From 355dd0086fb7b1bc4c5f83c103f90690b78a8cad Mon Sep 17 00:00:00 2001 From: davidrobert Date: Tue, 11 Mar 2025 18:30:45 +0200 Subject: [PATCH 01/16] Add terraform integration --- go.mod | 23 +- go.sum | 73 ++- src/cmd/groups/integrations.go | 8 + src/cmd/root.go | 4 + src/cmd/terraform/parse/parse-tfstate.go | 82 +++ src/cmd/terraform/terraform.go | 24 + src/pkg/cloudclient/graphql/generated.go | 22 +- src/pkg/cloudclient/graphql/schema.graphql | 317 +++++++++- .../cloudclient/restapi/cloudapi/api.gen.go | 552 +++++++++++++++++- .../cloudclient/restapi/cloudapi/openapi.json | 471 ++++++++++++++- src/pkg/git/types.go | 15 + src/pkg/git/utils.go | 63 ++ src/pkg/mapperclient/schema.graphql | 38 +- src/pkg/terraform/aws.go | 95 +++ src/pkg/terraform/types.go | 54 ++ src/pkg/terraform/utils.go | 37 ++ 16 files changed, 1815 insertions(+), 63 deletions(-) create mode 100644 src/cmd/groups/integrations.go create mode 100644 src/cmd/terraform/parse/parse-tfstate.go create mode 100644 src/cmd/terraform/terraform.go create mode 100644 src/pkg/git/types.go create mode 100644 src/pkg/git/utils.go create mode 100644 src/pkg/terraform/aws.go create mode 100644 src/pkg/terraform/types.go create mode 100644 src/pkg/terraform/utils.go diff --git a/go.mod b/go.mod index bd7522e9..e8fcb06a 100644 --- a/go.mod +++ b/go.mod @@ -11,8 +11,11 @@ require ( github.com/coreos/go-oidc/v3 v3.4.0 github.com/deepmap/oapi-codegen v1.12.4 github.com/getkin/kin-openapi v0.107.0 + github.com/go-git/go-git/v5 v5.13.0 github.com/goccy/go-graphviz v0.1.0 github.com/google/uuid v1.6.0 + github.com/hashicorp/terraform-exec v0.22.0 + github.com/hashicorp/terraform-json v0.24.0 github.com/iancoleman/strcase v0.2.0 github.com/markkurossi/tabulate v0.0.0-20211112080948-67dabd3f2db2 github.com/nfnt/resize v0.0.0-20160724205520-891127d8d1b5 @@ -25,7 +28,7 @@ require ( github.com/spf13/viper v1.13.0 github.com/suessflorian/gqlfetch v0.6.0 github.com/vishalkuo/bimap v0.0.0-20220726225509-e0b4f20de28b - golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/oauth2 v0.12.0 golang.org/x/sync v0.11.0 k8s.io/api v0.29.0 @@ -35,22 +38,31 @@ require ( ) require ( + dario.cat/mergo v1.0.0 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect + github.com/ProtonMail/go-crypto v1.1.3 // indirect github.com/agnivade/levenshtein v1.2.1 // indirect github.com/alexflint/go-arg v1.5.1 // indirect github.com/alexflint/go-scalar v1.2.0 // indirect github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect + github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect github.com/bugsnag/panicwrap v1.3.4 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cloudflare/circl v1.3.7 // indirect + github.com/cyphar/filepath-securejoin v0.2.5 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/eapache/go-resiliency v1.2.0 // indirect github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21 // indirect github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/emirpasic/gods v1.18.1 // indirect github.com/evanphx/json-patch/v5 v5.8.0 // indirect github.com/fogleman/gg v1.3.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-git/go-billy/v5 v5.6.0 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -66,11 +78,13 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect + github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect github.com/hashicorp/hcl v1.0.1-vault-3 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/invopop/yaml v0.1.0 // indirect + github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jcmturner/aescts/v2 v2.0.0 // indirect github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect github.com/jcmturner/gofork v1.0.0 // indirect @@ -79,6 +93,7 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect + github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.16.0 // indirect github.com/labstack/echo/v4 v4.9.1 // indirect github.com/labstack/gommon v0.4.0 // indirect @@ -97,12 +112,15 @@ require ( github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.0.8 // indirect github.com/pierrec/lz4/v4 v4.1.14 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.18.0 // indirect github.com/prometheus/client_model v0.5.0 // indirect github.com/prometheus/common v0.45.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect + github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect + github.com/skeema/knownhosts v1.3.0 // indirect github.com/spf13/afero v1.9.2 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect @@ -112,6 +130,8 @@ require ( github.com/valyala/fasttemplate v1.2.2 // indirect github.com/vektah/gqlparser v1.3.1 // indirect github.com/vektah/gqlparser/v2 v2.5.22 // indirect + github.com/xanzy/ssh-agent v0.3.3 // indirect + github.com/zclconf/go-cty v1.16.1 // indirect golang.org/x/crypto v0.33.0 // indirect golang.org/x/image v0.10.0 // indirect golang.org/x/mod v0.23.0 // indirect @@ -127,6 +147,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect + gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.29.0 // indirect diff --git a/go.sum b/go.sum index 054e7b0f..dfcfaf64 100644 --- a/go.sum +++ b/go.sum @@ -58,12 +58,19 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Khan/genqlient v0.8.0 h1:Hd1a+E1CQHYbMEKakIkvBH3zW0PWEeiX6Hp1i2kP2WE= github.com/Khan/genqlient v0.8.0/go.mod h1:hn70SpYjWteRGvxTwo0kfaqg4wxvndECGkfa1fdDdYI= +github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= +github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk= github.com/Shopify/sarama v1.34.1 h1:pVCQO7BMAK3s1jWhgi5v1W6lwZ6Veiekfc2vsgRS06Y= github.com/Shopify/sarama v1.34.1/go.mod h1:NZSNswsnStpq8TUdFaqnpXm2Do6KRzTIjdBdVlL1YRM= @@ -85,9 +92,13 @@ github.com/amit7itz/goset v1.2.1 h1:usFphDJfZgwnqfbKT8zI+2juuOgsZ6O8UA7NMRUVG7s= github.com/amit7itz/goset v1.2.1/go.mod h1:i8ni2YcxUMAwLBOkHWpy3glFviYdTcWqCvFgp91EMGI= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ= github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk= +github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= +github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= @@ -118,6 +129,8 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -134,6 +147,8 @@ github.com/corona10/goimagehash v1.0.2/go.mod h1:/l9umBhvcHQXVtQO1V6Gp1yD20STawk github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= +github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -147,8 +162,12 @@ github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21 h1:YEetp8 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/elazarl/goproxy v1.2.1 h1:njjgvO6cRG9rIqN2ebkqy6cQz2Njkx7Fsfv/zIZqgug= +github.com/elazarl/goproxy v1.2.1/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= +github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -174,6 +193,16 @@ github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyT github.com/getkin/kin-openapi v0.107.0 h1:bxhL6QArW7BXQj8NjXfIJQy680NsMKd25nwhvpCXchg= github.com/getkin/kin-openapi v0.107.0/go.mod h1:9Dhr+FasATJZjS4iOLvB0hkaxgYdulrNYm2e9epLWOo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= +github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8= +github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= +github.com/go-git/go-git/v5 v5.13.0 h1:vLn5wlGIh/X78El6r3Jr+30W16Blk0CTcxTYcYPWi5E= +github.com/go-git/go-git/v5 v5.13.0/go.mod h1:Wjo7/JyVKtQgUNdXYXIepzWfJQkUEIGvkvVkiXRR/zw= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -314,17 +343,29 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFb github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= +github.com/hashicorp/hc-install v0.9.1 h1:gkqTfE3vVbafGQo6VZXcy2v5yoz2bE0+nhZXruCuODQ= +github.com/hashicorp/hc-install v0.9.1/go.mod h1:pWWvN/IrfeBK4XPeXXYkL6EjMufHkCK5DvwxeLKuBf0= github.com/hashicorp/hcl v1.0.1-vault-3 h1:V95v5KSTu6DB5huDSKiq4uAfILEuNigK/+qPET6H/Mg= github.com/hashicorp/hcl v1.0.1-vault-3/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= +github.com/hashicorp/terraform-exec v0.22.0 h1:G5+4Sz6jYZfRYUCg6eQgDsqTzkNXV+fP8l+uRmZHj64= +github.com/hashicorp/terraform-exec v0.22.0/go.mod h1:bjVbsncaeh8jVdhttWYZuBGj21FcYw6Ia/XfHcNO7lQ= +github.com/hashicorp/terraform-json v0.24.0 h1:rUiyF+x1kYawXeRth6fKFm/MdfBS6+lW4NbeATsYz8Q= +github.com/hashicorp/terraform-json v0.24.0/go.mod h1:Nfj5ubo9xbu9uiAoZVBsNOjvNKB66Oyrvtit74kC7ow= github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -335,6 +376,8 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/invopop/yaml v0.1.0 h1:YW3WGUoJEXYfzWBjn00zIlrw7brGVD0fUKRYDPAPhrc= github.com/invopop/yaml v0.1.0/go.mod h1:2XuRLgs/ouIrW3XNzuNj7J3Nvu/Dig5MXvbCEdiBN3Q= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= @@ -363,6 +406,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 h1:iQTw/8FWTuc7uiaSepXwyf3o52HaUYcV+Tu66S3F5GA= github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= +github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= +github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.15.6/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= @@ -425,8 +470,8 @@ github.com/nfnt/resize v0.0.0-20160724205520-891127d8d1b5 h1:BvoENQQU+fZ9uukda/R github.com/nfnt/resize v0.0.0-20160724205520-891127d8d1b5/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8= github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/oriser/regroup v0.0.0-20210730155327-fca8d7531263 h1:Qd1Ml+uEhpesT8Og0ysEhu5+DGhbhW+qxjapH8t1Kvs= github.com/oriser/regroup v0.0.0-20210730155327-fca8d7531263/go.mod h1:odkMeLkWS8G6+WP2z3Pn2vkzhPSvBtFhAUYTKXAtZMQ= github.com/otterize/intents-operator/src v0.0.0-20250210080526-406ad1b23e76 h1:41RHXhHzcrZrmEv5ymrNE7M7jxv/kus+/fPyTviR57s= @@ -437,6 +482,8 @@ github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZ github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= github.com/pierrec/lz4/v4 v4.1.14 h1:+fL8AQEZtz/ijeNnpduH0bROTu0O3NZAlPjQxGn8LwE= github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -477,22 +524,25 @@ github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqn github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/samber/lo v1.47.0 h1:z7RynLwP5nbyRscyvcD043DWYoOcYRv3mV8lBeqOCLc= github.com/samber/lo v1.47.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= +github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw= github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= @@ -539,6 +589,8 @@ github.com/vektah/gqlparser/v2 v2.5.22 h1:yaaeJ0fu+nv1vUMW0Hl+aS1eiv1vMfapBNjpff github.com/vektah/gqlparser/v2 v2.5.22/go.mod h1:xMl+ta8a5M1Yo1A1Iwt/k7gSpscwSnHZdw7tfhEGfTM= github.com/vishalkuo/bimap v0.0.0-20220726225509-e0b4f20de28b h1:Wrh+B5ZP52L9v5h9h3owZTzgotdbBd9sfirUbRmCWD4= github.com/vishalkuo/bimap v0.0.0-20220726225509-e0b4f20de28b/go.mod h1:dxXQNHjw3hAY1z8izMtjimf/IjtT/o7ZZezj7XI8Vy0= +github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= +github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= @@ -548,6 +600,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zclconf/go-cty v1.16.1 h1:a5TZEPzBFFR53udlIKApXzj8JIF4ZNQ6abH79z5R1S0= +github.com/zclconf/go-cty v1.16.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -574,6 +628,7 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -586,8 +641,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 h1:kWC3b7j6Fu09SnEBr7P4PuQyM0R6sqyH9R+EjIvT1nQ= -golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -1074,6 +1129,8 @@ gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/src/cmd/groups/integrations.go b/src/cmd/groups/integrations.go new file mode 100644 index 00000000..c0e54226 --- /dev/null +++ b/src/cmd/groups/integrations.go @@ -0,0 +1,8 @@ +package groups + +import "github.com/spf13/cobra" + +var IntegrationsGroup = &cobra.Group{ + ID: "integrations", + Title: "Integrations Commands:", +} diff --git a/src/cmd/root.go b/src/cmd/root.go index 98d52b0c..0194f3df 100644 --- a/src/cmd/root.go +++ b/src/cmd/root.go @@ -14,6 +14,7 @@ import ( "github.com/otterize/otterize-cli/src/cmd/networkmapper" "github.com/otterize/otterize-cli/src/cmd/organizations" "github.com/otterize/otterize-cli/src/cmd/services" + "github.com/otterize/otterize-cli/src/cmd/terraform" "github.com/otterize/otterize-cli/src/cmd/users" "github.com/otterize/otterize-cli/src/cmd/version" "github.com/otterize/otterize-cli/src/pkg/config" @@ -126,6 +127,9 @@ func init() { RootCmd.AddCommand(accessgraph.AccessGraphCmd) RootCmd.AddCommand(clientintents.ClientIntentsCmd) + RootCmd.AddGroup(groups.IntegrationsGroup) + RootCmd.AddCommand(terraform.TerraformCmd) + RootCmd.AddGroup(groups.OSSGroup) RootCmd.AddCommand(networkmapper.MapperCmd) } diff --git a/src/cmd/terraform/parse/parse-tfstate.go b/src/cmd/terraform/parse/parse-tfstate.go new file mode 100644 index 00000000..f3fbfc63 --- /dev/null +++ b/src/cmd/terraform/parse/parse-tfstate.go @@ -0,0 +1,82 @@ +package parse + +import ( + "context" + "fmt" + cloudclient "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi" + "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi/cloudapi" + "github.com/otterize/otterize-cli/src/pkg/config" + "github.com/otterize/otterize-cli/src/pkg/git" + "github.com/otterize/otterize-cli/src/pkg/terraform" + "github.com/samber/lo" + "github.com/spf13/cobra" + "os" +) + +var ParseTfStateCmd = &cobra.Command{ + Use: "parse-tfstate ", + Short: "Parses the tf state in order to get the cloud iam information", + SilenceUsage: true, + RunE: func(cmd *cobra.Command, args []string) error { + dryRun, _ := cmd.Flags().GetBool("dry-run") + workingDir, _ := cmd.Flags().GetString("tf-dir") + + tfClient, err := terraform.GetTerraformClient(workingDir) + if err != nil { + fmt.Println("Error Initializing terraform client:", err) + os.Exit(1) + } + + state, err := tfClient.Show(context.Background()) + if err != nil { + fmt.Println("Error pulling Terraform state:", err) + os.Exit(1) + } + + gitInfo, err := git.GetGitRepoInformation(workingDir) + if err != nil { + fmt.Println("Error getting git information:", err) + os.Exit(1) + } + + terraformIamInfo := terraform.TerraformResourceInfo{} + terraformIamInfo.AwsRoles = terraform.ExtractAwsRoleAndPolicies(state) + + if !dryRun { + ctxTimeout, cancel := context.WithTimeout(context.Background(), config.DefaultTimeout) + defer cancel() + + c, err := cloudclient.NewClient(ctxTimeout) + if err != nil { + return err + } + + awsRoles := lo.Map(terraformIamInfo.AwsRoles, func(info terraform.AwsRoleInfo, _ int) map[string]interface{} { + return info.ToMap() + }) + + _, err = c.ReportTerraformResourcesMutationWithResponse(ctxTimeout, + cloudapi.ReportTerraformResourcesMutationJSONRequestBody{ + ResourceInfo: cloudapi.InputTerraformResourceInfo{ + AwsRoles: &awsRoles, + ModulePath: gitInfo.RelativePath, + GitOriginUrl: gitInfo.OriginUrl, + GitCommitHash: gitInfo.Commit, + }, + }, + ) + if err != nil { + return err + } + } + + gitInfo.Print() + terraformIamInfo.Print() + + return nil + }, +} + +func init() { + ParseTfStateCmd.PersistentFlags().String("tf-dir", "", "Manually specify the terraform module location") +} diff --git a/src/cmd/terraform/terraform.go b/src/cmd/terraform/terraform.go new file mode 100644 index 00000000..99ddd925 --- /dev/null +++ b/src/cmd/terraform/terraform.go @@ -0,0 +1,24 @@ +package terraform + +import ( + "github.com/otterize/otterize-cli/src/cmd/groups" + "github.com/otterize/otterize-cli/src/cmd/terraform/parse" + "github.com/otterize/otterize-cli/src/pkg/cloudclient" + "github.com/spf13/cobra" +) + +var debug bool + +var TerraformCmd = &cobra.Command{ + Use: "terraform", + GroupID: groups.IntegrationsGroup.ID, + Aliases: []string{"terraform", "tf"}, + Short: "Integrate with Terraform state", +} + +func init() { + cloudclient.RegisterAPIFlags(TerraformCmd) + TerraformCmd.PersistentFlags().BoolVar(&debug, "dry-run", false, "Simulate the command without making changes") + + TerraformCmd.AddCommand(parse.ParseTfStateCmd) +} diff --git a/src/pkg/cloudclient/graphql/generated.go b/src/pkg/cloudclient/graphql/generated.go index 88c32d9e..473f8eaa 100644 --- a/src/pkg/cloudclient/graphql/generated.go +++ b/src/pkg/cloudclient/graphql/generated.go @@ -186,7 +186,7 @@ type __SendCLITelemetryInput struct { // GetTelemetry returns __SendCLITelemetryInput.Telemetry, and is useful for accessing the field via an interface. func (v *__SendCLITelemetryInput) GetTelemetry() CLITelemetry { return v.Telemetry } -// The query or mutation executed by CreateUserFromAuth0User. +// The mutation executed by CreateUserFromAuth0User. const CreateUserFromAuth0User_Operation = ` mutation CreateUserFromAuth0User { me { @@ -210,15 +210,14 @@ fragment MeFields on Me { func CreateUserFromAuth0User( ctx_ context.Context, client_ graphql.Client, -) (*CreateUserFromAuth0UserResponse, error) { +) (data_ *CreateUserFromAuth0UserResponse, err_ error) { req_ := &graphql.Request{ OpName: "CreateUserFromAuth0User", Query: CreateUserFromAuth0User_Operation, } - var err_ error - var data_ CreateUserFromAuth0UserResponse - resp_ := &graphql.Response{Data: &data_} + data_ = &CreateUserFromAuth0UserResponse{} + resp_ := &graphql.Response{Data: data_} err_ = client_.MakeRequest( ctx_, @@ -226,10 +225,10 @@ func CreateUserFromAuth0User( resp_, ) - return &data_, err_ + return data_, err_ } -// The query or mutation executed by SendCLITelemetry. +// The mutation executed by SendCLITelemetry. const SendCLITelemetry_Operation = ` mutation SendCLITelemetry ($telemetry: CLITelemetry!) { sendCLITelemetries(telemetries: [$telemetry]) @@ -240,7 +239,7 @@ func SendCLITelemetry( ctx_ context.Context, client_ graphql.Client, telemetry CLITelemetry, -) (*SendCLITelemetryResponse, error) { +) (data_ *SendCLITelemetryResponse, err_ error) { req_ := &graphql.Request{ OpName: "SendCLITelemetry", Query: SendCLITelemetry_Operation, @@ -248,10 +247,9 @@ func SendCLITelemetry( Telemetry: telemetry, }, } - var err_ error - var data_ SendCLITelemetryResponse - resp_ := &graphql.Response{Data: &data_} + data_ = &SendCLITelemetryResponse{} + resp_ := &graphql.Response{Data: data_} err_ = client_.MakeRequest( ctx_, @@ -259,5 +257,5 @@ func SendCLITelemetry( resp_, ) - return &data_, err_ + return data_, err_ } diff --git a/src/pkg/cloudclient/graphql/schema.graphql b/src/pkg/cloudclient/graphql/schema.graphql index 7ea52235..b05acbb8 100644 --- a/src/pkg/cloudclient/graphql/schema.graphql +++ b/src/pkg/cloudclient/graphql/schema.graphql @@ -132,6 +132,35 @@ input AWSVisibilitySettingsInput { regions: [String!]! } +type AccessApprovalRuleset { + id: ID! + origin: AccessApprovalRulesetFilter! + target: AccessApprovalRulesetFilter! + action: AccessApprovalRulesetAction! +} + +enum AccessApprovalRulesetAction { + AUTO_APPROVE + AUTO_DENY + REQUIRE_APPROVAL +} + +type AccessApprovalRulesetFilter { + clusterIds: IDFilterValue + serviceIds: IDFilterValue + namespaceIds: IDFilterValue + environmentIds: IDFilterValue +} + +enum AccessApprovalRulesetFilterValue { + ANY +} + +type AccessApprovalRulesetSummary { + environment: Environment! + count: Int! +} + type AccessGraph { filter: AccessGraphFilter! """Clusters for which there are results""" @@ -148,6 +177,7 @@ type AccessGraphEdge { accessStatus: EdgeAccessStatus! accessStatuses: EdgeAccessStatuses! findings: [CallFinding!]! + traffic: TrafficLevel! } """ Access graph filter """ @@ -202,6 +232,39 @@ enum ApiMethod { DELETE } +"""applied intents request""" +input AppliedIntentsRequestApprovalData { +"""applied intents request""" + approved: Boolean! +"""applied intents request""" + reason: String! +} + +type AppliedIntentsRequestStatus { + id: ID! +"""client""" + service: Service! + timestamp: Time! + status: AppliedIntentsRequestStatusLabel! + reason: String +} + +enum AppliedIntentsRequestStatusLabel { + PENDING + APPROVED + DENIED +} + +type AppliedIntentsRequestWithDetails { + id: ID! + clientService: Service! + serverServices: [Service!]! + timestamp: Time! + status: AppliedIntentsRequestStatusLabel! + reason: String + clientIntents: ClientIntentsFileRepresentation! +} + enum AwsIamStep { CREATE_CLUSTER CONNECT_CLUSTER @@ -309,6 +372,13 @@ input ClientIPConfig { timeoutSeconds: Int } +type ClientIntentAccessStatus { + total: Int! + allowed: Int! + blocked: Int! + wouldBeBlocked: Int! +} + type ClientIntentEvent { firstTimestamp: Time lastTimestamp: Time @@ -376,6 +446,15 @@ type ClientIntentsRow { calledServerId: ID } +type CloudAccessEntry { + identity: String! + resourceActions: [ResourceActions!]! +} + +type CloudIam { + awsRoles: [String!] +} + type Cluster { id: ID! name: String! @@ -392,8 +471,10 @@ type Cluster { type ClusterConfiguration { globalDefaultDeny: Boolean! istioGlobalDefaultDeny: Boolean! + linkerdGlobalDefaultDeny: Boolean! useNetworkPoliciesInAccessGraphStates: Boolean! useIstioPoliciesInAccessGraphStates: Boolean! + useLinkerdPoliciesInAccessGraphStates: Boolean! useKafkaACLsInAccessGraphStates: Boolean! useAWSIAMInAccessGraphStates: Boolean! useGCPIAMInAccessGraphStates: Boolean! @@ -405,8 +486,10 @@ type ClusterConfiguration { input ClusterConfigurationInput { globalDefaultDeny: Boolean! istioGlobalDefaultDeny: Boolean + linkerdGlobalDefaultDeny: Boolean useNetworkPoliciesInAccessGraphStates: Boolean! useIstioPoliciesInAccessGraphStates: Boolean! + useLinkerdPoliciesInAccessGraphStates: Boolean! useKafkaACLsInAccessGraphStates: Boolean! useAWSIAMInAccessGraphStates: Boolean useGCPIAMInAccessGraphStates: Boolean @@ -563,6 +646,11 @@ enum DatabaseVisibilitySource { GCP_PUBSUB } +type DefaultIntentsApprovalActionByEnv { + environmentId: ID! + action: AccessApprovalRulesetAction! +} + type DetectedCloudServer { cloudProvider: String! cloudService: String! @@ -574,9 +662,19 @@ input DiscoveredIntentInput { intent: IntentInput! } +input EBPFDiagnostics { + containerImage: String + executable: String + executableHash: String + programName: String + podName: String + podNamespace: String +} + type EdgeAccessStatus { useNetworkPoliciesInAccessGraphStates: Boolean! useIstioPoliciesInAccessGraphStates: Boolean! + useLinkerdPoliciesInAccessGraphStates: Boolean! useKafkaPoliciesInAccessGraphStates: Boolean! verdict: EdgeAccessStatusVerdict! reason: EdgeAccessStatusReason! @@ -638,6 +736,7 @@ type EdgeAccessStatuses { gcpIam: EdgeAccessStatus! azureIAM: EdgeAccessStatus! database: EdgeAccessStatus! + linkerdPolicies: EdgeAccessStatus! } type Environment { @@ -686,6 +785,8 @@ enum EventType { PROTECTED_SERVICE_APPLIED PROTECTED_SERVICE_DELETED ACTIVE + EBPF_ATTACHED + EBPF_ATTACH_FAILED } input ExternalTrafficDiscoveredIntentInput { @@ -720,6 +821,8 @@ type FeatureFlags { useClientIntentsV2: Boolean enableFindingsV2: Boolean useTypedIntentsCTE: Boolean + enableInternetIntentsSuggestions: Boolean + enableIAMIntentsSuggestions: Boolean } type Finding { @@ -851,11 +954,13 @@ input GitHubRepoInfoInput { type GitHubSettings { isActive: Boolean! repoFilterPairs: [GitHubRepoFilterPair!]! + enableAutoMerge: Boolean! } input GitHubSettingsInput { isActive: Boolean! repoFilterPairs: [GitHubRepoFilterPairInput!]! + enableAutoMerge: Boolean } type GitLabRepoFilterPair { @@ -953,6 +1058,40 @@ input IngressControllerConfigInput { kind: String! } +"""Ruleset""" +input InputAccessApprovalRuleset { +"""Ruleset""" + id: ID +"""Ruleset""" + origin: InputAccessApprovalRulesetConfigFilter! +"""Ruleset""" + target: InputAccessApprovalRulesetConfigFilter! +"""Ruleset""" + action: AccessApprovalRulesetAction! +} + +input InputAccessApprovalRulesetConfigFilter { + clusterIds: InputIDFilterValue + serviceIds: InputIDFilterValue + namespaceIds: InputIDFilterValue +} + +""" Ruleset filter """ +input InputAccessApprovalRulesetFilter { +""" Ruleset filter """ + environmentIds: InputIDFilterValue +""" Ruleset filter """ + environmentNames: InputIDFilterValue +""" Ruleset filter """ + namespaceIds: InputIDFilterValue +""" Ruleset filter """ + clusterIds: InputIDFilterValue +""" Ruleset filter """ + serviceIds: InputIDFilterValue +""" Ruleset filter """ + actions: InputIDFilterValue +} + input InputAccessGraphFilter { clusterIds: InputIDFilterValue serviceIds: InputIDFilterValue @@ -985,12 +1124,35 @@ input InputAccessLogFilter { accessStatusReasons: InputIDFilterValue } +""" Applied intents request filter """ +input InputAppliedIntentsRequestFilter { +""" Applied intents request filter """ + requestIds: InputIDFilterValue +""" Applied intents request filter """ + clusterIds: InputIDFilterValue +""" Applied intents request filter """ + serviceIds: InputIDFilterValue +""" Applied intents request filter """ + namespaceIds: InputIDFilterValue +""" Applied intents request filter """ + environmentIds: InputIDFilterValue +""" Applied intents request filter """ + approvalStatuses: InputIDFilterValue +} + +input InputDefaultIntentsApprovalActionByEnv { + environmentId: ID! + action: AccessApprovalRulesetAction! +} + input InputFeatureFlags { isCloudServicesDetectionEnabled: Boolean isCloudSecurityEnabled: Boolean useClientIntentsV2: Boolean enableFindingsV2: Boolean useTypedIntentsCTE: Boolean + enableInternetIntentsSuggestions: Boolean + enableIAMIntentsSuggestions: Boolean } """ Findings filter """ @@ -1054,11 +1216,37 @@ input InputServiceFilter { integrationIds: [ID!] } +input InputTerraformAwsPolicyInfo { + arn: String! + address: String! +} + +input InputTerraformAwsRoleInfo { + arn: String! + address: String! + inlinePolicy: String! + attachedPolicies: [InputTerraformAwsPolicyInfo!] +} + +input InputTerraformResourceInfo { + modulePath: String! + gitOriginUrl: String! + gitCommitHash: String! + awsRoles: [InputTerraformAwsRoleInfo!] +} + input InputTimeFilterValue { value: Time! operator: TimeFilterOperators! } +input InputValidateIDFilter { + clusterIds: InputIDFilterValue + serviceIds: InputIDFilterValue + namespaceIds: InputIDFilterValue + environmentIds: InputIDFilterValue +} + """ Workload/Resource inventory filter """ input InputWorkloadInventoryFilter { """ Workload/Resource inventory filter """ @@ -1128,6 +1316,7 @@ enum IntegrationState { FAILURE PENDING WARNING + DISABLED } type IntegrationStatus { @@ -1164,6 +1353,7 @@ type Intent { kafkaTopics: [KafkaConfig!] httpResources: [HTTPConfig!] databaseResources: [DatabaseConfig!] + awsRole: String awsActions: [String!] azureRoles: [String!] azureActions: [String!] @@ -1188,6 +1378,7 @@ input IntentInput { topics: [KafkaConfigInput!] resources: [HTTPConfigInput!] databaseResources: [DatabaseConfigInput!] + awsRole: String awsActions: [String!] azureRoles: [String!] azureActions: [String!] @@ -1199,6 +1390,11 @@ input IntentInput { resolutionData: String } +input IntentRequestInput { + requestId: ID! + intent: IntentInput! +} + type IntentStatus { serviceAccountName: String! isServiceAccountShared: Boolean! @@ -1232,6 +1428,7 @@ type IntentsOperatorConfiguration { networkPolicyEnforcementEnabled: Boolean! kafkaACLEnforcementEnabled: Boolean! istioPolicyEnforcementEnabled: Boolean! + linkerdPolicyEnforcementEnabled: Boolean! awsIAMPolicyEnforcementEnabled: Boolean! gcpIAMPolicyEnforcementEnabled: Boolean! azureIAMPolicyEnforcementEnabled: Boolean! @@ -1247,6 +1444,7 @@ input IntentsOperatorConfigurationInput { networkPolicyEnforcementEnabled: Boolean kafkaACLEnforcementEnabled: Boolean istioPolicyEnforcementEnabled: Boolean + linkerdPolicyEnforcementEnabled: Boolean protectedServicesEnabled: Boolean egressNetworkPolicyEnforcementEnabled: Boolean awsIAMPolicyEnforcementEnabled: Boolean @@ -1571,6 +1769,19 @@ input MetadataEntry { type Mutation { """This is just a placeholder since currently GraphQL does not allow empty types""" dummy: Boolean +"""applied intents requests""" + reportAppliedIntentsRequest( + intents: [IntentRequestInput!]! + ): Boolean! + updateIntentsApprovalStatus( + id: ID! + result: AppliedIntentsRequestApprovalData! + ): Boolean! +"""rulesets""" + createOrUpdateAccessApprovalRulesets( + environmentId: ID! + rules: [InputAccessApprovalRuleset!]! + ): Boolean! """Register certificate-request details for kubernetes pod owner, returns the service associated with this pod owner""" registerKubernetesPodOwnerCertificateRequest( podOwner: NamespacedPodOwner! @@ -1637,6 +1848,7 @@ type Mutation { ignored: Boolean! reason: String ): Boolean! + createFindingsForOrg: Boolean! """Create a new generic integration""" createGenericIntegration( name: String! @@ -1844,6 +2056,10 @@ type Mutation { reportServiceMetadata( serviceMeta: ReportServiceMetadataInput! ): Boolean! +"""update multiple service metadata from operator""" + reportServicesMetadata( + servicesMeta: [ReportServiceMetadataInput!]! + ): Boolean! """Bulk Update services""" addTagsToServices( ids: [ID!]! @@ -1855,6 +2071,14 @@ type Mutation { sendCLITelemetries( telemetries: [CLITelemetry!]! ): Boolean! +"""report terraform resources from Otterize CLI""" + reportTerraformResources( + resourceInfo: InputTerraformResourceInfo! + ): TerraformResourceInfo! +"""Update service""" + reportTrafficLevels( + trafficLevels: [TrafficLevelInput!]! + ): Boolean! saveOnboardingFeedback( userEmail: String! feedback: String! @@ -1939,6 +2163,7 @@ input NetworkPolicySpecInput { type Organization { id: ID! name: String! + uniqueName: String! imageURL: String settings: OrganizationSettings! created: Time! @@ -1948,12 +2173,14 @@ type OrganizationSettings { domains: [String!] enforcedRegulations: [String!] ignoredCloudDomains: [String!] + defaultIntentsApprovalActionByEnv: [DefaultIntentsApprovalActionByEnv!]! } input OrganizationSettingsInput { domains: [String!] enforcedRegulations: [String] ignoredCloudDomains: [String!] + defaultIntentsApprovalActionByEnv: [InputDefaultIntentsApprovalActionByEnv!] } input PaginationInput { @@ -1993,6 +2220,12 @@ type Query { accessGraph( filter: InputAccessGraphFilter ): AccessGraph! + accessGraphServices( + filter: InputAccessGraphFilter + ): [Service!]! + accessGraphCloudIam( + filter: InputAccessGraphFilter + ): [CloudAccessEntry!]! serviceAccessGraph( id: ID! ): ServiceAccessGraph! @@ -2012,10 +2245,28 @@ type Query { clusterIds: [ID!] featureFlags: InputFeatureFlags ): [ClientIntentsFileRepresentation!]! +""" Get service incoming internet connections """ + serviceIncomingInternetConnections( + targetServiceId: ID! + lastSeenAfter: Time! + ): [String!]! """Get access log""" accessLog( filter: InputAccessLogFilter ): AccessLog! +"""applied intents requests""" + appliedIntentsRequestStatus( + filter: InputAppliedIntentsRequestFilter + ): [AppliedIntentsRequestStatus!]! + appliedIntentsRequestWithDetails( + id: ID! + featureFlags: InputFeatureFlags + ): AppliedIntentsRequestWithDetails! +"""rulesets""" + accessApprovalRulesetSummary: [AccessApprovalRulesetSummary!]! + accessApprovalRulesetList( + filter: InputAccessApprovalRulesetFilter + ): [AccessApprovalRuleset!]! """Get cluster""" cluster( id: ID! @@ -2041,6 +2292,10 @@ type Query { oneEnvironment( name: String! ): Environment! +"""Validate existing ID filters and return valid filters""" + validateFilters( + filter: InputValidateIDFilter! + ): ValidIDFilter! findings( filter: InputFindingFilter tree: Boolean @@ -2087,12 +2342,6 @@ type Query { testDatabaseVisibilityConnection( databaseInfo: DatabaseInfoInput! ): TestDatabaseConnectionResponse! - clientIntentEventsForWorkload( - id: ID! - ): [ClientIntentEvent!] - clientIntentStatusForWorkload( - id: ID! - ): ClientIntentStatus """List user invites""" invites( email: String @@ -2229,6 +2478,11 @@ type Resource { inboundStatus: ServerProtectionStatusVerdict! } +type ResourceActions { + resource: String! + actions: [String!]! +} + enum RowDiff { ADDED REMOVED @@ -2312,6 +2566,7 @@ type Service { id: ID! name: String! tags: [String!] + cloudIam: CloudIam workloadKind: String aliases: [ServerAlias!] namespace: Namespace @@ -2342,6 +2597,7 @@ type ServiceAccessStatus { useNetworkPoliciesInAccessGraphStates: Boolean! useKafkaACLsInAccessGraphStates: Boolean! useIstioPoliciesInAccessGraphStates: Boolean! + useLinkerdPoliciesInAccessGraphStates: Boolean! protectionStatus: ServerProtectionStatus! protectionStatuses: ServerProtectionStatuses! blockingStatus: ServerBlockingStatus! @@ -2356,6 +2612,8 @@ input ServiceBackendPortInput { type ServiceClientIntents { asClient: ClientIntentsFiles asServer: ClientIntentsFiles + asClientStatus: ClientIntentAccessStatus + asServerStatus: ClientIntentAccessStatus appliedIntentStatus: ClientIntentStatus appliedIntentEvents: [ClientIntentEvent!] } @@ -2385,6 +2643,7 @@ enum ServiceInternalTrafficPolicy { input ServiceMetadataInput { tags: [String!] + awsRoles: [String!] } enum ServiceType { @@ -2482,11 +2741,14 @@ enum TelemetryComponentType { CREDENTIALS_OPERATOR NETWORK_MAPPER CLI + NODE_AGENT } input TelemetryData { eventType: EventType! count: Int + error: String + ebpf: EBPFDiagnostics } input TelemetryInput { @@ -2494,6 +2756,25 @@ input TelemetryInput { data: TelemetryData! } +type TerraformAwsPolicyInfo { + arn: String! + address: String! +} + +type TerraformAwsRoleInfo { + arn: String! + address: String! + inlinePolicy: String! + attachedPolicies: [TerraformAwsPolicyInfo!] +} + +type TerraformResourceInfo { + modulePath: String! + gitOriginUrl: String! + gitCommitHash: String! + awsRoles: [TerraformAwsRoleInfo!] +} + type TestDatabaseConnectionResponse { success: Boolean! errorMessage: String! @@ -2521,6 +2802,21 @@ input TimeRangeInput { to: Time } +type TrafficLevel { + dataBytesPerSecond: Int! + flowsCountPerSecond: Int! + lastReportedAt: Time! +} + +input TrafficLevelInput { + clientName: String! + clientNamespace: String! + serverName: String! + serverNamespace: String! + dataBytesPerSecond: Int! + flowsCountPerSecond: Int! +} + enum TutorialEvent { CLUSTER_CREATED CLUSTER_CONNECTED @@ -2587,6 +2883,15 @@ type UserTutorial { stepSeen: String! } +""" Used to validate ID based filters """ +type ValidIDFilter { + clusterIds: IDFilterValue + serviceIds: IDFilterValue + namespaceIds: IDFilterValue + regulationIds: IDFilterValue + environmentIds: IDFilterValue +} + type Workload { id: ID! service: Service! diff --git a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go index 2904ef5b..ae31d4e8 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go +++ b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go @@ -20,6 +20,7 @@ import ( const ( AccessTokenCookieScopes = "accessTokenCookie.Scopes" + BearerAuthScopes = "bearerAuth.Scopes" Oauth2Scopes = "oauth2.Scopes" OrganizationHeaderScopes = "organizationHeader.Scopes" ) @@ -111,6 +112,13 @@ const ( GCPPUBSUB DatabaseVisibilitySettingsSource = "GCP_PUBSUB" ) +// Defines values for DefaultIntentsApprovalActionByEnvAction. +const ( + AUTOAPPROVE DefaultIntentsApprovalActionByEnvAction = "AUTO_APPROVE" + AUTODENY DefaultIntentsApprovalActionByEnvAction = "AUTO_DENY" + REQUIREAPPROVAL DefaultIntentsApprovalActionByEnvAction = "REQUIRE_APPROVAL" +) + // Defines values for EdgeAccessStatusReason. const ( EdgeAccessStatusReasonALLOWEDBYAPPLIEDINTENTS EdgeAccessStatusReason = "ALLOWED_BY_APPLIED_INTENTS" @@ -240,10 +248,11 @@ const ( // Defines values for IntegrationStatusState. const ( - IntegrationStatusStateFAILURE IntegrationStatusState = "FAILURE" - IntegrationStatusStatePENDING IntegrationStatusState = "PENDING" - IntegrationStatusStateSUCCESS IntegrationStatusState = "SUCCESS" - IntegrationStatusStateWARNING IntegrationStatusState = "WARNING" + IntegrationStatusStateDISABLED IntegrationStatusState = "DISABLED" + IntegrationStatusStateFAILURE IntegrationStatusState = "FAILURE" + IntegrationStatusStatePENDING IntegrationStatusState = "PENDING" + IntegrationStatusStateSUCCESS IntegrationStatusState = "SUCCESS" + IntegrationStatusStateWARNING IntegrationStatusState = "WARNING" ) // Defines values for IntentsOperatorComponentType. @@ -466,6 +475,7 @@ type AccessGraphEdge struct { Server struct { Id string `json:"id"` } `json:"server"` + Traffic TrafficLevel `json:"traffic"` } // AccessGraphFilter Access graph filter @@ -555,6 +565,14 @@ type CertificateInformation struct { Ttl *int32 `json:"ttl,omitempty"` } +// ClientIntentAccessStatus defines model for ClientIntentAccessStatus. +type ClientIntentAccessStatus struct { + Allowed int32 `json:"allowed"` + Blocked int32 `json:"blocked"` + Total int32 `json:"total"` + WouldBeBlocked int32 `json:"wouldBeBlocked"` +} + // ClientIntentEvent defines model for ClientIntentEvent. type ClientIntentEvent struct { Count int32 `json:"count"` @@ -602,6 +620,11 @@ type ClientIntentsRow struct { // ClientIntentsRowDiff defines model for ClientIntentsRow.Diff. type ClientIntentsRowDiff string +// CloudIam defines model for CloudIam. +type CloudIam struct { + AwsRoles *[]string `json:"awsRoles,omitempty"` +} + // Cluster defines model for Cluster. type Cluster struct { Components IntegrationComponents `json:"components"` @@ -629,12 +652,14 @@ type ClusterConfiguration struct { ClusterFormSettings ClusterFormSettings `json:"clusterFormSettings"` GlobalDefaultDeny bool `json:"globalDefaultDeny"` IstioGlobalDefaultDeny bool `json:"istioGlobalDefaultDeny"` + LinkerdGlobalDefaultDeny bool `json:"linkerdGlobalDefaultDeny"` UseAWSIAMInAccessGraphStates bool `json:"useAWSIAMInAccessGraphStates"` UseAzureIAMInAccessGraphStates bool `json:"useAzureIAMInAccessGraphStates"` UseDatabaseInAccessGraphStates bool `json:"useDatabaseInAccessGraphStates"` UseGCPIAMInAccessGraphStates bool `json:"useGCPIAMInAccessGraphStates"` UseIstioPoliciesInAccessGraphStates bool `json:"useIstioPoliciesInAccessGraphStates"` UseKafkaACLsInAccessGraphStates bool `json:"useKafkaACLsInAccessGraphStates"` + UseLinkerdPoliciesInAccessGraphStates bool `json:"useLinkerdPoliciesInAccessGraphStates"` UseNetworkPoliciesInAccessGraphStates bool `json:"useNetworkPoliciesInAccessGraphStates"` } @@ -643,12 +668,14 @@ type ClusterConfigurationInput struct { ClusterFormSettings *map[string]interface{} `json:"clusterFormSettings,omitempty"` GlobalDefaultDeny bool `json:"globalDefaultDeny"` IstioGlobalDefaultDeny *bool `json:"istioGlobalDefaultDeny,omitempty"` + LinkerdGlobalDefaultDeny *bool `json:"linkerdGlobalDefaultDeny,omitempty"` UseAWSIAMInAccessGraphStates *bool `json:"useAWSIAMInAccessGraphStates,omitempty"` UseAzureIAMInAccessGraphStates *bool `json:"useAzureIAMInAccessGraphStates,omitempty"` UseDatabaseInAccessGraphStates *bool `json:"useDatabaseInAccessGraphStates,omitempty"` UseGCPIAMInAccessGraphStates *bool `json:"useGCPIAMInAccessGraphStates,omitempty"` UseIstioPoliciesInAccessGraphStates bool `json:"useIstioPoliciesInAccessGraphStates"` UseKafkaACLsInAccessGraphStates bool `json:"useKafkaACLsInAccessGraphStates"` + UseLinkerdPoliciesInAccessGraphStates bool `json:"useLinkerdPoliciesInAccessGraphStates"` UseNetworkPoliciesInAccessGraphStates bool `json:"useNetworkPoliciesInAccessGraphStates"` } @@ -733,6 +760,15 @@ type DatabaseVisibilitySettings struct { // DatabaseVisibilitySettingsSource defines model for DatabaseVisibilitySettings.Source. type DatabaseVisibilitySettingsSource string +// DefaultIntentsApprovalActionByEnv defines model for DefaultIntentsApprovalActionByEnv. +type DefaultIntentsApprovalActionByEnv struct { + Action DefaultIntentsApprovalActionByEnvAction `json:"action"` + EnvironmentId string `json:"environmentId"` +} + +// DefaultIntentsApprovalActionByEnvAction defines model for DefaultIntentsApprovalActionByEnv.Action. +type DefaultIntentsApprovalActionByEnvAction string + // DetectedCloudServer defines model for DetectedCloudServer. type DetectedCloudServer struct { CloudProvider string `json:"cloudProvider"` @@ -746,6 +782,7 @@ type EdgeAccessStatus struct { Reasons []EdgeAccessStatusReasons `json:"reasons"` UseIstioPoliciesInAccessGraphStates bool `json:"useIstioPoliciesInAccessGraphStates"` UseKafkaPoliciesInAccessGraphStates bool `json:"useKafkaPoliciesInAccessGraphStates"` + UseLinkerdPoliciesInAccessGraphStates bool `json:"useLinkerdPoliciesInAccessGraphStates"` UseNetworkPoliciesInAccessGraphStates bool `json:"useNetworkPoliciesInAccessGraphStates"` Verdict EdgeAccessStatusVerdict `json:"verdict"` } @@ -767,6 +804,7 @@ type EdgeAccessStatuses struct { GcpIam EdgeAccessStatus `json:"gcpIam"` IstioPolicies EdgeAccessStatus `json:"istioPolicies"` KafkaACLs EdgeAccessStatus `json:"kafkaACLs"` + LinkerdPolicies EdgeAccessStatus `json:"linkerdPolicies"` NetworkPolicies EdgeAccessStatus `json:"networkPolicies"` } @@ -789,11 +827,13 @@ type Error struct { // FeatureFlags defines model for FeatureFlags. type FeatureFlags struct { - EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` - IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` - IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` - UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` - UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` + EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` + EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` + EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` + IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` + IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` + UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` + UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` } // GCPInfo defines model for GCPInfo. @@ -839,12 +879,14 @@ type GitHubRepoInfo struct { // GitHubSettings defines model for GitHubSettings. type GitHubSettings struct { + EnableAutoMerge bool `json:"enableAutoMerge"` IsActive bool `json:"isActive"` RepoFilterPairs []GitHubRepoFilterPair `json:"repoFilterPairs"` } // GitHubSettingsInput defines model for GitHubSettingsInput. type GitHubSettingsInput struct { + EnableAutoMerge *bool `json:"enableAutoMerge,omitempty"` IsActive bool `json:"isActive"` RepoFilterPairs []map[string]interface{} `json:"repoFilterPairs"` } @@ -906,11 +948,13 @@ type InputAccessLogFilter struct { // InputFeatureFlags defines model for InputFeatureFlags. type InputFeatureFlags struct { - EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` - IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` - IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` - UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` - UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` + EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` + EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` + EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` + IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` + IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` + UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` + UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` } // InputServiceFilter Service filter @@ -924,6 +968,14 @@ type InputServiceFilter struct { ServiceType *map[string]interface{} `json:"serviceType,omitempty"` } +// InputTerraformResourceInfo defines model for InputTerraformResourceInfo. +type InputTerraformResourceInfo struct { + AwsRoles *[]map[string]interface{} `json:"awsRoles,omitempty"` + GitCommitHash string `json:"gitCommitHash"` + GitOriginUrl string `json:"gitOriginUrl"` + ModulePath string `json:"modulePath"` +} + // Integration defines model for Integration. type Integration struct { AwsInfo *AWSInfo `json:"awsInfo,omitempty"` @@ -1028,6 +1080,7 @@ type IntentsOperatorConfiguration struct { GlobalEnforcementEnabled bool `json:"globalEnforcementEnabled"` IstioPolicyEnforcementEnabled bool `json:"istioPolicyEnforcementEnabled"` KafkaACLEnforcementEnabled bool `json:"kafkaACLEnforcementEnabled"` + LinkerdPolicyEnforcementEnabled bool `json:"linkerdPolicyEnforcementEnabled"` NetworkPolicyEnforcementEnabled bool `json:"networkPolicyEnforcementEnabled"` ProtectedServices []struct { Id string `json:"id"` @@ -1134,25 +1187,28 @@ type NetworkMapperComponentType string // Organization defines model for Organization. type Organization struct { - Created time.Time `json:"created"` - Id string `json:"id"` - ImageURL *string `json:"imageURL,omitempty"` - Name string `json:"name"` - Settings OrganizationSettings `json:"settings"` + Created time.Time `json:"created"` + Id string `json:"id"` + ImageURL *string `json:"imageURL,omitempty"` + Name string `json:"name"` + Settings OrganizationSettings `json:"settings"` + UniqueName string `json:"uniqueName"` } // OrganizationSettings defines model for OrganizationSettings. type OrganizationSettings struct { - Domains *[]string `json:"domains,omitempty"` - EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` - IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` + DefaultIntentsApprovalActionByEnv []DefaultIntentsApprovalActionByEnv `json:"defaultIntentsApprovalActionByEnv"` + Domains *[]string `json:"domains,omitempty"` + EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` + IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` } // OrganizationSettingsInput defines model for OrganizationSettingsInput. type OrganizationSettingsInput struct { - Domains *[]string `json:"domains,omitempty"` - EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` - IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` + DefaultIntentsApprovalActionByEnv *[]map[string]interface{} `json:"defaultIntentsApprovalActionByEnv,omitempty"` + Domains *[]string `json:"domains,omitempty"` + EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` + IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` } // PaginationInput defines model for PaginationInput. @@ -1210,6 +1266,7 @@ type Service struct { AwsVisibility *AWSVisibility `json:"awsVisibility,omitempty"` AzureResource *AzureResource `json:"azureResource,omitempty"` CertificateInformation *CertificateInformation `json:"certificateInformation,omitempty"` + CloudIam *CloudIam `json:"cloudIam,omitempty"` DatabaseIntegration *struct { Id string `json:"id"` } `json:"databaseIntegration,omitempty"` @@ -1252,15 +1309,18 @@ type ServiceAccessStatus struct { ProtectionStatuses ServerProtectionStatuses `json:"protectionStatuses"` UseIstioPoliciesInAccessGraphStates bool `json:"useIstioPoliciesInAccessGraphStates"` UseKafkaACLsInAccessGraphStates bool `json:"useKafkaACLsInAccessGraphStates"` + UseLinkerdPoliciesInAccessGraphStates bool `json:"useLinkerdPoliciesInAccessGraphStates"` UseNetworkPoliciesInAccessGraphStates bool `json:"useNetworkPoliciesInAccessGraphStates"` } // ServiceClientIntents defines model for ServiceClientIntents. type ServiceClientIntents struct { - AppliedIntentEvents *[]ClientIntentEvent `json:"appliedIntentEvents,omitempty"` - AppliedIntentStatus *ClientIntentStatus `json:"appliedIntentStatus,omitempty"` - AsClient *ClientIntentsFiles `json:"asClient,omitempty"` - AsServer *ClientIntentsFiles `json:"asServer,omitempty"` + AppliedIntentEvents *[]ClientIntentEvent `json:"appliedIntentEvents,omitempty"` + AppliedIntentStatus *ClientIntentStatus `json:"appliedIntentStatus,omitempty"` + AsClient *ClientIntentsFiles `json:"asClient,omitempty"` + AsClientStatus *ClientIntentAccessStatus `json:"asClientStatus,omitempty"` + AsServer *ClientIntentsFiles `json:"asServer,omitempty"` + AsServerStatus *ClientIntentAccessStatus `json:"asServerStatus,omitempty"` } // ServicesResponse defines model for ServicesResponse. @@ -1303,6 +1363,28 @@ type SlackSettingsInput struct { IsActive bool `json:"isActive"` } +// TerraformAwsPolicyInfo defines model for TerraformAwsPolicyInfo. +type TerraformAwsPolicyInfo struct { + Address string `json:"address"` + Arn string `json:"arn"` +} + +// TerraformAwsRoleInfo defines model for TerraformAwsRoleInfo. +type TerraformAwsRoleInfo struct { + Address string `json:"address"` + Arn string `json:"arn"` + AttachedPolicies *[]TerraformAwsPolicyInfo `json:"attachedPolicies,omitempty"` + InlinePolicy string `json:"inlinePolicy"` +} + +// TerraformResourceInfo defines model for TerraformResourceInfo. +type TerraformResourceInfo struct { + AwsRoles *[]TerraformAwsRoleInfo `json:"awsRoles,omitempty"` + GitCommitHash string `json:"gitCommitHash"` + GitOriginUrl string `json:"gitOriginUrl"` + ModulePath string `json:"modulePath"` +} + // TimeFilterValue defines model for TimeFilterValue. type TimeFilterValue struct { Operator TimeFilterValueOperator `json:"operator"` @@ -1318,6 +1400,13 @@ type TimeRange struct { To *time.Time `json:"to,omitempty"` } +// TrafficLevel defines model for TrafficLevel. +type TrafficLevel struct { + DataBytesPerSecond int32 `json:"dataBytesPerSecond"` + FlowsCountPerSecond int32 `json:"flowsCountPerSecond"` + LastReportedAt time.Time `json:"lastReportedAt"` +} + // User defines model for User. type User struct { AuthProviderUserId string `json:"authProviderUserId"` @@ -1375,6 +1464,11 @@ type ServiceClientIntentsQueryJSONBody struct { LastSeenAfter *time.Time `json:"lastSeenAfter,omitempty"` } +// ServiceIncomingInternetConnectionsQueryParams defines parameters for ServiceIncomingInternetConnectionsQuery. +type ServiceIncomingInternetConnectionsQueryParams struct { + LastSeenAfter time.Time `form:"lastSeenAfter" json:"lastSeenAfter"` +} + // AccessLogQueryJSONBody defines parameters for AccessLogQuery. type AccessLogQueryJSONBody struct { // Filter Access log filter @@ -1664,6 +1758,11 @@ type UpdateServiceMutationJSONBody struct { Tags *[]string `json:"tags,omitempty"` } +// ReportTerraformResourcesMutationJSONBody defines parameters for ReportTerraformResourcesMutation. +type ReportTerraformResourcesMutationJSONBody struct { + ResourceInfo InputTerraformResourceInfo `json:"resourceInfo"` +} + // AccessGraphQueryJSONRequestBody defines body for AccessGraphQuery for application/json ContentType. type AccessGraphQueryJSONRequestBody AccessGraphQueryJSONBody @@ -1769,6 +1868,9 @@ type UpdateOrganizationMutationJSONRequestBody UpdateOrganizationMutationJSONBod // UpdateServiceMutationJSONRequestBody defines body for UpdateServiceMutation for application/json ContentType. type UpdateServiceMutationJSONRequestBody UpdateServiceMutationJSONBody +// ReportTerraformResourcesMutationJSONRequestBody defines body for ReportTerraformResourcesMutation for application/json ContentType. +type ReportTerraformResourcesMutationJSONRequestBody ReportTerraformResourcesMutationJSONBody + // RequestEditorFn is the function signature for the RequestEditor callback function type RequestEditorFn func(ctx context.Context, req *http.Request) error @@ -1857,6 +1959,9 @@ type ClientInterface interface { ServiceClientIntentsQuery(ctx context.Context, id string, body ServiceClientIntentsQueryJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // ServiceIncomingInternetConnectionsQuery request + ServiceIncomingInternetConnectionsQuery(ctx context.Context, targetServiceId string, params *ServiceIncomingInternetConnectionsQueryParams, reqEditors ...RequestEditorFn) (*http.Response, error) + // AccessLogQuery request with any body AccessLogQueryWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) @@ -2104,6 +2209,11 @@ type ClientInterface interface { UpdateServiceMutation(ctx context.Context, id string, body UpdateServiceMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // ReportTerraformResourcesMutation request with any body + ReportTerraformResourcesMutationWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + ReportTerraformResourcesMutation(ctx context.Context, body ReportTerraformResourcesMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // UsersQuery request UsersQuery(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) @@ -2183,6 +2293,18 @@ func (c *Client) ServiceClientIntentsQuery(ctx context.Context, id string, body return c.Client.Do(req) } +func (c *Client) ServiceIncomingInternetConnectionsQuery(ctx context.Context, targetServiceId string, params *ServiceIncomingInternetConnectionsQueryParams, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewServiceIncomingInternetConnectionsQueryRequest(c.Server, targetServiceId, params) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + func (c *Client) AccessLogQueryWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { req, err := NewAccessLogQueryRequestWithBody(c.Server, contentType, body) if err != nil { @@ -3299,6 +3421,30 @@ func (c *Client) UpdateServiceMutation(ctx context.Context, id string, body Upda return c.Client.Do(req) } +func (c *Client) ReportTerraformResourcesMutationWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewReportTerraformResourcesMutationRequestWithBody(c.Server, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) ReportTerraformResourcesMutation(ctx context.Context, body ReportTerraformResourcesMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewReportTerraformResourcesMutationRequest(c.Server, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + func (c *Client) UsersQuery(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) { req, err := NewUsersQueryRequest(c.Server) if err != nil { @@ -3450,6 +3596,56 @@ func NewServiceClientIntentsQueryRequestWithBody(server string, id string, conte return req, nil } +// NewServiceIncomingInternetConnectionsQueryRequest generates requests for ServiceIncomingInternetConnectionsQuery +func NewServiceIncomingInternetConnectionsQueryRequest(server string, targetServiceId string, params *ServiceIncomingInternetConnectionsQueryParams) (*http.Request, error) { + var err error + + var pathParam0 string + + pathParam0, err = runtime.StyleParamWithLocation("simple", false, "targetServiceId", runtime.ParamLocationPath, targetServiceId) + if err != nil { + return nil, err + } + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/access-graph/service-incoming-internet-connections/%s", pathParam0) + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + queryValues := queryURL.Query() + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "lastSeenAfter", runtime.ParamLocationQuery, params.LastSeenAfter); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + queryURL.RawQuery = queryValues.Encode() + + req, err := http.NewRequest("GET", queryURL.String(), nil) + if err != nil { + return nil, err + } + + return req, nil +} + // NewAccessLogQueryRequest calls the generic AccessLogQuery builder with application/json body func NewAccessLogQueryRequest(server string, body AccessLogQueryJSONRequestBody) (*http.Request, error) { var bodyReader io.Reader @@ -6286,6 +6482,46 @@ func NewUpdateServiceMutationRequestWithBody(server string, id string, contentTy return req, nil } +// NewReportTerraformResourcesMutationRequest calls the generic ReportTerraformResourcesMutation builder with application/json body +func NewReportTerraformResourcesMutationRequest(server string, body ReportTerraformResourcesMutationJSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewReportTerraformResourcesMutationRequestWithBody(server, "application/json", bodyReader) +} + +// NewReportTerraformResourcesMutationRequestWithBody generates requests for ReportTerraformResourcesMutation with any type of body +func NewReportTerraformResourcesMutationRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/terraform-resources/") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("POST", queryURL.String(), body) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", contentType) + + return req, nil +} + // NewUsersQueryRequest generates requests for UsersQuery func NewUsersQueryRequest(server string) (*http.Request, error) { var err error @@ -6405,6 +6641,9 @@ type ClientWithResponsesInterface interface { ServiceClientIntentsQueryWithResponse(ctx context.Context, id string, body ServiceClientIntentsQueryJSONRequestBody, reqEditors ...RequestEditorFn) (*ServiceClientIntentsQueryResponse, error) + // ServiceIncomingInternetConnectionsQuery request + ServiceIncomingInternetConnectionsQueryWithResponse(ctx context.Context, targetServiceId string, params *ServiceIncomingInternetConnectionsQueryParams, reqEditors ...RequestEditorFn) (*ServiceIncomingInternetConnectionsQueryResponse, error) + // AccessLogQuery request with any body AccessLogQueryWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*AccessLogQueryResponse, error) @@ -6652,6 +6891,11 @@ type ClientWithResponsesInterface interface { UpdateServiceMutationWithResponse(ctx context.Context, id string, body UpdateServiceMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateServiceMutationResponse, error) + // ReportTerraformResourcesMutation request with any body + ReportTerraformResourcesMutationWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*ReportTerraformResourcesMutationResponse, error) + + ReportTerraformResourcesMutationWithResponse(ctx context.Context, body ReportTerraformResourcesMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*ReportTerraformResourcesMutationResponse, error) + // UsersQuery request UsersQueryWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*UsersQueryResponse, error) @@ -6749,6 +6993,36 @@ func (r ServiceClientIntentsQueryResponse) StatusCode() int { return 0 } +type ServiceIncomingInternetConnectionsQueryResponse struct { + Body []byte + HTTPResponse *http.Response + JSON200 *[]string + JSON400 *Error + JSON401 *Error + JSON403 *Error + JSON404 *Error + JSON409 *Error + JSON422 *Error + JSON500 *Error + JSONDefault *Error +} + +// Status returns HTTPResponse.Status +func (r ServiceIncomingInternetConnectionsQueryResponse) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r ServiceIncomingInternetConnectionsQueryResponse) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + type AccessLogQueryResponse struct { Body []byte HTTPResponse *http.Response @@ -8579,6 +8853,36 @@ func (r UpdateServiceMutationResponse) StatusCode() int { return 0 } +type ReportTerraformResourcesMutationResponse struct { + Body []byte + HTTPResponse *http.Response + JSON200 *TerraformResourceInfo + JSON400 *Error + JSON401 *Error + JSON403 *Error + JSON404 *Error + JSON409 *Error + JSON422 *Error + JSON500 *Error + JSONDefault *Error +} + +// Status returns HTTPResponse.Status +func (r ReportTerraformResourcesMutationResponse) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r ReportTerraformResourcesMutationResponse) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + type UsersQueryResponse struct { Body []byte HTTPResponse *http.Response @@ -8690,6 +8994,15 @@ func (c *ClientWithResponses) ServiceClientIntentsQueryWithResponse(ctx context. return ParseServiceClientIntentsQueryResponse(rsp) } +// ServiceIncomingInternetConnectionsQueryWithResponse request returning *ServiceIncomingInternetConnectionsQueryResponse +func (c *ClientWithResponses) ServiceIncomingInternetConnectionsQueryWithResponse(ctx context.Context, targetServiceId string, params *ServiceIncomingInternetConnectionsQueryParams, reqEditors ...RequestEditorFn) (*ServiceIncomingInternetConnectionsQueryResponse, error) { + rsp, err := c.ServiceIncomingInternetConnectionsQuery(ctx, targetServiceId, params, reqEditors...) + if err != nil { + return nil, err + } + return ParseServiceIncomingInternetConnectionsQueryResponse(rsp) +} + // AccessLogQueryWithBodyWithResponse request with arbitrary body returning *AccessLogQueryResponse func (c *ClientWithResponses) AccessLogQueryWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*AccessLogQueryResponse, error) { rsp, err := c.AccessLogQueryWithBody(ctx, contentType, body, reqEditors...) @@ -9495,6 +9808,23 @@ func (c *ClientWithResponses) UpdateServiceMutationWithResponse(ctx context.Cont return ParseUpdateServiceMutationResponse(rsp) } +// ReportTerraformResourcesMutationWithBodyWithResponse request with arbitrary body returning *ReportTerraformResourcesMutationResponse +func (c *ClientWithResponses) ReportTerraformResourcesMutationWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*ReportTerraformResourcesMutationResponse, error) { + rsp, err := c.ReportTerraformResourcesMutationWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseReportTerraformResourcesMutationResponse(rsp) +} + +func (c *ClientWithResponses) ReportTerraformResourcesMutationWithResponse(ctx context.Context, body ReportTerraformResourcesMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*ReportTerraformResourcesMutationResponse, error) { + rsp, err := c.ReportTerraformResourcesMutation(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseReportTerraformResourcesMutationResponse(rsp) +} + // UsersQueryWithResponse request returning *UsersQueryResponse func (c *ClientWithResponses) UsersQueryWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*UsersQueryResponse, error) { rsp, err := c.UsersQuery(ctx, reqEditors...) @@ -9759,6 +10089,88 @@ func ParseServiceClientIntentsQueryResponse(rsp *http.Response) (*ServiceClientI return response, nil } +// ParseServiceIncomingInternetConnectionsQueryResponse parses an HTTP response from a ServiceIncomingInternetConnectionsQueryWithResponse call +func ParseServiceIncomingInternetConnectionsQueryResponse(rsp *http.Response) (*ServiceIncomingInternetConnectionsQueryResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &ServiceIncomingInternetConnectionsQueryResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest []string + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON409 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && true: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSONDefault = &dest + + } + + return response, nil +} + // ParseAccessLogQueryResponse parses an HTTP response from a AccessLogQueryWithResponse call func ParseAccessLogQueryResponse(rsp *http.Response) (*AccessLogQueryResponse, error) { bodyBytes, err := io.ReadAll(rsp.Body) @@ -14761,6 +15173,88 @@ func ParseUpdateServiceMutationResponse(rsp *http.Response) (*UpdateServiceMutat return response, nil } +// ParseReportTerraformResourcesMutationResponse parses an HTTP response from a ReportTerraformResourcesMutationWithResponse call +func ParseReportTerraformResourcesMutationResponse(rsp *http.Response) (*ReportTerraformResourcesMutationResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &ReportTerraformResourcesMutationResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest TerraformResourceInfo + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON409 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && true: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSONDefault = &dest + + } + + return response, nil +} + // ParseUsersQueryResponse parses an HTTP response from a UsersQueryWithResponse call func ParseUsersQueryResponse(rsp *http.Response) (*UsersQueryResponse, error) { bodyBytes, err := io.ReadAll(rsp.Body) diff --git a/src/pkg/cloudclient/restapi/cloudapi/openapi.json b/src/pkg/cloudclient/restapi/cloudapi/openapi.json index 12f22aa0..7a19c4e3 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/openapi.json +++ b/src/pkg/cloudclient/restapi/cloudapi/openapi.json @@ -378,6 +378,9 @@ "id" ], "type": "object" + }, + "traffic": { + "$ref": "#/components/schemas/TrafficLevel" } }, "required": [ @@ -387,7 +390,8 @@ "appliedIntents", "accessStatus", "accessStatuses", - "findings" + "findings", + "traffic" ], "type": "object" }, @@ -717,6 +721,33 @@ ], "type": "object" }, + "ClientIntentAccessStatus": { + "properties": { + "allowed": { + "format": "int32", + "type": "integer" + }, + "blocked": { + "format": "int32", + "type": "integer" + }, + "total": { + "format": "int32", + "type": "integer" + }, + "wouldBeBlocked": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "total", + "allowed", + "blocked", + "wouldBeBlocked" + ], + "type": "object" + }, "ClientIntentEvent": { "properties": { "count": { @@ -858,6 +889,17 @@ ], "type": "object" }, + "CloudIam": { + "properties": { + "awsRoles": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "Cluster": { "properties": { "components": { @@ -953,6 +995,9 @@ "istioGlobalDefaultDeny": { "type": "boolean" }, + "linkerdGlobalDefaultDeny": { + "type": "boolean" + }, "useAWSIAMInAccessGraphStates": { "type": "boolean" }, @@ -971,6 +1016,9 @@ "useKafkaACLsInAccessGraphStates": { "type": "boolean" }, + "useLinkerdPoliciesInAccessGraphStates": { + "type": "boolean" + }, "useNetworkPoliciesInAccessGraphStates": { "type": "boolean" } @@ -978,8 +1026,10 @@ "required": [ "globalDefaultDeny", "istioGlobalDefaultDeny", + "linkerdGlobalDefaultDeny", "useNetworkPoliciesInAccessGraphStates", "useIstioPoliciesInAccessGraphStates", + "useLinkerdPoliciesInAccessGraphStates", "useKafkaACLsInAccessGraphStates", "useAWSIAMInAccessGraphStates", "useGCPIAMInAccessGraphStates", @@ -1000,6 +1050,9 @@ "istioGlobalDefaultDeny": { "type": "boolean" }, + "linkerdGlobalDefaultDeny": { + "type": "boolean" + }, "useAWSIAMInAccessGraphStates": { "type": "boolean" }, @@ -1018,6 +1071,9 @@ "useKafkaACLsInAccessGraphStates": { "type": "boolean" }, + "useLinkerdPoliciesInAccessGraphStates": { + "type": "boolean" + }, "useNetworkPoliciesInAccessGraphStates": { "type": "boolean" } @@ -1026,6 +1082,7 @@ "globalDefaultDeny", "useNetworkPoliciesInAccessGraphStates", "useIstioPoliciesInAccessGraphStates", + "useLinkerdPoliciesInAccessGraphStates", "useKafkaACLsInAccessGraphStates" ], "type": "object" @@ -1285,6 +1342,26 @@ }, "type": "object" }, + "DefaultIntentsApprovalActionByEnv": { + "properties": { + "action": { + "enum": [ + "AUTO_APPROVE", + "AUTO_DENY", + "REQUIRE_APPROVAL" + ], + "type": "string" + }, + "environmentId": { + "type": "string" + } + }, + "required": [ + "environmentId", + "action" + ], + "type": "object" + }, "DetectedCloudServer": { "properties": { "cloudProvider": { @@ -1397,6 +1474,9 @@ "useKafkaPoliciesInAccessGraphStates": { "type": "boolean" }, + "useLinkerdPoliciesInAccessGraphStates": { + "type": "boolean" + }, "useNetworkPoliciesInAccessGraphStates": { "type": "boolean" }, @@ -1414,6 +1494,7 @@ "required": [ "useNetworkPoliciesInAccessGraphStates", "useIstioPoliciesInAccessGraphStates", + "useLinkerdPoliciesInAccessGraphStates", "useKafkaPoliciesInAccessGraphStates", "verdict", "reason", @@ -1441,6 +1522,9 @@ "kafkaACLs": { "$ref": "#/components/schemas/EdgeAccessStatus" }, + "linkerdPolicies": { + "$ref": "#/components/schemas/EdgeAccessStatus" + }, "networkPolicies": { "$ref": "#/components/schemas/EdgeAccessStatus" } @@ -1452,7 +1536,8 @@ "awsIam", "gcpIam", "azureIAM", - "database" + "database", + "linkerdPolicies" ], "type": "object" }, @@ -1518,6 +1603,12 @@ "enableFindingsV2": { "type": "boolean" }, + "enableIAMIntentsSuggestions": { + "type": "boolean" + }, + "enableInternetIntentsSuggestions": { + "type": "boolean" + }, "isCloudSecurityEnabled": { "type": "boolean" }, @@ -1694,6 +1785,9 @@ }, "GitHubSettings": { "properties": { + "enableAutoMerge": { + "type": "boolean" + }, "isActive": { "type": "boolean" }, @@ -1706,12 +1800,16 @@ }, "required": [ "isActive", - "repoFilterPairs" + "repoFilterPairs", + "enableAutoMerge" ], "type": "object" }, "GitHubSettingsInput": { "properties": { + "enableAutoMerge": { + "type": "boolean" + }, "isActive": { "type": "boolean" }, @@ -1936,11 +2034,37 @@ }, "type": "object" }, + "InputDefaultIntentsApprovalActionByEnv": { + "properties": { + "action": { + "enum": [ + "AUTO_APPROVE", + "AUTO_DENY", + "REQUIRE_APPROVAL" + ], + "type": "string" + }, + "environmentId": { + "type": "string" + } + }, + "required": [ + "environmentId", + "action" + ], + "type": "object" + }, "InputFeatureFlags": { "properties": { "enableFindingsV2": { "type": "boolean" }, + "enableIAMIntentsSuggestions": { + "type": "boolean" + }, + "enableInternetIntentsSuggestions": { + "type": "boolean" + }, "isCloudSecurityEnabled": { "type": "boolean" }, @@ -2084,6 +2208,71 @@ }, "type": "object" }, + "InputTerraformAwsPolicyInfo": { + "properties": { + "address": { + "type": "string" + }, + "arn": { + "type": "string" + } + }, + "required": [ + "arn", + "address" + ], + "type": "object" + }, + "InputTerraformAwsRoleInfo": { + "properties": { + "address": { + "type": "string" + }, + "arn": { + "type": "string" + }, + "attachedPolicies": { + "items": { + "type": "object" + }, + "type": "array" + }, + "inlinePolicy": { + "type": "string" + } + }, + "required": [ + "arn", + "address", + "inlinePolicy" + ], + "type": "object" + }, + "InputTerraformResourceInfo": { + "properties": { + "awsRoles": { + "items": { + "type": "object" + }, + "type": "array" + }, + "gitCommitHash": { + "type": "string" + }, + "gitOriginUrl": { + "type": "string" + }, + "modulePath": { + "type": "string" + } + }, + "required": [ + "modulePath", + "gitOriginUrl", + "gitCommitHash" + ], + "type": "object" + }, "InputTimeFilterValue": { "properties": { "operator": { @@ -2309,7 +2498,8 @@ "SUCCESS", "FAILURE", "PENDING", - "WARNING" + "WARNING", + "DISABLED" ], "type": "string" } @@ -2344,6 +2534,9 @@ }, "type": "array" }, + "awsRole": { + "type": "string" + }, "azureActions": { "items": { "type": "string" @@ -2522,6 +2715,9 @@ "kafkaACLEnforcementEnabled": { "type": "boolean" }, + "linkerdPolicyEnforcementEnabled": { + "type": "boolean" + }, "networkPolicyEnforcementEnabled": { "type": "boolean" }, @@ -2548,6 +2744,7 @@ "networkPolicyEnforcementEnabled", "kafkaACLEnforcementEnabled", "istioPolicyEnforcementEnabled", + "linkerdPolicyEnforcementEnabled", "awsIAMPolicyEnforcementEnabled", "gcpIAMPolicyEnforcementEnabled", "azureIAMPolicyEnforcementEnabled", @@ -2929,11 +3126,15 @@ }, "settings": { "$ref": "#/components/schemas/OrganizationSettings" + }, + "uniqueName": { + "type": "string" } }, "required": [ "id", "name", + "uniqueName", "settings", "created" ], @@ -2941,6 +3142,12 @@ }, "OrganizationSettings": { "properties": { + "defaultIntentsApprovalActionByEnv": { + "items": { + "$ref": "#/components/schemas/DefaultIntentsApprovalActionByEnv" + }, + "type": "array" + }, "domains": { "items": { "type": "string" @@ -2960,10 +3167,19 @@ "type": "array" } }, + "required": [ + "defaultIntentsApprovalActionByEnv" + ], "type": "object" }, "OrganizationSettingsInput": { "properties": { + "defaultIntentsApprovalActionByEnv": { + "items": { + "type": "object" + }, + "type": "array" + }, "domains": { "items": { "type": "string" @@ -3130,6 +3346,9 @@ "certificateInformation": { "$ref": "#/components/schemas/CertificateInformation" }, + "cloudIam": { + "$ref": "#/components/schemas/CloudIam" + }, "databaseIntegration": { "properties": { "id": { @@ -3281,6 +3500,9 @@ "useKafkaACLsInAccessGraphStates": { "type": "boolean" }, + "useLinkerdPoliciesInAccessGraphStates": { + "type": "boolean" + }, "useNetworkPoliciesInAccessGraphStates": { "type": "boolean" } @@ -3289,6 +3511,7 @@ "useNetworkPoliciesInAccessGraphStates", "useKafkaACLsInAccessGraphStates", "useIstioPoliciesInAccessGraphStates", + "useLinkerdPoliciesInAccessGraphStates", "protectionStatus", "protectionStatuses", "blockingStatus", @@ -3310,8 +3533,14 @@ "asClient": { "$ref": "#/components/schemas/ClientIntentsFiles" }, + "asClientStatus": { + "$ref": "#/components/schemas/ClientIntentAccessStatus" + }, "asServer": { "$ref": "#/components/schemas/ClientIntentsFiles" + }, + "asServerStatus": { + "$ref": "#/components/schemas/ClientIntentAccessStatus" } }, "type": "object" @@ -3451,6 +3680,71 @@ ], "type": "object" }, + "TerraformAwsPolicyInfo": { + "properties": { + "address": { + "type": "string" + }, + "arn": { + "type": "string" + } + }, + "required": [ + "arn", + "address" + ], + "type": "object" + }, + "TerraformAwsRoleInfo": { + "properties": { + "address": { + "type": "string" + }, + "arn": { + "type": "string" + }, + "attachedPolicies": { + "items": { + "$ref": "#/components/schemas/TerraformAwsPolicyInfo" + }, + "type": "array" + }, + "inlinePolicy": { + "type": "string" + } + }, + "required": [ + "arn", + "address", + "inlinePolicy" + ], + "type": "object" + }, + "TerraformResourceInfo": { + "properties": { + "awsRoles": { + "items": { + "$ref": "#/components/schemas/TerraformAwsRoleInfo" + }, + "type": "array" + }, + "gitCommitHash": { + "type": "string" + }, + "gitOriginUrl": { + "type": "string" + }, + "modulePath": { + "type": "string" + } + }, + "required": [ + "modulePath", + "gitOriginUrl", + "gitCommitHash" + ], + "type": "object" + }, "TimeFilterValue": { "properties": { "operator": { @@ -3496,6 +3790,28 @@ }, "type": "object" }, + "TrafficLevel": { + "properties": { + "dataBytesPerSecond": { + "format": "int32", + "type": "integer" + }, + "flowsCountPerSecond": { + "format": "int32", + "type": "integer" + }, + "lastReportedAt": { + "format": "date-time", + "type": "string" + } + }, + "required": [ + "dataBytesPerSecond", + "flowsCountPerSecond", + "lastReportedAt" + ], + "type": "object" + }, "User": { "properties": { "authProviderUserId": { @@ -3531,6 +3847,12 @@ "name": "access_token", "type": "apiKey" }, + "bearerAuth": { + "bearerFormat": "JWT", + "description": "Otterize user JWT token.", + "scheme": "bearer", + "type": "http" + }, "oauth2": { "description": "Use client ID and client secret from an Otterize integration to authenticate.", "flows": { @@ -3553,7 +3875,7 @@ "info": { "title": "Otterize API Server", "version": "v1beta", - "x-revision": "b0ff6bf9ec56bed973c393d950da21da0a90a9b3" + "x-revision": "e38121fccedf11461372912ac6f3a211e9a1137a" }, "openapi": "3.0.0", "paths": { @@ -3786,6 +4108,74 @@ ] } }, + "/access-graph/service-incoming-internet-connections/{targetServiceId}": { + "get": { + "description": " Get service incoming internet connections ", + "operationId": "serviceIncomingInternetConnections_query", + "parameters": [ + { + "in": "path", + "name": "targetServiceId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "lastSeenAfter", + "required": true, + "schema": { + "format": "date-time", + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { + "type": "string" + }, + "type": "array" + } + } + }, + "description": " Get service incoming internet connections " + }, + "400": { + "$ref": "#/components/responses/APPLIED_INTENTS_ERROR" + }, + "401": { + "$ref": "#/components/responses/UNAUTHENTICATED" + }, + "403": { + "$ref": "#/components/responses/FORBIDDEN" + }, + "404": { + "$ref": "#/components/responses/NOT_FOUND" + }, + "409": { + "$ref": "#/components/responses/CONFLICT" + }, + "422": { + "$ref": "#/components/responses/BAD_USER_INPUT" + }, + "500": { + "$ref": "#/components/responses/INTERNAL_SERVER_ERROR" + }, + "default": { + "$ref": "#/components/responses/UNEXPECTED_ERROR" + } + }, + "summary": " Get service incoming internet connections ", + "tags": [ + "access graph" + ] + } + }, "/access-log": { "post": { "description": "Get access log", @@ -8068,6 +8458,71 @@ ] } }, + "/terraform-resources/": { + "post": { + "description": "report terraform resources from Otterize CLI", + "operationId": "reportTerraformResources_mutation", + "parameters": [ + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "properties": { + "resourceInfo": { + "$ref": "#/components/schemas/InputTerraformResourceInfo" + } + }, + "required": [ + "resourceInfo" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TerraformResourceInfo" + } + } + }, + "description": "report terraform resources from Otterize CLI" + }, + "400": { + "$ref": "#/components/responses/APPLIED_INTENTS_ERROR" + }, + "401": { + "$ref": "#/components/responses/UNAUTHENTICATED" + }, + "403": { + "$ref": "#/components/responses/FORBIDDEN" + }, + "404": { + "$ref": "#/components/responses/NOT_FOUND" + }, + "409": { + "$ref": "#/components/responses/CONFLICT" + }, + "422": { + "$ref": "#/components/responses/BAD_USER_INPUT" + }, + "500": { + "$ref": "#/components/responses/INTERNAL_SERVER_ERROR" + }, + "default": { + "$ref": "#/components/responses/UNEXPECTED_ERROR" + } + }, + "summary": "report terraform resources from Otterize CLI", + "tags": [ + "terraform_resources" + ] + } + }, "/users": { "get": { "description": "List users", @@ -8189,6 +8644,12 @@ ], "organizationHeader": [ ] + }, + { + "bearerAuth": [ + ], + "organizationHeader": [ + ] } ], "servers": [ diff --git a/src/pkg/git/types.go b/src/pkg/git/types.go new file mode 100644 index 00000000..80b1f862 --- /dev/null +++ b/src/pkg/git/types.go @@ -0,0 +1,15 @@ +package git + +import "fmt" + +type LocalGitInformation struct { + Commit string + OriginUrl string + RelativePath string +} + +func (l *LocalGitInformation) Print() { + fmt.Printf("Git origin URL: %s\n", l.OriginUrl) + fmt.Printf("Git commit ID: %s\n", l.Commit) + fmt.Printf("Relative path to git root: %s\n", l.RelativePath) +} diff --git a/src/pkg/git/utils.go b/src/pkg/git/utils.go new file mode 100644 index 00000000..337f30a4 --- /dev/null +++ b/src/pkg/git/utils.go @@ -0,0 +1,63 @@ +package git + +import ( + "github.com/go-git/go-git/v5" + "os" + "path/filepath" +) + +func GetGitRoot(repo *git.Repository) (string, error) { + wt, err := repo.Worktree() + if err != nil { + return "", err + } + return wt.Filesystem.Root(), nil +} + +func GetGitRepoInformation(workingDir string) (*LocalGitInformation, error) { + if workingDir == "" { + workingDir = os.Getenv("PWD") + } + + repo, err := git.PlainOpenWithOptions(workingDir, &git.PlainOpenOptions{DetectDotGit: true}) + if err != nil { + return nil, err + } + + remotes, err := repo.Remotes() + if err != nil { + return nil, err + } + + headRef, err := repo.Head() + if err != nil { + if err != nil { + return nil, err + } + } + + gitRoot, err := GetGitRoot(repo) + if err != nil { + if err != nil { + return nil, err + } + } + + var gitInfo LocalGitInformation + gitInfo.Commit = headRef.Hash().String() + + relativePath, err := filepath.Rel(gitRoot, workingDir) + if err != nil { + return nil, err + } + gitInfo.RelativePath = relativePath + + for _, remote := range remotes { + if remote.Config().Name == "origin" { + gitInfo.OriginUrl = remote.Config().URLs[0] // Get the first URL + break + } + } + + return &gitInfo, nil +} diff --git a/src/pkg/mapperclient/schema.graphql b/src/pkg/mapperclient/schema.graphql index 148aec94..3699ddad 100644 --- a/src/pkg/mapperclient/schema.graphql +++ b/src/pkg/mapperclient/schema.graphql @@ -39,10 +39,23 @@ type GroupVersionKind { kind: String! } +type IdentityResolutionData { + host: String + podHostname: String + procfsHostname: String + port: Int + isService: Boolean + uptime: String + lastSeen: String + extraInfo: String + hasLinkerdSidecar: Boolean +} + type OtterizeServiceIdentity { name: String! namespace: String! labels: [PodLabel!] + resolutionData: IdentityResolutionData """ If the service identity was resolved from a pod owner, the GroupVersionKind of the pod owner. """ @@ -101,6 +114,7 @@ type Intent { client: OtterizeServiceIdentity! server: OtterizeServiceIdentity! type: IntentType + resolutionData: String kafkaTopics: [KafkaConfig!] httpResources: [HttpResource!] awsActions: [String!] @@ -139,10 +153,17 @@ input IstioConnectionResults { results: [IstioConnection!]! } +input NamespacedName { + name: String! + namespace: String! +} + input AWSOperation { resource: String! actions: [String!]! - srcIp: String! + srcIp: String + iamRole: String + client: NamespacedName } input ServerFilter { @@ -158,6 +179,18 @@ input AzureOperation { clientNamespace: String! } +input TrafficLevelResult { + srcIP: String! + dstIP: String! + + bytesSent: Int! + flows: Int! +} + +input TrafficLevelResults { + results: [TrafficLevelResult!]! +} + type Query { """ Kept for backwards compatibility with CLI - @@ -195,4 +228,5 @@ type Mutation { reportIstioConnectionResults(results: IstioConnectionResults!): Boolean! reportAWSOperation(operation: [AWSOperation!]!): Boolean! reportAzureOperation(operation: [AzureOperation!]!): Boolean! -} \ No newline at end of file + reportTrafficLevelResults(results: TrafficLevelResults!): Boolean! +} diff --git a/src/pkg/terraform/aws.go b/src/pkg/terraform/aws.go new file mode 100644 index 00000000..f3bd20ca --- /dev/null +++ b/src/pkg/terraform/aws.go @@ -0,0 +1,95 @@ +package terraform + +import ( + "encoding/json" + tfjson "github.com/hashicorp/terraform-json" +) + +func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { + roleIdToInfo := make(map[string]AwsRoleInfo) + policyArnToInfo := make(map[string]AwsPolicyInfo) + roleIdToPolicies := make(map[string][]string) + + if state.Values == nil { + return []AwsRoleInfo{} + } + + for _, resource := range state.Values.RootModule.Resources { + extractAwsIamRoleInfo(resource, roleIdToInfo) + extractAwsIamPolicyInfo(resource, policyArnToInfo) + extractAwsIamRolePolicyAttachmentInfo(resource, roleIdToPolicies) + } + + for _, childModule := range state.Values.RootModule.ChildModules { + for _, resource := range childModule.Resources { + extractAwsIamRoleInfo(resource, roleIdToInfo) + extractAwsIamPolicyInfo(resource, policyArnToInfo) + extractAwsIamRolePolicyAttachmentInfo(resource, roleIdToPolicies) + } + } + + // Return all roles that we found in the terraform state and their attached policies + var roleInfoList []AwsRoleInfo + for id, roleInfo := range roleIdToInfo { + if policies, ok := roleIdToPolicies[id]; ok { + roleInfo.AttachedPolicies = []AwsPolicyInfo{} + + for _, policyArn := range policies { + if policyInfo, ok := policyArnToInfo[policyArn]; ok { + roleInfo.AttachedPolicies = append(roleInfo.AttachedPolicies, policyInfo) + } + } + } + + roleInfoList = append(roleInfoList, roleInfo) + } + + return roleInfoList +} + +func extractAwsIamRoleInfo(resource *tfjson.StateResource, roleIdToArn map[string]AwsRoleInfo) { + if resource.Type != "aws_iam_role" { + return + } + + inlinePolicy, err := json.Marshal(resource.AttributeValues["inline_policy"]) + if err != nil { + inlinePolicy = []byte{} + } + + id, _ := resource.AttributeValues["id"].(string) + arn, _ := resource.AttributeValues["arn"].(string) + roleIdToArn[id] = AwsRoleInfo{ + Arn: arn, + Address: resource.Address, + InlinePolicy: string(inlinePolicy), + } +} + +func extractAwsIamRolePolicyAttachmentInfo(resource *tfjson.StateResource, roleIdToPolicies map[string][]string) { + if resource.Type != "aws_iam_role_policy_attachment" { + return + } + + roleId := resource.AttributeValues["role"].(string) + policyArn := resource.AttributeValues["policy_arn"].(string) + + _, ok := roleIdToPolicies[roleId] + if ok { + roleIdToPolicies[roleId] = append(roleIdToPolicies[roleId], policyArn) + } else { + roleIdToPolicies[roleId] = []string{policyArn} + } +} + +func extractAwsIamPolicyInfo(resource *tfjson.StateResource, policyArnToInfo map[string]AwsPolicyInfo) { + if resource.Type != "aws_iam_policy" { + return + } + + policyArn := resource.AttributeValues["arn"].(string) + policyArnToInfo[policyArn] = AwsPolicyInfo{ + Arn: policyArn, + Address: resource.Address, + } +} diff --git a/src/pkg/terraform/types.go b/src/pkg/terraform/types.go new file mode 100644 index 00000000..f81cab35 --- /dev/null +++ b/src/pkg/terraform/types.go @@ -0,0 +1,54 @@ +package terraform + +import "fmt" + +type AwsPolicyInfo struct { + Arn string + Address string +} + +type AwsRoleInfo struct { + Arn string + Address string + InlinePolicy string + AttachedPolicies []AwsPolicyInfo +} + +func (a *AwsRoleInfo) ToMap() map[string]interface{} { + result := make(map[string]interface{}) + + result["arn"] = a.Arn + result["address"] = a.Address + result["inlinePolicy"] = a.InlinePolicy + result["attachedPolicies"] = make([]map[string]interface{}, 0) + + for _, policy := range a.AttachedPolicies { + policyMap := make(map[string]interface{}) + policyMap["arn"] = policy.Arn + policyMap["address"] = policy.Address + + result["attachedPolicies"] = append(result["attachedPolicies"].([]map[string]interface{}), policyMap) + } + + return result +} + +type TerraformResourceInfo struct { + AwsRoles []AwsRoleInfo +} + +func (i *TerraformResourceInfo) Print() { + fmt.Printf("AWS IAM Info:\n") + for _, info := range i.AwsRoles { + fmt.Printf("Role ARN: %s\n", info.Arn) + fmt.Printf("Role Terraform Address: %s\n", info.Address) + fmt.Printf("Role Inline Policy: %s\n", info.InlinePolicy) + + fmt.Printf("Attached Policies:\n") + for _, policy := range info.AttachedPolicies { + fmt.Printf("Policy ARN: %s\n", policy.Arn) + fmt.Printf("Policy Terraform Address: %s\n", policy.Address) + fmt.Printf("\n") + } + } +} diff --git a/src/pkg/terraform/utils.go b/src/pkg/terraform/utils.go new file mode 100644 index 00000000..52534864 --- /dev/null +++ b/src/pkg/terraform/utils.go @@ -0,0 +1,37 @@ +package terraform + +import ( + "errors" + "fmt" + "github.com/hashicorp/terraform-exec/tfexec" + "os" + "os/exec" +) + +func GetTerraformPath() (string, error) { + terraformPath, err := exec.LookPath("terraform") + if err != nil { + return "", errors.New("terraform binary not found") + } + + return terraformPath, nil +} + +func GetTerraformClient(workingDir string) (*tfexec.Terraform, error) { + if workingDir == "" { + workingDir = os.Getenv("PWD") + } + + terraformPath, err := GetTerraformPath() + if err != nil { + return nil, err + } + + tf, err := tfexec.NewTerraform(workingDir, terraformPath) + if err != nil { + fmt.Println("Error initializing Terraform:", err) + os.Exit(1) + } + + return tf, nil +} From 4a877cb7259e26e556d01a2667aa245ed56eb3f9 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Tue, 11 Mar 2025 18:35:15 +0200 Subject: [PATCH 02/16] pr fix --- src/pkg/git/utils.go | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/pkg/git/utils.go b/src/pkg/git/utils.go index 337f30a4..a5172754 100644 --- a/src/pkg/git/utils.go +++ b/src/pkg/git/utils.go @@ -31,16 +31,12 @@ func GetGitRepoInformation(workingDir string) (*LocalGitInformation, error) { headRef, err := repo.Head() if err != nil { - if err != nil { - return nil, err - } + return nil, err } gitRoot, err := GetGitRoot(repo) if err != nil { - if err != nil { - return nil, err - } + return nil, err } var gitInfo LocalGitInformation From 9d2bdcce4f0b02ce25487ccca3974da4829ee2ea Mon Sep 17 00:00:00 2001 From: davidrobert Date: Wed, 12 Mar 2025 10:28:22 +0200 Subject: [PATCH 03/16] pr fix --- src/cmd/terraform/parse/parse-tfstate.go | 51 +++++++++++++----------- src/cmd/terraform/terraform.go | 2 +- src/pkg/git/types.go | 8 ---- src/pkg/terraform/types.go | 18 --------- src/pkg/terraform/utils.go | 4 +- 5 files changed, 30 insertions(+), 53 deletions(-) diff --git a/src/cmd/terraform/parse/parse-tfstate.go b/src/cmd/terraform/parse/parse-tfstate.go index f3fbfc63..89c38723 100644 --- a/src/cmd/terraform/parse/parse-tfstate.go +++ b/src/cmd/terraform/parse/parse-tfstate.go @@ -2,20 +2,21 @@ package parse import ( "context" + "encoding/json" "fmt" cloudclient "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi" "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi/cloudapi" "github.com/otterize/otterize-cli/src/pkg/config" "github.com/otterize/otterize-cli/src/pkg/git" "github.com/otterize/otterize-cli/src/pkg/terraform" + "github.com/otterize/otterize-cli/src/pkg/utils/prints" "github.com/samber/lo" "github.com/spf13/cobra" - "os" ) -var ParseTfStateCmd = &cobra.Command{ - Use: "parse-tfstate ", - Short: "Parses the tf state in order to get the cloud iam information", +var UploadResourceInfoCmd = &cobra.Command{ + Use: "upload-resource-info ", + Short: "Parses the tf state and uploads the iam information to the Otterize cloud", SilenceUsage: true, RunE: func(cmd *cobra.Command, args []string) error { dryRun, _ := cmd.Flags().GetBool("dry-run") @@ -23,26 +24,36 @@ var ParseTfStateCmd = &cobra.Command{ tfClient, err := terraform.GetTerraformClient(workingDir) if err != nil { - fmt.Println("Error Initializing terraform client:", err) - os.Exit(1) + return fmt.Errorf("error Initializing terraform client: %w", err) } state, err := tfClient.Show(context.Background()) if err != nil { - fmt.Println("Error pulling Terraform state:", err) - os.Exit(1) + return fmt.Errorf("error pulling Terraform state: %w", err) } gitInfo, err := git.GetGitRepoInformation(workingDir) if err != nil { - fmt.Println("Error getting git information:", err) - os.Exit(1) + return fmt.Errorf("error getting git information: %w", err) } terraformIamInfo := terraform.TerraformResourceInfo{} terraformIamInfo.AwsRoles = terraform.ExtractAwsRoleAndPolicies(state) + // Generate the resource info + awsRoles := lo.Map(terraformIamInfo.AwsRoles, func(info terraform.AwsRoleInfo, _ int) map[string]interface{} { + return info.ToMap() + }) + resourceInfo := cloudapi.InputTerraformResourceInfo{ + AwsRoles: &awsRoles, + ModulePath: gitInfo.RelativePath, + GitOriginUrl: gitInfo.OriginUrl, + GitCommitHash: gitInfo.Commit, + } + if !dryRun { + prints.PrintCliStderr("Uploading Terraform AWS role & policy information to Otterize Cloud...") + ctxTimeout, cancel := context.WithTimeout(context.Background(), config.DefaultTimeout) defer cancel() @@ -51,32 +62,26 @@ var ParseTfStateCmd = &cobra.Command{ return err } - awsRoles := lo.Map(terraformIamInfo.AwsRoles, func(info terraform.AwsRoleInfo, _ int) map[string]interface{} { - return info.ToMap() - }) - _, err = c.ReportTerraformResourcesMutationWithResponse(ctxTimeout, cloudapi.ReportTerraformResourcesMutationJSONRequestBody{ - ResourceInfo: cloudapi.InputTerraformResourceInfo{ - AwsRoles: &awsRoles, - ModulePath: gitInfo.RelativePath, - GitOriginUrl: gitInfo.OriginUrl, - GitCommitHash: gitInfo.Commit, - }, + ResourceInfo: resourceInfo, }, ) if err != nil { return err } + } else { + prints.PrintCliStderr("Skipping upload...") } - gitInfo.Print() - terraformIamInfo.Print() + prints.PrintCliStderr("Resources reported:") + jsonData, err := json.MarshalIndent(resourceInfo, "", " ") + prints.PrintCliStderr(string(jsonData)) return nil }, } func init() { - ParseTfStateCmd.PersistentFlags().String("tf-dir", "", "Manually specify the terraform module location") + UploadResourceInfoCmd.PersistentFlags().String("tf-dir", "", "Manually specify the terraform module location") } diff --git a/src/cmd/terraform/terraform.go b/src/cmd/terraform/terraform.go index 99ddd925..8992b58b 100644 --- a/src/cmd/terraform/terraform.go +++ b/src/cmd/terraform/terraform.go @@ -20,5 +20,5 @@ func init() { cloudclient.RegisterAPIFlags(TerraformCmd) TerraformCmd.PersistentFlags().BoolVar(&debug, "dry-run", false, "Simulate the command without making changes") - TerraformCmd.AddCommand(parse.ParseTfStateCmd) + TerraformCmd.AddCommand(parse.UploadResourceInfoCmd) } diff --git a/src/pkg/git/types.go b/src/pkg/git/types.go index 80b1f862..7b7fb73d 100644 --- a/src/pkg/git/types.go +++ b/src/pkg/git/types.go @@ -1,15 +1,7 @@ package git -import "fmt" - type LocalGitInformation struct { Commit string OriginUrl string RelativePath string } - -func (l *LocalGitInformation) Print() { - fmt.Printf("Git origin URL: %s\n", l.OriginUrl) - fmt.Printf("Git commit ID: %s\n", l.Commit) - fmt.Printf("Relative path to git root: %s\n", l.RelativePath) -} diff --git a/src/pkg/terraform/types.go b/src/pkg/terraform/types.go index f81cab35..ea44d92b 100644 --- a/src/pkg/terraform/types.go +++ b/src/pkg/terraform/types.go @@ -1,7 +1,5 @@ package terraform -import "fmt" - type AwsPolicyInfo struct { Arn string Address string @@ -36,19 +34,3 @@ func (a *AwsRoleInfo) ToMap() map[string]interface{} { type TerraformResourceInfo struct { AwsRoles []AwsRoleInfo } - -func (i *TerraformResourceInfo) Print() { - fmt.Printf("AWS IAM Info:\n") - for _, info := range i.AwsRoles { - fmt.Printf("Role ARN: %s\n", info.Arn) - fmt.Printf("Role Terraform Address: %s\n", info.Address) - fmt.Printf("Role Inline Policy: %s\n", info.InlinePolicy) - - fmt.Printf("Attached Policies:\n") - for _, policy := range info.AttachedPolicies { - fmt.Printf("Policy ARN: %s\n", policy.Arn) - fmt.Printf("Policy Terraform Address: %s\n", policy.Address) - fmt.Printf("\n") - } - } -} diff --git a/src/pkg/terraform/utils.go b/src/pkg/terraform/utils.go index 52534864..5f31b18e 100644 --- a/src/pkg/terraform/utils.go +++ b/src/pkg/terraform/utils.go @@ -2,7 +2,6 @@ package terraform import ( "errors" - "fmt" "github.com/hashicorp/terraform-exec/tfexec" "os" "os/exec" @@ -29,8 +28,7 @@ func GetTerraformClient(workingDir string) (*tfexec.Terraform, error) { tf, err := tfexec.NewTerraform(workingDir, terraformPath) if err != nil { - fmt.Println("Error initializing Terraform:", err) - os.Exit(1) + return nil, err } return tf, nil From cd5cc521c306392232a3f09ecc54132d6eed7b08 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Thu, 13 Mar 2025 12:27:43 +0200 Subject: [PATCH 04/16] added get state support --- src/cmd/terraform/get/get-resource-info.go | 61 +++++ src/cmd/terraform/terraform.go | 6 +- .../upload-resource-info.go} | 4 +- src/pkg/cloudclient/graphql/schema.graphql | 6 + .../cloudclient/restapi/cloudapi/api.gen.go | 213 ++++++++++++++++++ .../cloudclient/restapi/cloudapi/openapi.json | 72 +++++- src/pkg/mapperclient/schema.graphql | 8 + 7 files changed, 365 insertions(+), 5 deletions(-) create mode 100644 src/cmd/terraform/get/get-resource-info.go rename src/cmd/terraform/{parse/parse-tfstate.go => upload/upload-resource-info.go} (97%) diff --git a/src/cmd/terraform/get/get-resource-info.go b/src/cmd/terraform/get/get-resource-info.go new file mode 100644 index 00000000..d97f5bb5 --- /dev/null +++ b/src/cmd/terraform/get/get-resource-info.go @@ -0,0 +1,61 @@ +package get + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + cloudclient "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi" + "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi/cloudapi" + "github.com/otterize/otterize-cli/src/pkg/config" + "github.com/otterize/otterize-cli/src/pkg/git" + "github.com/otterize/otterize-cli/src/pkg/utils/prints" + "github.com/spf13/cobra" +) + +var GetResourceInfoCmd = &cobra.Command{ + Use: "get-resource-info", + Short: "Queries the cloud for the saved terraform resource information for the given module", + SilenceUsage: true, + RunE: func(cmd *cobra.Command, args []string) error { + workingDir, _ := cmd.Flags().GetString("tf-dir") + + gitInfo, err := git.GetGitRepoInformation(workingDir) + if err != nil { + return fmt.Errorf("error getting git information: %w", err) + } + + ctxTimeout, cancel := context.WithTimeout(context.Background(), config.DefaultTimeout) + defer cancel() + + c, err := cloudclient.NewClient(ctxTimeout) + if err != nil { + return err + } + + resp, err := c.TerraformResourceByIdentityQueryWithResponse(ctxTimeout, + &cloudapi.TerraformResourceByIdentityQueryParams{ + ModulePath: gitInfo.RelativePath, + GitOriginUrl: gitInfo.OriginUrl, + GitCommitHash: gitInfo.Commit, + }, + ) + if err != nil { + return err + } + + prints.PrintCliStderr("Resources found for current tfmodule:") + var prettyJSON bytes.Buffer + err = json.Indent(&prettyJSON, resp.Body, "", " ") + if err != nil { + return err + } + prints.PrintCliStderr(string(prettyJSON.Bytes())) + + return nil + }, +} + +func init() { + GetResourceInfoCmd.PersistentFlags().String("tf-dir", "", "Manually specify the terraform module location") +} diff --git a/src/cmd/terraform/terraform.go b/src/cmd/terraform/terraform.go index 8992b58b..d79d0b88 100644 --- a/src/cmd/terraform/terraform.go +++ b/src/cmd/terraform/terraform.go @@ -2,7 +2,8 @@ package terraform import ( "github.com/otterize/otterize-cli/src/cmd/groups" - "github.com/otterize/otterize-cli/src/cmd/terraform/parse" + "github.com/otterize/otterize-cli/src/cmd/terraform/get" + "github.com/otterize/otterize-cli/src/cmd/terraform/upload" "github.com/otterize/otterize-cli/src/pkg/cloudclient" "github.com/spf13/cobra" ) @@ -20,5 +21,6 @@ func init() { cloudclient.RegisterAPIFlags(TerraformCmd) TerraformCmd.PersistentFlags().BoolVar(&debug, "dry-run", false, "Simulate the command without making changes") - TerraformCmd.AddCommand(parse.UploadResourceInfoCmd) + TerraformCmd.AddCommand(get.GetResourceInfoCmd) + TerraformCmd.AddCommand(upload.UploadResourceInfoCmd) } diff --git a/src/cmd/terraform/parse/parse-tfstate.go b/src/cmd/terraform/upload/upload-resource-info.go similarity index 97% rename from src/cmd/terraform/parse/parse-tfstate.go rename to src/cmd/terraform/upload/upload-resource-info.go index 89c38723..cf57d3d0 100644 --- a/src/cmd/terraform/parse/parse-tfstate.go +++ b/src/cmd/terraform/upload/upload-resource-info.go @@ -1,4 +1,4 @@ -package parse +package upload import ( "context" @@ -15,7 +15,7 @@ import ( ) var UploadResourceInfoCmd = &cobra.Command{ - Use: "upload-resource-info ", + Use: "upload-resource-info", Short: "Parses the tf state and uploads the iam information to the Otterize cloud", SilenceUsage: true, RunE: func(cmd *cobra.Command, args []string) error { diff --git a/src/pkg/cloudclient/graphql/schema.graphql b/src/pkg/cloudclient/graphql/schema.graphql index b05acbb8..c5d949e6 100644 --- a/src/pkg/cloudclient/graphql/schema.graphql +++ b/src/pkg/cloudclient/graphql/schema.graphql @@ -2416,6 +2416,12 @@ type Query { serviceByIdentity( identity: ServiceIdentityInput! ): Service! +"""get terraform resource by git identity""" + terraformResourceByIdentity( + modulePath: String! + gitOriginUrl: String! + gitCommitHash: String! + ): TerraformResourceInfo! """List users""" users: [User!]