Skip to content

Commit 041c341

Browse files
bbernaysbbernays
authored
feat(aws): Add Support for Secrets Manager Secret Versions (#7701)
 #### Summary <!-- Explain what problem this PR addresses --> <!--
1 parent 3c77b2c commit 041c341

File tree

9 files changed

+117
-12
lines changed

9 files changed

+117
-12
lines changed

plugins/source/aws/docs/tables/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -441,6 +441,7 @@
441441
- [aws_scheduler_schedule_groups](aws_scheduler_schedule_groups.md)
442442
- [aws_scheduler_schedules](aws_scheduler_schedules.md)
443443
- [aws_secretsmanager_secrets](aws_secretsmanager_secrets.md)
444+
- [aws_secretsmanager_secret_versions](aws_secretsmanager_secret_versions.md)
444445
- [aws_securityhub_findings](aws_securityhub_findings.md)
445446
- [aws_servicecatalog_portfolios](aws_servicecatalog_portfolios.md)
446447
- [aws_servicecatalog_products](aws_servicecatalog_products.md)

plugins/source/aws/docs/tables/aws_secretsmanager_secret_versions.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Table: aws_secretsmanager_secret_versions
2+
3+
https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecretVersionIds.html
4+
5+
The composite primary key for this table is (**secret_arn**, **version_id**).
6+
7+
## Relations
8+
9+
This table depends on [aws_secretsmanager_secrets](aws_secretsmanager_secrets.md).
10+
11+
## Columns
12+
13+
| Name | Type |
14+
| ------------- | ------------- |
15+
|_cq_source_name|String|
16+
|_cq_sync_time|Timestamp|
17+
|_cq_id|UUID|
18+
|_cq_parent_id|UUID|
19+
|account_id|String|
20+
|region|String|
21+
|secret_arn (PK)|String|
22+
|created_date|Timestamp|
23+
|kms_key_ids|StringArray|
24+
|last_accessed_date|Timestamp|
25+
|version_id (PK)|String|
26+
|version_stages|StringArray|

plugins/source/aws/docs/tables/aws_secretsmanager_secrets.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,11 @@ https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.h
44

55
The primary key for this table is **arn**.
66

7+
## Relations
8+
9+
The following tables depend on aws_secretsmanager_secrets:
10+
- [aws_secretsmanager_secret_versions](aws_secretsmanager_secret_versions.md)
11+
712
## Columns
813

914
| Name | Type |

plugins/source/aws/resources/services/secretsmanager/secrets.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,5 +46,8 @@ func Secrets() *schema.Table {
4646
Resolver: client.ResolveTags,
4747
},
4848
},
49+
Relations: []*schema.Table{
50+
SecretVersions(),
51+
},
4952
}
5053
}

plugins/source/aws/resources/services/secretsmanager/secrets_fetch.go

Lines changed: 5 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -4,28 +4,21 @@ import (
44
"context"
55
"encoding/json"
66

7-
"github.com/aws/aws-sdk-go-v2/aws"
87
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
98
"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
109
"github.com/cloudquery/cloudquery/plugins/source/aws/client"
1110
"github.com/cloudquery/plugin-sdk/schema"
1211
)
1312

1413
func fetchSecretsmanagerSecrets(ctx context.Context, meta schema.ClientMeta, _ *schema.Resource, res chan<- any) error {
15-
c := meta.(*client.Client)
16-
svc := c.Services().Secretsmanager
17-
cfg := secretsmanager.ListSecretsInput{}
18-
for {
19-
response, err := svc.ListSecrets(ctx, &cfg)
14+
svc := meta.(*client.Client).Services().Secretsmanager
15+
paginator := secretsmanager.NewListSecretsPaginator(svc, &secretsmanager.ListSecretsInput{})
16+
for paginator.HasMorePages() {
17+
page, err := paginator.NextPage(ctx)
2018
if err != nil {
2119
return err
2220
}
23-
res <- response.SecretList
24-
25-
if aws.ToString(response.NextToken) == "" {
26-
break
27-
}
28-
cfg.NextToken = response.NextToken
21+
res <- page.SecretList
2922
}
3023
return nil
3124
}

plugins/source/aws/resources/services/secretsmanager/secrets_mock_test.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,16 @@ func buildSecretsmanagerModels(t *testing.T, ctrl *gomock.Controller) client.Ser
4545
nil,
4646
)
4747

