feat: Support Xray groups and sampling rules (#841)

* feat: Support Xray groups and sampling rules * Added migration * update docs * update migrations * added tags * lint
cloudquery · May 11, 2022 · e9c57b8 · e9c57b8
1 parent 0009d0a
commit e9c57b8
Show file tree

Hide file tree

Showing 16 changed files with 915 additions and 199 deletions.
diff --git a/client/mocks/xray.go b/client/mocks/xray.go
diff --git a/client/services.go b/client/services.go
@@ -671,6 +671,9 @@ type WafRegionalClient interface {
 //go:generate mockgen -package=mocks -destination=./mocks/xray.go . XrayClient
 type XrayClient interface {
 	GetEncryptionConfig(ctx context.Context, params *xray.GetEncryptionConfigInput, optFns ...func(*xray.Options)) (*xray.GetEncryptionConfigOutput, error)
+	GetSamplingRules(ctx context.Context, params *xray.GetSamplingRulesInput, optFns ...func(*xray.Options)) (*xray.GetSamplingRulesOutput, error)
+	GetGroups(ctx context.Context, params *xray.GetGroupsInput, optFns ...func(*xray.Options)) (*xray.GetGroupsOutput, error)
+	ListTagsForResource(ctx context.Context, params *xray.ListTagsForResourceInput, optFns ...func(*xray.Options)) (*xray.ListTagsForResourceOutput, error)
 }
 
 //go:generate mockgen -package=mocks -destination=./mocks/shield.go . ShieldClient

diff --git a/docs/tables/aws_xray_groups.md b/docs/tables/aws_xray_groups.md
@@ -0,0 +1,14 @@
+
+# Table: aws_xray_groups
+Details for a group.
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|account_id|text|The AWS Account ID of the resource.|
+|region|text|The AWS Region of the resource.|
+|tags|jsonb|A list of Tags that specify information about the group.|
+|filter_expression|text|The filter expression defining the parameters to include traces.|
+|arn|text|The ARN of the group generated based on the GroupName.|
+|group_name|text|The unique case-sensitive name of the group.|
+|insights_enabled|boolean|Set the InsightsEnabled value to true to enable insights or false to disable insights.|
+|notifications_enabled|boolean|Set the NotificationsEnabled value to true to enable insights notifications. Notifications can only be enabled on a group with InsightsEnabled set to true.|
diff --git a/docs/tables/aws_xray_sampling_rules.md b/docs/tables/aws_xray_sampling_rules.md
@@ -0,0 +1,24 @@
+
+# Table: aws_xray_sampling_rules
+A SamplingRule.
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|account_id|text|The AWS Account ID of the resource.|
+|region|text|The AWS Region of the resource.|
+|tags|jsonb|A list of Tags that specify information about the sampling rule.|
+|created_at|timestamp without time zone|When the rule was created.|
+|modified_at|timestamp without time zone|When the rule was last modified.|
+|fixed_rate|float|The percentage of matching requests to instrument, after the reservoir is exhausted.|
+|http_method|text|Matches the HTTP method of a request.|
+|host|text|Matches the hostname from a request URL.|
+|priority|integer|The priority of the sampling rule.|
+|reservoir_size|integer|A fixed number of matching requests to instrument per second, prior to applying the fixed rate|
+|resource_arn|text|Matches the ARN of the Amazon Web Services resource on which the service runs.|
+|service_name|text|Matches the name that the service uses to identify itself in segments.|
+|service_type|text|Matches the origin that the service uses to identify its type in segments.|
+|url_path|text|Matches the path from a request URL.|
+|version|integer|The version of the sampling rule format (1).|
+|attributes|jsonb|Matches attributes derived from the request.|
+|arn|text|The ARN of the sampling rule|
+|rule_name|text|The name of the sampling rule|
diff --git a/...r/migrations/postgres/31_v0.11.5.down.sql → ...r/migrations/postgres/30_v0.11.5.down.sql b/...r/migrations/postgres/31_v0.11.5.down.sql → ...r/migrations/postgres/30_v0.11.5.down.sql
@@ -1,3 +1,6 @@
+-- Autogenerated by migration tool on 2022-05-10 15:09:01
+-- CHANGEME: Verify or edit this file before proceeding
+
 -- Resource: shield.attacks
 DROP TABLE IF EXISTS aws_shield_attack_properties;
 DROP TABLE IF EXISTS aws_shield_attack_sub_resources;
@@ -11,3 +14,9 @@ DROP TABLE IF EXISTS aws_shield_protection_groups;
 
