Skip to content

Commit

Permalink
AWS Inspector module (#1239)
Browse files Browse the repository at this point in the history 
* Inspector module

* Documentation added

* Removed the devservices project
  • Loading branch information
@javaduke
javaduke authored Apr 27, 2024
1 parent c9bcaa5 commit bbf80df
Show file tree
Hide file tree
Showing 16 changed files with 2,313 additions and 0 deletions.
10 changes: 10 additions & 0 deletions bom/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,16 @@
<artifactId>quarkus-amazon-iam-deployment</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkiverse.amazonservices</groupId>
<artifactId>quarkus-amazon-inspector</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkiverse.amazonservices</groupId>
<artifactId>quarkus-amazon-inspector-deployment</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkiverse.amazonservices</groupId>
<artifactId>quarkus-amazon-devservices-kms</artifactId>
Expand Down
1 change: 1 addition & 0 deletions docs/modules/ROOT/nav.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* xref:amazon-dynamodb.adoc[DynamoDB]
* xref:amazon-eventbridge.adoc[EventBridge]
* xref:amazon-iam.adoc[IAM]
* xref:amazon-inspector.adoc[Inspector]
* xref:amazon-kinesis.adoc[Kinesis]
* xref:amazon-kms.adoc[KMS]
* xref:amazon-lambda.adoc[Lambda]
Expand Down
17 changes: 17 additions & 0 deletions docs/modules/ROOT/pages/amazon-inspector.adoc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
= Amazon Inspector Client

include::./includes/attributes.adoc[]

Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.

You can find more information about Inspector at https://aws.amazon.com/inspector/[the Amazon Inspector website].

NOTE: The Inspector extension is based on https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/welcome.html[AWS Java SDK 2.x].
It's a major rewrite of the 1.x code base that offers two programming models (Blocking & Async).

The Quarkus extension supports two programming models:

* Blocking access using URL Connection HTTP client (by default) or the Apache HTTP Client
* https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/basics-async.html[Asynchronous programming] based on JDK's `CompletableFuture` objects and the Netty HTTP client (by default) or the AWS CRT-based HTTP client
include::./includes/quarkus-amazon-inspector.adoc[]
1,650 changes: 1,650 additions & 0 deletions docs/modules/ROOT/pages/includes/quarkus-amazon-inspector.adoc
View file

Large diffs are not rendered by default.

83 changes: 83 additions & 0 deletions inspector/deployment/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>io.quarkiverse.amazonservices</groupId>
<artifactId>quarkus-amazon-inspector-parent</artifactId>
<version>999-SNAPSHOT</version>
</parent>

<artifactId>quarkus-amazon-inspector-deployment</artifactId>
<name>Quarkus - Amazon Services - Inspector - Deployment</name>

<dependencies>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-core-deployment</artifactId>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-arc-deployment</artifactId>
</dependency>
<dependency>
<groupId>io.quarkiverse.amazonservices</groupId>
<artifactId>quarkus-amazon-common-deployment</artifactId>
</dependency>
<dependency>
<groupId>io.quarkiverse.amazonservices</groupId>
<artifactId>quarkus-amazon-inspector</artifactId>
</dependency>

<!-- Test dependencies -->
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-junit5-internal</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.rest-assured</groupId>
<artifactId>rest-assured</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>netty-nio-client</artifactId>
<scope>test</scope>
</dependency>
<!-- Imported manually because conditional dependencies
are not automatically added to test scope -->
<dependency>
<groupId>io.quarkiverse.amazonservices</groupId>
<artifactId>quarkus-amazon-netty-client-internal-deployment</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>aws-crt-client</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>url-connection-client</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<annotationProcessorPaths>
<path>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-extension-processor</artifactId>
<version>${quarkus.version}</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
</plugins>
</build>
</project>
199 changes: 199 additions & 0 deletions ...r/deployment/src/main/java/io/quarkus/amazon/inspector/deployment/InspectorProcessor.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,199 @@
package io.quarkus.amazon.inspector.deployment;

import java.util.List;

import org.jboss.jandex.DotName;

