Merge branch 'master' into SAAS-4973

celsogbezerra · Jun 26, 2022 · 0c01177 · 0c01177
2 parents 97fcbfa + 6375480
commit 0c01177
Show file tree

Hide file tree

Showing 46 changed files with 4,042 additions and 7 deletions.
diff --git a/collectors/oracle/collector.js b/collectors/oracle/collector.js
@@ -114,6 +114,14 @@ var calls = {
             restVersion: '/20171215',
         }
     },
+    fileSystem: {
+        list: {
+            api: 'fileStorage',
+            filterKey: ['compartmentId'],
+            filterValue: ['compartmentId'],
+            restVersion: '/20171215',
+        }
+    },
     mountTarget: {
         list: {
             api: 'fileStorage',
@@ -132,6 +140,14 @@ var calls = {
             filterValue: ['compartmentId'],
         }
     },
+    defaultTags: {
+        list: {
+            api: 'iam',
+            filterKey: ['compartmentId'],
+            filterValue: ['compartmentId'],
+            restVersion: '/20160918'
+        }
+    },
     waasPolicy: {
         list: {
             api: 'waas',
@@ -140,6 +156,22 @@ var calls = {
             filterValue: ['compartmentId'],
         }
     },
+    topics: {
+        list: {
+            api: 'notification',
+            restVersion: '/20181201',
+            filterKey: ['compartmentId'],
+            filterValue: ['compartmentId'],
+        }
+    },
+    subscriptions: {
+        list: {
+            api: 'notification',
+            restVersion: '/20181201',
+            filterKey: ['compartmentId'],
+            filterValue: ['compartmentId'],
+        }
+    },
     policy: {
         list: {
             api: 'iam',
@@ -253,7 +285,15 @@ var calls = {
             filterKey: ['compartmentId'],
             filterValue: ['compartmentId'],
         }
-    }
+    },
+    vault: {
+        list: {
+            api: 'kms',
+            filterKey: ['compartmentId'],
+            filterValue: ['compartmentId'],
+            restVersion: '/20180608',
+        }
+    },
 };
 
 // Important Note: All relies must be passed in an array format []
@@ -389,6 +429,27 @@ var postcalls = {
             filterConfig: [true, false],
         }
     },
+    keys: {
+        list: {
+            api: 'kms',
+            reliesOnService: ['vault'],
+            reliesOnCall: ['list'],
+            filterKey: ['compartmentId', 'managementEndpoint'],
+            filterValue: ['compartmentId', 'managementEndpoint'],
+            restVersion: '/20180608'
+        }
+    },
+    cluster: {
+        get: {
+            api: 'oke',
+            reliesOnService: ['cluster'],
+            reliesOnCall: ['list'],
+            restVersion: '/20180222',
+            filterKey: ['id'],
+            filterValue: ['id'],
+            filterConfig: [false]
+        },
+    }
 };
 
 // Important Note: All relies must be passed in an array format []

diff --git a/exports.js b/exports.js
@@ -85,12 +85,15 @@ module.exports = {
         'cloudtrailNotificationsEnabled': require(__dirname + '/plugins/aws/cloudtrail/cloudtrailNotificationsEnabled.js'),
 
         'optimizerRecommendationsEnabled': require(__dirname + '/plugins/aws/computeoptimizer/optimizerRecommendationsEnabled.js'),
+        'ebsVolumesOptimized'           : require(__dirname + '/plugins/aws/computeoptimizer/ebsVolumesOptimized.js'),
 
         'configServiceEnabled'          : require(__dirname + '/plugins/aws/configservice/configServiceEnabled.js'),
         'configComplaintRules'          : require(__dirname + '/plugins/aws/configservice/configComplaintRules.js'),
         'configDeliveryFailing'         : require(__dirname + '/plugins/aws/configservice/configDeliveryFailing.js'),
         'configServiceMissingBucket'    : require(__dirname + '/plugins/aws/configservice/configServiceMissingBucket.js'),
 
+        'ec2InstancesOptimized'         : require(__dirname + '/plugins/aws/computeoptimizer/ec2InstancesOptimized.js'),
+
         'devOpsGuruNotificationEnabled' : require(__dirname + '/plugins/aws/devopsguru/devOpsGuruNotificationEnabled.js'),
 
