From 2cace1edb1c861b55645dc5d836412892284b90d Mon Sep 17 00:00:00 2001 From: Alex Shcherbakov Date: Wed, 18 Oct 2023 13:55:22 +0300 Subject: [PATCH] feat: Add options appicable to `jsonschema.Reflector` prior to generation (#60) --- go.mod | 8 +- go.sum | 20 +- jsonschema/docs/.snapshots/TestAWS.md | 1317 +++++++++++++++++- jsonschema/docs/.snapshots/TestClickHouse.md | 7 + jsonschema/docs/docs.go | 35 +- jsonschema/docs/testdata/aws.json | 967 ++++++++----- jsonschema/generate.go | 15 +- jsonschema/options.go | 14 + 8 files changed, 2034 insertions(+), 349 deletions(-) create mode 100644 jsonschema/options.go diff --git a/go.mod b/go.mod index f640fcb..d3874e9 100644 --- a/go.mod +++ b/go.mod @@ -12,11 +12,11 @@ require ( github.com/invopop/jsonschema v0.11.0 github.com/jpillora/longestcommon v0.0.0-20161227235612-adb9d91ee629 github.com/stretchr/testify v1.8.4 - golang.org/x/exp v0.0.0-20230905200255-921286631fa9 + golang.org/x/exp v0.0.0-20231006140011-7918f672742d ) // github.com/cloudquery/jsonschema @ cqmain -replace github.com/invopop/jsonschema => github.com/cloudquery/jsonschema v0.0.0-20231013155745-f32a9237eda0 +replace github.com/invopop/jsonschema => github.com/cloudquery/jsonschema v0.0.0-20231018073309-6c617a23d42f require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2 // indirect @@ -38,11 +38,11 @@ require ( github.com/thoas/go-funk v0.9.3 // indirect github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect - golang.org/x/mod v0.12.0 // indirect + golang.org/x/mod v0.13.0 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect - golang.org/x/tools v0.13.0 // indirect + golang.org/x/tools v0.14.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 728b28f..8906272 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oM github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/cloudquery/jsonschema v0.0.0-20231013155745-f32a9237eda0 h1:4L/chcVQqiOQXC9Y9/s51mbX5qWwaKa5sGGNXHkkD/A= -github.com/cloudquery/jsonschema v0.0.0-20231013155745-f32a9237eda0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= +github.com/cloudquery/jsonschema v0.0.0-20231018073309-6c617a23d42f h1:vmYGxIGDVpmhk0QVeDwXXbAt+SwQcOn4xH1G25pmKP8= +github.com/cloudquery/jsonschema v0.0.0-20231018073309-6c617a23d42f/go.mod h1:0SoZ/U7yJlNOR+fWsBSeTvTbGXB6DK01tzJ7m2Xfg34= github.com/cloudquery/plugin-sdk/v4 v4.15.1 h1:FT1L3jPI6QXhbG/erDg4QBBpmldNSR+G/0zoNM9SM8k= github.com/cloudquery/plugin-sdk/v4 v4.15.1/go.mod h1:Wt70RplNLCn680hv2zuNSuGDOchhdq6Cejt6nN2REps= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -91,14 +91,14 @@ github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= +golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -108,8 +108,8 @@ golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= -golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gonum.org/v1/gonum v0.12.0 h1:xKuo6hzt+gMav00meVPUlXwSdoEJP46BR+wdxQEFK2o= diff --git a/jsonschema/docs/.snapshots/TestAWS.md b/jsonschema/docs/.snapshots/TestAWS.md index bb047e7..612cabc 100644 --- a/jsonschema/docs/.snapshots/TestAWS.md +++ b/jsonschema/docs/.snapshots/TestAWS.md @@ -2,7 +2,7 @@ * [`Spec`](#Spec) * [`Account`](#Account) - * [`Org`](#Org) + * [`Organization`](#Organization) * [`TableOptions`](#TableOptions) * [`AccessAnalyzerFindings`](#AccessAnalyzerFindings) * [`CustomAccessAnalyzerListFindingsInput`](#CustomAccessAnalyzerListFindingsInput) @@ -54,55 +54,208 @@ ## Spec * `regions` (`[]string`) (nullable) + + Regions to use. + * `accounts` ([`[]Account`](#Account)) (nullable) -* `org` ([`Org`](#Org)) (nullable) + + List of all accounts to fetch information from. + +* `org` ([`Organization`](#Organization)) (nullable) + + In AWS organization mode, CloudQuery will source all accounts underneath automatically. + * `aws_debug` (`boolean`) + + If `true`, will log AWS debug logs, including retries and other request/response metadata. + * `max_retries` (`integer`) (nullable) (default: `10`) + + Defines the maximum number of times an API request will be retried. + * `max_backoff` (`integer`) (nullable) (default: `30`) + + Defines the duration between retry attempts. + * `custom_endpoint_url` (`string`) + + The base URL endpoint the SDK API clients will use to make API calls to. + The SDK will suffix URI path and query elements to this endpoint. + * `custom_endpoint_hostname_immutable` (`boolean`) (nullable) + + Specifies if the endpoint's hostname can be modified by the SDK's API client. + When using something like LocalStack make sure to set it equal to `true`. + * `custom_endpoint_partition_id` (`string`) + + The AWS partition the endpoint belongs to. + * `custom_endpoint_signing_region` (`string`) + + The region that should be used for signing the request to the endpoint. + * `initialization_concurrency` (`integer`) (range: `[1,+∞)`) (default: `4`) + + During initialization the AWS source plugin fetches information about each account and region. + This setting controls how many accounts can be initialized concurrently. + Only configurations with many accounts (either hardcoded or discovered via Organizations) + should require modifying this setting, to either lower it to avoid rate limit errors, or to increase it to speed up the initialization process. + * `concurrency` (`integer`) (range: `[1,+∞)`) (default: `50000`) + + The best effort maximum number of Go routines to use. Lower this number to reduce memory usage. + * `use_paid_apis` (`boolean`) (default: `false`) + + When set to `true` plugin will sync data from APIs that incur a fee. + Currently only `aws_costexplorer*` and `aws_alpha_cloudwatch_metric*` tables require this flag to be set to `true`. + * `table_options` ([`TableOptions`](#TableOptions)) (nullable) + + This is a preview feature (for more information about `preview` features look at [plugin versioning](/docs/plugins/sources/aws/versioning)) + that enables users to override the default options for specific tables. + * `event_based_sync` ([`EventBasedSync`](#EventBasedSync)) (nullable) + + This feature is available only in premium version of the plugin. + * `scheduler` ([`Strategy`](#Strategy)) + The scheduler to use when determining the priority of resources to sync. + + For more information about this, see [performance tuning](/docs/advanced-topics/performance-tuning). + ### Account + This is used to specify one or more accounts to extract information from. + * `id` (`string`) (required) + + Will be used as an alias in the source plugin and in the logs. + * `account_name` (`string`) + + Will be used as an alias in the source plugin and in the logs. + * `local_profile` (`string`) -* `role_arn` (`string`) ([pattern](https://json-schema.org/draft/2020-12/json-schema-validation#section-6.3.3): `^arn(:[^:\n]*){5}([:/].*)?$`) + + [Local profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) to use to authenticate this account with. + Please note this should be set to the name of the profile. + + For example, with the following credentials file: + + ```ini copy + [default] + aws_access_key_id=xxxx + aws_secret_access_key=xxxx + + [user1] + aws_access_key_id=xxxx + aws_secret_access_key=xxxx + ``` + + `local_profile` should be set to either `default` or `user1`. + +* `role_arn` (`string`) ([pattern](https://json-schema.org/draft/2020-12/json-schema-validation#section-6.3.3): `^(arn(:[^:\n]*){5}([:/].*)?)?$`) + + If specified will use this to assume role. + * `role_session_name` (`string`) + + If specified will use this session name when assume role to `role_arn`. + * `external_id` (`string`) -* `default_region` (`string`) + + If specified will use this when assuming role to `role_arn`. + +* `default_region` (`string`) (default: `us-east-1`) + + If specified, this region will be used as the default region for the account. + * `regions` (`[]string`) (nullable) -### Org + Regions to use for this account. Defaults to global `regions` setting. + +### Organization + + Organization mode spec used to source all accounts underneath automatically. * `admin_account` ([`Account`](#Account)) (nullable) + + Configuration for how to grab credentials from an admin account. + * `member_trusted_principal` ([`Account`](#Account)) (nullable) + + Configuration for how to specify the principle to use in order to assume a role in the member accounts. + * `member_role_name` (`string`) (required) + + Role name that CloudQuery should use to assume a role in the member account from the admin account. + + Note: This is not a full ARN, it is just the name. + * `member_role_session_name` (`string`) + + Overrides the default session name. + * `member_external_id` (`string`) + + Specify an external ID for use in the trust policy. + * `member_regions` (`[]string`) (nullable) + + Limit fetching resources within this specific account to only these regions. + This will override any regions specified in the provider block. + You can specify all regions by using the `*` character as the only argument in the array. + * `organization_units` (`[]string`) (nullable) + + List of Organizational Units that CloudQuery should use to source accounts from. + If you specify an OU, CloudQuery will also traverse nested OUs. + * `skip_organization_units` (`[]string`) (nullable) + + List of Organizational Units to skip. + This is useful in conjunction with `organization_units` if there are child OUs that should be ignored. + * `skip_member_accounts` (`[]string`) (nullable) + List of OU member accounts to skip. + This is useful if there are accounts under the selected OUs that should be ignored. + ### TableOptions + TableOptions allows users to override the default options for specific tables. + * `aws_accessanalyzer_analyzer_findings` ([`AccessAnalyzerFindings`](#AccessAnalyzerFindings)) (nullable) + + Override options for `aws_accessanalyzer_analyzer_findings` table. + * `aws_cloudtrail_events` ([`CloudtrailEvents`](#CloudtrailEvents)) (nullable) + + Override options for `aws_cloudtrail_events` table. + * `aws_alpha_cloudwatch_metrics` ([`CloudwatchMetrics`](#CloudwatchMetrics)) (nullable) + + Override options for `aws_alpha_cloudwatch_metrics` table. + * `aws_alpha_costexplorer_cost_custom` ([`CostExplorerAPIs`](#CostExplorerAPIs)) (nullable) + + Override options for `aws_alpha_costexplorer_cost_custom` table. + * `aws_ecs_cluster_tasks` ([`ECSTasks`](#ECSTasks)) (nullable) + + Override options for `aws_ecs_cluster_tasks` table. + * `aws_inspector2_findings` ([`Inspector2Findings`](#Inspector2Findings)) (nullable) + + Override options for `aws_inspector2_findings` table. + * `aws_securityhub_findings` ([`SecurityHubFindings`](#SecurityHubFindings)) (nullable) + Override options for `aws_securityhub_findings` table. + #### AccessAnalyzerFindings * `list_findings` ([`[]CustomAccessAnalyzerListFindingsInput`](#CustomAccessAnalyzerListFindingsInput)) (nullable) @@ -110,21 +263,49 @@ ##### CustomAccessAnalyzerListFindingsInput * `Filter` ([`map[string]Criterion`](#Criterion)) (nullable) + + A filter to match for the findings to return. + * `MaxResults` (`integer`) (nullable) + + The maximum number of results to return in the response. + * `Sort` ([`SortCriteria`](#SortCriteria)) (nullable) + The sort order for the findings returned. + ###### Criterion + The criteria to use in the filter that defines the archive rule. + * `Contains` (`[]string`) (nullable) + + A "contains" operator to match for the filter used to create the rule. + * `Eq` (`[]string`) (nullable) + + An "equals" operator to match for the filter used to create the rule. + * `Exists` (`boolean`) (nullable) + + An "exists" operator to match for the filter used to create the rule. + * `Neq` (`[]string`) (nullable) + A "not equals" operator to match for the filter used to create the rule. + ###### SortCriteria + The criteria used to sort. + * `AttributeName` (`string`) (nullable) + + The name of the attribute to sort on. + * `OrderBy` (`string`) + The sort order, ascending or descending. + #### CloudtrailEvents * `lookup_events` ([`[]CustomCloudtrailLookupEventsInput`](#CustomCloudtrailLookupEventsInput)) (nullable) @@ -132,16 +313,49 @@ ##### CustomCloudtrailLookupEventsInput * `EndTime` (`string`) (nullable) ([format](https://json-schema.org/draft/2020-12/json-schema-validation#section-7): `date-time`) + + Specifies that only events that occur before or at the specified time are + returned. If the specified end time is before the specified start time, an error + is returned. + * `EventCategory` (`string`) + + Specifies the event category. If you do not specify an event category, events + of the category are not returned in the response. For example, if you do not + specify insight as the value of EventCategory , no Insights events are returned. + * `LookupAttributes` ([`[]LookupAttribute`](#LookupAttribute)) (nullable) + + Contains a list of lookup attributes. Currently the list can contain only one + item. + * `MaxResults` (`integer`) (nullable) + + The number of events to return. Possible values are 1 through 50. The default + is 50. + * `StartTime` (`string`) (nullable) ([format](https://json-schema.org/draft/2020-12/json-schema-validation#section-7): `date-time`) + Specifies that only events that occur after or at the specified time are + returned. If the specified start time is after the specified end time, an error + is returned. + ###### LookupAttribute + Specifies an attribute and value that filter the events returned. + * `AttributeKey` (`string`) + + Specifies an attribute on which to filter the events returned. + + This member is required. + * `AttributeValue` (`string`) (nullable) + Specifies a value for the specified AttributeKey. + + This member is required. + #### CloudwatchMetrics ([`[]CloudwatchMetric`](#CloudwatchMetric)) @@ -149,31 +363,136 @@ ##### CloudwatchMetric * `list_metrics` ([`CloudwatchListMetricsInput`](#CloudwatchListMetricsInput)) + * `get_metric_statistics` ([`[]CloudwatchGetMetricStatisticsInput`](#CloudwatchGetMetricStatisticsInput)) (nullable) ###### CloudwatchListMetricsInput * `Dimensions` ([`[]DimensionFilter`](#DimensionFilter)) (nullable) + + The dimensions to filter against. Only the dimensions that match exactly will + be returned. + * `IncludeLinkedAccounts` (`boolean`) + + If you are using this operation in a monitoring account, specify true to + include metrics from source accounts in the returned data. The default is false . + * `MetricName` (`string`) (nullable) + + The name of the metric to filter against. Only the metrics with names that + match exactly will be returned. + * `Namespace` (`string`) (nullable) + + The metric namespace to filter against. Only the namespace that matches exactly + will be returned. + * `OwningAccount` (`string`) (nullable) + + When you use this operation in a monitoring account, use this field to return + metrics only from one source account. To do so, specify that source account ID + in this field, and also specify true for IncludeLinkedAccounts . + * `RecentlyActive` (`string`) + To filter the results to show only metrics that have had data points published + in the past three hours, specify this parameter with a value of PT3H . This is + the only valid value for this parameter. The results that are returned are an + approximation of the value you specify. There is a low probability that the + returned results include metrics with last published data as much as 40 minutes + more than the specified time interval. + ###### DimensionFilter + Represents filters for a dimension. + * `Name` (`string`) (nullable) + + The dimension name to be matched. + + This member is required. + * `Value` (`string`) (nullable) + The value of the dimension to be matched. + ###### CloudwatchGetMetricStatisticsInput * `EndTime` (`string`) (nullable) ([format](https://json-schema.org/draft/2020-12/json-schema-validation#section-7): `date-time`) + + The time stamp that determines the last data point to return. The value + specified is exclusive; results include data points up to the specified time + stamp. In a raw HTTP query, the time stamp must be in ISO 8601 UTC format (for + example, 2016-10-10T23:00:00Z). + + This member is required. + * `Period` (`integer`) (nullable) + + The granularity, in seconds, of the returned data points. For metrics with + regular resolution, a period can be as short as one minute (60 seconds) and must + be a multiple of 60. For high-resolution metrics that are collected at intervals + of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of + 60. High-resolution metrics are those metrics stored by a PutMetricData call + that includes a StorageResolution of 1 second. If the StartTime parameter + specifies a time stamp that is greater than 3 hours ago, you must specify the + period as follows or no data points in that time range is returned: + - Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds + (1 minute). + - Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5 + minutes). + - Start time greater than 63 days ago - Use a multiple of 3600 seconds (1 + hour). + + This member is required. + * `StartTime` (`string`) (nullable) ([format](https://json-schema.org/draft/2020-12/json-schema-validation#section-7): `date-time`) + + The time stamp that determines the first data point to return. Start times are + evaluated relative to the time that CloudWatch receives the request. The value + specified is inclusive; results include data points with the specified time + stamp. In a raw HTTP query, the time stamp must be in ISO 8601 UTC format (for + example, 2016-10-03T23:00:00Z). CloudWatch rounds the specified time stamp as + follows: + - Start time less than 15 days ago - Round down to the nearest whole minute. + For example, 12:32:34 is rounded down to 12:32:00. + - Start time between 15 and 63 days ago - Round down to the nearest 5-minute + clock interval. For example, 12:32:34 is rounded down to 12:30:00. + - Start time greater than 63 days ago - Round down to the nearest 1-hour + clock interval. For example, 12:32:34 is rounded down to 12:00:00. + If you set Period to 5, 10, or 30, the start time of your request is rounded + down to the nearest time that corresponds to even 5-, 10-, or 30-second + divisions of a minute. For example, if you make a query at (HH:mm:ss) 01:05:23 + for the previous 10-second period, the start time of your request is rounded + down and you receive data from 01:05:10 to 01:05:20. If you make a query at + 15:07:17 for the previous 5 minutes of data, using a period of 5 seconds, you + receive data timestamped between 15:02:15 and 15:07:15. + + This member is required. + * `ExtendedStatistics` (`[]string`) (nullable) + + The percentile statistics. Specify values between p0.0 and p100. When calling + GetMetricStatistics , you must specify either Statistics or ExtendedStatistics , + but not both. Percentile statistics are not available for metrics when any of + the metric values are negative numbers. + * `Statistics` (`[]string`) (nullable) + + The metric statistics, other than percentile. For percentile statistics, use + ExtendedStatistics . When calling GetMetricStatistics , you must specify either + Statistics or ExtendedStatistics , but not both. + * `Unit` (`string`) + The unit for a given metric. If you omit Unit , all data that was collected with + any unit is returned, along with the corresponding units that were specified + when the data was reported to CloudWatch. If you specify a unit, the operation + returns only data that was collected with that unit specified. If you specify a + unit that does not match the data collected, the results of the operation are + null. CloudWatch does not perform unit conversions. + #### CostExplorerAPIs * `get_cost_and_usage` ([`[]CustomGetCostAndUsageInput`](#CustomGetCostAndUsageInput)) (nullable) @@ -181,48 +500,182 @@ ##### CustomGetCostAndUsageInput * `Granularity` (`string`) + + Sets the Amazon Web Services cost granularity to MONTHLY or DAILY , or HOURLY . + If Granularity isn't set, the response object doesn't include the Granularity , + either MONTHLY or DAILY , or HOURLY . + + This member is required. + * `Metrics` (`[]string`) (nullable) + + Which metrics are returned in the query. For more information about blended and + unblended rates, see Why does the "blended" annotation appear on some line + items in my bill? (http://aws.amazon.com/premiumsupport/knowledge-center/blended-rates-intro/) + . Valid values are AmortizedCost , BlendedCost , NetAmortizedCost , + NetUnblendedCost , NormalizedUsageAmount , UnblendedCost , and UsageQuantity . + If you return the UsageQuantity metric, the service aggregates all usage + numbers without taking into account the units. For example, if you aggregate + usageQuantity across all of Amazon EC2, the results aren't meaningful because + Amazon EC2 compute hours and data transfer are measured in different units (for + example, hours and GB). To get more meaningful UsageQuantity metrics, filter by + UsageType or UsageTypeGroups . Metrics is required for GetCostAndUsage requests. + + This member is required. + * `TimePeriod` ([`DateInterval`](#DateInterval)) (nullable) + + Sets the start date and end date for retrieving Amazon Web Services costs. The + start date is inclusive, but the end date is exclusive. For example, if start + is 2017-01-01 and end is 2017-05-01 , then the cost and usage data is retrieved + from 2017-01-01 up to and including 2017-04-30 but not including 2017-05-01 . + + This member is required. + * `Filter` ([`Expression`](#Expression)) (nullable) + + Filters Amazon Web Services costs by different dimensions. For example, you can + specify SERVICE and LINKED_ACCOUNT and get the costs that are associated with + that account's usage of that service. You can nest Expression objects to define + any combination of dimension filters. For more information, see Expression (https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html) + . Valid values for MatchOptions for Dimensions are EQUALS and CASE_SENSITIVE . + Valid values for MatchOptions for CostCategories and Tags are EQUALS , ABSENT , + and CASE_SENSITIVE . Default values are EQUALS and CASE_SENSITIVE . + * `GroupBy` ([`[]GroupDefinition`](#GroupDefinition)) (nullable) + You can group Amazon Web Services costs using up to two different groups, + either dimensions, tag keys, cost categories, or any two group by types. Valid + values for the DIMENSION type are AZ , INSTANCE_TYPE , LEGAL_ENTITY_NAME , + INVOICING_ENTITY , LINKED_ACCOUNT , OPERATION , PLATFORM , PURCHASE_TYPE , + SERVICE , TENANCY , RECORD_TYPE , and USAGE_TYPE . When you group by the TAG + type and include a valid tag key, you get all tag values, including empty + strings. + ###### DateInterval + The time period of the request. + * `End` (`string`) (nullable) + + The end of the time period. The end date is exclusive. For example, if end is + 2017-05-01 , Amazon Web Services retrieves cost and usage data from the start + date up to, but not including, 2017-05-01 . + + This member is required. + * `Start` (`string`) (nullable) + The beginning of the time period. The start date is inclusive. For example, if + start is 2017-01-01 , Amazon Web Services retrieves cost and usage data starting + at 2017-01-01 up to the end date. The start date must be equal to or no later + than the current date to avoid a validation error. + + This member is required. + ###### Expression + Use Expression to filter in various Cost Explorer APIs. + * `And` ([`[]Expression`](#Expression)) (nullable) + + Return results that match both Dimension objects. + * `CostCategories` ([`CostCategoryValues`](#CostCategoryValues)) (nullable) + + The filter that's based on CostCategory values. + * `Dimensions` ([`DimensionValues`](#DimensionValues)) (nullable) + + The specific Dimension to use for Expression . + * `Not` ([`Expression`](#Expression)) (nullable) + + Return results that don't match a Dimension object. + * `Or` ([`[]Expression`](#Expression)) (nullable) + + Return results that match either Dimension object. + * `Tags` ([`TagValues`](#TagValues)) (nullable) + The specific Tag to use for Expression . + ###### CostCategoryValues + The Cost Categories values used for filtering the costs. + * `Key` (`string`) (nullable) + + The unique name of the Cost Category. + * `MatchOptions` (`[]string`) (nullable) + + The match options that you can use to filter your results. MatchOptions is only + applicable for actions related to cost category. The default values for + MatchOptions is EQUALS and CASE_SENSITIVE . + * `Values` (`[]string`) (nullable) + The specific value of the Cost Category. + ###### DimensionValues + The metadata that you can use to filter and group your results. + * `Key` (`string`) + + The names of the metadata types that you can use to filter and group your + results. For example, AZ returns a list of Availability Zones. Not all + dimensions are supported in each API. Refer to the documentation for each + specific API to see what is supported. LINK_ACCOUNT_NAME and SERVICE_CODE can + only be used in CostCategoryRule (https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostCategoryRule.html) + . ANOMALY_TOTAL_IMPACT_ABSOLUTE and ANOMALY_TOTAL_IMPACT_PERCENTAGE can only be + used in AnomalySubscriptions (https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_AnomalySubscription.html) + . + * `MatchOptions` (`[]string`) (nullable) + + The match options that you can use to filter your results. MatchOptions is only + applicable for actions related to Cost Category and Anomaly Subscriptions. Refer + to the documentation for each specific API to see what is supported. The default + values for MatchOptions are EQUALS and CASE_SENSITIVE . + * `Values` (`[]string`) (nullable) + The metadata values that you can use to filter and group your results. You can + use GetDimensionValues to find specific values. + ###### TagValues + The values that are available for a tag. + * `Key` (`string`) (nullable) + + The key for the tag. + * `MatchOptions` (`[]string`) (nullable) + + The match options that you can use to filter your results. MatchOptions is only + applicable for actions related to Cost Category. The default values for + MatchOptions are EQUALS and CASE_SENSITIVE . + * `Values` (`[]string`) (nullable) + The specific value of the tag. + ###### GroupDefinition + Represents a group when you specify a group by criteria or in the response to a query with a specific grouping. + * `Key` (`string`) (nullable) + + The string that represents a key for a specified group. + * `Type` (`string`) + The string that represents the type of group. + #### ECSTasks * `list_tasks` ([`[]CustomECSListTasksInput`](#CustomECSListTasksInput)) (nullable) @@ -230,13 +683,53 @@ ##### CustomECSListTasksInput * `ContainerInstance` (`string`) (nullable) + + The container instance ID or full ARN of the container instance to use when + filtering the ListTasks results. Specifying a containerInstance limits the + results to tasks that belong to that container instance. + * `DesiredStatus` (`string`) + + The task desired status to use when filtering the ListTasks results. Specifying + a desiredStatus of STOPPED limits the results to tasks that Amazon ECS has set + the desired status to STOPPED . This can be useful for debugging tasks that + aren't starting properly or have died or finished. The default status filter is + RUNNING , which shows tasks that Amazon ECS has set the desired status to + RUNNING . Although you can filter results based on a desired status of PENDING , + this doesn't return any results. Amazon ECS never sets the desired status of a + task to that value (only a task's lastStatus may have a value of PENDING ). + * `Family` (`string`) (nullable) + + The name of the task definition family to use when filtering the ListTasks + results. Specifying a family limits the results to tasks that belong to that + family. + * `LaunchType` (`string`) + + The launch type to use when filtering the ListTasks results. + * `MaxResults` (`integer`) (nullable) (range: `[1,100]`) (default: `100`) + + The maximum number of task results that ListTasks returned in paginated output. + When this parameter is used, ListTasks only returns maxResults results in a + single page along with a nextToken response element. The remaining results of + the initial request can be seen by sending another ListTasks request with the + returned nextToken value. This value can be between 1 and 100. If this + parameter isn't used, then ListTasks returns up to 100 results and a nextToken + value if applicable. + * `ServiceName` (`string`) (nullable) + + The name of the service to use when filtering the ListTasks results. Specifying + a serviceName limits the results to tasks that belong to that service. + * `StartedBy` (`string`) (nullable) + The startedBy value to filter the task results with. Specifying a startedBy + value limits the results to tasks that were started with that value. When you + specify startedBy as the filter, it must be the only filter that you use. + #### Inspector2Findings * `list_findings` ([`[]CustomInspector2ListFindingsInput`](#CustomInspector2ListFindingsInput)) (nullable) @@ -244,95 +737,322 @@ ##### CustomInspector2ListFindingsInput * `FilterCriteria` ([`FilterCriteria`](#FilterCriteria)) (nullable) + + Details on the filters to apply to your finding results. + * `MaxResults` (`integer`) (nullable) + + The maximum number of results to return in the response. + * `SortCriteria` ([`SortCriteria`](#SortCriteria-1)) (nullable) + Details on the sort criteria to apply to your finding results. + ###### FilterCriteria + Details on the criteria used to define the filter. + * `AwsAccountId` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details of the Amazon Web Services account IDs used to filter findings. + * `CodeVulnerabilityDetectorName` ([`[]StringFilter`](#StringFilter)) (nullable) + + The name of the detector used to identify a code vulnerability in a Lambda + function used to filter findings. + * `CodeVulnerabilityDetectorTags` ([`[]StringFilter`](#StringFilter)) (nullable) + + The detector type tag associated with the vulnerability used to filter + findings. Detector tags group related vulnerabilities by common themes or + tactics. For a list of available tags by programming language, see Java tags (https://docs.aws.amazon.com/codeguru/detector-library/java/tags/) + , or Python tags (https://docs.aws.amazon.com/codeguru/detector-library/python/tags/) + . + * `CodeVulnerabilityFilePath` ([`[]StringFilter`](#StringFilter)) (nullable) + + The file path to the file in a Lambda function that contains a code + vulnerability used to filter findings. + * `ComponentId` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details of the component IDs used to filter findings. + * `ComponentType` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details of the component types used to filter findings. + * `Ec2InstanceImageId` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details of the Amazon EC2 instance image IDs used to filter findings. + * `Ec2InstanceSubnetId` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details of the Amazon EC2 instance subnet IDs used to filter findings. + * `Ec2InstanceVpcId` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details of the Amazon EC2 instance VPC IDs used to filter findings. + * `EcrImageArchitecture` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details of the Amazon ECR image architecture types used to filter findings. + * `EcrImageHash` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details of the Amazon ECR image hashes used to filter findings. + * `EcrImagePushedAt` ([`[]DateFilter`](#DateFilter)) (nullable) + + Details on the Amazon ECR image push date and time used to filter findings. + * `EcrImageRegistry` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the Amazon ECR registry used to filter findings. + * `EcrImageRepositoryName` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the name of the Amazon ECR repository used to filter findings. + * `EcrImageTags` ([`[]StringFilter`](#StringFilter)) (nullable) + + The tags attached to the Amazon ECR container image. + * `EpssScore` ([`[]NumberFilter`](#NumberFilter)) (nullable) + + The EPSS score used to filter findings. + * `ExploitAvailable` ([`[]StringFilter`](#StringFilter)) (nullable) + + Filters the list of AWS Lambda findings by the availability of exploits. + * `FindingArn` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the finding ARNs used to filter findings. + * `FindingStatus` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the finding status types used to filter findings. + * `FindingType` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the finding types used to filter findings. + * `FirstObservedAt` ([`[]DateFilter`](#DateFilter)) (nullable) + + Details on the date and time a finding was first seen used to filter findings. + * `FixAvailable` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on whether a fix is available through a version update. This value can + be YES , NO , or PARTIAL . A PARTIAL fix means that some, but not all, of the + packages identified in the finding have fixes available through updated + versions. + * `InspectorScore` ([`[]NumberFilter`](#NumberFilter)) (nullable) + + The Amazon Inspector score to filter on. + * `LambdaFunctionExecutionRoleArn` ([`[]StringFilter`](#StringFilter)) (nullable) + + Filters the list of AWS Lambda functions by execution role. + * `LambdaFunctionLastModifiedAt` ([`[]DateFilter`](#DateFilter)) (nullable) + + Filters the list of AWS Lambda functions by the date and time that a user last + updated the configuration, in ISO 8601 format (https://www.iso.org/iso-8601-date-and-time-format.html) + * `LambdaFunctionLayers` ([`[]StringFilter`](#StringFilter)) (nullable) + + Filters the list of AWS Lambda functions by the function's layers (https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) + . A Lambda function can have up to five layers. + * `LambdaFunctionName` ([`[]StringFilter`](#StringFilter)) (nullable) + + Filters the list of AWS Lambda functions by the name of the function. + * `LambdaFunctionRuntime` ([`[]StringFilter`](#StringFilter)) (nullable) + + Filters the list of AWS Lambda functions by the runtime environment for the + Lambda function. + * `LastObservedAt` ([`[]DateFilter`](#DateFilter)) (nullable) + + Details on the date and time a finding was last seen used to filter findings. + * `NetworkProtocol` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on network protocol used to filter findings. + * `PortRange` ([`[]PortRangeFilter`](#PortRangeFilter)) (nullable) + + Details on the port ranges used