From 999ae2757f17da1d5c6c03707f444b2c789d9475 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Sat, 30 Sep 2023 21:57:13 -0700 Subject: [PATCH 1/2] Add new properties to aws.rds.dbInstances Add a few important things for asset inventory. - Storage type - Storage IOPS - Storage amount allocated - Engine Version - Availability zone - Creation Date Signed-off-by: Tim Smith --- providers/aws/resources/aws.lr | 14 +++- providers/aws/resources/aws.lr.go | 72 ++++++++++++++++++++ providers/aws/resources/aws.lr.manifest.yaml | 12 ++++ providers/aws/resources/aws_rds.go | 28 +++++--- 4 files changed, 114 insertions(+), 12 deletions(-) diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr index 1fee92645f..61e2a4d457 100644 --- a/providers/aws/resources/aws.lr +++ b/providers/aws/resources/aws.lr @@ -1204,7 +1204,7 @@ private aws.rds.snapshot @defaults("arn") { } // Amazon RDS Database Instance -private aws.rds.dbinstance @defaults("arn") { +private aws.rds.dbinstance @defaults("id region engine engineVersion") { // ARN for the database instance arn string // Name of the database instance @@ -1215,8 +1215,16 @@ private aws.rds.dbinstance @defaults("arn") { snapshots() []aws.rds.snapshot // Denotes whether the instance is encrypted storageEncrypted bool + // The amount of storage, in GiB, provisioned on the instance + storageAllocated int + // The storage IOPS provisioned on the instance + storageIops int + // The type of storage provisioned on the instance + storageType string // Region where the instance exists region string + // Availability zone where the instance exists + availabilityZone string // Denotes whether or not the instance is publicly accessible publiclyAccessible bool // List of log types the instance is configured to export to cloudwatch logs @@ -1237,12 +1245,16 @@ private aws.rds.dbinstance @defaults("arn") { dbInstanceIdentifier string // Name of the database engine for this DB instance engine string + // The version of the database engine for this DB instance + engineVersion string // List of VPC security group elements that the DB instance belongs to securityGroups []aws.ec2.securitygroup // Current state of this database status string // Indicates whether minor version patches are applied automatically autoMinorVersionUpgrade bool + // The creation date of the RDS instance + creationDate time } // Amazon ElastiCache diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go index 05e8a13b41..42885ba0e5 100644 --- a/providers/aws/resources/aws.lr.go +++ b/providers/aws/resources/aws.lr.go @@ -1855,9 +1855,21 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "aws.rds.dbinstance.storageEncrypted": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsRdsDbinstance).GetStorageEncrypted()).ToDataRes(types.Bool) }, + "aws.rds.dbinstance.storageAllocated": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsRdsDbinstance).GetStorageAllocated()).ToDataRes(types.Int) + }, + "aws.rds.dbinstance.storageIops": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsRdsDbinstance).GetStorageIops()).ToDataRes(types.Int) + }, + "aws.rds.dbinstance.storageType": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsRdsDbinstance).GetStorageType()).ToDataRes(types.String) + }, "aws.rds.dbinstance.region": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsRdsDbinstance).GetRegion()).ToDataRes(types.String) }, + "aws.rds.dbinstance.availabilityZone": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsRdsDbinstance).GetAvailabilityZone()).ToDataRes(types.String) + }, "aws.rds.dbinstance.publiclyAccessible": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsRdsDbinstance).GetPubliclyAccessible()).ToDataRes(types.Bool) }, @@ -1888,6 +1900,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "aws.rds.dbinstance.engine": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsRdsDbinstance).GetEngine()).ToDataRes(types.String) }, + "aws.rds.dbinstance.engineVersion": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsRdsDbinstance).GetEngineVersion()).ToDataRes(types.String) + }, "aws.rds.dbinstance.securityGroups": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsRdsDbinstance).GetSecurityGroups()).ToDataRes(types.Array(types.Resource("aws.ec2.securitygroup"))) }, @@ -1897,6 +1912,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "aws.rds.dbinstance.autoMinorVersionUpgrade": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsRdsDbinstance).GetAutoMinorVersionUpgrade()).ToDataRes(types.Bool) }, + "aws.rds.dbinstance.creationDate": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsRdsDbinstance).GetCreationDate()).ToDataRes(types.Time) + }, "aws.elasticache.clusters": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsElasticache).GetClusters()).ToDataRes(types.Array(types.Dict)) }, @@ -4647,10 +4665,26 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAwsRdsDbinstance).StorageEncrypted, ok = plugin.RawToTValue[bool](v.Value, v.Error) return }, + "aws.rds.dbinstance.storageAllocated": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsRdsDbinstance).StorageAllocated, ok = plugin.RawToTValue[int64](v.Value, v.Error) + return + }, + "aws.rds.dbinstance.storageIops": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsRdsDbinstance).StorageIops, ok = plugin.RawToTValue[int64](v.Value, v.Error) + return + }, + "aws.rds.dbinstance.storageType": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsRdsDbinstance).StorageType, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "aws.rds.dbinstance.region": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsRdsDbinstance).Region, ok = plugin.RawToTValue[string](v.Value, v.Error) return }, + "aws.rds.dbinstance.availabilityZone": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsRdsDbinstance).AvailabilityZone, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "aws.rds.dbinstance.publiclyAccessible": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsRdsDbinstance).PubliclyAccessible, ok = plugin.RawToTValue[bool](v.Value, v.Error) return @@ -4691,6 +4725,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAwsRdsDbinstance).Engine, ok = plugin.RawToTValue[string](v.Value, v.Error) return }, + "aws.rds.dbinstance.engineVersion": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsRdsDbinstance).EngineVersion, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "aws.rds.dbinstance.securityGroups": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsRdsDbinstance).SecurityGroups, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return @@ -4703,6 +4741,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAwsRdsDbinstance).AutoMinorVersionUpgrade, ok = plugin.RawToTValue[bool](v.Value, v.Error) return }, + "aws.rds.dbinstance.creationDate": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsRdsDbinstance).CreationDate, ok = plugin.RawToTValue[*time.Time](v.Value, v.Error) + return + }, "aws.elasticache.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsElasticache).__id, ok = v.Value.