From 64433b8c502c86b99b9ecafae66c53e8e9be47b4 Mon Sep 17 00:00:00 2001 From: vjeffrey Date: Fri, 22 Sep 2023 16:56:28 -0600 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20aws=20resource=20bugfixes=20(#18?= =?UTF-8?q?55)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- providers/aws/resources/aws_cloudtrail.go | 14 +++++--- providers/aws/resources/aws_cloudwatch.go | 16 ++++----- providers/aws/resources/aws_ec2.go | 4 ++- providers/aws/resources/aws_iam.go | 41 ++++++++++++++--------- providers/aws/resources/aws_sagemaker.go | 2 ++ 5 files changed, 48 insertions(+), 29 deletions(-) diff --git a/providers/aws/resources/aws_cloudtrail.go b/providers/aws/resources/aws_cloudtrail.go index 917f569f96..692beadf4b 100644 --- a/providers/aws/resources/aws_cloudtrail.go +++ b/providers/aws/resources/aws_cloudtrail.go @@ -70,7 +70,7 @@ func initAwsCloudtrailTrail(runtime *plugin.Runtime, args map[string]*llx.RawDat } awsCloudtrail := obj.(*mqlAwsCloudtrail) - rawResources := awsCloudtrail.Trails.Data + rawResources := awsCloudtrail.GetTrails().Data for i := range rawResources { trail := rawResources[i].(*mqlAwsCloudtrailTrail) @@ -136,6 +136,8 @@ func (a *mqlAwsCloudtrail) getTrails(conn *connection.AwsConnection) []*jobpool. } else { args["s3bucket"] = llx.ResourceData(mqlAwsS3Bucket, mqlAwsS3Bucket.MqlName()) } + } else { + args["s3bucket"] = llx.NilData } // add kms key if there is one @@ -151,10 +153,12 @@ func (a *mqlAwsCloudtrail) getTrails(conn *connection.AwsConnection) []*jobpool. mqlKey := mqlKeyResource.(*mqlAwsKmsKey) args["kmsKey"] = llx.ResourceData(mqlKey, mqlKey.MqlName()) } + } else { + args["kmsKey"] = llx.NilData } if trail.CloudWatchLogsLogGroupArn != nil { mqlLoggroup, err := NewResource(a.MqlRuntime, "aws.cloudwatch.loggroup", - map[string]*llx.RawData{"arn": llx.StringData(convert.ToString(trail.CloudWatchLogsLogGroupArn))}, + map[string]*llx.RawData{"arn": llx.StringDataPtr(trail.CloudWatchLogsLogGroupArn)}, ) // means the log group does not exist or we have no access to it // dont err out, just assign nil @@ -164,6 +168,8 @@ func (a *mqlAwsCloudtrail) getTrails(conn *connection.AwsConnection) []*jobpool. mqlLog := mqlLoggroup.(*mqlAwsCloudwatchLoggroup) args["logGroup"] = llx.ResourceData(mqlLog, mqlLog.MqlName()) } + } else { + args["logGroup"] = llx.NilData } mqlAwsCloudtrailTrail, err := CreateResource(a.MqlRuntime, "aws.cloudtrail.trail", args) @@ -181,11 +187,11 @@ func (a *mqlAwsCloudtrail) getTrails(conn *connection.AwsConnection) []*jobpool. } func (a *mqlAwsCloudtrailTrail) s3bucket() (*mqlAwsS3Bucket, error) { - return a.GetS3bucket().Data, nil + return a.S3bucket.Data, nil } func (a *mqlAwsCloudtrailTrail) logGroup() (*mqlAwsCloudwatchLoggroup, error) { - return a.GetLogGroup().Data, nil + return a.LogGroup.Data, nil } func (a *mqlAwsCloudtrailTrail) kmsKey() (*mqlAwsKmsKey, error) { diff --git a/providers/aws/resources/aws_cloudwatch.go b/providers/aws/resources/aws_cloudwatch.go index 2adfb3a076..d319ea1287 100644 --- a/providers/aws/resources/aws_cloudwatch.go +++ b/providers/aws/resources/aws_cloudwatch.go @@ -616,11 +616,11 @@ func (a *mqlAwsCloudwatch) getLogGroups(conn *connection.AwsConnection) []*jobpo "arn": llx.StringData(convert.ToString(loggroup.KmsKeyId)), }) if err != nil { - return nil, err + args["kmsKey"] = llx.NilData + } else { + mqlKey := mqlKeyResource.