to filter findings. + * `RelatedVulnerabilities` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the related vulnerabilities used to filter findings. + * `ResourceId` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the resource IDs used to filter findings. + * `ResourceTags` ([`[]MapFilter`](#MapFilter)) (nullable) + + Details on the resource tags used to filter findings. + * `ResourceType` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the resource types used to filter findings. + * `Severity` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the severity used to filter findings. + * `Title` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the finding title used to filter findings. + * `UpdatedAt` ([`[]DateFilter`](#DateFilter)) (nullable) + + Details on the date and time a finding was last updated at used to filter + findings. + * `VendorSeverity` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the vendor severity used to filter findings. + * `VulnerabilityId` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the vulnerability ID used to filter findings. + * `VulnerabilitySource` ([`[]StringFilter`](#StringFilter)) (nullable) + + Details on the vulnerability type used to filter findings. + * `VulnerablePackages` ([`[]PackageFilter`](#PackageFilter)) (nullable) + Details on the vulnerable packages used to filter findings. + ###### StringFilter + An object that describes the details of a string filter. + * `Comparison` (`string`) + + The operator to use when comparing values in the filter. + + This member is required. + * `Value` (`string`) (nullable) + The value to filter on. + + This member is required. + ###### DateFilter + Contains details on the time range used to filter findings. + * `EndInclusive` (`string`) (nullable) ([format](https://json-schema.org/draft/2020-12/json-schema-validation#section-7): `date-time`) + + A timestamp representing the end of the time period filtered on. + * `StartInclusive` (`string`) (nullable) ([format](https://json-schema.org/draft/2020-12/json-schema-validation#section-7): `date-time`) + A timestamp representing the start of the time period filtered on. + ###### NumberFilter + An object that describes the details of a number filter. + * `LowerInclusive` (`number`) (nullable) + + The lowest number to be included in the filter. + * `UpperInclusive` (`number`) (nullable) + The highest number to be included in the filter. + ###### PortRangeFilter + An object that describes the details of a port range filter. + * `BeginInclusive` (`integer`) (nullable) + + The port number the port range begins at. + * `EndInclusive` (`integer`) (nullable) + The port number the port range ends at. + ###### MapFilter + An object that describes details of a map filter. + * `Comparison` (`string`) + + The operator to use when comparing values in the filter. + + This member is required. + * `Key` (`string`) (nullable) + + The tag key used in the filter. + + This member is required. + * `Value` (`string`) (nullable) + The tag value used in the filter. + ###### PackageFilter + Contains information on the details of a package filter. + * `Architecture` ([`StringFilter`](#StringFilter)) (nullable) + + An object that contains details on the package architecture type to filter on. + * `Epoch` ([`NumberFilter`](#NumberFilter)) (nullable) + + An object that contains details on the package epoch to filter on. + * `Name` ([`StringFilter`](#StringFilter)) (nullable) + + An object that contains details on the name of the package to filter on. + * `Release` ([`StringFilter`](#StringFilter)) (nullable) + + An object that contains details on the package release to filter on. + * `SourceLambdaLayerArn` ([`StringFilter`](#StringFilter)) (nullable) + + An object that describes the details of a string filter. + * `SourceLayerHash` ([`StringFilter`](#StringFilter)) (nullable) + + An object that contains details on the source layer hash to filter on. + * `Version` ([`StringFilter`](#StringFilter)) (nullable) + The package version to filter on. + ###### SortCriteria + Details about the criteria used to sort finding results. + * `Field` (`string`) + + The finding detail field by which results are sorted. + + This member is required. + * `SortOrder` (`string`) + The order by which findings are sorted. + + This member is required. + #### SecurityHubFindings * `get_findings` ([`[]CustomSecurityHubGetFindingsInput`](#CustomSecurityHubGetFindingsInput)) (nullable) @@ -340,161 +1060,748 @@ ##### CustomSecurityHubGetFindingsInput * `Filters` ([`AwsSecurityFindingFilters`](#AwsSecurityFindingFilters)) (nullable) + + The finding attributes used to define a condition to filter the returned + findings. You can filter by up to 10 finding attributes. For each attribute, you + can provide up to 20 filter values. Note that in the available filter fields, + WorkflowState is deprecated. To search for a finding based on its workflow + status, use WorkflowStatus . + * `MaxResults` (`integer`) (range: `[1,100]`) (default: `100`) + + The maximum number of findings to return. + * `SortCriteria` ([`[]SortCriterion`](#SortCriterion)) (nullable) + The finding attributes used to sort the list of returned findings. + ###### AwsSecurityFindingFilters + A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight. + * `AwsAccountId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The Amazon Web Services account ID that a finding is generated in. + * `CompanyName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The name of the findings provider (company) that owns the solution (product) + that generates findings. + * `ComplianceAssociatedStandardsId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The unique identifier of a standard in which a control is enabled. This field + consists of the resource portion of the Amazon Resource Name (ARN) returned for + a standard in the DescribeStandards (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) + API response. + * `ComplianceSecurityControlId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The unique identifier of a control across standards. Values for this field + typically consist of an Amazon Web Service and a number, such as APIGateway.5. + * `ComplianceStatus` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + Exclusive to findings that are generated as the result of a check run against a + specific rule in a supported standard, such as CIS Amazon Web Services + Foundations. Contains security standard-related finding details. + * `Confidence` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + A finding's confidence. Confidence is defined as the likelihood that a finding + accurately identifies the behavior or issue that it was intended to identify. + Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero + percent confidence and 100 means 100 percent confidence. + * `CreatedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + An ISO8601-formatted timestamp that indicates when the security findings + provider captured the potential security issue that a finding captured. A + correctly formatted example is 2020-05-21T20:16:34.724Z . The value cannot + contain spaces, and date and time should be separated by T . For more + information, see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) + . + * `Criticality` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + The level of importance assigned to the resources associated with the finding. + A score of 0 means that the underlying resources have no criticality, and a + score of 100 is reserved for the most critical resources. + * `Description` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + A finding's description. + * `FindingProviderFieldsConfidence` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + The finding provider value for the finding confidence. Confidence is defined as + the likelihood that a finding accurately identifies the behavior or issue that + it was intended to identify. Confidence is scored on a 0-100 basis using a ratio + scale, where 0 means zero percent confidence and 100 means 100 percent + confidence. + * `FindingProviderFieldsCriticality` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + The finding provider value for the level of importance assigned to the + resources associated with the findings. A score of 0 means that the underlying + resources have no criticality, and a score of 100 is reserved for the most + critical resources. + * `FindingProviderFieldsRelatedFindingsId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The finding identifier of a related finding that is identified by the finding + provider. + * `FindingProviderFieldsRelatedFindingsProductArn` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The ARN of the solution that generated a related finding that is identified by + the finding provider. + * `FindingProviderFieldsSeverityLabel` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The finding provider value for the severity label. + * `FindingProviderFieldsSeverityOriginal` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The finding provider's original value for the severity. + * `FindingProviderFieldsTypes` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + One or more finding types that the finding provider assigned to the finding. + Uses the format of namespace/category/classifier that classify a finding. Valid + namespace values are: Software and Configuration Checks | TTPs | Effects | + Unusual Behaviors | Sensitive Data Identifications + * `FirstObservedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + An ISO8601-formatted timestamp that indicates when the security findings + provider first observed the potential security issue that a finding captured. A + correctly formatted example is 2020-05-21T20:16:34.724Z . The value cannot + contain spaces, and date and time should be separated by T . For more + information, see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) + . + * `GeneratorId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The identifier for the solution-specific component (a discrete unit of logic) + that generated a finding. In various security findings providers' solutions, + this generator can be called a rule, a check, a detector, a plugin, etc. + * `Id` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The security findings provider-specific identifier for a finding. + * `Keyword` ([`[]KeywordFilter`](#KeywordFilter)) (nullable) + + A keyword for a finding. + + Deprecated: The Keyword property is deprecated. + * `LastObservedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + An ISO8601-formatted timestamp that indicates when the security findings + provider most recently observed the potential security issue that a finding + captured. A correctly formatted example is 2020-05-21T20:16:34.724Z . The value + cannot contain spaces, and date and time should be separated by T . For more + information, see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) + . + * `MalwareName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The name of the malware that was observed. + * `MalwarePath` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The filesystem path of the malware that was observed. + * `MalwareState` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The state of the malware that was observed. + * `MalwareType` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The type of the malware that was observed. + * `NetworkDestinationDomain` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The destination domain of network-related information about a finding. + * `NetworkDestinationIpV4` ([`[]IpFilter`](#IpFilter)) (nullable) + + The destination IPv4 address of network-related information about a finding. + * `NetworkDestinationIpV6` ([`[]IpFilter`](#IpFilter)) (nullable) + + The destination IPv6 address of network-related information about a finding. + * `NetworkDestinationPort` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + The destination port of network-related information about a finding. + * `NetworkDirection` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + Indicates the direction of network traffic associated with a finding. + * `NetworkProtocol` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The protocol of network-related information about a finding. + * `NetworkSourceDomain` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The source domain of network-related information about a finding. + * `NetworkSourceIpV4` ([`[]IpFilter`](#IpFilter)) (nullable) + + The source IPv4 address of network-related information about a finding. + * `NetworkSourceIpV6` ([`[]IpFilter`](#IpFilter)) (nullable) + + The source IPv6 address of network-related information about a finding. + * `NetworkSourceMac` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The source media access control (MAC) address of network-related information + about a finding. + * `NetworkSourcePort` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + The source port of network-related information about a finding. + * `NoteText` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The text of a note. + * `NoteUpdatedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + The timestamp of when the note was updated. + * `NoteUpdatedBy` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The principal that created a note. + * `ProcessLaunchedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + A timestamp that identifies when the process was launched. A correctly + formatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces, + and date and time should be separated by T . For more information, see RFC 3339 + section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) + . + * `ProcessName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The name of the process. + * `ProcessParentPid` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + The parent process ID. This field accepts positive integers between O and + 2147483647 . + * `ProcessPath` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The path to the process executable. + * `ProcessPid` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + The process ID. + * `ProcessTerminatedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + A timestamp that identifies when the process was terminated. A correctly + formatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces, + and date and time should be separated by T . For more information, see RFC 3339 + section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) + . + * `ProductArn` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The ARN generated by Security Hub that uniquely identifies a third-party + company (security findings provider) after this provider's product (solution + that generates findings) is registered with Security Hub. + * `ProductFields` ([`[]MapFilter`](#MapFilter-1)) (nullable) + + A data type where security findings providers can include additional + solution-specific details that aren't part of the defined AwsSecurityFinding + format. + * `ProductName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The name of the solution (product) that generates findings. + * `RecommendationText` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The recommendation of what to do about the issue described in a finding. + * `RecordState` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The updated record state for the finding. + * `Region` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The Region from which the finding was generated. + * `RelatedFindingsId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The solution-generated identifier for a related finding. + * `RelatedFindingsProductArn` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The ARN of the solution that generated a related finding. + * `ResourceAwsEc2InstanceIamInstanceProfileArn` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The IAM profile ARN of the instance. + * `ResourceAwsEc2InstanceImageId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The Amazon Machine Image (AMI) ID of the instance. + * `ResourceAwsEc2InstanceIpV4Addresses` ([`[]IpFilter`](#IpFilter)) (nullable) + + The IPv4 addresses associated with the instance. + * `ResourceAwsEc2InstanceIpV6Addresses` ([`[]IpFilter`](#IpFilter)) (nullable) + + The IPv6 addresses associated with the instance. + * `ResourceAwsEc2InstanceKeyName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The key name associated with the instance. + * `ResourceAwsEc2InstanceLaunchedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + The date and time the instance was launched. + * `ResourceAwsEc2InstanceSubnetId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The identifier of the subnet that the instance was launched in. + * `ResourceAwsEc2InstanceType` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The instance type of the instance. + * `ResourceAwsEc2InstanceVpcId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The identifier of the VPC that the instance was launched in. + * `ResourceAwsIamAccessKeyCreatedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + The creation date/time of the IAM access key related to a finding. + * `ResourceAwsIamAccessKeyPrincipalName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The