Add more fetchers for AWS IAM

connector/aws/accessanalyzer/build.gradle

@@ -0,0 +1,19 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * This project uses @Incubating APIs which are subject to change.
+ */
+
+plugins {
+    id 'blaze-query.java-conventions'
+}
+
+dependencies {
+    api project(':blaze-query-connector-aws-base')
+    api libs.awssdk.accessanalyzer
+    testImplementation project(':blaze-query-core-impl')
+    testImplementation libs.junit.jupiter
+    testImplementation libs.assertj.core
+}
+
+description = 'blaze-query-connector-aws-accessanalyzer'

connector/aws/accessanalyzer/src/main/java/com/blazebit/query/connector/aws/accessanalyzer/AccessAnalyzerAnalyzerDataFetcher.java

@@ -0,0 +1,88 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright Blazebit
+ */
+package com.blazebit.query.connector.aws.accessanalyzer;
+
+import com.blazebit.query.connector.aws.base.AwsConnectorConfig;
+import com.blazebit.query.connector.aws.base.AwsConventionContext;
+import com.blazebit.query.connector.base.DataFormats;
+import com.blazebit.query.spi.DataFetchContext;
+import com.blazebit.query.spi.DataFetcher;
+import com.blazebit.query.spi.DataFetcherException;
+import com.blazebit.query.spi.DataFormat;
+import software.amazon.awssdk.http.SdkHttpClient;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.accessanalyzer.AccessAnalyzerClient;
+import software.amazon.awssdk.services.accessanalyzer.AccessAnalyzerClientBuilder;
+import software.amazon.awssdk.services.accessanalyzer.model.AnalyzerSummary;
+import software.amazon.awssdk.services.accessanalyzer.model.ListAnalyzersRequest;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.StringTokenizer;
+
+/**
+ * @author Donghwi Kim
+ * @since 1.0.0
+ */
+public class AccessAnalyzerAnalyzerDataFetcher implements DataFetcher<AwsAccessAnalyzerAnalyzer>, Serializable {
+
+	public static final AccessAnalyzerAnalyzerDataFetcher INSTANCE = new AccessAnalyzerAnalyzerDataFetcher();
+
+	private AccessAnalyzerAnalyzerDataFetcher() {
+	}
+
+	@Override
+	public List<AwsAccessAnalyzerAnalyzer> fetch(DataFetchContext context) {
+		try {
+			List<AwsConnectorConfig.Account> accounts = AwsConnectorConfig.ACCOUNT.getAll( context );
+			SdkHttpClient sdkHttpClient = AwsConnectorConfig.HTTP_CLIENT.find( context );
+			List<AwsAccessAnalyzerAnalyzer> list = new ArrayList<>();
+			for ( AwsConnectorConfig.Account account : accounts ) {
+				for ( Region region : account.getRegions() ) {
+					AccessAnalyzerClientBuilder clientBuilder = AccessAnalyzerClient.builder()
+							.region( region )
+							.credentialsProvider( account.getCredentialsProvider() );
+					if ( sdkHttpClient != null ) {
+						clientBuilder.httpClient( sdkHttpClient );
+					}
+					try (AccessAnalyzerClient client = clientBuilder.build()) {
+						for ( AnalyzerSummary analyzer : client.listAnalyzersPaginator( ListAnalyzersRequest.builder().build() ).analyzers() ) {
+							StringTokenizer tokenizer = new StringTokenizer( analyzer.arn(), ":" );
+							// arn
+							tokenizer.nextToken();
+							// aws
+							tokenizer.nextToken();
+							// access-analyzer
+							tokenizer.nextToken();
+							// region
+							tokenizer.nextToken();
+							// account id
+							tokenizer.nextToken();
+							// resource id
+							String resourceId = tokenizer.nextToken();
+
+							list.add( new AwsAccessAnalyzerAnalyzer(
+									account.getAccountId(),
+									region.id(),
+									resourceId,
+									analyzer
+							) );
+						}
+					}
+				}
+			}
+			return list;
+		}
+		catch (RuntimeException e) {
+			throw new DataFetcherException( "Could not fetch analyzer list", e );
+		}
+	}
+
+	@Override
+	public DataFormat getDataFormat() {
+		return DataFormats.componentMethodConvention( AwsAccessAnalyzerAnalyzer.class, AwsConventionContext.INSTANCE );
+	}
+}

connector/aws/accessanalyzer/src/main/java/com/blazebit/query/connector/aws/accessanalyzer/AwsAccessAnalyzerAnalyzer.java