import io.quarkus.amazon.common.deployment.AbstractAmazonServiceProcessor;
import io.quarkus.amazon.common.deployment.AmazonClientAsyncResultBuildItem;
import io.quarkus.amazon.common.deployment.AmazonClientAsyncTransportBuildItem;
import io.quarkus.amazon.common.deployment.AmazonClientBuildItem;
import io.quarkus.amazon.common.deployment.AmazonClientInterceptorsPathBuildItem;
import io.quarkus.amazon.common.deployment.AmazonClientSyncResultBuildItem;
import io.quarkus.amazon.common.deployment.AmazonClientSyncTransportBuildItem;
import io.quarkus.amazon.common.deployment.AmazonHttpClients;
import io.quarkus.amazon.common.deployment.RequireAmazonClientBuildItem;
import io.quarkus.amazon.common.deployment.spi.EventLoopGroupBuildItem;
import io.quarkus.amazon.common.runtime.AmazonClientApacheTransportRecorder;
import io.quarkus.amazon.common.runtime.AmazonClientAwsCrtTransportRecorder;
import io.quarkus.amazon.common.runtime.AmazonClientCommonRecorder;
import io.quarkus.amazon.common.runtime.AmazonClientNettyTransportRecorder;
import io.quarkus.amazon.common.runtime.AmazonClientOpenTelemetryRecorder;
import io.quarkus.amazon.common.runtime.AmazonClientUrlConnectionTransportRecorder;
import io.quarkus.amazon.inspector.runtime.InspectorBuildTimeConfig;
import io.quarkus.amazon.inspector.runtime.InspectorClientProducer;
import io.quarkus.amazon.inspector.runtime.InspectorRecorder;
import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.arc.deployment.BeanRegistrationPhaseBuildItem;
import io.quarkus.arc.deployment.SyntheticBeanBuildItem;
import io.quarkus.deployment.Capabilities;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.ExecutorBuildItem;
import io.quarkus.deployment.builditem.ExtensionSslNativeSupportBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.deployment.builditem.LaunchModeBuildItem;
import software.amazon.awssdk.services.inspector.InspectorAsyncClient;
import software.amazon.awssdk.services.inspector.InspectorAsyncClientBuilder;
import software.amazon.awssdk.services.inspector.InspectorClient;
import software.amazon.awssdk.services.inspector.InspectorClientBuilder;

public class InspectorProcessor extends AbstractAmazonServiceProcessor {

private static final String AMAZON_INSPECTOR = "amazon-inspector";

InspectorBuildTimeConfig buildTimeConfig;

@Override
protected String amazonServiceClientName() {
return AMAZON_INSPECTOR;
}

@Override
protected String configName() {
return "inspector";
}

@Override
protected DotName syncClientName() {
return DotName.createSimple(InspectorClient.class.getName());
}

@Override
protected DotName asyncClientName() {
return DotName.createSimple(InspectorAsyncClient.class.getName());
}

@Override
protected String builtinInterceptorsPath() {
return "software/amazon/awssdk/services/inspector/execution.interceptors";
}

@BuildStep
AdditionalBeanBuildItem producer() {
return AdditionalBeanBuildItem.unremovableOf(InspectorClientProducer.class);
}

@BuildStep
void setup(
BuildProducer<ExtensionSslNativeSupportBuildItem> extensionSslNativeSupport,
BuildProducer<FeatureBuildItem> feature,
BuildProducer<AmazonClientInterceptorsPathBuildItem> interceptors) {

setupExtension(extensionSslNativeSupport, feature, interceptors);
}

@BuildStep
void discover(BeanRegistrationPhaseBuildItem beanRegistrationPhase,
BuildProducer<RequireAmazonClientBuildItem> requireClientProducer) {

discoverClient(beanRegistrationPhase, requireClientProducer);
}

@BuildStep
void setupClient(List<RequireAmazonClientBuildItem> clientRequirements,
BuildProducer<AmazonClientBuildItem> clientProducer) {

setupClient(clientRequirements, clientProducer, buildTimeConfig.sdk(), buildTimeConfig.syncClient(),
buildTimeConfig.asyncClient());
}

@BuildStep(onlyIf = AmazonHttpClients.IsAmazonApacheHttpServicePresent.class)
@Record(ExecutionTime.RUNTIME_INIT)
void setupApacheSyncTransport(List<AmazonClientBuildItem> amazonClients, InspectorRecorder recorder,
AmazonClientApacheTransportRecorder transportRecorder,
BuildProducer<AmazonClientSyncTransportBuildItem> syncTransports) {

createApacheSyncTransportBuilder(amazonClients,
transportRecorder,
buildTimeConfig.syncClient(),
recorder.getSyncConfig(),
syncTransports);
}

@BuildStep(onlyIf = AmazonHttpClients.IsAmazonAwsCrtHttpServicePresent.class)
@Record(ExecutionTime.RUNTIME_INIT)
void setupAwsCrtSyncTransport(List<AmazonClientBuildItem> amazonClients, InspectorRecorder recorder,
AmazonClientAwsCrtTransportRecorder transportRecorder,
BuildProducer<AmazonClientSyncTransportBuildItem> syncTransports) {

createAwsCrtSyncTransportBuilder(amazonClients,
transportRecorder,
buildTimeConfig.syncClient(),
recorder.getSyncConfig(),
syncTransports);
}