name of the principal that is associated with an IAM access key. + * `ResourceAwsIamAccessKeyStatus` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The status of the IAM access key related to a finding. + * `ResourceAwsIamAccessKeyUserName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The user associated with the IAM access key related to a finding. + + Deprecated: This filter is deprecated. Instead, use + ResourceAwsIamAccessKeyPrincipalName. + * `ResourceAwsIamUserUserName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The name of an IAM user. + * `ResourceAwsS3BucketOwnerId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The canonical user ID of the owner of the S3 bucket. + * `ResourceAwsS3BucketOwnerName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The display name of the owner of the S3 bucket. + * `ResourceContainerImageId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The identifier of the image related to a finding. + * `ResourceContainerImageName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The name of the image related to a finding. + * `ResourceContainerLaunchedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + A timestamp that identifies when the container was started. A correctly + formatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces, + and date and time should be separated by T . For more information, see RFC 3339 + section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) + . + * `ResourceContainerName` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The name of the container related to a finding. + * `ResourceDetailsOther` ([`[]MapFilter`](#MapFilter-1)) (nullable) + + The details of a resource that doesn't have a specific subfield for the + resource type defined. + * `ResourceId` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The canonical identifier for the given resource type. + * `ResourcePartition` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The canonical Amazon Web Services partition name that the Region is assigned to. + * `ResourceRegion` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The canonical Amazon Web Services external Region name where this resource is + located. + * `ResourceTags` ([`[]MapFilter`](#MapFilter-1)) (nullable) + + A list of Amazon Web Services tags associated with a resource at the time the + finding was processed. + * `ResourceType` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + Specifies the type of the resource that details are provided for. + * `Sample` ([`[]BooleanFilter`](#BooleanFilter)) (nullable) + + Indicates whether or not sample findings are included in the filter results. + * `SeverityLabel` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The label of a finding's severity. + * `SeverityNormalized` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + The normalized severity of a finding. + + Deprecated: This filter is deprecated. Instead, use SeverityLabel or + FindingProviderFieldsSeverityLabel. + * `SeverityProduct` ([`[]NumberFilter`](#NumberFilter-1)) (nullable) + + The native severity as defined by the security findings provider's solution + that generated the finding. + + Deprecated: This filter is deprecated. Instead, use + FindingProviderSeverityOriginal. + * `SourceUrl` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + A URL that links to a page about the current finding in the security findings + provider's solution. + * `ThreatIntelIndicatorCategory` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The category of a threat intelligence indicator. + * `ThreatIntelIndicatorLastObservedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + A timestamp that identifies the last observation of a threat intelligence + indicator. + * `ThreatIntelIndicatorSource` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The source of the threat intelligence. + * `ThreatIntelIndicatorSourceUrl` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The URL for more details from the source of the threat intelligence. + * `ThreatIntelIndicatorType` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The type of a threat intelligence indicator. + * `ThreatIntelIndicatorValue` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The value of a threat intelligence indicator. + * `Title` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + A finding's title. + * `Type` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + A finding type in the format of namespace/category/classifier that classifies a + finding. + * `UpdatedAt` ([`[]DateFilter`](#DateFilter-1)) (nullable) + + An ISO8601-formatted timestamp that indicates when the security findings + provider last updated the finding record. A correctly formatted example is + 2020-05-21T20:16:34.724Z . The value cannot contain spaces, and date and time + should be separated by T . For more information, see RFC 3339 section 5.6, + Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) . + * `UserDefinedFields` ([`[]MapFilter`](#MapFilter-1)) (nullable) + + A list of name/value string pairs associated with the finding. These are + custom, user-defined fields added to a finding. + * `VerificationState` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The veracity of a finding. + * `WorkflowState` ([`[]StringFilter`](#StringFilter-1)) (nullable) + + The workflow state of a finding. Note that this field is deprecated. To search + for a finding based on its workflow status, use WorkflowStatus . + * `WorkflowStatus` ([`[]StringFilter`](#StringFilter-1)) (nullable) + The status of the investigation into a finding. Allowed values are the + following. + - NEW - The initial state of a finding, before it is reviewed. Security Hub + also resets the workflow status from NOTIFIED or RESOLVED to NEW in the + following cases: + - RecordState changes from ARCHIVED to ACTIVE . + - Compliance.Status changes from PASSED to either WARNING , FAILED , or + NOT_AVAILABLE . + - NOTIFIED - Indicates that the resource owner has been notified about the + security issue. Used when the initial reviewer is not the resource owner, and + needs intervention from the resource owner. If one of the following occurs, the + workflow status is changed automatically from NOTIFIED to NEW : + - RecordState changes from ARCHIVED to ACTIVE . + - Compliance.Status changes from PASSED to FAILED , WARNING , or NOT_AVAILABLE + . + - SUPPRESSED - Indicates that you reviewed the finding and do not believe that + any action is needed. The workflow status of a SUPPRESSED finding does not + change if RecordState changes from ARCHIVED to ACTIVE . + - RESOLVED - The finding was reviewed and remediated and is now considered + resolved. The finding remains RESOLVED unless one of the following occurs: + - RecordState changes from ARCHIVED to ACTIVE . + - Compliance.Status changes from PASSED to FAILED , WARNING , or NOT_AVAILABLE + . In those cases, the workflow status is automatically reset to NEW . For + findings from controls, if Compliance.Status is PASSED , then Security Hub + automatically sets the workflow status to RESOLVED . + ###### StringFilter + A string filter for filtering Security Hub findings. + * `Comparison` (`string`) + + The condition to apply to a string value when filtering Security Hub findings. + To search for values that have the filter value, use one of the following + comparison operators: + - To search for values that include the filter value, use CONTAINS . For + example, the filter Title CONTAINS CloudFront matches findings that have a + Title that includes the string CloudFront. + - To search for values that exactly match the filter value, use EQUALS . For + example, the filter AwsAccountId EQUALS 123456789012 only matches findings + that have an account ID of 123456789012 . + - To search for values that start with the filter value, use PREFIX . For + example, the filter ResourceRegion PREFIX us matches findings that have a + ResourceRegion that starts with us . A ResourceRegion that starts with a + different value, such as af , ap , or ca , doesn't match. + CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A + finding matches if it matches any one of those filters. For example, the filters + Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that + includes either CloudFront , CloudWatch , or both strings in the title. To + search for values that don’t have the filter value, use one of the following + comparison operators: + - To search for values that exclude the filter value, use NOT_CONTAINS . For + example, the filter Title NOT_CONTAINS CloudFront matches findings that have a + Title that excludes the string CloudFront. + - To search for values other than the filter value, use NOT_EQUALS . For + example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings + that have an account ID other than 123456789012 . + - To search for values that don't start with the filter value, use + PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS + us matches findings with a ResourceRegion that starts with a value other than + us . + NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are + joined by AND . A finding matches only if it matches all of those filters. For + example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS + CloudWatch match a finding that excludes both CloudFront and CloudWatch in the + title. You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the + same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS + or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way + returns an error. CONTAINS filters can only be used with other CONTAINS + filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters. + You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for + the same field. Security Hub first processes the PREFIX filters, and then the + NOT_EQUALS or PREFIX_NOT_EQUALS filters. For example, for the following + filters, Security Hub first identifies findings that have resource types that + start with either AwsIam or AwsEc2 . It then excludes findings that have a + resource type of AwsIamPolicy and findings that have a resource type of + AwsEc2NetworkInterface . + - ResourceType PREFIX AwsIam + - ResourceType PREFIX AwsEc2 + - ResourceType NOT_EQUALS AwsIamPolicy + - ResourceType NOT_EQUALS AwsEc2NetworkInterface + CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For + more information, see Automation rules (https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) + in the Security Hub User Guide. + * `Value` (`string`) (nullable) + The string filter value. Filter values are case sensitive. For example, the + product name for control-based findings is Security Hub . If you provide + security hub as the filter value, there's no match. + ###### NumberFilter + A number filter for querying findings. + * `Eq` (`number`) + + The equal-to condition to be applied to a single field when querying for + findings. + * `Gte` (`number`) + + The greater-than-equal condition to be applied to a single field when querying + for findings. + * `Lte` (`number`) + The less-than-equal condition to be applied to a single field when querying for + findings. + ###### DateFilter + A date filter for querying findings. + * `DateRange` ([`DateRange`](#DateRange)) (nullable) + + A date range for the date filter. + * `End` (`string`) (nullable) + + A timestamp that provides the end date for the date filter. A correctly + formatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces, + and date and time should be separated by T . For more information, see RFC 3339 + section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) + . + * `Start` (`string`) (nullable) + A timestamp that provides the start date for the date filter. A correctly + formatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces, + and date and time should be separated by T . For more information, see RFC 3339 + section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) + . + ###### DateRange + A date range for the date filter. + * `Unit` (`string`) + + A date range unit for the date filter. + * `Value` (`integer`) + A date range value for the date filter. + ###### KeywordFilter + A keyword filter for querying findings. + * `Value` (`string`) (nullable) + A value for the keyword. + ###### IpFilter + The IP filter for querying findings. + * `Cidr` (`string`) (nullable) + A finding's CIDR value. + ###### MapFilter + A map filter for filtering Security Hub findings. + * `Comparison` (`string`) + + The condition to apply to the key value when filtering Security Hub findings + with a map filter. To search for values that have the filter value, use one of + the following comparison operators: + - To search for values that include the filter value, use CONTAINS . For + example, for the ResourceTags field, the filter Department CONTAINS Security + matches findings that include the value Security for the Department tag. In + the same example, a finding with a value of Security team for the Department + tag is a match. + - To search for values that exactly match the filter value, use EQUALS . For + example, for the ResourceTags field, the filter Department EQUALS Security + matches findings that have the value Security for the Department tag. + CONTAINS and EQUALS filters on the same field are joined by OR . A finding + matches if it matches any one of those filters. For example, the filters + Department CONTAINS Security OR Department CONTAINS Finance match a finding that + includes either Security , Finance , or both values. To search for values that + don't have the filter value, use one of the following comparison operators: + - To search for values that exclude the filter value, use NOT_CONTAINS . For + example, for the ResourceTags field, the filter Department NOT_CONTAINS + Finance matches findings that exclude the value Finance for the Department + tag. + - To search for values other than the filter value, use NOT_EQUALS . For + example, for the ResourceTags field, the filter Department NOT_EQUALS Finance + matches findings that don’t have the value Finance for the Department tag. + NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A + finding matches only if it matches all of those filters. For example, the + filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance + match a finding that excludes both the Security and Finance values. CONTAINS + filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can + only be used with other NOT_CONTAINS filters. You can’t have both a CONTAINS + filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have + both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining + filters in this way returns an error. CONTAINS and NOT_CONTAINS operators can + be used only with automation rules. For more information, see Automation rules (https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) + in the Security Hub User Guide. + * `Key` (`string`) (nullable) + + The key of the map filter. For example, for ResourceTags , Key identifies the + name of the tag. For UserDefinedFields , Key is the name of the field. + * `Value` (`string`) (nullable) + The value for the key in the map filter. Filter values are case sensitive. For + example, one of the values for a tag called Department might be Security . If + you provide security as the filter value, then there's no match. + ###### BooleanFilter + Boolean filter for querying findings. + * `Value` (`boolean`) + The value of the boolean. + ###### SortCriterion + A collection of finding attributes used to sort findings. + * `Field` (`string`) (nullable) + + The finding attribute used to sort findings. + * `SortOrder` (`string`) + The order used to sort findings. + ### EventBasedSync + Event-based sync configuration. + * `full_sync` (`boolean`) (nullable) (default: `true`) + + Whether the full sync will be performed for the tables prior to engaging the event-based sync mode. + * `account` ([`Account`](#Account)) + + Account spec to configure sync. + * `kinesis_stream_arn` (`string`) (required) ([pattern](https://json-schema.org/draft/2020-12/json-schema-validation#section-6.3.3): `^arn(:[^:\n]*){5}([:/].*)?$`) + + Amazon Kinesis stream ARN to subscribe to. + * `start_time` (`string`) (nullable) ([format](https://json-schema.org/draft/2020-12/json-schema-validation#section-7): `date-time`) (default: `now`) + The timestamp of the data record from which to start reading. + ### Strategy CloudQuery scheduling strategy diff --git a/jsonschema/docs/.snapshots/TestClickHouse.md b/jsonschema/docs/.snapshots/TestClickHouse.md index e6781d5..cbcbd80 100644 --- a/jsonschema/docs/.snapshots/TestClickHouse.md +++ b/jsonschema/docs/.snapshots/TestClickHouse.md @@ -7,16 +7,23 @@ ## Spec * `connection_string` (`string`) (required) + * `cluster` (`string`) + * `engine` ([`Engine`](#Engine)) (nullable) + * `ca_cert` (`string`) + * `batch_size` (`integer`) (range: `[1,+∞)`) (default: `10000`) + * `batch_size_bytes` (`integer`) (range: `[1,+∞)`) (default: `5242880`) + * `batch_timeout` ([`Duration`](#Duration)) (nullable) (default: `20s`) ### Engine * `name` (`string`) ([pattern](https://json-schema.org/draft/2020-12/json-schema-validation#section-6.3.3): `^.