fix(aws)!: Resource Access Manager (RAM) PK issues #8010
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR has the following changes to source plugin(s) tables:
|
candiduslynx
approved these changes
Feb 14, 2023
erezrokah
changed the title
account_id and region to aws_ram_resource_shares and aws_ram_resource_share_permissions PKs
Member
|
Made this a breaking change via the PR title. With #7819 we consider any PK change to require a |
disq
changed the title
account_id and region to aws_ram_resource_shares and aws_ram_resource_share_permissions PKs
disq
commented
Feb 14, 2023
candiduslynx
approved these changes
Feb 14, 2023
candiduslynx
approved these changes
Feb 14, 2023
candiduslynx
added
automerge
kodiakhq bot
pushed a commit
that referenced
this pull request
Feb 14, 2023
🤖 I have created a release *beep* *boop* --- ## [14.0.0](plugins-source-aws-v13.3.0...plugins-source-aws-v14.0.0) (2023-02-14) ### ⚠ BREAKING CHANGES * **aws:** Use `log_group_arn` + `filter_name` for `aws_cloudwatchlogs_metric_filters` PK ([#8061](#8061)) * **aws:** Add `account_id` and `region` to `aws_ec2_transit_gateways` PK ([#8060](#8060)) * **aws:** Rename `user_arn` field to `arn` in `aws_quicksight_group_members` * **aws:** Resource Access Manager (RAM) PK issues ([#8010](#8010)) * **aws:** Add `resource_share_arn` and `region` to `aws_ram_principals` PK ([#7985](#7985)) * **aws:** Add `account_id` and `region` to PK in `aws_directconnect_gateways` ([#7984](#7984)) * **aws:** Use `physical_resource_identifier` instead of `physical_resource_id` in `aws_resiliencehub_app_version_resources` and `aws_resiliencehub_app_version_resource_mappings` PKs * **aws:** PK for `aws_s3_bucket_grants` ([#7822](#7822)) * **aws:** PK for `aws_docdb_certificates` ([#7820](#7820)) * **aws:** PK for `aws_ec2_images` ([#7821](#7821)) * **aws:** Fix PK for `aws_rds_certificates` ([#7817](#7817)) ### Features * Athena resource view creation ([#7908](#7908)) ([a8769ea](a8769ea)) * **aws-resources:** Add EMR Cluster Instances ([#7814](#7814)) ([f2883d0](f2883d0)) * **aws-resources:** Add EMR Instance Fleets and Groups ([#7818](#7818)) ([df8cfea](df8cfea)) * **aws-resources:** Add EMR Security Configuration ([#7812](#7812)) ([3d70111](3d70111)) * **aws:** Add Method and Integration Resources for API Gateway ([#7923](#7923)) ([f3d669a](f3d669a)) * **aws:** Add New Elasticache Resources and Attributes ([#7925](#7925)) ([e18ca20](e18ca20)) * **aws:** Add New Validation for AWS Tags ([#7651](#7651)) ([2440e89](2440e89)) * **aws:** Add Support for CloudWatch Filter Subscriptions ([#8073](#8073)) ([cbc2fb1](cbc2fb1)) * **aws:** Add Support for Directconnect Locations ([#7906](#7906)) ([0187098](0187098)) * **aws:** Add Support for EC2 Managed Prefix List ([#7942](#7942)) ([743fdd2](743fdd2)) * **aws:** Add Support for Route53 Operations ([#7944](#7944)) ([306f0bd](306f0bd)) * **aws:** Step Function Resources ([#7911](#7911)) ([ffb3275](ffb3275)) * **aws:** Support Availability Zones ([#7914](#7914)) ([f082057](f082057)) ### Bug Fixes * **aws:** Add `account_id` and `region` to `aws_appstream_images` PK ([#7972](#7972)) ([a7cfd33](a7cfd33)) * **aws:** Add `account_id` and `region` to `aws_ec2_transit_gateways` PK ([#8060](#8060)) ([37fbf63](37fbf63)) * **aws:** Add `account_id` and `region` to PK in `aws_directconnect_gateways` ([#7984](#7984)) ([588bc88](588bc88)) * **aws:** Add `account_id` and region to `aws_quicksight_*` resources ([4d0fdb4](4d0fdb4)) * **aws:** Add `request_account_id` & `request_region` to `aws_securityhub_findings` PK ([#7971](#7971)) ([aa74371](aa74371)) * **aws:** Add `resource_share_arn` and `region` to `aws_ram_principals` PK ([#7985](#7985)) ([fd24a5b](fd24a5b)) * **aws:** Add parent table ARNs as PKs to child tables for `aws_resiliencehub_*` resources ([2f70712](2f70712)) * **aws:** Fix `aws_iam_accounts` unmarshaling ([#7899](#7899)) ([abf28ed](abf28ed)) * **aws:** Fix PK for `aws_rds_certificates` ([#7817](#7817)) ([8082b2a](8082b2a)) * **aws:** PK for `aws_docdb_certificates` ([#7820](#7820)) ([b2b06ea](b2b06ea)) * **aws:** PK for `aws_ec2_images` ([#7821](#7821)) ([d568cde](d568cde)) * **aws:** PK for `aws_s3_bucket_grants` ([#7822](#7822)) ([4efbf32](4efbf32)) * **aws:** Remove `account_id` and `region` columns from `aws_resiliencehub_*` PKs ([2f70712](2f70712)) * **aws:** Rename `user_arn` field to `arn` in `aws_quicksight_group_members` ([4d0fdb4](4d0fdb4)) * **aws:** Resource Access Manager (RAM) PK issues ([#8010](#8010)) ([901dcf4](901dcf4)) * **aws:** Use `log_group_arn` + `filter_name` for `aws_cloudwatchlogs_metric_filters` PK ([#8061](#8061)) ([d29f19a](d29f19a)) * **aws:** Use `physical_resource_identifier` instead of `physical_resource_id` in `aws_resiliencehub_app_version_resources` and `aws_resiliencehub_app_version_resource_mappings` PKs ([2f70712](2f70712)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/codepipeline to v1.14.1 ([#7945](#7945)) ([bd1eee8](bd1eee8)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/cognitoidentity to v1.15.1 ([#7946](#7946)) ([7747eab](7747eab)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider to v1.22.1 ([#7947](#7947)) ([f3307f2](f3307f2)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/configservice to v1.29.2 ([#7948](#7948)) ([db7b7af](db7b7af)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/databasemigrationservice to v1.23.2 ([#7949](#7949)) ([ff3e2d1](ff3e2d1)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/dax to v1.12.1 ([#7950](#7950)) ([3127200](3127200)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/directconnect to v1.18.2 ([#7951](#7951)) ([c220d49](c220d49)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/docdb to v1.20.2 ([#7952](#7952)) ([f021f80](f021f80)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/dynamodb to v1.18.2 ([#7953](#7953)) ([b50cb36](b50cb36)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/ecr to v1.18.2 ([#7954](#7954)) ([610165a](610165a)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/ecrpublic to v1.15.1 ([#7955](#7955)) ([70a2b8b](70a2b8b)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/ecs to v1.23.2 ([#7956](#7956)) ([66b4cee](66b4cee)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/efs to v1.19.3 ([#7957](#7957)) ([202d467](202d467)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/eks to v1.27.2 ([#7958](#7958)) ([8f08e65](8f08e65)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/elasticache to v1.26.2 ([#7959](#7959)) ([4ca09b8](4ca09b8)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/elasticbeanstalk to v1.15.1 ([#7960](#7960)) ([e859fd0](e859fd0)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing to v1.15.2 ([#7961](#7961)) ([d7b1163](d7b1163)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 to v1.19.3 ([#7962](#7962)) ([4afa209](4afa209)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/elasticsearchservice to v1.18.2 ([#7963](#7963)) ([69752f3](69752f3)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/elastictranscoder to