data sources managed

src/aws.go

@@ -50,38 +50,6 @@ func GetAWSResourcePermissions(result ResourceV2) []string {
 	return Permissions
 }
 
-// GetAWSDataPermissions gets permissions required for datasources
-func GetAWSDataPermissions(result ResourceV2) []string {
-	var Permissions []string
-	switch result.Name {
-	//case "aws_s3_bucket":
-	//	Permissions = GetPermissionMap(aws_s3_bucket, result.Attributes)
-	//case "aws_instance":
-	//	Permissions = GetPermissionMap(aws_instance, result.Attributes)
-	//case "aws_security_group":
-	//	Permissions = GetPermissionMap(aws_security_group, result.Attributes)
-	//case "aws_lambda_function":
-	//	Permissions = GetPermissionMap(aws_lambda_function, result.Attributes)
-	//case "aws_vpc":
-	//	Permissions = GetPermissionMap(aws_vpc, result.Attributes)
-	//case "aws_subnet":
-	//	Permissions = GetPermissionMap(aws_subnet, result.Attributes)
-	//case "aws_network_acl":
-	//	Permissions = GetPermissionMap(aws_network_acl, result.Attributes)
-	//case "aws_kms_key":
-	//	Permissions = GetPermissionMap(aws_kms_key, result.Attributes)
-	//case "aws_iam_role":
-	//	Permissions = GetPermissionMap(aws_iam_role, result.Attributes)
-	//case "aws_mq_broker":
-	//	Permissions = GetPermissionMap(aws_mq_broker, result.Attributes)
-	//case "aws_mq_configuration":
-	//	Permissions = GetPermissionMap(aws_mq_configuration, result.Attributes)
-	default:
-		log.Printf("%s.%s not implemented", result.TypeName, result.Name)
-	}
-	return Permissions
-}
-
 func contains(s []string, e string) bool {
 	for _, a := range s {
 		if a == e {

src/aws_data_source.go

@@ -0,0 +1,19 @@
+package pike
+
+import "log"
+
+// GetAWSDataPermissions gets permissions required for datasources
+func GetAWSDataPermissions(result ResourceV2) []string {
+	var Permissions []string
+	switch result.Name {
+	case "aws_vpcs":
+		Permissions = GetPermissionMap(data_aws_vpcs, result.Attributes)
+	case "aws_subnet_ids":
+		Permissions = GetPermissionMap(data_aws_subnet_ids, result.Attributes)
+	case "aws_caller_identity":
+		//do nothing
+	default:
+		log.Printf("%s.%s not implemented", result.TypeName, result.Name)
+	}
+	return Permissions
+}

src/files.go

@@ -4,37 +4,37 @@ import (
 	_ "embed" //required for embed
 )
 
-//go:embed mapping/aws/aws_s3_bucket.json
+//go:embed mapping/aws/resource/aws_s3_bucket.json
 var aws_s3_bucket []byte
 
-//go:embed mapping/aws/aws_instance.json
+//go:embed mapping/aws/resource/aws_instance.json
 var aws_instance []byte
 
-//go:embed mapping/aws/aws_security_group.json
+//go:embed mapping/aws/resource/aws_security_group.json
 var aws_security_group []byte
 
-//go:embed mapping/aws/aws_lambda_function.json
+//go:embed mapping/aws/resource/aws_lambda_function.json
 var aws_lambda_function []byte
 
-//go:embed mapping/aws/aws_vpc.json
+//go:embed mapping/aws/resource/aws_vpc.json
 var aws_vpc []byte
 
-//go:embed mapping/aws/aws_subnet.json
+//go:embed mapping/aws/resource/aws_subnet.json
 var aws_subnet []byte
 
-//go:embed mapping/aws/aws_network_acl.json
+//go:embed mapping/aws/resource/aws_network_acl.json
 var aws_network_acl []byte
 
-//go:embed mapping/aws/aws_kms_key.json
+//go:embed mapping/aws/resource/aws_kms_key.json
 var aws_kms_key []byte
 
-//go:embed mapping/aws/aws_iam_role.json
+//go:embed mapping/aws/resource/aws_iam_role.json
 var aws_iam_role []byte
 
-//go:embed mapping/aws/aws_mq_broker.json
+//go:embed mapping/aws/resource/aws_mq_broker.json
 var aws_mq_broker []byte
 
-//go:embed mapping/aws/aws_mq_configuration.json
+//go:embed mapping/aws/resource/aws_mq_configuration.json
 var aws_mq_configuration []byte
 
 //go:embed mapping/gcp/google_compute_instance.json

src/files_datasource.go

@@ -0,0 +1,11 @@
+package pike
+
+import (
+	_ "embed" //required for embed
+)
+
+//go:embed mapping/aws/data/aws_vpcs.json
+var data_aws_vpcs []byte
+
+//go:embed mapping/aws/data/aws_subnets_ids.json
+var data_aws_subnet_ids []byte

src/mapping/aws/aws_mq_configuration.json → src/mapping/aws/data/aws_subnets_ids.json

