c.__id, "vpc") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.(*mqlAwsVpc), nil + } + } + + return c.vpc() + }) +} + +func (c *mqlAwsVpcPeeringConnectionPeeringVpc) GetVpcId() *plugin.TValue[string] { + return &c.VpcId +} + // mqlAwsEc2Networkacl for the aws.ec2.networkacl resource type mqlAwsEc2Networkacl struct { MqlRuntime *plugin.Runtime diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml index b9d4935cd5..3077552869 100755 --- a/providers/aws/resources/aws.lr.manifest.yaml +++ b/providers/aws/resources/aws.lr.manifest.yaml @@ -898,6 +898,8 @@ resources: Use the `aws.ec2` resource to assess the configuration of AWS EC2 instances. fields: ebsEncryptionByDefault: {} + eips: + min_mondoo_version: 9.0.0 instances: {} internetGateways: {} keypairs: {} @@ -940,6 +942,22 @@ resources: ipPermissionsEgress.all(ipRanges.length == 0 && ipv6Ranges.length == 0 && fromPort == 0 && toPort == 0) } title: Ensure the default security group of every VPC restricts all traffic + aws.ec2.eip: + fields: + attached: {} + instance: {} + networkInterfaceId: {} + networkInterfaceOwnerId: {} + privateIpAddress: {} + publicIp: {} + publicIpv4Pool: {} + region: {} + tags: {} + is_private: true + min_mondoo_version: 9.0.0 + platform: + name: + - aws aws.ec2.image: docs: desc: | @@ -2588,8 +2606,14 @@ resources: instanceTenancy: min_mondoo_version: 9.0.0 isDefault: {} + natGateways: + min_mondoo_version: 9.0.0 + peeringConnections: + min_mondoo_version: 9.0.0 region: {} routeTables: {} + serviceEndpoints: + min_mondoo_version: 9.0.0 state: {} subnets: min_mondoo_version: 9.0.0 @@ -2640,6 +2664,88 @@ resources: platform: name: - aws + aws.vpc.natgateway: + fields: + addresses: {} + createdAt: {} + natGatewayId: {} + state: {} + subnet: {} + tags: {} + vpc: {} + is_private: true + min_mondoo_version: 9.0.0 + platform: + name: + - aws + aws.vpc.natgateway.address: + fields: + allocationId: {} + isPrimary: {} + networkInterfaceId: {} + privateIp: {} + publicIp: {} + is_private: true + min_mondoo_version: 9.0.0 + platform: + name: + - aws + aws.vpc.peeringConnection: + fields: + acceptorVpc: {} + expirationTime: {} + id: {} + requestorVpc: {} + status: {} + tags: {} + is_private: true + min_mondoo_version: 9.0.0 + platform: + name: + - aws + aws.vpc.peeringConnection.peeringVpc: + fields: + allowDnsResolutionFromRemoteVpc: {} + allowEgressFromLocalClassicLinkToRemoteVpc: {} + allowEgressFromLocalVpcToRemoteClassicLink: {} + ipv4CiderBlocks: {} + ipv6CiderBlocks: {} + ownerID: {} + region: {} + vpc: {} + vpcId: {} + is_private: true + min_mondoo_version: 9.0.0 + platform: + name: + - aws + aws.vpc.peeringconnection: + fields: + acceptorVpc: {} + expirationTime: {} + id: {} + requestorVpc: {} + status: {} + tags: {} + min_mondoo_version: 9.0.0 + platform: + name: + - aws + aws.vpc.peeringconnection.peeringvpc: + fields: + allowDnsResolutionFromRemoteVpc: {} + allowEgressFromLocalClassicLinkToRemoteVpc: {} + allowEgressFromLocalVpcToRemoteClassicLink: {} + ipv4CiderBlocks: {} + ipv6CiderBlocks: {} + ownerID: {} + region: {} + vpc: {} + vpcId: {} + min_mondoo_version: 9.0.0 + platform: + name: + - aws aws.vpc.routetable: fields: id: {} @@ -2651,6 +2757,45 @@ resources: platform: name: - aws + aws.vpc.serviceEndpoint: + fields: + acceptanceRequired: {} + availabilityZones: {} + dnsNames: {} + id: {} + managesVpcEndpoints: {} + name: {} + owner: {} + payerResponsibility: {} + privateDnsNameVerificationState: {} + privateDnsNames: {} + tags: {} + type: {} + vpcEndpointPolicySupported: {} + is_private: true + min_mondoo_version: 9.0.0 + platform: + name: + - aws + aws.vpc.serviceendpoint: + fields: + acceptanceRequired: {} + availabilityZones: {} + dnsNames: {} + id: {} + managesVpcEndpoints: {} + name: {} + owner: {} + payerResponsibility: {} + privateDnsNameVerificationState: {} + privateDnsNames: {} + tags: {} + type: {} + vpcEndpointPolicySupported: {} + min_mondoo_version: 9.0.0 + platform: + name: + - aws aws.vpc.subnet: fields: arn: {} diff --git a/providers/aws/resources/aws_ec2.go b/providers/aws/resources/aws_ec2.go index 8210c83a67..5dec51843f 100644 --- a/providers/aws/resources/aws_ec2.go +++ b/providers/aws/resources/aws_ec2.go @@ -45,6 +45,145 @@ func Ec2TagsToMap(tags []ec2types.Tag) map[string]interface{} { return tagsMap } +func initAwsEc2Eip(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) { + if len(args) > 2 { + return args, nil, nil + } + + if args["publicIp"] == nil { + return nil, nil, errors.New("publicIp required to fetch aws ec2 eip") + } + p := args["publicIp"].Value.(string) + + if args["region"] == nil { + return nil, nil, errors.New("region required to fetch aws ec2 eip") + } + r := args["region"].Value.(string) + + conn := runtime.Connection.(*connection.AwsConnection) + svc := conn.Ec2(r) + ctx := context.Background() + address, err := svc.DescribeAddresses(ctx, &ec2.DescribeAddressesInput{Filters: []ec2types.Filter{{Name: aws.String("public-ip"), Values: []string{p}}}}) + if err != nil { + return nil, nil, err + } + + if len(address.Addresses) > 0 { + add := address.Addresses[0] + attached := add.AllocationId != nil + args["publicIp"] = llx.StringDataPtr(add.PublicIp) + args["attached"] = llx.BoolData(attached) // this is false if allocationId is null and true otherwise + args["networkInterfaceId"] = llx.StringDataPtr(add.NetworkInterfaceId) + args["networkInterfaceOwnerId"] = llx.StringDataPtr(add.NetworkInterfaceOwnerId) + args["privateIpAddress"] = llx.StringDataPtr(add.PrivateIpAddress) + args["publicIpv4Pool"] = llx.StringDataPtr(add.PublicIpv4Pool) + args["tags"] = llx.MapData(Ec2TagsToMap(add.Tags), types.String) + args["region"] = llx.StringData(r) + return args, nil, nil + } + return args, nil, nil +} + +func (a *mqlAwsEc2Eip) id() (string, error) { + return a.NetworkInterfaceId.Data, nil +} + +type mqlAwsEc2EipInternal struct { + eipCache ec2types.Address +} + +func (a *mqlAwsEc2Eip) instance() (*mqlAwsEc2Instance, error) { + regionVal := a.Region.Data + conn := a.MqlRuntime.Connection.(*connection.AwsConnection) + if a.eipCache.InstanceId != nil { + instanceId := a.eipCache.InstanceId + mqlEc2Instance, err := NewResource(a.MqlRuntime, "aws.ec2.instance", + map[string]*llx.RawData{ + "arn": llx.StringData(fmt.Sprintf(ec2InstanceArnPattern, regionVal, conn.AccountId(), convert.ToString(instanceId))), + }) + if err != nil { + return nil, err + } + return mqlEc2Instance.(*mqlAwsEc2Instance), err + } + a.Instance.State = plugin.StateIsNull | plugin.StateIsSet + return nil, nil +} + +func (a *mqlAwsEc2) eips() ([]interface{}, error) { + conn := a.MqlRuntime.Connection.