Add new fields + better defaults in aws.acm.certificate (#2854)

Improve the defaults and add these new fields: - keyAlgorithm - serial - source - issuer - issuedAt - importedAt Signed-off-by: Tim Smith <[email protected]>
mondoohq · Dec 17, 2023 · d0749b0 · d0749b0
1 parent e8dce38
commit d0749b0
Show file tree

Hide file tree

Showing 4 changed files with 114 additions and 12 deletions.
diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr
@@ -417,25 +417,25 @@ private aws.waf.rule.fieldtomatch @defaults("target") {
   // Whether to match the URI path
   uriPath bool
   // Whether to match the query string
-	queryString bool
+  queryString bool
   // Whether to match all query arguments
-	allQueryArguments bool
+  allQueryArguments bool
   // Whether to match the body (match if not null)
   body aws.waf.rule.fieldtomatch.body
   // Whether to match the cookie (match if not null)
   cookie aws.waf.rule.fieldtomatch.cookie
   // Whether to match the single header (match if not null)
   singleHeader aws.waf.rule.fieldtomatch.singleheader
   // Whether to match the header order (match if not null)
-	headerOrder aws.waf.rule.fieldtomatch.headerorder
+  headerOrder aws.waf.rule.fieldtomatch.headerorder
   // Whether to match the header (match if not null)
-	headers aws.waf.rule.fieldtomatch.headers
+  headers aws.waf.rule.fieldtomatch.headers
   // Whether to match the JA3 fingerprint (match if not null)
-	ja3Fingerprint aws.waf.rule.fieldtomatch.ja3fingerprint
+  ja3Fingerprint aws.waf.rule.fieldtomatch.ja3fingerprint
   // Whether to match the JSON body (match if not null)
-	jsonBody aws.waf.rule.fieldtomatch.jsonbody
+  jsonBody aws.waf.rule.fieldtomatch.jsonbody
   // Whether to match the single query argument of the field (match if not null)
-	singleQueryArgument aws.waf.rule.fieldtomatch.singlequeryargument
+  singleQueryArgument aws.waf.rule.fieldtomatch.singlequeryargument
 }
 
 // Body of the field to match
@@ -977,7 +977,7 @@ aws.acm @defaults("certificates") {
 }
 
 // AWS Certificate Manager Certificate resource (provides an object representing an individual ACM certificate)
-private aws.acm.certificate @defaults("arn domainName") {
+private aws.acm.certificate @defaults("domainName issuer createdAt notAfter") {
   // ARN for the certificate
   arn string
   // Time before which the certificate is not valid
@@ -996,6 +996,18 @@ private aws.acm.certificate @defaults("arn domainName") {
   certificate() network.certificate
   // Tags associated with the certificate
   tags map[string]string
+  // The algorithm that was used to generate the public-private key pair
+  keyAlgorithm string
+  // The serial number of the certificate
+  serial string
+  // The source of the certificate. AMAZON_ISSUED or IMPORTED
+  source string
+  // The name of the certificate authority that issued and signed the certificate
+  issuer string
+  // The time at which the certificate was issued. This value exists only when the certificate source is AMAZON_ISSUED
+  issuedAt time
+  // The date and time when the certificate was imported. This value exists only when the certificate source is IMPORTED.
+  importedAt time
 }
 
 // AWS Auto Scaling

diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go
diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml
@@ -130,8 +130,20 @@ resources:
       certificate: {}
       createdAt: {}
       domainName: {}
+      importedAt:
+        min_mondoo_version: 9.0.0
+      issuedAt:
+        min_mondoo_version: 9.0.0
+      issuer:
+        min_mondoo_version: 9.0.0
+      keyAlgorithm:
+        min_mondoo_version: 9.0.0
       notAfter: {}
       notBefore: {}
+      serial:
+        min_mondoo_version: 9.0.0
+      source:
+        min_mondoo_version: 9.0.0
       status: {}
       subject: {}
       tags:

diff --git a/providers/aws/resources/aws_acm.go b/providers/aws/resources/aws_acm.go
@@ -122,12 +122,18 @@ func initAwsAcmCertificate(runtime *plugin.Runtime, args map[string]*llx.RawData
 	}
 
 	args["arn"] = llx.StringData(arnVal)
-	args["notBefore"] = llx.TimeDataPtr(certDetails.Certificate.NotBefore)
-	args["notAfter"] = llx.TimeDataPtr(certDetails.Certificate.NotAfter)
 	args["createdAt"] = llx.TimeDataPtr(certDetails.Certificate.CreatedAt)
-	args["domainName"] = llx.StringData(convert.ToString(certDetails.Certificate.DomainName))
+	args["domainName"] = llx.StringDataPtr(certDetails.Certificate.DomainName)
+	args["importedAt"] = llx.TimeDataPtr(certDetails.Certificate.ImportedAt)
+	args["issuedAt"] = llx.TimeDataPtr(certDetails.Certificate.IssuedAt)
+	args["issuer"] = llx.StringDataPtr(certDetails.Certificate.Issuer)
+	args["keyAlgorithm"] = llx.StringData(string(certDetails.Certificate.KeyAlgorithm))
+	args["notAfter"] = llx.TimeDataPtr(certDetails.Certificate.NotAfter)
+	args["notBefore"] = llx.TimeDataPtr(certDetails.Certificate.NotBefore)
+	args["serial"] = llx.StringDataPtr(certDetails.Certificate.Serial)
+	args["source"] = llx.StringData(string(certDetails.Certificate.Type))
 	args["status"] = llx.StringData(string(certDetails.Certificate.Status))
-	args["subject"] = llx.StringData(convert.ToString(certDetails.Certificate.Subject))
+	args["subject"] = llx.StringDataPtr(certDetails.Certificate.Subject)
 	args["tags"] = llx.MapData(CertTagsToMapTags(certTags.Tags), types.String)
 	return args, nil, nil
 }