Update CloudTrail log table naming to be consistent

turbot · Nov 14, 2024 · 9ecbc43 · 9ecbc43
1 parent f6e6dbc
commit 9ecbc43
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 52 deletions.
diff --git a/mappers/cloudtrail_log_mapper.go b/mappers/cloudtrail_log_mapper.go
@@ -0,0 +1,47 @@
+package mappers
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log/slog"
+
+	"github.com/turbot/tailpipe-plugin-aws/rows"
+	"github.com/turbot/tailpipe-plugin-sdk/table"
+)
+
+// CloudTrailLogMapper is a mapper that receives CloudTrailLogBatch objects and extracts CloudTrailLog records from them
+type CloudTrailLogMapper struct {
+}
+
+// NewCloudTrailLogMapper creates a new CloudTrailLogMapper
+func NewCloudTrailLogMapper() table.Mapper[*rows.CloudTrailLog] {
+	return &CloudTrailLogMapper{}
+}
+
+func (c *CloudTrailLogMapper) Identifier() string {
+	return "cloudtrail_log_mapper"
+}
+
+// Map casts the data item as an CloudTrailLogBatch and returns the CloudTrailLog records
+func (c *CloudTrailLogMapper) Map(_ context.Context, a any) ([]*rows.CloudTrailLog, error) {
+	// the expected input type is a JSON byte[] deserializable to CloudTrailLogBatch
+	jsonBytes, ok := a.([]byte)
+	if !ok {
+		return nil, fmt.Errorf("expected byte[], got %T", a)
+	}
+
+	// decode json ito CloudTrailLogBatch
+	var log rows.CloudTrailLogBatch
+	err := json.Unmarshal(jsonBytes, &log)
+	if err != nil {
+		return nil, fmt.Errorf("error decoding json: %w", err)
+	}
+
+	slog.Debug("CloudwatchMapper", "record count", len(log.Records))
+	var res = make([]*rows.CloudTrailLog, len(log.Records))
+	for i, record := range log.Records {
+		res[i] = &record
+	}
+	return res, nil
+}
diff --git a/mappers/cloudtrail_mapper.go b/mappers/cloudtrail_mapper.go
diff --git a/rows/cloudtrail.go → rows/cloudtrail_log.go b/rows/cloudtrail.go → rows/cloudtrail_log.go
@@ -7,7 +7,7 @@ import (
 	"github.com/turbot/tailpipe-plugin-sdk/types"
 )
 
-type CloudTrailBatch struct {
+type CloudTrailLogBatch struct {
 	Records []CloudTrailLog `json:"Records"`
 }
 

diff --git a/tables/cloudtrail_log_table.go b/tables/cloudtrail_log_table.go
@@ -48,7 +48,7 @@ func (c *CloudTrailLogTable) initMapper() {
 	// TODO switch on source
 
 	// if the source is an artifact source, we need a mapper
-	c.Mapper = mappers.NewCloudtrailMapper()
+	c.Mapper = mappers.NewCloudTrailLogMapper()
 }
 
 // Identifier implements table.Table
@@ -62,9 +62,9 @@ func (c *CloudTrailLogTable) GetSourceOptions(sourceType string) []row_source.Ro
 
 	switch sourceType {
 	case artifact_source.AwsS3BucketSourceIdentifier:
-		// the default file layout for Cloudtrail logs in S3
+		// the default file layout for CloudTrail logs in S3
 		defaultArtifactConfig := &artifact_source_config.ArtifactSourceConfigBase{
-			// TODO #config finalise default cloudtrail file layout
+			// TODO #config finalise default CloudTrail log file layout
 			FileLayout: utils.ToStringPointer("AWSLogs(?:/o-[a-z0-9]{8,12})?/\\d+/CloudTrail/[a-z-0-9]+/\\d{4}/\\d{2}/\\d{2}/(?P<index>\\d+)_CloudTrail_(?P<region>[a-z-0-9]+)_(?P<year>\\d{4})(?P<month>\\d{2})(?P<day>\\d{2})T(?P<hour>\\d{2})(?P<minute>\\d{2})Z_.+.json.gz"),
 		}
 		opts = append(opts, artifact_source.WithDefaultArtifactSourceConfig(defaultArtifactConfig))

diff --git a/tables/securityhub_finding_log_table.go b/tables/securityhub_finding_log_table.go
@@ -49,7 +49,7 @@ func (c *SecurityHubFindingLogTable) GetSourceOptions(sourceType string) []row_s
 
 	switch sourceType {
 	case artifact_source.AwsS3BucketSourceIdentifier:
-		// the default file layout for Cloudtrail logs in S3
+		// the default file layout for SecurityHub finding logs in S3
 		defaultArtifactConfig := &artifact_source_config.ArtifactSourceConfigBase{
 			// TODO #config finalise default cloudtrail file layout
 			FileLayout: utils.ToStringPointer("security_hub_findings_(?P<year>\\d{4})(?P<month>\\d{2})(?P<day>\\d{2})(?P<hour>\\d{2})(?P<minute>\\d{2})(?P<second>\\d{2})"),