(*connection.AwsConnection) + res := []interface{}{} + poolOfJobs := jobpool.CreatePool(a.getEIPs(conn), 5) + poolOfJobs.Run() + + // check for errors + if poolOfJobs.HasErrors() { + return nil, poolOfJobs.GetErrors() + } + // get all the results + for i := range poolOfJobs.Jobs { + res = append(res, poolOfJobs.Jobs[i].Result.([]interface{})...) + } + + return res, nil +} + +func (a *mqlAwsEc2) getEIPs(conn *connection.AwsConnection) []*jobpool.Job { + tasks := make([]*jobpool.Job, 0) + + regions, err := conn.Regions() + if err != nil { + return []*jobpool.Job{{Err: err}} + } + for _, region := range regions { + regionVal := region + f := func() (jobpool.JobResult, error) { + log.Debug().Msgf("ec2>getEIPs>calling aws with region %s", regionVal) + + svc := conn.Ec2(regionVal) + ctx := context.Background() + res := []interface{}{} + + params := &ec2.DescribeAddressesInput{} // no pagination + addresses, err := svc.DescribeAddresses(ctx, params) + if err != nil { + if Is400AccessDeniedError(err) { + log.Warn().Str("region", regionVal).Msg("error accessing region for AWS API") + return res, nil + } + return nil, err + } + + for i := range addresses.Addresses { + add := addresses.Addresses[i] + attached := add.AllocationId != nil + + args := map[string]*llx.RawData{ + "publicIp": llx.StringDataPtr(add.PublicIp), + "attached": llx.BoolData(attached), // this is false if allocationId is null and true otherwise + "networkInterfaceId": llx.StringDataPtr(add.NetworkInterfaceId), + "networkInterfaceOwnerId": llx.StringDataPtr(add.NetworkInterfaceOwnerId), + "privateIpAddress": llx.StringDataPtr(add.PrivateIpAddress), + "publicIpv4Pool": llx.StringDataPtr(add.PublicIpv4Pool), + "tags": llx.MapData(Ec2TagsToMap(add.Tags), types.String), + "region": llx.StringData(regionVal), + } + mqlAddress, err := CreateResource(a.MqlRuntime, "aws.ec2.eip", args) + if err != nil { + return nil, err + } + mqlAddress.(*mqlAwsEc2Eip).eipCache = add + + res = append(res, mqlAddress) + + } + return jobpool.JobResult(res), nil + } + tasks = append(tasks, jobpool.NewJob(f)) + } + return tasks +} + func (a *mqlAwsEc2Networkacl) id() (string, error) { return a.Arn.Data, nil } diff --git a/providers/aws/resources/aws_vpc.go b/providers/aws/resources/aws_vpc.go index 9e659891a3..d8cf54a76d 100644 --- a/providers/aws/resources/aws_vpc.go +++ b/providers/aws/resources/aws_vpc.go @@ -7,11 +7,13 @@ import ( "context" "errors" "fmt" + "strings" "github.com/aws/aws-sdk-go-v2/service/ec2" vpctypes "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/arn" "github.com/rs/zerolog/log" "go.mondoo.com/cnquery/v11/llx" "go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin" @@ -102,6 +104,128 @@ func (a *mqlAws) getVpcs(conn *connection.AwsConnection) []*jobpool.Job { return tasks } +func (a *mqlAwsVpcNatgatewayAddress) id() (string, error) { + return a.AllocationId.Data, nil +} + +func (a *mqlAwsVpcNatgateway) id() (string, error) { + return a.NatGatewayId.Data, nil +} + +type mqlAwsVpcNatgatewayInternal struct { + natGatewayCache vpctypes.NatGateway + region string +} + +type mqlAwsVpcNatgatewayAddressInternal struct { + natGatewayAddressCache vpctypes.NatGatewayAddress + region string +} + +func (a *mqlAwsVpcNatgateway) vpc() (*mqlAwsVpc, error) { + if a.natGatewayCache.VpcId != nil { + conn := a.MqlRuntime.Connection.(*connection.AwsConnection) + res, err := NewResource(a.MqlRuntime, "aws.vpc", map[string]*llx.RawData{"arn": llx.StringData(fmt.Sprintf(vpcArnPattern, a.region, conn.AccountId(), convert.ToString(a.natGatewayCache.VpcId)))}) + if err != nil { + return nil, err + } + return res.