From dec87555d5f382e191b8f59a2a9226b51101e8ad Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Tue, 23 Apr 2024 16:24:27 -0700 Subject: [PATCH 1/2] Add securityGroups and availabilityZones to ELBs This is pretty important information for a load balancer Signed-off-by: Tim Smith --- providers/aws/resources/aws.lr | 4 +++ providers/aws/resources/aws.lr.go | 24 ++++++++++++++ providers/aws/resources/aws.lr.manifest.yaml | 4 +++ providers/aws/resources/aws_elb.go | 33 ++++++++++++++++---- 4 files changed, 59 insertions(+), 6 deletions(-) diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr index e02b976354..36215dd02c 100644 --- a/providers/aws/resources/aws.lr +++ b/providers/aws/resources/aws.lr @@ -1096,6 +1096,10 @@ private aws.elb.loadbalancer @defaults("arn name") { vpcId string // Date and time when the load balancer was created createdTime time + // Availability zone where the load balancer runs + availabilityZones []string + // VPC security groups for the load balancer + securityGroups []aws.ec2.securitygroup } // AWS CodeBuild for building and testing code diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go index eedde9977c..b71a7849c6 100644 --- a/providers/aws/resources/aws.lr.go +++ b/providers/aws/resources/aws.lr.go @@ -1928,6 +1928,12 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "aws.elb.loadbalancer.createdTime": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsElbLoadbalancer).GetCreatedTime()).ToDataRes(types.Time) }, + "aws.elb.loadbalancer.availabilityZones": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsElbLoadbalancer).GetAvailabilityZones()).ToDataRes(types.Array(types.String)) + }, + "aws.elb.loadbalancer.securityGroups": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsElbLoadbalancer).GetSecurityGroups()).ToDataRes(types.Array(types.Resource("aws.ec2.securitygroup"))) + }, "aws.codebuild.projects": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsCodebuild).GetProjects()).ToDataRes(types.Array(types.Resource("aws.codebuild.project"))) }, @@ -5692,6 +5698,14 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAwsElbLoadbalancer).CreatedTime, ok = plugin.RawToTValue[*time.Time](v.Value, v.Error) return }, + "aws.elb.loadbalancer.availabilityZones": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsElbLoadbalancer).AvailabilityZones, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "aws.elb.loadbalancer.securityGroups": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsElbLoadbalancer).SecurityGroups, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, "aws.codebuild.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsCodebuild).__id, ok = v.Value.(string) return @@ -14209,6 +14223,8 @@ type mqlAwsElbLoadbalancer struct { Attributes plugin.TValue[[]interface{}] VpcId plugin.TValue[string] CreatedTime plugin.TValue[*time.Time] + AvailabilityZones plugin.TValue[[]interface{}] + SecurityGroups plugin.TValue[[]interface{}] } // createAwsElbLoadbalancer creates a new instance of this resource @@ -14284,6 +14300,14 @@ func (c *mqlAwsElbLoadbalancer) GetCreatedTime() *plugin.TValue[*time.Time] { return &c.CreatedTime } +func (c *mqlAwsElbLoadbalancer) GetAvailabilityZones() *plugin.TValue[[]interface{}] { + return &c.AvailabilityZones +} + +func (c *mqlAwsElbLoadbalancer) GetSecurityGroups() *plugin.TValue[[]interface{}] { + return &c.SecurityGroups +} + // mqlAwsCodebuild for the aws.codebuild resource type mqlAwsCodebuild struct { MqlRuntime *plugin.Runtime diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml index 9d8df5d178..3e8cb2577b 100755 --- a/providers/aws/resources/aws.lr.manifest.yaml +++ b/providers/aws/resources/aws.lr.manifest.yaml @@ -1567,12 +1567,16 @@ resources: fields: arn: {} attributes: {} + availabilityZones: + min_mondoo_version: 9.0.0 createdTime: min_mondoo_version: 9.0.0 dnsName: {} listenerDescriptions: {} name: {} scheme: {} + securityGroups: + min_mondoo_version: 9.0.0 vpcId: min_mondoo_version: 9.0.0 is_private: true diff --git a/providers/aws/resources/aws_elb.go b/providers/aws/resources/aws_elb.go index b49a5230f6..c9d8918715 100644 --- a/providers/aws/resources/aws_elb.go +++ b/providers/aws/resources/aws_elb.go @@ -18,6 +18,7 @@ import ( "go.mondoo.com/cnquery/v11/providers-sdk/v1/util/convert" "go.mondoo.com/cnquery/v11/providers-sdk/v1/util/jobpool" "go.mondoo.com/cnquery/v11/providers/aws/connection" + "go.mondoo.com/cnquery/v11/types" ) func (a *mqlAwsElb) id() (string, error) { @@ -146,14 +147,34 @@ func (a *mqlAwsElb) getLoadBalancers(conn *connection.AwsConnection) []*jobpool. return nil, err } for _, lb := range lbs.LoadBalancers { + availabilityZones := []interface{}{} + for _, zone := range lb.AvailabilityZones { + availabilityZones = append(availabilityZones, convert.ToString(zone.ZoneName)) + } + + sgs := []interface{}{} + for i := range lb.SecurityGroups { + sg := lb.SecurityGroups[i] + mqlSg, err := NewResource(a.MqlRuntime, "aws.ec2.securitygroup", + map[string]*llx.RawData{ + "arn": llx.StringData(fmt.Sprintf(securityGroupArnPattern, regionVal, conn.AccountId(), sg)), + }) + if err != nil { + return nil, err + } + sgs = append(sgs, mqlSg) + } + mqlLb, err := CreateResource(a.MqlRuntime, "aws.elb.loadbalancer", map[string]*llx.RawData{ - "arn": llx.StringDataPtr(lb.LoadBalancerArn), - "dnsName": llx.StringDataPtr(lb.DNSName), - "name": llx.StringDataPtr(lb.LoadBalancerName), - "scheme": llx.StringData(string(lb.Scheme)), - "vpcId": llx.StringDataPtr(lb.VpcId), - "createdTime": llx.TimeDataPtr(lb.CreatedTime), + "arn": llx.StringDataPtr(lb.LoadBalancerArn), + "availabilityZones": llx.ArrayData(availabilityZones, types.String), + "createdTime": llx.TimeDataPtr(lb.CreatedTime), + "dnsName": llx.StringDataPtr(lb.DNSName), + "name": llx.StringDataPtr(lb.LoadBalancerName), + "scheme": llx.StringData(string(lb.Scheme)), + "securityGroups": llx.ArrayData(sgs, types.Resource("aws.ec2.securitygroup")), + "vpcId": llx.StringDataPtr(lb.VpcId), }) if err != nil { return nil, err From bdda454865d90bdfc04c64d8b5892ab4a43c039c Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Tue, 23 Apr 2024 16:40:32 -0700 Subject: [PATCH 2/2] Add hostedZoneId as well Signed-off-by: Tim Smith --- providers/aws/resources/aws.lr | 2 ++ providers/aws/resources/aws.lr.go | 12 ++++++++++++ providers/aws/resources/aws.lr.manifest.yaml | 2 ++ providers/aws/resources/aws_elb.go | 1 + 4 files changed, 17 insertions(+) diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr index 36215dd02c..d4467c44f4 100644 --- a/providers/aws/resources/aws.lr +++ b/providers/aws/resources/aws.lr @@ -1100,6 +1100,8 @@ private aws.elb.loadbalancer @defaults("arn name") { availabilityZones []string // VPC security groups for the load balancer securityGroups []aws.ec2.securitygroup + // The ID of the Amazon Route 53 hosted zone associated with the load balancer + hostedZoneId string } // AWS CodeBuild for building and testing code diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go index b71a7849c6..366580bf37 100644 --- a/providers/aws/resources/aws.lr.go +++ b/providers/aws/resources/aws.lr.go @@ -1934,6 +1934,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "aws.elb.loadbalancer.securityGroups": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsElbLoadbalancer).GetSecurityGroups()).ToDataRes(types.Array(types.Resource("aws.ec2.securitygroup"))) }, + "aws.elb.loadbalancer.hostedZoneId": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsElbLoadbalancer).GetHostedZoneId()).ToDataRes(types.String) + }, "aws.codebuild.projects": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsCodebuild).GetProjects()).ToDataRes(types.Array(types.Resource("aws.codebuild.project"))) }, @@ -5706,6 +5709,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAwsElbLoadbalancer).SecurityGroups, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return }, + "aws.elb.loadbalancer.hostedZoneId": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsElbLoadbalancer).HostedZoneId, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "aws.codebuild.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsCodebuild).__id, ok = v.Value.(string) return @@ -14225,6 +14232,7 @@ type mqlAwsElbLoadbalancer struct { CreatedTime plugin.TValue[*time.Time] AvailabilityZones plugin.TValue[[]interface{}] SecurityGroups plugin.TValue[[]interface{}] + HostedZoneId plugin.TValue[string] } // createAwsElbLoadbalancer creates a new instance of this resource @@ -14308,6 +14316,10 @@ func (c *mqlAwsElbLoadbalancer) GetSecurityGroups() *plugin.TValue[[]interface{} return &c.SecurityGroups } +func (c *mqlAwsElbLoadbalancer) GetHostedZoneId() *plugin.TValue[string] { + return &c.HostedZoneId +} + // mqlAwsCodebuild for the aws.codebuild resource type mqlAwsCodebuild struct { MqlRuntime *plugin.Runtime diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml index 3e8cb2577b..4f7261f014 100755 --- a/providers/aws/resources/aws.lr.manifest.yaml +++ b/providers/aws/resources/aws.lr.manifest.yaml @@ -1572,6 +1572,8 @@ resources: createdTime: min_mondoo_version: 9.0.0 dnsName: {} + hostedZoneId: + min_mondoo_version: 9.0.0 listenerDescriptions: {} name: {} scheme: {} diff --git a/providers/aws/resources/aws_elb.go b/providers/aws/resources/aws_elb.go index c9d8918715..c021e7e380 100644 --- a/providers/aws/resources/aws_elb.go +++ b/providers/aws/resources/aws_elb.go @@ -171,6 +171,7 @@ func (a *mqlAwsElb) getLoadBalancers(conn *connection.AwsConnection) []*jobpool. "availabilityZones": llx.ArrayData(availabilityZones, types.String), "createdTime": llx.TimeDataPtr(lb.CreatedTime), "dnsName": llx.StringDataPtr(lb.DNSName), + "hostedZoneId": llx.StringDataPtr(lb.CanonicalHostedZoneId), "name": llx.StringDataPtr(lb.LoadBalancerName), "scheme": llx.StringData(string(lb.Scheme)), "securityGroups": llx.ArrayData(sgs, types.Resource("aws.ec2.securitygroup")),