(string) return @@ -12552,7 +12594,11 @@ type mqlAwsRdsDbinstance struct { BackupRetentionPeriod plugin.TValue[int64] Snapshots plugin.TValue[[]interface{}] StorageEncrypted plugin.TValue[bool] + StorageAllocated plugin.TValue[int64] + StorageIops plugin.TValue[int64] + StorageType plugin.TValue[string] Region plugin.TValue[string] + AvailabilityZone plugin.TValue[string] PubliclyAccessible plugin.TValue[bool] EnabledCloudwatchLogsExports plugin.TValue[[]interface{}] DeletionProtection plugin.TValue[bool] @@ -12563,9 +12609,11 @@ type mqlAwsRdsDbinstance struct { DbInstanceClass plugin.TValue[string] DbInstanceIdentifier plugin.TValue[string] Engine plugin.TValue[string] + EngineVersion plugin.TValue[string] SecurityGroups plugin.TValue[[]interface{}] Status plugin.TValue[string] AutoMinorVersionUpgrade plugin.TValue[bool] + CreationDate plugin.TValue[*time.Time] } // createAwsRdsDbinstance creates a new instance of this resource @@ -12637,10 +12685,26 @@ func (c *mqlAwsRdsDbinstance) GetStorageEncrypted() *plugin.TValue[bool] { return &c.StorageEncrypted } +func (c *mqlAwsRdsDbinstance) GetStorageAllocated() *plugin.TValue[int64] { + return &c.StorageAllocated +} + +func (c *mqlAwsRdsDbinstance) GetStorageIops() *plugin.TValue[int64] { + return &c.StorageIops +} + +func (c *mqlAwsRdsDbinstance) GetStorageType() *plugin.TValue[string] { + return &c.StorageType +} + func (c *mqlAwsRdsDbinstance) GetRegion() *plugin.TValue[string] { return &c.Region } +func (c *mqlAwsRdsDbinstance) GetAvailabilityZone() *plugin.TValue[string] { + return &c.AvailabilityZone +} + func (c *mqlAwsRdsDbinstance) GetPubliclyAccessible() *plugin.TValue[bool] { return &c.PubliclyAccessible } @@ -12681,6 +12745,10 @@ func (c *mqlAwsRdsDbinstance) GetEngine() *plugin.TValue[string] { return &c.Engine } +func (c *mqlAwsRdsDbinstance) GetEngineVersion() *plugin.TValue[string] { + return &c.EngineVersion +} + func (c *mqlAwsRdsDbinstance) GetSecurityGroups() *plugin.TValue[[]interface{}] { return &c.SecurityGroups } @@ -12693,6 +12761,10 @@ func (c *mqlAwsRdsDbinstance) GetAutoMinorVersionUpgrade() *plugin.TValue[bool] return &c.AutoMinorVersionUpgrade } +func (c *mqlAwsRdsDbinstance) GetCreationDate() *plugin.TValue[*time.Time] { + return &c.CreationDate +} + // mqlAwsElasticache for the aws.elasticache resource type mqlAwsElasticache struct { MqlRuntime *plugin.Runtime diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml index bb37e2079a..3cccb4a098 100755 --- a/providers/aws/resources/aws.lr.manifest.yaml +++ b/providers/aws/resources/aws.lr.manifest.yaml @@ -1802,7 +1802,11 @@ resources: arn: {} autoMinorVersionUpgrade: min_mondoo_version: 8.22.0 + availabilityZone: + min_mondoo_version: 9.0.0 backupRetentionPeriod: {} + creationDate: + min_mondoo_version: 9.0.0 dbInstanceClass: min_mondoo_version: 5.19.1 dbInstanceIdentifier: @@ -1811,6 +1815,8 @@ resources: enabledCloudwatchLogsExports: {} engine: min_mondoo_version: 5.19.1 + engineVersion: + min_mondoo_version: 9.0.0 enhancedMonitoringResourceArn: {} id: {} multiAZ: {} @@ -1822,7 +1828,13 @@ resources: snapshots: {} status: min_mondoo_version: 5.19.1 + storageAllocated: + min_mondoo_version: 9.0.0 storageEncrypted: {} + storageIops: + min_mondoo_version: 9.0.0 + storageType: + min_mondoo_version: 9.0.0 tags: {} is_private: true min_mondoo_version: 5.15.0 diff --git a/providers/aws/resources/aws_rds.go b/providers/aws/resources/aws_rds.go index 275717fb2c..8461b61f28 100644 --- a/providers/aws/resources/aws_rds.go +++ b/providers/aws/resources/aws_rds.go @@ -90,23 +90,29 @@ func (a *mqlAwsRds) getDbInstances(conn *connection.AwsConnection) []*jobpool.Jo mqlDBInstance, err := CreateResource(a.MqlRuntime, "aws.rds.dbinstance", map[string]*llx.RawData{ "arn": llx.StringData(convert.ToString(dbInstance.DBInstanceArn)), - "name": llx.StringData(convert.ToString(dbInstance.DBName)), + "autoMinorVersionUpgrade": llx.BoolData(dbInstance.AutoMinorVersionUpgrade), + "availabilityZone": llx.StringData(convert.ToString(dbInstance.AvailabilityZone)), "backupRetentionPeriod": llx.IntData(int64(dbInstance.BackupRetentionPeriod)), - "storageEncrypted": llx.BoolData(dbInstance.StorageEncrypted), - "region": llx.StringData(regionVal), - "publiclyAccessible": llx.BoolData(dbInstance.PubliclyAccessible), - "enabledCloudwatchLogsExports": llx.ArrayData(stringSliceInterface, types.String), - "enhancedMonitoringResourceArn": llx.StringData(convert.ToString(dbInstance.EnhancedMonitoringResourceArn)), - "multiAZ": llx.BoolData(dbInstance.MultiAZ), - "id": llx.StringData(convert.ToString(dbInstance.DBInstanceIdentifier)), - "deletionProtection": llx.BoolData(dbInstance.DeletionProtection), - "tags": llx.MapData(rdsTagsToMap(dbInstance.TagList), types.String), "dbInstanceClass": llx.StringData(convert.ToString(dbInstance.DBInstanceClass)), "dbInstanceIdentifier": llx.StringData(convert.ToString(dbInstance.DBInstanceIdentifier)), + "deletionProtection": llx.BoolData(dbInstance.DeletionProtection), + "enabledCloudwatchLogsExports": llx.ArrayData(stringSliceInterface, types.String), "engine": llx.StringData(convert.ToString(dbInstance.Engine)), + "engineVersion": llx.StringData(convert.ToString(dbInstance.EngineVersion)), + "enhancedMonitoringResourceArn": llx.StringData(convert.ToString(dbInstance.EnhancedMonitoringResourceArn)), + "id": llx.StringData(convert.ToString(dbInstance.DBInstanceIdentifier)), + "multiAZ": llx.BoolData(dbInstance.MultiAZ), + "name": llx.StringData(convert.ToString(dbInstance.DBName)), + "publiclyAccessible": llx.BoolData(dbInstance.PubliclyAccessible), + "region": llx.StringData(regionVal), "securityGroups": llx.ArrayData(sgs, types.Resource("aws.ec2.securitygroup")), "status": llx.StringData(convert.ToString(dbInstance.DBInstanceStatus)), - "autoMinorVersionUpgrade": llx.BoolData(dbInstance.AutoMinorVersionUpgrade), + "storageAllocated": llx.IntData(int64(dbInstance.AllocatedStorage)), + "storageEncrypted": llx.BoolData(dbInstance.StorageEncrypted), + "storageType": llx.StringData(convert.ToString(dbInstance.StorageType)), + "storageIops": llx.IntData(convert.ToInt64From32(dbInstance.Iops)), + "tags": llx.MapData(rdsTagsToMap(dbInstance.TagList), types.String), + "creationDate": llx.TimeData(toTime(dbInstance.InstanceCreateTime)), }) if err != nil { return nil, err From 0f6065663447a67afb60ef0b7844d969ffaf95a7 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Mon, 2 Oct 2023 09:25:25 -0700 Subject: [PATCH 2/2] Review update Signed-off-by: Tim Smith --- providers/aws/resources/aws_rds.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/aws/resources/aws_rds.go b/providers/aws/resources/aws_rds.go index 8461b61f28..ad7c0930d1 100644 --- a/providers/aws/resources/aws_rds.go +++ b/providers/aws/resources/aws_rds.go @@ -97,7 +97,7 @@ func (a *mqlAwsRds) getDbInstances(conn *connection.AwsConnection) []*jobpool.Jo "dbInstanceIdentifier": llx.StringData(convert.ToString(dbInstance.DBInstanceIdentifier)), "deletionProtection": llx.BoolData(dbInstance.DeletionProtection), "enabledCloudwatchLogsExports": llx.ArrayData(stringSliceInterface, types.String), - "engine": llx.StringData(convert.ToString(dbInstance.Engine)), + "engine": llx.StringDataPtr(dbInstance.Engine), "engineVersion": llx.StringData(convert.ToString(dbInstance.EngineVersion)), "enhancedMonitoringResourceArn": llx.StringData(convert.ToString(dbInstance.EnhancedMonitoringResourceArn)), "id": llx.StringData(convert.ToString(dbInstance.DBInstanceIdentifier)),