(*mqlAwsKmsKey) + args["kmsKey"] = llx.ResourceData(mqlKey, mqlKey.MqlName()) } - - mqlKey := mqlKeyResource.(*mqlAwsKmsKey) - args["kmsKey"] = llx.ResourceData(mqlKey, mqlKey.MqlName()) } else { args["kmsKey"] = llx.NilData } @@ -659,7 +659,7 @@ func initAwsCloudwatchLoggroup(runtime *plugin.Runtime, args map[string]*llx.Raw return nil, nil, err } cloudwatch := obj.(*mqlAwsCloudwatch) - rawResources := cloudwatch.LogGroups.Data + rawResources := cloudwatch.GetLogGroups().Data arnVal := args["arn"].Value.(string) for i := range rawResources { @@ -673,8 +673,8 @@ func initAwsCloudwatchLoggroup(runtime *plugin.Runtime, args map[string]*llx.Raw return nil, nil, errors.New("cloudwatch log group does not exist") } -func (s *mqlAwsCloudwatchLoggroup) kmsKey() (*mqlAwsKmsKey, error) { - return &mqlAwsKmsKey{}, nil +func (a *mqlAwsCloudwatchLoggroup) kmsKey() (*mqlAwsKmsKey, error) { + return a.KmsKey.Data, nil } func (a *mqlAwsCloudwatchLoggroup) id() (string, error) { @@ -766,7 +766,7 @@ func initAwsCloudwatchMetricsalarm(runtime *plugin.Runtime, args map[string]*llx } aws := obj.(*mqlAwsCloudwatch) - rawResources := aws.Alarms.Data + rawResources := aws.GetAlarms().Data arnVal := args["arn"].Value.(string) for i := range rawResources { diff --git a/providers/aws/resources/aws_ec2.go b/providers/aws/resources/aws_ec2.go index dc3cfa21d4..50c20b3b9b 100644 --- a/providers/aws/resources/aws_ec2.go +++ b/providers/aws/resources/aws_ec2.go @@ -167,6 +167,8 @@ func (a *mqlAwsEc2Networkacl) entries() ([]interface{}, error) { return nil, err } args["portRange"] = llx.ResourceData(mqlPortRange, mqlPortRange.MqlName()) + } else { + args["portRange"] = llx.NilData } mqlAclEntry, err := CreateResource(a.MqlRuntime, "aws.ec2.networkacl.entry", args) @@ -180,7 +182,7 @@ func (a *mqlAwsEc2Networkacl) entries() ([]interface{}, error) { } func (a *mqlAwsEc2NetworkaclEntry) portRange() (*mqlAwsEc2NetworkaclEntryPortrange, error) { - return a.GetPortRange().Data, nil + return a.PortRange.Data, nil } func (a *mqlAwsEc2Securitygroup) isAttachedToNetworkInterface() (bool, error) { diff --git a/providers/aws/resources/aws_iam.go b/providers/aws/resources/aws_iam.go index 94abc667b0..b97bd979ca 100644 --- a/providers/aws/resources/aws_iam.go +++ b/providers/aws/resources/aws_iam.go @@ -297,22 +297,27 @@ func (a *mqlAwsIam) virtualMfaDevices() ([]interface{}, error) { device := devicesResp.VirtualMFADevices[i] var mqlAwsIamUser plugin.Resource + args := map[string]*llx.RawData{ + "serialNumber": llx.StringDataPtr(device.SerialNumber), + "enableDate": llx.TimeDataPtr(device.EnableDate), + } + usr := device.User if usr != nil { mqlAwsIamUser, err = NewResource(a.MqlRuntime, "aws.iam.user", map[string]*llx.RawData{ - "arn": llx.StringData(convert.ToString(usr.Arn)), + "arn": llx.StringDataPtr(usr.Arn), + "name": llx.StringDataPtr(usr.UserName), }) - if err != nil { - return nil, err + if err == nil { + args["user"] = llx.ResourceData(mqlAwsIamUser, "aws.iam.user") } } - mqlAwsIamMfaDevice, err := CreateResource(a.MqlRuntime, "aws.iam.virtualmfadevice", - map[string]*llx.RawData{ - "serialNumber": llx.StringData(convert.ToString(device.SerialNumber)), - "enableDate": llx.TimeData(toTime(device.EnableDate)), - "user": llx.ResourceData(mqlAwsIamUser, mqlAwsIamUser.MqlName()), - }) + if usr == nil || err != nil { + args["user"] = llx.NilData + } + + mqlAwsIamMfaDevice, err := CreateResource(a.MqlRuntime, "aws.iam.virtualmfadevice", args) if err != nil { return nil, err } @@ -671,14 +676,15 @@ func (a *mqlAwsIamUsercredentialreportentry) user() (*mqlAwsIamUser, error) { log.Info().Msgf("could not retrieve key") return nil, errors.New("could not read the credentials report") } - // handle special case for the root account since that user does not exist if props["user"] == "" { - return nil, nil + return nil, errors.New("root user does not exist") } - mqlUser, err := CreateResource(a.MqlRuntime, "aws.iam.user", - map[string]*llx.RawData{"name": llx.StringData(props["user"].(string))}, + mqlUser, err := NewResource(a.MqlRuntime, "aws.iam.user", + map[string]*llx.RawData{ + "name": llx.StringData(props["user"].(string)), + }, ) if err != nil { return nil, err @@ -706,8 +712,8 @@ func initAwsIamUser(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[ } } - if args["arn"] == nil && args["name"] == nil { - return nil, nil, errors.New("arn or name required to fetch aws iam user") + if args["name"] == nil { + return nil, nil, errors.New("name required to fetch aws iam user") } conn := runtime.Connection.(*connection.AwsConnection) @@ -738,6 +744,9 @@ func initAwsIamUser(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[ } func (a *mqlAwsIamUser) id() (string, error) { + if a.Arn.Error != nil { + return "", a.Arn.Error + } return a.Arn.Data, nil } @@ -1035,7 +1044,7 @@ func (a *mqlAwsIamPolicy) attachedRoles() ([]interface{}, error) { for i := range entities.PolicyRoles { role := entities.PolicyRoles[i] - mqlUser, err := CreateResource(a.MqlRuntime, "aws.iam.role", + mqlUser, err := NewResource(a.MqlRuntime, "aws.iam.role", map[string]*llx.RawData{"name": llx.StringData(convert.ToString(role.RoleName))}, ) if err != nil { diff --git a/providers/aws/resources/aws_sagemaker.go b/providers/aws/resources/aws_sagemaker.go index e8d69b5893..7f3b632b95 100644 --- a/providers/aws/resources/aws_sagemaker.go +++ b/providers/aws/resources/aws_sagemaker.go @@ -247,6 +247,8 @@ func (a *mqlAwsSagemakerNotebookinstance) details() (*mqlAwsSagemakerNotebookins } else { args["kmsKey"] = llx.ResourceData(mqlKeyResource, mqlKeyResource.MqlName()) } + } else { + args["kmsKey"] = llx.NilData } mqlInstanceDetails, err := CreateResource(a.MqlRuntime, "aws.sagemaker.notebookinstance.details", args) if err != nil {