! """Get user""" diff --git a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go index ae31d4e8..c8e6ec8f 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go +++ b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go @@ -1758,6 +1758,13 @@ type UpdateServiceMutationJSONBody struct { Tags *[]string `json:"tags,omitempty"` } +// TerraformResourceByIdentityQueryParams defines parameters for TerraformResourceByIdentityQuery. +type TerraformResourceByIdentityQueryParams struct { + ModulePath string `form:"modulePath" json:"modulePath"` + GitOriginUrl string `form:"gitOriginUrl" json:"gitOriginUrl"` + GitCommitHash string `form:"gitCommitHash" json:"gitCommitHash"` +} + // ReportTerraformResourcesMutationJSONBody defines parameters for ReportTerraformResourcesMutation. type ReportTerraformResourcesMutationJSONBody struct { ResourceInfo InputTerraformResourceInfo `json:"resourceInfo"` @@ -2209,6 +2216,9 @@ type ClientInterface interface { UpdateServiceMutation(ctx context.Context, id string, body UpdateServiceMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // TerraformResourceByIdentityQuery request + TerraformResourceByIdentityQuery(ctx context.Context, params *TerraformResourceByIdentityQueryParams, reqEditors ...RequestEditorFn) (*http.Response, error) + // ReportTerraformResourcesMutation request with any body ReportTerraformResourcesMutationWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) @@ -3421,6 +3431,18 @@ func (c *Client) UpdateServiceMutation(ctx context.Context, id string, body Upda return c.Client.Do(req) } +func (c *Client) TerraformResourceByIdentityQuery(ctx context.Context, params *TerraformResourceByIdentityQueryParams, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewTerraformResourceByIdentityQueryRequest(c.Server, params) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + func (c *Client) ReportTerraformResourcesMutationWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { req, err := NewReportTerraformResourcesMutationRequestWithBody(c.Server, contentType, body) if err != nil { @@ -6482,6 +6504,73 @@ func NewUpdateServiceMutationRequestWithBody(server string, id string, contentTy return req, nil } +// NewTerraformResourceByIdentityQueryRequest generates requests for TerraformResourceByIdentityQuery +func NewTerraformResourceByIdentityQueryRequest(server string, params *TerraformResourceByIdentityQueryParams) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/terraform-resources/") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + queryValues := queryURL.Query() + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "modulePath", runtime.ParamLocationQuery, params.ModulePath); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "gitOriginUrl", runtime.ParamLocationQuery, params.GitOriginUrl); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "gitCommitHash", runtime.ParamLocationQuery, params.GitCommitHash); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + queryURL.RawQuery = queryValues.Encode() + + req, err := http.NewRequest("GET", queryURL.String(), nil) + if err != nil { + return nil, err + } + + return req, nil +} + // NewReportTerraformResourcesMutationRequest calls the generic ReportTerraformResourcesMutation builder with application/json body func NewReportTerraformResourcesMutationRequest(server string, body ReportTerraformResourcesMutationJSONRequestBody) (*http.Request, error) { var bodyReader io.Reader @@ -6891,6 +6980,9 @@ type ClientWithResponsesInterface interface { UpdateServiceMutationWithResponse(ctx context.Context, id string, body UpdateServiceMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateServiceMutationResponse, error) + // TerraformResourceByIdentityQuery request + TerraformResourceByIdentityQueryWithResponse(ctx context.Context, params *TerraformResourceByIdentityQueryParams, reqEditors ...RequestEditorFn) (*TerraformResourceByIdentityQueryResponse, error) + // ReportTerraformResourcesMutation request with any body ReportTerraformResourcesMutationWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*ReportTerraformResourcesMutationResponse, error) @@ -8853,6 +8945,36 @@ func (r UpdateServiceMutationResponse) StatusCode() int { return 0 } +type TerraformResourceByIdentityQueryResponse struct { + Body []byte + HTTPResponse *http.Response + JSON200 *TerraformResourceInfo + JSON400 *Error + JSON401 *Error + JSON403 *Error + JSON404 *Error + JSON409 *Error + JSON422 *Error + JSON500 *Error + JSONDefault *Error +} + +// Status returns HTTPResponse.Status +func (r TerraformResourceByIdentityQueryResponse) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r TerraformResourceByIdentityQueryResponse) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + type ReportTerraformResourcesMutationResponse struct { Body []byte HTTPResponse *http.Response @@ -9808,6 +9930,15 @@ func (c *ClientWithResponses) UpdateServiceMutationWithResponse(ctx context.Cont return ParseUpdateServiceMutationResponse(rsp) } +// TerraformResourceByIdentityQueryWithResponse request returning *TerraformResourceByIdentityQueryResponse +func (c *ClientWithResponses) TerraformResourceByIdentityQueryWithResponse(ctx context.Context, params *TerraformResourceByIdentityQueryParams, reqEditors ...RequestEditorFn) (*TerraformResourceByIdentityQueryResponse, error) { + rsp, err := c.TerraformResourceByIdentityQuery(ctx, params, reqEditors...) + if err != nil { + return nil, err + } + return ParseTerraformResourceByIdentityQueryResponse(rsp) +} + // ReportTerraformResourcesMutationWithBodyWithResponse request with arbitrary body returning *ReportTerraformResourcesMutationResponse func (c *ClientWithResponses) ReportTerraformResourcesMutationWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*ReportTerraformResourcesMutationResponse, error) { rsp, err := c.ReportTerraformResourcesMutationWithBody(ctx, contentType, body, reqEditors...) @@ -15173,6 +15304,88 @@ func ParseUpdateServiceMutationResponse(rsp *http.Response) (*UpdateServiceMutat return response, nil } +// ParseTerraformResourceByIdentityQueryResponse parses an HTTP response from a TerraformResourceByIdentityQueryWithResponse call +func ParseTerraformResourceByIdentityQueryResponse(rsp *http.Response) (*TerraformResourceByIdentityQueryResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &TerraformResourceByIdentityQueryResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest TerraformResourceInfo + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON409 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && true: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSONDefault = &dest + + } + + return response, nil +} + // ParseReportTerraformResourcesMutationResponse parses an HTTP response from a ReportTerraformResourcesMutationWithResponse call func ParseReportTerraformResourcesMutationResponse(rsp *http.Response) (*ReportTerraformResourcesMutationResponse, error) { bodyBytes, err := io.ReadAll(rsp.Body) diff --git a/src/pkg/cloudclient/restapi/cloudapi/openapi.json b/src/pkg/cloudclient/restapi/cloudapi/openapi.json index 7a19c4e3..45222704 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/openapi.json +++ b/src/pkg/cloudclient/restapi/cloudapi/openapi.json @@ -3875,7 +3875,7 @@ "info": { "title": "Otterize API Server", "version": "v1beta", - "x-revision": "e38121fccedf11461372912ac6f3a211e9a1137a" + "x-revision": "8322427a9dfa0aca93d9117002d3cac871d85cbd" }, "openapi": "3.0.0", "paths": { @@ -8459,6 +8459,76 @@ } }, "/terraform-resources/": { + "get": { + "description": "get terraform resource by git identity", + "operationId": "terraformResourceByIdentity_query", + "parameters": [ + { + "in": "query", + "name": "modulePath", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "gitOriginUrl", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "gitCommitHash", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TerraformResourceInfo" + } + } + }, + "description": "get terraform resource by git identity" + }, + "400": { + "$ref": "#/components/responses/APPLIED_INTENTS_ERROR" + }, + "401": { + "$ref": "#/components/responses/UNAUTHENTICATED" + }, + "403": { + "$ref": "#/components/responses/FORBIDDEN" + }, + "404": { + "$ref": "#/components/responses/NOT_FOUND" + }, + "409": { + "$ref": "#/components/responses/CONFLICT" + }, + "422": { + "$ref": "#/components/responses/BAD_USER_INPUT" + }, + "500": { + "$ref": "#/components/responses/INTERNAL_SERVER_ERROR" + }, + "default": { + "$ref": "#/components/responses/UNEXPECTED_ERROR" + } + }, + "summary": "get terraform resource by git identity", + "tags": [ + "terraform_resources" + ] + }, "post": { "description": "report terraform resources from Otterize CLI", "operationId": "reportTerraformResources_mutation", diff --git a/src/pkg/mapperclient/schema.graphql b/src/pkg/mapperclient/schema.graphql index 3699ddad..f7d5a690 100644 --- a/src/pkg/mapperclient/schema.graphql +++ b/src/pkg/mapperclient/schema.graphql @@ -166,6 +166,13 @@ input AWSOperation { client: NamespacedName } +input GCPOperation { + resource: String! + permissions: [String!]! + srcIp: String + client: NamespacedName +} + input ServerFilter { name: String! namespace: String! @@ -228,5 +235,6 @@ type Mutation { reportIstioConnectionResults(results: IstioConnectionResults!): Boolean! reportAWSOperation(operation: [AWSOperation!]!): Boolean! reportAzureOperation(operation: [AzureOperation!]!): Boolean! + reportGCPOperation(operation: [GCPOperation!]!): Boolean! reportTrafficLevelResults(results: TrafficLevelResults!): Boolean! } From 84bee71b3838894f107894b87efa9a95d895eb84 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Thu, 13 Mar 2025 13:36:23 +0200 Subject: [PATCH 05/16] lint fix --- src/cmd/terraform/get/get-resource-info.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmd/terraform/get/get-resource-info.go b/src/cmd/terraform/get/get-resource-info.go index d97f5bb5..a76e1604 100644 --- a/src/cmd/terraform/get/get-resource-info.go +++ b/src/cmd/terraform/get/get-resource-info.go @@ -50,7 +50,7 @@ var GetResourceInfoCmd = &cobra.Command{ if err != nil { return err } - prints.PrintCliStderr(string(prettyJSON.Bytes())) + prints.PrintCliStderr(prettyJSON.String()) return nil }, From ec91676a6d17823bf26702e1afb3cbdc22d00192 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Thu, 13 Mar 2025 13:50:12 +0200 Subject: [PATCH 06/16] lint fix --- src/cmd/terraform/upload/upload-resource-info.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/cmd/terraform/upload/upload-resource-info.go b/src/cmd/terraform/upload/upload-resource-info.go index cf57d3d0..572085e6 100644 --- a/src/cmd/terraform/upload/upload-resource-info.go +++ b/src/cmd/terraform/upload/upload-resource-info.go @@ -76,6 +76,9 @@ var UploadResourceInfoCmd = &cobra.Command{ prints.PrintCliStderr("Resources reported:") jsonData, err := json.MarshalIndent(resourceInfo, "", " ") + if err != nil { + return err + } prints.PrintCliStderr(string(jsonData)) return nil From 780f49689703bf25b358be4fbbf54319c88df93e Mon Sep 17 00:00:00 2001 From: davidrobert Date: Mon, 17 Mar 2025 14:37:04 +0200 Subject: [PATCH 07/16] pr fixes --- src/cmd/terraform/get/get-resource-info.go | 12 ++--- src/cmd/terraform/terraform.go | 4 +- .../terraform/upload/upload-resource-info.go | 54 +++++++++++-------- src/pkg/cloudclient/graphql/schema.graphql | 16 ++---- .../cloudclient/restapi/cloudapi/api.gen.go | 7 +-- .../cloudclient/restapi/cloudapi/openapi.json | 20 +++++-- src/pkg/git/utils.go | 6 ++- src/pkg/terraform/aws.go | 50 +++++++++-------- src/pkg/terraform/utils.go | 6 ++- 9 files changed, 96 insertions(+), 79 deletions(-) diff --git a/src/cmd/terraform/get/get-resource-info.go b/src/cmd/terraform/get/get-resource-info.go index a76e1604..3373cdf9 100644 --- a/src/cmd/terraform/get/get-resource-info.go +++ b/src/cmd/terraform/get/get-resource-info.go @@ -4,10 +4,10 @@ import ( "bytes" "context" "encoding/json" - "fmt" cloudclient "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi" "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi/cloudapi" "github.com/otterize/otterize-cli/src/pkg/config" + "github.com/otterize/otterize-cli/src/pkg/errors" "github.com/otterize/otterize-cli/src/pkg/git" "github.com/otterize/otterize-cli/src/pkg/utils/prints" "github.com/spf13/cobra" @@ -15,14 +15,14 @@ import ( var GetResourceInfoCmd = &cobra.Command{ Use: "get-resource-info", - Short: "Queries the cloud for the saved terraform resource information for the given module", + Short: "Queries the cloud for the given module's saved Terraform resource information", SilenceUsage: true, RunE: func(cmd *cobra.Command, args []string) error { workingDir, _ := cmd.Flags().GetString("tf-dir") gitInfo, err := git.GetGitRepoInformation(workingDir) if err != nil { - return fmt.Errorf("error getting git information: %w", err) + return errors.Errorf("error getting git information: %w", err) } ctxTimeout, cancel := context.WithTimeout(context.Background(), config.DefaultTimeout) @@ -44,18 +44,18 @@ var GetResourceInfoCmd = &cobra.Command{ return err } - prints.PrintCliStderr("Resources found for current tfmodule:") + prints.PrintCliOutput("Resources found for current tfmodule:") var prettyJSON bytes.Buffer err = json.Indent(&prettyJSON, resp.Body, "", " ") if err != nil { return err } - prints.PrintCliStderr(prettyJSON.String()) + prints.PrintCliOutput(prettyJSON.String()) return nil }, } func init() { - GetResourceInfoCmd.PersistentFlags().String("tf-dir", "", "Manually specify the terraform module location") + GetResourceInfoCmd.PersistentFlags().String("tf-dir", "", "Specifies the path of the Terraform module to be analyzed. If not specified, autodetects the path.") } diff --git a/src/cmd/terraform/terraform.go b/src/cmd/terraform/terraform.go index d79d0b88..3977be93 100644 --- a/src/cmd/terraform/terraform.go +++ b/src/cmd/terraform/terraform.go @@ -14,12 +14,12 @@ var TerraformCmd = &cobra.Command{ Use: "terraform", GroupID: groups.IntegrationsGroup.ID, Aliases: []string{"terraform", "tf"}, - Short: "Integrate with Terraform state", + Short: "Terraform Integration", } func init() { cloudclient.RegisterAPIFlags(TerraformCmd) - TerraformCmd.PersistentFlags().BoolVar(&debug, "dry-run", false, "Simulate the command without making changes") + TerraformCmd.PersistentFlags().BoolVar(&debug, "dry-run", false, "Simulate the command without making any requests to Otterize Cloud") TerraformCmd.AddCommand(get.GetResourceInfoCmd) TerraformCmd.AddCommand(upload.UploadResourceInfoCmd) diff --git a/src/cmd/terraform/upload/upload-resource-info.go b/src/cmd/terraform/upload/upload-resource-info.go index 572085e6..12461b5b 100644 --- a/src/cmd/terraform/upload/upload-resource-info.go +++ b/src/cmd/terraform/upload/upload-resource-info.go @@ -3,10 +3,10 @@ package upload import ( "context" "encoding/json" - "fmt" cloudclient "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi" "github.com/otterize/otterize-cli/src/pkg/cloudclient/restapi/cloudapi" "github.com/otterize/otterize-cli/src/pkg/config" + "github.com/otterize/otterize-cli/src/pkg/errors" "github.com/otterize/otterize-cli/src/pkg/git" "github.com/otterize/otterize-cli/src/pkg/terraform" "github.com/otterize/otterize-cli/src/pkg/utils/prints" @@ -19,22 +19,25 @@ var UploadResourceInfoCmd = &cobra.Command{ Short: "Parses the tf state and uploads the iam information to the Otterize cloud", SilenceUsage: true, RunE: func(cmd *cobra.Command, args []string) error { + ctxTimeout, cancel := context.WithTimeout(context.Background(), config.DefaultTimeout) + defer cancel() + dryRun, _ := cmd.Flags().GetBool("dry-run") workingDir, _ := cmd.Flags().GetString("tf-dir") tfClient, err := terraform.GetTerraformClient(workingDir) if err != nil { - return fmt.Errorf("error Initializing terraform client: %w", err) + return errors.Errorf("error initializing terraform client: %w", err) } - state, err := tfClient.Show(context.Background()) + state, err := tfClient.Show(ctxTimeout) if err != nil { - return fmt.Errorf("error pulling Terraform state: %w", err) + return errors.Errorf("error pulling Terraform state: %w", err) } gitInfo, err := git.GetGitRepoInformation(workingDir) if err != nil { - return fmt.Errorf("error getting git information: %w", err) + return errors.Errorf("error getting git information: %w", err) } terraformIamInfo := terraform.TerraformResourceInfo{} @@ -52,39 +55,44 @@ var UploadResourceInfoCmd = &cobra.Command{ } if !dryRun { - prints.PrintCliStderr("Uploading Terraform AWS role & policy information to Otterize Cloud...") - - ctxTimeout, cancel := context.WithTimeout(context.Background(), config.DefaultTimeout) - defer cancel() - - c, err := cloudclient.NewClient(ctxTimeout) - if err != nil { - return err - } - - _, err = c.ReportTerraformResourcesMutationWithResponse(ctxTimeout, - cloudapi.ReportTerraformResourcesMutationJSONRequestBody{ - ResourceInfo: resourceInfo, - }, - ) + prints.PrintCliOutput("Uploading Terraform AWS role & policy information to Otterize Cloud...") + err := reportTerraformResourcesToCloud(ctxTimeout, resourceInfo) if err != nil { return err } } else { - prints.PrintCliStderr("Skipping upload...") + prints.PrintCliOutput("Dry run enabled: not uploading data to Otterize Cloud") } - prints.PrintCliStderr("Resources reported:") + prints.PrintCliOutput("Resources reported:") jsonData, err := json.MarshalIndent(resourceInfo, "", " ") if err != nil { return err } - prints.PrintCliStderr(string(jsonData)) + prints.PrintCliOutput(string(jsonData)) return nil }, } +func reportTerraformResourcesToCloud(ctx context.Context, resourceInfo cloudapi.InputTerraformResourceInfo) error { + c, err := cloudclient.NewClient(ctx) + if err != nil { + return err + } + + _, err = c.ReportTerraformResourcesMutationWithResponse(ctx, + cloudapi.ReportTerraformResourcesMutationJSONRequestBody{ + ResourceInfo: resourceInfo, + }, + ) + if err != nil { + return err + } + + return nil +} + func init() { UploadResourceInfoCmd.PersistentFlags().String("tf-dir", "", "Manually specify the terraform module location") } diff --git a/src/pkg/cloudclient/graphql/schema.graphql b/src/pkg/cloudclient/graphql/schema.graphql index c5d949e6..c28a47e1 100644 --- a/src/pkg/cloudclient/graphql/schema.graphql +++ b/src/pkg/cloudclient/graphql/schema.graphql @@ -446,11 +446,6 @@ type ClientIntentsRow { calledServerId: ID } -type CloudAccessEntry { - identity: String! - resourceActions: [ResourceActions!]! -} - type CloudIam { awsRoles: [String!] } @@ -943,12 +938,14 @@ type GitHubRepoInfo { repository: String! baseBranch: String! intentsPath: String! + terraformPath: String! } input GitHubRepoInfoInput { repository: String! baseBranch: String! intentsPath: String! + terraformPath: String! } type GitHubSettings { @@ -983,6 +980,7 @@ input GitLabRepoInfoInput { projectPath: String! baseBranch: String! intentsPath: String! + terraformPath: String! } type GitLabSettings { @@ -2223,9 +2221,6 @@ type Query { accessGraphServices( filter: InputAccessGraphFilter ): [Service!]! - accessGraphCloudIam( - filter: InputAccessGraphFilter - ): [CloudAccessEntry!]! serviceAccessGraph( id: ID! ): ServiceAccessGraph! @@ -2484,11 +2479,6 @@ type Resource { inboundStatus: ServerProtectionStatusVerdict! } -type ResourceActions { - resource: String! - actions: [String!]! -} - enum RowDiff { ADDED REMOVED diff --git a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go index c8e6ec8f..9ef8f05c 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go +++ b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go @@ -872,9 +872,10 @@ type GitHubRepoFilterPair struct { // GitHubRepoInfo defines model for GitHubRepoInfo. type GitHubRepoInfo struct { - BaseBranch string `json:"baseBranch"` - IntentsPath string `json:"intentsPath"` - Repository string `json:"repository"` + BaseBranch string `json:"baseBranch"` + IntentsPath string `json:"intentsPath"` + Repository string `json:"repository"` + TerraformPath string `json:"terraformPath"` } // GitHubSettings defines model for GitHubSettings. diff --git a/src/pkg/cloudclient/restapi/cloudapi/openapi.json b/src/pkg/cloudclient/restapi/cloudapi/openapi.json index 45222704..7951209d 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/openapi.json +++ b/src/pkg/cloudclient/restapi/cloudapi/openapi.json @@ -1755,12 +1755,16 @@ }, "repository": { "type": "string" + }, + "terraformPath": { + "type": "string" } }, "required": [ "repository", "baseBranch", - "intentsPath" + "intentsPath", + "terraformPath" ], "type": "object" }, @@ -1774,12 +1778,16 @@ }, "repository": { "type": "string" + }, + "terraformPath": { + "type": "string" } }, "required": [ "repository", "baseBranch", - "intentsPath" + "intentsPath", + "terraformPath" ], "type": "object" }, @@ -1885,12 +1893,16 @@ }, "projectPath": { "type": "string" + }, + "terraformPath": { + "type": "string" } }, "required": [ "projectPath", "baseBranch", - "intentsPath" + "intentsPath", + "terraformPath" ], "type": "object" }, @@ -3875,7 +3887,7 @@ "info": { "title": "Otterize API Server", "version": "v1beta", - "x-revision": "8322427a9dfa0aca93d9117002d3cac871d85cbd" + "x-revision": "f97e9b3f3a576688a040df645fbe73be8ccbe002" }, "openapi": "3.0.0", "paths": { diff --git a/src/pkg/git/utils.go b/src/pkg/git/utils.go index a5172754..b81f95c3 100644 --- a/src/pkg/git/utils.go +++ b/src/pkg/git/utils.go @@ -15,8 +15,12 @@ func GetGitRoot(repo *git.Repository) (string, error) { } func GetGitRepoInformation(workingDir string) (*LocalGitInformation, error) { + var err error if workingDir == "" { - workingDir = os.Getenv("PWD") + workingDir, err = os.Getwd() + if err != nil { + return nil, err + } } repo, err := git.PlainOpenWithOptions(workingDir, &git.PlainOpenOptions{DetectDotGit: true}) diff --git a/src/pkg/terraform/aws.go b/src/pkg/terraform/aws.go index f3bd20ca..3d6086cc 100644 --- a/src/pkg/terraform/aws.go +++ b/src/pkg/terraform/aws.go @@ -3,6 +3,7 @@ package terraform import ( "encoding/json" tfjson "github.com/hashicorp/terraform-json" + "github.com/otterize/otterize-cli/src/pkg/utils/prints" ) func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { @@ -15,16 +16,28 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { } for _, resource := range state.Values.RootModule.Resources { - extractAwsIamRoleInfo(resource, roleIdToInfo) - extractAwsIamPolicyInfo(resource, policyArnToInfo) - extractAwsIamRolePolicyAttachmentInfo(resource, roleIdToPolicies) + if resource.Type == "aws_iam_role" { + extractAwsIamRoleInfo(resource, roleIdToInfo) + } + if resource.Type == "aws_iam_policy" { + extractAwsIamPolicyInfo(resource, policyArnToInfo) + } + if resource.Type == "aws_iam_role_policy_attachment" { + extractAwsIamRolePolicyAttachmentInfo(resource, roleIdToPolicies) + } } for _, childModule := range state.Values.RootModule.ChildModules { for _, resource := range childModule.Resources { - extractAwsIamRoleInfo(resource, roleIdToInfo) - extractAwsIamPolicyInfo(resource, policyArnToInfo) - extractAwsIamRolePolicyAttachmentInfo(resource, roleIdToPolicies) + if resource.Type == "aws_iam_role" { + extractAwsIamRoleInfo(resource, roleIdToInfo) + } + if resource.Type == "aws_iam_policy" { + extractAwsIamPolicyInfo(resource, policyArnToInfo) + } + if resource.Type == "aws_iam_role_policy_attachment" { + extractAwsIamRolePolicyAttachmentInfo(resource, roleIdToPolicies) + } } } @@ -37,6 +50,8 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { for _, policyArn := range policies { if policyInfo, ok := policyArnToInfo[policyArn]; ok { roleInfo.AttachedPolicies = append(roleInfo.AttachedPolicies, policyInfo) + } else { + prints.PrintCliOutput("Did not find policy matching ARN '%s', deleted in this version?", policyArn) } } } @@ -48,17 +63,13 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { } func extractAwsIamRoleInfo(resource *tfjson.StateResource, roleIdToArn map[string]AwsRoleInfo) { - if resource.Type != "aws_iam_role" { - return - } - inlinePolicy, err := json.Marshal(resource.AttributeValues["inline_policy"]) if err != nil { inlinePolicy = []byte{} } - id, _ := resource.AttributeValues["id"].(string) - arn, _ := resource.AttributeValues["arn"].(string) + id := resource.AttributeValues["id"].(string) + arn := resource.AttributeValues["arn"].(string) roleIdToArn[id] = AwsRoleInfo{ Arn: arn, Address: resource.Address, @@ -67,26 +78,13 @@ func extractAwsIamRoleInfo(resource *tfjson.StateResource, roleIdToArn map[strin } func extractAwsIamRolePolicyAttachmentInfo(resource *tfjson.StateResource, roleIdToPolicies map[string][]string) { - if resource.Type != "aws_iam_role_policy_attachment" { - return - } - roleId := resource.AttributeValues["role"].(string) policyArn := resource.AttributeValues["policy_arn"].(string) - _, ok := roleIdToPolicies[roleId] - if ok { - roleIdToPolicies[roleId] = append(roleIdToPolicies[roleId], policyArn) - } else { - roleIdToPolicies[roleId] = []string{policyArn} - } + roleIdToPolicies[roleId] = append(roleIdToPolicies[roleId], policyArn) } func extractAwsIamPolicyInfo(resource *tfjson.StateResource, policyArnToInfo map[string]AwsPolicyInfo) { - if resource.Type != "aws_iam_policy" { - return - } - policyArn := resource.AttributeValues["arn"].(string) policyArnToInfo[policyArn] = AwsPolicyInfo{ Arn: policyArn, diff --git a/src/pkg/terraform/utils.go b/src/pkg/terraform/utils.go index 5f31b18e..467eb0b1 100644 --- a/src/pkg/terraform/utils.go +++ b/src/pkg/terraform/utils.go @@ -17,8 +17,12 @@ func GetTerraformPath() (string, error) { } func GetTerraformClient(workingDir string) (*tfexec.Terraform, error) { + var err error if workingDir == "" { - workingDir = os.Getenv("PWD") + workingDir, err = os.Getwd() + if err != nil { + return nil, err + } } terraformPath, err := GetTerraformPath() From 7200613c392028b959fe830c1ebfddfbcb7ed49d Mon Sep 17 00:00:00 2001 From: davidrobert Date: Mon, 17 Mar 2025 15:31:09 +0200 Subject: [PATCH 08/16] revert pr fix --- src/pkg/git/utils.go | 5 +---- src/pkg/terraform/utils.go | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/src/pkg/git/utils.go b/src/pkg/git/utils.go index b81f95c3..86865e33 100644 --- a/src/pkg/git/utils.go +++ b/src/pkg/git/utils.go @@ -17,10 +17,7 @@ func GetGitRoot(repo *git.Repository) (string, error) { func GetGitRepoInformation(workingDir string) (*LocalGitInformation, error) { var err error if workingDir == "" { - workingDir, err = os.Getwd() - if err != nil { - return nil, err - } + workingDir = os.Getenv("PWD") } repo, err := git.PlainOpenWithOptions(workingDir, &git.PlainOpenOptions{DetectDotGit: true}) diff --git a/src/pkg/terraform/utils.go b/src/pkg/terraform/utils.go index 467eb0b1..5b21ae8d 100644 --- a/src/pkg/terraform/utils.go +++ b/src/pkg/terraform/utils.go @@ -19,10 +19,7 @@ func GetTerraformPath() (string, error) { func GetTerraformClient(workingDir string) (*tfexec.Terraform, error) { var err error if workingDir == "" { - workingDir, err = os.Getwd() - if err != nil { - return nil, err - } + workingDir = os.Getenv("PWD") } terraformPath, err := GetTerraformPath() From b6f0f3a8dc5d283e947a16145a2acf324e8dd1a8 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Mon, 17 Mar 2025 19:24:53 +0200 Subject: [PATCH 09/16] pr fix --- src/data/aws/aws-policies.json | 1337 ++++++++++++++++++++++++++++++++ src/data/data.go | 6 + src/data/generate.go | 3 + src/pkg/terraform/aws.go | 22 +- 4 files changed, 1367 insertions(+), 1 deletion(-) create mode 100644 src/data/aws/aws-policies.json create mode 100644 src/data/data.go create mode 100644 src/data/generate.go diff --git a/src/data/aws/aws-policies.json b/src/data/aws/aws-policies.json new file mode 100644 index 00000000..7236f81d --- /dev/null +++ b/src/data/aws/aws-policies.json @@ -0,0 +1,1337 @@ +[ + "arn:aws:iam::aws:policy/AdministratorAccess", + "arn:aws:iam::aws:policy/PowerUserAccess", + "arn:aws:iam::aws:policy/ReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess", + "arn:aws:iam::aws:policy/CloudFrontFullAccess", + "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess", + "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess", + "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess", + "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess", + "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess", + "arn:aws:iam::aws:policy/CloudSearchFullAccess", + "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess", + "arn:aws:iam::aws:policy/CloudWatchFullAccess", + "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess", + "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess", + "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess", + "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess", + "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", + "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline", + "arn:aws:iam::aws:policy/AmazonEC2FullAccess", + "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess", + "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess", + "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonGlacierFullAccess", + "arn:aws:iam::aws:policy/AmazonKinesisFullAccess", + "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSMarketplaceRead-only", + "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions", + "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess", + "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess", + "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess", + "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess", + "arn:aws:iam::aws:policy/IAMFullAccess", + "arn:aws:iam::aws:policy/IAMReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser", + "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess", + "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSImportExportFullAccess", + "arn:aws:iam::aws:policy/AWSLambdaExecute", + "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB", + "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess", + "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonRDSFullAccess", + "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonRoute53FullAccess", + "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess", + "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonS3FullAccess", + "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", + "arn:aws:iam::aws:policy/SecurityAudit", + "arn:aws:iam::aws:policy/AmazonSESFullAccess", + "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess", + "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess", + "arn:aws:iam::aws:policy/AmazonSNSFullAccess", + "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonSQSFullAccess", + "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess", + "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSSupportAccess", + "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess", + "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonZocaloFullAccess", + "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonVPCFullAccess", + "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSAccountActivityAccess", + "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess", + "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole", + "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role", + "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole", + "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole", + "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole", + "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole", + "arn:aws:iam::aws:policy/service-role/AWSLambdaRole", + "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole", + "arn:aws:iam::aws:policy/service-role/AmazonSNSRole", + "arn:aws:iam::aws:policy/AWSConnector", + "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess", + "arn:aws:iam::aws:policy/AWSConfigUserAccess", + "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", + "arn:aws:iam::aws:policy/AmazonCognitoReadOnly", + "arn:aws:iam::aws:policy/AmazonCognitoPowerUser", + "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities", + "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess", + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", + "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", + "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole", + "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess", + "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess", + "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess", + "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess", + "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole", + "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy", + "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess", + "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess", + "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess", + "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonSSMFullAccess", + "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM", + "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access", + "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess", + "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", + "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly", + "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser", + "arn:aws:iam::aws:policy/IAMUserSSHKeys", + "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator", + "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess", + "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess", + "arn:aws:iam::aws:policy/AmazonDRSVPCManagement", + "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector", + "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin", + "arn:aws:iam::aws:policy/AmazonESFullAccess", + "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSWAFFullAccess", + "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonInspectorFullAccess", + "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions", + "arn:aws:iam::aws:policy/service-role/AWSIoTLogging", + "arn:aws:iam::aws:policy/AWSIoTFullAccess", + "arn:aws:iam::aws:policy/AWSIoTDataAccess", + "arn:aws:iam::aws:policy/AWSIoTConfigAccess", + "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS", + "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift", + "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM", + "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole", + "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", + "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole", + "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess", + "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly", + "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", + "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser", + "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess", + "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole", + "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess", + "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess", + "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess", + "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess", + "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly", + "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier", + "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier", + "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth", + "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", + "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess", + "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService", + "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role", + "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess", + "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess", + "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole", + "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration", + "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess", + "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService", + "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole", + "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly", + "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess", + "arn:aws:iam::aws:policy/ServerMigrationConnector", + "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess", + "arn:aws:iam::aws:policy/job-function/SupportUser", + "arn:aws:iam::aws:policy/job-function/SystemAdministrator", + "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator", + "arn:aws:iam::aws:policy/job-function/DataScientist", + "arn:aws:iam::aws:policy/job-function/NetworkAdministrator", + "arn:aws:iam::aws:policy/job-function/Billing", + "arn:aws:iam::aws:policy/IAMUserChangePassword", + "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole", + "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess", + "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole", + "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole", + "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess", + "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonAthenaFullAccess", + "arn:aws:iam::aws:policy/AmazonPollyFullAccess", + "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole", + "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess", + "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSXrayFullAccess", + "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", + "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess", + "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole", + "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess", + "arn:aws:iam::aws:policy/AWSHealthFullAccess", + "arn:aws:iam::aws:policy/AWSBatchFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole", + "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess", + "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials", + "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess", + "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess", + "arn:aws:iam::aws:policy/AutoScalingFullAccess", + "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess", + "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess", + "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess", + "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser", + "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess", + "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy", + "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role", + "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess", + "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements", + "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs", + "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly", + "arn:aws:iam::aws:policy/AmazonLexReadOnly", + "arn:aws:iam::aws:policy/AmazonLexFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole", + "arn:aws:iam::aws:policy/AWSCodeStarFullAccess", + "arn:aws:iam::aws:policy/AWSGreengrassFullAccess", + "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole", + "arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly", + "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole", + "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonVPCCrossAccountNetworkInterfaceOperations", + "arn:aws:iam::aws:policy/AmazonSSMAutomationApproverAccess", + "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDiscoveryAccess", + "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole", + "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSGlueServiceNotebookRole", + "arn:aws:iam::aws:policy/service-role/AWSMigrationHubSMSAccess", + "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDMSAccess", + "arn:aws:iam::aws:policy/AWSMigrationHubFullAccess", + "arn:aws:iam::aws:policy/service-role/AmazonMacieServiceRole", + "arn:aws:iam::aws:policy/AmazonMacieFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonRedshiftServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingClassicServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSEnhancedClassicNetworkingMangementPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRCleanupPolicy", + "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy", + "arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSLambdaReplicator", + "arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForEC2ScheduledInstances", + "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingRDSClusterPolicy", + "arn:aws:iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingAppStreamFleetPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingDynamoDBTablePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEC2SpotFleetRequestPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEMRInstanceGroupPolicy", + "arn:aws:iam::aws:policy/AmazonChimeReadOnly", + "arn:aws:iam::aws:policy/AmazonChimeFullAccess", + "arn:aws:iam::aws:policy/AmazonChimeUserManagement", + "arn:aws:iam::aws:policy/aws-service-role/CloudHSMServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonECS_FullAccess", + "arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonInspectorServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda", + "arn:aws:iam::aws:policy/AmazonMQFullAccess", + "arn:aws:iam::aws:policy/AmazonMQReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess", + "arn:aws:iam::aws:policy/AmazonSageMakerReadOnly", + "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess", + "arn:aws:iam::aws:policy/AmazonFreeRTOSFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSDeepLensServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSDeepLensLambdaFunctionAccessPolicy", + "arn:aws:iam::aws:policy/service-role/AmazonRekognitionServiceRole", + "arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess", + "arn:aws:iam::aws:policy/ComprehendFullAccess", + "arn:aws:iam::aws:policy/ComprehendReadOnly", + "arn:aws:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess", + "arn:aws:iam::aws:policy/TranslateReadOnly", + "arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSCloud9User", + "arn:aws:iam::aws:policy/AWSCloud9Administrator", + "arn:aws:iam::aws:policy/AWSCloud9EnvironmentMember", + "arn:aws:iam::aws:policy/AlexaForBusinessFullAccess", + "arn:aws:iam::aws:policy/AlexaForBusinessReadOnlyAccess", + "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup", + "arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution", + "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration", + "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSIoTOTAUpdate", + "arn:aws:iam::aws:policy/AWSElementalMediaPackageFullAccess", + "arn:aws:iam::aws:policy/AWSElementalMediaPackageReadOnly", + "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingSageMakerEndpointPolicy", + "arn:aws:iam::aws:policy/AWSServiceCatalogAdminFullAccess", + "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonESCognitoAccess", + "arn:aws:iam::aws:policy/service-role/AWSBatchServiceEventTargetRole", + "arn:aws:iam::aws:policy/aws-service-role/DAXServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSElementalMediaStoreFullAccess", + "arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy", + "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy", + "arn:aws:iam::aws:policy/AWSResourceGroupsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSElementalMediaStoreReadOnly", + "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingRegistrantAccess", + "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations", + "arn:aws:iam::aws:policy/AWSAppSyncAdministrator", + "arn:aws:iam::aws:policy/AWSAppSyncSchemaAuthor", + "arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSEC2FleetServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/FMSServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonTranscribeReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonTranscribeFullAccess", + "arn:aws:iam::aws:policy/SecretsManagerReadWrite", + "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs", + "arn:aws:iam::aws:policy/service-role/AWSArtifactAccountSync", + "arn:aws:iam::aws:policy/AmazonElasticTranscoder_FullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSBetaServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSFMAdminFullAccess", + "arn:aws:iam::aws:policy/AWSFMAdminReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSFMMemberReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSIoT1ClickReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSIoT1ClickFullAccess", + "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", + "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", + "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", + "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", + "arn:aws:iam::aws:policy/NeptuneReadOnlyAccess", + "arn:aws:iam::aws:policy/NeptuneFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSPreviewServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoScalingCustomResourcePolicy", + "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy", + "arn:aws:iam::aws:policy/AmazonElasticTranscoder_ReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonElasticTranscoder_JobsSubmitter", + "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontLogger", + "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", + "arn:aws:iam::aws:policy/AWSIoTAnalyticsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSIoTAnalyticsFullAccess", + "arn:aws:iam::aws:policy/NeptuneConsoleFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonMacieServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSElementalMediaConvertReadOnly", + "arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess", + "arn:aws:iam::aws:policy/AWSSSOReadOnly", + "arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator", + "arn:aws:iam::aws:policy/AWSSSOMemberAccountAdministrator", + "arn:aws:iam::aws:policy/service-role/AmazonMacieHandshakeRole", + "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole", + "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAudit", + "arn:aws:iam::aws:policy/AWSMarketplaceImageBuildFullAccess", + "arn:aws:iam::aws:policy/AWSDiscoveryContinuousExportFirehosePolicy", + "arn:aws:iam::aws:policy/aws-service-role/ApplicationDiscoveryServiceContinuousExportServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy", + "arn:aws:iam::aws:policy/aws-service-role/WAFRegionalLoggingServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/WAFLoggingServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonFreeRTOSOTAUpdate", + "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/ElasticLoadBalancingReadOnly", + "arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/LightsailExportAccess", + "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditor", + "arn:aws:iam::aws:policy/AWSGlueConsoleSageMakerNotebookFullAccess", + "arn:aws:iam::aws:policy/AmazonConnectReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAAuditor", + "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAUser", + "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAFullAccess", + "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAReadOnly", + "arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSGreengrassReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSSSODirectoryReadOnly", + "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator", + "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess", + "arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise", + "arn:aws:iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceEditorsRole", + "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess", + "arn:aws:iam::aws:policy/AWSRoboMakerReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSRoboMakerServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSRoboMakerServicePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSVPCTransitGatewayServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMemberAccountRolePolicy", + "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceLaunchRole", + "arn:aws:iam::aws:policy/GlobalAcceleratorReadOnlyAccess", + "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess", + "arn:aws:iam::aws:policy/AWSPrivateMarketplaceAdminFullAccess", + "arn:aws:iam::aws:policy/ComprehendMedicalFullAccess", + "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS", + "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECSLimited", + "arn:aws:iam::aws:policy/TranslateFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess", + "arn:aws:iam::aws:policy/AWSSecurityHubReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonFSxServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/FSxDeleteServiceLinkedRoleAccess", + "arn:aws:iam::aws:policy/AmazonFSxReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonFSxFullAccess", + "arn:aws:iam::aws:policy/AmazonFSxConsoleReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonFSxConsoleFullAccess", + "arn:aws:iam::aws:policy/AmazonTextractFullAccess", + "arn:aws:iam::aws:policy/service-role/AmazonTextractServiceRole", + "arn:aws:iam::aws:policy/AWSCloudMapReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSCloudMapFullAccess", + "arn:aws:iam::aws:policy/AWSCloudMapDiscoverInstanceAccess", + "arn:aws:iam::aws:policy/AWSCloudMapRegisterInstanceAccess", + "arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess", + "arn:aws:iam::aws:policy/WellArchitectedConsoleReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/AWSIoTSiteWiseFullAccess", + "arn:aws:iam::aws:policy/AWSIoTSiteWiseReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AmazonPersonalizeFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonMQApiReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonMQApiFullAccess", + "arn:aws:iam::aws:policy/AmazonDocDBFullAccess", + "arn:aws:iam::aws:policy/AmazonDocDBReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonDocDBConsoleFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup", + "arn:aws:iam::aws:policy/AWSIoTEventsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSIoTEventsFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkMaintenance", + "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores", + "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess", + "arn:aws:iam::aws:policy/AmazonMSKFullAccess", + "arn:aws:iam::aws:policy/AmazonMSKReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonForecastFullAccess", + "arn:aws:iam::aws:policy/AWSDataSyncReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSDataSyncFullAccess", + "arn:aws:iam::aws:policy/WorkLinkServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSDeepRacerCloudFormationAccessPolicy", + "arn:aws:iam::aws:policy/AWSDeepRacerRoboMakerAccessPolicy", + "arn:aws:iam::aws:policy/service-role/ComprehendDataAccessRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AlexaForBusinessNetworkProfileServicePolicy", + "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", + "arn:aws:iam::aws:policy/AmazonSSMDirectoryServiceAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpEmailServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSIQFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkMailEventsServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSAppMeshFullAccess", + "arn:aws:iam::aws:policy/AWSAppMeshReadOnly", + "arn:aws:iam::aws:policy/AmazonManagedBlockchainConsoleFullAccess", + "arn:aws:iam::aws:policy/AmazonManagedBlockchainFullAccess", + "arn:aws:iam::aws:policy/AmazonManagedBlockchainReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSDenyAll", + "arn:aws:iam::aws:policy/service-role/AWSControlTowerServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonRoute53ResolverFullAccess", + "arn:aws:iam::aws:policy/AmazonRoute53ResolverReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSIoTSiteWiseConsoleFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/MigrationHubServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/MigrationHubDMSAccessServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/MigrationHubSMSAccessServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSConfigMultiAccountSetupPolicy", + "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_OnPremises", + "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_EC2", + "arn:aws:iam::aws:policy/aws-service-role/AWSConfigRemediationServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshPreviewServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAPrivilegedUser", + "arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy", + "arn:aws:iam::aws:policy/IAMAccessAdvisorReadOnly", + "arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy", + "arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess", + "arn:aws:iam::aws:policy/ServiceQuotasFullAccess", + "arn:aws:iam::aws:policy/AWSMarketplaceProcurementSystemAdminFullAccess", + "arn:aws:iam::aws:policy/EC2InstanceConnect", + "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess", + "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess", + "arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccess", + "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsFullAccess", + "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsReadOnly", + "arn:aws:iam::aws:policy/AWSAppMeshEnvoyAccess", + "arn:aws:iam::aws:policy/AmazonEventBridgeReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/CloudWatch-CrossAccountAccess", + "arn:aws:iam::aws:policy/CloudWatchAutomaticDashboardsAccess", + "arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess", + "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareFullAccess", + "arn:aws:iam::aws:policy/AWSAppMeshPreviewEnvoyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSVPCS2SVpnServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForSMS", + "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", + "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", + "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", + "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateCACertMitigationAction", + "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", + "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", + "arn:aws:iam::aws:policy/AWSLakeFormationDataAdmin", + "arn:aws:iam::aws:policy/aws-service-role/AWSIQContractServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSIQPermissionServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonQLDBReadOnly", + "arn:aws:iam::aws:policy/AmazonQLDBFullAccess", + "arn:aws:iam::aws:policy/AmazonQLDBConsoleFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeVoiceConnectorServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForLogDeliveryPolicy", + "arn:aws:iam::aws:policy/AlexaForBusinessPolyDelegatedAccessPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerNotebooksServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingLambdaConcurrencyPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy", + "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSServiceCatalogAdminReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSPrivateMarketplaceRequests", + "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSSavingsPlansReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSSavingsPlansFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/WAFV2LoggingServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup", + "arn:aws:iam::aws:policy/AmazonEC2RolePolicyForLaunchWizard", + "arn:aws:iam::aws:policy/AWSDataExchangeReadOnly", + "arn:aws:iam::aws:policy/AWSDataExchangeSubscriberFullAccess", + "arn:aws:iam::aws:policy/AWSDataExchangeProviderFullAccess", + "arn:aws:iam::aws:policy/AWSDataExchangeFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSIoTSiteWiseMonitorServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingComprehendEndpointPolicy", + "arn:aws:iam::aws:policy/aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/AWSBackupFullAccess", + "arn:aws:iam::aws:policy/AWSBackupOperatorAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorReportingServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage", + "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkManagedUpdatesServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy", + "arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess", + "arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeSchemasServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder", + "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder", + "arn:aws:iam::aws:policy/IAMAccessAnalyzerFullAccess", + "arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonCodeGuruReviewerServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerFullAccess", + "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonMCSFullAccess", + "arn:aws:iam::aws:policy/AmazonMCSReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkManagerServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonKendraReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonKendraFullAccess", + "arn:aws:iam::aws:policy/AmazonSageMakerMechanicalTurkAccess", + "arn:aws:iam::aws:policy/AmazonAugmentedAIHumanLoopFullAccess", + "arn:aws:iam::aws:policy/AmazonAugmentedAIFullAccess", + "arn:aws:iam::aws:policy/AWSNetworkManagerReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSNetworkManagerFullAccess", + "arn:aws:iam::aws:policy/AmazonFraudDetectorFullAccessPolicy", + "arn:aws:iam::aws:policy/AWSResourceAccessManagerResourceShareParticipantAccess", + "arn:aws:iam::aws:policy/AWSResourceAccessManagerReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgAdminServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/Health_OrganizationsServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSImageBuilderReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSImageBuilderFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/EC2FleetTimeShiftableServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonRekognitionCustomLabelsFullAccess", + "arn:aws:iam::aws:policy/AmazonWorkDocsReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess", + "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonManagedBlockchainServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSAppSyncServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonChimeSDK", + "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForFreeRTOSFullAccess", + "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForGreengrassFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy", + "arn:aws:iam::aws:policy/ComputeOptimizerReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy", + "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareReadOnlyAccess", + "arn:aws:iam::aws:policy/GameLiftGameServerGroupPolicy", + "arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess", + "arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonWorkDocsFullAccess", + "arn:aws:iam::aws:policy/AmazonAugmentedAIIntegratedAPIAccess", + "arn:aws:iam::aws:policy/AmazonKeyspacesFullAccess", + "arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonDetectiveFullAccess", + "arn:aws:iam::aws:policy/AWSPurchaseOrdersServiceRolePolicy", + "arn:aws:iam::aws:policy/ServerMigrationServiceConsoleFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackupTest", + "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation", + "arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile", + "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForCloudFormation", + "arn:aws:iam::aws:policy/service-role/AWSIoTSiteWiseMonitorPortalAccess", + "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalGatewayPolicy", + "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalWorkerPolicy", + "arn:aws:iam::aws:policy/AWSThinkboxAssetServerPolicy", + "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAccessPolicy", + "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAdminPolicy", + "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginWorkerPolicy", + "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginAdminPolicy", + "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup", + "arn:aws:iam::aws:policy/AmazonAppFlowReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonAppFlowFullAccess", + "arn:aws:iam::aws:policy/AlexaForBusinessLifesizeDelegatedAccessPolicy", + "arn:aws:iam::aws:policy/ElementalActivationsFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleWorkerTier", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleSNS", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleRDS", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleECS", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCore", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCWL", + "arn:aws:iam::aws:policy/AWSCodeArtifactAdminAccess", + "arn:aws:iam::aws:policy/AWSBackupOrganizationAdminAccess", + "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSourceV3", + "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonHoneycodeFullAccess", + "arn:aws:iam::aws:policy/AmazonHoneycodeReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationFullAccess", + "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/CertificateManagerServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSCodeArtifactReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeGuru-Profiler", + "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSElementalMediaLiveReadOnly", + "arn:aws:iam::aws:policy/AWSElementalMediaLiveFullAccess", + "arn:aws:iam::aws:policy/AmazonSageMakerGroundTruthExecution", + "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRoleForInstanceValidation", + "arn:aws:iam::aws:policy/AWSCodePipeline_ReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonBraketServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSLakeFormationCrossAccountManager", + "arn:aws:iam::aws:policy/AmazonBraketFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSLambdaMSKExecutionRole", + "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantine", + "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController", + "arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceConnectionsRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited", + "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeployLimited", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingKafkaClusterPolicy", + "arn:aws:iam::aws:policy/AWSTransferReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess", + "arn:aws:iam::aws:policy/ElementalActivationsReadOnlyAccess", + "arn:aws:iam::aws:policy/ElementalActivationsGenerateLicenses", + "arn:aws:iam::aws:policy/ElementalActivationsDownloadSoftwareAccess", + "arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy", + "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess", + "arn:aws:iam::aws:policy/AWSRoboMaker_FullAccess", + "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole", + "arn:aws:iam::aws:policy/aws-service-role/MediaPackageServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSMarketplaceAmiIngestion", + "arn:aws:iam::aws:policy/AmazonElasticMapReducePlacementGroupPolicy", + "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils", + "arn:aws:iam::aws:policy/Ec2ImageBuilderCrossAccountDistributionAccess", + "arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy", + "arn:aws:iam::aws:policy/AmazonTimestreamReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonTimestreamFullAccess", + "arn:aws:iam::aws:policy/AmazonTimestreamConsoleFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonS3OutpostsFullAccess", + "arn:aws:iam::aws:policy/AmazonS3OutpostsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSDeepRacerFullAccess", + "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", + "arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSBudgetsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSBudgetsActionsWithAWSResourceControlAccess", + "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRoleForAMIManagement", + "arn:aws:iam::aws:policy/aws-service-role/AmazonMQServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSOutpostsServiceRolePolicy", + "arn:aws:iam::aws:policy/AwsGlueDataBrewFullAccessPolicy", + "arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryFullAccess", + "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkFirewallServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSLambda_FullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonHoneycodeServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/S3StorageLensServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryFullAccess", + "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryReadonlyAccess", + "arn:aws:iam::aws:policy/AmazonConnect_FullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonMWAAServiceRolePolicy", + "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsFullAccess", + "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess", + "arn:aws:iam::aws:policy/ElementalSupportCenterFullAccess", + "arn:aws:iam::aws:policy/AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSPanoramaGreengrassGroupRolePolicy", + "arn:aws:iam::aws:policy/AWSPanoramaFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSPanoramaSageMakerRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSPanoramaServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicPowerUser", + "arn:aws:iam::aws:policy/AmazonSageMakerFeatureStoreAccess", + "arn:aws:iam::aws:policy/AmazonDevOpsGuruReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonDevOpsGuruFullAccess", + "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess", + "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly", + "arn:aws:iam::aws:policy/AdministratorAccess-Amplify", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForMonitronPolicy", + "arn:aws:iam::aws:policy/AmazonMonitronFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceLicenseManagementServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSGlueDataBrewServiceRole", + "arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/IVSRecordToS3", + "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerChangeManagementServicePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerEdgeDeviceFleetPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRContainersServiceRolePolicy", + "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds", + "arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess", + "arn:aws:iam::aws:policy/AWSTransferConsoleFullAccess", + "arn:aws:iam::aws:policy/AWSTransferFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSIoTFleetHubFederationAccess", + "arn:aws:iam::aws:policy/AWSIoTWirelessFullAccess", + "arn:aws:iam::aws:policy/AWSIoTWirelessReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSIoTWirelessFullPublishAccess", + "arn:aws:iam::aws:policy/AWSIoTWirelessGatewayCertManager", + "arn:aws:iam::aws:policy/AWSIoTWirelessDataAccess", + "arn:aws:iam::aws:policy/AWSIoTWirelessLogging", + "arn:aws:iam::aws:policy/AWSCloudShellFullAccess", + "arn:aws:iam::aws:policy/AmazonPrometheusFullAccess", + "arn:aws:iam::aws:policy/AmazonPrometheusConsoleFullAccess", + "arn:aws:iam::aws:policy/AmazonPrometheusQueryAccess", + "arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonFISServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerCoreServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonLexChannelsAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSDirectConnectServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSOpsWorks_FullAccess", + "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnly", + "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk", + "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerAgentAccess", + "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonHealthLakeFullAccess", + "arn:aws:iam::aws:policy/AmazonHealthLakeReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSProtonDeveloperAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSStorageGatewayServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSProtonFullAccess", + "arn:aws:iam::aws:policy/AWSProtonReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSGrafanaConsoleReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagement", + "arn:aws:iam::aws:policy/AWSGrafanaAccountAdministrator", + "arn:aws:iam::aws:policy/AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/BatchServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2", + "arn:aws:iam::aws:policy/AmazonEMRReadOnlyAccessPolicy_v2", + "arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2", + "arn:aws:iam::aws:policy/AWSSecurityHubOrganizationsAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationMigrationServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationConversionServerPolicy", + "arn:aws:iam::aws:policy/AWSApplicationMigrationFullAccess", + "arn:aws:iam::aws:policy/AWSApplicationMigrationAgentPolicy", + "arn:aws:iam::aws:policy/AWSApplicationMigrationEC2Access", + "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationMGHAccess", + "arn:aws:iam::aws:policy/AWSApplicationMigrationReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationReplicationServerPolicy", + "arn:aws:iam::aws:policy/AmazonLookoutEquipmentFullAccess", + "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantineV2", + "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerOpsDataSyncServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonNimbleStudio-LaunchProfileWorker", + "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioAdmin", + "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioUser", + "arn:aws:iam::aws:policy/AmazonLookoutEquipmentReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonLookoutMetricsReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonLookoutMetricsFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSIncidentManagerServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSIncidentManagerResolverAccess", + "arn:aws:iam::aws:policy/AmazonLookoutVisionReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonLookoutVisionFullAccess", + "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AppRunnerServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceCatalogAppRegistryServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSDeviceFarmTestGridServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSSSMOpsInsightsServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSBugBustServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSBugBustFullAccess", + "arn:aws:iam::aws:policy/AWSBugBustPlayerAccess", + "arn:aws:iam::aws:policy/aws-service-role/Route53RecoveryReadinessServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonSageMakerPipelinesIntegrations", + "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeTranscriptionServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy", + "arn:aws:iam::aws:policy/aws-service-role/MemoryDBServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingElastiCacheRGPolicy", + "arn:aws:iam::aws:policy/service-role/AmazonS3ObjectLambdaExecutionRolePolicy", + "arn:aws:iam::aws:policy/AmazonRoute53RecoveryReadinessFullAccess", + "arn:aws:iam::aws:policy/AmazonRoute53RecoveryClusterReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonRoute53RecoveryControlConfigFullAccess", + "arn:aws:iam::aws:policy/AmazonRoute53RecoveryControlConfigReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonRoute53RecoveryReadinessReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonRoute53RecoveryClusterFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRolePolicyForBackupReports", + "arn:aws:iam::aws:policy/AWSBackupAuditAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonOpenSearchServiceCognitoAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingNeptuneClusterPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSConnectorServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/KafkaConnectServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSQuicksightOpenSearchPolicy", + "arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess", + "arn:aws:iam::aws:policy/AmazonOpenSearchServiceReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSMediaTailorServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonMSKConnectReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectCampaignsServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2FullAccess", + "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2NoSharing", + "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2ReadSharing", + "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2ReadWriteSharing", + "arn:aws:iam::aws:policy/AmazonConnectVoiceIDFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSEC2CapacityReservationFleetRolePolicy", + "arn:aws:iam::aws:policy/AWSAccountManagementFullAccess", + "arn:aws:iam::aws:policy/AWSAccountManagementReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonMemoryDBFullAccess", + "arn:aws:iam::aws:policy/AmazonMemoryDBReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSCustomServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSCustomPreviewServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSMigrationHubStrategyServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSMigrationHubStrategyConsoleFullAccess", + "arn:aws:iam::aws:policy/AWSMigrationHubStrategyCollector", + "arn:aws:iam::aws:policy/aws-service-role/AWSPanoramaServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplacePurchaseOrdersServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSDeepRacerAccountAdminAccess", + "arn:aws:iam::aws:policy/AWSDeepRacerDefaultMultiUserAccess", + "arn:aws:iam::aws:policy/service-role/AWSCostAndUsageReportAutomationPolicy", + "arn:aws:iam::aws:policy/AmazonRedshiftAllCommandsFullAccess", + "arn:aws:iam::aws:policy/AWSApplicationMigrationVCenterClientPolicy", + "arn:aws:iam::aws:policy/AmazonDevOpsGuruOrganizationsAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2ServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryRecoveryInstancePolicy", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryAgentPolicy", + "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryAgentInstallationPolicy", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryFailbackPolicy", + "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryConsoleFullAccess", + "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSElasticDisasterRecoveryServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryFailbackInstallationPolicy", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryReplicationServerPolicy", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryConversionServerPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSShieldServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonCloudWatchRUMServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonDetectiveServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess", + "arn:aws:iam::aws:policy/AWSElementalMediaTailorFullAccess", + "arn:aws:iam::aws:policy/AWSElementalMediaTailorReadOnly", + "arn:aws:iam::aws:policy/aws-service-role/AWSProtonSyncServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonBraketJobsExecutionPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSECRPullThroughCache_ServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonGrafanaRedshiftAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSMigrationHubRefactorSpacesServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSMigrationHubRefactorSpacesFullAccess", + "arn:aws:iam::aws:policy/AmazonCloudWatchEvidentlyReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonCloudWatchEvidentlyFullAccess", + "arn:aws:iam::aws:policy/AmazonCloudWatchRUMReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonCloudWatchRUMFullAccess", + "arn:aws:iam::aws:policy/AmazonInspector2FullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkSpacesWebServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonWorkSpacesWebReadOnly", + "arn:aws:iam::aws:policy/aws-service-role/AWSIPAMServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSPrivateNetworksServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonDevOpsGuruConsoleFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/EC2FastLaunchServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSAppRunnerFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AppRunnerNetworkingServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonInspector2ReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Restore", + "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Backup", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSAppRunnerReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSIdentitySyncFullAccess", + "arn:aws:iam::aws:policy/AWSIdentitySyncReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/AmazonRDSPerformanceInsightsReadOnly", + "arn:aws:iam::aws:policy/ROSAManageSubscription", + "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess", + "arn:aws:iam::aws:policy/AWSBillingConductorReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AwsGlueSessionUserRestrictedServiceRole", + "arn:aws:iam::aws:policy/AwsGlueSessionUserRestrictedPolicy", + "arn:aws:iam::aws:policy/AwsGlueSessionUserRestrictedNotebookPolicy", + "arn:aws:iam::aws:policy/service-role/AwsGlueSessionUserRestrictedNotebookServiceRole", + "arn:aws:iam::aws:policy/aws-service-role/AWSMigrationHubOrchestratorServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSMigrationHubOrchestratorPlugin", + "arn:aws:iam::aws:policy/AWSMigrationHubOrchestratorConsoleFullAccess", + "arn:aws:iam::aws:policy/AWSMigrationHubOrchestratorInstanceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/MonitronServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRServerlessServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSBudgetsActions_RolePolicyForResourceAdministrationWithSSM", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryStagingAccountPolicy", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryEc2InstancePolicy", + "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationAgentPolicy_v2", + "arn:aws:iam::aws:policy/aws-service-role/AWSM2ServicePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServicesDeploymentToolkitPolicy", + "arn:aws:iam::aws:policy/AWSCloudTrail_ReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSApplicationMigrationAgentInstallationPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSWellArchitectedOrganizationsServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSRolesAnywhereServicePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkManagerCloudWANServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSVendorInsightsVendorFullAccess", + "arn:aws:iam::aws:policy/AWSVendorInsightsVendorReadOnly", + "arn:aws:iam::aws:policy/AWSVendorInsightsAssessorFullAccess", + "arn:aws:iam::aws:policy/AWSVendorInsightsAssessorReadOnly", + "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerUserSubscriptionsServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSTrustedAdvisorPriorityFullAccess", + "arn:aws:iam::aws:policy/AWSTrustedAdvisorPriorityReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentlessCollectorAccess", + "arn:aws:iam::aws:policy/AWSSupportAppFullAccess", + "arn:aws:iam::aws:policy/AWSSupportAppReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSLocalOutpostServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerCanvasForecastAccess", + "arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy", + "arn:aws:iam::aws:policy/GroundTruthSyntheticConsoleReadOnlyAccess", + "arn:aws:iam::aws:policy/GroundTruthSyntheticConsoleFullAccess", + "arn:aws:iam::aws:policy/AmazonSSMManagedEC2InstanceDefaultPolicy", + "arn:aws:iam::aws:policy/AmazonSageMakerCanvasFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonCloudWatchEvidentlyServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSDeviceFarmServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSIoTFleetwiseServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSSupportPlansReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSSupportPlansFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AppIntegrationsServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonAppStreamPCAAccess", + "arn:aws:iam::aws:policy/AWSRefactoringToolkitSidecarPolicy", + "arn:aws:iam::aws:policy/AWSRefactoringToolkitFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorSSMAccess", + "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorRDSAccess", + "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorNetworkAccess", + "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorEKSAccess", + "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorECSAccess", + "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorEC2Access", + "arn:aws:iam::aws:policy/AWSResourceExplorerReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSResourceExplorerFullAccess", + "arn:aws:iam::aws:policy/AmazonWorkspacesPCAAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonGrafanaServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/AWSProtonCodeBuildProvisioningBasicAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSProtonCodeBuildProvisioningServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerFullAccess", + "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSBackupRestoreAccessForSAPHANA", + "arn:aws:iam::aws:policy/AWSBackupDataTransferAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceCatalogSyncServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSSSMForSAPServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/AWSSystemsManagerForSAPFullAccess", + "arn:aws:iam::aws:policy/AWSSystemsManagerForSAPReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchIngestionServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSReachabilityAnalyzerServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServerlessServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSApplicationMigrationSSMAccess", + "arn:aws:iam::aws:policy/OAMReadOnlyAccess", + "arn:aws:iam::aws:policy/OAMFullAccess", + "arn:aws:iam::aws:policy/AWSXrayCrossAccountSharingConfiguration", + "arn:aws:iam::aws:policy/CloudWatchLogsCrossAccountSharingConfiguration", + "arn:aws:iam::aws:policy/CloudWatchCrossAccountSharingConfiguration", + "arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSWickrFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSVPCVerifiedAccessServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonOmicsReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/SecurityLakeServiceLinkedRole", + "arn:aws:iam::aws:policy/AmazonSecurityLakePermissionsBoundary", + "arn:aws:iam::aws:policy/AmazonSageMakerModelGovernanceUseAccess", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerGeospatialFullAccess", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerGeospatialExecutionRole", + "arn:aws:iam::aws:policy/aws-service-role/AmazonDocDB-ElasticServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSVpcLatticeServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonEventBridgePipesFullAccess", + "arn:aws:iam::aws:policy/AmazonEventBridgePipesReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonEventBridgePipesOperatorAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy", + "arn:aws:iam::aws:policy/service-role/AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync", + "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSOutpostsAuthorizeServerPolicy", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryStagingAccountPolicy_v2", + "arn:aws:iam::aws:policy/aws-service-role/ResourceGroupsServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSCleanRoomsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSCleanRoomsFullAccess", + "arn:aws:iam::aws:policy/AWSCleanRoomsFullAccessNoQuerying", + "arn:aws:iam::aws:policy/aws-service-role/AWSHealth_EventProcessorServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonDetectiveMemberAccess", + "arn:aws:iam::aws:policy/AmazonDetectiveInvestigatorAccess", + "arn:aws:iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint", + "arn:aws:iam::aws:policy/AmazonCognitoUnauthenticatedIdentities", + "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServices_EventsServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSPrivateCAUser", + "arn:aws:iam::aws:policy/AWSPrivateCAFullAccess", + "arn:aws:iam::aws:policy/AWSPrivateCAPrivilegedUser", + "arn:aws:iam::aws:policy/AWSPrivateCAReadOnly", + "arn:aws:iam::aws:policy/AWSPrivateCAAuditor", + "arn:aws:iam::aws:policy/AmazonOmicsFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSSupplyChainFederationAdminAccess", + "arn:aws:iam::aws:policy/AmazonDetectiveOrganizationsAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeSDKMessagingServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSDMSFleetAdvisorServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/CustomerProfilesServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSDataSyncDiscoveryServiceRolePolicy", + "arn:aws:iam::aws:policy/MediaConnectGatewayInstanceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServices_ContactsServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonSageMakerCanvasAIServicesAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeWhispererPolicy", + "arn:aws:iam::aws:policy/service-role/AmazonGrafanaCloudWatchAccess", + "arn:aws:iam::aws:policy/AWSGroundStationAgentInstancePolicy", + "arn:aws:iam::aws:policy/VPCLatticeServicesInvokeAccess", + "arn:aws:iam::aws:policy/VPCLatticeReadOnlyAccess", + "arn:aws:iam::aws:policy/VPCLatticeFullAccess", + "arn:aws:iam::aws:policy/AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSMediaConnectServicePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSProtonServiceGitSyncServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceCatalogOrgsDataSyncServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonSageMakerModelRegistryFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSUserNotificationsServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonCodeCatalystSupportAccess", + "arn:aws:iam::aws:policy/AmazonCodeCatalystReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonCodeCatalystFullAccess", + "arn:aws:iam::aws:policy/service-role/ROSACloudNetworkConfigOperatorPolicy", + "arn:aws:iam::aws:policy/service-role/ROSAWorkerInstancePolicy", + "arn:aws:iam::aws:policy/service-role/ROSAAmazonEBSCSIDriverOperatorPolicy", + "arn:aws:iam::aws:policy/service-role/ROSAIngressOperatorPolicy", + "arn:aws:iam::aws:policy/service-role/ROSAControlPlaneOperatorPolicy", + "arn:aws:iam::aws:policy/AmazonOpenSearchIngestionReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonOpenSearchIngestionFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSWellArchitectedDiscoveryServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/ROSAKubeControllerPolicy", + "arn:aws:iam::aws:policy/service-role/ROSAKMSProviderPolicy", + "arn:aws:iam::aws:policy/service-role/ROSAImageRegistryOperatorPolicy", + "arn:aws:iam::aws:policy/AmazonVPCReachabilityAnalyzerPathComponentReadPolicy", + "arn:aws:iam::aws:policy/aws-service-role/KeyspacesReplicationServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonCodeGuruSecurityScanAccess", + "arn:aws:iam::aws:policy/AmazonCodeGuruSecurityFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSFinSpaceServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryCrossAccountReplicationPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSDMSServerlessServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonSecurityLakeAdministrator", + "arn:aws:iam::aws:policy/service-role/ROSASRESupportPolicy", + "arn:aws:iam::aws:policy/AmazonDocDBElasticFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSControlTowerAccountServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/ROSAInstallerPolicy", + "arn:aws:iam::aws:policy/AmazonDocDBElasticReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/ROSANodePoolManagementPolicy", + "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryNetworkReplicationPolicy", + "arn:aws:iam::aws:policy/AmazonVPCReachabilityAnalyzerFullAccessPolicy", + "arn:aws:iam::aws:policy/AmazonMacieReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonVPCNetworkAccessAnalyzerFullAccessPolicy", + "arn:aws:iam::aws:policy/aws-service-role/EMRDescribeClusterPolicyForEMRWAL", + "arn:aws:iam::aws:policy/aws-service-role/AWSAppFabricServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSResilienceHubAsssessmentExecutionPolicy", + "arn:aws:iam::aws:policy/AWSAppFabricFullAccess", + "arn:aws:iam::aws:policy/AWSAppFabricReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonCognitoUnAuthedIdentitiesSessionPolicy", + "arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy", + "arn:aws:iam::aws:policy/AWSElementalMediaPackageV2FullAccess", + "arn:aws:iam::aws:policy/AWSElementalMediaPackageV2ReadOnly", + "arn:aws:iam::aws:policy/AWSHealthImagingFullAccess", + "arn:aws:iam::aws:policy/AWSHealthImagingReadOnlyAccess", + "arn:aws:iam::aws:policy/CloudWatchFullAccessV2", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AWSMigrationHubRefactorSpaces-SSMAutomationPolicy", + "arn:aws:iam::aws:policy/AmazonRDSPerformanceInsightsFullAccess", + "arn:aws:iam::aws:policy/AWSEntityResolutionConsoleFullAccess", + "arn:aws:iam::aws:policy/AWSEntityResolutionConsoleReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSArtifactServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSApplicationMigrationServiceEc2InstancePolicy", + "arn:aws:iam::aws:policy/AmazonLaunchWizardFullAccessV2", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCloudWatchMetrics_DbPerfInsightsServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonDataZoneEnvironmentRolePermissionsBoundary", + "arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess_v2", + "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryLaunchActionsPolicy", + "arn:aws:iam::aws:policy/AmazonDataZoneFullAccess", + "arn:aws:iam::aws:policy/service-role/AmazonDataZoneRedshiftManageAccessRolePolicy", + "arn:aws:iam::aws:policy/AmazonDataZoneRedshiftGlueProvisioningPolicy", + "arn:aws:iam::aws:policy/service-role/AmazonDataZoneGlueManageAccessRolePolicy", + "arn:aws:iam::aws:policy/AmazonDataZoneFullUserAccess", + "arn:aws:iam::aws:policy/service-role/AmazonDataZoneDomainExecutionRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSS3OnOutpostsServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/AmazonSageMakerCanvasDirectDeployAccess", + "arn:aws:iam::aws:policy/service-role/AmplifyBackendDeployFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectSynchronizationServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonSageMakerCanvasDataPrepFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerSSMFullAccess", + "arn:aws:iam::aws:policy/AWSIAMIdentityCenterAllowListForIdentityContext", + "arn:aws:iam::aws:policy/aws-service-role/CloudWatchApplicationSignalsServiceRolePolicy", + "arn:aws:iam::aws:policy/PartnerCentralAccountManagementUserRoleAssociation", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRolePolicyForBackupRestoreTesting", + "arn:aws:iam::aws:policy/AWSIncidentManagerIncidentAccessServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSIoTTwinMakerServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSResourceExplorerOrganizationsAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSrePostPrivateCloudWatchAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceDeploymentServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSGitSyncServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/EC2ImageBuilderLifecycleExecutionPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2AgentlessServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/CostOptimizationHubServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonPrometheusScraperServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSRepostSpaceSupportOperationsPolicy", + "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryConsoleFullAccess_v2", + "arn:aws:iam::aws:policy/AmazonOneEnterpriseFullAccess", + "arn:aws:iam::aws:policy/AmazonOneEnterpriseReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonOneEnterpriseInstallerAccess", + "arn:aws:iam::aws:policy/AmazonQFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForNeptuneGraphPolicy", + "arn:aws:iam::aws:policy/AmazonSageMakerClusterInstanceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSZonalAutoshiftPracticeRunSLRPolicy", + "arn:aws:iam::aws:policy/AWSCleanRoomsMLReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSCleanRoomsMLFullAccess", + "arn:aws:iam::aws:policy/NeptuneGraphReadOnlyAccess", + "arn:aws:iam::aws:policy/IVSReadOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AWSMSKReplicatorExecutionRole", + "arn:aws:iam::aws:policy/AmazonBedrockFullAccess", + "arn:aws:iam::aws:policy/AmazonBedrockReadOnly", + "arn:aws:iam::aws:policy/CostOptimizationHubReadOnlyAccess", + "arn:aws:iam::aws:policy/IVSFullAccess", + "arn:aws:iam::aws:policy/CostOptimizationHubAdminAccess", + "arn:aws:iam::aws:policy/aws-service-role/CloudWatchNetworkMonitorServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchDashboardsServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSArtifactReportsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagementV2", + "arn:aws:iam::aws:policy/service-role/AmazonECSInfrastructureRolePolicyForVolumes", + "arn:aws:iam::aws:policy/service-role/AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity", + "arn:aws:iam::aws:policy/service-role/AmazonSecurityLakeMetastoreManager", + "arn:aws:iam::aws:policy/AmazonInspector2ManagedCisPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonLexReplicationPolicy", + "arn:aws:iam::aws:policy/AmazonSageMakerCanvasBedrockAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForPrivateMarketplaceAdminPolicy", + "arn:aws:iam::aws:policy/AmazonRDSCustomInstanceProfileRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceResaleAuthorizationServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonTimestreamInfluxDBServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonTimestreamInfluxDBFullAccess", + "arn:aws:iam::aws:policy/AWSEC2VssSnapshotPolicy", + "arn:aws:iam::aws:policy/AWSQuickSightAssetBundleExportPolicy", + "arn:aws:iam::aws:policy/AWSQuickSightAssetBundleImportPolicy", + "arn:aws:iam::aws:policy/AWSDeadlineCloud-UserAccessFarms", + "arn:aws:iam::aws:policy/AWSDeadlineCloud-UserAccessFleets", + "arn:aws:iam::aws:policy/AWSDeadlineCloud-UserAccessJobs", + "arn:aws:iam::aws:policy/AWSDeadlineCloud-UserAccessQueues", + "arn:aws:iam::aws:policy/AWSDeadlineCloud-FleetWorker", + "arn:aws:iam::aws:policy/AWSDeadlineCloud-WorkerHost", + "arn:aws:iam::aws:policy/aws-service-role/SplitCostAllocationDataServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary", + "arn:aws:iam::aws:policy/AmazonDataZoneSageMakerProvisioningRolePolicy", + "arn:aws:iam::aws:policy/AmazonDataZoneSageMakerManageAccessRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonQDeveloper", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForUserSubscriptions", + "arn:aws:iam::aws:policy/aws-service-role/QBusinessServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonRoute53ProfilesReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonRoute53ProfilesFullAccess", + "arn:aws:iam::aws:policy/AmazonOpenSearchDirectQueryGlueCreateAccess", + "arn:aws:iam::aws:policy/EC2FastLaunchFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonSESServiceRolePolicy", + "arn:aws:iam::aws:policy/CloudWatchApplicationSignalsReadOnlyAccess", + "arn:aws:iam::aws:policy/CloudWatchApplicationSignalsFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSBCMDataExportsServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/OpensearchIngestionSelfManagedVpcePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingWorkSpacesPoolPolicy", + "arn:aws:iam::aws:policy/aws-service-role/ECRTemplateServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonWorkSpacesSecureBrowserReadOnly", + "arn:aws:iam::aws:policy/aws-service-role/SSMQuickSetupRolePolicy", + "arn:aws:iam::aws:policy/AWSQuickSetupPatchPolicyBaselineAccess", + "arn:aws:iam::aws:policy/AWSSystemsManagerEnableConfigRecordingExecutionPolicy", + "arn:aws:iam::aws:policy/AWSSystemsManagerEnableExplorerExecutionPolicy", + "arn:aws:iam::aws:policy/AWSQuickSetupDevOpsGuruPermissionsBoundary", + "arn:aws:iam::aws:policy/AWSQuickSetupPatchPolicyPermissionsBoundary", + "arn:aws:iam::aws:policy/AWSQuickSetupSSMHostMgmtPermissionsBoundary", + "arn:aws:iam::aws:policy/AWSQuickSetupDistributorPermissionsBoundary", + "arn:aws:iam::aws:policy/AWSQuickSetupCFGCPacksPermissionsBoundary", + "arn:aws:iam::aws:policy/AWSQuickSetupSchedulerPermissionsBoundary", + "arn:aws:iam::aws:policy/AWSQuickSetupDeploymentRolePolicy", + "arn:aws:iam::aws:policy/AWSQuickSetupPatchPolicyDeploymentRolePolicy", + "arn:aws:iam::aws:policy/AmazonWorkSpacesPoolServiceAccess", + "arn:aws:iam::aws:policy/AmazonQDeveloperAccess", + "arn:aws:iam::aws:policy/aws-service-role/AppStudioServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonWorkSpacesThinClientReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy", + "arn:aws:iam::aws:policy/AmazonBedrockStudioPermissionsBoundary", + "arn:aws:iam::aws:policy/AmazonWorkSpacesThinClientFullAccess", + "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantineV3", + "arn:aws:iam::aws:policy/aws-service-role/AWSPCSServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerHyperPodServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSDirectoryServiceDataFullAccess", + "arn:aws:iam::aws:policy/AWSDirectoryServiceDataReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/QAppsServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForProcurementInsightsPolicy", + "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly", + "arn:aws:iam::aws:policy/aws-service-role/AWSDataSyncServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSDataExchangeServiceRolePolicyForOrganizationDiscovery", + "arn:aws:iam::aws:policy/aws-service-role/AWSDataExchangeServiceRolePolicyForLicenseManagement", + "arn:aws:iam::aws:policy/aws-service-role/AWSSocialMessagingServiceRolePolicy", + "arn:aws:iam::aws:policy/ResourceGroupsTaggingAPITagUntagSupportedResources", + "arn:aws:iam::aws:policy/AmazonVerifiedPermissionsFullAccess", + "arn:aws:iam::aws:policy/AmazonVerifiedPermissionsReadOnlyAccess", + "arn:aws:iam::aws:policy/CloudWatchLambdaApplicationSignalsExecutionRolePolicy", + "arn:aws:iam::aws:policy/CloudWatchInternetMonitorFullAccess", + "arn:aws:iam::aws:policy/AWSDataExchangeDataGrantOwnerFullAccess", + "arn:aws:iam::aws:policy/AWSDataExchangeDataGrantReceiverFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontVPCOriginServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy", + "arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy", + "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy", + "arn:aws:iam::aws:policy/AmazonEKSComputePolicy", + "arn:aws:iam::aws:policy/GameLiftContainerFleetPolicy", + "arn:aws:iam::aws:policy/service-role/AmazonDataZoneBedrockModelManagementPolicy", + "arn:aws:iam::aws:policy/service-role/AmazonDataZoneBedrockModelConsumptionPolicy", + "arn:aws:iam::aws:policy/CloudWatchInternetMonitorReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AmazonODBServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/SMSVoiceServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSPartnerCentralOpportunityManagement", + "arn:aws:iam::aws:policy/AWSPartnerCentralSandboxFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/SecurityLakeResourceManagementServiceRolePolicy", + "arn:aws:iam::aws:policy/root-task/SQSUnlockQueuePolicy", + "arn:aws:iam::aws:policy/root-task/S3UnlockBucketPolicy", + "arn:aws:iam::aws:policy/root-task/IAMAuditRootUserCredentials", + "arn:aws:iam::aws:policy/root-task/IAMCreateRootUserPassword", + "arn:aws:iam::aws:policy/root-task/IAMDeleteRootUserCredentials", + "arn:aws:iam::aws:policy/AmazonECSInfrastructureRolePolicyForVpcLattice", + "arn:aws:iam::aws:policy/AWSQuickSetupEnableDHMCExecutionPolicy", + "arn:aws:iam::aws:policy/AWSQuickSetupManagedInstanceProfileExecutionPolicy", + "arn:aws:iam::aws:policy/AWSQuickSetupSSMLifecycleManagementExecutionPolicy", + "arn:aws:iam::aws:policy/AWSQuickSetupSSMDeploymentS3BucketRolePolicy", + "arn:aws:iam::aws:policy/AWSQuickSetupEnableAREXExecutionPolicy", + "arn:aws:iam::aws:policy/AWSQuickSetupSSMManageResourcesExecutionPolicy", + "arn:aws:iam::aws:policy/AWSQuickSetupSSMDeploymentRolePolicy", + "arn:aws:iam::aws:policy/AWS-SSM-Automation-DiagnosisBucketPolicy", + "arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy", + "arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy", + "arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-OperationalAccountAdministrationRolePolicy", + "arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-AdministrationRolePolicy", + "arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-ExecutionRolePolicy", + "arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-OperationalAccountAdministrationRolePolicy", + "arn:aws:iam::aws:policy/AWSPartnerCentralFullAccess", + "arn:aws:iam::aws:policy/AWSMarketplaceSellerOfferManagement", + "arn:aws:iam::aws:policy/SageMakerStudioProjectRoleMachineLearningPolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioDomainServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioDomainExecutionRolePolicy", + "arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePermissionsBoundary", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioProjectProvisioningRolePolicy", + "arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePolicy", + "arn:aws:iam::aws:policy/AWSArtifactAgreementsFullAccess", + "arn:aws:iam::aws:policy/AWSArtifactAgreementsReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSPartnerLedSupportReadOnlyAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSObservabilityAdminServiceRolePolicy", + "arn:aws:iam::aws:policy/SageMakerStudioFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/DeclarativePoliciesEC2Report", + "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityIncidentResponseServiceRolePolicy", + "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityIncidentResponseTriageServiceRolePolicy", + "arn:aws:iam::aws:policy/CloudWatchOpenSearchDashboardsFullAccess", + "arn:aws:iam::aws:policy/CloudWatchOpenSearchDashboardAccess", + "arn:aws:iam::aws:policy/aws-service-role/CloudWatchNetworkFlowMonitorServiceRolePolicy", + "arn:aws:iam::aws:policy/CloudWatchNetworkFlowMonitorAgentPublishPolicy", + "arn:aws:iam::aws:policy/aws-service-role/CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSSecurityIncidentResponseReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSSecurityIncidentResponseCaseFullAccess", + "arn:aws:iam::aws:policy/AWSSecurityIncidentResponseFullAccess", + "arn:aws:iam::aws:policy/AIOpsAssistantPolicy", + "arn:aws:iam::aws:policy/AIOpsConsoleAdminPolicy", + "arn:aws:iam::aws:policy/AIOpsReadOnlyAccess", + "arn:aws:iam::aws:policy/AIOpsOperatorAccess", + "arn:aws:iam::aws:policy/aws-service-role/AuroraDsqlServiceLinkedRolePolicy", + "arn:aws:iam::aws:policy/AmazonS3TablesReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonAuroraDSQLReadOnlyAccess", + "arn:aws:iam::aws:policy/AmazonS3TablesFullAccess", + "arn:aws:iam::aws:policy/QBusinessQuicksightPluginPolicy", + "arn:aws:iam::aws:policy/AmazonAuroraDSQLConsoleFullAccess", + "arn:aws:iam::aws:policy/AmazonAuroraDSQLFullAccess", + "arn:aws:iam::aws:policy/AmazonSageMakerTrainingPlanCreateAccess", + "arn:aws:iam::aws:policy/AmazonSageMakerCanvasSMDataScienceAssistantAccess", + "arn:aws:iam::aws:policy/AWSPartnerCentralSellingResourceSnapshotJobExecutionRolePolicy", + "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForIndexing", + "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForItemRestores", + "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServices_SelfServiceReporting_ServiceRolePolicy", + "arn:aws:iam::aws:policy/AmazonSageMakerPartnerAppsFullAccess", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioQueryExecutionRolePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRServiceRolePolicy", + "arn:aws:iam::aws:policy/AWSElementalMediaConnectReadOnlyAccess", + "arn:aws:iam::aws:policy/AWSElementalMediaConnectFullAccess", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockAgentServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockChatAgentUserRolePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockFlowServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockPromptUserRolePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockEvaluationJobServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockFunctionExecutionRolePolicy", + "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRInstanceRolePolicy", + "arn:aws:iam::aws:policy/AWSBackupSearchOperatorAccess", + "arn:aws:iam::aws:policy/AWSIoTManagedIntegrationsFullAccess", + "arn:aws:iam::aws:policy/aws-service-role/AWSIoTManagedIntegrationsRolePolicy" +] diff --git a/src/data/data.go b/src/data/data.go new file mode 100644 index 00000000..413e1868 --- /dev/null +++ b/src/data/data.go @@ -0,0 +1,6 @@ +package data + +import _ "embed" + +//go:embed aws/aws-policies.json +var AwsManagedPolicies []byte diff --git a/src/data/generate.go b/src/data/generate.go new file mode 100644 index 00000000..9a722eb8 --- /dev/null +++ b/src/data/generate.go @@ -0,0 +1,3 @@ +package data + +//go:generate sh -c "aws iam list-policies --scope AWS --query 'Policies[*].Arn' --output json > aws/aws-policies.json" diff --git a/src/pkg/terraform/aws.go b/src/pkg/terraform/aws.go index 3d6086cc..b651081d 100644 --- a/src/pkg/terraform/aws.go +++ b/src/pkg/terraform/aws.go @@ -3,9 +3,26 @@ package terraform import ( "encoding/json" tfjson "github.com/hashicorp/terraform-json" + "github.com/otterize/otterize-cli/src/data" "github.com/otterize/otterize-cli/src/pkg/utils/prints" + "github.com/sirupsen/logrus" ) +var AwsManagedPolicies map[string]bool + +func init() { + var policyList []string + err := json.Unmarshal(data.AwsManagedPolicies, &policyList) + if err != nil { + logrus.Fatalf("Failed to unmarshal AWS managed policies: %v", err) + } + + AwsManagedPolicies = make(map[string]bool) + for _, policy := range policyList { + AwsManagedPolicies[policy] = true + } +} + func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { roleIdToInfo := make(map[string]AwsRoleInfo) policyArnToInfo := make(map[string]AwsPolicyInfo) @@ -51,7 +68,10 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { if policyInfo, ok := policyArnToInfo[policyArn]; ok { roleInfo.AttachedPolicies = append(roleInfo.AttachedPolicies, policyInfo) } else { - prints.PrintCliOutput("Did not find policy matching ARN '%s', deleted in this version?", policyArn) + _, isManagedPolicy := AwsManagedPolicies[policyArn] + if !isManagedPolicy { + prints.PrintCliOutput("Did not find policy matching ARN '%s', deleted in this version?", policyArn) + } } } } From fa0ff9729b5481593b2002518c19d480fa8ca1ae Mon Sep 17 00:00:00 2001 From: davidrobert Date: Mon, 17 Mar 2025 19:28:43 +0200 Subject: [PATCH 10/16] pr fix --- .../terraform/upload/upload-resource-info.go | 5 ++++- src/pkg/terraform/aws.go | 22 +++++++++++++------ 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/src/cmd/terraform/upload/upload-resource-info.go b/src/cmd/terraform/upload/upload-resource-info.go index 12461b5b..9f71c758 100644 --- a/src/cmd/terraform/upload/upload-resource-info.go +++ b/src/cmd/terraform/upload/upload-resource-info.go @@ -41,7 +41,10 @@ var UploadResourceInfoCmd = &cobra.Command{ } terraformIamInfo := terraform.TerraformResourceInfo{} - terraformIamInfo.AwsRoles = terraform.ExtractAwsRoleAndPolicies(state) + terraformIamInfo.AwsRoles, err = terraform.ExtractAwsRoleAndPolicies(state) + if err != nil { + return err + } // Generate the resource info awsRoles := lo.Map(terraformIamInfo.AwsRoles, func(info terraform.AwsRoleInfo, _ int) map[string]interface{} { diff --git a/src/pkg/terraform/aws.go b/src/pkg/terraform/aws.go index b651081d..ea5e95d0 100644 --- a/src/pkg/terraform/aws.go +++ b/src/pkg/terraform/aws.go @@ -23,18 +23,21 @@ func init() { } } -func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { +func ExtractAwsRoleAndPolicies(state *tfjson.State) ([]AwsRoleInfo, error) { roleIdToInfo := make(map[string]AwsRoleInfo) policyArnToInfo := make(map[string]AwsPolicyInfo) roleIdToPolicies := make(map[string][]string) if state.Values == nil { - return []AwsRoleInfo{} + return []AwsRoleInfo{}, nil } for _, resource := range state.Values.RootModule.Resources { if resource.Type == "aws_iam_role" { - extractAwsIamRoleInfo(resource, roleIdToInfo) + err := extractAwsIamRoleInfo(resource, roleIdToInfo) + if err != nil { + return nil, err + } } if resource.Type == "aws_iam_policy" { extractAwsIamPolicyInfo(resource, policyArnToInfo) @@ -47,7 +50,10 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { for _, childModule := range state.Values.RootModule.ChildModules { for _, resource := range childModule.Resources { if resource.Type == "aws_iam_role" { - extractAwsIamRoleInfo(resource, roleIdToInfo) + err := extractAwsIamRoleInfo(resource, roleIdToInfo) + if err != nil { + return nil, err + } } if resource.Type == "aws_iam_policy" { extractAwsIamPolicyInfo(resource, policyArnToInfo) @@ -79,13 +85,13 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) []AwsRoleInfo { roleInfoList = append(roleInfoList, roleInfo) } - return roleInfoList + return roleInfoList, nil } -func extractAwsIamRoleInfo(resource *tfjson.StateResource, roleIdToArn map[string]AwsRoleInfo) { +func extractAwsIamRoleInfo(resource *tfjson.StateResource, roleIdToArn map[string]AwsRoleInfo) error { inlinePolicy, err := json.Marshal(resource.AttributeValues["inline_policy"]) if err != nil { - inlinePolicy = []byte{} + return err } id := resource.AttributeValues["id"].(string) @@ -95,6 +101,8 @@ func extractAwsIamRoleInfo(resource *tfjson.StateResource, roleIdToArn map[strin Address: resource.Address, InlinePolicy: string(inlinePolicy), } + + return nil } func extractAwsIamRolePolicyAttachmentInfo(resource *tfjson.StateResource, roleIdToPolicies map[string][]string) { From e5fbcd386a02d12c3a32bab61f702898b368fa61 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Tue, 18 Mar 2025 10:07:36 +0200 Subject: [PATCH 11/16] pr fix --- src/cmd/terraform/get/get-resource-info.go | 8 ++++---- src/cmd/terraform/upload/upload-resource-info.go | 12 ++++++------ src/pkg/git/utils.go | 13 +++++++------ src/pkg/terraform/aws.go | 7 ++++--- src/pkg/terraform/utils.go | 6 +++--- 5 files changed, 24 insertions(+), 22 deletions(-) diff --git a/src/cmd/terraform/get/get-resource-info.go b/src/cmd/terraform/get/get-resource-info.go index 3373cdf9..d0a772d5 100644 --- a/src/cmd/terraform/get/get-resource-info.go +++ b/src/cmd/terraform/get/get-resource-info.go @@ -15,7 +15,7 @@ import ( var GetResourceInfoCmd = &cobra.Command{ Use: "get-resource-info", - Short: "Queries the cloud for the given module's saved Terraform resource information", + Short: "Queries Otterize Cloud for the given module's saved Terraform resource information", SilenceUsage: true, RunE: func(cmd *cobra.Command, args []string) error { workingDir, _ := cmd.Flags().GetString("tf-dir") @@ -30,7 +30,7 @@ var GetResourceInfoCmd = &cobra.Command{ c, err := cloudclient.NewClient(ctxTimeout) if err != nil { - return err + return errors.Wrap(err) } resp, err := c.TerraformResourceByIdentityQueryWithResponse(ctxTimeout, @@ -41,14 +41,14 @@ var GetResourceInfoCmd = &cobra.Command{ }, ) if err != nil { - return err + return errors.Wrap(err) } prints.PrintCliOutput("Resources found for current tfmodule:") var prettyJSON bytes.Buffer err = json.Indent(&prettyJSON, resp.Body, "", " ") if err != nil { - return err + return errors.Wrap(err) } prints.PrintCliOutput(prettyJSON.String()) diff --git a/src/cmd/terraform/upload/upload-resource-info.go b/src/cmd/terraform/upload/upload-resource-info.go index 9f71c758..2bcbe1ed 100644 --- a/src/cmd/terraform/upload/upload-resource-info.go +++ b/src/cmd/terraform/upload/upload-resource-info.go @@ -16,7 +16,7 @@ import ( var UploadResourceInfoCmd = &cobra.Command{ Use: "upload-resource-info", - Short: "Parses the tf state and uploads the iam information to the Otterize cloud", + Short: "Creates a mapping between Terraform-configured AWS IAM roles and policies and their actual ARNs on AWS based on the Terraform state, and uploads it to Otterize Cloud", SilenceUsage: true, RunE: func(cmd *cobra.Command, args []string) error { ctxTimeout, cancel := context.WithTimeout(context.Background(), config.DefaultTimeout) @@ -43,7 +43,7 @@ var UploadResourceInfoCmd = &cobra.Command{ terraformIamInfo := terraform.TerraformResourceInfo{} terraformIamInfo.AwsRoles, err = terraform.ExtractAwsRoleAndPolicies(state) if err != nil { - return err + return errors.Wrap(err) } // Generate the resource info @@ -61,7 +61,7 @@ var UploadResourceInfoCmd = &cobra.Command{ prints.PrintCliOutput("Uploading Terraform AWS role & policy information to Otterize Cloud...") err := reportTerraformResourcesToCloud(ctxTimeout, resourceInfo) if err != nil { - return err + return errors.Wrap(err) } } else { prints.PrintCliOutput("Dry run enabled: not uploading data to Otterize Cloud") @@ -70,7 +70,7 @@ var UploadResourceInfoCmd = &cobra.Command{ prints.PrintCliOutput("Resources reported:") jsonData, err := json.MarshalIndent(resourceInfo, "", " ") if err != nil { - return err + return errors.Wrap(err) } prints.PrintCliOutput(string(jsonData)) @@ -81,7 +81,7 @@ var UploadResourceInfoCmd = &cobra.Command{ func reportTerraformResourcesToCloud(ctx context.Context, resourceInfo cloudapi.InputTerraformResourceInfo) error { c, err := cloudclient.NewClient(ctx) if err != nil { - return err + return errors.Wrap(err) } _, err = c.ReportTerraformResourcesMutationWithResponse(ctx, @@ -90,7 +90,7 @@ func reportTerraformResourcesToCloud(ctx context.Context, resourceInfo cloudapi. }, ) if err != nil { - return err + return errors.Wrap(err) } return nil diff --git a/src/pkg/git/utils.go b/src/pkg/git/utils.go index 86865e33..d15bb5c8 100644 --- a/src/pkg/git/utils.go +++ b/src/pkg/git/utils.go @@ -2,6 +2,7 @@ package git import ( "github.com/go-git/go-git/v5" + "github.com/otterize/otterize-cli/src/pkg/errors" "os" "path/filepath" ) @@ -9,7 +10,7 @@ import ( func GetGitRoot(repo *git.Repository) (string, error) { wt, err := repo.Worktree() if err != nil { - return "", err + return "", errors.Wrap(err) } return wt.Filesystem.Root(), nil } @@ -22,22 +23,22 @@ func GetGitRepoInformation(workingDir string) (*LocalGitInformation, error) { repo, err := git.PlainOpenWithOptions(workingDir, &git.PlainOpenOptions{DetectDotGit: true}) if err != nil { - return nil, err + return nil, errors.Wrap(err) } remotes, err := repo.Remotes() if err != nil { - return nil, err + return nil, errors.Wrap(err) } headRef, err := repo.Head() if err != nil { - return nil, err + return nil, errors.Wrap(err) } gitRoot, err := GetGitRoot(repo) if err != nil { - return nil, err + return nil, errors.Wrap(err) } var gitInfo LocalGitInformation @@ -45,7 +46,7 @@ func GetGitRepoInformation(workingDir string) (*LocalGitInformation, error) { relativePath, err := filepath.Rel(gitRoot, workingDir) if err != nil { - return nil, err + return nil, errors.Wrap(err) } gitInfo.RelativePath = relativePath diff --git a/src/pkg/terraform/aws.go b/src/pkg/terraform/aws.go index ea5e95d0..bdc74993 100644 --- a/src/pkg/terraform/aws.go +++ b/src/pkg/terraform/aws.go @@ -4,6 +4,7 @@ import ( "encoding/json" tfjson "github.com/hashicorp/terraform-json" "github.com/otterize/otterize-cli/src/data" + "github.com/otterize/otterize-cli/src/pkg/errors" "github.com/otterize/otterize-cli/src/pkg/utils/prints" "github.com/sirupsen/logrus" ) @@ -36,7 +37,7 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) ([]AwsRoleInfo, error) { if resource.Type == "aws_iam_role" { err := extractAwsIamRoleInfo(resource, roleIdToInfo) if err != nil { - return nil, err + return nil, errors.Wrap(err) } } if resource.Type == "aws_iam_policy" { @@ -52,7 +53,7 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) ([]AwsRoleInfo, error) { if resource.Type == "aws_iam_role" { err := extractAwsIamRoleInfo(resource, roleIdToInfo) if err != nil { - return nil, err + return nil, errors.Wrap(err) } } if resource.Type == "aws_iam_policy" { @@ -91,7 +92,7 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) ([]AwsRoleInfo, error) { func extractAwsIamRoleInfo(resource *tfjson.StateResource, roleIdToArn map[string]AwsRoleInfo) error { inlinePolicy, err := json.Marshal(resource.AttributeValues["inline_policy"]) if err != nil { - return err + return errors.Wrap(err) } id := resource.AttributeValues["id"].(string) diff --git a/src/pkg/terraform/utils.go b/src/pkg/terraform/utils.go index 5b21ae8d..3e1b5b4b 100644 --- a/src/pkg/terraform/utils.go +++ b/src/pkg/terraform/utils.go @@ -1,8 +1,8 @@ package terraform import ( - "errors" "github.com/hashicorp/terraform-exec/tfexec" + "github.com/otterize/otterize-cli/src/pkg/errors" "os" "os/exec" ) @@ -24,12 +24,12 @@ func GetTerraformClient(workingDir string) (*tfexec.Terraform, error) { terraformPath, err := GetTerraformPath() if err != nil { - return nil, err + return nil, errors.Wrap(err) } tf, err := tfexec.NewTerraform(workingDir, terraformPath) if err != nil { - return nil, err + return nil, errors.Wrap(err) } return tf, nil From b39de53e767a0a8150a7d0c0f19bb211a83f7797 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Wed, 19 Mar 2025 16:34:05 +0200 Subject: [PATCH 12/16] bug fixes --- src/data/generate.go | 2 + src/pkg/cloudclient/graphql/schema.graphql | 19 +++++- .../cloudclient/restapi/cloudapi/api.gen.go | 18 ++++-- .../cloudclient/restapi/cloudapi/openapi.json | 64 ++++++++++++++++--- src/pkg/terraform/aws.go | 23 ++++++- src/pkg/terraform/types.go | 23 ++++++- 6 files changed, 126 insertions(+), 23 deletions(-) diff --git a/src/data/generate.go b/src/data/generate.go index 9a722eb8..319518a8 100644 --- a/src/data/generate.go +++ b/src/data/generate.go @@ -1,3 +1,5 @@ +//go:build data + package data //go:generate sh -c "aws iam list-policies --scope AWS --query 'Policies[*].Arn' --output json > aws/aws-policies.json" diff --git a/src/pkg/cloudclient/graphql/schema.graphql b/src/pkg/cloudclient/graphql/schema.graphql index c28a47e1..e9294c31 100644 --- a/src/pkg/cloudclient/graphql/schema.graphql +++ b/src/pkg/cloudclient/graphql/schema.graphql @@ -1214,15 +1214,21 @@ input InputServiceFilter { integrationIds: [ID!] } +input InputTerraformAwsInlinePolicyInfo { + name: String! + policy: String! +} + input InputTerraformAwsPolicyInfo { arn: String! + policy: String! address: String! } input InputTerraformAwsRoleInfo { arn: String! address: String! - inlinePolicy: String! + inlinePolicy: [InputTerraformAwsInlinePolicyInfo!] attachedPolicies: [InputTerraformAwsPolicyInfo!] } @@ -2752,21 +2758,28 @@ input TelemetryInput { data: TelemetryData! } +type TerraformAwsInlinePolicyInfo { + name: String! + policy: String! +} + type TerraformAwsPolicyInfo { arn: String! + policy: String! address: String! } type TerraformAwsRoleInfo { arn: String! address: String! - inlinePolicy: String! + inlinePolicy: [TerraformAwsInlinePolicyInfo!] attachedPolicies: [TerraformAwsPolicyInfo!] } type TerraformResourceInfo { modulePath: String! - gitOriginUrl: String! + gitPlatform: String! + gitOrigin: String! gitCommitHash: String! awsRoles: [TerraformAwsRoleInfo!] } diff --git a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go index 9ef8f05c..0d91fdaa 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go +++ b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go @@ -1364,25 +1364,33 @@ type SlackSettingsInput struct { IsActive bool `json:"isActive"` } +// TerraformAwsInlinePolicyInfo defines model for TerraformAwsInlinePolicyInfo. +type TerraformAwsInlinePolicyInfo struct { + Name string `json:"name"` + Policy string `json:"policy"` +} + // TerraformAwsPolicyInfo defines model for TerraformAwsPolicyInfo. type TerraformAwsPolicyInfo struct { Address string `json:"address"` Arn string `json:"arn"` + Policy string `json:"policy"` } // TerraformAwsRoleInfo defines model for TerraformAwsRoleInfo. type TerraformAwsRoleInfo struct { - Address string `json:"address"` - Arn string `json:"arn"` - AttachedPolicies *[]TerraformAwsPolicyInfo `json:"attachedPolicies,omitempty"` - InlinePolicy string `json:"inlinePolicy"` + Address string `json:"address"` + Arn string `json:"arn"` + AttachedPolicies *[]TerraformAwsPolicyInfo `json:"attachedPolicies,omitempty"` + InlinePolicy *[]TerraformAwsInlinePolicyInfo `json:"inlinePolicy,omitempty"` } // TerraformResourceInfo defines model for TerraformResourceInfo. type TerraformResourceInfo struct { AwsRoles *[]TerraformAwsRoleInfo `json:"awsRoles,omitempty"` GitCommitHash string `json:"gitCommitHash"` - GitOriginUrl string `json:"gitOriginUrl"` + GitOrigin string `json:"gitOrigin"` + GitPlatform string `json:"gitPlatform"` ModulePath string `json:"modulePath"` } diff --git a/src/pkg/cloudclient/restapi/cloudapi/openapi.json b/src/pkg/cloudclient/restapi/cloudapi/openapi.json index 7951209d..8fdd9ab7 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/openapi.json +++ b/src/pkg/cloudclient/restapi/cloudapi/openapi.json @@ -2220,6 +2220,21 @@ }, "type": "object" }, + "InputTerraformAwsInlinePolicyInfo": { + "properties": { + "name": { + "type": "string" + }, + "policy": { + "type": "string" + } + }, + "required": [ + "name", + "policy" + ], + "type": "object" + }, "InputTerraformAwsPolicyInfo": { "properties": { "address": { @@ -2227,10 +2242,14 @@ }, "arn": { "type": "string" + }, + "policy": { + "type": "string" } }, "required": [ "arn", + "policy", "address" ], "type": "object" @@ -2250,13 +2269,15 @@ "type": "array" }, "inlinePolicy": { - "type": "string" + "items": { + "type": "object" + }, + "type": "array" } }, "required": [ "arn", - "address", - "inlinePolicy" + "address" ], "type": "object" }, @@ -3692,6 +3713,21 @@ ], "type": "object" }, + "TerraformAwsInlinePolicyInfo": { + "properties": { + "name": { + "type": "string" + }, + "policy": { + "type": "string" + } + }, + "required": [ + "name", + "policy" + ], + "type": "object" + }, "TerraformAwsPolicyInfo": { "properties": { "address": { @@ -3699,10 +3735,14 @@ }, "arn": { "type": "string" + }, + "policy": { + "type": "string" } }, "required": [ "arn", + "policy", "address" ], "type": "object" @@ -3722,13 +3762,15 @@ "type": "array" }, "inlinePolicy": { - "type": "string" + "items": { + "$ref": "#/components/schemas/TerraformAwsInlinePolicyInfo" + }, + "type": "array" } }, "required": [ "arn", - "address", - "inlinePolicy" + "address" ], "type": "object" }, @@ -3743,7 +3785,10 @@ "gitCommitHash": { "type": "string" }, - "gitOriginUrl": { + "gitOrigin": { + "type": "string" + }, + "gitPlatform": { "type": "string" }, "modulePath": { @@ -3752,7 +3797,8 @@ }, "required": [ "modulePath", - "gitOriginUrl", + "gitPlatform", + "gitOrigin", "gitCommitHash" ], "type": "object" @@ -3887,7 +3933,7 @@ "info": { "title": "Otterize API Server", "version": "v1beta", - "x-revision": "f97e9b3f3a576688a040df645fbe73be8ccbe002" + "x-revision": "8a776694fb7705cc78a601c7b476f8f813dfbe3c" }, "openapi": "3.0.0", "paths": { diff --git a/src/pkg/terraform/aws.go b/src/pkg/terraform/aws.go index bdc74993..d6f3c37b 100644 --- a/src/pkg/terraform/aws.go +++ b/src/pkg/terraform/aws.go @@ -1,6 +1,7 @@ package terraform import ( + "bytes" "encoding/json" tfjson "github.com/hashicorp/terraform-json" "github.com/otterize/otterize-cli/src/data" @@ -90,7 +91,13 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) ([]AwsRoleInfo, error) { } func extractAwsIamRoleInfo(resource *tfjson.StateResource, roleIdToArn map[string]AwsRoleInfo) error { - inlinePolicy, err := json.Marshal(resource.AttributeValues["inline_policy"]) + inlinePolicyBytes, err := json.Marshal(resource.AttributeValues["inline_policy"]) + if err != nil { + return errors.Wrap(err) + } + + var inlinePolicies []AwsInlinePolicyInfo + err = json.Unmarshal(inlinePolicyBytes, &inlinePolicies) if err != nil { return errors.Wrap(err) } @@ -100,7 +107,7 @@ func extractAwsIamRoleInfo(resource *tfjson.StateResource, roleIdToArn map[strin roleIdToArn[id] = AwsRoleInfo{ Arn: arn, Address: resource.Address, - InlinePolicy: string(inlinePolicy), + InlinePolicy: inlinePolicies, } return nil @@ -113,10 +120,20 @@ func extractAwsIamRolePolicyAttachmentInfo(resource *tfjson.StateResource, roleI roleIdToPolicies[roleId] = append(roleIdToPolicies[roleId], policyArn) } -func extractAwsIamPolicyInfo(resource *tfjson.StateResource, policyArnToInfo map[string]AwsPolicyInfo) { +func extractAwsIamPolicyInfo(resource *tfjson.StateResource, policyArnToInfo map[string]AwsPolicyInfo) error { policyArn := resource.AttributeValues["arn"].(string) + + policyBuffer := &bytes.Buffer{} + policyString := resource.AttributeValues["policy"].(string) + if err := json.Compact(policyBuffer, []byte(policyString)); err != nil { + panic(err) + } + policyArnToInfo[policyArn] = AwsPolicyInfo{ Arn: policyArn, + Policy: policyBuffer.String(), Address: resource.Address, } + + return nil } diff --git a/src/pkg/terraform/types.go b/src/pkg/terraform/types.go index ea44d92b..b317373f 100644 --- a/src/pkg/terraform/types.go +++ b/src/pkg/terraform/types.go @@ -1,14 +1,20 @@ package terraform +type AwsInlinePolicyInfo struct { + Name string + Policy string +} + type AwsPolicyInfo struct { Arn string Address string + Policy string } type AwsRoleInfo struct { Arn string Address string - InlinePolicy string + InlinePolicy []AwsInlinePolicyInfo AttachedPolicies []AwsPolicyInfo } @@ -17,12 +23,23 @@ func (a *AwsRoleInfo) ToMap() map[string]interface{} { result["arn"] = a.Arn result["address"] = a.Address - result["inlinePolicy"] = a.InlinePolicy - result["attachedPolicies"] = make([]map[string]interface{}, 0) + // Convert inline policies to map + result["inlinePolicy"] = make([]map[string]string, 0) + for _, policy := range a.InlinePolicy { + policyMap := make(map[string]string) + policyMap["name"] = policy.Name + policyMap["policy"] = policy.Policy + + result["inlinePolicy"] = append(result["inlinePolicy"].([]map[string]string), policyMap) + } + + // Convert attached policies to map + result["attachedPolicies"] = make([]map[string]interface{}, 0) for _, policy := range a.AttachedPolicies { policyMap := make(map[string]interface{}) policyMap["arn"] = policy.Arn + policyMap["policy"] = policy.Policy policyMap["address"] = policy.Address result["attachedPolicies"] = append(result["attachedPolicies"].([]map[string]interface{}), policyMap) From 78d10b0c3f91058236c3dafde5792aa4b5b35ab5 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Wed, 19 Mar 2025 16:38:15 +0200 Subject: [PATCH 13/16] pr fix --- src/pkg/terraform/aws.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/pkg/terraform/aws.go b/src/pkg/terraform/aws.go index d6f3c37b..7c14fa99 100644 --- a/src/pkg/terraform/aws.go +++ b/src/pkg/terraform/aws.go @@ -42,7 +42,10 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) ([]AwsRoleInfo, error) { } } if resource.Type == "aws_iam_policy" { - extractAwsIamPolicyInfo(resource, policyArnToInfo) + err := extractAwsIamPolicyInfo(resource, policyArnToInfo) + if err != nil { + return nil, errors.Wrap(err) + } } if resource.Type == "aws_iam_role_policy_attachment" { extractAwsIamRolePolicyAttachmentInfo(resource, roleIdToPolicies) @@ -58,7 +61,10 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) ([]AwsRoleInfo, error) { } } if resource.Type == "aws_iam_policy" { - extractAwsIamPolicyInfo(resource, policyArnToInfo) + err := extractAwsIamPolicyInfo(resource, policyArnToInfo) + if err != nil { + return nil, errors.Wrap(err) + } } if resource.Type == "aws_iam_role_policy_attachment" { extractAwsIamRolePolicyAttachmentInfo(resource, roleIdToPolicies) From 035b220077f0b4103740ead162b7b5341332b64d Mon Sep 17 00:00:00 2001 From: davidrobert Date: Wed, 14 May 2025 09:20:59 +0300 Subject: [PATCH 14/16] support older tf format --- src/pkg/terraform/aws.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/pkg/terraform/aws.go b/src/pkg/terraform/aws.go index 7c14fa99..f830b4a4 100644 --- a/src/pkg/terraform/aws.go +++ b/src/pkg/terraform/aws.go @@ -50,6 +50,11 @@ func ExtractAwsRoleAndPolicies(state *tfjson.State) ([]AwsRoleInfo, error) { if resource.Type == "aws_iam_role_policy_attachment" { extractAwsIamRolePolicyAttachmentInfo(resource, roleIdToPolicies) } + + // Support older format + if resource.Type == "aws_iam_policy_attachment" { + extractAwsIamPolicyAttachmentInfo(resource, roleIdToPolicies) + } } for _, childModule := range state.Values.RootModule.ChildModules { @@ -126,6 +131,16 @@ func extractAwsIamRolePolicyAttachmentInfo(resource *tfjson.StateResource, roleI roleIdToPolicies[roleId] = append(roleIdToPolicies[roleId], policyArn) } +func extractAwsIamPolicyAttachmentInfo(resource *tfjson.StateResource, roleIdToPolicies map[string][]string) { + policyArn := resource.AttributeValues["policy_arn"].(string) + + roles := resource.AttributeValues["roles"].([]interface{}) + for _, role := range roles { + roleId := role.(string) + roleIdToPolicies[roleId] = append(roleIdToPolicies[roleId], policyArn) + } +} + func extractAwsIamPolicyInfo(resource *tfjson.StateResource, policyArnToInfo map[string]AwsPolicyInfo) error { policyArn := resource.AttributeValues["arn"].(string) From d21353aa52a64ffa86cc7c1c72192cc92f770d97 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Mon, 19 May 2025 14:41:37 +0300 Subject: [PATCH 15/16] update schemas --- src/pkg/cloudclient/graphql/schema.graphql | 437 ++++- .../cloudclient/login/userlogin/userlogin.go | 9 +- .../cloudclient/restapi/cloudapi/api.gen.go | 1504 ++++++++++++++++- .../cloudclient/restapi/cloudapi/openapi.json | 1305 ++++++++++++-- src/pkg/mapperclient/schema.graphql | 11 + 5 files changed, 3068 insertions(+), 198 deletions(-) diff --git a/src/pkg/cloudclient/graphql/schema.graphql b/src/pkg/cloudclient/graphql/schema.graphql index e9294c31..c0c0fa69 100644 --- a/src/pkg/cloudclient/graphql/schema.graphql +++ b/src/pkg/cloudclient/graphql/schema.graphql @@ -7,14 +7,17 @@ directive @constraint( example: String! ) on ENUM_VALUE -"""The @defer directive may be specified on a fragment spread to imply de-prioritization, that causes the fragment to be omitted in the initial response, and delivered as a subsequent response afterward. A query with @defer directive will cause the request to potentially return multiple responses, where non-deferred data is delivered in the initial response and data deferred delivered in a subsequent response. @include and @skip take precedence over @defer.""" +"""Directs the executor to defer this fragment when the `if` argument is true or undefined.""" directive @defer( +"""Deferred when true or undefined.""" if: Boolean +"""Unique name""" label: String ) on FRAGMENT_SPREAD | INLINE_FRAGMENT -"""The @deprecated built-in directive is used within the type system definition language to indicate deprecated portions of a GraphQL service's schema, such as deprecated fields on a type, arguments on a field, input fields on an input type, or values of an enum type.""" +"""Marks an element of a GraphQL schema as no longer supported.""" directive @deprecated( +"""Explains why this element was deprecated, usually also including a suggestion for how to access supported similar data. Formatted using the Markdown syntax, as specified by [CommonMark](https://commonmark.org/).""" reason: String ) on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | ENUM_VALUE @@ -27,15 +30,30 @@ directive @httpError( statusCode: Int! ) on ENUM_VALUE -"""The @include directive may be provided for fields, fragment spreads, and inline fragments, and allows for conditional inclusion during execution as described by the if argument.""" +"""Directs the executor to include this field or fragment only when the `if` argument is true.""" directive @include( +"""Included when true.""" if: Boolean! ) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT +"""@noRole indicates that the specified query / mutation / subscription can be executed regardless of the user's roles. +This practically means that the query will not allow accessing any org-specific data.""" +directive @noRole on FIELD_DEFINITION + """@noauth indicates that the specified query / mutation / subscription can be executed anonymously without +user authentication, meaning anyone and everyone can execute it. USE WITH CAUTION. user authentication, meaning anyone and everyone can execute it. USE WITH CAUTION.""" directive @noauth on FIELD_DEFINITION +"""Indicates exactly one field must be supplied and this field must not be `null`.""" +directive @oneOf on INPUT_OBJECT + +"""@requiresRole indicates that the specified query / mutation / subscription requires any of the provided roles to be executed. +Users without any of the specified roles will not be able to execute the query / mutation / subscription.""" +directive @requiresRole( + roles: [AuthRole!]! +) on FIELD_DEFINITION + directive @restApiField( action: ApiFieldAction ) on FIELD_DEFINITION @@ -46,13 +64,15 @@ directive @restApiRoute( tags: [String!]! ) on FIELD_DEFINITION -"""The @skip directive may be provided for fields, fragment spreads, and inline fragments, and allows for conditional exclusion during execution as described by the if argument.""" +"""Directs the executor to skip this field or fragment when the `if` argument is true.""" directive @skip( +"""Skipped when true.""" if: Boolean! ) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT -"""The @specifiedBy built-in directive is used within the type system definition language to provide a scalar specification URL for specifying the behavior of custom scalar types.""" +"""Exposes a URL that specifies the behavior of this scalar.""" directive @specifiedBy( +"""The URL that specifies the behavior of this scalar.""" url: String! ) on SCALAR @@ -134,6 +154,7 @@ input AWSVisibilitySettingsInput { type AccessApprovalRuleset { id: ID! + order: Int! origin: AccessApprovalRulesetFilter! target: AccessApprovalRulesetFilter! action: AccessApprovalRulesetAction! @@ -156,6 +177,12 @@ enum AccessApprovalRulesetFilterValue { ANY } +type AccessApprovalRulesetResources { + clusters: [Cluster!]! + services: [Service!]! + namespaces: [Namespace!]! +} + type AccessApprovalRulesetSummary { environment: Environment! count: Int! @@ -189,6 +216,7 @@ type AccessGraphFilter { lastSeen: TimeFilterValue featureFlags: FeatureFlags includeOnlyClientsMatchingFilter: Boolean + hits: NumericFilterValue } type AccessLog { @@ -209,6 +237,7 @@ type AccessLogEdge { accessStatus: EdgeAccessStatus! } +""" This enum should be removed after removing allowExternalTrafficPolicy from IntentsOperatorConfigurationInput, it is here for backward compatibility """ enum AllowExternalTrafficPolicy { OFF ALWAYS @@ -242,6 +271,8 @@ input AppliedIntentsRequestApprovalData { type AppliedIntentsRequestStatus { id: ID! + resourceId: String! + generation: Int! """client""" service: Service! timestamp: Time! @@ -253,6 +284,7 @@ enum AppliedIntentsRequestStatusLabel { PENDING APPROVED DENIED + STALE } type AppliedIntentsRequestWithDetails { @@ -265,6 +297,22 @@ type AppliedIntentsRequestWithDetails { clientIntents: ClientIntentsFileRepresentation! } +enum AuthRole { + ADMIN + VIEWER +} + +type AutoApproveMoreRestrictiveIntentsByEnv { + environmentId: ID! + enabled: Boolean! +} + +enum AutomateThirdPartyNetworkPolicy { + OFF + ALWAYS + IF_BLOCKED_BY_OTTERIZE +} + enum AwsIamStep { CREATE_CLUSTER CONNECT_CLUSTER @@ -536,6 +584,12 @@ enum ComponentType { NETWORK_MAPPER } +input ConnectionsCount { + current: Int! + removed: Int! + added: Int! +} + type CreateGitHubIntegrationResponse { integration: Integration! nextURL: String! @@ -546,6 +600,10 @@ type CreateGitLabIntegrationResponse { nextURL: String! } +type CreateSIEMIntegrationResponse { + integration: Integration! +} + type CreateSlackIntegrationResponse { integration: Integration! nextURL: String! @@ -683,6 +741,8 @@ enum EdgeAccessStatusReason { ALLOWED_BY_APPLIED_INTENTS_KAFKA_OVERLY_PERMISSIVE ALLOWED_BY_APPLIED_INTENTS_DATABASE_OVERLY_PERMISSIVE ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY + ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY + ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY WOULD_BE_ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY BLOCKED_BY_APPLIED_INTENTS_UNDER_PERMISSIVE BLOCKED_BY_APPLIED_INTENTS_RESOURCE_MISMATCH @@ -694,6 +754,8 @@ enum EdgeAccessStatusReason { BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS + BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY + BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY BLOCKED_BY_DEFAULT_DENY SHARED_SERVICE_ACCOUNT CLIENT_ISTIO_SIDECAR_MISSING @@ -713,6 +775,8 @@ enum EdgeAccessStatusReason { BLOCKED_BY_DEFAULT_DENY_MISSING_EXTERNAL_TRAFFIC_POLICY BLOCKED_BY_APPLIED_INTENTS_MISSING_EXTERNAL_TRAFFIC_POLICY ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY + ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY + WOULD_BE_ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY } enum EdgeAccessStatusVerdict { @@ -734,6 +798,11 @@ type EdgeAccessStatuses { linkerdPolicies: EdgeAccessStatus! } +enum EligibleForMetricsCollectionReason { + POD_ANNOTATIONS + SERVICE_ANNOTATIONS +} + type Environment { id: ID! name: String! @@ -782,6 +851,7 @@ enum EventType { ACTIVE EBPF_ATTACHED EBPF_ATTACH_FAILED + EBPF_PROCESSING_ERROR } input ExternalTrafficDiscoveredIntentInput { @@ -793,6 +863,8 @@ input ExternalTrafficIntentInput { namespace: String! clientName: String! target: DNSIPPairInput! + connectionsCount: ConnectionsCount + ttl: Time } input ExternallyAccessibleServiceInput { @@ -818,6 +890,7 @@ type FeatureFlags { useTypedIntentsCTE: Boolean enableInternetIntentsSuggestions: Boolean enableIAMIntentsSuggestions: Boolean + enableNetworkPoliciesInAccessGraph: Boolean } type Finding { @@ -938,14 +1011,14 @@ type GitHubRepoInfo { repository: String! baseBranch: String! intentsPath: String! - terraformPath: String! + terraformPath: String } input GitHubRepoInfoInput { repository: String! baseBranch: String! intentsPath: String! - terraformPath: String! + terraformPath: String } type GitHubSettings { @@ -980,7 +1053,7 @@ input GitLabRepoInfoInput { projectPath: String! baseBranch: String! intentsPath: String! - terraformPath: String! + terraformPath: String } type GitLabSettings { @@ -1035,6 +1108,12 @@ enum IPFamily { UNKNOWN } +"""IP filters""" +type IPFilterValue { + cidr: String! + exclude: [String!] +} + input IncomingInternetSourceInput { ip: String! } @@ -1048,6 +1127,7 @@ input IncomingTrafficIntentInput { serverName: String! namespace: String! source: IncomingInternetSourceInput! + connectionsCount: ConnectionsCount } input IngressControllerConfigInput { @@ -1059,7 +1139,9 @@ input IngressControllerConfigInput { """Ruleset""" input InputAccessApprovalRuleset { """Ruleset""" - id: ID + id: ID! +"""Ruleset""" + order: Int! """Ruleset""" origin: InputAccessApprovalRulesetConfigFilter! """Ruleset""" @@ -1098,6 +1180,7 @@ input InputAccessGraphFilter { lastSeen: InputTimeFilterValue featureFlags: InputFeatureFlags includeOnlyClientsMatchingFilter: Boolean + hits: InputNumericFilterValue } """ Access log filter """ @@ -1138,6 +1221,11 @@ input InputAppliedIntentsRequestFilter { approvalStatuses: InputIDFilterValue } +input InputAutoApproveMoreRestrictiveIntentsByEnv { + environmentId: ID! + enabled: Boolean! +} + input InputDefaultIntentsApprovalActionByEnv { environmentId: ID! action: AccessApprovalRulesetAction! @@ -1151,6 +1239,7 @@ input InputFeatureFlags { useTypedIntentsCTE: Boolean enableInternetIntentsSuggestions: Boolean enableIAMIntentsSuggestions: Boolean + enableNetworkPoliciesInAccessGraph: Boolean } """ Findings filter """ @@ -1189,6 +1278,39 @@ input InputIntegrationAccessGraphFilter { namespaceFilterType: IDFilterOperators serviceIds: [ID!] serviceFilterType: IDFilterOperators + targets: [IntentType!] +} + +""" Network policies filter """ +input InputNetworkPolicyFilter { +""" Network policies filter """ + search: String +""" Network policies filter """ + clusterIds: InputIDFilterValue +""" Network policies filter """ + namespaceIds: InputIDFilterValue +""" Network policies filter """ + environmentIds: InputIDFilterValue +""" Network policies filter """ + networkPolicyIds: InputIDFilterValue +""" Network policies filter """ + policyKinds: InputIDFilterValue +""" Network policies filter """ + since: InputTimeFilterValue +} + +input InputNetworkPolicyHitsFilter { + since: InputTimeFilterValue +} + +input InputNumericFilterValue { + value: Int! + operator: NumericFilterOperators! +} + +input InputOffsetPagination { + page: Int + size: Int } input InputResourceInventoryFilter { @@ -1288,6 +1410,7 @@ type Integration { gitLabSettings: GitLabSettings slackSettings: SlackSettings awsVisibilitySettings: AWSVisibilitySettings + siemSettings: SIEMSettings organizationId: String! status: IntegrationStatus } @@ -1302,6 +1425,7 @@ type IntegrationAccessGraphFilter { serviceIds: [ID!] serviceFilterType: IDFilterOperators lastSeenAfter: Time + targets: [IntentType!] } type IntegrationComponents { @@ -1346,6 +1470,7 @@ enum IntegrationType { AZURE SLACK AWS_VISIBILITY + SIEM } type Intent { @@ -1373,9 +1498,11 @@ input IntentInput { clientName: String! clientResolutionData: String clientWorkloadKind: String + clientNameResolvedUsingAnnotation: Boolean serverName: String! serverResolutionData: String serverWorkloadKind: String + serverNameResolvedUsingAnnotation: Boolean serverAlias: ServerAliasInput serverNamespace: String type: IntentType @@ -1392,13 +1519,19 @@ input IntentInput { internet: InternetConfigInput status: IntentStatusInput resolutionData: String + connectionsCount: ConnectionsCount } input IntentRequestInput { - requestId: ID! + resourceGeneration: IntentRequestResourceGeneration! intent: IntentInput! } +input IntentRequestResourceGeneration { + resourceId: String! + generation: Int! +} + type IntentStatus { serviceAccountName: String! isServiceAccountShared: Boolean! @@ -1411,6 +1544,7 @@ input IntentStatusInput { } enum IntentType { + KUBERNETES HTTP KAFKA DATABASE @@ -1460,6 +1594,8 @@ input IntentsOperatorConfigurationInput { awsALBLoadBalancerExemptionEnabled: Boolean allowExternalTrafficPolicy: AllowExternalTrafficPolicy externallyManagedPolicyWorkloads: [ExternallyManagedPolicyWorkloadInput!] + automateThirdPartyNetworkPolicies: AutomateThirdPartyNetworkPolicy + prometheusServerConfigs: [PrometheusServerConfigInput!] } type IntentsOperatorState { @@ -1486,22 +1622,23 @@ type Invite { id: ID! email: String! organization: Organization! + organizationMembership: OrganizationMembership! inviter: User! created: Time! acceptedAt: Time status: InviteStatus! } +input InviteOrgMembershipInput { + inviteId: ID! + membership: OrganizationMembershipInput! +} + enum InviteStatus { PENDING ACCEPTED } -input IpBlockInput { - cidr: String! - except: [String!] -} - enum IpFamilyPolicy { SINGLE_STACK PREFER_DUAL_STACK @@ -1559,6 +1696,12 @@ enum K8sPortProtocol { SCTP } +input K8sResourceEligibleForMetricsCollectionInput { + namespace: String! + name: String! + kind: String! +} + input K8sResourceIngressInput { spec: K8sResourceIngressSpecInput! status: K8sResourceIngressStatusInput @@ -1746,12 +1889,19 @@ type Me { user: User! """The organizations to which the current logged-in user belongs.""" organizations: [Organization!]