(*mqlAwsVpc), nil + } + a.Vpc.State = plugin.StateIsNull | plugin.StateIsSet + return nil, nil +} + +// i think bc subnet is a subresource of vpc i'm having trouble doing this here +// not totally sure, will revisit +// func (a *mqlAwsVpcNatgateway) subnet() (*mqlAwsVpcSubnet, error) { +// if a.natGatewayCache.SubnetId != nil { +// conn := a.MqlRuntime.Connection.(*connection.AwsConnection) +// res, err := NewResource(a.MqlRuntime, "aws.vpc.subnet", map[string]*llx.RawData{"arn": llx.StringData(fmt.Sprintf(subnetArnPattern, a.region, conn.AccountId(), convert.ToString(a.natGatewayCache.SubnetId)))}) +// if err != nil { +// a.Subnet.State = plugin.StateIsNull | plugin.StateIsSet +// return nil, err +// } +// return res.(*mqlAwsVpcSubnet), nil +// } +// a.Subnet.State = plugin.StateIsNull | plugin.StateIsSet +// return nil, nil +// } + +func (a *mqlAwsVpcNatgatewayAddress) publicIp() (*mqlAwsEc2Eip, error) { + if a.natGatewayAddressCache.PublicIp != nil { + res, err := NewResource(a.MqlRuntime, "aws.ec2.eip", map[string]*llx.RawData{"publicIp": llx.StringDataPtr(a.natGatewayAddressCache.PublicIp), "region": llx.StringData(a.region)}) + if err != nil { + return nil, err + } + return res.(*mqlAwsEc2Eip), nil + } + a.PublicIp.State = plugin.StateIsNull | plugin.StateIsSet + return nil, nil +} + +func (a *mqlAwsVpc) natGateways() ([]interface{}, error) { + conn := a.MqlRuntime.Connection.(*connection.AwsConnection) + vpc := a.Id.Data + + svc := conn.Ec2(a.Region.Data) + ctx := context.Background() + endpoints := []interface{}{} + filterKeyVal := "vpc-id" + nextToken := aws.String("no_token_to_start_with") + params := &ec2.DescribeNatGatewaysInput{Filter: []vpctypes.Filter{{Name: &filterKeyVal, Values: []string{vpc}}}} + for nextToken != nil { + natgateways, err := svc.DescribeNatGateways(ctx, params) + if err != nil { + a.NatGateways.State = plugin.StateIsNull | plugin.StateIsSet + return nil, err + } + nextToken = natgateways.NextToken + if natgateways.NextToken != nil { + params.NextToken = nextToken + } + + for _, gw := range natgateways.NatGateways { + addresses := []interface{}{} + for i := range gw.NatGatewayAddresses { + add := gw.NatGatewayAddresses[i] + + mqlNatGatewayAddress, err := CreateResource(a.MqlRuntime, "aws.vpc.natgateway.address", + map[string]*llx.RawData{ + "allocationId": llx.StringDataPtr(add.AllocationId), + "networkInterfaceId": llx.StringDataPtr(add.NetworkInterfaceId), + "privateIp": llx.StringDataPtr(add.PrivateIp), + "isPrimary": llx.BoolDataPtr(add.IsPrimary), + }) + if err == nil { + mqlNatGatewayAddress.(*mqlAwsVpcNatgatewayAddress).natGatewayAddressCache = add + mqlNatGatewayAddress.(*mqlAwsVpcNatgatewayAddress).region = a.Region.Data + addresses = append(addresses, mqlNatGatewayAddress) + } else { + log.Error().Err(err).Msg("cannot create vpc natgateway address resource") + } + } + + args := map[string]*llx.RawData{ + "createdAt": llx.TimeDataPtr(gw.CreateTime), + "natGatewayId": llx.StringDataPtr(gw.NatGatewayId), + "state": llx.StringData(string(gw.State)), + "tags": llx.MapData(Ec2TagsToMap(gw.Tags), types.String), + "addresses": llx.ArrayData(addresses, "aws.vpc.natgatewayaddress"), + } + + mqlNatGat, err := CreateResource(a.MqlRuntime, "aws.vpc.natgateway", args) + if err != nil { + return nil, err + } + mqlNatGat.