 -- Resource: shield.subscriptions
 DROP TABLE IF EXISTS aws_shield_subscriptions;
+
+-- Resource: xray.groups
+DROP TABLE IF EXISTS aws_xray_groups;
+
+-- Resource: xray.sampling_rules
+DROP TABLE IF EXISTS aws_xray_sampling_rules;
diff --git a/resources/provider/migrations/postgres/30_v0.11.5.up.sql b/resources/provider/migrations/postgres/30_v0.11.5.up.sql
@@ -0,0 +1,136 @@
+-- Autogenerated by migration tool on 2022-05-10 15:09:01
+-- CHANGEME: Verify or edit this file before proceeding
+
+-- Resource: shield.attacks
+CREATE TABLE IF NOT EXISTS "aws_shield_attacks" (
+	"cq_id" uuid NOT NULL,
+	"cq_meta" jsonb,
+	"account_id" text,
+	"attack_counters" jsonb,
+	"id" text,
+	"end_time" timestamp without time zone,
+	"mitigations" text[],
+	"resource_arn" text,
+	"start_time" timestamp without time zone,
+	CONSTRAINT aws_shield_attacks_pk PRIMARY KEY(id),
+	UNIQUE(cq_id)
+);
+CREATE TABLE IF NOT EXISTS "aws_shield_attack_properties" (
+	"cq_id" uuid NOT NULL,
+	"cq_meta" jsonb,
+	"attack_cq_id" uuid,
+	"attack_layer" text,
+	"attack_property_identifier" text,
+	"top_contributors" jsonb,
+	"total" bigint,
+	"unit" text,
+	CONSTRAINT aws_shield_attack_properties_pk PRIMARY KEY(cq_id),
+	UNIQUE(cq_id),
+	FOREIGN KEY (attack_cq_id) REFERENCES aws_shield_attacks(cq_id) ON DELETE CASCADE
+);
+CREATE TABLE IF NOT EXISTS "aws_shield_attack_sub_resources" (
+	"cq_id" uuid NOT NULL,
+	"cq_meta" jsonb,
+	"attack_cq_id" uuid,
+	"attack_vectors" jsonb,
+	"counters" jsonb,
+	"id" text,
+	"type" text,
+	CONSTRAINT aws_shield_attack_sub_resources_pk PRIMARY KEY(cq_id),
+	UNIQUE(cq_id),
+	FOREIGN KEY (attack_cq_id) REFERENCES aws_shield_attacks(cq_id) ON DELETE CASCADE
+);
+
+-- Resource: shield.protections
+CREATE TABLE IF NOT EXISTS "aws_shield_protections" (
+	"cq_id" uuid NOT NULL,
+	"cq_meta" jsonb,
+	"account_id" text,
+	"region" text,
+	"tags" jsonb,
+	"application_automatic_response_configuration_status" text,
+	"health_check_ids" text[],
+	"id" text,
+	"name" text,
+	"arn" text,
+	"resource_arn" text,
+	CONSTRAINT aws_shield_protections_pk PRIMARY KEY(arn),
+	UNIQUE(cq_id)
+);
+
+-- Resource: shield.protections_groups
+CREATE TABLE IF NOT EXISTS "aws_shield_protection_groups" (
+	"cq_id" uuid NOT NULL,
+	"cq_meta" jsonb,
+	"account_id" text,
+	"tags" jsonb,
+	"aggregation" text,
+	"members" text[],
+	"pattern" text,
+	"id" text,
+	"arn" text,
+	"resource_type" text,
+	CONSTRAINT aws_shield_protection_groups_pk PRIMARY KEY(arn),
+	UNIQUE(cq_id)
+);
+
+-- Resource: shield.subscriptions
