feat: Add AWS Config Compliance Details table (#10544)

hermanschaaf · web-flow · commit 9b43a2af4893 · 2023-05-09T13:42:08.000Z
This adds an `aws_config_config_rule_compliance_details` table, requested by a user in the thread on #7711 (comment). This table allows you to get evaluation results for resources discovered through AWS config rule evaluations, which you can then query together with other CloudQuery resources.
diff --git a/plugins/source/aws/docs/tables/README.md b/plugins/source/aws/docs/tables/README.md
@@ -122,6 +122,7 @@
 - [aws_computeoptimizer_enrollment_statuses](../../../../../website/tables/aws/aws_computeoptimizer_enrollment_statuses.md)
 - [aws_computeoptimizer_lambda_function_recommendations](../../../../../website/tables/aws/aws_computeoptimizer_lambda_function_recommendations.md)
 - [aws_config_config_rules](../../../../../website/tables/aws/aws_config_config_rules.md)
+  - [aws_config_config_rule_compliance_details](../../../../../website/tables/aws/aws_config_config_rule_compliance_details.md)
   - [aws_config_config_rule_compliances](../../../../../website/tables/aws/aws_config_config_rule_compliances.md)
   - [aws_config_remediation_configurations](../../../../../website/tables/aws/aws_config_remediation_configurations.md)
 - [aws_config_configuration_aggregators](../../../../../website/tables/aws/aws_config_configuration_aggregators.md)
diff --git a/plugins/source/aws/resources/services/config/config_rule_compliance_details.go b/plugins/source/aws/resources/services/config/config_rule_compliance_details.go
@@ -0,0 +1,57 @@
+package config
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/configservice"
+	"github.com/aws/aws-sdk-go-v2/service/configservice/types"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client"
+	"github.com/cloudquery/plugin-sdk/v2/schema"
+	"github.com/cloudquery/plugin-sdk/v2/transformers"
+)
+
+func configRuleComplianceDetails() *schema.Table {
+	tableName := "aws_config_config_rule_compliance_details"
+	return &schema.Table{
+		Name:        tableName,
+		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_EvaluationResult.html`,
+		Resolver:    fetchConfigConfigRuleComplianceDetails,
+		Multiplex:   client.ServiceAccountRegionMultiplexer(tableName, "config"),
+		// no primary key because all the relevant candidate fields can either be null or are not
+		// uniquely identifying of a resource. For example, ResourceEvaluationId can be null,
+		// and so can ResultToken. However, hashing the entire object can work because a combination of
+		// all fields must be unique.
+		Transform: transformers.TransformWithStruct(&types.EvaluationResult{}),
+		Columns: []schema.Column{
+			client.DefaultAccountIDColumn(false),
+			client.DefaultRegionColumn(false),
+			{
+				Name:     "config_rule_name",
+				Type:     schema.TypeString,
+				Resolver: schema.ParentColumnResolver("config_rule_name"),
+			},
+		},
+	}
+}
+
+func fetchConfigConfigRuleComplianceDetails(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- any) error {
+	ruleDetail := parent.Item.(types.ConfigRule)
+	c := meta.(*client.Client)
+	svc := c.Services().Configservice
+
+	input := &configservice.GetComplianceDetailsByConfigRuleInput{
+		ConfigRuleName: ruleDetail.ConfigRuleName,
+		Limit:          100,
+	}
+	p := configservice.NewGetComplianceDetailsByConfigRulePaginator(svc, input)
+	for p.HasMorePages() {
+		response, err := p.NextPage(ctx, func(options *configservice.Options) {
+			options.Region = c.Region
+		})
+		if err != nil {
+			return err
+		}
+		res <- response.EvaluationResults
+	}
+	return nil
+}
diff --git a/plugins/source/aws/resources/services/config/config_rule_compliance_details_mock_test.go b/plugins/source/aws/resources/services/config/config_rule_compliance_details_mock_test.go
@@ -0,0 +1,26 @@
+package config
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/service/configservice"
+	"github.com/aws/aws-sdk-go-v2/service/configservice/types"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client"
+	"github.com/cloudquery/cloudquery/plugins/source/aws/client/mocks"
+	"github.com/cloudquery/plugin-sdk/v2/faker"
+	"github.com/golang/mock/gomock"
+)
+
+func buildComplianceDetails(t *testing.T, m *mocks.MockConfigserviceClient) client.Services {
+	l := types.EvaluationResult{}
+	if err := faker.FakeObject(&l); err != nil {
+		t.Fatal(err)
+	}
+	m.EXPECT().GetComplianceDetailsByConfigRule(gomock.Any(), gomock.Any(), gomock.Any()).Return(
+		&configservice.GetComplianceDetailsByConfigRuleOutput{
+			EvaluationResults: []types.EvaluationResult{l},
+		}, nil)
+	return client.Services{
+		Configservice: m,
+	}
+}
diff --git a/plugins/source/aws/resources/services/config/config_rules.go b/plugins/source/aws/resources/services/config/config_rules.go
@@ -14,7 +14,7 @@ func ConfigRules() *schema.Table {
 	tableName := "aws_config_config_rules"
 	return &schema.Table{
 		Name:        tableName,
-		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeConfigRules.html`,
+		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigRule.html`,
 		Resolver:    fetchConfigConfigRules,
 		Multiplex:   client.ServiceAccountRegionMultiplexer(tableName, "config"),
 		Transform:   transformers.TransformWithStruct(&types.ConfigRule{}),
@@ -33,6 +33,7 @@ func ConfigRules() *schema.Table {
 