         'dmsEncryptionEnabled'          : require(__dirname + '/plugins/aws/dms/dmsEncryptionEnabled.js'),
@@ -111,6 +114,9 @@ module.exports = {
         'unassociatedElasticIp'         : require(__dirname + '/plugins/aws/ec2/unassociatedElasticIp.js'),
         'subnetIpAvailability'          : require(__dirname + '/plugins/aws/ec2/subnetIpAvailability.js'),
         'excessiveSecurityGroups'       : require(__dirname + '/plugins/aws/ec2/excessiveSecurityGroups.js'),
+
+        'enhancedMetadataEnabled'       : require(__dirname + '/plugins/aws/imagebuilder/enhancedMetadataEnabled.js'),
+
         'instanceLimit'                 : require(__dirname + '/plugins/aws/ec2/instanceLimit.js'),
         'instanceVcpusLimit'            : require(__dirname + '/plugins/aws/ec2/instanceVcpusLimit.js'),
         'instanceMaxCount'              : require(__dirname + '/plugins/aws/ec2/instanceMaxCount.js'),
@@ -425,6 +431,10 @@ module.exports = {
 
         'memorydbClusterEncrypted'      : require(__dirname + '/plugins/aws/memorydb/memorydbClusterEncrypted.js'),
 
+        'mskClusterCBEncryption'        : require(__dirname + '/plugins/aws/msk/mskClusterCBEncryption.js'),
+
+        'mskClusterPublicAccess'        : require(__dirname + '/plugins/aws/msk/mskClusterPublicAccess.js'),
+        'mskClusterUnauthAccess'        : require(__dirname + '/plugins/aws/msk/mskClusterUnauthAccess.js'),
         'mskClusterEncryptionAtRest'    : require(__dirname + '/plugins/aws/msk/mskClusterEncryptionAtRest.js'),
         'mskClusterEncryptionInTransit' : require(__dirname + '/plugins/aws/msk/mskClusterEncryptionInTransit.js'),
 
@@ -813,6 +823,8 @@ module.exports = {
         'bootVolumeRestorable'          : require(__dirname + '/plugins/oracle/compute/bootVolumeRestorable.js'),
         'bootVolumeBackupEnabled'       : require(__dirname + '/plugins/oracle/compute/bootVolumeBackupEnabled.js'),
         'instancePolicyProtection'      : require(__dirname + '/plugins/oracle/compute/instancePolicyProtection.js'),
+        'bootVolumeCMKEncryption'       : require(__dirname + '/plugins/oracle/compute/bootVolumeCMKEncryption.js'),
+        'legacyEndpointDisabled'        : require(__dirname + '/plugins/oracle/compute/legacyEndpointDisabled.js'),
 
         'usersMfaEnabled'               : require(__dirname + '/plugins/oracle/identity/usersMfaEnabled.js'),
         'passwordRequiresLowercase'     : require(__dirname + '/plugins/oracle/identity/passwordRequiresLowercase.js'),
@@ -830,6 +842,8 @@ module.exports = {
         'userCustomerSecretKeysRotated' : require(__dirname + '/plugins/oracle/identity/userCustomerSecretKeysRotated.js'),
         'userAPIKeysRotated'            : require(__dirname + '/plugins/oracle/identity/userAPIKeysRotated.js'),
         'usersPasswordLastUsed'         : require(__dirname + '/plugins/oracle/identity/usersPasswordLastUsed.js'),
+        'defaultTagsForResources'       : require(__dirname + '/plugins/oracle/identity/defaultTagsForResources.js'),
+        'notificationTopicSubscription' : require(__dirname + '/plugins/oracle/identity/notificationTopicSubscription.js'),
 
         'openSSH'                       : require(__dirname + '/plugins/oracle/networking/openSSH.js'),
         'openOracleAutoDataWarehouse'   : require(__dirname + '/plugins/oracle/networking/openOracleAutoDataWarehouse.js'),
@@ -862,6 +876,7 @@ module.exports = {
         'lbNSGEnabled'                  : require(__dirname + '/plugins/oracle/networking/lbNSGEnabled.js'),
         'lbNoInstances'                 : require(__dirname + '/plugins/oracle/networking/lbNoInstances.js'),
         'wafPublicIpEnabled'            : require(__dirname + '/plugins/oracle/networking/wafPublicIpEnabled.js'),
+        'inboundSecurityLists'          : require(__dirname + '/plugins/oracle/networking/inboundSecurityLists.js'),
 