@@ -1,6 +1,8 @@
 [
   {
-    "apply": [],
+    "apply": [
+      "ec2:DescribeSubnets"
+    ],
     "attributes": {
       "tags": []
     },

src/mapping/aws/data/aws_vpcs.json

@@ -1,7 +1,6 @@
 [
   {
     "apply": [
-      "ec2:DescribeAccountAttributes",
       "ec2:DescribeVpcs"
     ],
     "attributes": {

src/mapping/aws/resource/aws_mq_broker.json

@@ -0,0 +1,40 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeAccountAttributes",
+      "ec2:DescribeVpcs",
+      "ec2:DescribeSubnets",
+      "ec2:DescribeSecurityGroups",
+      "ec2:CreateNetworkInterface",
+      "ec2:CreateNetworkInterfacePermission",
+      "ec2:DeleteNetworkInterfacePermission",
+      "ec2:DetachNetworkInterface",
+      "ec2:DeleteNetworkInterface",
+      "mq:CreateBroker",
+      "mq:DescribeBroker",
+      "mq:DescribeUser"
+    ],
+    "attributes": {
+      "publicly_accessible": [
+        "ec2:DescribeInternetGateways"
+      ],
+      "tags": [
+        "mq:CreateTags",
+        "mq:DeleteTags"
+      ],
+      "user": [
+        "mq:CreateUser",
+        "mq:DeleteUser",
+        "mq:UpdateUser"
+      ]
+    },
+    "destroy": [
+      "mq:DeleteBroker"
+    ],
+    "modify": [
+      "mq:UpdateBroker",
+      "mq:DeleteBroker"
+    ],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_mq_configuration.json

@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "mq:CreateConfiguration",
+      "mq:UpdateConfiguration",
+      "mq:DescribeConfiguration",
+      "mq:DescribeConfigurationRevision",
+      "mq:RebootBroker"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/aws_network_acl.json → src/mapping/aws/resource/aws_network_acl.json

@@ -16,8 +16,7 @@
     "destroy": [
       "ec2:DeleteNetworkAcl"
     ],
-    "modify": [
-    ],
+    "modify": [],
     "plan": []
   }
 ]

src/mapping/aws/aws_subnet.json → src/mapping/aws/resource/aws_subnet.json

@@ -1,6 +1,6 @@
 [
   {
-    "apply": [ 
+    "apply": [
       "ec2:CreateSubnet",
       "ec2:DescribeAccountAttributes",
       "ec2:DescribeSubnets",
@@ -15,8 +15,7 @@
     "destroy": [
       "ec2:DeleteSubnet"
     ],
-    "modify": [
-    ],
+    "modify": [],
     "plan": []
   }
 ]

src/mapping/aws/resource/aws_vpc.json

@@ -0,0 +1,22 @@
+[
+  {
+    "apply": [
+      "ec2:CreateVPC",
+      "ec2:DeleteVPC",
+      "ec2:DescribeVpcs",
+      "ec2:DescribeAccountAttributes",
+      "ec2:DescribeVpcAttribute"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteVPC"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]

terraform/backup/aws_mq_broker.test.tf

@@ -0,0 +1,48 @@
+resource "aws_mq_broker" "broker" {
+  broker_name                = "mybrokername"
+  auto_minor_version_upgrade = true
+  apply_immediately          = true
+  authentication_strategy    = "ldap"
+
+  configuration {
+    id       = aws_mq_configuration.broker.id
+    revision = aws_mq_configuration.broker.latest_revision
+  }
+
+  engine_type         = "ActiveMQ" //RABBITMQ
+  engine_version      = "5.15.9"
+  host_instance_type  = "mq.t2.micro"
+  deployment_mode     = "SINGLE_INSTANCE"
+  publicly_accessible = true
+  security_groups     = ["sg-05b27cb61c9c46bd2"]
+  storage_type        = "efs"
+  #
+  user {
+    username = "Fred"
+    password = "QuimbyWasAGod"
+  }
+
+  user {
+    username = "Sally"
+    password = "QuimbyWasAGod"
+  }
+
+  maintenance_window_start_time {
+    day_of_week = "MONDAY"
+    time_of_day = "12:05"
+    time_zone   = "GMT"
+  }
+
+  encryption_options {
+    // kms_key_id        = var.kms_key_id
+    use_aws_owned_key = true
+  }
+
+  logs {
+    general = false
+    audit   = false
+  }
+
+  subnet_ids = ["subnet-08d97e381dbc80d40"]
+  tags       = { name = "some_tags" }
+}