⭐️ aws cloudformation provider (#4105)

* ⭐️ cloudformation provider * Use CloudFormation as term for the config Co-authored-by: Tim Smith <[email protected]> * 🧹 handle case where template node has no content --------- Co-authored-by: Tim Smith <[email protected]>
mondoohq · May 28, 2024 · 54cecba · 54cecba
1 parent de49696
commit 54cecba
Show file tree

Hide file tree

Showing 24 changed files with 2,393 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -203,7 +203,8 @@ providers/build: \
 	providers/build/azure \
 	providers/build/ms365 \
 	providers/build/aws \
-	providers/build/atlassian
+	providers/build/atlassian \
+	providers/build/cloudformation
 
 .PHONY: providers/install
 # Note we need \ to escape the target line into multiple lines
@@ -228,7 +229,8 @@ providers/install: \
 	providers/install/azure \
 	providers/install/ms365 \
 	providers/install/atlassian \
-	providers/install/aws
+	providers/install/aws \
+    providers/install/cloudformation
 
 providers/build/mock: providers/lr
 	./lr go providers-sdk/v1/testutils/mockprovider/resources/mockprovider.lr
@@ -341,6 +343,11 @@ providers/build/ms365: providers/lr
 providers/install/ms365:
 	@$(call installProvider, providers/ms365)
 
+providers/build/cloudformation: providers/lr
+	@$(call buildProvider, providers/cloudformation)
+providers/install/cloudformation:
+	@$(call installProvider, providers/cloudformation)
+
 providers/dist:
 	@$(call buildProviderDist, providers/network)
 	@$(call buildProviderDist, providers/os)
@@ -363,6 +370,7 @@ providers/dist:
 	@$(call buildProviderDist, providers/ms365)
 	@$(call buildProviderDist, providers/aws)
 	@$(call buildProviderDist, providers/atlassian)
+	@$(call buildProviderDist, providers/cloudformation)
 
 providers/bundle:
 	@$(call bundleProvider, providers/network)
@@ -386,6 +394,7 @@ providers/bundle:
 	@$(call bundleProvider, providers/ms365)
 	@$(call bundleProvider, providers/aws)
 	@$(call bundleProvider, providers/atlassian)
+	@$(call bundleProvider, providers/cloudformation)
 
 providers/test:
 	@$(call testProvider, providers/core)
@@ -410,6 +419,7 @@ providers/test:
 	@$(call testGoModProvider, providers/ms365)
 	@$(call testGoModProvider, providers/aws)
 	@$(call testGoModProvider, providers/atlassian)
+	@$(call testGoModProvider, providers/cloudformation)
 
 lr/test:
 	go test ./resources/lr/...
@@ -434,7 +444,7 @@ lr/docs/markdown: providers/lr
 		--docs-file providers/atlassian/resources/atlassian.lr.manifest.yaml \
 		--output ../docs/docs/mql/resources/atlassian-pack
 	./lr markdown providers/aws/resources/aws.lr \
-    --pack-name "Amazon Web Services (AWS)" \
+    	--pack-name "Amazon Web Services (AWS)" \
 		--description "The Amazon Web Services (AWS) resource pack lets you use MQL to query and assess the security of your AWS cloud services." \
 		--docs-file providers/aws/resources/aws.lr.manifest.yaml \
 		--output ../docs/docs/mql/resources/aws-pack
@@ -443,6 +453,11 @@ lr/docs/markdown: providers/lr
 		--description "The Azure resource pack lets you use MQL to query and assess the security of your Azure cloud services." \
 		--docs-file providers/azure/resources/azure.lr.manifest.yaml \
 		--output ../docs/docs/mql/resources/azure-pack
+	./lr markdown providers/cloudformation/resources/cloudformation.lr \
+		--pack-name "AWS CloudFormation" \
+		--description "The AWS CloudFormation resource pack lets you use MQL to query and assess the security of your AWS CloudFormation." \
+		--docs-file providers/cloudformation/resources/cloudformation.lr.manifest.yaml \
+		--output ../docs/docs/mql/resources/cloudformation-pack
 	./lr markdown providers/core/resources/core.lr \
 		--pack-name "Core" \
 		--description "The Core pack provides basic MQL resources that let you query and assess the security of assets in your infrastructure." \

diff --git a/providers/cloudformation/README.md b/providers/cloudformation/README.md
@@ -0,0 +1,4 @@
+
+
+
+https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-reference.html
diff --git a/providers/cloudformation/config/config.go b/providers/cloudformation/config/config.go
@@ -0,0 +1,27 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package config
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v11/providers/cloudformation/provider"
+)
+
+var Config = plugin.Provider{
+	Name:            "cloudformation",
+	ID:              "go.mondoo.com/cnquery/v11/providers/cloudformation",
+	Version:         "11.0.0",
+	ConnectionTypes: []string{provider.DefaultConnectionType},
+	Connectors: []plugin.Connector{
+		{
+			Name:      "cloudformation",
+			Use:       "cloudformation PATH",
+			Short:     "AWS CloudFormation template or AWS SAM template",
+			MinArgs:   1,
+			MaxArgs:   1,
+			Discovery: []string{},
+			Flags:     []plugin.Flag{},
+		},
+	},
+}
diff --git a/providers/cloudformation/connection/connection.go b/providers/cloudformation/connection/connection.go
@@ -0,0 +1,62 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package connection
+
+import (
+	"os"
+
+	"github.com/aws-cloudformation/rain/cft"
+	"github.com/aws-cloudformation/rain/cft/parse"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+)
+
+var _ plugin.Connection = (*CloudformationConnection)(nil)
+
+type CloudformationConnection struct {
+	plugin.Connection
+	Conf  *inventory.Config
+	asset *inventory.Asset
+	// Add custom connection fields here
+	path        string
+	cftTemplate cft.Template
+}
+
+func NewCloudformationConnection(id uint32, asset *inventory.Asset, conf *inventory.Config) (*CloudformationConnection, error) {
+	conn := &CloudformationConnection{
+		Connection: plugin.NewConnection(id, asset),
+		Conf:       conf,
+		asset:      asset,
+	}
+	// initialize your connection here
+	cc := asset.Connections[0]
+	path := cc.Options["path"]
+	conn.path = path
+
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	cftTemplate, err := parse.Reader(f)
+	if err != nil {
+		return nil, err
+	}
+	conn.cftTemplate = cftTemplate
+
+	return conn, nil
+}
+
+func (c *CloudformationConnection) Name() string {
+	return "cloudformation"
+}
+
+func (c *CloudformationConnection) Asset() *inventory.Asset {
+	return c.asset
+}
+
+func (c *CloudformationConnection) CftTemplate() cft.Template {
+	return c.cftTemplate
+}
diff --git a/providers/cloudformation/gen/main.go b/providers/cloudformation/gen/main.go
@@ -0,0 +1,13 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package main
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin/gen"
+	"go.mondoo.com/cnquery/v11/providers/cloudformation/config"
+)
+
+func main() {
+	gen.CLI(&config.Config)
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,4 @@



		https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-reference.html