 		Relations: []*schema.Table{
 			configRuleCompliances(),
+			configRuleComplianceDetails(),
 			remediationConfigurations(),
 		},
 	}
@@ -42,8 +43,7 @@ func fetchConfigConfigRules(ctx context.Context, meta schema.ClientMeta, parent
 	c := meta.(*client.Client)
 	svc := c.Services().Configservice
 
-	input := &configservice.DescribeConfigRulesInput{}
-	p := configservice.NewDescribeConfigRulesPaginator(svc, input)
+	p := configservice.NewDescribeConfigRulesPaginator(svc, nil)
 	for p.HasMorePages() {
 		response, err := p.NextPage(ctx, func(options *configservice.Options) {
 			options.Region = c.Region
diff --git a/plugins/source/aws/resources/services/config/config_rules_mock_test.go b/plugins/source/aws/resources/services/config/config_rules_mock_test.go
@@ -30,6 +30,7 @@ func buildConfigRules(t *testing.T, ctrl *gomock.Controller) client.Services {
 			ComplianceByConfigRules: []types.ComplianceByConfigRule{sl},
 		}, nil)
 	buildRemediationConfigurations(t, m)
+	buildComplianceDetails(t, m)
 	return client.Services{
 		Configservice: m,
 	}
diff --git a/plugins/source/aws/resources/services/config/configuration_aggregators.go b/plugins/source/aws/resources/services/config/configuration_aggregators.go
@@ -14,7 +14,7 @@ func ConfigurationAggregators() *schema.Table {
 	tableName := "aws_config_configuration_aggregators"
 	return &schema.Table{
 		Name:        tableName,
-		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeConfigurationAggregators.html`,
+		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigurationAggregator.html`,
 		Resolver:    fetchConfigurationAggregators,
 		Multiplex:   client.ServiceAccountRegionMultiplexer(tableName, "config"),
 		Transform:   transformers.TransformWithStruct(&types.ConfigurationAggregator{}),
@@ -38,8 +38,7 @@ func fetchConfigurationAggregators(ctx context.Context, meta schema.ClientMeta,
 	c := meta.(*client.Client)
 	svc := c.Services().Configservice
 
-	input := &configservice.DescribeConfigurationAggregatorsInput{}
-	p := configservice.NewDescribeConfigurationAggregatorsPaginator(svc, input)
+	p := configservice.NewDescribeConfigurationAggregatorsPaginator(svc, nil)
 	for p.HasMorePages() {
 		response, err := p.NextPage(ctx, func(options *configservice.Options) {
 			options.Region = c.Region
diff --git a/plugins/source/aws/resources/services/config/delivery_channels.go b/plugins/source/aws/resources/services/config/delivery_channels.go
@@ -14,7 +14,7 @@ func DeliveryChannels() *schema.Table {
 	tableName := "aws_config_delivery_channels"
 	return &schema.Table{
 		Name:        tableName,
-		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeDeliveryChannels.html`,
+		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_DeliveryChannel.html`,
 		Resolver:    fetchDeliveryChannels,
 		Multiplex:   client.ServiceAccountRegionMultiplexer(tableName, "config"),
 		Transform:   transformers.TransformWithStruct(&types.DeliveryChannel{}, transformers.WithPrimaryKeys("Name")),
diff --git a/plugins/source/aws/resources/services/config/remediation_configurations.go b/plugins/source/aws/resources/services/config/remediation_configurations.go
@@ -14,7 +14,7 @@ func remediationConfigurations() *schema.Table {
 	tableName := "aws_config_remediation_configurations"
 	return &schema.Table{
 		Name:        tableName,
-		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeRemediationConfigurations.html`,
+		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_RemediationConfiguration.html`,
 		Resolver:    fetchRemediationConfigurations,
 		Multiplex:   client.ServiceAccountRegionMultiplexer(tableName, "config"),
 		Transform: transformers.TransformWithStruct(&types.RemediationConfiguration{},
diff --git a/plugins/source/aws/resources/services/config/retention_configurations.go b/plugins/source/aws/resources/services/config/retention_configurations.go
@@ -14,7 +14,7 @@ func RetentionConfigurations() *schema.Table {
 	tableName := "aws_config_retention_configurations"
 	return &schema.Table{
 		Name:        tableName,
-		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeRetentionConfigurations.html`,
+		Description: `https://docs.aws.amazon.com/config/latest/APIReference/API_RetentionConfiguration.html`,
 		Resolver:    fetchRetentionConfigurations,
 		Multiplex:   client.ServiceAccountRegionMultiplexer(tableName, "config"),
 		Transform: transformers.TransformWithStruct(&types.RetentionConfiguration{},
@@ -31,8 +31,7 @@ func fetchRetentionConfigurations(ctx context.Context, meta schema.ClientMeta, p
 	c := meta.(*client.Client)
 	svc := c.Services().Configservice
 