         'multipleSubnets'               : require(__dirname + '/plugins/oracle/networking/multipleSubnets.js'),
         'subnetMultiAd'                 : require(__dirname + '/plugins/oracle/networking/subnetMultiAd.js'),
@@ -870,9 +885,13 @@ module.exports = {
         'preAuthRequestsExpiry'         : require(__dirname + '/plugins/oracle/objectstore/preAuthRequestsExpiry.js'),
         'preAuthRequestsAccess'         : require(__dirname + '/plugins/oracle/objectstore/preAuthRequestsAccess.js'),
         'objectPolicyProtection'        : require(__dirname + '/plugins/oracle/objectstore/objectPolicyProtection.js'),
+        'bucketCMKEncryption'           : require(__dirname + '/plugins/oracle/objectstore/bucketCMKEncryption.js'),
+        'bucketVersioning'              : require(__dirname + '/plugins/oracle/objectstore/bucketVersioning.js'),
+        'bucketObjectEvents'            : require(__dirname + '/plugins/oracle/objectstore/bucketObjectEvents.js'),
 
         'nfsPublicAccess'               : require(__dirname + '/plugins/oracle/filestorage/nfsPublicAccess.js'),
         'nfsPolicyProtection'           : require(__dirname + '/plugins/oracle/filestorage/nfsPolicyProtection.js'),
+        'fileSystemsCMKEncryption'      : require(__dirname + '/plugins/oracle/filestorage/fileSystemsCMKEncryption.js'),
 
         'dbBackupEnabled'               : require(__dirname + '/plugins/oracle/database/dbBackupEnabled.js'),
         'dbPrivateSubnetOnly'           : require(__dirname + '/plugins/oracle/database/dbPrivateSubnetOnly.js'),
@@ -883,10 +902,12 @@ module.exports = {
         'blockVolumeBackupEnabled'      : require(__dirname + '/plugins/oracle/blockstorage/blockVolumeBackupEnabled.js'),
         'volumeGroupsRestorable'        : require(__dirname + '/plugins/oracle/blockstorage/volumeGroupsRestorable.js'),
         'blockPolicyProtection'         : require(__dirname + '/plugins/oracle/blockstorage/blockPolicyProtection.js'),
+        'blockVolumeCMKEncryption'      : require(__dirname + '/plugins/oracle/blockstorage/blockVolumeCMKEncryption.js'),
 
         'logRetentionPeriod'            : require(__dirname + '/plugins/oracle/audit/logRetentionPeriod.js'),
 
         'okePrivateEndpoint'            : require(__dirname + '/plugins/oracle/oke/okePrivateEndpoint.js'),
+        'okeSecretsEncrypted'           : require(__dirname + '/plugins/oracle/oke/okeSecretsEncrypted.js'),
     },
     google: {
         'excessiveFirewallRules'        : require(__dirname + '/plugins/google/vpcnetwork/excessiveFirewallRules.js'),

diff --git a/helpers/aws/api.js b/helpers/aws/api.js
@@ -698,6 +698,12 @@ var calls = {
             override: true
         }
     },
+    Imagebuilder: {
+        listImagePipelines: {
+            property: 'imagePipelineList',
+            paginate: 'nextToken'
+        }
+    },
     IoTSiteWise: {
         describeDefaultEncryptionConfiguration: {
         }

diff --git a/helpers/aws/regions.js b/helpers/aws/regions.js
@@ -192,6 +192,7 @@ module.exports = {
     appmesh:  ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1',
         'eu-west-1', 'eu-west-2', 'eu-west-3', 'eu-north-1', 'ap-northeast-1', 'ap-northeast-2', 'eu-south-1',
         'ap-southeast-1', 'ap-southeast-2', 'ap-south-1', 'sa-east-1', 'ap-east-1', 'me-south-1', 'af-south-1'],
+    imagebuilder: [...regions, ...newRegions],
     frauddetector: ['us-east-1', 'us-east-2', 'us-west-2', 'eu-west-1', 'ap-southeast-1', 'ap-southeast-2'],
     computeoptimizer: ['us-east-1'],
     appconfig: [...regions, ...newRegions]