*MergeTree$`) (default: `MergeTree`) + * `parameters` (`[]anything`) (nullable) ### Duration diff --git a/jsonschema/docs/docs.go b/jsonschema/docs/docs.go index e24b254..d0eec41 100644 --- a/jsonschema/docs/docs.go +++ b/jsonschema/docs/docs.go @@ -42,7 +42,7 @@ func generate(definitions jsonschema.Definitions, ref string, level int, buff *s continue } if len(processed) > 0 { - buff.WriteString("\n\n") + buff.WriteString("\n") } processed[curr.key] = struct{}{} @@ -68,11 +68,7 @@ func writeDefinition(ref reference, sc *jsonschema.Schema, buff *strings.Builder buff.WriteString("\n") } - if len(sc.Description) > 0 { - buff.WriteString("\n") - buff.WriteString(sc.Description) - buff.WriteString("\n") - } + writeDescription(sc, buff) if sc.Properties.Len() == 0 { buff.WriteString("\n") @@ -104,10 +100,22 @@ func header(ref reference) string { } func docProperty(key string, property *jsonschema.Schema, required bool, buff *strings.Builder) (ref string) { - buff.WriteString("* `" + key + "` ") + buff.WriteString("* `" + key + "`") + sc, _ := unwrapNullable(property) + + if len(sc.Title) > 0 { + buff.WriteString(": ") + buff.WriteString(sc.Title) + buff.WriteString("\n ") + } else { + // if no title is present we want the type definition inline + buff.WriteString(" ") + } + return writeProperty(property, required, buff) } +// writeProperty starts off with the type definition without any line breaks & prefixes func writeProperty(property *jsonschema.Schema, required bool, buff *strings.Builder) (ref string) { sc, nullable := unwrapNullable(property) propType, ref := propertyType(sc) @@ -121,10 +129,23 @@ func writeProperty(property *jsonschema.Schema, required bool, buff *strings.Bui } writeValueAnnotations(sc, buff) + buff.WriteString("\n") + + writeDescription(sc, buff) return ref } +func writeDescription(sc *jsonschema.Schema, buff *strings.Builder) { + if len(sc.Description) == 0 { + return + } + + buff.WriteString("\n ") + buff.WriteString(strings.ReplaceAll(sc.Description, "\n", "\n ")) + buff.WriteString("\n") +} + func writeValueAnnotations(sc *jsonschema.Schema, buff *strings.Builder) { if len(sc.Format) > 0 { _, _ = fmt.Fprintf(buff, " ([format](https://json-schema.org/draft/2020-12/json-schema-validation#section-7): `%s`)", sc.Format) diff --git a/jsonschema/docs/testdata/aws.json b/jsonschema/docs/testdata/aws.json index 9cc463c..1da1f12 100644 --- a/jsonschema/docs/testdata/aws.json +++ b/jsonschema/docs/testdata/aws.json @@ -26,26 +26,35 @@ "properties": { "id": { "type": "string", - "minLength": 1 + "minLength": 1, + "description": "Will be used as an alias in the source plugin and in the logs." }, "account_name": { - "type": "string" + "type": "string", + "description": "Will be used as an alias in the source plugin and in the logs." }, "local_profile": { - "type": "string" + "type": "string", + "description": "[Local profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) to use to authenticate this account with.\nPlease note this should be set to the name of the profile.\n\nFor example, with the following credentials file:\n\n ```ini copy\n [default]\n aws_access_key_id=xxxx\n aws_secret_access_key=xxxx\n\n [user1]\n aws_access_key_id=xxxx\n aws_secret_access_key=xxxx\n ```\n\n`local_profile` should be set to either `default` or `user1`." }, "role_arn": { "type": "string", - "pattern": "^arn(:[^:\n]*){5}([:/].*)?$" + "pattern": "^(arn(:[^:\n]*){5}([:/].*)?)?$", + "description": "If specified will use this to assume role." }, "role_session_name": { - "type": "string" + "type": "string", + "description": "If specified will use this session name when assume role to `role_arn`." }, "external_id": { - "type": "string" + "type": "string", + "description": "If specified will use this when assuming role to `role_arn`." }, "default_region": { - "type": "string" + "type": "string", + "minLength": 1, + "description": "If specified, this region will be used as the default region for the account.", + "default": "us-east-1" }, "regions": { "oneOf": [ @@ -54,7 +63,8 @@ "type": "string", "minLength": 1 }, - "type": "array" + "type": "array", + "description": "Regions to use for this account. Defaults to global `regions` setting." }, { "type": "null" @@ -66,7 +76,8 @@ "type": "object", "required": [ "id" - ] + ], + "description": "This is used to specify one or more accounts to extract information from." }, "AwsSecurityFindingFilters": { "properties": { @@ -76,7 +87,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The Amazon Web Services account ID that a finding is generated in." }, { "type": "null" @@ -89,7 +101,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The name of the findings provider (company) that owns the solution (product)\nthat generates findings." }, { "type": "null" @@ -102,7 +115,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The unique identifier of a standard in which a control is enabled. This field\nconsists of the resource portion of the Amazon Resource Name (ARN) returned for\na standard in the DescribeStandards (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html)\nAPI response." }, { "type": "null" @@ -115,7 +129,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The unique identifier of a control across standards. Values for this field\ntypically consist of an Amazon Web Service and a number, such as APIGateway.5." }, { "type": "null" @@ -128,7 +143,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "Exclusive to findings that are generated as the result of a check run against a\nspecific rule in a supported standard, such as CIS Amazon Web Services\nFoundations. Contains security standard-related finding details." }, { "type": "null" @@ -141,7 +157,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "A finding's confidence. Confidence is defined as the likelihood that a finding\naccurately identifies the behavior or issue that it was intended to identify.\nConfidence is scored on a 0-100 basis using a ratio scale, where 0 means zero\npercent confidence and 100 means 100 percent confidence." }, { "type": "null" @@ -154,7 +171,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "An ISO8601-formatted timestamp that indicates when the security findings\nprovider captured the potential security issue that a finding captured. A\ncorrectly formatted example is 2020-05-21T20:16:34.724Z . The value cannot\ncontain spaces, and date and time should be separated by T . For more\ninformation, see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6)\n." }, { "type": "null" @@ -167,7 +185,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "The level of importance assigned to the resources associated with the finding.\nA score of 0 means that the underlying resources have no criticality, and a\nscore of 100 is reserved for the most critical resources." }, { "type": "null" @@ -180,7 +199,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "A finding's description." }, { "type": "null" @@ -193,7 +213,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "The finding provider value for the finding confidence. Confidence is defined as\nthe likelihood that a finding accurately identifies the behavior or issue that\nit was intended to identify. Confidence is scored on a 0-100 basis using a ratio\nscale, where 0 means zero percent confidence and 100 means 100 percent\nconfidence." }, { "type": "null" @@ -206,7 +227,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "The finding provider value for the level of importance assigned to the\nresources associated with the findings. A score of 0 means that the underlying\nresources have no criticality, and a score of 100 is reserved for the most\ncritical resources." }, { "type": "null" @@ -219,7 +241,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The finding identifier of a related finding that is identified by the finding\nprovider." }, { "type": "null" @@ -232,7 +255,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The ARN of the solution that generated a related finding that is identified by\nthe finding provider." }, { "type": "null" @@ -245,7 +269,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The finding provider value for the severity label." }, { "type": "null" @@ -258,7 +283,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The finding provider's original value for the severity." }, { "type": "null" @@ -271,7 +297,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "One or more finding types that the finding provider assigned to the finding.\nUses the format of namespace/category/classifier that classify a finding. Valid\nnamespace values are: Software and Configuration Checks | TTPs | Effects |\nUnusual Behaviors | Sensitive Data Identifications" }, { "type": "null" @@ -284,7 +311,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "An ISO8601-formatted timestamp that indicates when the security findings\nprovider first observed the potential security issue that a finding captured. A\ncorrectly formatted example is 2020-05-21T20:16:34.724Z . The value cannot\ncontain spaces, and date and time should be separated by T . For more\ninformation, see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6)\n." }, { "type": "null" @@ -297,7 +325,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The identifier for the solution-specific component (a discrete unit of logic)\nthat generated a finding. In various security findings providers' solutions,\nthis generator can be called a rule, a check, a detector, a plugin, etc." }, { "type": "null" @@ -310,7 +339,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The security findings provider-specific identifier for a finding." }, { "type": "null" @@ -323,7 +353,8 @@ "items": { "$ref": "#/$defs/KeywordFilter" }, - "type": "array" + "type": "array", + "description": "A keyword for a finding.\n\nDeprecated: The Keyword property is deprecated." }, { "type": "null" @@ -336,7 +367,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "An ISO8601-formatted timestamp that indicates when the security findings\nprovider most recently observed the potential security issue that a finding\ncaptured. A correctly formatted example is 2020-05-21T20:16:34.724Z . The value\ncannot contain spaces, and date and time should be separated by T . For more\ninformation, see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6)\n." }, { "type": "null" @@ -349,7 +381,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The name of the malware that was observed." }, { "type": "null" @@ -362,7 +395,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The filesystem path of the malware that was observed." }, { "type": "null" @@ -375,7 +409,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The state of the malware that was observed." }, { "type": "null" @@ -388,7 +423,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The type of the malware that was observed." }, { "type": "null" @@ -401,7 +437,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The destination domain of network-related information about a finding." }, { "type": "null" @@ -414,7 +451,8 @@ "items": { "$ref": "#/$defs/IpFilter" }, - "type": "array" + "type": "array", + "description": "The destination IPv4 address of network-related information about a finding." }, { "type": "null" @@ -427,7 +465,8 @@ "items": { "$ref": "#/$defs/IpFilter" }, - "type": "array" + "type": "array", + "description": "The destination IPv6 address of network-related information about a finding." }, { "type": "null" @@ -440,7 +479,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "The destination port of network-related information about a finding." }, { "type": "null" @@ -453,7 +493,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "Indicates the direction of network traffic associated with a finding." }, { "type": "null" @@ -466,7 +507,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The protocol of network-related information about a finding." }, { "type": "null" @@ -479,7 +521,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The source domain of network-related information about a finding." }, { "type": "null" @@ -492,7 +535,8 @@ "items": { "$ref": "#/$defs/IpFilter" }, - "type": "array" + "type": "array", + "description": "The source IPv4 address of network-related information about a finding." }, { "type": "null" @@ -505,7 +549,8 @@ "items": { "$ref": "#/$defs/IpFilter" }, - "type": "array" + "type": "array", + "description": "The source IPv6 address of network-related information about a finding." }, { "type": "null" @@ -518,7 +563,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The source media access control (MAC) address of network-related information\nabout a finding." }, { "type": "null" @@ -531,7 +577,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "The source port of network-related information about a finding." }, { "type": "null" @@ -544,7 +591,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The text of a note." }, { "type": "null" @@ -557,7 +605,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "The timestamp of when the note was updated." }, { "type": "null" @@ -570,7 +619,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The principal that created a note." }, { "type": "null" @@ -583,7 +633,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "A timestamp that identifies when the process was launched. A correctly\nformatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces,\nand date and time should be separated by T . For more information, see RFC 3339\nsection 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6)\n." }, { "type": "null" @@ -596,7 +647,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The name of the process." }, { "type": "null" @@ -609,7 +661,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "The parent process ID. This field accepts positive integers between O and\n2147483647 ." }, { "type": "null" @@ -622,7 +675,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The path to the process executable." }, { "type": "null" @@ -635,7 +689,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "The process ID." }, { "type": "null" @@ -648,7 +703,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "A timestamp that identifies when the process was terminated. A correctly\nformatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces,\nand date and time should be separated by T . For more information, see RFC 3339\nsection 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6)\n." }, { "type": "null" @@ -661,7 +717,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The ARN generated by Security Hub that uniquely identifies a third-party\ncompany (security findings provider) after this provider's product (solution\nthat generates findings) is registered with Security Hub." }, { "type": "null" @@ -674,7 +731,8 @@ "items": { "$ref": "#/$defs/MapFilter-1" }, - "type": "array" + "type": "array", + "description": "A data type where security findings providers can include additional\nsolution-specific details that aren't part of the defined AwsSecurityFinding\nformat." }, { "type": "null" @@ -687,7 +745,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The name of the solution (product) that generates findings." }, { "type": "null" @@ -700,7 +759,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The recommendation of what to do about the issue described in a finding." }, { "type": "null" @@ -713,7 +773,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The updated record state for the finding." }, { "type": "null" @@ -726,7 +787,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The Region from which the finding was generated." }, { "type": "null" @@ -739,7 +801,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The solution-generated identifier for a related finding." }, { "type": "null" @@ -752,7 +815,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The ARN of the solution that generated a related finding." }, { "type": "null" @@ -765,7 +829,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The IAM profile ARN of the instance." }, { "type": "null" @@ -778,7 +843,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The Amazon Machine Image (AMI) ID of the instance." }, { "type": "null" @@ -791,7 +857,8 @@ "items": { "$ref": "#/$defs/IpFilter" }, - "type": "array" + "type": "array", + "description": "The IPv4 addresses associated with the instance." }, { "type": "null" @@ -804,7 +871,8 @@ "items": { "$ref": "#/$defs/IpFilter" }, - "type": "array" + "type": "array", + "description": "The IPv6 addresses associated with the instance." }, { "type": "null" @@ -817,7 +885,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The key name associated with the instance." }, { "type": "null" @@ -830,7 +899,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "The date and time the instance was launched." }, { "type": "null" @@ -843,7 +913,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The identifier of the subnet that the instance was launched in." }, { "type": "null" @@ -856,7 +927,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The instance type of the instance." }, { "type": "null" @@ -869,7 +941,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The identifier of the VPC that the instance was launched in." }, { "type": "null" @@ -882,7 +955,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "The creation date/time of the IAM access key related to a finding." }, { "type": "null" @@ -895,7 +969,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The name of the principal that is associated with an IAM access key." }, { "type": "null" @@ -908,7 +983,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The status of the IAM access key related to a finding." }, { "type": "null" @@ -921,7 +997,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The user associated with the IAM access key related to a finding.