(*mqlAwsVpcNatgateway).natGatewayCache = gw + mqlNatGat.(*mqlAwsVpcNatgateway).region = a.Region.Data + + endpoints = append(endpoints, mqlNatGat) + } + } + return endpoints, nil +} + func (a *mqlAwsVpcEndpoint) id() (string, error) { return a.Id.Data, nil } @@ -154,6 +278,201 @@ func (a *mqlAwsVpc) endpoints() ([]interface{}, error) { return endpoints, nil } +func (a *mqlAwsVpcServiceEndpoint) id() (string, error) { + return a.Id.Data, nil +} + +func strArrayToInterfaceArr(s []string) []interface{} { + arr := []interface{}{} + for i := range s { + arr = append(arr, s[i]) + } + return arr +} + +func (a *mqlAwsVpc) serviceEndpoints() ([]interface{}, error) { + conn := a.MqlRuntime.Connection.(*connection.AwsConnection) + vpc := a.Id.Data + + svc := conn.Ec2(a.Region.Data) + ctx := context.Background() + endpoints := []interface{}{} + filterKeyVal := "vpc-id" + nextToken := aws.String("no_token_to_start_with") + params := &ec2.DescribeVpcEndpointServicesInput{Filters: []vpctypes.Filter{{Name: &filterKeyVal, Values: []string{vpc}}}} + for nextToken != nil { + endpointsRes, err := svc.DescribeVpcEndpointServices(ctx, params) + if err != nil { + return nil, err + } + nextToken = endpointsRes.NextToken + if endpointsRes.NextToken != nil { + params.NextToken = nextToken + } + + for _, service := range endpointsRes.ServiceDetails { + dnsNames := []interface{}{} + for i := range service.PrivateDnsNames { + dnsNames = append(dnsNames, *service.PrivateDnsNames[i].PrivateDnsName) + } + var serviceType string + if len(service.ServiceType) == 1 { + serviceType = string(service.ServiceType[0].ServiceType) + } + + mqlEndpoint, err := CreateResource(a.MqlRuntime, "aws.vpc.serviceEndpoint", + map[string]*llx.RawData{ + "acceptanceRequired": llx.BoolDataPtr(service.AcceptanceRequired), + "availabilityZones": llx.ArrayData(strArrayToInterfaceArr(service.AvailabilityZones), types.String), + "dnsNames": llx.ArrayData(strArrayToInterfaceArr(service.BaseEndpointDnsNames), types.String), // BaseEndpointDnsNames + "id": llx.StringDataPtr(service.ServiceId), // ServiceID + "managesVpcEndpoints": llx.BoolDataPtr(service.ManagesVpcEndpoints), + "name": llx.StringDataPtr(service.ServiceName), // ServiceName + "owner": llx.StringDataPtr(service.Owner), + "payerResponsibility": llx.StringData(string(service.PayerResponsibility)), + "privateDnsNameVerificationState": llx.StringData(string(service.PrivateDnsNameVerificationState)), + "privateDnsNames": llx.ArrayData(dnsNames, types.String), + "tags": llx.MapData(Ec2TagsToMap(service.Tags), types.String), + "type": llx.StringData(serviceType), + "vpcEndpointPolicySupported": llx.BoolDataPtr(service.VpcEndpointPolicySupported), + }, + ) + if err != nil { + return nil, err + } + endpoints = append(endpoints, mqlEndpoint) + } + } + return endpoints, nil +} + +func (a *mqlAwsVpcPeeringConnection) id() (string, error) { + return a.Id.Data, nil +} + +func (a *mqlAwsVpc) peeringConnections() ([]interface{}, error) { + conn := a.MqlRuntime.Connection.