@BuildStep(onlyIf = AmazonHttpClients.IsAmazonUrlConnectionHttpServicePresent.class)
@Record(ExecutionTime.RUNTIME_INIT)
void setupUrlConnectionSyncTransport(List<AmazonClientBuildItem> amazonClients, InspectorRecorder recorder,
AmazonClientUrlConnectionTransportRecorder transportRecorder,
BuildProducer<AmazonClientSyncTransportBuildItem> syncTransports) {

createUrlConnectionSyncTransportBuilder(amazonClients,
transportRecorder,
buildTimeConfig.syncClient(),
recorder.getSyncConfig(),
syncTransports);
}

@BuildStep(onlyIf = AmazonHttpClients.IsAmazonNettyHttpServicePresent.class)
@Record(ExecutionTime.RUNTIME_INIT)
void setupNettyAsyncTransport(List<AmazonClientBuildItem> amazonClients, InspectorRecorder recorder,
AmazonClientNettyTransportRecorder transportRecorder,
BuildProducer<AmazonClientAsyncTransportBuildItem> asyncTransports,
EventLoopGroupBuildItem eventLoopSupplier) {

createNettyAsyncTransportBuilder(amazonClients,
transportRecorder,
buildTimeConfig.asyncClient(),
recorder.getAsyncConfig(),
asyncTransports, eventLoopSupplier.getMainEventLoopGroup());
}

@BuildStep(onlyIf = AmazonHttpClients.IsAmazonAwsCrtHttpServicePresent.class)
@Record(ExecutionTime.RUNTIME_INIT)
void setupAwsCrtAsyncTransport(List<AmazonClientBuildItem> amazonClients, InspectorRecorder recorder,
AmazonClientAwsCrtTransportRecorder transportRecorder,
BuildProducer<AmazonClientAsyncTransportBuildItem> asyncTransports) {

createAwsCrtAsyncTransportBuilder(amazonClients,
transportRecorder,
buildTimeConfig.asyncClient(),
recorder.getAsyncConfig(),
asyncTransports);
}

@BuildStep
@Record(ExecutionTime.RUNTIME_INIT)
void createClientBuilders(InspectorRecorder recorder,
Capabilities capabilities,
AmazonClientCommonRecorder commonRecorder,
AmazonClientOpenTelemetryRecorder otelRecorder,
List<AmazonClientSyncTransportBuildItem> syncTransports,
List<AmazonClientAsyncTransportBuildItem> asyncTransports,
BuildProducer<SyntheticBeanBuildItem> syntheticBeans,
BuildProducer<AmazonClientSyncResultBuildItem> clientSync,
BuildProducer<AmazonClientAsyncResultBuildItem> clientAsync,
LaunchModeBuildItem launchModeBuildItem,
ExecutorBuildItem executorBuildItem) {

createClientBuilders(capabilities,
recorder,
commonRecorder,
otelRecorder,
buildTimeConfig,
syncTransports,
asyncTransports,
InspectorClientBuilder.class,
InspectorAsyncClientBuilder.class,
null,
syntheticBeans,
clientSync,
clientAsync,
launchModeBuildItem,
executorBuildItem);
}
}
29 changes: 29 additions & 0 deletions ...c/test/java/io/quarkus/amazon/inspector/deployment/InspectorSyncClientFullConfigTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
package io.quarkus.amazon.inspector.deployment;

import jakarta.inject.Inject;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusUnitTest;
import software.amazon.awssdk.services.inspector.InspectorAsyncClient;
import software.amazon.awssdk.services.inspector.InspectorClient;

public class InspectorSyncClientFullConfigTest {

@Inject
InspectorClient client;

@Inject
InspectorAsyncClient async;

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest()
.withApplicationRoot((jar) -> jar
.addAsResource("sync-urlconn-full-config.properties", "application.properties"));

@Test
public void test() {
// should finish with success
}
}
10 changes: 10 additions & 0 deletions inspector/deployment/src/test/resources/sync-urlconn-full-config.properties
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
quarkus.inspector.endpoint-override=http://localhost:9090

quarkus.inspector.aws.region=us-east-1
quarkus.inspector.aws.credentials.type=static
quarkus.inspector.aws.credentials.static-provider.access-key-id=test-key
quarkus.inspector.aws.credentials.static-provider.secret-access-key=test-secret

quarkus.inspector.sync-client.type = url
quarkus.inspector.sync-client.connection-timeout = 0.100S
quarkus.inspector.sync-client.socket-timeout = 0.100S
21 changes: 21 additions & 0 deletions inspector/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>io.quarkiverse.amazonservices</groupId>
<artifactId>quarkus-amazon-services-build-parent</artifactId>
<version>999-SNAPSHOT</version>
<relativePath>../build-parent/pom.xml</relativePath>
</parent>

<artifactId>quarkus-amazon-inspector-parent</artifactId>
<name>Quarkus - Amazon Services - Inspector</name>
<packaging>pom</packaging>

<modules>
<module>runtime</module>
<module>deployment</module>
</modules>

</project>
Loading

0 comments on commit bbf80df

Please sign in to comment.