\n\nDeprecated: This filter is deprecated. Instead, use\nResourceAwsIamAccessKeyPrincipalName." }, { "type": "null" @@ -934,7 +1011,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The name of an IAM user." }, { "type": "null" @@ -947,7 +1025,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The canonical user ID of the owner of the S3 bucket." }, { "type": "null" @@ -960,7 +1039,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The display name of the owner of the S3 bucket." }, { "type": "null" @@ -973,7 +1053,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The identifier of the image related to a finding." }, { "type": "null" @@ -986,7 +1067,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The name of the image related to a finding." }, { "type": "null" @@ -999,7 +1081,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "A timestamp that identifies when the container was started. A correctly\nformatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces,\nand date and time should be separated by T . For more information, see RFC 3339\nsection 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6)\n." }, { "type": "null" @@ -1012,7 +1095,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The name of the container related to a finding." }, { "type": "null" @@ -1025,7 +1109,8 @@ "items": { "$ref": "#/$defs/MapFilter-1" }, - "type": "array" + "type": "array", + "description": "The details of a resource that doesn't have a specific subfield for the\nresource type defined." }, { "type": "null" @@ -1038,7 +1123,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The canonical identifier for the given resource type." }, { "type": "null" @@ -1051,7 +1137,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The canonical Amazon Web Services partition name that the Region is assigned to." }, { "type": "null" @@ -1064,7 +1151,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The canonical Amazon Web Services external Region name where this resource is\nlocated." }, { "type": "null" @@ -1077,7 +1165,8 @@ "items": { "$ref": "#/$defs/MapFilter-1" }, - "type": "array" + "type": "array", + "description": "A list of Amazon Web Services tags associated with a resource at the time the\nfinding was processed." }, { "type": "null" @@ -1090,7 +1179,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "Specifies the type of the resource that details are provided for." }, { "type": "null" @@ -1103,7 +1193,8 @@ "items": { "$ref": "#/$defs/BooleanFilter" }, - "type": "array" + "type": "array", + "description": "Indicates whether or not sample findings are included in the filter results." }, { "type": "null" @@ -1116,7 +1207,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The label of a finding's severity." }, { "type": "null" @@ -1129,7 +1221,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "The normalized severity of a finding.\n\nDeprecated: This filter is deprecated. Instead, use SeverityLabel or\nFindingProviderFieldsSeverityLabel." }, { "type": "null" @@ -1142,7 +1235,8 @@ "items": { "$ref": "#/$defs/NumberFilter-1" }, - "type": "array" + "type": "array", + "description": "The native severity as defined by the security findings provider's solution\nthat generated the finding.\n\nDeprecated: This filter is deprecated. Instead, use\nFindingProviderSeverityOriginal." }, { "type": "null" @@ -1155,7 +1249,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "A URL that links to a page about the current finding in the security findings\nprovider's solution." }, { "type": "null" @@ -1168,7 +1263,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The category of a threat intelligence indicator." }, { "type": "null" @@ -1181,7 +1277,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "A timestamp that identifies the last observation of a threat intelligence\nindicator." }, { "type": "null" @@ -1194,7 +1291,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The source of the threat intelligence." }, { "type": "null" @@ -1207,7 +1305,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The URL for more details from the source of the threat intelligence." }, { "type": "null" @@ -1220,7 +1319,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The type of a threat intelligence indicator." }, { "type": "null" @@ -1233,7 +1333,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The value of a threat intelligence indicator." }, { "type": "null" @@ -1246,7 +1347,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "A finding's title." }, { "type": "null" @@ -1259,7 +1361,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "A finding type in the format of namespace/category/classifier that classifies a\nfinding." }, { "type": "null" @@ -1272,7 +1375,8 @@ "items": { "$ref": "#/$defs/DateFilter-1" }, - "type": "array" + "type": "array", + "description": "An ISO8601-formatted timestamp that indicates when the security findings\nprovider last updated the finding record. A correctly formatted example is\n2020-05-21T20:16:34.724Z . The value cannot contain spaces, and date and time\nshould be separated by T . For more information, see RFC 3339 section 5.6,\nInternet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6) ." }, { "type": "null" @@ -1285,7 +1389,8 @@ "items": { "$ref": "#/$defs/MapFilter-1" }, - "type": "array" + "type": "array", + "description": "A list of name/value string pairs associated with the finding. These are\ncustom, user-defined fields added to a finding." }, { "type": "null" @@ -1298,7 +1403,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The veracity of a finding." }, { "type": "null" @@ -1311,7 +1417,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The workflow state of a finding. Note that this field is deprecated. To search\nfor a finding based on its workflow status, use WorkflowStatus ." }, { "type": "null" @@ -1324,7 +1431,8 @@ "items": { "$ref": "#/$defs/StringFilter-1" }, - "type": "array" + "type": "array", + "description": "The status of the investigation into a finding. Allowed values are the\nfollowing.\n - NEW - The initial state of a finding, before it is reviewed. Security Hub\n also resets the workflow status from NOTIFIED or RESOLVED to NEW in the\n following cases:\n - RecordState changes from ARCHIVED to ACTIVE .\n - Compliance.Status changes from PASSED to either WARNING , FAILED , or\n NOT_AVAILABLE .\n - NOTIFIED - Indicates that the resource owner has been notified about the\n security issue. Used when the initial reviewer is not the resource owner, and\n needs intervention from the resource owner. If one of the following occurs, the\n workflow status is changed automatically from NOTIFIED to NEW :\n - RecordState changes from ARCHIVED to ACTIVE .\n - Compliance.Status changes from PASSED to FAILED , WARNING , or NOT_AVAILABLE\n .\n - SUPPRESSED - Indicates that you reviewed the finding and do not believe that\n any action is needed. The workflow status of a SUPPRESSED finding does not\n change if RecordState changes from ARCHIVED to ACTIVE .\n - RESOLVED - The finding was reviewed and remediated and is now considered\n resolved. The finding remains RESOLVED unless one of the following occurs:\n - RecordState changes from ARCHIVED to ACTIVE .\n - Compliance.Status changes from PASSED to FAILED , WARNING , or NOT_AVAILABLE\n . In those cases, the workflow status is automatically reset to NEW . For\n findings from controls, if Compliance.Status is PASSED , then Security Hub\n automatically sets the workflow status to RESOLVED ." }, { "type": "null" @@ -1333,16 +1441,19 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight." }, "BooleanFilter": { "properties": { "Value": { - "type": "boolean" + "type": "boolean", + "description": "The value of the boolean." } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "Boolean filter for querying findings." }, "CloudtrailEvents": { "properties": { @@ -1369,7 +1480,8 @@ "oneOf": [ { "type": "string", - "format": "date-time" + "format": "date-time", + "description": "The time stamp that determines the last data point to return. The value\nspecified is exclusive; results include data points up to the specified time\nstamp. In a raw HTTP query, the time stamp must be in ISO 8601 UTC format (for\nexample, 2016-10-10T23:00:00Z).\n\nThis member is required." }, { "type": "null" @@ -1379,7 +1491,8 @@ "Period": { "oneOf": [ { - "type": "integer" + "type": "integer", + "description": "The granularity, in seconds, of the returned data points. For metrics with\nregular resolution, a period can be as short as one minute (60 seconds) and must\nbe a multiple of 60. For high-resolution metrics that are collected at intervals\nof less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of\n60. High-resolution metrics are those metrics stored by a PutMetricData call\nthat includes a StorageResolution of 1 second. If the StartTime parameter\nspecifies a time stamp that is greater than 3 hours ago, you must specify the\nperiod as follows or no data points in that time range is returned:\n - Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds\n (1 minute).\n - Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5\n minutes).\n - Start time greater than 63 days ago - Use a multiple of 3600 seconds (1\n hour).\n\nThis member is required." }, { "type": "null" @@ -1390,7 +1503,8 @@ "oneOf": [ { "type": "string", - "format": "date-time" + "format": "date-time", + "description": "The time stamp that determines the first data point to return. Start times are\nevaluated relative to the time that CloudWatch receives the request. The value\nspecified is inclusive; results include data points with the specified time\nstamp. In a raw HTTP query, the time stamp must be in ISO 8601 UTC format (for\nexample, 2016-10-03T23:00:00Z). CloudWatch rounds the specified time stamp as\nfollows:\n - Start time less than 15 days ago - Round down to the nearest whole minute.\n For example, 12:32:34 is rounded down to 12:32:00.\n - Start time between 15 and 63 days ago - Round down to the nearest 5-minute\n clock interval. For example, 12:32:34 is rounded down to 12:30:00.\n - Start time greater than 63 days ago - Round down to the nearest 1-hour\n clock interval. For example, 12:32:34 is rounded down to 12:00:00.\nIf you set Period to 5, 10, or 30, the start time of your request is rounded\ndown to the nearest time that corresponds to even 5-, 10-, or 30-second\ndivisions of a minute. For example, if you make a query at (HH:mm:ss) 01:05:23\nfor the previous 10-second period, the start time of your request is rounded\ndown and you receive data from 01:05:10 to 01:05:20. If you make a query at\n15:07:17 for the previous 5 minutes of data, using a period of 5 seconds, you\nreceive data timestamped between 15:02:15 and 15:07:15.\n\nThis member is required." }, { "type": "null" @@ -1403,7 +1517,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "The percentile statistics. Specify values between p0.0 and p100. When calling\nGetMetricStatistics , you must specify either Statistics or ExtendedStatistics ,\nbut not both. Percentile statistics are not available for metrics when any of\nthe metric values are negative numbers." }, { "type": "null" @@ -1416,7 +1531,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "The metric statistics, other than percentile. For percentile statistics, use\nExtendedStatistics . When calling GetMetricStatistics , you must specify either\nStatistics or ExtendedStatistics , but not both." }, { "type": "null" @@ -1424,7 +1540,8 @@ ] }, "Unit": { - "type": "string" + "type": "string", + "description": "The unit for a given metric. If you omit Unit , all data that was collected with\nany unit is returned, along with the corresponding units that were specified\nwhen the data was reported to CloudWatch. If you specify a unit, the operation\nreturns only data that was collected with that unit specified. If you specify a\nunit that does not match the data collected, the results of the operation are\nnull. CloudWatch does not perform unit conversions." } }, "additionalProperties": false, @@ -1438,7 +1555,8 @@ "items": { "$ref": "#/$defs/DimensionFilter" }, - "type": "array" + "type": "array", + "description": "The dimensions to filter against. Only the dimensions that match exactly will\nbe returned." }, { "type": "null" @@ -1446,12 +1564,14 @@ ] }, "IncludeLinkedAccounts": { - "type": "boolean" + "type": "boolean", + "description": "If you are using this operation in a monitoring account, specify true to\ninclude metrics from source accounts in the returned data. The default is false ." }, "MetricName": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The name of the metric to filter against. Only the metrics with names that\nmatch exactly will be returned." }, { "type": "null" @@ -1461,7 +1581,8 @@ "Namespace": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The metric namespace to filter against. Only the namespace that matches exactly\nwill be returned." }, { "type": "null" @@ -1471,7 +1592,8 @@ "OwningAccount": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "When you use this operation in a monitoring account, use this field to return\nmetrics only from one source account. To do so, specify that source account ID\nin this field, and also specify true for IncludeLinkedAccounts ." }, { "type": "null" @@ -1479,7 +1601,8 @@ ] }, "RecentlyActive": { - "type": "string" + "type": "string", + "description": "To filter the results to show only metrics that have had data points published\nin the past three hours, specify this parameter with a value of PT3H . This is\nthe only valid value for this parameter. The results that are returned are an\napproximation of the value you specify. There is a low probability that the\nreturned results include metrics with last published data as much as 40 minutes\nmore than the specified time interval." } }, "additionalProperties": false, @@ -1518,7 +1641,8 @@ "Key": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The unique name of the Cost Category." }, { "type": "null" @@ -1531,7 +1655,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "The match options that you can use to filter your results. MatchOptions is only\napplicable for actions related to cost category. The default values for\nMatchOptions is EQUALS and CASE_SENSITIVE ." }, { "type": "null" @@ -1544,7 +1669,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "The specific value of the Cost Category." }, { "type": "null" @@ -1553,7 +1679,8 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "The Cost Categories values used for filtering the costs." }, "CostExplorerAPIs": { "properties": { @@ -1582,7 +1709,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "A \"contains\" operator to match for the filter used to create the rule." }, { "type": "null" @@ -1595,7 +1723,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "An \"equals\" operator to match for the filter used to create the rule." }, { "type": "null" @@ -1605,7 +1734,8 @@ "Exists": { "oneOf": [ { - "type": "boolean" + "type": "boolean", + "description": "An \"exists\" operator to match for the filter used to create the rule." }, { "type": "null" @@ -1618,7 +1748,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "A \"not equals\" operator to match for the filter used to create the rule." }, { "type": "null" @@ -1627,7 +1758,8 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "The criteria to use in the filter that defines the archive rule." }, "CustomAccessAnalyzerListFindingsInput": { "properties": { @@ -1637,7 +1769,8 @@ "additionalProperties": { "$ref": "#/$defs/Criterion" }, - "type": "object" + "type": "object", + "description": "A filter to match for the findings to return." }, { "type": "null" @@ -1647,7 +1780,8 @@ "MaxResults": { "oneOf": [ { - "type": "integer" + "type": "integer", + "description": "The maximum number of results to return in the response." }, { "type": "null" @@ -1657,7 +1791,8 @@ "Sort": { "oneOf": [ { - "$ref": "#/$defs/SortCriteria" + "$ref": "#/$defs/SortCriteria", + "description": "The sort order for the findings returned." }, { "type": "null" @@ -1674,7 +1809,8 @@ "oneOf": [ { "type": "string", - "format": "date-time" + "format": "date-time", + "description": "Specifies that only events that occur before or at the specified time are\nreturned. If the specified end time is before the specified start time, an error\nis returned." }, { "type": "null" @@ -1682,7 +1818,8 @@ ] }, "EventCategory": { - "type": "string" + "type": "string", + "description": "Specifies the event category. If you do not specify an event category, events\nof the category are not returned in the response. For example, if you do not\nspecify insight as the value of EventCategory , no Insights events are returned." }, "LookupAttributes": { "oneOf": [ @@ -1690,7 +1827,8 @@ "items": { "$ref": "#/$defs/LookupAttribute" }, - "type": "array" + "type": "array", + "description": "Contains a list of lookup attributes. Currently the list can contain only one\nitem." }, { "type": "null" @@ -1700,7 +1838,8 @@ "MaxResults": { "oneOf": [ { - "type": "integer" + "type": "integer", + "description": "The number of events to return. Possible values are 1 through 50. The default\nis 50." }, { "type": "null" @@ -1711,7 +1850,8 @@ "oneOf": [ { "type": "string", - "format": "date-time" + "format": "date-time", + "description": "Specifies that only events that occur after or at the specified time are\nreturned. If the specified start time is after the specified end time, an error\nis returned." }, { "type": "null" @@ -1727,7 +1867,8 @@ "ContainerInstance": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The container instance ID or full ARN of the container instance to use when\nfiltering the ListTasks results. Specifying a containerInstance limits the\nresults to tasks that belong to that container instance." }, { "type": "null" @@ -1735,12 +1876,14 @@ ] }, "DesiredStatus": { - "type": "string" + "type": "string", + "description": "The task desired status to use when filtering the ListTasks results. Specifying\na desiredStatus of STOPPED limits the results to tasks that Amazon ECS has set\nthe desired status to STOPPED . This can be useful for debugging tasks that\naren't starting properly or have died or finished. The default status filter is\nRUNNING , which shows tasks that Amazon ECS has set the desired status to\nRUNNING . Although you can filter results based on a desired status of PENDING ,\nthis doesn't return any results. Amazon ECS never sets the desired status of a\ntask to that value (only a task's lastStatus may have a value of PENDING )." }, "Family": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The name of the task definition family to use when filtering the ListTasks\nresults. Specifying a family limits the results to tasks that belong to that\nfamily." }, { "type": "null" @@ -1748,7 +1891,8 @@ ] }, "LaunchType": { - "type": "string" + "type": "string", + "description": "The launch type to use when filtering the ListTasks results." }, "MaxResults": { "oneOf": [ @@ -1756,6 +1900,7 @@ "type": "integer", "maximum": 100, "minimum": 1, + "description": "The maximum number of task results that ListTasks returned in paginated output.