⭐️ AWS neptune cluster and instance resources (#4531)

mondoohq · Aug 12, 2024 · e7cc65f · e7cc65f
1 parent ee01e57
commit e7cc65f
Show file tree

Hide file tree

Showing 8 changed files with 1,380 additions and 17 deletions.
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -88,6 +88,7 @@ sqli
 sqlimatchstatement
 sqlserver
 targetgroup
+tde
 testutils
 toplevel
 tpu

diff --git a/providers/aws/connection/clients.go b/providers/aws/connection/clients.go
@@ -12,9 +12,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/applicationautoscaling"
 	"github.com/aws/aws-sdk-go-v2/service/autoscaling"
 	"github.com/aws/aws-sdk-go-v2/service/backup"
-	"github.com/aws/aws-sdk-go-v2/service/inspector2"
-	"github.com/aws/aws-sdk-go-v2/service/sqs"
-
 	"github.com/aws/aws-sdk-go-v2/service/cloudfront"
 	"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
 	"github.com/aws/aws-sdk-go-v2/service/cloudwatch"
@@ -36,8 +33,10 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/emr"
 	"github.com/aws/aws-sdk-go-v2/service/guardduty"
 	"github.com/aws/aws-sdk-go-v2/service/iam"
+	"github.com/aws/aws-sdk-go-v2/service/inspector2"
 	"github.com/aws/aws-sdk-go-v2/service/kms"
 	"github.com/aws/aws-sdk-go-v2/service/lambda"
+	"github.com/aws/aws-sdk-go-v2/service/neptune"
 	"github.com/aws/aws-sdk-go-v2/service/organizations"
 	"github.com/aws/aws-sdk-go-v2/service/rds"
 	"github.com/aws/aws-sdk-go-v2/service/redshift"
@@ -47,6 +46,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	"github.com/aws/aws-sdk-go-v2/service/securityhub"
 	"github.com/aws/aws-sdk-go-v2/service/sns"
+	"github.com/aws/aws-sdk-go-v2/service/sqs"
 	"github.com/aws/aws-sdk-go-v2/service/ssm"
 	"github.com/aws/aws-sdk-go-v2/service/wafv2"
 	"github.com/rs/zerolog/log"
@@ -750,6 +750,32 @@ func (t *AwsConnection) Redshift(region string) *redshift.Client {
 	return client
 }
 
+func (t *AwsConnection) Neptune(region string) *neptune.Client {
+	// if no region value is sent in, use the configured region
+	if len(region) == 0 {
+		region = t.cfg.Region
+	}
+	cacheVal := "_neptune_" + region
+
+	// check for cached client and return it if it exists
+	c, ok := t.clientcache.Load(cacheVal)
+	if ok {
+		log.Debug().Msg("use cached neptune client")
+		return c.Data.(*neptune.Client)
+	}
+
+	// create the client
+	cfg := t.cfg.Copy()
+	cfg.Region = region
+
+	// Create a Neptune client from just a session.
+	client := neptune.NewFromConfig(cfg)
+
+	// cache it
+	t.clientcache.Store(cacheVal, &CacheEntry{Data: client})
+	return client
+}
+
 func (t *AwsConnection) AccessAnalyzer(region string) *accessanalyzer.Client {
 	// if no region value is sent in, use the configured region
 	if len(region) == 0 {

diff --git a/providers/aws/go.mod b/providers/aws/go.mod
@@ -41,6 +41,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/inspector2 v1.28.3
 	github.com/aws/aws-sdk-go-v2/service/kms v1.35.3
 	github.com/aws/aws-sdk-go-v2/service/lambda v1.56.3
+	github.com/aws/aws-sdk-go-v2/service/neptune v1.33.3
 	github.com/aws/aws-sdk-go-v2/service/organizations v1.30.2
 	github.com/aws/aws-sdk-go-v2/service/rds v1.82.0
 	github.com/aws/aws-sdk-go-v2/service/redshift v1.46.4

diff --git a/providers/aws/go.sum b/providers/aws/go.sum
@@ -143,6 +143,8 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.35.3 h1:UPTdlTOwWUX49fVi7cymEN6hDqCw
 github.com/aws/aws-sdk-go-v2/service/kms v1.35.3/go.mod h1:gjDP16zn+WWalyaUqwCCioQ8gU8lzttCCc9jYsiQI/8=
 github.com/aws/aws-sdk-go-v2/service/lambda v1.56.3 h1:r/y4nQOln25cbjrD8Wmzhhvnvr2ObPjgcPvPdoU9yHs=
 github.com/aws/aws-sdk-go-v2/service/lambda v1.56.3/go.mod h1:/4Vaddp+wJc1AA8ViAqwWKAcYykPV+ZplhmLQuq3RbQ=
+github.com/aws/aws-sdk-go-v2/service/neptune v1.33.3 h1:QIdrTiB9PV2xAkuSNObYT04w3Y7RDMqcR5HhqWM7/1E=
+github.com/aws/aws-sdk-go-v2/service/neptune v1.33.3/go.mod h1:yYc9uNpgXUgia6cNsQ0eZL6eAYtc2EgEIEdWSDim+uk=
 github.com/aws/aws-sdk-go-v2/service/organizations v1.30.2 h1:+tGF0JH2u4HwneqNFAKFHqENwfpBweKj67+LbwTKpqE=
 github.com/aws/aws-sdk-go-v2/service/organizations v1.30.2/go.mod h1:6wxO8s5wMumyNRsOgOgcIvqvF8rIf8Cj7Khhn/bFI0c=
 github.com/aws/aws-sdk-go-v2/service/rds v1.82.0 h1:+1qRsLNukmvIDNBjz5Osqy4dvIBLwpCeMhmrh9evOUw=

diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr
@@ -2138,8 +2138,6 @@ private aws.rds.snapshot @defaults("id region type encrypted createdAt") {
   engineVersion string
   // The snapshot status
   status string
-  // The amount of storage allocated to the snapshot
-  allocatedStorage int
   // The port that the database instance or cluster listens on
   port int
   // The creation date of the snapshot
@@ -3243,3 +3241,137 @@ private aws.eks.cluster @defaults("arn version status") {
   // The authentication mode for the cluster
   authenticationMode string
 }
+
+// Amazon Neptune
+aws.neptune @defaults("clusters") {
+  // List of database clusters
+  clusters() []aws.neptune.cluster
+  // List of database instances
+  instances() []aws.neptune.instance
+}
+
+// Amazon Neptune cluster
+private aws.neptune.cluster @defaults("arn name status") {
+  // ARN for the cluster
+  arn string
+  // Name of the cluster
+  name string
+  // User-supplied DB cluster identifier
+  clusterIdentifier string
+  // User-supplied global database cluster identifier
+  globalClusterIdentifier string
+  // Name of the database engine
+  engine string
+  // Database engine version
+  engineVersion string
+  // Amazon KMS key identifier for the encrypted DB cluster
+  kmsKeyId string
+  // Region where the cluster exists
+  region string
+  // Time when the cluster was created
+  automaticRestartTime time
+  // List of EC2 Availability Zones
+  availabilityZones []string
+  // Number of days for which automatic DB snapshots are retained
+  backupRetentionPeriod int
+  // Time when the cluster was created
+  createdAt time
+  // Whether the DB cluster can be cloned across accounts
+  crossAccountClone bool
+  // DB cluster parameter group for the DB cluster
+  clusterParameterGroup string
+  // Subnet group associated with the DB cluster
+  subnetGroup string
+  // Amazon Region-unique, immutable identifier for the DB cluster
+  clusterResourceId string
+  // Whether the DB cluster has deletion protection enabled
+  deletionProtection bool
+  // Earliest time to which a database can be restored
+  earliestRestorableTime time
+  // Connection endpoint for the primary instance
+  endpoint string
+  // Whether mapping of Amazon Identity and Access Management (IAM) accounts to database accounts is enabled
+  iamDatabaseAuthenticationEnabled bool
+  // Latest time to which a database can be restored
+  latestRestorableTime time
+  // Username
+  masterUsername string
+  // Whether the cluster has instances in multiple availability zones
+  multiAZ bool
+  // Port that the database engine is listening on
+  port int
+  // Daily time range during which automated backups are created
+  preferredBackupWindow string
+  // Weekly time range during which system maintenance can occur
+  preferredMaintenanceWindow string
+  // Status of the cluster
+  status string
+  // Whether the DB cluster is encrypted
+  storageEncrypted bool
+  // Storage type
+  storageType string
+}
+
+// Amazon Neptune instance
+private aws.neptune.instance @defaults("arn name status"){
+  // ARN for the instance
+  arn string
+  // Name of the instance
+  name string
+  // User-supplied DB cluster identifier
+  clusterIdentifier string
+  // Whether minor version patches are applied automatically
+  autoMinorVersionUpgrade bool
+  // Name of the availability zone
+  availabilityZone string
+  // Number of days for which automatic DB snapshots are retained
+  backupRetentionPeriod int
+  // Name of the compute and memory capacity class
+  instanceClass string
+  // Status of the instance
+  status string
+  // Port that the database engine is listening on
+  port int
+  // Whether the instance has deletion protection enabled
+  deletionProtection bool
+  // List of log types that this DB instance is configured to export to CloudWatch logs
+  enabledCloudwatchLogsExports []string
+  // Connection endpoint
+  endpoint dict
+  // Name of the database engine
+  engine string
+  // Database engine version
+  engineVersion string
+  // Amazon CloudWatch Log ARN log stream to which the database writes the audit log
+  enhancedMonitoringResourceArn string
+  // Whether mapping of Amazon Identity and Access Management (IAM) accounts to database accounts is enabled
+  iamDatabaseAuthenticationEnabled bool
+  // Time when the cluster was created
+  createdAt time
+  // Amazon KMS key identifier for the encrypted DB instance
+  kmsKeyId string
+  // Latest time to which a database can be restored
+  latestRestorableTime time
+  // Username
+  masterUsername string
+  // Interval, in seconds, between points when Enhanced Monitoring metrics are collected
+  monitoringInterval int
+  // ARN for the IAM role that permits Neptune to send Enhanced Monitoring metrics to Amazon CloudWatch Logs
+  monitoringRoleArn string
+  // Whether the cluster has instances in multiple availability zones
+  multiAZ bool
+  // Daily time range during which automated backups are created
+  preferredBackupWindow string
+  // Weekly time range during which system maintenance can occur
+  preferredMaintenanceWindow string
+  // Specifies the order in which a Read Replica is promoted
+  promotionTier int
+  // Region where the cluster exists
+  region string
+  // Whether the DB cluster is encrypted
+  storageEncrypted bool
+  // Storage type
+  storageType string
+  // Key store with which the instance is associated for TDE encryption
+  tdeCredentialArn string
+}