+CREATE TABLE IF NOT EXISTS "aws_shield_subscriptions" (
+	"cq_id" uuid NOT NULL,
+	"cq_meta" jsonb,
+	"account_id" text,
+	"protection_group_limits_max_protection_groups" integer,
+	"protection_group_limits_arbitrary_pattern_limits_max_members" integer,
+	"protected_resource_type_limits" jsonb,
+	"auto_renew" text,
+	"end_time" timestamp without time zone,
+	"limits" jsonb,
+	"proactive_engagement_status" text,
+	"start_time" timestamp without time zone,
+	"arn" text,
+	"time_commitment_in_seconds" integer,
+	CONSTRAINT aws_shield_subscriptions_pk PRIMARY KEY(arn),
+	UNIQUE(cq_id)
+);
+
+-- Resource: xray.groups
+CREATE TABLE IF NOT EXISTS "aws_xray_groups" (
+	"cq_id" uuid NOT NULL,
+	"cq_meta" jsonb,
+	"account_id" text,
+	"region" text,
+	"tags" jsonb,
+	"filter_expression" text,
+	"arn" text,
+	"group_name" text,
+	"insights_enabled" boolean,
+	"notifications_enabled" boolean,
+	CONSTRAINT aws_xray_groups_pk PRIMARY KEY(arn),
+	UNIQUE(cq_id)
+);
+
+-- Resource: xray.sampling_rules
+CREATE TABLE IF NOT EXISTS "aws_xray_sampling_rules" (
+	"cq_id" uuid NOT NULL,
+	"cq_meta" jsonb,
+	"account_id" text,
+	"region" text,
+	"tags" jsonb,
+	"created_at" timestamp without time zone,
+	"modified_at" timestamp without time zone,
+	"fixed_rate" float,
+	"http_method" text,
+	"host" text,
+	"priority" integer,
+	"reservoir_size" integer,
+	"resource_arn" text,
+	"service_name" text,
+	"service_type" text,
+	"url_path" text,
+	"version" integer,
+	"attributes" jsonb,
+	"arn" text,
+	"rule_name" text,
+	CONSTRAINT aws_xray_sampling_rules_pk PRIMARY KEY(arn),
+	UNIQUE(cq_id)
+);
diff --git a/resources/provider/migrations/postgres/31_v0.11.5.up.sql b/resources/provider/migrations/postgres/31_v0.11.5.up.sql
diff --git a/.../migrations/timescale/31_v0.11.5.down.sql → .../migrations/timescale/30_v0.11.5.down.sql b/.../migrations/timescale/31_v0.11.5.down.sql → .../migrations/timescale/30_v0.11.5.down.sql
@@ -1,3 +1,6 @@
+-- Autogenerated by migration tool on 2022-05-10 15:09:26
+-- CHANGEME: Verify or edit this file before proceeding
+
 -- Resource: shield.attacks
 DROP TABLE IF EXISTS aws_shield_attack_properties;
 DROP TABLE IF EXISTS aws_shield_attack_sub_resources;
@@ -11,3 +14,9 @@ DROP TABLE IF EXISTS aws_shield_protection_groups;
 
 -- Resource: shield.subscriptions
 DROP TABLE IF EXISTS aws_shield_subscriptions;
+
+-- Resource: xray.groups
+DROP TABLE IF EXISTS aws_xray_groups;
+
+-- Resource: xray.sampling_rules
+DROP TABLE IF EXISTS aws_xray_sampling_rules;