! +"""The organizations to which the current logged-in user belongs.""" + userOrganizations: [UserOrganizationAssociation!]! """Organizations to which the current logged-in user may join.""" invites: [Invite!]! """The organization under which the current user request acts. This is selected by the X-Otterize-Organization header, or, for users with a single organization, this is that single selected organization.""" selectedOrganization: Organization! +"""The organization under which the current user request acts. +This is selected by the X-Otterize-Organization header, +or, for users with a single organization, this is that single selected organization.""" + selectedUserOrganization: UserOrganizationAssociation! + selectedOrganizationRestrictionResources: OrganizationMembershipRestrictionResources } type MeMutation { @@ -1781,8 +1931,11 @@ type Mutation { id: ID! result: AppliedIntentsRequestApprovalData! ): Boolean! + syncPendingRequestStatuses( + intentResourceGeneration: [IntentRequestResourceGeneration!]! + ): [AppliedIntentsRequestStatus!]! """rulesets""" - createOrUpdateAccessApprovalRulesets( + saveAccessApprovalRulesets( environmentId: ID! rules: [InputAccessApprovalRuleset!]! ): Boolean! @@ -1897,6 +2050,17 @@ type Mutation { name: String! slackSettings: SlackSettingsInput! ): CreateSlackIntegrationResponse +"""Create a new SIEM integration""" + createSIEMIntegration( + name: String! + siemSettings: SIEMSettingsInput! + ): CreateSIEMIntegrationResponse +"""Update SIEM integration""" + updateSIEMIntegration( + id: ID! + name: String! + siemSettings: SIEMSettingsInput! + ): Integration """Update a Slack integration""" updateSlackIntegration( id: ID! @@ -1986,10 +2150,6 @@ type Mutation { intents: [IntentInput!]! ossClusterId: String ): Boolean! - reportNetworkPolicies( - namespace: String! - policies: [NetworkPolicyInput!]! - ): Boolean! reportExternallyAccessibleServices( namespace: String! services: [ExternallyAccessibleServiceInput!]! @@ -2003,6 +2163,7 @@ type Mutation { """Create user invite""" createInvite( email: String! + organizationMembership: OrganizationMembershipInput ): Invite! """Delete user invite""" deleteInvite( @@ -2012,6 +2173,9 @@ type Mutation { acceptInvite( id: ID! ): Invite! + saveInviteOrgMemberships( + memberships: [InviteOrgMembershipInput!]! + ): Boolean! reportK8sServices( namespace: String! services: [K8sServiceInput!]! @@ -2020,6 +2184,11 @@ type Mutation { namespace: String! ingresses: [K8sIngressInput!]! ): Boolean! + reportK8sResourceEligibleForMetricsCollection( + namespace: String! + reason: EligibleForMetricsCollectionReason! + resources: [K8sResourceEligibleForMetricsCollectionInput!]! + ): Boolean! reportKafkaServerConfigs( namespace: String! serverConfigs: [KafkaServerConfigInput!]! @@ -2031,6 +2200,15 @@ type Mutation { id: ID! environmentId: ID ): Namespace! + reportNamespaceLabels( + name: String! + labels: [LabelInput!] + ): Boolean! + reportNetworkPolicies( + namespace: String + networkPolicies: [NetworkPolicyInput!] + ): Boolean! + computeNetworkPoliciesForOrg: Boolean! """Create a new organization""" createOrganization( name: String @@ -2042,6 +2220,9 @@ type Mutation { imageURL: String settings: OrganizationSettingsInput ): Organization! + updateDomainsDefaultRole( + defaultRole: AuthRole! + ): Organization! """Remove user from organization""" removeUserFromOrganization( id: ID! @@ -2087,6 +2268,9 @@ type Mutation { userEmail: String! feedback: String! ): Boolean! + saveOrgMemberships( + memberships: [UserOrgMembershipInput!]! + ): Boolean! createOrActivateTutorial( tutorialName: TutorialName! ): Boolean! @@ -2133,6 +2317,11 @@ type NetworkMapperComponent { status: ComponentStatus! } +type NetworkPoliciesPage { + data: [NetworkPolicy!]! + meta: PaginationMeta +} + enum NetworkPoliciesStep { """Connect cluster""" CREATE_CLUSTER @@ -2148,20 +2337,65 @@ enum NetworkPoliciesStep { COMPLETED } -input NetworkPolicyEgressRuleInput { - to: [PeerInput!]! +type NetworkPolicy { + id: ID! + name: String! + kind: NetworkPolicyKind! + cluster: Cluster! + namespace: Namespace + environment: Environment! + hits: Int! + allowedHits: Int! + blockedHits: Int! + workloads: [NetworkPolicyWorkload!]! + workloadsAffected: Int! + spec: String! + lastUsed: Time + metadata: NetworkPolicyMetadata } input NetworkPolicyInput { - namespace: String! name: String! - serverName: String! - externalNetworkTrafficPolicy: Boolean! - spec: NetworkPolicySpecInput + yaml: String! +} + +enum NetworkPolicyKind { + NETWORK_POLICY + NETWORK_POLICY_MANAGED_BY_OTTERIZE + CILIUM_NETWORK_POLICY + CILIUM_CLUSTER_WIDE_NETWORK_POLICY +} + +type NetworkPolicyMetadata { + isEgress: Boolean! + isIngress: Boolean! + hasIpBlocks: Boolean! +} + +enum NetworkPolicyScope { + PRIMARY + EGRESS + INGRESS +} + +type NetworkPolicyWorkload { + scope: NetworkPolicyScope! + service: Service! +} + +"""Numeric filters""" +enum NumericFilterOperators { + EQUAL + NOT_EQUAL + GREATER_THAN + GREATER_THAN_OR_EQUAL + LESS_THAN + LESS_THAN_OR_EQUAL } -input NetworkPolicySpecInput { - egress: [NetworkPolicyEgressRuleInput!] +type NumericFilterValue { + value: Int! + operator: NumericFilterOperators! } type Organization { @@ -2173,11 +2407,48 @@ type Organization { created: Time! } +type OrganizationMembership { + organizationId: ID! + role: AuthRole! + restrictions: OrganizationMembershipRestrictions + restrictionResources: OrganizationMembershipRestrictionResources +} + +input OrganizationMembershipInput { + role: AuthRole! + restrictions: OrganizationMembershipRestrictionsInput +} + +type OrganizationMembershipRestrictionResources { + clusters: [Cluster!]! + services: [Service!]! + namespaces: [Namespace!]! + environments: [Environment!]! +} + +type OrganizationMembershipRestrictions { + clusterIds: IDFilterValue + serviceIds: IDFilterValue + namespaceIds: IDFilterValue + environmentIds: IDFilterValue +} + +input OrganizationMembershipRestrictionsInput { + clusterIds: InputIDFilterValue + serviceIds: InputIDFilterValue + namespaceIds: InputIDFilterValue + environmentIds: InputIDFilterValue +} + type OrganizationSettings { domains: [String!] enforcedRegulations: [String!] ignoredCloudDomains: [String!] defaultIntentsApprovalActionByEnv: [DefaultIntentsApprovalActionByEnv!]! + ignoreInternetIntents: Boolean + domainsDefaultRole: AuthRole! + defaultInviteMembership: OrganizationMembership! + autoApproveMoreRestrictiveIntentsByEnv: [AutoApproveMoreRestrictiveIntentsByEnv!]! } input OrganizationSettingsInput { @@ -2185,6 +2456,9 @@ input OrganizationSettingsInput { enforcedRegulations: [String] ignoredCloudDomains: [String!] defaultIntentsApprovalActionByEnv: [InputDefaultIntentsApprovalActionByEnv!] + ignoreInternetIntents: Boolean + defaultInviteMembership: OrganizationMembershipInput + autoApproveMoreRestrictiveIntentsByEnv: [InputAutoApproveMoreRestrictiveIntentsByEnv!] } input PaginationInput { @@ -2203,16 +2477,18 @@ enum PathType { EXACT } -input PeerInput { - ipBlock: IpBlockInput! -} - input PortStatusInput { port: Int! protocol: K8sPortProtocol! error: String } +input PrometheusServerConfigInput { + name: String! + namespace: String! + kind: String! +} + input ProtectedServiceInput { name: String! } @@ -2251,6 +2527,16 @@ type Query { targetServiceId: ID! lastSeenAfter: Time! ): [String!]! + edgeNetworkPolicies( + clientServiceId: ID! + serverServiceId: ID! + ): [NetworkPolicy!]! +""" Get edge connections count """ + edgeConnectionsCount( + clientId: ID! + serverId: ID! + lastSeenAfter: Time! + ): Int! """Get access log""" accessLog( filter: InputAccessLogFilter @@ -2267,7 +2553,7 @@ type Query { accessApprovalRulesetSummary: [AccessApprovalRulesetSummary!]! accessApprovalRulesetList( filter: InputAccessApprovalRulesetFilter - ): [AccessApprovalRuleset!]! + ): RulesetsWithResources! """Get cluster""" cluster( id: ID! @@ -2376,6 +2662,14 @@ type Query { clusterId: ID name: String ): Namespace! + networkPolicy( + id: ID! + filter: InputNetworkPolicyHitsFilter + ): NetworkPolicy + networkPolicies( + filter: InputNetworkPolicyFilter + pagination: InputOffsetPagination + ): NetworkPoliciesPage """List organizations""" organizations: [Organization!]! """Get organization""" @@ -2425,6 +2719,7 @@ type Query { ): TerraformResourceInfo! """List users""" users: [User!]! + orgUsers: [UserOrganizationAssociation!]! """Get user""" user( id: ID! @@ -2464,6 +2759,9 @@ enum RegulationCode { ZERO_TRUST_EGRESS_ACCESS_COVERED ZERO_TRUST_EXTERNAL_INGRESS_TAGGED ZERO_TRUST_ALL_INTRA_CLUSTER_ACCESS_COVERED + THREAT_INTELLIGENCE +"""Detect known IOCs (IPs, domain names) against ingress and egress Internet traffic""" + THREAT_INTELLIGENCE_KNOWN_IOCS } enum RegulationStandard { @@ -2471,6 +2769,7 @@ enum RegulationStandard { PII HIPAA ZERO_TRUST + THREAT_INTELLIGENCE } input ReportServiceMetadataInput { @@ -2490,6 +2789,49 @@ enum RowDiff { REMOVED } +type RulesetsWithResources { + rulesets: [AccessApprovalRuleset!]! + resources: AccessApprovalRulesetResources! +} + +type SIEMIntegrationTrigger { + isActive: Boolean! +} + +input SIEMIntegrationTriggerInput { + isActive: Boolean! +} + +type SIEMSettings { + isActive: Boolean! + syslogHostname: String! + syslogPort: Int! + syslogFacility: Int! + tlsConfiguration: TLSConfiguration + serviceTriggers: [SIEMTrigger!]! + findingTriggers: [SIEMTrigger!]! + integrationTriggers: SIEMIntegrationTrigger! +} + +input SIEMSettingsInput { + isActive: Boolean! + syslogHostname: String! + syslogPort: Int! + syslogFacility: Int! + tlsConfiguration: TLSConfigurationInput + serviceTriggers: [SIEMTriggerInput!]! + findingTriggers: [SIEMTriggerInput!]! + integrationTriggers: SIEMIntegrationTriggerInput! +} + +type SIEMTrigger { + filter: IntegrationAccessGraphFilter! +} + +input SIEMTriggerInput { + filter: InputIntegrationAccessGraphFilter! +} + input SelectorKeyValueInput { key: String value: String @@ -2573,6 +2915,7 @@ type Service { aliases: [ServerAlias!] namespace: Namespace environment: Environment! + networkPolicies: [NetworkPolicy!] """If service is Kafka, its KafkaServerConfig.""" kafkaServerConfig: KafkaServerConfig certificateInformation: CertificateInformation @@ -2636,6 +2979,7 @@ input ServiceIdentityInput { name: String! namespace: String! kind: String! + nameResolvedUsingAnnotation: Boolean } enum ServiceInternalTrafficPolicy { @@ -2646,6 +2990,9 @@ enum ServiceInternalTrafficPolicy { input ServiceMetadataInput { tags: [String!] awsRoles: [String!] + labels: [LabelInput!] + podIps: [String!] + serviceIps: [String!] } enum ServiceType { @@ -2662,6 +3009,7 @@ enum ServiceType { KUBERNETES_LOAD_BALANCER AWS_VISIBILITY_EKS DETECTED_CLOUD_SERVER + CONTROL_PLANE } type ServicesResponse { @@ -2738,6 +3086,17 @@ type StatusSummary { """The `String`scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.""" scalar String +type TLSConfiguration { + caCertificate: String + certificate: String +} + +input TLSConfigurationInput { + caCertificate: String + certificate: String + key: String +} + enum TelemetryComponentType { INTENTS_OPERATOR CREDENTIALS_OPERATOR @@ -2878,6 +3237,18 @@ enum UserErrorType { CONFLICT BAD_USER_INPUT APPLIED_INTENTS_ERROR + TIMEOUT +} + +input UserOrgMembershipInput { + userId: ID! + membership: OrganizationMembershipInput! +} + +type UserOrganizationAssociation { + org: Organization! + user: User! + membership: OrganizationMembership! } type UserTutorial { diff --git a/src/pkg/cloudclient/login/userlogin/userlogin.go b/src/pkg/cloudclient/login/userlogin/userlogin.go index d3fdcbe4..24779eb2 100644 --- a/src/pkg/cloudclient/login/userlogin/userlogin.go +++ b/src/pkg/cloudclient/login/userlogin/userlogin.go @@ -63,7 +63,10 @@ func (loginCtx *LoginContext) EnsureUserRegistered() error { } func (loginCtx *LoginContext) SelectOrg(preSelectedOrgId string, switchOrg bool) (string, error) { - organizations := loginCtx.me.Organizations + organizations := lo.Map(loginCtx.me.UserOrganizations, func(userOrg cloudapi.UserOrganizationAssociation, _ int) cloudapi.Organization { + return userOrg.Org + }) + selectedOrg := "" if len(organizations) == 0 { orgId, err := loginCtx.createOrJoinOrgFromUserInput() @@ -161,7 +164,9 @@ func (loginCtx *LoginContext) createNewOrg() (string, error) { } func (loginCtx *LoginContext) interactiveSelectOrg(preSelectedOrgId string, switchOrg bool) (string, error) { - organizations := loginCtx.me.Organizations + organizations := lo.Map(loginCtx.me.UserOrganizations, func(userOrg cloudapi.UserOrganizationAssociation, _ int) cloudapi.Organization { + return userOrg.Org + }) prints.PrintCliStderr("You belong to the following organizations:") output.FormatOrganizations(organizations) diff --git a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go index 0d91fdaa..c34fa5d9 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go +++ b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go @@ -20,15 +20,14 @@ import ( const ( AccessTokenCookieScopes = "accessTokenCookie.Scopes" - BearerAuthScopes = "bearerAuth.Scopes" Oauth2Scopes = "oauth2.Scopes" OrganizationHeaderScopes = "organizationHeader.Scopes" ) // Defines values for AWSResourceType. const ( - GENERAL AWSResourceType = "GENERAL" - S3 AWSResourceType = "S3" + AWSResourceTypeGENERAL AWSResourceType = "GENERAL" + AWSResourceTypeS3 AWSResourceType = "S3" ) // Defines values for AWSVisibilityResourceType. @@ -51,6 +50,8 @@ const ( CallFindingCodePCI4071 CallFindingCode = "PCI_4_0_7_1" CallFindingCodePCI4072 CallFindingCode = "PCI_4_0_7_2" CallFindingCodePCI4087 CallFindingCode = "PCI_4_0_8_7" + CallFindingCodeTHREATINTELLIGENCE CallFindingCode = "THREAT_INTELLIGENCE" + CallFindingCodeTHREATINTELLIGENCEKNOWNIOCS CallFindingCode = "THREAT_INTELLIGENCE_KNOWN_IOCS" CallFindingCodeZEROTRUST CallFindingCode = "ZERO_TRUST" CallFindingCodeZEROTRUSTALLINTRACLUSTERACCESSCOVERED CallFindingCode = "ZERO_TRUST_ALL_INTRA_CLUSTER_ACCESS_COVERED" CallFindingCodeZEROTRUSTDEFAULTDENY CallFindingCode = "ZERO_TRUST_DEFAULT_DENY" @@ -61,10 +62,11 @@ const ( // Defines values for CallFindingStandard. const ( - CallFindingStandardHIPAA CallFindingStandard = "HIPAA" - CallFindingStandardPCI40 CallFindingStandard = "PCI_4_0" - CallFindingStandardPII CallFindingStandard = "PII" - CallFindingStandardZEROTRUST CallFindingStandard = "ZERO_TRUST" + CallFindingStandardHIPAA CallFindingStandard = "HIPAA" + CallFindingStandardPCI40 CallFindingStandard = "PCI_4_0" + CallFindingStandardPII CallFindingStandard = "PII" + CallFindingStandardTHREATINTELLIGENCE CallFindingStandard = "THREAT_INTELLIGENCE" + CallFindingStandardZEROTRUST CallFindingStandard = "ZERO_TRUST" ) // Defines values for ClientIntentsRowDiff. @@ -128,6 +130,9 @@ const ( EdgeAccessStatusReasonALLOWEDBYAPPLIEDINTENTSOVERLYPERMISSIVE EdgeAccessStatusReason = "ALLOWED_BY_APPLIED_INTENTS_OVERLY_PERMISSIVE" EdgeAccessStatusReasonALLOWEDBYEXTERNALLYMANAGEDNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY" EdgeAccessStatusReasonALLOWEDBYEXTERNALTRAFFICNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY" + EdgeAccessStatusReasonALLOWEDBYINTERNETEGRESSNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonALLOWEDBYINTERNETINGRESSNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonALLOWEDBYMETRICSCOLLECTIONTRAFFICNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY" EdgeAccessStatusReasonBLOCKEDBYAPPLIEDINTENTSDATABASERESOURCEMISMATCH EdgeAccessStatusReason = "BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH" EdgeAccessStatusReasonBLOCKEDBYAPPLIEDINTENTSDATABASEUNDERPERMISSIVE EdgeAccessStatusReason = "BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE" EdgeAccessStatusReasonBLOCKEDBYAPPLIEDINTENTSHTTPRESOURCEMISMATCH EdgeAccessStatusReason = "BLOCKED_BY_APPLIED_INTENTS_HTTP_RESOURCE_MISMATCH" @@ -140,6 +145,8 @@ const ( EdgeAccessStatusReasonBLOCKEDBYDATABASEENFORCEMENTCONFIGMISSINGAPPLIEDINTENTS EdgeAccessStatusReason = "BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS" EdgeAccessStatusReasonBLOCKEDBYDEFAULTDENY EdgeAccessStatusReason = "BLOCKED_BY_DEFAULT_DENY" EdgeAccessStatusReasonBLOCKEDBYDEFAULTDENYMISSINGEXTERNALTRAFFICPOLICY EdgeAccessStatusReason = "BLOCKED_BY_DEFAULT_DENY_MISSING_EXTERNAL_TRAFFIC_POLICY" + EdgeAccessStatusReasonBLOCKEDBYINTERNETEGRESSNETWORKPOLICY EdgeAccessStatusReason = "BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonBLOCKEDBYINTERNETINGRESSNETWORKPOLICY EdgeAccessStatusReason = "BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY" EdgeAccessStatusReasonBLOCKEDBYKAFKAENFORCEMENTCONFIGMISSINGAPPLIEDINTENTS EdgeAccessStatusReason = "BLOCKED_BY_KAFKA_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS" EdgeAccessStatusReasonCLIENTISTIOSIDECARMISSING EdgeAccessStatusReason = "CLIENT_ISTIO_SIDECAR_MISSING" EdgeAccessStatusReasonIGNOREDINCALCULATION EdgeAccessStatusReason = "IGNORED_IN_CALCULATION" @@ -157,6 +164,7 @@ const ( EdgeAccessStatusReasonSERVERISTIOSIDECARMISSING EdgeAccessStatusReason = "SERVER_ISTIO_SIDECAR_MISSING" EdgeAccessStatusReasonSHAREDSERVICEACCOUNT EdgeAccessStatusReason = "SHARED_SERVICE_ACCOUNT" EdgeAccessStatusReasonWOULDBEALLOWEDBYEXTERNALTRAFFICNETWORKPOLICY EdgeAccessStatusReason = "WOULD_BE_ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY" + EdgeAccessStatusReasonWOULDBEALLOWEDBYMETRICSCOLLECTIONTRAFFICNETWORKPOLICY EdgeAccessStatusReason = "WOULD_BE_ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY" ) // Defines values for EdgeAccessStatusReasons. @@ -168,6 +176,9 @@ const ( EdgeAccessStatusReasonsALLOWEDBYAPPLIEDINTENTSOVERLYPERMISSIVE EdgeAccessStatusReasons = "ALLOWED_BY_APPLIED_INTENTS_OVERLY_PERMISSIVE" EdgeAccessStatusReasonsALLOWEDBYEXTERNALLYMANAGEDNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY" EdgeAccessStatusReasonsALLOWEDBYEXTERNALTRAFFICNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY" + EdgeAccessStatusReasonsALLOWEDBYINTERNETEGRESSNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonsALLOWEDBYINTERNETINGRESSNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonsALLOWEDBYMETRICSCOLLECTIONTRAFFICNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY" EdgeAccessStatusReasonsBLOCKEDBYAPPLIEDINTENTSDATABASERESOURCEMISMATCH EdgeAccessStatusReasons = "BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH" EdgeAccessStatusReasonsBLOCKEDBYAPPLIEDINTENTSDATABASEUNDERPERMISSIVE EdgeAccessStatusReasons = "BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE" EdgeAccessStatusReasonsBLOCKEDBYAPPLIEDINTENTSHTTPRESOURCEMISMATCH EdgeAccessStatusReasons = "BLOCKED_BY_APPLIED_INTENTS_HTTP_RESOURCE_MISMATCH" @@ -180,6 +191,8 @@ const ( EdgeAccessStatusReasonsBLOCKEDBYDATABASEENFORCEMENTCONFIGMISSINGAPPLIEDINTENTS EdgeAccessStatusReasons = "BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS" EdgeAccessStatusReasonsBLOCKEDBYDEFAULTDENY EdgeAccessStatusReasons = "BLOCKED_BY_DEFAULT_DENY" EdgeAccessStatusReasonsBLOCKEDBYDEFAULTDENYMISSINGEXTERNALTRAFFICPOLICY EdgeAccessStatusReasons = "BLOCKED_BY_DEFAULT_DENY_MISSING_EXTERNAL_TRAFFIC_POLICY" + EdgeAccessStatusReasonsBLOCKEDBYINTERNETEGRESSNETWORKPOLICY EdgeAccessStatusReasons = "BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonsBLOCKEDBYINTERNETINGRESSNETWORKPOLICY EdgeAccessStatusReasons = "BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY" EdgeAccessStatusReasonsBLOCKEDBYKAFKAENFORCEMENTCONFIGMISSINGAPPLIEDINTENTS EdgeAccessStatusReasons = "BLOCKED_BY_KAFKA_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS" EdgeAccessStatusReasonsCLIENTISTIOSIDECARMISSING EdgeAccessStatusReasons = "CLIENT_ISTIO_SIDECAR_MISSING" EdgeAccessStatusReasonsIGNOREDINCALCULATION EdgeAccessStatusReasons = "IGNORED_IN_CALCULATION" @@ -197,6 +210,7 @@ const ( EdgeAccessStatusReasonsSERVERISTIOSIDECARMISSING EdgeAccessStatusReasons = "SERVER_ISTIO_SIDECAR_MISSING" EdgeAccessStatusReasonsSHAREDSERVICEACCOUNT EdgeAccessStatusReasons = "SHARED_SERVICE_ACCOUNT" EdgeAccessStatusReasonsWOULDBEALLOWEDBYEXTERNALTRAFFICNETWORKPOLICY EdgeAccessStatusReasons = "WOULD_BE_ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY" + EdgeAccessStatusReasonsWOULDBEALLOWEDBYMETRICSCOLLECTIONTRAFFICNETWORKPOLICY EdgeAccessStatusReasons = "WOULD_BE_ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY" ) // Defines values for EdgeAccessStatusVerdict. @@ -219,6 +233,7 @@ const ( IntegrationTypeGITHUB IntegrationType = "GITHUB" IntegrationTypeGITLAB IntegrationType = "GITLAB" IntegrationTypeKUBERNETES IntegrationType = "KUBERNETES" + IntegrationTypeSIEM IntegrationType = "SIEM" IntegrationTypeSLACK IntegrationType = "SLACK" ) @@ -246,6 +261,19 @@ const ( IntegrationAccessGraphFilterServiceFilterTypeINCLUDE IntegrationAccessGraphFilterServiceFilterType = "INCLUDE" ) +// Defines values for IntegrationAccessGraphFilterTargets. +const ( + IntegrationAccessGraphFilterTargetsAWS IntegrationAccessGraphFilterTargets = "AWS" + IntegrationAccessGraphFilterTargetsAZURE IntegrationAccessGraphFilterTargets = "AZURE" + IntegrationAccessGraphFilterTargetsDATABASE IntegrationAccessGraphFilterTargets = "DATABASE" + IntegrationAccessGraphFilterTargetsGCP IntegrationAccessGraphFilterTargets = "GCP" + IntegrationAccessGraphFilterTargetsHTTP IntegrationAccessGraphFilterTargets = "HTTP" + IntegrationAccessGraphFilterTargetsINTERNET IntegrationAccessGraphFilterTargets = "INTERNET" + IntegrationAccessGraphFilterTargetsKAFKA IntegrationAccessGraphFilterTargets = "KAFKA" + IntegrationAccessGraphFilterTargetsKUBERNETES IntegrationAccessGraphFilterTargets = "KUBERNETES" + IntegrationAccessGraphFilterTargetsS3 IntegrationAccessGraphFilterTargets = "S3" +) + // Defines values for IntegrationStatusState. const ( IntegrationStatusStateDISABLED IntegrationStatusState = "DISABLED" @@ -281,6 +309,34 @@ const ( NETWORKMAPPER NetworkMapperComponentType = "NETWORK_MAPPER" ) +// Defines values for NumericFilterValueOperator. +const ( + EQUAL NumericFilterValueOperator = "EQUAL" + GREATERTHAN NumericFilterValueOperator = "GREATER_THAN" + GREATERTHANOREQUAL NumericFilterValueOperator = "GREATER_THAN_OR_EQUAL" + LESSTHAN NumericFilterValueOperator = "LESS_THAN" + LESSTHANOREQUAL NumericFilterValueOperator = "LESS_THAN_OR_EQUAL" + NOTEQUAL NumericFilterValueOperator = "NOT_EQUAL" +) + +// Defines values for OrganizationMembershipRole. +const ( + OrganizationMembershipRoleADMIN OrganizationMembershipRole = "ADMIN" + OrganizationMembershipRoleVIEWER OrganizationMembershipRole = "VIEWER" +) + +// Defines values for OrganizationMembershipInputRole. +const ( + OrganizationMembershipInputRoleADMIN OrganizationMembershipInputRole = "ADMIN" + OrganizationMembershipInputRoleVIEWER OrganizationMembershipInputRole = "VIEWER" +) + +// Defines values for OrganizationSettingsDomainsDefaultRole. +const ( + ADMIN OrganizationSettingsDomainsDefaultRole = "ADMIN" + VIEWER OrganizationSettingsDomainsDefaultRole = "VIEWER" +) + // Defines values for ServerBlockingStatusReason. const ( ServerBlockingStatusReasonALLINTENTSAPPLIED ServerBlockingStatusReason = "ALL_INTENTS_APPLIED" @@ -333,6 +389,7 @@ const ( ServiceAccessGraphTypesAWS ServiceAccessGraphTypes = "AWS" ServiceAccessGraphTypesAWSVISIBILITYEKS ServiceAccessGraphTypes = "AWS_VISIBILITY_EKS" ServiceAccessGraphTypesAZURE ServiceAccessGraphTypes = "AZURE" + ServiceAccessGraphTypesCONTROLPLANE ServiceAccessGraphTypes = "CONTROL_PLANE" ServiceAccessGraphTypesDATABASE ServiceAccessGraphTypes = "DATABASE" ServiceAccessGraphTypesDATABASEUSER ServiceAccessGraphTypes = "DATABASE_USER" ServiceAccessGraphTypesDETECTEDCLOUDSERVER ServiceAccessGraphTypes = "DETECTED_CLOUD_SERVER" @@ -361,6 +418,7 @@ const ( OneIntegrationQueryParamsIntegrationTypeGITHUB OneIntegrationQueryParamsIntegrationType = "GITHUB" OneIntegrationQueryParamsIntegrationTypeGITLAB OneIntegrationQueryParamsIntegrationType = "GITLAB" OneIntegrationQueryParamsIntegrationTypeKUBERNETES OneIntegrationQueryParamsIntegrationType = "KUBERNETES" + OneIntegrationQueryParamsIntegrationTypeSIEM OneIntegrationQueryParamsIntegrationType = "SIEM" OneIntegrationQueryParamsIntegrationTypeSLACK OneIntegrationQueryParamsIntegrationType = "SLACK" ) @@ -375,6 +433,7 @@ const ( IntegrationsQueryParamsIntegrationTypeGITHUB IntegrationsQueryParamsIntegrationType = "GITHUB" IntegrationsQueryParamsIntegrationTypeGITLAB IntegrationsQueryParamsIntegrationType = "GITLAB" IntegrationsQueryParamsIntegrationTypeKUBERNETES IntegrationsQueryParamsIntegrationType = "KUBERNETES" + IntegrationsQueryParamsIntegrationTypeSIEM IntegrationsQueryParamsIntegrationType = "SIEM" IntegrationsQueryParamsIntegrationTypeSLACK IntegrationsQueryParamsIntegrationType = "SLACK" ) @@ -480,13 +539,14 @@ type AccessGraphEdge struct { // AccessGraphFilter Access graph filter type AccessGraphFilter struct { - ClusterIds *IDFilterValue `json:"clusterIds,omitempty"` - EnvironmentIds *IDFilterValue `json:"environmentIds,omitempty"` - FeatureFlags *FeatureFlags `json:"featureFlags,omitempty"` - IncludeOnlyClientsMatchingFilter *bool `json:"includeOnlyClientsMatchingFilter,omitempty"` - LastSeen *TimeFilterValue `json:"lastSeen,omitempty"` - NamespaceIds *IDFilterValue `json:"namespaceIds,omitempty"` - ServiceIds *IDFilterValue `json:"serviceIds,omitempty"` + ClusterIds *IDFilterValue `json:"clusterIds,omitempty"` + EnvironmentIds *IDFilterValue `json:"environmentIds,omitempty"` + FeatureFlags *FeatureFlags `json:"featureFlags,omitempty"` + Hits *NumericFilterValue `json:"hits,omitempty"` + IncludeOnlyClientsMatchingFilter *bool `json:"includeOnlyClientsMatchingFilter,omitempty"` + LastSeen *TimeFilterValue `json:"lastSeen,omitempty"` + NamespaceIds *IDFilterValue `json:"namespaceIds,omitempty"` + ServiceIds *IDFilterValue `json:"serviceIds,omitempty"` } // AccessLog defines model for AccessLog. @@ -521,6 +581,12 @@ type AccessLogEdge struct { Timestamp time.Time `json:"timestamp"` } +// AutoApproveMoreRestrictiveIntentsByEnv defines model for AutoApproveMoreRestrictiveIntentsByEnv. +type AutoApproveMoreRestrictiveIntentsByEnv struct { + Enabled bool `json:"enabled"` + EnvironmentId string `json:"environmentId"` +} + // AzureInfo defines model for AzureInfo. type AzureInfo struct { AksClusterName string `json:"aksClusterName"` @@ -713,6 +779,13 @@ type CreateGitLabIntegrationResponse struct { NextURL string `json:"nextURL"` } +// CreateSIEMIntegrationResponse defines model for CreateSIEMIntegrationResponse. +type CreateSIEMIntegrationResponse struct { + Integration struct { + Id string `json:"id"` + } `json:"integration"` +} + // CreateSlackIntegrationResponse defines model for CreateSlackIntegrationResponse. type CreateSlackIntegrationResponse struct { Integration struct { @@ -827,13 +900,14 @@ type Error struct { // FeatureFlags defines model for FeatureFlags. type FeatureFlags struct { - EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` - EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` - EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` - IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` - IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` - UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` - UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` + EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` + EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` + EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` + EnableNetworkPoliciesInAccessGraph *bool `json:"enableNetworkPoliciesInAccessGraph,omitempty"` + IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` + IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` + UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` + UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` } // GCPInfo defines model for GCPInfo. @@ -872,10 +946,10 @@ type GitHubRepoFilterPair struct { // GitHubRepoInfo defines model for GitHubRepoInfo. type GitHubRepoInfo struct { - BaseBranch string `json:"baseBranch"` - IntentsPath string `json:"intentsPath"` - Repository string `json:"repository"` - TerraformPath string `json:"terraformPath"` + BaseBranch string `json:"baseBranch"` + IntentsPath string `json:"intentsPath"` + Repository string `json:"repository"` + TerraformPath *string `json:"terraformPath,omitempty"` } // GitHubSettings defines model for GitHubSettings. @@ -928,6 +1002,7 @@ type InputAccessGraphFilter struct { ClusterIds *map[string]interface{} `json:"clusterIds,omitempty"` EnvironmentIds *map[string]interface{} `json:"environmentIds,omitempty"` FeatureFlags *map[string]interface{} `json:"featureFlags,omitempty"` + Hits *map[string]interface{} `json:"hits,omitempty"` IncludeOnlyClientsMatchingFilter *bool `json:"includeOnlyClientsMatchingFilter,omitempty"` LastSeen *map[string]interface{} `json:"lastSeen,omitempty"` NamespaceIds *map[string]interface{} `json:"namespaceIds,omitempty"` @@ -949,13 +1024,14 @@ type InputAccessLogFilter struct { // InputFeatureFlags defines model for InputFeatureFlags. type InputFeatureFlags struct { - EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` - EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` - EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` - IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` - IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` - UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` - UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` + EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` + EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` + EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` + EnableNetworkPoliciesInAccessGraph *bool `json:"enableNetworkPoliciesInAccessGraph,omitempty"` + IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` + IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` + UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` + UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` } // InputServiceFilter Service filter @@ -997,6 +1073,7 @@ type Integration struct { Id string `json:"id"` Name string `json:"name"` OrganizationId string `json:"organizationId"` + SiemSettings *SIEMSettings `json:"siemSettings,omitempty"` SlackSettings *SlackSettings `json:"slackSettings,omitempty"` Status *IntegrationStatus `json:"status,omitempty"` Type IntegrationType `json:"type"` @@ -1016,6 +1093,7 @@ type IntegrationAccessGraphFilter struct { NamespaceIds *[]string `json:"namespaceIds,omitempty"` ServiceFilterType *IntegrationAccessGraphFilterServiceFilterType `json:"serviceFilterType,omitempty"` ServiceIds *[]string `json:"serviceIds,omitempty"` + Targets *[]IntegrationAccessGraphFilterTargets `json:"targets,omitempty"` } // IntegrationAccessGraphFilterClusterFilterType defines model for IntegrationAccessGraphFilter.ClusterFilterType. @@ -1030,6 +1108,9 @@ type IntegrationAccessGraphFilterNamespaceFilterType string // IntegrationAccessGraphFilterServiceFilterType defines model for IntegrationAccessGraphFilter.ServiceFilterType. type IntegrationAccessGraphFilterServiceFilterType string +// IntegrationAccessGraphFilterTargets defines model for IntegrationAccessGraphFilter.Targets. +type IntegrationAccessGraphFilterTargets string + // IntegrationComponents defines model for IntegrationComponents. type IntegrationComponents struct { CredentialsOperator CredentialsOperatorComponent `json:"credentialsOperator"` @@ -1101,7 +1182,8 @@ type Invite struct { Organization struct { Id string `json:"id"` } `json:"organization"` - Status InviteStatus `json:"status"` + OrganizationMembership OrganizationMembership `json:"organizationMembership"` + Status InviteStatus `json:"status"` } // InviteStatus defines model for Invite.Status. @@ -1144,9 +1226,10 @@ type LabelValueTuple struct { // Me defines model for Me. type Me struct { - Invites []Invite `json:"invites"` - Organizations []Organization `json:"organizations"` - User User `json:"user"` + Invites []Invite `json:"invites"` + SelectedOrganizationRestrictionResources *OrganizationMembershipRestrictionResources `json:"selectedOrganizationRestrictionResources,omitempty"` + User User `json:"user"` + UserOrganizations []UserOrganizationAssociation `json:"userOrganizations"` } // MergedYAMLFile defines model for MergedYAMLFile. @@ -1186,6 +1269,15 @@ type NetworkMapperComponent struct { // NetworkMapperComponentType defines model for NetworkMapperComponent.Type. type NetworkMapperComponentType string +// NumericFilterValue defines model for NumericFilterValue. +type NumericFilterValue struct { + Operator NumericFilterValueOperator `json:"operator"` + Value int32 `json:"value"` +} + +// NumericFilterValueOperator defines model for NumericFilterValue.Operator. +type NumericFilterValueOperator string + // Organization defines model for Organization. type Organization struct { Created time.Time `json:"created"` @@ -1196,20 +1288,73 @@ type Organization struct { UniqueName string `json:"uniqueName"` } +// OrganizationMembership defines model for OrganizationMembership. +type OrganizationMembership struct { + OrganizationId string `json:"organizationId"` + Restrictions *OrganizationMembershipRestrictions `json:"restrictions,omitempty"` + Role OrganizationMembershipRole `json:"role"` +} + +// OrganizationMembershipRole defines model for OrganizationMembership.Role. +type OrganizationMembershipRole string + +// OrganizationMembershipInput defines model for OrganizationMembershipInput. +type OrganizationMembershipInput struct { + Restrictions *map[string]interface{} `json:"restrictions,omitempty"` + Role OrganizationMembershipInputRole `json:"role"` +} + +// OrganizationMembershipInputRole defines model for OrganizationMembershipInput.Role. +type OrganizationMembershipInputRole string + +// OrganizationMembershipRestrictionResources defines model for OrganizationMembershipRestrictionResources. +type OrganizationMembershipRestrictionResources struct { + Clusters []struct { + Id string `json:"id"` + } `json:"clusters"` + Environments []struct { + Id string `json:"id"` + } `json:"environments"` + Namespaces []struct { + Id string `json:"id"` + } `json:"namespaces"` + Services []struct { + Id string `json:"id"` + } `json:"services"` +} + +// OrganizationMembershipRestrictions defines model for OrganizationMembershipRestrictions. +type OrganizationMembershipRestrictions struct { + ClusterIds *IDFilterValue `json:"clusterIds,omitempty"` + EnvironmentIds *IDFilterValue `json:"environmentIds,omitempty"` + NamespaceIds *IDFilterValue `json:"namespaceIds,omitempty"` + ServiceIds *IDFilterValue `json:"serviceIds,omitempty"` +} + // OrganizationSettings defines model for OrganizationSettings. type OrganizationSettings struct { - DefaultIntentsApprovalActionByEnv []DefaultIntentsApprovalActionByEnv `json:"defaultIntentsApprovalActionByEnv"` - Domains *[]string `json:"domains,omitempty"` - EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` - IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` + AutoApproveMoreRestrictiveIntentsByEnv []AutoApproveMoreRestrictiveIntentsByEnv `json:"autoApproveMoreRestrictiveIntentsByEnv"` + DefaultIntentsApprovalActionByEnv []DefaultIntentsApprovalActionByEnv `json:"defaultIntentsApprovalActionByEnv"` + DefaultInviteMembership OrganizationMembership `json:"defaultInviteMembership"` + Domains *[]string `json:"domains,omitempty"` + DomainsDefaultRole OrganizationSettingsDomainsDefaultRole `json:"domainsDefaultRole"` + EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` + IgnoreInternetIntents *bool `json:"ignoreInternetIntents,omitempty"` + IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` } +// OrganizationSettingsDomainsDefaultRole defines model for OrganizationSettings.DomainsDefaultRole. +type OrganizationSettingsDomainsDefaultRole string + // OrganizationSettingsInput defines model for OrganizationSettingsInput. type OrganizationSettingsInput struct { - DefaultIntentsApprovalActionByEnv *[]map[string]interface{} `json:"defaultIntentsApprovalActionByEnv,omitempty"` - Domains *[]string `json:"domains,omitempty"` - EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` - IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` + AutoApproveMoreRestrictiveIntentsByEnv *[]map[string]interface{} `json:"autoApproveMoreRestrictiveIntentsByEnv,omitempty"` + DefaultIntentsApprovalActionByEnv *[]map[string]interface{} `json:"defaultIntentsApprovalActionByEnv,omitempty"` + DefaultInviteMembership *map[string]interface{} `json:"defaultInviteMembership,omitempty"` + Domains *[]string `json:"domains,omitempty"` + EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` + IgnoreInternetIntents *bool `json:"ignoreInternetIntents,omitempty"` + IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` } // PaginationInput defines model for PaginationInput. @@ -1223,6 +1368,40 @@ type PaginationMeta struct { Total *int32 `json:"total,omitempty"` } +// SIEMIntegrationTrigger defines model for SIEMIntegrationTrigger. +type SIEMIntegrationTrigger struct { + IsActive bool `json:"isActive"` +} + +// SIEMSettings defines model for SIEMSettings. +type SIEMSettings struct { + FindingTriggers []SIEMTrigger `json:"findingTriggers"` + IntegrationTriggers SIEMIntegrationTrigger `json:"integrationTriggers"` + IsActive bool `json:"isActive"` + ServiceTriggers []SIEMTrigger `json:"serviceTriggers"` + SyslogFacility int32 `json:"syslogFacility"` + SyslogHostname string `json:"syslogHostname"` + SyslogPort int32 `json:"syslogPort"` + TlsConfiguration *TLSConfiguration `json:"tlsConfiguration,omitempty"` +} + +// SIEMSettingsInput defines model for SIEMSettingsInput. +type SIEMSettingsInput struct { + FindingTriggers []map[string]interface{} `json:"findingTriggers"` + IntegrationTriggers map[string]interface{} `json:"integrationTriggers"` + IsActive bool `json:"isActive"` + ServiceTriggers []map[string]interface{} `json:"serviceTriggers"` + SyslogFacility int32 `json:"syslogFacility"` + SyslogHostname string `json:"syslogHostname"` + SyslogPort int32 `json:"syslogPort"` + TlsConfiguration *map[string]interface{} `json:"tlsConfiguration,omitempty"` +} + +// SIEMTrigger defines model for SIEMTrigger. +type SIEMTrigger struct { + Filter IntegrationAccessGraphFilter `json:"filter"` +} + // ServerAlias defines model for ServerAlias. type ServerAlias struct { Kind *string `json:"kind,omitempty"` @@ -1283,9 +1462,12 @@ type Service struct { KafkaServerConfig *KafkaServerConfig `json:"kafkaServerConfig,omitempty"` Name string `json:"name"` Namespace *Namespace `json:"namespace,omitempty"` - ServiceAccount *string `json:"serviceAccount,omitempty"` - Tags *[]string `json:"tags,omitempty"` - WorkloadKind *string `json:"workloadKind,omitempty"` + NetworkPolicies *[]struct { + Id string `json:"id"` + } `json:"networkPolicies,omitempty"` + ServiceAccount *string `json:"serviceAccount,omitempty"` + Tags *[]string `json:"tags,omitempty"` + WorkloadKind *string `json:"workloadKind,omitempty"` } // ServiceAccessGraph defines model for ServiceAccessGraph. @@ -1364,6 +1546,12 @@ type SlackSettingsInput struct { IsActive bool `json:"isActive"` } +// TLSConfiguration defines model for TLSConfiguration. +type TLSConfiguration struct { + CaCertificate *string `json:"caCertificate,omitempty"` + Certificate *string `json:"certificate,omitempty"` +} + // TerraformAwsInlinePolicyInfo defines model for TerraformAwsInlinePolicyInfo. type TerraformAwsInlinePolicyInfo struct { Name string `json:"name"` @@ -1425,6 +1613,15 @@ type User struct { Name string `json:"name"` } +// UserOrganizationAssociation defines model for UserOrganizationAssociation. +type UserOrganizationAssociation struct { + Membership OrganizationMembership `json:"membership"` + Org Organization `json:"org"` + User struct { + Id string `json:"id"` + } `json:"user"` +} + // APPLIEDINTENTSERROR defines model for APPLIED_INTENTS_ERROR. type APPLIEDINTENTSERROR = Error @@ -1443,6 +1640,9 @@ type INTERNALSERVERERROR = Error // NOTFOUND defines model for NOT_FOUND. type NOTFOUND = Error +// TIMEOUT defines model for TIMEOUT. +type TIMEOUT = Error + // UNAUTHENTICATED defines model for UNAUTHENTICATED. type UNAUTHENTICATED = Error @@ -1668,6 +1868,18 @@ type UpdateKubernetesIntegrationMutationJSONBody struct { Name *string `json:"name,omitempty"` } +// CreateSIEMIntegrationMutationJSONBody defines parameters for CreateSIEMIntegrationMutation. +type CreateSIEMIntegrationMutationJSONBody struct { + Name string `json:"name"` + SiemSettings SIEMSettingsInput `json:"siemSettings"` +} + +// UpdateSIEMIntegrationMutationJSONBody defines parameters for UpdateSIEMIntegrationMutation. +type UpdateSIEMIntegrationMutationJSONBody struct { + Name string `json:"name"` + SiemSettings SIEMSettingsInput `json:"siemSettings"` +} + // UpdateSlackIntegrationMutationJSONBody defines parameters for UpdateSlackIntegrationMutation. type UpdateSlackIntegrationMutationJSONBody struct { Id string `json:"id"` @@ -1701,7 +1913,8 @@ type InvitesQueryParamsStatus string // CreateInviteMutationJSONBody defines parameters for CreateInviteMutation. type CreateInviteMutationJSONBody struct { - Email openapi_types.Email `json:"email"` + Email openapi_types.Email `json:"email"` + OrganizationMembership *OrganizationMembershipInput `json:"organizationMembership,omitempty"` } // AcceptInviteMutationJSONBody defines parameters for AcceptInviteMutation. @@ -1860,6 +2073,12 @@ type CreateKubernetesIntegrationMutationJSONRequestBody CreateKubernetesIntegrat // UpdateKubernetesIntegrationMutationJSONRequestBody defines body for UpdateKubernetesIntegrationMutation for application/json ContentType. type UpdateKubernetesIntegrationMutationJSONRequestBody UpdateKubernetesIntegrationMutationJSONBody +// CreateSIEMIntegrationMutationJSONRequestBody defines body for CreateSIEMIntegrationMutation for application/json ContentType. +type CreateSIEMIntegrationMutationJSONRequestBody CreateSIEMIntegrationMutationJSONBody + +// UpdateSIEMIntegrationMutationJSONRequestBody defines body for UpdateSIEMIntegrationMutation for application/json ContentType. +type UpdateSIEMIntegrationMutationJSONRequestBody UpdateSIEMIntegrationMutationJSONBody + // UpdateSlackIntegrationMutationJSONRequestBody defines body for UpdateSlackIntegrationMutation for application/json ContentType. type UpdateSlackIntegrationMutationJSONRequestBody UpdateSlackIntegrationMutationJSONBody @@ -2131,6 +2350,16 @@ type ClientInterface interface { UpdateKubernetesIntegrationMutation(ctx context.Context, id string, body UpdateKubernetesIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // CreateSIEMIntegrationMutation request with any body + CreateSIEMIntegrationMutationWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + CreateSIEMIntegrationMutation(ctx context.Context, body CreateSIEMIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + + // UpdateSIEMIntegrationMutation request with any body + UpdateSIEMIntegrationMutationWithBody(ctx context.Context, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + UpdateSIEMIntegrationMutation(ctx context.Context, id string, body UpdateSIEMIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // UpdateSlackIntegrationMutation request with any body UpdateSlackIntegrationMutationWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) @@ -2186,6 +2415,9 @@ type ClientInterface interface { AssociateNamespaceToEnvMutation(ctx context.Context, id string, body AssociateNamespaceToEnvMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // OrgUsersQuery request + OrgUsersQuery(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) + // OrganizationsQuery request OrganizationsQuery(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) @@ -3032,6 +3264,54 @@ func (c *Client) UpdateKubernetesIntegrationMutation(ctx context.Context, id str return c.Client.Do(req) } +func (c *Client) CreateSIEMIntegrationMutationWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateSIEMIntegrationMutationRequestWithBody(c.Server, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) CreateSIEMIntegrationMutation(ctx context.Context, body CreateSIEMIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateSIEMIntegrationMutationRequest(c.Server, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) UpdateSIEMIntegrationMutationWithBody(ctx context.Context, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewUpdateSIEMIntegrationMutationRequestWithBody(c.Server, id, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) UpdateSIEMIntegrationMutation(ctx context.Context, id string, body UpdateSIEMIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewUpdateSIEMIntegrationMutationRequest(c.Server, id, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + func (c *Client) UpdateSlackIntegrationMutationWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { req, err := NewUpdateSlackIntegrationMutationRequestWithBody(c.Server, contentType, body) if err != nil { @@ -3272,6 +3552,18 @@ func (c *Client) AssociateNamespaceToEnvMutation(ctx context.Context, id string, return c.Client.Do(req) } +func (c *Client) OrgUsersQuery(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewOrgUsersQueryRequest(c.Server) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + func (c *Client) OrganizationsQuery(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) { req, err := NewOrganizationsQueryRequest(c.Server) if err != nil { @@ -5236,6 +5528,93 @@ func NewUpdateKubernetesIntegrationMutationRequestWithBody(server string, id str return req, nil } +// NewCreateSIEMIntegrationMutationRequest calls the generic CreateSIEMIntegrationMutation builder with application/json body +func NewCreateSIEMIntegrationMutationRequest(server string, body CreateSIEMIntegrationMutationJSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewCreateSIEMIntegrationMutationRequestWithBody(server, "application/json", bodyReader) +} + +// NewCreateSIEMIntegrationMutationRequestWithBody generates requests for CreateSIEMIntegrationMutation with any type of body +func NewCreateSIEMIntegrationMutationRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/integrations/siem") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("POST", queryURL.String(), body) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", contentType) + + return req, nil +} + +// NewUpdateSIEMIntegrationMutationRequest calls the generic UpdateSIEMIntegrationMutation builder with application/json body +func NewUpdateSIEMIntegrationMutationRequest(server string, id string, body UpdateSIEMIntegrationMutationJSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewUpdateSIEMIntegrationMutationRequestWithBody(server, id, "application/json", bodyReader) +} + +// NewUpdateSIEMIntegrationMutationRequestWithBody generates requests for UpdateSIEMIntegrationMutation with any type of body +func NewUpdateSIEMIntegrationMutationRequestWithBody(server string, id string, contentType string, body io.Reader) (*http.Request, error) { + var err error + + var pathParam0 string + + pathParam0, err = runtime.StyleParamWithLocation("simple", false, "id", runtime.ParamLocationPath, id) + if err != nil { + return nil, err + } + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/integrations/siem/%s", pathParam0) + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("PATCH", queryURL.String(), body) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", contentType) + + return req, nil +} + // NewUpdateSlackIntegrationMutationRequest calls the generic UpdateSlackIntegrationMutation builder with application/json body func NewUpdateSlackIntegrationMutationRequest(server string, body UpdateSlackIntegrationMutationJSONRequestBody) (*http.Request, error) { var bodyReader io.Reader @@ -5947,6 +6326,33 @@ func NewAssociateNamespaceToEnvMutationRequestWithBody(server string, id string, return req, nil } +// NewOrgUsersQueryRequest generates requests for OrgUsersQuery +func NewOrgUsersQueryRequest(server string) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/org-users") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("GET", queryURL.String(), nil) + if err != nil { + return nil, err + } + + return req, nil +} + // NewOrganizationsQueryRequest generates requests for OrganizationsQuery func NewOrganizationsQueryRequest(server string) (*http.Request, error) { var err error @@ -6895,6 +7301,16 @@ type ClientWithResponsesInterface interface { UpdateKubernetesIntegrationMutationWithResponse(ctx context.Context, id string, body UpdateKubernetesIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateKubernetesIntegrationMutationResponse, error) + // CreateSIEMIntegrationMutation request with any body + CreateSIEMIntegrationMutationWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateSIEMIntegrationMutationResponse, error) + + CreateSIEMIntegrationMutationWithResponse(ctx context.Context, body CreateSIEMIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateSIEMIntegrationMutationResponse, error) + + // UpdateSIEMIntegrationMutation request with any body + UpdateSIEMIntegrationMutationWithBodyWithResponse(ctx context.Context, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateSIEMIntegrationMutationResponse, error) + + UpdateSIEMIntegrationMutationWithResponse(ctx context.Context, id string, body UpdateSIEMIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateSIEMIntegrationMutationResponse, error) + // UpdateSlackIntegrationMutation request with any body UpdateSlackIntegrationMutationWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateSlackIntegrationMutationResponse, error) @@ -6950,6 +7366,9 @@ type ClientWithResponsesInterface interface { AssociateNamespaceToEnvMutationWithResponse(ctx context.Context, id string, body AssociateNamespaceToEnvMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*AssociateNamespaceToEnvMutationResponse, error) + // OrgUsersQuery request + OrgUsersQueryWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*OrgUsersQueryResponse, error) + // OrganizationsQuery request OrganizationsQueryWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*OrganizationsQueryResponse, error) @@ -7012,6 +7431,7 @@ type AccessGraphQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7042,6 +7462,7 @@ type ClientIntentsQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7072,6 +7493,7 @@ type ServiceClientIntentsQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7102,6 +7524,7 @@ type ServiceIncomingInternetConnectionsQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7132,6 +7555,7 @@ type AccessLogQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7162,6 +7586,7 @@ type OneClusterQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7192,6 +7617,7 @@ type ClustersQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7222,6 +7648,7 @@ type CreateClusterMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7252,6 +7679,7 @@ type DeleteClusterMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7282,6 +7710,7 @@ type ClusterQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7312,6 +7741,7 @@ type UpdateClusterMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7342,6 +7772,7 @@ type OneEnvironmentQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7372,6 +7803,7 @@ type EnvironmentsQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7402,6 +7834,7 @@ type CreateEnvironmentMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7432,6 +7865,7 @@ type DeleteEnvironmentMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7462,6 +7896,7 @@ type EnvironmentQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7492,6 +7927,7 @@ type UpdateEnvironmentMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7522,6 +7958,7 @@ type AddEnvironmentLabelMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7552,6 +7989,7 @@ type DeleteEnvironmentLabelMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7582,6 +8020,7 @@ type OneIntegrationQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7612,6 +8051,7 @@ type IntegrationsQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7642,6 +8082,7 @@ type UpdateAWSIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7672,6 +8113,7 @@ type CreateAWSIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7702,6 +8144,7 @@ type UpdateAwsVisibilityIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7732,6 +8175,7 @@ type CreateAwsVisibilityIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7762,6 +8206,7 @@ type UpdateAzureIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7792,6 +8237,7 @@ type CreateAzureIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7822,6 +8268,7 @@ type CreateDatabaseIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7852,6 +8299,7 @@ type UpdateDatabaseIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7882,6 +8330,7 @@ type UpdateGCPIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7912,6 +8361,7 @@ type CreateGCPIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7942,6 +8392,7 @@ type CreateGenericIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -7972,6 +8423,7 @@ type UpdateGenericIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8002,6 +8454,7 @@ type UpdateGitHubIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8032,6 +8485,7 @@ type CreateGitHubIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8062,6 +8516,7 @@ type UpdateGitLabIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8092,6 +8547,7 @@ type CreateGitLabIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8122,6 +8578,7 @@ type CreateKubernetesIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8152,6 +8609,7 @@ type UpdateKubernetesIntegrationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8174,14 +8632,15 @@ func (r UpdateKubernetesIntegrationMutationResponse) StatusCode() int { return 0 } -type UpdateSlackIntegrationMutationResponse struct { +type CreateSIEMIntegrationMutationResponse struct { Body []byte HTTPResponse *http.Response - JSON200 *Integration + JSON200 *CreateSIEMIntegrationResponse JSON400 *Error JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8189,7 +8648,7 @@ type UpdateSlackIntegrationMutationResponse struct { } // Status returns HTTPResponse.Status -func (r UpdateSlackIntegrationMutationResponse) Status() string { +func (r CreateSIEMIntegrationMutationResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -8197,21 +8656,22 @@ func (r UpdateSlackIntegrationMutationResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r UpdateSlackIntegrationMutationResponse) StatusCode() int { +func (r CreateSIEMIntegrationMutationResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type CreateSlackIntegrationMutationResponse struct { +type UpdateSIEMIntegrationMutationResponse struct { Body []byte HTTPResponse *http.Response - JSON200 *CreateSlackIntegrationResponse + JSON200 *Integration JSON400 *Error JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8219,7 +8679,7 @@ type CreateSlackIntegrationMutationResponse struct { } // Status returns HTTPResponse.Status -func (r CreateSlackIntegrationMutationResponse) Status() string { +func (r UpdateSIEMIntegrationMutationResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -8227,21 +8687,22 @@ func (r CreateSlackIntegrationMutationResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r CreateSlackIntegrationMutationResponse) StatusCode() int { +func (r UpdateSIEMIntegrationMutationResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type DeleteIntegrationMutationResponse struct { +type UpdateSlackIntegrationMutationResponse struct { Body []byte HTTPResponse *http.Response - JSON200 *string + JSON200 *Integration JSON400 *Error JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8249,7 +8710,7 @@ type DeleteIntegrationMutationResponse struct { } // Status returns HTTPResponse.Status -func (r DeleteIntegrationMutationResponse) Status() string { +func (r UpdateSlackIntegrationMutationResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -8257,21 +8718,22 @@ func (r DeleteIntegrationMutationResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r DeleteIntegrationMutationResponse) StatusCode() int { +func (r UpdateSlackIntegrationMutationResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type IntegrationQueryResponse struct { +type CreateSlackIntegrationMutationResponse struct { Body []byte HTTPResponse *http.Response - JSON200 *Integration + JSON200 *CreateSlackIntegrationResponse JSON400 *Error JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8279,7 +8741,7 @@ type IntegrationQueryResponse struct { } // Status returns HTTPResponse.Status -func (r IntegrationQueryResponse) Status() string { +func (r CreateSlackIntegrationMutationResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -8287,14 +8749,76 @@ func (r IntegrationQueryResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r IntegrationQueryResponse) StatusCode() int { +func (r CreateSlackIntegrationMutationResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type OneInviteQueryResponse struct { +type DeleteIntegrationMutationResponse struct { + Body []byte + HTTPResponse *http.Response + JSON200 *string + JSON400 *Error + JSON401 *Error + JSON403 *Error + JSON404 *Error + JSON408 *Error + JSON409 *Error + JSON422 *Error + JSON500 *Error + JSONDefault *Error +} + +// Status returns HTTPResponse.Status +func (r DeleteIntegrationMutationResponse) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r DeleteIntegrationMutationResponse) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + +type IntegrationQueryResponse struct { + Body []byte + HTTPResponse *http.Response + JSON200 *Integration + JSON400 *Error + JSON401 *Error + JSON403 *Error + JSON404 *Error + JSON408 *Error + JSON409 *Error + JSON422 *Error + JSON500 *Error + JSONDefault *Error +} + +// Status returns HTTPResponse.Status +func (r IntegrationQueryResponse) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r IntegrationQueryResponse) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + +type OneInviteQueryResponse struct { Body []byte HTTPResponse *http.Response JSON200 *Invite @@ -8302,6 +8826,7 @@ type OneInviteQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8332,6 +8857,7 @@ type InvitesQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8362,6 +8888,7 @@ type CreateInviteMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8392,6 +8919,7 @@ type DeleteInviteMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8422,6 +8950,7 @@ type InviteQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8452,6 +8981,7 @@ type AcceptInviteMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8482,6 +9012,7 @@ type MeQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8512,6 +9043,7 @@ type OneNamespaceQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8542,6 +9074,7 @@ type NamespacesQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8572,6 +9105,7 @@ type NamespaceQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8602,6 +9136,7 @@ type AssociateNamespaceToEnvMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8624,6 +9159,37 @@ func (r AssociateNamespaceToEnvMutationResponse) StatusCode() int { return 0 } +type OrgUsersQueryResponse struct { + Body []byte + HTTPResponse *http.Response + JSON200 *[]UserOrganizationAssociation + JSON400 *Error + JSON401 *Error + JSON403 *Error + JSON404 *Error + JSON408 *Error + JSON409 *Error + JSON422 *Error + JSON500 *Error + JSONDefault *Error +} + +// Status returns HTTPResponse.Status +func (r OrgUsersQueryResponse) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r OrgUsersQueryResponse) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + type OrganizationsQueryResponse struct { Body []byte HTTPResponse *http.Response @@ -8632,6 +9198,7 @@ type OrganizationsQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8662,6 +9229,7 @@ type CreateOrganizationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8692,6 +9260,7 @@ type OrganizationQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8722,6 +9291,7 @@ type UpdateOrganizationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8752,6 +9322,7 @@ type RemoveUserFromOrganizationMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8782,6 +9353,7 @@ type PaginateServicesQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8812,6 +9384,7 @@ type PingQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8842,6 +9415,7 @@ type OneServiceQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8872,6 +9446,7 @@ type ServicesQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8902,6 +9477,7 @@ type ServiceQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8932,6 +9508,7 @@ type UpdateServiceMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8962,6 +9539,7 @@ type TerraformResourceByIdentityQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -8992,6 +9570,7 @@ type ReportTerraformResourcesMutationResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -9022,6 +9601,7 @@ type UsersQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -9052,6 +9632,7 @@ type UserQueryResponse struct { JSON401 *Error JSON403 *Error JSON404 *Error + JSON408 *Error JSON409 *Error JSON422 *Error JSON500 *Error @@ -9641,6 +10222,40 @@ func (c *ClientWithResponses) UpdateKubernetesIntegrationMutationWithResponse(ct return ParseUpdateKubernetesIntegrationMutationResponse(rsp) } +// CreateSIEMIntegrationMutationWithBodyWithResponse request with arbitrary body returning *CreateSIEMIntegrationMutationResponse +func (c *ClientWithResponses) CreateSIEMIntegrationMutationWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateSIEMIntegrationMutationResponse, error) { + rsp, err := c.CreateSIEMIntegrationMutationWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateSIEMIntegrationMutationResponse(rsp) +} + +func (c *ClientWithResponses) CreateSIEMIntegrationMutationWithResponse(ctx context.Context, body CreateSIEMIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateSIEMIntegrationMutationResponse, error) { + rsp, err := c.CreateSIEMIntegrationMutation(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateSIEMIntegrationMutationResponse(rsp) +} + +// UpdateSIEMIntegrationMutationWithBodyWithResponse request with arbitrary body returning *UpdateSIEMIntegrationMutationResponse +func (c *ClientWithResponses) UpdateSIEMIntegrationMutationWithBodyWithResponse(ctx context.Context, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateSIEMIntegrationMutationResponse, error) { + rsp, err := c.UpdateSIEMIntegrationMutationWithBody(ctx, id, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseUpdateSIEMIntegrationMutationResponse(rsp) +} + +func (c *ClientWithResponses) UpdateSIEMIntegrationMutationWithResponse(ctx context.Context, id string, body UpdateSIEMIntegrationMutationJSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateSIEMIntegrationMutationResponse, error) { + rsp, err := c.UpdateSIEMIntegrationMutation(ctx, id, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseUpdateSIEMIntegrationMutationResponse(rsp) +} + // UpdateSlackIntegrationMutationWithBodyWithResponse request with arbitrary body returning *UpdateSlackIntegrationMutationResponse func (c *ClientWithResponses) UpdateSlackIntegrationMutationWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateSlackIntegrationMutationResponse, error) { rsp, err := c.UpdateSlackIntegrationMutationWithBody(ctx, contentType, body, reqEditors...) @@ -9816,6 +10431,15 @@ func (c *ClientWithResponses) AssociateNamespaceToEnvMutationWithResponse(ctx co return ParseAssociateNamespaceToEnvMutationResponse(rsp) } +// OrgUsersQueryWithResponse request returning *OrgUsersQueryResponse +func (c *ClientWithResponses) OrgUsersQueryWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*OrgUsersQueryResponse, error) { + rsp, err := c.OrgUsersQuery(ctx, reqEditors...) + if err != nil { + return nil, err + } + return ParseOrgUsersQueryResponse(rsp) +} + // OrganizationsQueryWithResponse request returning *OrganizationsQueryResponse func (c *ClientWithResponses) OrganizationsQueryWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*OrganizationsQueryResponse, error) { rsp, err := c.OrganizationsQuery(ctx, reqEditors...) @@ -10032,6 +10656,13 @@ func ParseAccessGraphQueryResponse(rsp *http.Response) (*AccessGraphQueryRespons } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10114,6 +10745,13 @@ func ParseClientIntentsQueryResponse(rsp *http.Response) (*ClientIntentsQueryRes } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10196,6 +10834,13 @@ func ParseServiceClientIntentsQueryResponse(rsp *http.Response) (*ServiceClientI } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10278,6 +10923,13 @@ func ParseServiceIncomingInternetConnectionsQueryResponse(rsp *http.Response) (* } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10360,6 +11012,13 @@ func ParseAccessLogQueryResponse(rsp *http.Response) (*AccessLogQueryResponse, e } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10442,6 +11101,13 @@ func ParseOneClusterQueryResponse(rsp *http.Response) (*OneClusterQueryResponse, } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10524,6 +11190,13 @@ func ParseClustersQueryResponse(rsp *http.Response) (*ClustersQueryResponse, err } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10606,6 +11279,13 @@ func ParseCreateClusterMutationResponse(rsp *http.Response) (*CreateClusterMutat } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10688,6 +11368,13 @@ func ParseDeleteClusterMutationResponse(rsp *http.Response) (*DeleteClusterMutat } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10770,6 +11457,13 @@ func ParseClusterQueryResponse(rsp *http.Response) (*ClusterQueryResponse, error } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10852,6 +11546,13 @@ func ParseUpdateClusterMutationResponse(rsp *http.Response) (*UpdateClusterMutat } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -10934,6 +11635,13 @@ func ParseOneEnvironmentQueryResponse(rsp *http.Response) (*OneEnvironmentQueryR } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11016,6 +11724,13 @@ func ParseEnvironmentsQueryResponse(rsp *http.Response) (*EnvironmentsQueryRespo } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11098,6 +11813,13 @@ func ParseCreateEnvironmentMutationResponse(rsp *http.Response) (*CreateEnvironm } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11180,6 +11902,13 @@ func ParseDeleteEnvironmentMutationResponse(rsp *http.Response) (*DeleteEnvironm } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11262,6 +11991,13 @@ func ParseEnvironmentQueryResponse(rsp *http.Response) (*EnvironmentQueryRespons } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11344,6 +12080,13 @@ func ParseUpdateEnvironmentMutationResponse(rsp *http.Response) (*UpdateEnvironm } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11426,6 +12169,13 @@ func ParseAddEnvironmentLabelMutationResponse(rsp *http.Response) (*AddEnvironme } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11508,6 +12258,13 @@ func ParseDeleteEnvironmentLabelMutationResponse(rsp *http.Response) (*DeleteEnv } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11590,6 +12347,13 @@ func ParseOneIntegrationQueryResponse(rsp *http.Response) (*OneIntegrationQueryR } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11672,6 +12436,13 @@ func ParseIntegrationsQueryResponse(rsp *http.Response) (*IntegrationsQueryRespo } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11754,6 +12525,13 @@ func ParseUpdateAWSIntegrationMutationResponse(rsp *http.Response) (*UpdateAWSIn } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11836,6 +12614,13 @@ func ParseCreateAWSIntegrationMutationResponse(rsp *http.Response) (*CreateAWSIn } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -11918,6 +12703,13 @@ func ParseUpdateAwsVisibilityIntegrationMutationResponse(rsp *http.Response) (*U } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12000,6 +12792,13 @@ func ParseCreateAwsVisibilityIntegrationMutationResponse(rsp *http.Response) (*C } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12082,6 +12881,13 @@ func ParseUpdateAzureIntegrationMutationResponse(rsp *http.Response) (*UpdateAzu } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12164,6 +12970,13 @@ func ParseCreateAzureIntegrationMutationResponse(rsp *http.Response) (*CreateAzu } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12246,6 +13059,13 @@ func ParseCreateDatabaseIntegrationMutationResponse(rsp *http.Response) (*Create } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12328,6 +13148,13 @@ func ParseUpdateDatabaseIntegrationMutationResponse(rsp *http.Response) (*Update } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12410,6 +13237,13 @@ func ParseUpdateGCPIntegrationMutationResponse(rsp *http.Response) (*UpdateGCPIn } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12492,6 +13326,13 @@ func ParseCreateGCPIntegrationMutationResponse(rsp *http.Response) (*CreateGCPIn } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12574,6 +13415,13 @@ func ParseCreateGenericIntegrationMutationResponse(rsp *http.Response) (*CreateG } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12656,6 +13504,13 @@ func ParseUpdateGenericIntegrationMutationResponse(rsp *http.Response) (*UpdateG } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12738,6 +13593,13 @@ func ParseUpdateGitHubIntegrationMutationResponse(rsp *http.Response) (*UpdateGi } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12820,6 +13682,13 @@ func ParseCreateGitHubIntegrationMutationResponse(rsp *http.Response) (*CreateGi } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12902,6 +13771,13 @@ func ParseUpdateGitLabIntegrationMutationResponse(rsp *http.Response) (*UpdateGi } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -12984,6 +13860,13 @@ func ParseCreateGitLabIntegrationMutationResponse(rsp *http.Response) (*CreateGi } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13066,6 +13949,13 @@ func ParseCreateKubernetesIntegrationMutationResponse(rsp *http.Response) (*Crea } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13148,6 +14038,191 @@ func ParseUpdateKubernetesIntegrationMutationResponse(rsp *http.Response) (*Upda } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON409 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && true: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSONDefault = &dest + + } + + return response, nil +} + +// ParseCreateSIEMIntegrationMutationResponse parses an HTTP response from a CreateSIEMIntegrationMutationWithResponse call +func ParseCreateSIEMIntegrationMutationResponse(rsp *http.Response) (*CreateSIEMIntegrationMutationResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &CreateSIEMIntegrationMutationResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest CreateSIEMIntegrationResponse + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON409 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && true: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSONDefault = &dest + + } + + return response, nil +} + +// ParseUpdateSIEMIntegrationMutationResponse parses an HTTP response from a UpdateSIEMIntegrationMutationWithResponse call +func ParseUpdateSIEMIntegrationMutationResponse(rsp *http.Response) (*UpdateSIEMIntegrationMutationResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &UpdateSIEMIntegrationMutationResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest Integration + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13230,6 +14305,13 @@ func ParseUpdateSlackIntegrationMutationResponse(rsp *http.Response) (*UpdateSla } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13312,6 +14394,13 @@ func ParseCreateSlackIntegrationMutationResponse(rsp *http.Response) (*CreateSla } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13394,6 +14483,13 @@ func ParseDeleteIntegrationMutationResponse(rsp *http.Response) (*DeleteIntegrat } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13476,6 +14572,13 @@ func ParseIntegrationQueryResponse(rsp *http.Response) (*IntegrationQueryRespons } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13558,6 +14661,13 @@ func ParseOneInviteQueryResponse(rsp *http.Response) (*OneInviteQueryResponse, e } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13640,6 +14750,13 @@ func ParseInvitesQueryResponse(rsp *http.Response) (*InvitesQueryResponse, error } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13722,6 +14839,13 @@ func ParseCreateInviteMutationResponse(rsp *http.Response) (*CreateInviteMutatio } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13804,6 +14928,13 @@ func ParseDeleteInviteMutationResponse(rsp *http.Response) (*DeleteInviteMutatio } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13886,6 +15017,13 @@ func ParseInviteQueryResponse(rsp *http.Response) (*InviteQueryResponse, error) } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -13968,6 +15106,13 @@ func ParseAcceptInviteMutationResponse(rsp *http.Response) (*AcceptInviteMutatio } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14050,6 +15195,13 @@ func ParseMeQueryResponse(rsp *http.Response) (*MeQueryResponse, error) { } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14132,6 +15284,13 @@ func ParseOneNamespaceQueryResponse(rsp *http.Response) (*OneNamespaceQueryRespo } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14214,6 +15373,13 @@ func ParseNamespacesQueryResponse(rsp *http.Response) (*NamespacesQueryResponse, } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14296,6 +15462,13 @@ func ParseNamespaceQueryResponse(rsp *http.Response) (*NamespaceQueryResponse, e } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14378,6 +15551,102 @@ func ParseAssociateNamespaceToEnvMutationResponse(rsp *http.Response) (*Associat } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON409 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && true: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSONDefault = &dest + + } + + return response, nil +} + +// ParseOrgUsersQueryResponse parses an HTTP response from a OrgUsersQueryWithResponse call +func ParseOrgUsersQueryResponse(rsp *http.Response) (*OrgUsersQueryResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &OrgUsersQueryResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest []UserOrganizationAssociation + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14460,6 +15729,13 @@ func ParseOrganizationsQueryResponse(rsp *http.Response) (*OrganizationsQueryRes } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14542,6 +15818,13 @@ func ParseCreateOrganizationMutationResponse(rsp *http.Response) (*CreateOrganiz } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14624,6 +15907,13 @@ func ParseOrganizationQueryResponse(rsp *http.Response) (*OrganizationQueryRespo } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14706,6 +15996,13 @@ func ParseUpdateOrganizationMutationResponse(rsp *http.Response) (*UpdateOrganiz } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14788,6 +16085,13 @@ func ParseRemoveUserFromOrganizationMutationResponse(rsp *http.Response) (*Remov } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14870,6 +16174,13 @@ func ParsePaginateServicesQueryResponse(rsp *http.Response) (*PaginateServicesQu } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -14952,6 +16263,13 @@ func ParsePingQueryResponse(rsp *http.Response) (*PingQueryResponse, error) { } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -15034,6 +16352,13 @@ func ParseOneServiceQueryResponse(rsp *http.Response) (*OneServiceQueryResponse, } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -15116,6 +16441,13 @@ func ParseServicesQueryResponse(rsp *http.Response) (*ServicesQueryResponse, err } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -15198,6 +16530,13 @@ func ParseServiceQueryResponse(rsp *http.Response) (*ServiceQueryResponse, error } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -15280,6 +16619,13 @@ func ParseUpdateServiceMutationResponse(rsp *http.Response) (*UpdateServiceMutat } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -15362,6 +16708,13 @@ func ParseTerraformResourceByIdentityQueryResponse(rsp *http.Response) (*Terrafo } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -15444,6 +16797,13 @@ func ParseReportTerraformResourcesMutationResponse(rsp *http.Response) (*ReportT } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -15526,6 +16886,13 @@ func ParseUsersQueryResponse(rsp *http.Response) (*UsersQueryResponse, error) { } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { @@ -15608,6 +16975,13 @@ func ParseUserQueryResponse(rsp *http.Response) (*UserQueryResponse, error) { } response.JSON404 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 408: + var dest Error + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON408 = &dest + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 409: var dest Error if err := json.Unmarshal(bodyBytes, &dest); err != nil { diff --git a/src/pkg/cloudclient/restapi/cloudapi/openapi.json b/src/pkg/cloudclient/restapi/cloudapi/openapi.json index 8fdd9ab7..3f9d9e42 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/openapi.json +++ b/src/pkg/cloudclient/restapi/cloudapi/openapi.json @@ -71,6 +71,16 @@ }, "description": "Not Found" }, + "TIMEOUT": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + }, + "description": "Request Timeout" + }, "UNAUTHENTICATED": { "content": { "application/json": { @@ -407,6 +417,9 @@ "featureFlags": { "$ref": "#/components/schemas/FeatureFlags" }, + "hits": { + "$ref": "#/components/schemas/NumericFilterValue" + }, "includeOnlyClientsMatchingFilter": { "type": "boolean" }, @@ -545,6 +558,21 @@ ], "type": "object" }, + "AutoApproveMoreRestrictiveIntentsByEnv": { + "properties": { + "enabled": { + "type": "boolean" + }, + "environmentId": { + "type": "string" + } + }, + "required": [ + "environmentId", + "enabled" + ], + "type": "object" + }, "AzureInfo": { "properties": { "aksClusterName": { @@ -665,7 +693,9 @@ "ZERO_TRUST_DEFAULT_DENY", "ZERO_TRUST_EGRESS_ACCESS_COVERED", "ZERO_TRUST_EXTERNAL_INGRESS_TAGGED", - "ZERO_TRUST_ALL_INTRA_CLUSTER_ACCESS_COVERED" + "ZERO_TRUST_ALL_INTRA_CLUSTER_ACCESS_COVERED", + "THREAT_INTELLIGENCE", + "THREAT_INTELLIGENCE_KNOWN_IOCS" ], "type": "string" }, @@ -677,7 +707,8 @@ "PCI_4_0", "PII", "HIPAA", - "ZERO_TRUST" + "ZERO_TRUST", + "THREAT_INTELLIGENCE" ], "type": "string" } @@ -1195,6 +1226,25 @@ ], "type": "object" }, + "CreateSIEMIntegrationResponse": { + "properties": { + "integration": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + }, + "required": [ + "integration" + ], + "type": "object" + }, "CreateSlackIntegrationResponse": { "properties": { "integration": { @@ -1391,6 +1441,8 @@ "ALLOWED_BY_APPLIED_INTENTS_KAFKA_OVERLY_PERMISSIVE", "ALLOWED_BY_APPLIED_INTENTS_DATABASE_OVERLY_PERMISSIVE", "ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY", + "ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY", + "ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY", "WOULD_BE_ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY", "BLOCKED_BY_APPLIED_INTENTS_UNDER_PERMISSIVE", "BLOCKED_BY_APPLIED_INTENTS_RESOURCE_MISMATCH", @@ -1402,6 +1454,8 @@ "BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE", "BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH", "BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS", + "BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY", + "BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY", "BLOCKED_BY_DEFAULT_DENY", "SHARED_SERVICE_ACCOUNT", "CLIENT_ISTIO_SIDECAR_MISSING", @@ -1420,7 +1474,9 @@ "INTERNET_INTENTS_ENFORCEMENT_DISABLED", "BLOCKED_BY_DEFAULT_DENY_MISSING_EXTERNAL_TRAFFIC_POLICY", "BLOCKED_BY_APPLIED_INTENTS_MISSING_EXTERNAL_TRAFFIC_POLICY", - "ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY" + "ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY", + "ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY", + "WOULD_BE_ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY" ], "type": "string" }, @@ -1433,6 +1489,8 @@ "ALLOWED_BY_APPLIED_INTENTS_KAFKA_OVERLY_PERMISSIVE", "ALLOWED_BY_APPLIED_INTENTS_DATABASE_OVERLY_PERMISSIVE", "ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY", + "ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY", + "ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY", "WOULD_BE_ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY", "BLOCKED_BY_APPLIED_INTENTS_UNDER_PERMISSIVE", "BLOCKED_BY_APPLIED_INTENTS_RESOURCE_MISMATCH", @@ -1444,6 +1502,8 @@ "BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE", "BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH", "BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS", + "BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY", + "BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY", "BLOCKED_BY_DEFAULT_DENY", "SHARED_SERVICE_ACCOUNT", "CLIENT_ISTIO_SIDECAR_MISSING", @@ -1462,7 +1522,9 @@ "INTERNET_INTENTS_ENFORCEMENT_DISABLED", "BLOCKED_BY_DEFAULT_DENY_MISSING_EXTERNAL_TRAFFIC_POLICY", "BLOCKED_BY_APPLIED_INTENTS_MISSING_EXTERNAL_TRAFFIC_POLICY", - "ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY" + "ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY", + "ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY", + "WOULD_BE_ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY" ], "type": "string" }, @@ -1609,6 +1671,9 @@ "enableInternetIntentsSuggestions": { "type": "boolean" }, + "enableNetworkPoliciesInAccessGraph": { + "type": "boolean" + }, "isCloudSecurityEnabled": { "type": "boolean" }, @@ -1763,8 +1828,7 @@ "required": [ "repository", "baseBranch", - "intentsPath", - "terraformPath" + "intentsPath" ], "type": "object" }, @@ -1786,8 +1850,7 @@ "required": [ "repository", "baseBranch", - "intentsPath", - "terraformPath" + "intentsPath" ], "type": "object" }, @@ -1901,8 +1964,7 @@ "required": [ "projectPath", "baseBranch", - "intentsPath", - "terraformPath" + "intentsPath" ], "type": "object" }, @@ -1998,6 +2060,9 @@ "featureFlags": { "type": "object" }, + "hits": { + "type": "object" + }, "includeOnlyClientsMatchingFilter": { "type": "boolean" }, @@ -2046,6 +2111,21 @@ }, "type": "object" }, + "InputAutoApproveMoreRestrictiveIntentsByEnv": { + "properties": { + "enabled": { + "type": "boolean" + }, + "environmentId": { + "type": "string" + } + }, + "required": [ + "environmentId", + "enabled" + ], + "type": "object" + }, "InputDefaultIntentsApprovalActionByEnv": { "properties": { "action": { @@ -2077,6 +2157,9 @@ "enableInternetIntentsSuggestions": { "type": "boolean" }, + "enableNetworkPoliciesInAccessGraph": { + "type": "boolean" + }, "isCloudSecurityEnabled": { "type": "boolean" }, @@ -2174,8 +2257,49 @@ "type": "string" }, "type": "array" + }, + "targets": { + "items": { + "enum": [ + "KUBERNETES", + "HTTP", + "KAFKA", + "DATABASE", + "AWS", + "GCP", + "AZURE", + "S3", + "INTERNET" + ], + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "InputNumericFilterValue": { + "properties": { + "operator": { + "enum": [ + "EQUAL", + "NOT_EQUAL", + "GREATER_THAN", + "GREATER_THAN_OR_EQUAL", + "LESS_THAN", + "LESS_THAN_OR_EQUAL" + ], + "type": "string" + }, + "value": { + "format": "int32", + "type": "integer" } }, + "required": [ + "value", + "operator" + ], "type": "object" }, "InputServiceFilter": { @@ -2385,6 +2509,9 @@ "organizationId": { "type": "string" }, + "siemSettings": { + "$ref": "#/components/schemas/SIEMSettings" + }, "slackSettings": { "$ref": "#/components/schemas/SlackSettings" }, @@ -2402,7 +2529,8 @@ "GITLAB", "AZURE", "SLACK", - "AWS_VISIBILITY" + "AWS_VISIBILITY", + "SIEM" ], "type": "string" } @@ -2473,6 +2601,23 @@ "type": "string" }, "type": "array" + }, + "targets": { + "items": { + "enum": [ + "KUBERNETES", + "HTTP", + "KAFKA", + "DATABASE", + "AWS", + "GCP", + "AZURE", + "S3", + "INTERNET" + ], + "type": "string" + }, + "type": "array" } }, "type": "object" @@ -2651,6 +2796,7 @@ }, "type": { "enum": [ + "KUBERNETES", "HTTP", "KAFKA", "DATABASE", @@ -2856,6 +3002,9 @@ ], "type": "object" }, + "organizationMembership": { + "$ref": "#/components/schemas/OrganizationMembership" + }, "status": { "enum": [ "PENDING", @@ -2868,6 +3017,7 @@ "id", "email", "organization", + "organizationMembership", "inviter", "created", "status" @@ -2971,9 +3121,6 @@ "type": "string" }, "value": { - "example": "label value", - "format": "non-empty", - "pattern": ".