Add ELBv2 attributes (#177)

* Add ELBv2 attributes
cloudquery · Sep 8, 2021 · d22d976 · d22d976
1 parent 166ce02
commit d22d976
Show file tree

Hide file tree

Showing 7 changed files with 202 additions and 2 deletions.
diff --git a/client/mocks/mock_elbv2.go b/client/mocks/mock_elbv2.go
diff --git a/client/services.go b/client/services.go
@@ -185,6 +185,7 @@ type ElasticbeanstalkClient interface {
 //go:generate mockgen -package=mocks -destination=./mocks/mock_elbv2.go . ElbV2Client
 type ElbV2Client interface {
 	DescribeLoadBalancers(ctx context.Context, params *elbv2.DescribeLoadBalancersInput, optFns ...func(*elbv2.Options)) (*elbv2.DescribeLoadBalancersOutput, error)
+	DescribeLoadBalancerAttributes(ctx context.Context, params *elbv2.DescribeLoadBalancerAttributesInput, optFns ...func(*elbv2.Options)) (*elbv2.DescribeLoadBalancerAttributesOutput, error)
 	DescribeTargetGroups(ctx context.Context, params *elbv2.DescribeTargetGroupsInput, optFns ...func(*elbv2.Options)) (*elbv2.DescribeTargetGroupsOutput, error)
 }
 

diff --git a/docs/tables/aws_elbv2_load_balancer_attributes.md b/docs/tables/aws_elbv2_load_balancer_attributes.md
@@ -0,0 +1,19 @@
+
+# Table: aws_elbv2_load_balancer_attributes
+Load balancer attributes
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|load_balancer_cq_id|uuid|Unique CloudQuery ID of aws_elbv2_load_balancers table (FK)|
+|access_logs_s3_enabled|boolean|Indicates whether access logs stored in Amazon S3 are enabled.|
+|access_logs_s3_bucket|text|The name of the Amazon S3 bucket for the access logs.|
+|access_logs_s3_prefix|text|The prefix for the location in the Amazon S3 bucket.|
+|deletion_protection|boolean|Indicates whether deletion protection is enabled.|
+|idle_timeout|integer|The idle timeout value, in seconds.|
+|routing_http_desync_mitigation_mode|text|Determines how the load balancer handles requests that might pose a security risk to your application.|
+|routing_http_drop_invalid_header_fields|boolean|Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer.|
+|routing_http_xamzntls_enabled|boolean|Indicates whether the two headers (x-amzn-tls-{version,cipher-suite}) are added to the client request before sending it to the target.|
+|routing_http_xff_client_port|boolean|Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer.|
+|routing_http2|boolean|Indicates whether HTTP/2 is enabled.|
+|waf_fail_open|boolean|Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF.|
+|load_balancing_cross_zone|boolean|Indicates whether cross-zone load balancing is enabled.|
diff --git a/resources/elbv2_load_balancers.go b/resources/elbv2_load_balancers.go
@@ -2,12 +2,14 @@ package resources
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	elbv2 "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
 	"github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
 	"github.com/cloudquery/cq-provider-aws/client"
 	"github.com/cloudquery/cq-provider-sdk/provider/schema"
+	"github.com/mitchellh/mapstructure"
 )
 
