From 610bdc892c184d16bc37e398c44c3733ffe058b4 Mon Sep 17 00:00:00 2001 From: Scott Ford <49754039+scottford-io@users.noreply.github.com> Date: Sun, 1 Oct 2023 20:39:17 -0700 Subject: [PATCH] Adds EC2 metadata httpEndpoint field (#2016) * Adds EC2 metadata httpEndpoint field Updates dictionary Fixes plugins, and sets cnquey min version for httpEndpoint Signed-off-by: Scott Ford * update proto version --------- Signed-off-by: Scott Ford Co-authored-by: Dominik Richter --- .github/actions/spelling/expect.txt | 2 +- providers/aws/resources/aws.lr | 2 ++ providers/aws/resources/aws.lr.go | 12 ++++++++++++ providers/aws/resources/aws.lr.manifest.yaml | 2 ++ providers/aws/resources/aws_ec2.go | 1 + 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index e3a03de799..54ef4a7cb8 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -21,8 +21,8 @@ gpu gvnic hostkeys iap -iex ilb +IMDS ingresstls iotedge linux diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr index 0772aa33b3..1fee92645f 100644 --- a/providers/aws/resources/aws.lr +++ b/providers/aws/resources/aws.lr @@ -1640,6 +1640,8 @@ private aws.ec2.instance @defaults("arn state") { vpc() aws.vpc // A value of optional for http tokens denotes imdsv1 server compatibility; required is imdsv2 httpTokens string + // Status of the IMDS endpoint is enabled on the instance + httpEndpoint string // Patch state information about the instance patchState() dict // State of the instance (pending, running, stopping, stopped, rebooting, or terminated) diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go index 12da59428c..3424cdfd84 100644 --- a/providers/aws/resources/aws.lr.go +++ b/providers/aws/resources/aws.lr.go @@ -2344,6 +2344,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "aws.ec2.instance.httpTokens": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsEc2Instance).GetHttpTokens()).ToDataRes(types.String) }, + "aws.ec2.instance.httpEndpoint": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsEc2Instance).GetHttpEndpoint()).ToDataRes(types.String) + }, "aws.ec2.instance.patchState": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsEc2Instance).GetPatchState()).ToDataRes(types.Dict) }, @@ -5396,6 +5399,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAwsEc2Instance).HttpTokens, ok = plugin.RawToTValue[string](v.Value, v.Error) return }, + "aws.ec2.instance.httpEndpoint": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsEc2Instance).HttpEndpoint, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "aws.ec2.instance.patchState": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsEc2Instance).PatchState, ok = plugin.RawToTValue[interface{}](v.Value, v.Error) return @@ -14713,6 +14720,7 @@ type mqlAwsEc2Instance struct { Ssm plugin.TValue[interface{}] Vpc plugin.TValue[*mqlAwsVpc] HttpTokens plugin.TValue[string] + HttpEndpoint plugin.TValue[string] PatchState plugin.TValue[interface{}] State plugin.TValue[string] DeviceMappings plugin.TValue[[]interface{}] @@ -14816,6 +14824,10 @@ func (c *mqlAwsEc2Instance) GetHttpTokens() *plugin.TValue[string] { return &c.HttpTokens } +func (c *mqlAwsEc2Instance) GetHttpEndpoint() *plugin.TValue[string] { + return &c.HttpEndpoint +} + func (c *mqlAwsEc2Instance) GetPatchState() *plugin.TValue[interface{}] { return plugin.GetOrCompute[interface{}](&c.PatchState, func() (interface{}, error) { return c.patchState() diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml index 1d12ab79e9..bb37e2079a 100755 --- a/providers/aws/resources/aws.lr.manifest.yaml +++ b/providers/aws/resources/aws.lr.manifest.yaml @@ -838,6 +838,8 @@ resources: detailedMonitoring: {} deviceMappings: {} ebsOptimized: {} + httpEndpoint: + min_mondoo_version: 9.0.0 httpTokens: {} image: {} instanceId: {} diff --git a/providers/aws/resources/aws_ec2.go b/providers/aws/resources/aws_ec2.go index 4e4e744e9b..34564fff6c 100644 --- a/providers/aws/resources/aws_ec2.go +++ b/providers/aws/resources/aws_ec2.go @@ -714,6 +714,7 @@ func (a *mqlAwsEc2) gatherInstanceInfo(instances []ec2types.Reservation, imdsvVe "publicIp": llx.StringData(convert.ToString(instance.PublicIpAddress)), "detailedMonitoring": llx.StringData(string(instance.Monitoring.State)), "httpTokens": llx.StringData(httpTokens), + "httpEndpoint": llx.StringData(string(instance.MetadataOptions.HttpEndpoint)), "state": llx.StringData(string(instance.State.Name)), "deviceMappings": llx.ArrayData(mqlDevices, types.Resource("aws.ec2.instance.device")), "securityGroups": llx.ArrayData(sgs, types.Resource("aws.ec2.securitygroup")),