-	input := &configservice.DescribeRetentionConfigurationsInput{}
-	p := configservice.NewDescribeRetentionConfigurationsPaginator(svc, input)
+	p := configservice.NewDescribeRetentionConfigurationsPaginator(svc, nil)
 	for p.HasMorePages() {
 		response, err := p.NextPage(ctx, func(options *configservice.Options) {
 			options.Region = c.Region
diff --git a/website/pages/docs/plugins/sources/aws/tables.md b/website/pages/docs/plugins/sources/aws/tables.md
diff --git a/website/tables/aws/aws_config_config_rule_compliance_details.md b/website/tables/aws/aws_config_config_rule_compliance_details.md
@@ -0,0 +1,29 @@
+# Table: aws_config_config_rule_compliance_details
+
+This table shows data for Config Config Rule Compliance Details.
+
+https://docs.aws.amazon.com/config/latest/APIReference/API_EvaluationResult.html
+
+The primary key for this table is **_cq_id**.
+
+## Relations
+
+This table depends on [aws_config_config_rules](aws_config_config_rules).
+
+## Columns
+
+| Name          | Type          |
+| ------------- | ------------- |
+|_cq_source_name|String|
+|_cq_sync_time|Timestamp|
+|_cq_id (PK)|UUID|
+|_cq_parent_id|UUID|
+|account_id|String|
+|region|String|
+|config_rule_name|String|
+|annotation|String|
+|compliance_type|String|
+|config_rule_invoked_time|Timestamp|
+|evaluation_result_identifier|JSON|
+|result_recorded_time|Timestamp|
+|result_token|String|
diff --git a/website/tables/aws/aws_config_config_rules.md b/website/tables/aws/aws_config_config_rules.md
@@ -2,13 +2,14 @@
 
 This table shows data for Config Config Rules.
 
-https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeConfigRules.html
+https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigRule.html
 
 The primary key for this table is **arn**.
 
 ## Relations
 
 The following tables depend on aws_config_config_rules:
+  - [aws_config_config_rule_compliance_details](aws_config_config_rule_compliance_details)
   - [aws_config_config_rule_compliances](aws_config_config_rule_compliances)
   - [aws_config_remediation_configurations](aws_config_remediation_configurations)
 
diff --git a/website/tables/aws/aws_config_configuration_aggregators.md b/website/tables/aws/aws_config_configuration_aggregators.md
@@ -2,7 +2,7 @@
 
 This table shows data for Config Configuration Aggregators.
 
-https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeConfigurationAggregators.html
+https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigurationAggregator.html
 
 The primary key for this table is **arn**.
 
diff --git a/website/tables/aws/aws_config_delivery_channels.md b/website/tables/aws/aws_config_delivery_channels.md
@@ -2,7 +2,7 @@
 
 This table shows data for Config Delivery Channels.
 
-https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeDeliveryChannels.html
+https://docs.aws.amazon.com/config/latest/APIReference/API_DeliveryChannel.html
 
 The composite primary key for this table is (**account_id**, **region**, **name**).
 
diff --git a/website/tables/aws/aws_config_remediation_configurations.md b/website/tables/aws/aws_config_remediation_configurations.md
@@ -2,7 +2,7 @@
 
 This table shows data for Config Remediation Configurations.
 
-https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeRemediationConfigurations.html
+https://docs.aws.amazon.com/config/latest/APIReference/API_RemediationConfiguration.html
 
 The primary key for this table is **arn**.
 
diff --git a/website/tables/aws/aws_config_retention_configurations.md b/website/tables/aws/aws_config_retention_configurations.md
@@ -2,7 +2,7 @@
 
 This table shows data for Config Retention Configurations.
 
-https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeRetentionConfigurations.html
+https://docs.aws.amazon.com/config/latest/APIReference/API_RetentionConfiguration.html
 
 The composite primary key for this table is (**account_id**, **region**, **name**).
 

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ func buildConfigRules(t testing.T, ctrl gomock.Controller) client.Services {`
`30`	`30`	`ComplianceByConfigRules: []types.ComplianceByConfigRule{sl},`
`31`	`31`	`}, nil)`
`32`	`32`	`buildRemediationConfigurations(t, m)`
	`33`	`+ buildComplianceDetails(t, m)`
`33`	`34`	`return client.Services{`
`34`	`35`	`Configservice: m,`
`35`	`36`	`}`