(*connection.AwsConnection) + vpc := a.Id.Data + + svc := conn.Ec2(a.Region.Data) + ctx := context.Background() + pcs := []interface{}{} + filterKeyVal := "requester-vpc-info.vpc-id" + filterKeyVal2 := "accepter-vpc-info.vpc-id" + + nextToken := aws.String("no_token_to_start_with") + params := &ec2.DescribeVpcPeeringConnectionsInput{Filters: []vpctypes.Filter{{Name: &filterKeyVal, Values: []string{vpc}}, {Name: &filterKeyVal2, Values: []string{vpc}}}} + for nextToken != nil { + res, err := svc.DescribeVpcPeeringConnections(ctx, params) + if err != nil { + return nil, err + } + nextToken = res.NextToken + if res.NextToken != nil { + params.NextToken = nextToken + } + + for _, peerconn := range res.VpcPeeringConnections { + status := "" + if peerconn.Status != nil { + status = *peerconn.Status.Message + } + mqlPeerConn, err := CreateResource(a.MqlRuntime, "aws.vpc.peeringConnection", + map[string]*llx.RawData{ + "expirationTime": llx.TimeDataPtr(peerconn.ExpirationTime), + "id": llx.StringDataPtr(peerconn.VpcPeeringConnectionId), + "status": llx.StringData(status), + "tags": llx.MapData(Ec2TagsToMap(peerconn.Tags), types.String), + }, + ) + if err != nil { + return nil, err + } + mqlPeerConn.(*mqlAwsVpcPeeringConnection).peeringConnectionCache = peerconn + mqlPeerConn.(*mqlAwsVpcPeeringConnection).region = a.Region.Data + pcs = append(pcs, mqlPeerConn) + } + } + return pcs, nil +} + +func (a *mqlAwsVpcPeeringConnectionPeeringVpc) id() (string, error) { + return "", nil +} + +type mqlAwsVpcPeeringConnectionInternal struct { + peeringConnectionCache vpctypes.VpcPeeringConnection + region string +} + +func (a *mqlAwsVpcPeeringConnection) acceptorVpc() (*mqlAwsVpcPeeringConnectionPeeringVpc, error) { + acceptor := a.peeringConnectionCache.AccepterVpcInfo + ipv4 := []interface{}{} + for i := range acceptor.CidrBlockSet { + ipv4 = append(ipv4, *acceptor.CidrBlockSet[i].CidrBlock) + } + ipv6 := []interface{}{} + for i := range acceptor.Ipv6CidrBlockSet { + ipv6 = append(ipv6, *acceptor.Ipv6CidrBlockSet[i].Ipv6CidrBlock) + } + mql, err := CreateResource(a.MqlRuntime, "aws.vpc.peeringConnection.peeringVpc", + map[string]*llx.RawData{ + "allowDnsResolutionFromRemoteVpc": llx.BoolDataPtr(acceptor.PeeringOptions.AllowDnsResolutionFromRemoteVpc), + "allowEgressFromLocalClassicLinkToRemoteVpc": llx.BoolDataPtr(acceptor.PeeringOptions.AllowEgressFromLocalClassicLinkToRemoteVpc), // this is deprecated by aws... + "allowEgressFromLocalVpcToRemoteClassicLink": llx.BoolDataPtr(acceptor.PeeringOptions.AllowEgressFromLocalVpcToRemoteClassicLink), // this is deprecated by aws... + "ipv4CiderBlocks": llx.ArrayData(ipv4, types.String), + "ipv6CiderBlocks": llx.ArrayData(ipv6, types.String), + "ownerID": llx.StringDataPtr(acceptor.OwnerId), + "region": llx.StringData(a.region), + "vpcId": llx.StringDataPtr(acceptor.VpcId), + }, + ) + if err != nil { + return nil, err + } + + return mql.(*mqlAwsVpcPeeringConnectionPeeringVpc), nil +} + +func (a *mqlAwsVpcPeeringConnectionPeeringVpc) vpc() (*mqlAwsVpc, error) { + conn := a.MqlRuntime.Connection.(*connection.AwsConnection) + res, err := NewResource(a.MqlRuntime, "aws.vpc", map[string]*llx.RawData{"arn": llx.StringData(fmt.Sprintf(vpcArnPattern, a.Region.Data, conn.AccountId(), a.VpcId.Data))}) + if err != nil { + return nil, err + } + return res.