48+
version := secretsmanager.ListSecretVersionIdsOutput{}
49+
if err := faker.FakeObject(&version); err != nil {
50+
t.Fatal(err)
51+
}
52+
version.NextToken = nil
53+
m.EXPECT().ListSecretVersionIds(gomock.Any(), gomock.Any(), gomock.Any()).MinTimes(1).Return(
54+
&version,
55+
nil,
56+
)
57+
4858
return client.Services{
4959
Secretsmanager: m,
5060
}

plugins/source/aws/resources/services/secretsmanager/secrets_version.go

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
package secretsmanager
2+
3+
import (
4+
"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
5+
"github.com/cloudquery/cloudquery/plugins/source/aws/client"
6+
"github.com/cloudquery/plugin-sdk/schema"
7+
"github.com/cloudquery/plugin-sdk/transformers"
8+
)
9+
10+
func SecretVersions() *schema.Table {
11+
return &schema.Table{
12+
Name: "aws_secretsmanager_secret_versions",
13+
Description: `https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecretVersionIds.html`,
14+
Resolver: fetchSecretsmanagerSecretsVersions,
15+
Transform: transformers.TransformWithStruct(&types.SecretVersionsListEntry{}, transformers.WithPrimaryKeys("VersionId")),
16+
Multiplex: client.ServiceAccountRegionMultiplexer("secretsmanager"),
17+
Columns: []schema.Column{
18+
{
19+
Name: "account_id",
20+
Type: schema.TypeString,
21+
Resolver: client.ResolveAWSAccount,
22+
},
23+
{
24+
Name: "region",
25+
Type: schema.TypeString,
26+
Resolver: client.ResolveAWSRegion,
27+
},
28+
{
29+
Name: "secret_arn",
30+
Type: schema.TypeString,
31+
Resolver: schema.ParentColumnResolver("arn"),
32+
CreationOptions: schema.ColumnCreationOptions{
33+
PrimaryKey: true,
34+
},
35+
},
36+
},
37+
}
38+
}

plugins/source/aws/resources/services/secretsmanager/secrets_version_fetch.go

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
package secretsmanager
2+
3+
import (
4+
"context"
5+
6+
"github.com/aws/aws-sdk-go-v2/aws"
7+
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
8+
"github.com/cloudquery/cloudquery/plugins/source/aws/client"
9+
"github.com/cloudquery/plugin-sdk/schema"
10+
)
11+
12+
func fetchSecretsmanagerSecretsVersions(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, res chan<- any) error {
13+
secret := resource.Item.(*secretsmanager.DescribeSecretOutput)
14+
c := meta.(*client.Client)
15+
svc := c.Services().Secretsmanager
16+
paginator := secretsmanager.NewListSecretVersionIdsPaginator(svc, &secretsmanager.ListSecretVersionIdsInput{
17+
SecretId: secret.ARN,
18+
IncludeDeprecated: aws.Bool(true),
19+
})
20+
for paginator.HasMorePages() {
21+
page, err := paginator.NextPage(ctx)
22+
if err != nil {
23+
return err
24+
}
25+
res <- page.Versions
26+
}
27+
return nil
28+
}

website/pages/docs/plugins/sources/aws/tables.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -441,6 +441,7 @@
441441
- [aws_scheduler_schedule_groups](https://github.com/cloudquery/cloudquery/blob/main/plugins/source/aws/docs/tables/aws_scheduler_schedule_groups.md)
442442
- [aws_scheduler_schedules](https://github.com/cloudquery/cloudquery/blob/main/plugins/source/aws/docs/tables/aws_scheduler_schedules.md)
443443
- [aws_secretsmanager_secrets](https://github.com/cloudquery/cloudquery/blob/main/plugins/source/aws/docs/tables/aws_secretsmanager_secrets.md)
444+
- [aws_secretsmanager_secret_versions](https://github.com/cloudquery/cloudquery/blob/main/plugins/source/aws/docs/tables/aws_secretsmanager_secret_versions.md)
444445
- [aws_securityhub_findings](https://github.com/cloudquery/cloudquery/blob/main/plugins/source/aws/docs/tables/aws_securityhub_findings.md)
445446
- [aws_servicecatalog_portfolios](https://github.com/cloudquery/cloudquery/blob/main/plugins/source/aws/docs/tables/aws_servicecatalog_portfolios.md)
446447
- [aws_servicecatalog_products](https://github.com/cloudquery/cloudquery/blob/main/plugins/source/aws/docs/tables/aws_servicecatalog_products.md)

0 commit comments

Comments
 (0)