v1.14.1 ([#7964](#7964)) ([d8ca305](d8ca305)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/emr to v1.22.2 ([#7965](#7965)) ([1ee800c](1ee800c)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/firehose to v1.16.2 ([#7966](#7966)) ([48a4faf](48a4faf)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/fsx to v1.28.2 ([#7967](#7967)) ([2ff2fce](2ff2fce)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/glacier to v1.14.2 ([#7968](#7968)) ([0a5fe22](0a5fe22)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/guardduty to v1.17.2 ([#7969](#7969)) ([7fcb80a](7fcb80a)) * **deps:** Update module github.com/cloudquery/codegen to v0.2.1 ([#7875](#7875)) ([9d10ac1](9d10ac1)) * **deps:** Update module github.com/cloudquery/plugin-sdk to v1.36.0 ([#7809](#7809)) ([c85a9cb](c85a9cb)) * **deps:** Update module github.com/cloudquery/plugin-sdk to v1.36.1 ([#7930](#7930)) ([39dccc1](39dccc1)) * **deps:** Update module github.com/cloudquery/plugin-sdk to v1.37.0 ([#7933](#7933)) ([dc9cffb](dc9cffb)) * **deps:** Update module github.com/cloudquery/plugin-sdk to v1.37.1 ([#8008](#8008)) ([c47aac0](c47aac0)) * Fix ECR image ARN to use repository name ([#7839](#7839)) ([e585d61](e585d61)) * Update endpoints ([#7795](#7795)) ([7f5260c](7f5260c)) * Update endpoints ([#7797](#7797)) ([3e72d3e](3e72d3e)) * Update endpoints ([#7798](#7798)) ([0a21b16](0a21b16)) * Update endpoints ([#7799](#7799)) ([ea62bbc](ea62bbc)) * Update endpoints ([#7810](#7810)) ([c797331](c797331)) * Update endpoints ([#7811](#7811)) ([5b1566c](5b1566c)) * Update endpoints ([#7816](#7816)) ([e1cca0c](e1cca0c)) * Update endpoints ([#7991](#7991)) ([3e81234](3e81234)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The issue is the resource being shared so it's not located in the same account as it's owner. So if the user is fetching multiple accounts which have the resource share/share_perms the ARN clash is inevitable.
Test Results
aws_ram_resources:arnis the shared resource,resource_share_arnis the arn of the share itself, so both need to be in the PK, as well as AccountId and Region, because of the sharer/sharee being able to both view the same record.aws_ram_resource_shares, the ARN's account_id/region is from the owner account and it has a UUID at the end of the ARN. So if you're sharing between two of your accounts the ARN clash is issue is real, adding current account/region from the querying account solves the problem.aws_ram_resource_share_permissions, the ARN is the arn of the permission itself, without any region or account or version, as in:arn:aws:ram::aws:permission/AWSRAMDefaultPermissionGlueDatabaseand such (real value from test account) so adding the version and the account_id/region made sense.aws_ram_resource_share_associations, there's no issue because the share "grantee" doesn't seem have access to the this list, it's only filled from the sharer account side.aws_ram_principals, the previous PR fix(aws)!: Addresource_share_arnandregiontoaws_ram_principalsPK #7985 seems to have fixed the issue, it's the same thing as theaws_ram_resource_sharesissue.aws_ram_resource_share_invitations, the ARN of the invitation is different from the resource share. But since you can share to multiple accounts or other entities (IAM users, etc)ReceiverAccountIdandReceiverArnneeds to be added to the PK list. The problem is,ReceiverArncan be empty on some cases (if shared to account it's definitely empty) so it can't be a PK as-is. I added a newreceiver_combinedcolumn to remedy the issue.