+", "type": "string" } }, @@ -3005,20 +3152,23 @@ }, "type": "array" }, - "organizations": { - "items": { - "$ref": "#/components/schemas/Organization" - }, - "type": "array" + "selectedOrganizationRestrictionResources": { + "$ref": "#/components/schemas/OrganizationMembershipRestrictionResources" }, "user": { "$ref": "#/components/schemas/User", "description": "The logged-in user details." + }, + "userOrganizations": { + "items": { + "$ref": "#/components/schemas/UserOrganizationAssociation" + }, + "type": "array" } }, "required": [ "user", - "organizations", + "userOrganizations", "invites" ], "type": "object" @@ -3142,110 +3292,454 @@ ], "type": "object" }, - "Organization": { + "NetworkPolicy": { "properties": { - "created": { - "format": "date-time", - "type": "string" + "allowedHits": { + "format": "int32", + "type": "integer" + }, + "blockedHits": { + "format": "int32", + "type": "integer" + }, + "cluster": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "environment": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "hits": { + "format": "int32", + "type": "integer" }, "id": { "type": "string" }, - "imageURL": { + "kind": { + "enum": [ + "NETWORK_POLICY", + "NETWORK_POLICY_MANAGED_BY_OTTERIZE", + "CILIUM_NETWORK_POLICY", + "CILIUM_CLUSTER_WIDE_NETWORK_POLICY" + ], + "type": "string" + }, + "lastUsed": { + "format": "date-time", "type": "string" }, + "metadata": { + "$ref": "#/components/schemas/NetworkPolicyMetadata" + }, "name": { "type": "string" }, - "settings": { - "$ref": "#/components/schemas/OrganizationSettings" + "namespace": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" }, - "uniqueName": { + "spec": { "type": "string" + }, + "workloads": { + "items": { + "$ref": "#/components/schemas/NetworkPolicyWorkload" + }, + "type": "array" + }, + "workloadsAffected": { + "format": "int32", + "type": "integer" } }, "required": [ "id", "name", - "uniqueName", - "settings", - "created" + "kind", + "cluster", + "environment", + "hits", + "allowedHits", + "blockedHits", + "workloads", + "workloadsAffected", + "spec" ], "type": "object" }, - "OrganizationSettings": { + "NetworkPolicyMetadata": { "properties": { - "defaultIntentsApprovalActionByEnv": { - "items": { - "$ref": "#/components/schemas/DefaultIntentsApprovalActionByEnv" - }, - "type": "array" - }, - "domains": { - "items": { - "type": "string" - }, - "type": "array" + "hasIpBlocks": { + "type": "boolean" }, - "enforcedRegulations": { - "items": { - "type": "string" - }, - "type": "array" + "isEgress": { + "type": "boolean" }, - "ignoredCloudDomains": { - "items": { - "type": "string" - }, - "type": "array" + "isIngress": { + "type": "boolean" } }, "required": [ - "defaultIntentsApprovalActionByEnv" + "isEgress", + "isIngress", + "hasIpBlocks" ], "type": "object" }, - "OrganizationSettingsInput": { + "NetworkPolicyWorkload": { "properties": { - "defaultIntentsApprovalActionByEnv": { - "items": { - "type": "object" - }, - "type": "array" - }, - "domains": { - "items": { - "type": "string" - }, - "type": "array" - }, - "enforcedRegulations": { - "items": { - "type": "string" - }, - "type": "array" + "scope": { + "enum": [ + "PRIMARY", + "EGRESS", + "INGRESS" + ], + "type": "string" }, - "ignoredCloudDomains": { - "items": { - "type": "string" + "service": { + "properties": { + "id": { + "type": "string" + } }, - "type": "array" + "required": [ + "id" + ], + "type": "object" } }, + "required": [ + "scope", + "service" + ], "type": "object" }, - "PaginationInput": { + "NumericFilterValue": { "properties": { - "limit": { - "format": "int32", - "type": "integer" + "operator": { + "enum": [ + "EQUAL", + "NOT_EQUAL", + "GREATER_THAN", + "GREATER_THAN_OR_EQUAL", + "LESS_THAN", + "LESS_THAN_OR_EQUAL" + ], + "type": "string" }, - "offset": { + "value": { "format": "int32", "type": "integer" } }, - "type": "object" + "required": [ + "value", + "operator" + ], + "type": "object" + }, + "Organization": { + "properties": { + "created": { + "format": "date-time", + "type": "string" + }, + "id": { + "type": "string" + }, + "imageURL": { + "type": "string" + }, + "name": { + "type": "string" + }, + "settings": { + "$ref": "#/components/schemas/OrganizationSettings" + }, + "uniqueName": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "uniqueName", + "settings", + "created" + ], + "type": "object" + }, + "OrganizationMembership": { + "properties": { + "organizationId": { + "type": "string" + }, + "restrictions": { + "$ref": "#/components/schemas/OrganizationMembershipRestrictions" + }, + "role": { + "enum": [ + "ADMIN", + "VIEWER" + ], + "type": "string" + } + }, + "required": [ + "organizationId", + "role" + ], + "type": "object" + }, + "OrganizationMembershipInput": { + "properties": { + "restrictions": { + "type": "object" + }, + "role": { + "enum": [ + "ADMIN", + "VIEWER" + ], + "type": "string" + } + }, + "required": [ + "role" + ], + "type": "object" + }, + "OrganizationMembershipRestrictionResources": { + "properties": { + "clusters": { + "items": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "environments": { + "items": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "namespaces": { + "items": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "services": { + "items": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "clusters", + "services", + "namespaces", + "environments" + ], + "type": "object" + }, + "OrganizationMembershipRestrictions": { + "properties": { + "clusterIds": { + "$ref": "#/components/schemas/IDFilterValue" + }, + "environmentIds": { + "$ref": "#/components/schemas/IDFilterValue" + }, + "namespaceIds": { + "$ref": "#/components/schemas/IDFilterValue" + }, + "serviceIds": { + "$ref": "#/components/schemas/IDFilterValue" + } + }, + "type": "object" + }, + "OrganizationMembershipRestrictionsInput": { + "properties": { + "clusterIds": { + "type": "object" + }, + "environmentIds": { + "type": "object" + }, + "namespaceIds": { + "type": "object" + }, + "serviceIds": { + "type": "object" + } + }, + "type": "object" + }, + "OrganizationSettings": { + "properties": { + "autoApproveMoreRestrictiveIntentsByEnv": { + "items": { + "$ref": "#/components/schemas/AutoApproveMoreRestrictiveIntentsByEnv" + }, + "type": "array" + }, + "defaultIntentsApprovalActionByEnv": { + "items": { + "$ref": "#/components/schemas/DefaultIntentsApprovalActionByEnv" + }, + "type": "array" + }, + "defaultInviteMembership": { + "$ref": "#/components/schemas/OrganizationMembership" + }, + "domains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "domainsDefaultRole": { + "enum": [ + "ADMIN", + "VIEWER" + ], + "type": "string" + }, + "enforcedRegulations": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ignoreInternetIntents": { + "type": "boolean" + }, + "ignoredCloudDomains": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "defaultIntentsApprovalActionByEnv", + "domainsDefaultRole", + "defaultInviteMembership", + "autoApproveMoreRestrictiveIntentsByEnv" + ], + "type": "object" + }, + "OrganizationSettingsInput": { + "properties": { + "autoApproveMoreRestrictiveIntentsByEnv": { + "items": { + "type": "object" + }, + "type": "array" + }, + "defaultIntentsApprovalActionByEnv": { + "items": { + "type": "object" + }, + "type": "array" + }, + "defaultInviteMembership": { + "type": "object" + }, + "domains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "enforcedRegulations": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ignoreInternetIntents": { + "type": "boolean" + }, + "ignoredCloudDomains": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "PaginationInput": { + "properties": { + "limit": { + "format": "int32", + "type": "integer" + }, + "offset": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" }, "PaginationMeta": { "description": " Pagination types ", @@ -3257,6 +3751,142 @@ }, "type": "object" }, + "SIEMIntegrationTrigger": { + "properties": { + "isActive": { + "type": "boolean" + } + }, + "required": [ + "isActive" + ], + "type": "object" + }, + "SIEMIntegrationTriggerInput": { + "properties": { + "isActive": { + "type": "boolean" + } + }, + "required": [ + "isActive" + ], + "type": "object" + }, + "SIEMSettings": { + "properties": { + "findingTriggers": { + "items": { + "$ref": "#/components/schemas/SIEMTrigger" + }, + "type": "array" + }, + "integrationTriggers": { + "$ref": "#/components/schemas/SIEMIntegrationTrigger" + }, + "isActive": { + "type": "boolean" + }, + "serviceTriggers": { + "items": { + "$ref": "#/components/schemas/SIEMTrigger" + }, + "type": "array" + }, + "syslogFacility": { + "format": "int32", + "type": "integer" + }, + "syslogHostname": { + "type": "string" + }, + "syslogPort": { + "format": "int32", + "type": "integer" + }, + "tlsConfiguration": { + "$ref": "#/components/schemas/TLSConfiguration" + } + }, + "required": [ + "isActive", + "syslogHostname", + "syslogPort", + "syslogFacility", + "serviceTriggers", + "findingTriggers", + "integrationTriggers" + ], + "type": "object" + }, + "SIEMSettingsInput": { + "properties": { + "findingTriggers": { + "items": { + "type": "object" + }, + "type": "array" + }, + "integrationTriggers": { + "type": "object" + }, + "isActive": { + "type": "boolean" + }, + "serviceTriggers": { + "items": { + "type": "object" + }, + "type": "array" + }, + "syslogFacility": { + "format": "int32", + "type": "integer" + }, + "syslogHostname": { + "type": "string" + }, + "syslogPort": { + "format": "int32", + "type": "integer" + }, + "tlsConfiguration": { + "type": "object" + } + }, + "required": [ + "isActive", + "syslogHostname", + "syslogPort", + "syslogFacility", + "serviceTriggers", + "findingTriggers", + "integrationTriggers" + ], + "type": "object" + }, + "SIEMTrigger": { + "properties": { + "filter": { + "$ref": "#/components/schemas/IntegrationAccessGraphFilter" + } + }, + "required": [ + "filter" + ], + "type": "object" + }, + "SIEMTriggerInput": { + "properties": { + "filter": { + "type": "object" + } + }, + "required": [ + "filter" + ], + "type": "object" + }, "ServerAlias": { "properties": { "kind": { @@ -3434,6 +4064,20 @@ "namespace": { "$ref": "#/components/schemas/Namespace" }, + "networkPolicies": { + "items": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, "serviceAccount": { "type": "string" }, @@ -3497,7 +4141,8 @@ "DATABASE_USER", "KUBERNETES_LOAD_BALANCER", "AWS_VISIBILITY_EKS", - "DETECTED_CLOUD_SERVER" + "DETECTED_CLOUD_SERVER", + "CONTROL_PLANE" ], "type": "string" }, @@ -3713,6 +4358,31 @@ ], "type": "object" }, + "TLSConfiguration": { + "properties": { + "caCertificate": { + "type": "string" + }, + "certificate": { + "type": "string" + } + }, + "type": "object" + }, + "TLSConfigurationInput": { + "properties": { + "caCertificate": { + "type": "string" + }, + "certificate": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "type": "object" + }, "TerraformAwsInlinePolicyInfo": { "properties": { "name": { @@ -3896,6 +4566,33 @@ "authProviderUserId" ], "type": "object" + }, + "UserOrganizationAssociation": { + "properties": { + "membership": { + "$ref": "#/components/schemas/OrganizationMembership" + }, + "org": { + "$ref": "#/components/schemas/Organization" + }, + "user": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + }, + "required": [ + "org", + "user", + "membership" + ], + "type": "object" } }, "securitySchemes": { @@ -3905,12 +4602,6 @@ "name": "access_token", "type": "apiKey" }, - "bearerAuth": { - "bearerFormat": "JWT", - "description": "Otterize user JWT token.", - "scheme": "bearer", - "type": "http" - }, "oauth2": { "description": "Use client ID and client secret from an Otterize integration to authenticate.", "flows": { @@ -3933,7 +4624,7 @@ "info": { "title": "Otterize API Server", "version": "v1beta", - "x-revision": "8a776694fb7705cc78a601c7b476f8f813dfbe3c" + "x-revision": "da79d06c3db3865027b8106013dae6bbcd6515e7" }, "openapi": "3.0.0", "paths": { @@ -3980,6 +4671,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4061,6 +4755,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4147,6 +4844,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4215,6 +4915,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4277,6 +4980,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4336,6 +5042,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4398,6 +5107,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4464,6 +5176,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4523,6 +5238,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4580,6 +5298,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4657,6 +5378,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4716,6 +5440,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4793,6 +5520,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4865,6 +5595,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4924,6 +5657,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -4981,6 +5717,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5061,6 +5800,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5137,6 +5879,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5207,6 +5952,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5246,7 +5994,8 @@ "GITLAB", "AZURE", "SLACK", - "AWS_VISIBILITY" + "AWS_VISIBILITY", + "SIEM" ], "type": "string" } @@ -5308,6 +6057,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5358,7 +6110,8 @@ "GITLAB", "AZURE", "SLACK", - "AWS_VISIBILITY" + "AWS_VISIBILITY", + "SIEM" ], "type": "string" } @@ -5412,6 +6165,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5495,6 +6251,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5562,6 +6321,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5639,6 +6401,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5706,6 +6471,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5783,6 +6551,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5850,6 +6621,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -5922,6 +6696,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6001,6 +6778,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6078,6 +6858,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6145,6 +6928,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6213,6 +6999,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6289,6 +7078,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6368,6 +7160,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6435,6 +7230,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6514,6 +7312,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6581,6 +7382,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6656,6 +7460,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6738,6 +7545,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6757,6 +7567,164 @@ ] } }, + "/integrations/siem": { + "post": { + "description": "Create a new SIEM integration", + "operationId": "createSIEMIntegration_mutation", + "parameters": [ + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "properties": { + "name": { + "type": "string" + }, + "siemSettings": { + "$ref": "#/components/schemas/SIEMSettingsInput" + } + }, + "required": [ + "name", + "siemSettings" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateSIEMIntegrationResponse" + } + } + }, + "description": "Create a new SIEM integration" + }, + "400": { + "$ref": "#/components/responses/APPLIED_INTENTS_ERROR" + }, + "401": { + "$ref": "#/components/responses/UNAUTHENTICATED" + }, + "403": { + "$ref": "#/components/responses/FORBIDDEN" + }, + "404": { + "$ref": "#/components/responses/NOT_FOUND" + }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, + "409": { + "$ref": "#/components/responses/CONFLICT" + }, + "422": { + "$ref": "#/components/responses/BAD_USER_INPUT" + }, + "500": { + "$ref": "#/components/responses/INTERNAL_SERVER_ERROR" + }, + "default": { + "$ref": "#/components/responses/UNEXPECTED_ERROR" + } + }, + "summary": "Create a new SIEM integration", + "tags": [ + "integrations" + ] + } + }, + "/integrations/siem/{id}": { + "patch": { + "description": "Update SIEM integration", + "operationId": "updateSIEMIntegration_mutation", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "example": "obj_12345", + "format": "id", + "pattern": "^[A-Za-z_]+_[a-z0-9]+$", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "properties": { + "name": { + "example": "Object name", + "format": "custom-name", + "pattern": "^[A-Za-z][A-Za-z0-9- _]{0,61}[A-Za-z0-9]$", + "type": "string" + }, + "siemSettings": { + "$ref": "#/components/schemas/SIEMSettingsInput" + } + }, + "required": [ + "name", + "siemSettings" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Integration" + } + } + }, + "description": "Update SIEM integration" + }, + "400": { + "$ref": "#/components/responses/APPLIED_INTENTS_ERROR" + }, + "401": { + "$ref": "#/components/responses/UNAUTHENTICATED" + }, + "403": { + "$ref": "#/components/responses/FORBIDDEN" + }, + "404": { + "$ref": "#/components/responses/NOT_FOUND" + }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, + "409": { + "$ref": "#/components/responses/CONFLICT" + }, + "422": { + "$ref": "#/components/responses/BAD_USER_INPUT" + }, + "500": { + "$ref": "#/components/responses/INTERNAL_SERVER_ERROR" + }, + "default": { + "$ref": "#/components/responses/UNEXPECTED_ERROR" + } + }, + "summary": "Update SIEM integration", + "tags": [ + "integrations" + ] + } + }, "/integrations/slack": { "patch": { "description": "Update a Slack integration", @@ -6814,6 +7782,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6881,6 +7852,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6940,6 +7914,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -6997,6 +7974,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7066,6 +8046,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7138,6 +8121,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7169,6 +8155,9 @@ "email": { "format": "email", "type": "string" + }, + "organizationMembership": { + "$ref": "#/components/schemas/OrganizationMembershipInput" } }, "required": [ @@ -7202,6 +8191,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7261,6 +8253,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7318,6 +8313,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7386,6 +8384,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7434,6 +8435,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7515,6 +8519,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7607,6 +8614,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7666,6 +8676,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7742,6 +8755,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7761,6 +8777,60 @@ ] } }, + "/org-users": { + "get": { + "description": "", + "operationId": "orgUsers_query", + "parameters": [ + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/UserOrganizationAssociation" + }, + "type": "array" + } + } + }, + "description": "" + }, + "400": { + "$ref": "#/components/responses/APPLIED_INTENTS_ERROR" + }, + "401": { + "$ref": "#/components/responses/UNAUTHENTICATED" + }, + "403": { + "$ref": "#/components/responses/FORBIDDEN" + }, + "404": { + "$ref": "#/components/responses/NOT_FOUND" + }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, + "409": { + "$ref": "#/components/responses/CONFLICT" + }, + "422": { + "$ref": "#/components/responses/BAD_USER_INPUT" + }, + "500": { + "$ref": "#/components/responses/INTERNAL_SERVER_ERROR" + }, + "default": { + "$ref": "#/components/responses/UNEXPECTED_ERROR" + } + }, + "summary": "", + "tags": [ + "users" + ] + } + }, "/organizations": { "get": { "description": "List organizations", @@ -7793,6 +8863,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7853,6 +8926,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7912,6 +8988,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -7993,6 +9072,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8063,6 +9145,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8135,6 +9220,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8183,6 +9271,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8264,6 +9355,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8364,6 +9458,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8423,6 +9520,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8497,6 +9597,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8569,6 +9672,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8632,6 +9738,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8683,6 +9792,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8742,6 +9854,9 @@ "404": { "$ref": "#/components/responses/NOT_FOUND" }, + "408": { + "$ref": "#/components/responses/TIMEOUT" + }, "409": { "$ref": "#/components/responses/CONFLICT" }, @@ -8772,12 +9887,6 @@ ], "organizationHeader": [ ] - }, - { - "bearerAuth": [ - ], - "organizationHeader": [ - ] } ], "servers": [ diff --git a/src/pkg/mapperclient/schema.graphql b/src/pkg/mapperclient/schema.graphql index f7d5a690..8d7f1b44 100644 --- a/src/pkg/mapperclient/schema.graphql +++ b/src/pkg/mapperclient/schema.graphql @@ -8,6 +8,10 @@ input Destination { destinationPort: Int TTL: Int lastSeen: Time! + # It feel like this should belong to RecordedDestinationsForSrc and not the Destination, but we use the source port + # only for counting unique connections to to the same destination. By putting it here, we reduce the amount of traffic + # we pass from the sniffer to the mapper (this way we can send the src&dest ip only once). + srcPorts: [Int!] } input RecordedDestinationsForSrc { @@ -39,6 +43,11 @@ type GroupVersionKind { kind: String! } +type TCPDestResolveBugfixData { + isSrcControlPlane: Boolean! + resolvedUsingIp: Boolean! +} + type IdentityResolutionData { host: String podHostname: String @@ -49,12 +58,14 @@ type IdentityResolutionData { lastSeen: String extraInfo: String hasLinkerdSidecar: Boolean + tcpDestResolveFixData: TCPDestResolveBugfixData } type OtterizeServiceIdentity { name: String! namespace: String! labels: [PodLabel!] + nameResolvedUsingAnnotation: Boolean resolutionData: IdentityResolutionData """ If the service identity was resolved from a pod owner, the GroupVersionKind of the pod owner. From 14a5ee8ad680e3329370516e7f440d5f92edebf0 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Mon, 19 May 2025 14:43:04 +0300 Subject: [PATCH 16/16] update schemas --- .../graphql/cloudapi/schema.graphql | 96 ++++++- .../cloudclient/restapi/cloudapi/api.gen.go | 126 ++++++--- .../cloudclient/restapi/cloudapi/openapi.json | 241 ++++++++++++++++-- src/pkg/mapperclient/schema.graphql | 6 + 4 files changed, 400 insertions(+), 69 deletions(-) diff --git a/src/pkg/cloudclient/graphql/cloudapi/schema.graphql b/src/pkg/cloudclient/graphql/cloudapi/schema.graphql index 257b6249..c0c0fa69 100644 --- a/src/pkg/cloudclient/graphql/cloudapi/schema.graphql +++ b/src/pkg/cloudclient/graphql/cloudapi/schema.graphql @@ -154,6 +154,7 @@ input AWSVisibilitySettingsInput { type AccessApprovalRuleset { id: ID! + order: Int! origin: AccessApprovalRulesetFilter! target: AccessApprovalRulesetFilter! action: AccessApprovalRulesetAction! @@ -301,6 +302,11 @@ enum AuthRole { VIEWER } +type AutoApproveMoreRestrictiveIntentsByEnv { + environmentId: ID! + enabled: Boolean! +} + enum AutomateThirdPartyNetworkPolicy { OFF ALWAYS @@ -735,6 +741,8 @@ enum EdgeAccessStatusReason { ALLOWED_BY_APPLIED_INTENTS_KAFKA_OVERLY_PERMISSIVE ALLOWED_BY_APPLIED_INTENTS_DATABASE_OVERLY_PERMISSIVE ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY + ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY + ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY WOULD_BE_ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY BLOCKED_BY_APPLIED_INTENTS_UNDER_PERMISSIVE BLOCKED_BY_APPLIED_INTENTS_RESOURCE_MISMATCH @@ -746,6 +754,8 @@ enum EdgeAccessStatusReason { BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS + BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY + BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY BLOCKED_BY_DEFAULT_DENY SHARED_SERVICE_ACCOUNT CLIENT_ISTIO_SIDECAR_MISSING @@ -880,6 +890,7 @@ type FeatureFlags { useTypedIntentsCTE: Boolean enableInternetIntentsSuggestions: Boolean enableIAMIntentsSuggestions: Boolean + enableNetworkPoliciesInAccessGraph: Boolean } type Finding { @@ -1000,12 +1011,14 @@ type GitHubRepoInfo { repository: String! baseBranch: String! intentsPath: String! + terraformPath: String } input GitHubRepoInfoInput { repository: String! baseBranch: String! intentsPath: String! + terraformPath: String } type GitHubSettings { @@ -1040,6 +1053,7 @@ input GitLabRepoInfoInput { projectPath: String! baseBranch: String! intentsPath: String! + terraformPath: String } type GitLabSettings { @@ -1094,6 +1108,12 @@ enum IPFamily { UNKNOWN } +"""IP filters""" +type IPFilterValue { + cidr: String! + exclude: [String!] +} + input IncomingInternetSourceInput { ip: String! } @@ -1107,6 +1127,7 @@ input IncomingTrafficIntentInput { serverName: String! namespace: String! source: IncomingInternetSourceInput! + connectionsCount: ConnectionsCount } input IngressControllerConfigInput { @@ -1119,6 +1140,8 @@ input IngressControllerConfigInput { input InputAccessApprovalRuleset { """Ruleset""" id: ID! +"""Ruleset""" + order: Int! """Ruleset""" origin: InputAccessApprovalRulesetConfigFilter! """Ruleset""" @@ -1198,6 +1221,11 @@ input InputAppliedIntentsRequestFilter { approvalStatuses: InputIDFilterValue } +input InputAutoApproveMoreRestrictiveIntentsByEnv { + environmentId: ID! + enabled: Boolean! +} + input InputDefaultIntentsApprovalActionByEnv { environmentId: ID! action: AccessApprovalRulesetAction! @@ -1211,6 +1239,7 @@ input InputFeatureFlags { useTypedIntentsCTE: Boolean enableInternetIntentsSuggestions: Boolean enableIAMIntentsSuggestions: Boolean + enableNetworkPoliciesInAccessGraph: Boolean } """ Findings filter """ @@ -1279,6 +1308,11 @@ input InputNumericFilterValue { operator: NumericFilterOperators! } +input InputOffsetPagination { + page: Int + size: Int +} + input InputResourceInventoryFilter { serviceIds: InputIDFilterValue environmentIds: InputIDFilterValue @@ -1302,15 +1336,21 @@ input InputServiceFilter { integrationIds: [ID!] } +input InputTerraformAwsInlinePolicyInfo { + name: String! + policy: String! +} + input InputTerraformAwsPolicyInfo { arn: String! + policy: String! address: String! } input InputTerraformAwsRoleInfo { arn: String! address: String! - inlinePolicy: String! + inlinePolicy: [InputTerraformAwsInlinePolicyInfo!] attachedPolicies: [InputTerraformAwsPolicyInfo!] } @@ -1589,6 +1629,11 @@ type Invite { status: InviteStatus! } +input InviteOrgMembershipInput { + inviteId: ID! + membership: OrganizationMembershipInput! +} + enum InviteStatus { PENDING ACCEPTED @@ -1856,6 +1901,7 @@ or, for users with a single organization, this is that single selected organizat This is selected by the X-Otterize-Organization header, or, for users with a single organization, this is that single selected organization.""" selectedUserOrganization: UserOrganizationAssociation! + selectedOrganizationRestrictionResources: OrganizationMembershipRestrictionResources } type MeMutation { @@ -2127,6 +2173,9 @@ type Mutation { acceptInvite( id: ID! ): Invite! + saveInviteOrgMemberships( + memberships: [InviteOrgMembershipInput!]! + ): Boolean! reportK8sServices( namespace: String! services: [K8sServiceInput!]! @@ -2268,6 +2317,11 @@ type NetworkMapperComponent { status: ComponentStatus! } +type NetworkPoliciesPage { + data: [NetworkPolicy!]! + meta: PaginationMeta +} + enum NetworkPoliciesStep { """Connect cluster""" CREATE_CLUSTER @@ -2297,6 +2351,7 @@ type NetworkPolicy { workloadsAffected: Int! spec: String! lastUsed: Time + metadata: NetworkPolicyMetadata } input NetworkPolicyInput { @@ -2311,6 +2366,12 @@ enum NetworkPolicyKind { CILIUM_CLUSTER_WIDE_NETWORK_POLICY } +type NetworkPolicyMetadata { + isEgress: Boolean! + isIngress: Boolean! + hasIpBlocks: Boolean! +} + enum NetworkPolicyScope { PRIMARY EGRESS @@ -2347,6 +2408,7 @@ type Organization { } type OrganizationMembership { + organizationId: ID! role: AuthRole! restrictions: OrganizationMembershipRestrictions restrictionResources: OrganizationMembershipRestrictionResources @@ -2385,6 +2447,8 @@ type OrganizationSettings { defaultIntentsApprovalActionByEnv: [DefaultIntentsApprovalActionByEnv!]! ignoreInternetIntents: Boolean domainsDefaultRole: AuthRole! + defaultInviteMembership: OrganizationMembership! + autoApproveMoreRestrictiveIntentsByEnv: [AutoApproveMoreRestrictiveIntentsByEnv!]! } input OrganizationSettingsInput { @@ -2393,6 +2457,8 @@ input OrganizationSettingsInput { ignoredCloudDomains: [String!] defaultIntentsApprovalActionByEnv: [InputDefaultIntentsApprovalActionByEnv!] ignoreInternetIntents: Boolean + defaultInviteMembership: OrganizationMembershipInput + autoApproveMoreRestrictiveIntentsByEnv: [InputAutoApproveMoreRestrictiveIntentsByEnv!] } input PaginationInput { @@ -2602,7 +2668,8 @@ type Query { ): NetworkPolicy networkPolicies( filter: InputNetworkPolicyFilter - ): [NetworkPolicy!]! + pagination: InputOffsetPagination + ): NetworkPoliciesPage """List organizations""" organizations: [Organization!]! """Get organization""" @@ -2652,8 +2719,6 @@ type Query { ): TerraformResourceInfo! """List users""" users: [User!]! -"""List users with restriction resources""" - orgUsersWithRestrictionResources: UsersWithRestrictionResources! orgUsers: [UserOrganizationAssociation!]! """Get user""" user( @@ -2944,6 +3009,7 @@ enum ServiceType { KUBERNETES_LOAD_BALANCER AWS_VISIBILITY_EKS DETECTED_CLOUD_SERVER + CONTROL_PLANE } type ServicesResponse { @@ -3022,13 +3088,13 @@ scalar String type TLSConfiguration { caCertificate: String - certificate: String! + certificate: String } input TLSConfigurationInput { caCertificate: String - certificate: String! - key: String! + certificate: String + key: String } enum TelemetryComponentType { @@ -3051,21 +3117,28 @@ input TelemetryInput { data: TelemetryData! } +type TerraformAwsInlinePolicyInfo { + name: String! + policy: String! +} + type TerraformAwsPolicyInfo { arn: String! + policy: String! address: String! } type TerraformAwsRoleInfo { arn: String! address: String! - inlinePolicy: String! + inlinePolicy: [TerraformAwsInlinePolicyInfo!] attachedPolicies: [TerraformAwsPolicyInfo!] } type TerraformResourceInfo { modulePath: String! - gitOriginUrl: String! + gitPlatform: String! + gitOrigin: String! gitCommitHash: String! awsRoles: [TerraformAwsRoleInfo!] } @@ -3190,11 +3263,6 @@ type UserTutorial { stepSeen: String! } -type UsersWithRestrictionResources { - orgUsers: [UserOrganizationAssociation!]! - restrictionResources: OrganizationMembershipRestrictionResources -} - """ Used to validate ID based filters """ type ValidIDFilter { clusterIds: IDFilterValue diff --git a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go index 7f502785..c34fa5d9 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/api.gen.go +++ b/src/pkg/cloudclient/restapi/cloudapi/api.gen.go @@ -130,6 +130,8 @@ const ( EdgeAccessStatusReasonALLOWEDBYAPPLIEDINTENTSOVERLYPERMISSIVE EdgeAccessStatusReason = "ALLOWED_BY_APPLIED_INTENTS_OVERLY_PERMISSIVE" EdgeAccessStatusReasonALLOWEDBYEXTERNALLYMANAGEDNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY" EdgeAccessStatusReasonALLOWEDBYEXTERNALTRAFFICNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY" + EdgeAccessStatusReasonALLOWEDBYINTERNETEGRESSNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonALLOWEDBYINTERNETINGRESSNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY" EdgeAccessStatusReasonALLOWEDBYMETRICSCOLLECTIONTRAFFICNETWORKPOLICY EdgeAccessStatusReason = "ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY" EdgeAccessStatusReasonBLOCKEDBYAPPLIEDINTENTSDATABASERESOURCEMISMATCH EdgeAccessStatusReason = "BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH" EdgeAccessStatusReasonBLOCKEDBYAPPLIEDINTENTSDATABASEUNDERPERMISSIVE EdgeAccessStatusReason = "BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE" @@ -143,6 +145,8 @@ const ( EdgeAccessStatusReasonBLOCKEDBYDATABASEENFORCEMENTCONFIGMISSINGAPPLIEDINTENTS EdgeAccessStatusReason = "BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS" EdgeAccessStatusReasonBLOCKEDBYDEFAULTDENY EdgeAccessStatusReason = "BLOCKED_BY_DEFAULT_DENY" EdgeAccessStatusReasonBLOCKEDBYDEFAULTDENYMISSINGEXTERNALTRAFFICPOLICY EdgeAccessStatusReason = "BLOCKED_BY_DEFAULT_DENY_MISSING_EXTERNAL_TRAFFIC_POLICY" + EdgeAccessStatusReasonBLOCKEDBYINTERNETEGRESSNETWORKPOLICY EdgeAccessStatusReason = "BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonBLOCKEDBYINTERNETINGRESSNETWORKPOLICY EdgeAccessStatusReason = "BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY" EdgeAccessStatusReasonBLOCKEDBYKAFKAENFORCEMENTCONFIGMISSINGAPPLIEDINTENTS EdgeAccessStatusReason = "BLOCKED_BY_KAFKA_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS" EdgeAccessStatusReasonCLIENTISTIOSIDECARMISSING EdgeAccessStatusReason = "CLIENT_ISTIO_SIDECAR_MISSING" EdgeAccessStatusReasonIGNOREDINCALCULATION EdgeAccessStatusReason = "IGNORED_IN_CALCULATION" @@ -172,6 +176,8 @@ const ( EdgeAccessStatusReasonsALLOWEDBYAPPLIEDINTENTSOVERLYPERMISSIVE EdgeAccessStatusReasons = "ALLOWED_BY_APPLIED_INTENTS_OVERLY_PERMISSIVE" EdgeAccessStatusReasonsALLOWEDBYEXTERNALLYMANAGEDNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY" EdgeAccessStatusReasonsALLOWEDBYEXTERNALTRAFFICNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY" + EdgeAccessStatusReasonsALLOWEDBYINTERNETEGRESSNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonsALLOWEDBYINTERNETINGRESSNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY" EdgeAccessStatusReasonsALLOWEDBYMETRICSCOLLECTIONTRAFFICNETWORKPOLICY EdgeAccessStatusReasons = "ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY" EdgeAccessStatusReasonsBLOCKEDBYAPPLIEDINTENTSDATABASERESOURCEMISMATCH EdgeAccessStatusReasons = "BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH" EdgeAccessStatusReasonsBLOCKEDBYAPPLIEDINTENTSDATABASEUNDERPERMISSIVE EdgeAccessStatusReasons = "BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE" @@ -185,6 +191,8 @@ const ( EdgeAccessStatusReasonsBLOCKEDBYDATABASEENFORCEMENTCONFIGMISSINGAPPLIEDINTENTS EdgeAccessStatusReasons = "BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS" EdgeAccessStatusReasonsBLOCKEDBYDEFAULTDENY EdgeAccessStatusReasons = "BLOCKED_BY_DEFAULT_DENY" EdgeAccessStatusReasonsBLOCKEDBYDEFAULTDENYMISSINGEXTERNALTRAFFICPOLICY EdgeAccessStatusReasons = "BLOCKED_BY_DEFAULT_DENY_MISSING_EXTERNAL_TRAFFIC_POLICY" + EdgeAccessStatusReasonsBLOCKEDBYINTERNETEGRESSNETWORKPOLICY EdgeAccessStatusReasons = "BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY" + EdgeAccessStatusReasonsBLOCKEDBYINTERNETINGRESSNETWORKPOLICY EdgeAccessStatusReasons = "BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY" EdgeAccessStatusReasonsBLOCKEDBYKAFKAENFORCEMENTCONFIGMISSINGAPPLIEDINTENTS EdgeAccessStatusReasons = "BLOCKED_BY_KAFKA_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS" EdgeAccessStatusReasonsCLIENTISTIOSIDECARMISSING EdgeAccessStatusReasons = "CLIENT_ISTIO_SIDECAR_MISSING" EdgeAccessStatusReasonsIGNOREDINCALCULATION EdgeAccessStatusReasons = "IGNORED_IN_CALCULATION" @@ -381,6 +389,7 @@ const ( ServiceAccessGraphTypesAWS ServiceAccessGraphTypes = "AWS" ServiceAccessGraphTypesAWSVISIBILITYEKS ServiceAccessGraphTypes = "AWS_VISIBILITY_EKS" ServiceAccessGraphTypesAZURE ServiceAccessGraphTypes = "AZURE" + ServiceAccessGraphTypesCONTROLPLANE ServiceAccessGraphTypes = "CONTROL_PLANE" ServiceAccessGraphTypesDATABASE ServiceAccessGraphTypes = "DATABASE" ServiceAccessGraphTypesDATABASEUSER ServiceAccessGraphTypes = "DATABASE_USER" ServiceAccessGraphTypesDETECTEDCLOUDSERVER ServiceAccessGraphTypes = "DETECTED_CLOUD_SERVER" @@ -572,6 +581,12 @@ type AccessLogEdge struct { Timestamp time.Time `json:"timestamp"` } +// AutoApproveMoreRestrictiveIntentsByEnv defines model for AutoApproveMoreRestrictiveIntentsByEnv. +type AutoApproveMoreRestrictiveIntentsByEnv struct { + Enabled bool `json:"enabled"` + EnvironmentId string `json:"environmentId"` +} + // AzureInfo defines model for AzureInfo. type AzureInfo struct { AksClusterName string `json:"aksClusterName"` @@ -885,13 +900,14 @@ type Error struct { // FeatureFlags defines model for FeatureFlags. type FeatureFlags struct { - EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` - EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` - EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` - IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` - IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` - UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` - UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` + EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` + EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` + EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` + EnableNetworkPoliciesInAccessGraph *bool `json:"enableNetworkPoliciesInAccessGraph,omitempty"` + IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` + IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` + UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` + UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` } // GCPInfo defines model for GCPInfo. @@ -930,9 +946,10 @@ type GitHubRepoFilterPair struct { // GitHubRepoInfo defines model for GitHubRepoInfo. type GitHubRepoInfo struct { - BaseBranch string `json:"baseBranch"` - IntentsPath string `json:"intentsPath"` - Repository string `json:"repository"` + BaseBranch string `json:"baseBranch"` + IntentsPath string `json:"intentsPath"` + Repository string `json:"repository"` + TerraformPath *string `json:"terraformPath,omitempty"` } // GitHubSettings defines model for GitHubSettings. @@ -1007,13 +1024,14 @@ type InputAccessLogFilter struct { // InputFeatureFlags defines model for InputFeatureFlags. type InputFeatureFlags struct { - EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` - EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` - EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` - IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` - IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` - UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` - UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` + EnableFindingsV2 *bool `json:"enableFindingsV2,omitempty"` + EnableIAMIntentsSuggestions *bool `json:"enableIAMIntentsSuggestions,omitempty"` + EnableInternetIntentsSuggestions *bool `json:"enableInternetIntentsSuggestions,omitempty"` + EnableNetworkPoliciesInAccessGraph *bool `json:"enableNetworkPoliciesInAccessGraph,omitempty"` + IsCloudSecurityEnabled *bool `json:"isCloudSecurityEnabled,omitempty"` + IsCloudServicesDetectionEnabled *bool `json:"isCloudServicesDetectionEnabled,omitempty"` + UseClientIntentsV2 *bool `json:"useClientIntentsV2,omitempty"` + UseTypedIntentsCTE *bool `json:"useTypedIntentsCTE,omitempty"` } // InputServiceFilter Service filter @@ -1208,9 +1226,10 @@ type LabelValueTuple struct { // Me defines model for Me. type Me struct { - Invites []Invite `json:"invites"` - User User `json:"user"` - UserOrganizations []UserOrganizationAssociation `json:"userOrganizations"` + Invites []Invite `json:"invites"` + SelectedOrganizationRestrictionResources *OrganizationMembershipRestrictionResources `json:"selectedOrganizationRestrictionResources,omitempty"` + User User `json:"user"` + UserOrganizations []UserOrganizationAssociation `json:"userOrganizations"` } // MergedYAMLFile defines model for MergedYAMLFile. @@ -1271,8 +1290,9 @@ type Organization struct { // OrganizationMembership defines model for OrganizationMembership. type OrganizationMembership struct { - Restrictions *OrganizationMembershipRestrictions `json:"restrictions,omitempty"` - Role OrganizationMembershipRole `json:"role"` + OrganizationId string `json:"organizationId"` + Restrictions *OrganizationMembershipRestrictions `json:"restrictions,omitempty"` + Role OrganizationMembershipRole `json:"role"` } // OrganizationMembershipRole defines model for OrganizationMembership.Role. @@ -1287,6 +1307,22 @@ type OrganizationMembershipInput struct { // OrganizationMembershipInputRole defines model for OrganizationMembershipInput.Role. type OrganizationMembershipInputRole string +// OrganizationMembershipRestrictionResources defines model for OrganizationMembershipRestrictionResources. +type OrganizationMembershipRestrictionResources struct { + Clusters []struct { + Id string `json:"id"` + } `json:"clusters"` + Environments []struct { + Id string `json:"id"` + } `json:"environments"` + Namespaces []struct { + Id string `json:"id"` + } `json:"namespaces"` + Services []struct { + Id string `json:"id"` + } `json:"services"` +} + // OrganizationMembershipRestrictions defines model for OrganizationMembershipRestrictions. type OrganizationMembershipRestrictions struct { ClusterIds *IDFilterValue `json:"clusterIds,omitempty"` @@ -1297,12 +1333,14 @@ type OrganizationMembershipRestrictions struct { // OrganizationSettings defines model for OrganizationSettings. type OrganizationSettings struct { - DefaultIntentsApprovalActionByEnv []DefaultIntentsApprovalActionByEnv `json:"defaultIntentsApprovalActionByEnv"` - Domains *[]string `json:"domains,omitempty"` - DomainsDefaultRole OrganizationSettingsDomainsDefaultRole `json:"domainsDefaultRole"` - EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` - IgnoreInternetIntents *bool `json:"ignoreInternetIntents,omitempty"` - IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` + AutoApproveMoreRestrictiveIntentsByEnv []AutoApproveMoreRestrictiveIntentsByEnv `json:"autoApproveMoreRestrictiveIntentsByEnv"` + DefaultIntentsApprovalActionByEnv []DefaultIntentsApprovalActionByEnv `json:"defaultIntentsApprovalActionByEnv"` + DefaultInviteMembership OrganizationMembership `json:"defaultInviteMembership"` + Domains *[]string `json:"domains,omitempty"` + DomainsDefaultRole OrganizationSettingsDomainsDefaultRole `json:"domainsDefaultRole"` + EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` + IgnoreInternetIntents *bool `json:"ignoreInternetIntents,omitempty"` + IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` } // OrganizationSettingsDomainsDefaultRole defines model for OrganizationSettings.DomainsDefaultRole. @@ -1310,11 +1348,13 @@ type OrganizationSettingsDomainsDefaultRole string // OrganizationSettingsInput defines model for OrganizationSettingsInput. type OrganizationSettingsInput struct { - DefaultIntentsApprovalActionByEnv *[]map[string]interface{} `json:"defaultIntentsApprovalActionByEnv,omitempty"` - Domains *[]string `json:"domains,omitempty"` - EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` - IgnoreInternetIntents *bool `json:"ignoreInternetIntents,omitempty"` - IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` + AutoApproveMoreRestrictiveIntentsByEnv *[]map[string]interface{} `json:"autoApproveMoreRestrictiveIntentsByEnv,omitempty"` + DefaultIntentsApprovalActionByEnv *[]map[string]interface{} `json:"defaultIntentsApprovalActionByEnv,omitempty"` + DefaultInviteMembership *map[string]interface{} `json:"defaultInviteMembership,omitempty"` + Domains *[]string `json:"domains,omitempty"` + EnforcedRegulations *[]string `json:"enforcedRegulations,omitempty"` + IgnoreInternetIntents *bool `json:"ignoreInternetIntents,omitempty"` + IgnoredCloudDomains *[]string `json:"ignoredCloudDomains,omitempty"` } // PaginationInput defines model for PaginationInput. @@ -1509,28 +1549,36 @@ type SlackSettingsInput struct { // TLSConfiguration defines model for TLSConfiguration. type TLSConfiguration struct { CaCertificate *string `json:"caCertificate,omitempty"` - Certificate string `json:"certificate"` + Certificate *string `json:"certificate,omitempty"` +} + +// TerraformAwsInlinePolicyInfo defines model for TerraformAwsInlinePolicyInfo. +type TerraformAwsInlinePolicyInfo struct { + Name string `json:"name"` + Policy string `json:"policy"` } // TerraformAwsPolicyInfo defines model for TerraformAwsPolicyInfo. type TerraformAwsPolicyInfo struct { Address string `json:"address"` Arn string `json:"arn"` + Policy string `json:"policy"` } // TerraformAwsRoleInfo defines model for TerraformAwsRoleInfo. type TerraformAwsRoleInfo struct { - Address string `json:"address"` - Arn string `json:"arn"` - AttachedPolicies *[]TerraformAwsPolicyInfo `json:"attachedPolicies,omitempty"` - InlinePolicy string `json:"inlinePolicy"` + Address string `json:"address"` + Arn string `json:"arn"` + AttachedPolicies *[]TerraformAwsPolicyInfo `json:"attachedPolicies,omitempty"` + InlinePolicy *[]TerraformAwsInlinePolicyInfo `json:"inlinePolicy,omitempty"` } // TerraformResourceInfo defines model for TerraformResourceInfo. type TerraformResourceInfo struct { AwsRoles *[]TerraformAwsRoleInfo `json:"awsRoles,omitempty"` GitCommitHash string `json:"gitCommitHash"` - GitOriginUrl string `json:"gitOriginUrl"` + GitOrigin string `json:"gitOrigin"` + GitPlatform string `json:"gitPlatform"` ModulePath string `json:"modulePath"` } diff --git a/src/pkg/cloudclient/restapi/cloudapi/openapi.json b/src/pkg/cloudclient/restapi/cloudapi/openapi.json index c270d56f..3f9d9e42 100644 --- a/src/pkg/cloudclient/restapi/cloudapi/openapi.json +++ b/src/pkg/cloudclient/restapi/cloudapi/openapi.json @@ -558,6 +558,21 @@ ], "type": "object" }, + "AutoApproveMoreRestrictiveIntentsByEnv": { + "properties": { + "enabled": { + "type": "boolean" + }, + "environmentId": { + "type": "string" + } + }, + "required": [ + "environmentId", + "enabled" + ], + "type": "object" + }, "AzureInfo": { "properties": { "aksClusterName": { @@ -1426,6 +1441,8 @@ "ALLOWED_BY_APPLIED_INTENTS_KAFKA_OVERLY_PERMISSIVE", "ALLOWED_BY_APPLIED_INTENTS_DATABASE_OVERLY_PERMISSIVE", "ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY", + "ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY", + "ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY", "WOULD_BE_ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY", "BLOCKED_BY_APPLIED_INTENTS_UNDER_PERMISSIVE", "BLOCKED_BY_APPLIED_INTENTS_RESOURCE_MISMATCH", @@ -1437,6 +1454,8 @@ "BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE", "BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH", "BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS", + "BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY", + "BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY", "BLOCKED_BY_DEFAULT_DENY", "SHARED_SERVICE_ACCOUNT", "CLIENT_ISTIO_SIDECAR_MISSING", @@ -1470,6 +1489,8 @@ "ALLOWED_BY_APPLIED_INTENTS_KAFKA_OVERLY_PERMISSIVE", "ALLOWED_BY_APPLIED_INTENTS_DATABASE_OVERLY_PERMISSIVE", "ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY", + "ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY", + "ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY", "WOULD_BE_ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY", "BLOCKED_BY_APPLIED_INTENTS_UNDER_PERMISSIVE", "BLOCKED_BY_APPLIED_INTENTS_RESOURCE_MISMATCH", @@ -1481,6 +1502,8 @@ "BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE", "BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH", "BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS", + "BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY", + "BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY", "BLOCKED_BY_DEFAULT_DENY", "SHARED_SERVICE_ACCOUNT", "CLIENT_ISTIO_SIDECAR_MISSING", @@ -1648,6 +1671,9 @@ "enableInternetIntentsSuggestions": { "type": "boolean" }, + "enableNetworkPoliciesInAccessGraph": { + "type": "boolean" + }, "isCloudSecurityEnabled": { "type": "boolean" }, @@ -1794,6 +1820,9 @@ }, "repository": { "type": "string" + }, + "terraformPath": { + "type": "string" } }, "required": [ @@ -1813,6 +1842,9 @@ }, "repository": { "type": "string" + }, + "terraformPath": { + "type": "string" } }, "required": [ @@ -1924,6 +1956,9 @@ }, "projectPath": { "type": "string" + }, + "terraformPath": { + "type": "string" } }, "required": [ @@ -2076,6 +2111,21 @@ }, "type": "object" }, + "InputAutoApproveMoreRestrictiveIntentsByEnv": { + "properties": { + "enabled": { + "type": "boolean" + }, + "environmentId": { + "type": "string" + } + }, + "required": [ + "environmentId", + "enabled" + ], + "type": "object" + }, "InputDefaultIntentsApprovalActionByEnv": { "properties": { "action": { @@ -2107,6 +2157,9 @@ "enableInternetIntentsSuggestions": { "type": "boolean" }, + "enableNetworkPoliciesInAccessGraph": { + "type": "boolean" + }, "isCloudSecurityEnabled": { "type": "boolean" }, @@ -2291,6 +2344,21 @@ }, "type": "object" }, + "InputTerraformAwsInlinePolicyInfo": { + "properties": { + "name": { + "type": "string" + }, + "policy": { + "type": "string" + } + }, + "required": [ + "name", + "policy" + ], + "type": "object" + }, "InputTerraformAwsPolicyInfo": { "properties": { "address": { @@ -2298,10 +2366,14 @@ }, "arn": { "type": "string" + }, + "policy": { + "type": "string" } }, "required": [ "arn", + "policy", "address" ], "type": "object" @@ -2321,13 +2393,15 @@ "type": "array" }, "inlinePolicy": { - "type": "string" + "items": { + "type": "object" + }, + "type": "array" } }, "required": [ "arn", - "address", - "inlinePolicy" + "address" ], "type": "object" }, @@ -3078,6 +3152,9 @@ }, "type": "array" }, + "selectedOrganizationRestrictionResources": { + "$ref": "#/components/schemas/OrganizationMembershipRestrictionResources" + }, "user": { "$ref": "#/components/schemas/User", "description": "The logged-in user details." @@ -3267,6 +3344,9 @@ "format": "date-time", "type": "string" }, + "metadata": { + "$ref": "#/components/schemas/NetworkPolicyMetadata" + }, "name": { "type": "string" }, @@ -3310,6 +3390,25 @@ ], "type": "object" }, + "NetworkPolicyMetadata": { + "properties": { + "hasIpBlocks": { + "type": "boolean" + }, + "isEgress": { + "type": "boolean" + }, + "isIngress": { + "type": "boolean" + } + }, + "required": [ + "isEgress", + "isIngress", + "hasIpBlocks" + ], + "type": "object" + }, "NetworkPolicyWorkload": { "properties": { "scope": { @@ -3395,6 +3494,9 @@ }, "OrganizationMembership": { "properties": { + "organizationId": { + "type": "string" + }, "restrictions": { "$ref": "#/components/schemas/OrganizationMembershipRestrictions" }, @@ -3407,6 +3509,7 @@ } }, "required": [ + "organizationId", "role" ], "type": "object" @@ -3429,6 +3532,73 @@ ], "type": "object" }, + "OrganizationMembershipRestrictionResources": { + "properties": { + "clusters": { + "items": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "environments": { + "items": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "namespaces": { + "items": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "services": { + "items": { + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "clusters", + "services", + "namespaces", + "environments" + ], + "type": "object" + }, "OrganizationMembershipRestrictions": { "properties": { "clusterIds": { @@ -3465,12 +3635,21 @@ }, "OrganizationSettings": { "properties": { + "autoApproveMoreRestrictiveIntentsByEnv": { + "items": { + "$ref": "#/components/schemas/AutoApproveMoreRestrictiveIntentsByEnv" + }, + "type": "array" + }, "defaultIntentsApprovalActionByEnv": { "items": { "$ref": "#/components/schemas/DefaultIntentsApprovalActionByEnv" }, "type": "array" }, + "defaultInviteMembership": { + "$ref": "#/components/schemas/OrganizationMembership" + }, "domains": { "items": { "type": "string" @@ -3502,18 +3681,29 @@ }, "required": [ "defaultIntentsApprovalActionByEnv", - "domainsDefaultRole" + "domainsDefaultRole", + "defaultInviteMembership", + "autoApproveMoreRestrictiveIntentsByEnv" ], "type": "object" }, "OrganizationSettingsInput": { "properties": { + "autoApproveMoreRestrictiveIntentsByEnv": { + "items": { + "type": "object" + }, + "type": "array" + }, "defaultIntentsApprovalActionByEnv": { "items": { "type": "object" }, "type": "array" }, + "defaultInviteMembership": { + "type": "object" + }, "domains": { "items": { "type": "string" @@ -3951,7 +4141,8 @@ "DATABASE_USER", "KUBERNETES_LOAD_BALANCER", "AWS_VISIBILITY_EKS", - "DETECTED_CLOUD_SERVER" + "DETECTED_CLOUD_SERVER", + "CONTROL_PLANE" ], "type": "string" }, @@ -4176,9 +4367,6 @@ "type": "string" } }, - "required": [ - "certificate" - ], "type": "object" }, "TLSConfigurationInput": { @@ -4193,9 +4381,20 @@ "type": "string" } }, + "type": "object" + }, + "TerraformAwsInlinePolicyInfo": { + "properties": { + "name": { + "type": "string" + }, + "policy": { + "type": "string" + } + }, "required": [ - "certificate", - "key" + "name", + "policy" ], "type": "object" }, @@ -4206,10 +4405,14 @@ }, "arn": { "type": "string" + }, + "policy": { + "type": "string" } }, "required": [ "arn", + "policy", "address" ], "type": "object" @@ -4229,13 +4432,15 @@ "type": "array" }, "inlinePolicy": { - "type": "string" + "items": { + "$ref": "#/components/schemas/TerraformAwsInlinePolicyInfo" + }, + "type": "array" } }, "required": [ "arn", - "address", - "inlinePolicy" + "address" ], "type": "object" }, @@ -4250,7 +4455,10 @@ "gitCommitHash": { "type": "string" }, - "gitOriginUrl": { + "gitOrigin": { + "type": "string" + }, + "gitPlatform": { "type": "string" }, "modulePath": { @@ -4259,7 +4467,8 @@ }, "required": [ "modulePath", - "gitOriginUrl", + "gitPlatform", + "gitOrigin", "gitCommitHash" ], "type": "object" @@ -4415,7 +4624,7 @@ "info": { "title": "Otterize API Server", "version": "v1beta", - "x-revision": "fed83e7133faef5e9b8ed7a801c3fb39b681efaa" + "x-revision": "da79d06c3db3865027b8106013dae6bbcd6515e7" }, "openapi": "3.0.0", "paths": { diff --git a/src/pkg/mapperclient/schema.graphql b/src/pkg/mapperclient/schema.graphql index 93259d40..8d7f1b44 100644 --- a/src/pkg/mapperclient/schema.graphql +++ b/src/pkg/mapperclient/schema.graphql @@ -43,6 +43,11 @@ type GroupVersionKind { kind: String! } +type TCPDestResolveBugfixData { + isSrcControlPlane: Boolean! + resolvedUsingIp: Boolean! +} + type IdentityResolutionData { host: String podHostname: String @@ -53,6 +58,7 @@ type IdentityResolutionData { lastSeen: String extraInfo: String hasLinkerdSidecar: Boolean + tcpDestResolveFixData: TCPDestResolveBugfixData } type OtterizeServiceIdentity {