feat/add support for ebs encryption (#76)

* add support for ebs encryption
cloudquery · May 28, 2021 · 3ab6977 · 3ab6977
1 parent 5f33c3a
commit 3ab6977
Show file tree

Hide file tree

Showing 5 changed files with 140 additions and 0 deletions.
diff --git a/client/mocks/services.go b/client/mocks/services.go
diff --git a/client/services.go b/client/services.go
@@ -130,6 +130,8 @@ type Ec2Client interface {
 	DescribeVolumes(ctx context.Context, params *ec2.DescribeVolumesInput, optFns ...func(*ec2.Options)) (*ec2.DescribeVolumesOutput, error)
 	DescribeVpcs(ctx context.Context, params *ec2.DescribeVpcsInput, optFns ...func(*ec2.Options)) (*ec2.DescribeVpcsOutput, error)
 	DescribeVpcEndpoints(ctx context.Context, params *ec2.DescribeVpcEndpointsInput, optFns ...func(*ec2.Options)) (*ec2.DescribeVpcEndpointsOutput, error)
+	GetEbsEncryptionByDefault(ctx context.Context, params *ec2.GetEbsEncryptionByDefaultInput, optFns ...func(*ec2.Options)) (*ec2.GetEbsEncryptionByDefaultOutput, error)
+	GetEbsDefaultKmsKeyId(ctx context.Context, params *ec2.GetEbsDefaultKmsKeyIdInput, optFns ...func(*ec2.Options)) (*ec2.GetEbsDefaultKmsKeyIdOutput, error)
 }
 
 type EcrClient interface {

diff --git a/resources/ec2_regional_config.go b/resources/ec2_regional_config.go
@@ -0,0 +1,71 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/cloudquery/cq-provider-aws/client"
+	"github.com/cloudquery/cq-provider-sdk/provider/schema"
+)
+
+func Ec2RegionalConfig() *schema.Table {
+	return &schema.Table{
+		Name:         "aws_ec2_regional_config",
+		Description:  "Ec2 Regional Config defines common default configuration for ec2 service",
+		Resolver:     fetchEc2RegionalConfig,
+		Multiplex:    client.AccountRegionMultiplex,
+		IgnoreError:  client.IgnoreAccessDeniedServiceDisabled,
+		DeleteFilter: client.DeleteAccountRegionFilter,
+		Columns: []schema.Column{
+			{
+				Name:     "account_id",
+				Type:     schema.TypeString,
+				Resolver: client.ResolveAWSAccount,
+			},
+			{
+				Name:     "region",
+				Type:     schema.TypeString,
+				Resolver: client.ResolveAWSRegion,
+			},
+			{
+				Name:        "ebs_encryption_enabled_by_default",
+				Type:        schema.TypeBool,
+				Description: "Indicates whether EBS encryption by default is enabled for your account in the current Region.",
+			},
+			{
+				Name:        "ebs_default_kms_key_id",
+				Type:        schema.TypeString,
+				Description: "The Amazon Resource Name (ARN) of the default CMK for encryption by default.",
+			},
+		},
+	}
+}
+
+func fetchEc2RegionalConfig(ctx context.Context, meta schema.ClientMeta, _ *schema.Resource, res chan interface{}) error {
+	c := meta.(*client.Client)
+
+	svc := c.Services().EC2
+	var regionalConfig ec2RegionalConfig
+	resp, err := svc.GetEbsDefaultKmsKeyId(ctx, &ec2.GetEbsDefaultKmsKeyIdInput{}, func(options *ec2.Options) {
+		options.Region = c.Region
+	})
+	if err != nil {
+		return err
+	}
+	regionalConfig.EbsDefaultKmsKeyId = resp.KmsKeyId
+
+	ebsResp, err := svc.GetEbsEncryptionByDefault(ctx, &ec2.GetEbsEncryptionByDefaultInput{}, func(options *ec2.Options) {
+		options.Region = c.Region
+	})
+	if err != nil {
+		return err
+	}
+	regionalConfig.EbsEncryptionEnabledByDefault = ebsResp.EbsEncryptionByDefault
+	res <- regionalConfig
+	return nil
+}
+
+type ec2RegionalConfig struct {
+	EbsEncryptionEnabledByDefault bool
+	EbsDefaultKmsKeyId            *string
+}
diff --git a/resources/ec2_regional_config_test.go b/resources/ec2_regional_config_test.go
@@ -0,0 +1,26 @@
+package resources
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+
+	"github.com/cloudquery/cq-provider-aws/client"
+	"github.com/cloudquery/cq-provider-aws/client/mocks"
+	"github.com/golang/mock/gomock"
+)
+
+func buildEc2RegionalConfig(t *testing.T, ctrl *gomock.Controller) client.Services {
+	m := mocks.NewMockEc2Client(ctrl)
+	m.EXPECT().GetEbsDefaultKmsKeyId(gomock.Any(), gomock.Any(), gomock.Any()).Return(&ec2.GetEbsDefaultKmsKeyIdOutput{KmsKeyId: aws.String("some/key/id")}, nil)
+	m.EXPECT().GetEbsEncryptionByDefault(gomock.Any(), gomock.Any(), gomock.Any()).Return(&ec2.GetEbsEncryptionByDefaultOutput{EbsEncryptionByDefault: true}, nil)
+
+	return client.Services{
+		EC2: m,
+	}
+}
+
+func TestEc2RegionalConfig(t *testing.T) {
+	awsTestHelper(t, Ec2RegionalConfig(), buildEc2RegionalConfig)
+}
diff --git a/resources/provider.go b/resources/provider.go
@@ -33,6 +33,7 @@ func Provider() *provider.Provider {
 			"directconnect.gateways":                DirectconnectGateways(),
 			"directconnect.virtual_gateways":        DirectconnectVirtualGateways(),
 			"directconnect.virtual_interfaces":      DirectconnectVirtualInterfaces(),
+			"ec2.regional_config":                   Ec2RegionalConfig(),
 			"ec2.byoip_cidrs":                       Ec2ByoipCidrs(),
 			"ec2.customer_gateways":                 Ec2CustomerGateways(),
 			"ec2.flow_logs":                         Ec2FlowLogs(),