 func Elbv2LoadBalancers() *schema.Table {
@@ -183,6 +185,85 @@ func Elbv2LoadBalancers() *schema.Table {
 					},
 				},
 			},
+			{
+				Name:        "aws_elbv2_load_balancer_attributes",
+				Description: "Load balancer attributes",
+				Resolver:    fetchElbv2LoadBalancerAttributes,
+				Columns: []schema.Column{
+					{
+						Name:        "load_balancer_cq_id",
+						Description: "Unique CloudQuery ID of aws_elbv2_load_balancers table (FK)",
+						Type:        schema.TypeUUID,
+						Resolver:    schema.ParentIdResolver,
+					},
+					{
+						Name:        "access_logs_s3_enabled",
+						Description: "Indicates whether access logs stored in Amazon S3 are enabled.",
+						Type:        schema.TypeBool,
+					},
+					{
+						Name:        "access_logs_s3_bucket",
+						Description: "The name of the Amazon S3 bucket for the access logs.",
+						Type:        schema.TypeString,
+					},
+					{
+						Name:        "access_logs_s3_prefix",
+						Description: "The prefix for the location in the Amazon S3 bucket.",
+						Type:        schema.TypeString,
+					},
+					{
+						Name:        "deletion_protection",
+						Description: "Indicates whether deletion protection is enabled.",
+						Type:        schema.TypeBool,
+					},
+					{
+						Name:        "idle_timeout",
+						Description: "The idle timeout value, in seconds.",
+						Type:        schema.TypeInt,
+					},
+					{
+						Name:        "routing_http_desync_mitigation_mode",
+						Description: "Determines how the load balancer handles requests that might pose a security risk to your application.",
+						Type:        schema.TypeString,
+						Resolver:    schema.PathResolver("RoutingHTTPDesyncMitigationMode"),
+					},
+					{
+						Name:        "routing_http_drop_invalid_header_fields",
+						Description: "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer.",
+						Type:        schema.TypeBool,
+						Resolver:    schema.PathResolver("RoutingHTTPDropInvalidHeaderFields"),
+					},
+					{
+						Name:        "routing_http_xamzntls_enabled",
+						Description: "Indicates whether the two headers (x-amzn-tls-{version,cipher-suite}) are added to the client request before sending it to the target.",
+						Type:        schema.TypeBool,
+						Resolver:    schema.PathResolver("RoutingHTTPXAmznTLSVersionCipherSuite"),
+					},
+					{
+						Name:        "routing_http_xff_client_port",
+						Description: "Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer.",
+						Type:        schema.TypeBool,
+						Resolver:    schema.PathResolver("RoutingHTTPXFFClientPort"),
+					},
+					{
+						Name:        "routing_http2",
+						Description: "Indicates whether HTTP/2 is enabled.",
+						Type:        schema.TypeBool,
+						Resolver:    schema.PathResolver("RoutingHTTP2"),
+					},
+					{
+						Name:        "waf_fail_open",
+						Description: "Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF.",
+						Type:        schema.TypeBool,
+						Resolver:    schema.PathResolver("WAFFailOpen"),
+					},
+					{
+						Name:        "load_balancing_cross_zone",
+						Description: "Indicates whether cross-zone load balancing is enabled.",
+						Type:        schema.TypeBool,
+					},
+				},
+			},
 		},
 	}
 }
@@ -219,3 +300,47 @@ func fetchElbv2LoadBalancerAvailabilityZoneAddresses(ctx context.Context, meta s
 	res <- p.LoadBalancerAddresses
 	return nil
 }
+
+type lbAttributes struct {
+	AccessLogsS3Enabled                   bool   `mapstructure:"access_logs.s3.enabled"`
+	AccessLogsS3Bucket                    string `mapstructure:"access_logs.s3.bucket"`
+	AccessLogsS3Prefix                    string `mapstructure:"access_logs.s3.prefix"`
+	DeletionProtection                    bool   `mapstructure:"deletion_protection.enabled"`
+	IdleTimeout                           int32  `mapstructure:"idle_timeout.timeout_seconds"`
+	RoutingHTTPDesyncMitigationMode       string `mapstructure:"routing.http.desync_mitigation_mode"`
+	RoutingHTTPDropInvalidHeaderFields    bool   `mapstructure:"routing.http.drop_invalid_header_fields.enabled"`
+	RoutingHTTPXAmznTLSVersionCipherSuite bool   `mapstructure:"routing.http.x_amzn_tls_version_and_cipher_suite.enabled"`
+	RoutingHTTPXFFClientPort              bool   `mapstructure:"routing.http.xff_client_port.enabled"`
+	RoutingHTTP2                          bool   `mapstructure:"routing.http2.enabled"`
+	WAFFailOpen                           bool   `mapstructure:"waf.fail_open.enabled"`
+	LoadBalancingCrossZone                bool   `mapstructure:"load_balancing.cross_zone.enabled"`
+}
+
+func fetchElbv2LoadBalancerAttributes(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error {
+	lb, ok := parent.Item.(types.LoadBalancer)
+	if !ok {
+		return fmt.Errorf("not a LoadBalancer instance: %T", parent.Item)
+	}
+	c := meta.(*client.Client)
+	svc := c.Services().ELBv2
+	result, err := svc.DescribeLoadBalancerAttributes(ctx, &elbv2.DescribeLoadBalancerAttributesInput{LoadBalancerArn: lb.LoadBalancerArn}, func(options *elbv2.Options) {
+		options.Region = c.Region
+	})
+	if err != nil {
+		return err
+	}
+	m := make(map[string]interface{})
+	for _, a := range result.Attributes {
+		m[*a.Key] = *a.Value
+	}
+	var attrs lbAttributes
+	dec, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{WeaklyTypedInput: true, Result: &attrs})
+	if err != nil {
+		return err
+	}
+	if err := dec.Decode(m); err != nil {
+		return err
+	}
+	res <- attrs
+	return nil
+}
diff --git a/resources/elbv2_load_balancers_test.go b/resources/elbv2_load_balancers_test.go
@@ -23,11 +23,38 @@ func buildElbv2LoadBalancers(t *testing.T, ctrl *gomock.Controller) client.Servi
 		&elasticloadbalancingv2.DescribeLoadBalancersOutput{
 			LoadBalancers: []elbv2Types.LoadBalancer{l},
 		}, nil)
+
+	m.EXPECT().DescribeLoadBalancerAttributes(
+		gomock.Any(),
+		&elasticloadbalancingv2.DescribeLoadBalancerAttributesInput{LoadBalancerArn: l.LoadBalancerArn},
+		gomock.Any(),
+	).Return(fakeLoadBalancerAttributes(), nil)
+
 	return client.Services{
 		ELBv2: m,
 	}
 }
 