diff --git a/helpers/aws/regions_china.js b/helpers/aws/regions_china.js
@@ -117,6 +117,7 @@ module.exports = {
     voiceid: regions,
     appmesh: regions,
     frauddetector: regions,
-    computeoptimizer: ['cn-north-1'],
+    imagebuilder: regions,
+    computeoptimizer: regions,
     appconfig: regions
 };
diff --git a/helpers/aws/regions_gov.js b/helpers/aws/regions_gov.js
@@ -116,6 +116,7 @@ module.exports = {
     voiceid: regions,
     appmesh: regions,
     frauddetector: regions,
-    computeoptimizer: ['us-gov-west-1'],
+    imagebuilder: regions,
+    computeoptimizer: regions,
     appconfig: regions
 };
diff --git a/helpers/oracle/functions.js b/helpers/oracle/functions.js
@@ -1,4 +1,5 @@
 var shared = require(__dirname + '/../shared.js');
+var async = require('async');
 
 var ipProtocol = {
     "tcp" : {
@@ -341,6 +342,22 @@ function normalizePolicyStatement(policyStatement) {
     return statementObj;
 }
 
+function getProtectionLevel(cryptographickey, encryptionLevels) {
+    if (cryptographickey && cryptographickey.protectionMode) {
+        if (cryptographickey.protectionMode.toUpperCase() == 'SOFTWARE') return encryptionLevels.indexOf('cloudcmek');
+        else if (cryptographickey.protectionMode.toUpperCase() == 'HSM') return encryptionLevels.indexOf('cloudhsm');
+    }
+
+    return encryptionLevels.indexOf('unspecified');
+}
+
+function listToObj(resultObj, listData, onKey) {
+    async.each(listData, function (entry, cb) {
+        if (entry[onKey]) resultObj[entry[onKey]] = entry;
+        cb();
+    });
+}
+
 function testStatement(statementObj, resourceTypes, policyAdmins, verbs) {
     let whereNames = ['request.user.id', 'request.user.name', 'request.groups.id', 'request.group.name', 'request.networkSource.name', 'target.user.name', 'request.instance.compartment.id', 'request.ad'];
 
@@ -378,5 +395,7 @@ module.exports = {
     findOpenPortsAll: findOpenPortsAll,
     checkRegionSubscription: checkRegionSubscription,
     normalizePolicyStatement: normalizePolicyStatement,
-    testStatement: testStatement
+    testStatement: testStatement,
+    getProtectionLevel: getProtectionLevel,
+    listToObj: listToObj
 };
diff --git a/helpers/oracle/index.js b/helpers/oracle/index.js
@@ -134,7 +134,8 @@ function OracleExecutor(OracleConfig) {
 var helpers = {
     regions: regions,
     OracleExecutor: OracleExecutor,
-    MAX_REGIONS_AT_A_TIME: 6
+    MAX_REGIONS_AT_A_TIME: 6,
+    PROTECTION_LEVELS: ['unspecified', 'default', 'cloudcmek', 'cloudhsm'],
 };
 
 for (var s in shared) helpers[s] = shared[s];

diff --git a/helpers/oracle/regions.js b/helpers/oracle/regions.js
@@ -47,10 +47,14 @@ module.exports = {
     authenticationPolicy: regions,
     exprt: regions,
     exportSummary: regions,
+    fileSystem: regions,
     compartment: regions,
     bucket: regions,
     waasPolicy: regions,
+    topics: regions,
+    subscriptions: regions,
     policy: regions,
+    defaultTags: ['default'],
     subnet: regions,
     dbHome: regions,
     database: regions,
@@ -77,5 +81,7 @@ module.exports = {
     apiKey: ['default'],
     authToken: ['default'],
     customerSecretKey: ['default'],
-    cluster: regions,
+    vault: regions,
+    keys: regions,
+    cluster: regions
 };
diff --git a/other_modules/oci/index.js b/other_modules/oci/index.js
@@ -8,6 +8,12 @@ module.exports = function(api, service, key, OracleConfig, parameters, callback)
 
     var localService = services[api][service][key];
 
+    //replacing endpoint with managementRndpoint value from vault for keys api
+    if (api === 'kms' && localService.path === 'keys') {
+        localService.endpoint = parameters.managementEndpoint.replace('https://', '');
+        delete parameters['managementEndpoint'];
+    }
+
     var suffix = '';
     if (localService.encodedGet) {
         suffix += ('/' + encodeURIComponent(parameters[localService.encodedGet]));