(*mqlAwsVpc), nil +} + +func (a *mqlAwsVpcPeeringConnection) requestorVpc() (*mqlAwsVpcPeeringConnectionPeeringVpc, error) { + acceptor := a.peeringConnectionCache.AccepterVpcInfo + ipv4 := []interface{}{} + for i := range acceptor.CidrBlockSet { + ipv4 = append(ipv4, *acceptor.CidrBlockSet[i].CidrBlock) + } + ipv6 := []interface{}{} + for i := range acceptor.Ipv6CidrBlockSet { + ipv6 = append(ipv6, *acceptor.Ipv6CidrBlockSet[i].Ipv6CidrBlock) + } + mql, err := CreateResource(a.MqlRuntime, "aws.vpc.peeringConnection.peeringVpc", + map[string]*llx.RawData{ + "allowDnsResolutionFromRemoteVpc": llx.BoolDataPtr(acceptor.PeeringOptions.AllowDnsResolutionFromRemoteVpc), + "allowEgressFromLocalClassicLinkToRemoteVpc": llx.BoolDataPtr(acceptor.PeeringOptions.AllowEgressFromLocalClassicLinkToRemoteVpc), // this is deprecated by aws... + "allowEgressFromLocalVpcToRemoteClassicLink": llx.BoolDataPtr(acceptor.PeeringOptions.AllowEgressFromLocalVpcToRemoteClassicLink), // this is deprecated by aws... + "ipv4CiderBlocks": llx.ArrayData(ipv4, types.String), + "ipv6CiderBlocks": llx.ArrayData(ipv6, types.String), + "ownerID": llx.StringDataPtr(acceptor.OwnerId), + "region": llx.StringData(a.region), + // vpc() aws.vpc // ← We can populate this if the VPC is in this account + "vpcId": llx.StringDataPtr(acceptor.VpcId), + }, + ) + if err != nil { + return nil, err + } + + return mql.(*mqlAwsVpcPeeringConnectionPeeringVpc), nil +} + func (a *mqlAwsVpc) flowLogs() ([]interface{}, error) { conn := a.MqlRuntime.Connection.(*connection.AwsConnection) vpc := a.Id.Data @@ -291,6 +610,66 @@ func (a *mqlAwsVpc) subnets() ([]interface{}, error) { return res, nil } +func initAwsSubnet(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) { + if args["arn"] == nil && args["id"] == nil { + return nil, nil, errors.New("id or arn required to fetch aws vpc subnet") + } + + var arnValue, id, region, subnetId string + if args["arn"] != nil { + arnValue = args["arn"].Value.(string) + } + if args["region"] != nil { + region = args["region"].Value.(string) + } + if args["id"] != nil { + id = args["id"].Value.(string) + } + if id != "" { + subnetId = id + } else if arnValue != "" { + parsed, err := arn.Parse(arnValue) + if err == nil { + split := strings.Split(parsed.Resource, "/") + if len(split) == 2 { + subnetId = split[1] + region = parsed.Region + } + } + } + + if subnetId == "" { + return nil, nil, errors.New("no subnet id specified") + } + + conn := runtime.Connection.(*connection.AwsConnection) + svc := conn.Ec2(region) + ctx := context.Background() + subnets, err := svc.DescribeSubnets(ctx, &ec2.DescribeSubnetsInput{Filters: []vpctypes.Filter{{Name: aws.String("subnet-id"), Values: []string{subnetId}}}}) + if err != nil { + return nil, nil, err + } + + if len(subnets.Subnets) > 0 { + subnet := subnets.Subnets[0] + if arnValue != "" { + args["arn"] = llx.StringData(arnValue) + } else { + args["arn"] = llx.StringData(fmt.Sprintf(subnetArnPattern, region, conn.AccountId(), convert.ToString(subnet.SubnetId))) + } + args["assignIpv6AddressOnCreation"] = llx.BoolDataPtr(subnet.AssignIpv6AddressOnCreation) + args["availabilityZone"] = llx.StringDataPtr(subnet.AvailabilityZone) + args["cidrs"] = llx.StringDataPtr(subnet.CidrBlock) + args["defaultForAvailabilityZone"] = llx.BoolDataPtr(subnet.DefaultForAz) + args["id"] = llx.StringDataPtr(subnet.SubnetId) + args["mapPublicIpOnLaunch"] = llx.BoolDataPtr(subnet.MapPublicIpOnLaunch) + args["region"] = llx.StringData(region) + args["state"] = llx.StringData(string(subnet.State)) + return args, nil, nil + } + return nil, nil, errors.New("subnet not found") +} + func initAwsVpc(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) { if len(args) > 2 { return args, nil, nil