@@ -0,0 +1,24 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright Blazebit
+ */
+package com.blazebit.query.connector.aws.accessanalyzer;
+
+import com.blazebit.query.connector.aws.base.AwsWrapper;
+import software.amazon.awssdk.services.accessanalyzer.model.AnalyzerSummary;
+
+/**
+ * @author Donghwi Kim
+ * @since 1.0.0
+ */
+public class AwsAccessAnalyzerAnalyzer extends AwsWrapper<AnalyzerSummary> {
+
+	public AwsAccessAnalyzerAnalyzer(String accountId, String region, String resourceId, AnalyzerSummary payload) {
+		super( accountId, region, resourceId, payload );
+	}
+
+	@Override
+	public AnalyzerSummary getPayload() {
+		return super.getPayload();
+	}
+}

connector/aws/accessanalyzer/src/main/java/com/blazebit/query/connector/aws/accessanalyzer/AwsAccessAnalyzerSchemaProvider.java

@@ -0,0 +1,23 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright Blazebit
+ */
+package com.blazebit.query.connector.aws.accessanalyzer;
+
+import com.blazebit.query.spi.ConfigurationProvider;
+import com.blazebit.query.spi.DataFetcher;
+import com.blazebit.query.spi.QuerySchemaProvider;
+
+import java.util.Set;
+
+/**
+ * @author Donghwi Kim
+ * @since 1.0.0
+ */
+public final class AwsAccessAnalyzerSchemaProvider implements QuerySchemaProvider {
+	@Override
+	public Set<? extends DataFetcher<?>> resolveSchemaObjects(ConfigurationProvider configurationProvider) {
+		return Set.of(
+				AccessAnalyzerAnalyzerDataFetcher.INSTANCE );
+	}
+}

connector/aws/accessanalyzer/src/main/java/com/blazebit/query/connector/aws/accessanalyzer/package-info.java

@@ -0,0 +1,9 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright Blazebit
+ */
+
+/**
+ * Connector for the AWS Access Analyzer SDK.
+ */
+package com.blazebit.query.connector.aws.accessanalyzer;

connector/aws/accessanalyzer/src/main/resources/META-INF/services/com.blazebit.query.spi.QuerySchemaProvider

@@ -0,0 +1 @@
+com.blazebit.query.connector.aws.accessanalyzer.AwsAccessAnalyzerSchemaProvider

connector/aws/base/src/main/java/com/blazebit/query/connector/aws/base/AwsConventionContext.java

@@ -29,6 +29,9 @@ public ConventionContext getSubFilter(Class<?> concreteClass, Member member) {
 			case "serializableBuilderClass":
 			case "getValueForField":
 			case "sdkHttpResponse":
+			case "base32StringSeed":
+			case "qrCodePNG":
+
 				return null;
 			default:
 				return this;

connector/aws/iam/src/main/java/com/blazebit/query/connector/aws/iam/AwsIAMSchemaProvider.java

@@ -21,10 +21,21 @@ public final class AwsIAMSchemaProvider implements QuerySchemaProvider {
 	public Set<? extends DataFetcher<?>> resolveSchemaObjects(ConfigurationProvider configurationProvider) {
 		return Set.of(
 				AwsIamUserDataFetcher.INSTANCE,
+				AwsIamRoleDataFetcher.INSTANCE,
+				AwsIamGroupDataFetcher.INSTANCE,
 				AwsIamPasswordPolicyDataFetcher.INSTANCE,
 				MFADeviceDataFetcher.INSTANCE,
+				VirtualMfaDeviceDataFetcher.INSTANCE,
 				AwsIamLoginProfileDataFetcher.INSTANCE,
 				AwsIamAccountSummaryDataFetcher.INSTANCE,
-				AwsIamAccessKeyMetaDataLastUsedDataFetcher.INSTANCE );
+				AwsIamAccessKeyMetaDataLastUsedDataFetcher.INSTANCE,
+				AwsIamPolicyDataFetcher.INSTANCE,
+				AwsIamUserAttachedPolicyDataFetcher.INSTANCE,
+				AwsIamUserInlinePolicyDataFetcher.INSTANCE,
+				AwsIamGroupInlinePolicyDataFetcher.INSTANCE,
+				AwsIamRoleInlinePolicyDataFetcher.INSTANCE,
+				AwsIamGroupAttachedPolicyDataFetcher.INSTANCE,
+				AwsIamRoleAttachedPolicyDataFetcher.INSTANCE,
+				AwsIamServerCertificateDataFetcher.INSTANCE );
 	}
 }

connector/aws/iam/src/main/java/com/blazebit/query/connector/aws/iam/AwsIamGroup.java