+func fakeLoadBalancerAttributes() *elasticloadbalancingv2.DescribeLoadBalancerAttributesOutput {
+	attr := func(key, value string) elbv2Types.LoadBalancerAttribute {
+		return elbv2Types.LoadBalancerAttribute{Key: &key, Value: &value}
+	}
+	return &elasticloadbalancingv2.DescribeLoadBalancerAttributesOutput{Attributes: []elbv2Types.LoadBalancerAttribute{
+		attr("access_logs.s3.enabled", "true"),
+		attr("access_logs.s3.bucket", "bucket"),
+		attr("access_logs.s3.prefix", "prefix"),
+		attr("deletion_protection.enabled", "true"),
+		attr("idle_timeout.timeout_seconds", "10"),
+		attr("routing.http.desync_mitigation_mode", "mode"),
+		attr("routing.http.drop_invalid_header_fields.enabled", "true"),
+		attr("routing.http.x_amzn_tls_version_and_cipher_suite.enabled", "true"),
+		attr("routing.http.xff_client_port.enabled", "true"),
+		attr("routing.http2.enabled", "true"),
+		attr("waf.fail_open.enabled", "true"),
+		attr("load_balancing.cross_zone.enabled", "true"),
+	}}
+}
+
 func TestElbv2LoadBalancers(t *testing.T) {
 	awsTestHelper(t, Elbv2LoadBalancers(), buildElbv2LoadBalancers, TestOptions{})
 }
diff --git a/resources/integration_tests/aws_elbv2_load_balancers_test.go b/resources/integration_tests/aws_elbv2_load_balancers_test.go
@@ -38,6 +38,16 @@ func TestIntegrationElbv2LoadBalancers(t *testing.T) {
 						},
 					},
 				},
+				{
+					Name:           "aws_elbv2_load_balancer_attributes",
+					ForeignKeyName: "load_balancer_cq_id",
+					ExpectedValues: []providertest.ExpectedValue{{
+						Count: 1,
+						Data: map[string]interface{}{
+							"access_logs_s3_enabled": false,
+						},
+					}},
+				},
 			},
 		}
 	})

diff --git a/resources/mq_brokers.go b/resources/mq_brokers.go
@@ -180,7 +180,6 @@ func MqBrokers() *schema.Table {
 			{
 				Name:        "aws_mq_broker_configurations",
 				Resolver:    fetchMqBrokerConfigurations,
-				Multiplex:   client.AccountRegionMultiplex,
 				IgnoreError: client.IgnoreAccessDeniedServiceDisabled,
 				Options:     schema.TableCreationOptions{PrimaryKeys: []string{"broker_cq_id", "id"}},
 				Columns: []schema.Column{
@@ -271,7 +270,6 @@ func MqBrokers() *schema.Table {
 			{
 				Name:        "aws_mq_broker_users",
 				Resolver:    fetchMqBrokerUsers,
-				Multiplex:   client.AccountRegionMultiplex,
 				IgnoreError: client.IgnoreAccessDeniedServiceDisabled,
 				Options:     schema.TableCreationOptions{PrimaryKeys: []string{"broker_cq_id", "username"}},
 				Columns: []schema.Column{