@@ -0,0 +1,23 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright Blazebit
+ */
+package com.blazebit.query.connector.aws.iam;
+
+import com.blazebit.query.connector.aws.base.AwsWrapper;
+import software.amazon.awssdk.services.iam.model.GetGroupResponse;
+
+/**
+ * @author Donghwi Kim
+ * @since 1.0.0
+ */
+public class AwsIamGroup extends AwsWrapper<GetGroupResponse> {
+	public AwsIamGroup(String accountId, String resourceId, GetGroupResponse payload) {
+		super( accountId, null, resourceId, payload );
+	}
+
+	@Override
+	public GetGroupResponse getPayload() {
+		return super.getPayload();
+	}
+}

connector/aws/iam/src/main/java/com/blazebit/query/connector/aws/iam/AwsIamGroupAttachedPolicy.java

@@ -0,0 +1,27 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright Blazebit
+ */
+package com.blazebit.query.connector.aws.iam;
+
+import software.amazon.awssdk.services.iam.model.AttachedPolicy;
+
+/**
+ * @author Donghwi Kim
+ * @since 1.0.0
+ */
+public record AwsIamGroupAttachedPolicy(
+		String accountId,
+		String groupName,
+		String policyName,
+		String policyArn
+) {
+	public static AwsIamGroupAttachedPolicy from(String accountId, String groupName, AttachedPolicy attachedPolicy) {
+		return new AwsIamGroupAttachedPolicy(
+				accountId,
+				groupName,
+				attachedPolicy.policyName(),
+				attachedPolicy.policyArn()
+		);
+	}
+}

connector/aws/iam/src/main/java/com/blazebit/query/connector/aws/iam/AwsIamGroupAttachedPolicyDataFetcher.java

@@ -0,0 +1,74 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright Blazebit
+ */
+package com.blazebit.query.connector.aws.iam;
+
+import com.blazebit.query.connector.aws.base.AwsConnectorConfig;
+import com.blazebit.query.connector.aws.base.AwsConventionContext;
+import com.blazebit.query.connector.base.DataFormats;
+import com.blazebit.query.spi.DataFetchContext;
+import com.blazebit.query.spi.DataFetcher;
+import com.blazebit.query.spi.DataFetcherException;
+import com.blazebit.query.spi.DataFormat;
+import software.amazon.awssdk.http.SdkHttpClient;
+import software.amazon.awssdk.services.iam.IamClient;
+import software.amazon.awssdk.services.iam.IamClientBuilder;
+import software.amazon.awssdk.services.iam.model.AttachedPolicy;
+import software.amazon.awssdk.services.iam.model.Group;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author Donghwi Kim
+ * @since 1.0.0
+ */
+public class AwsIamGroupAttachedPolicyDataFetcher implements DataFetcher<AwsIamGroupAttachedPolicy>, Serializable {
+
+	public static final AwsIamGroupAttachedPolicyDataFetcher INSTANCE = new AwsIamGroupAttachedPolicyDataFetcher();
+
+	private AwsIamGroupAttachedPolicyDataFetcher() {
+	}
+
+	@Override
+	public List<AwsIamGroupAttachedPolicy> fetch(DataFetchContext context) {
+		try {
+			List<AwsConnectorConfig.Account> accounts = AwsConnectorConfig.ACCOUNT.getAll( context );
+			SdkHttpClient sdkHttpClient = AwsConnectorConfig.HTTP_CLIENT.find( context );
+			List<AwsIamGroupAttachedPolicy> list = new ArrayList<>();
+			for ( AwsConnectorConfig.Account account : accounts ) {
+				IamClientBuilder iamClientBuilder = IamClient.builder()
+						// Any region is fine for IAM operations
+						.region( account.getRegions().iterator().next() )
+						.credentialsProvider( account.getCredentialsProvider() );
+				if ( sdkHttpClient != null ) {
+					iamClientBuilder.httpClient( sdkHttpClient );
+				}
+				try (IamClient client = iamClientBuilder.build()) {
+					for ( Group group : client.listGroupsPaginator().groups() ) {
+						for ( AttachedPolicy attachedPolicy : client.listAttachedGroupPoliciesPaginator(
+								builder -> builder.groupName( group.groupName() )
+						).attachedPolicies() ) {
+							list.add( AwsIamGroupAttachedPolicy.from(
+									account.getAccountId(),
+									group.groupName(),
+									attachedPolicy
+							) );
+						}
+					}
+				}
+			}
+			return list;
+		}
+		catch (RuntimeException e) {
+			throw new DataFetcherException( "Could not fetch group attached policies", e );
+		}
+	}
+
+	@Override
+	public DataFormat getDataFormat() {
+		return DataFormats.componentMethodConvention( AwsIamGroupAttachedPolicy.class, AwsConventionContext.INSTANCE );
+	}
+}