\nWhen this parameter is used, ListTasks only returns maxResults results in a\nsingle page along with a nextToken response element. The remaining results of\nthe initial request can be seen by sending another ListTasks request with the\nreturned nextToken value. This value can be between 1 and 100. If this\nparameter isn't used, then ListTasks returns up to 100 results and a nextToken\nvalue if applicable.", "default": 100 }, { @@ -1766,7 +1911,8 @@ "ServiceName": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The name of the service to use when filtering the ListTasks results. Specifying\na serviceName limits the results to tasks that belong to that service." }, { "type": "null" @@ -1776,7 +1922,8 @@ "StartedBy": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The startedBy value to filter the task results with. Specifying a startedBy\nvalue limits the results to tasks that were started with that value. When you\nspecify startedBy as the filter, it must be the only filter that you use." }, { "type": "null" @@ -1790,7 +1937,8 @@ "CustomGetCostAndUsageInput": { "properties": { "Granularity": { - "type": "string" + "type": "string", + "description": "Sets the Amazon Web Services cost granularity to MONTHLY or DAILY , or HOURLY .\nIf Granularity isn't set, the response object doesn't include the Granularity ,\neither MONTHLY or DAILY , or HOURLY .\n\nThis member is required." }, "Metrics": { "oneOf": [ @@ -1798,7 +1946,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "Which metrics are returned in the query. For more information about blended and\nunblended rates, see Why does the \"blended\" annotation appear on some line\nitems in my bill? (http://aws.amazon.com/premiumsupport/knowledge-center/blended-rates-intro/)\n. Valid values are AmortizedCost , BlendedCost , NetAmortizedCost ,\nNetUnblendedCost , NormalizedUsageAmount , UnblendedCost , and UsageQuantity .\nIf you return the UsageQuantity metric, the service aggregates all usage\nnumbers without taking into account the units. For example, if you aggregate\nusageQuantity across all of Amazon EC2, the results aren't meaningful because\nAmazon EC2 compute hours and data transfer are measured in different units (for\nexample, hours and GB). To get more meaningful UsageQuantity metrics, filter by\nUsageType or UsageTypeGroups . Metrics is required for GetCostAndUsage requests.\n\nThis member is required." }, { "type": "null" @@ -1808,7 +1957,8 @@ "TimePeriod": { "oneOf": [ { - "$ref": "#/$defs/DateInterval" + "$ref": "#/$defs/DateInterval", + "description": "Sets the start date and end date for retrieving Amazon Web Services costs. The\nstart date is inclusive, but the end date is exclusive. For example, if start\nis 2017-01-01 and end is 2017-05-01 , then the cost and usage data is retrieved\nfrom 2017-01-01 up to and including 2017-04-30 but not including 2017-05-01 .\n\nThis member is required." }, { "type": "null" @@ -1818,7 +1968,8 @@ "Filter": { "oneOf": [ { - "$ref": "#/$defs/Expression" + "$ref": "#/$defs/Expression", + "description": "Filters Amazon Web Services costs by different dimensions. For example, you can\nspecify SERVICE and LINKED_ACCOUNT and get the costs that are associated with\nthat account's usage of that service. You can nest Expression objects to define\nany combination of dimension filters. For more information, see Expression (https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html)\n. Valid values for MatchOptions for Dimensions are EQUALS and CASE_SENSITIVE .\nValid values for MatchOptions for CostCategories and Tags are EQUALS , ABSENT ,\nand CASE_SENSITIVE . Default values are EQUALS and CASE_SENSITIVE ." }, { "type": "null" @@ -1831,7 +1982,8 @@ "items": { "$ref": "#/$defs/GroupDefinition" }, - "type": "array" + "type": "array", + "description": "You can group Amazon Web Services costs using up to two different groups,\neither dimensions, tag keys, cost categories, or any two group by types. Valid\nvalues for the DIMENSION type are AZ , INSTANCE_TYPE , LEGAL_ENTITY_NAME ,\nINVOICING_ENTITY , LINKED_ACCOUNT , OPERATION , PLATFORM , PURCHASE_TYPE ,\nSERVICE , TENANCY , RECORD_TYPE , and USAGE_TYPE . When you group by the TAG\ntype and include a valid tag key, you get all tag values, including empty\nstrings." }, { "type": "null" @@ -1847,7 +1999,8 @@ "FilterCriteria": { "oneOf": [ { - "$ref": "#/$defs/FilterCriteria" + "$ref": "#/$defs/FilterCriteria", + "description": "Details on the filters to apply to your finding results." }, { "type": "null" @@ -1857,7 +2010,8 @@ "MaxResults": { "oneOf": [ { - "type": "integer" + "type": "integer", + "description": "The maximum number of results to return in the response." }, { "type": "null" @@ -1867,7 +2021,8 @@ "SortCriteria": { "oneOf": [ { - "$ref": "#/$defs/SortCriteria-1" + "$ref": "#/$defs/SortCriteria-1", + "description": "Details on the sort criteria to apply to your finding results." }, { "type": "null" @@ -1883,7 +2038,8 @@ "Filters": { "oneOf": [ { - "$ref": "#/$defs/AwsSecurityFindingFilters" + "$ref": "#/$defs/AwsSecurityFindingFilters", + "description": "The finding attributes used to define a condition to filter the returned\nfindings. You can filter by up to 10 finding attributes. For each attribute, you\ncan provide up to 20 filter values. Note that in the available filter fields,\nWorkflowState is deprecated. To search for a finding based on its workflow\nstatus, use WorkflowStatus ." }, { "type": "null" @@ -1894,6 +2050,7 @@ "type": "integer", "maximum": 100, "minimum": 1, + "description": "The maximum number of findings to return.", "default": 100 }, "SortCriteria": { @@ -1902,7 +2059,8 @@ "items": { "$ref": "#/$defs/SortCriterion" }, - "type": "array" + "type": "array", + "description": "The finding attributes used to sort the list of returned findings." }, { "type": "null" @@ -1919,7 +2077,8 @@ "oneOf": [ { "type": "string", - "format": "date-time" + "format": "date-time", + "description": "A timestamp representing the end of the time period filtered on." }, { "type": "null" @@ -1930,7 +2089,8 @@ "oneOf": [ { "type": "string", - "format": "date-time" + "format": "date-time", + "description": "A timestamp representing the start of the time period filtered on." }, { "type": "null" @@ -1939,14 +2099,16 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "Contains details on the time range used to filter findings." }, "DateFilter-1": { "properties": { "DateRange": { "oneOf": [ { - "$ref": "#/$defs/DateRange" + "$ref": "#/$defs/DateRange", + "description": "A date range for the date filter." }, { "type": "null" @@ -1956,7 +2118,8 @@ "End": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "A timestamp that provides the end date for the date filter. A correctly\nformatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces,\nand date and time should be separated by T . For more information, see RFC 3339\nsection 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6)\n." }, { "type": "null" @@ -1966,7 +2129,8 @@ "Start": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "A timestamp that provides the start date for the date filter. A correctly\nformatted example is 2020-05-21T20:16:34.724Z . The value cannot contain spaces,\nand date and time should be separated by T . For more information, see RFC 3339\nsection 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6)\n." }, { "type": "null" @@ -1975,14 +2139,16 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "A date filter for querying findings." }, "DateInterval": { "properties": { "End": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The end of the time period. The end date is exclusive. For example, if end is\n2017-05-01 , Amazon Web Services retrieves cost and usage data from the start\ndate up to, but not including, 2017-05-01 .\n\nThis member is required." }, { "type": "null" @@ -1992,7 +2158,8 @@ "Start": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The beginning of the time period. The start date is inclusive. For example, if\nstart is 2017-01-01 , Amazon Web Services retrieves cost and usage data starting\nat 2017-01-01 up to the end date. The start date must be equal to or no later\nthan the current date to avoid a validation error.\n\nThis member is required." }, { "type": "null" @@ -2001,26 +2168,31 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "The time period of the request." }, "DateRange": { "properties": { "Unit": { - "type": "string" + "type": "string", + "description": "A date range unit for the date filter." }, "Value": { - "type": "integer" + "type": "integer", + "description": "A date range value for the date filter." } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "A date range for the date filter." }, "DimensionFilter": { "properties": { "Name": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The dimension name to be matched.\n\nThis member is required." }, { "type": "null" @@ -2030,7 +2202,8 @@ "Value": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The value of the dimension to be matched." }, { "type": "null" @@ -2039,12 +2212,14 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "Represents filters for a dimension." }, "DimensionValues": { "properties": { "Key": { - "type": "string" + "type": "string", + "description": "The names of the metadata types that you can use to filter and group your\nresults. For example, AZ returns a list of Availability Zones. Not all\ndimensions are supported in each API. Refer to the documentation for each\nspecific API to see what is supported. LINK_ACCOUNT_NAME and SERVICE_CODE can\nonly be used in CostCategoryRule (https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostCategoryRule.html)\n. ANOMALY_TOTAL_IMPACT_ABSOLUTE and ANOMALY_TOTAL_IMPACT_PERCENTAGE can only be\nused in AnomalySubscriptions (https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_AnomalySubscription.html)\n." }, "MatchOptions": { "oneOf": [ @@ -2052,7 +2227,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "The match options that you can use to filter your results. MatchOptions is only\napplicable for actions related to Cost Category and Anomaly Subscriptions. Refer\nto the documentation for each specific API to see what is supported. The default\nvalues for MatchOptions are EQUALS and CASE_SENSITIVE ." }, { "type": "null" @@ -2065,7 +2241,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "The metadata values that you can use to filter and group your results. You can\nuse GetDimensionValues to find specific values." }, { "type": "null" @@ -2074,7 +2251,8 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "The metadata that you can use to filter and group your results." }, "ECSTasks": { "properties": { @@ -2101,6 +2279,7 @@ "oneOf": [ { "type": "boolean", + "description": "Whether the full sync will be performed for the tables prior to engaging the event-based sync mode.", "default": true }, { @@ -2109,17 +2288,20 @@ ] }, "account": { - "$ref": "#/$defs/Account" + "$ref": "#/$defs/Account", + "description": "Account spec to configure sync." }, "kinesis_stream_arn": { "type": "string", - "pattern": "^arn(:[^:\n]*){5}([:/].*)?$" + "pattern": "^arn(:[^:\n]*){5}([:/].*)?$", + "description": "Amazon Kinesis stream ARN to subscribe to." }, "start_time": { "oneOf": [ { "type": "string", "format": "date-time", + "description": "The timestamp of the data record from which to start reading.", "default": "now" }, { @@ -2132,7 +2314,8 @@ "type": "object", "required": [ "kinesis_stream_arn" - ] + ], + "description": "Event-based sync configuration." }, "Expression": { "properties": { @@ -2142,7 +2325,8 @@ "items": { "$ref": "#/$defs/Expression" }, - "type": "array" + "type": "array", + "description": "Return results that match both Dimension objects." }, { "type": "null" @@ -2152,7 +2336,8 @@ "CostCategories": { "oneOf": [ { - "$ref": "#/$defs/CostCategoryValues" + "$ref": "#/$defs/CostCategoryValues", + "description": "The filter that's based on CostCategory values." }, { "type": "null" @@ -2162,7 +2347,8 @@ "Dimensions": { "oneOf": [ { - "$ref": "#/$defs/DimensionValues" + "$ref": "#/$defs/DimensionValues", + "description": "The specific Dimension to use for Expression ." }, { "type": "null" @@ -2172,7 +2358,8 @@ "Not": { "oneOf": [ { - "$ref": "#/$defs/Expression" + "$ref": "#/$defs/Expression", + "description": "Return results that don't match a Dimension object." }, { "type": "null" @@ -2185,7 +2372,8 @@ "items": { "$ref": "#/$defs/Expression" }, - "type": "array" + "type": "array", + "description": "Return results that match either Dimension object." }, { "type": "null" @@ -2195,7 +2383,8 @@ "Tags": { "oneOf": [ { - "$ref": "#/$defs/TagValues" + "$ref": "#/$defs/TagValues", + "description": "The specific Tag to use for Expression ." }, { "type": "null" @@ -2204,7 +2393,8 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "Use Expression to filter in various Cost Explorer APIs." }, "FilterCriteria": { "properties": { @@ -2214,7 +2404,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details of the Amazon Web Services account IDs used to filter findings." }, { "type": "null" @@ -2227,7 +2418,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "The name of the detector used to identify a code vulnerability in a Lambda\nfunction used to filter findings." }, { "type": "null" @@ -2240,7 +2432,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "The detector type tag associated with the vulnerability used to filter\nfindings. Detector tags group related vulnerabilities by common themes or\ntactics. For a list of available tags by programming language, see Java tags (https://docs.aws.amazon.com/codeguru/detector-library/java/tags/)\n, or Python tags (https://docs.aws.amazon.com/codeguru/detector-library/python/tags/)\n." }, { "type": "null" @@ -2253,7 +2446,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "The file path to the file in a Lambda function that contains a code\nvulnerability used to filter findings." }, { "type": "null" @@ -2266,7 +2460,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details of the component IDs used to filter findings." }, { "type": "null" @@ -2279,7 +2474,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details of the component types used to filter findings." }, { "type": "null" @@ -2292,7 +2488,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details of the Amazon EC2 instance image IDs used to filter findings." }, { "type": "null" @@ -2305,7 +2502,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details of the Amazon EC2 instance subnet IDs used to filter findings." }, { "type": "null" @@ -2318,7 +2516,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details of the Amazon EC2 instance VPC IDs used to filter findings." }, { "type": "null" @@ -2331,7 +2530,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details of the Amazon ECR image architecture types used to filter findings." }, { "type": "null" @@ -2344,7 +2544,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details of the Amazon ECR image hashes used to filter findings." }, { "type": "null" @@ -2357,7 +2558,8 @@ "items": { "$ref": "#/$defs/DateFilter" }, - "type": "array" + "type": "array", + "description": "Details on the Amazon ECR image push date and time used to filter findings." }, { "type": "null" @@ -2370,7 +2572,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the Amazon ECR registry used to filter findings." }, { "type": "null" @@ -2383,7 +2586,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the name of the Amazon ECR repository used to filter findings." }, { "type": "null" @@ -2396,7 +2600,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "The tags attached to the Amazon ECR container image." }, { "type": "null" @@ -2409,7 +2614,8 @@ "items": { "$ref": "#/$defs/NumberFilter" }, - "type": "array" + "type": "array", + "description": "The EPSS score used to filter findings." }, { "type": "null" @@ -2422,7 +2628,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Filters the list of AWS Lambda findings by the availability of exploits." }, { "type": "null" @@ -2435,7 +2642,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the finding ARNs used to filter findings." }, { "type": "null" @@ -2448,7 +2656,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the finding status types used to filter findings." }, { "type": "null" @@ -2461,7 +2670,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the finding types used to filter findings." }, { "type": "null" @@ -2474,7 +2684,8 @@ "items": { "$ref": "#/$defs/DateFilter" }, - "type": "array" + "type": "array", + "description": "Details on the date and time a finding was first seen used to filter findings." }, { "type": "null" @@ -2487,7 +2698,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on whether a fix is available through a version update. This value can\nbe YES , NO , or PARTIAL . A PARTIAL fix means that some, but not all, of the\npackages identified in the finding have fixes available through updated\nversions." }, { "type": "null" @@ -2500,7 +2712,8 @@ "items": { "$ref": "#/$defs/NumberFilter" }, - "type": "array" + "type": "array", + "description": "The Amazon Inspector score to filter on." }, { "type": "null" @@ -2513,7 +2726,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Filters the list of AWS Lambda functions by execution role." }, { "type": "null" @@ -2526,7 +2740,8 @@ "items": { "$ref": "#/$defs/DateFilter" }, - "type": "array" + "type": "array", + "description": "Filters the list of AWS Lambda functions by the date and time that a user last\nupdated the configuration, in ISO 8601 format (https://www.iso.org/iso-8601-date-and-time-format.html)" }, { "type": "null" @@ -2539,7 +2754,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Filters the list of AWS Lambda functions by the function's layers (https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html)\n. A Lambda function can have up to five layers." }, { "type": "null" @@ -2552,7 +2768,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Filters the list of AWS Lambda functions by the name of the function." }, { "type": "null" @@ -2565,7 +2782,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Filters the list of AWS Lambda functions by the runtime environment for the\nLambda function." }, { "type": "null" @@ -2578,7 +2796,8 @@ "items": { "$ref": "#/$defs/DateFilter" }, - "type": "array" + "type": "array", + "description": "Details on the date and time a finding was last seen used to filter findings." }, { "type": "null" @@ -2591,7 +2810,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on network protocol used to filter findings." }, { "type": "null" @@ -2604,7 +2824,8 @@ "items": { "$ref": "#/$defs/PortRangeFilter" }, - "type": "array" + "type": "array", + "description": "Details on the port ranges used to filter findings." }, { "type": "null" @@ -2617,7 +2838,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the related vulnerabilities used to filter findings." }, { "type": "null" @@ -2630,7 +2852,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the resource IDs used to filter findings." }, { "type": "null" @@ -2643,7 +2866,8 @@ "items": { "$ref": "#/$defs/MapFilter" }, - "type": "array" + "type": "array", + "description": "Details on the resource tags used to filter findings." }, { "type": "null" @@ -2656,7 +2880,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the resource types used to filter findings." }, { "type": "null" @@ -2669,7 +2894,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the severity used to filter findings." }, { "type": "null" @@ -2682,7 +2908,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the finding title used to filter findings." }, { "type": "null" @@ -2695,7 +2922,8 @@ "items": { "$ref": "#/$defs/DateFilter" }, - "type": "array" + "type": "array", + "description": "Details on the date and time a finding was last updated at used to filter\nfindings." }, { "type": "null" @@ -2708,7 +2936,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the vendor severity used to filter findings." }, { "type": "null" @@ -2721,7 +2950,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the vulnerability ID used to filter findings." }, { "type": "null" @@ -2734,7 +2964,8 @@ "items": { "$ref": "#/$defs/StringFilter" }, - "type": "array" + "type": "array", + "description": "Details on the vulnerability type used to filter findings." }, { "type": "null" @@ -2747,7 +2978,8 @@ "items": { "$ref": "#/$defs/PackageFilter" }, - "type": "array" + "type": "array", + "description": "Details on the vulnerable packages used to filter findings." }, { "type": "null" @@ -2756,14 +2988,16 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "Details on the criteria used to define the filter." }, "GroupDefinition": { "properties": { "Key": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The string that represents a key for a specified group." }, { "type": "null" @@ -2771,11 +3005,13 @@ ] }, "Type": { - "type": "string" + "type": "string", + "description": "The string that represents the type of group." } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "Represents a group when you specify a group by criteria or in the response to a query with a specific grouping." }, "Inspector2Findings": { "properties": { @@ -2801,7 +3037,8 @@ "Cidr": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "A finding's CIDR value." }, { "type": "null" @@ -2810,14 +3047,16 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "The IP filter for querying findings." }, "KeywordFilter": { "properties": { "Value": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "A value for the keyword." }, { "type": "null" @@ -2826,17 +3065,20 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "A keyword filter for querying findings." }, "LookupAttribute": { "properties": { "AttributeKey": { - "type": "string" + "type": "string", + "description": "Specifies an attribute on which to filter the events returned.\n\nThis member is required." }, "AttributeValue": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "Specifies a value for the specified AttributeKey.\n\nThis member is required." }, { "type": "null" @@ -2845,17 +3087,20 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "Specifies an attribute and value that filter the events returned." }, "MapFilter": { "properties": { "Comparison": { - "type": "string" + "type": "string", + "description": "The operator to use when comparing values in the filter.\n\nThis member is required." }, "Key": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The tag key used in the filter.\n\nThis member is required." }, { "type": "null" @@ -2865,7 +3110,8 @@ "Value": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The tag value used in the filter." }, { "type": "null" @@ -2874,17 +3120,20 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "An object that describes details of a map filter." }, "MapFilter-1": { "properties": { "Comparison": { - "type": "string" + "type": "string", + "description": "The condition to apply to the key value when filtering Security Hub findings\nwith a map filter. To search for values that have the filter value, use one of\nthe following comparison operators:\n - To search for values that include the filter value, use CONTAINS . For\n example, for the ResourceTags field, the filter Department CONTAINS Security\n matches findings that include the value Security for the Department tag. In\n the same example, a finding with a value of Security team for the Department\n tag is a match.\n - To search for values that exactly match the filter value, use EQUALS . For\n example, for the ResourceTags field, the filter Department EQUALS Security\n matches findings that have the value Security for the Department tag.\nCONTAINS and EQUALS filters on the same field are joined by OR . A finding\nmatches if it matches any one of those filters. For example, the filters\nDepartment CONTAINS Security OR Department CONTAINS Finance match a finding that\nincludes either Security , Finance , or both values. To search for values that\ndon't have the filter value, use one of the following comparison operators:\n - To search for values that exclude the filter value, use NOT_CONTAINS . For\n example, for the ResourceTags field, the filter Department NOT_CONTAINS\n Finance matches findings that exclude the value Finance for the Department\n tag.\n - To search for values other than the filter value, use NOT_EQUALS . For\n example, for the ResourceTags field, the filter Department NOT_EQUALS Finance\n matches findings that don’t have the value Finance for the Department tag.\nNOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A\nfinding matches only if it matches all of those filters. For example, the\nfilters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance\nmatch a finding that excludes both the Security and Finance values. CONTAINS\nfilters can only be used with other CONTAINS filters. NOT_CONTAINS filters can\nonly be used with other NOT_CONTAINS filters. You can’t have both a CONTAINS\nfilter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have\nboth an EQUALS filter and a NOT_EQUALS filter on the same field. Combining\nfilters in this way returns an error. CONTAINS and NOT_CONTAINS operators can\nbe used only with automation rules. For more information, see Automation rules (https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html)\nin the Security Hub User Guide." }, "Key": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The key of the map filter. For example, for ResourceTags , Key identifies the\nname of the tag. For UserDefinedFields , Key is the name of the field." }, { "type": "null" @@ -2894,7 +3143,8 @@ "Value": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The value for the key in the map filter. Filter values are case sensitive. For\nexample, one of the values for a tag called Department might be Security . If\nyou provide security as the filter value, then there's no match." }, { "type": "null" @@ -2903,14 +3153,16 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "A map filter for filtering Security Hub findings." }, "NumberFilter": { "properties": { "LowerInclusive": { "oneOf": [ { - "type": "number" + "type": "number", + "description": "The lowest number to be included in the filter." }, { "type": "null" @@ -2920,7 +3172,8 @@ "UpperInclusive": { "oneOf": [ { - "type": "number" + "type": "number", + "description": "The highest number to be included in the filter." }, { "type": "null" @@ -2929,29 +3182,35 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "An object that describes the details of a number filter." }, "NumberFilter-1": { "properties": { "Eq": { - "type": "number" + "type": "number", + "description": "The equal-to condition to be applied to a single field when querying for\nfindings." }, "Gte": { - "type": "number" + "type": "number", + "description": "The greater-than-equal condition to be applied to a single field when querying\nfor findings." }, "Lte": { - "type": "number" + "type": "number", + "description": "The less-than-equal condition to be applied to a single field when querying for\nfindings." } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "A number filter for querying findings." }, - "Org": { + "Organization": { "properties": { "admin_account": { "oneOf": [ { - "$ref": "#/$defs/Account" + "$ref": "#/$defs/Account", + "description": "Configuration for how to grab credentials from an admin account." }, { "type": "null" @@ -2961,7 +3220,8 @@ "member_trusted_principal": { "oneOf": [ { - "$ref": "#/$defs/Account" + "$ref": "#/$defs/Account", + "description": "Configuration for how to specify the principle to use in order to assume a role in the member accounts." }, { "type": "null" @@ -2970,21 +3230,26 @@ }, "member_role_name": { "type": "string", - "minLength": 1 + "minLength": 1, + "description": "Role name that CloudQuery should use to assume a role in the member account from the admin account.\n\nNote: This is not a full ARN, it is just the name." }, "member_role_session_name": { - "type": "string" + "type": "string", + "description": "Overrides the default session name." }, "member_external_id": { - "type": "string" + "type": "string", + "description": "Specify an external ID for use in the trust policy." }, "member_regions": { "oneOf": [ { "items": { - "type": "string" + "type": "string", + "minLength": 1 }, - "type": "array" + "type": "array", + "description": "Limit fetching resources within this specific account to only these regions.\nThis will override any regions specified in the provider block.\nYou can specify all regions by using the `*` character as the only argument in the array." }, { "type": "null" @@ -2998,7 +3263,8 @@ "type": "string", "pattern": "^((ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})|(r-[0-9a-z]{4,32}))$" }, - "type": "array" + "type": "array", + "description": "List of Organizational Units that CloudQuery should use to source accounts from.\nIf you specify an OU, CloudQuery will also traverse nested OUs." }, { "type": "null" @@ -3012,7 +3278,8 @@ "type": "string", "pattern": "^((ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})|(r-[0-9a-z]{4,32}))$" }, - "type": "array" + "type": "array", + "description": "List of Organizational Units to skip.\nThis is useful in conjunction with `organization_units` if there are child OUs that should be ignored." }, { "type": "null" @@ -3025,7 +3292,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "List of OU member accounts to skip.\nThis is useful if there are accounts under the selected OUs that should be ignored." }, { "type": "null" @@ -3037,14 +3305,16 @@ "type": "object", "required": [ "member_role_name" - ] + ], + "description": "Organization mode spec used to source all accounts underneath automatically." }, "PackageFilter": { "properties": { "Architecture": { "oneOf": [ { - "$ref": "#/$defs/StringFilter" + "$ref": "#/$defs/StringFilter", + "description": "An object that contains details on the package architecture type to filter on." }, { "type": "null" @@ -3054,7 +3324,8 @@ "Epoch": { "oneOf": [ { - "$ref": "#/$defs/NumberFilter" + "$ref": "#/$defs/NumberFilter", + "description": "An object that contains details on the package epoch to filter on." }, { "type": "null" @@ -3064,7 +3335,8 @@ "Name": { "oneOf": [ { - "$ref": "#/$defs/StringFilter" + "$ref": "#/$defs/StringFilter", + "description": "An object that contains details on the name of the package to filter on." }, { "type": "null" @@ -3074,7 +3346,8 @@ "Release": { "oneOf": [ { - "$ref": "#/$defs/StringFilter" + "$ref": "#/$defs/StringFilter", + "description": "An object that contains details on the package release to filter on." }, { "type": "null" @@ -3084,7 +3357,8 @@ "SourceLambdaLayerArn": { "oneOf": [ { - "$ref": "#/$defs/StringFilter" + "$ref": "#/$defs/StringFilter", + "description": "An object that describes the details of a string filter." }, { "type": "null" @@ -3094,7 +3368,8 @@ "SourceLayerHash": { "oneOf": [ { - "$ref": "#/$defs/StringFilter" + "$ref": "#/$defs/StringFilter", + "description": "An object that contains details on the source layer hash to filter on." }, { "type": "null" @@ -3104,7 +3379,8 @@ "Version": { "oneOf": [ { - "$ref": "#/$defs/StringFilter" + "$ref": "#/$defs/StringFilter", + "description": "The package version to filter on." }, { "type": "null" @@ -3113,14 +3389,16 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "Contains information on the details of a package filter." }, "PortRangeFilter": { "properties": { "BeginInclusive": { "oneOf": [ { - "type": "integer" + "type": "integer", + "description": "The port number the port range begins at." }, { "type": "null" @@ -3130,7 +3408,8 @@ "EndInclusive": { "oneOf": [ { - "type": "integer" + "type": "integer", + "description": "The port number the port range ends at." }, { "type": "null" @@ -3139,7 +3418,8 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "An object that describes the details of a port range filter." }, "SecurityHubFindings": { "properties": { @@ -3165,7 +3445,8 @@ "AttributeName": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The name of the attribute to sort on." }, { "type": "null" @@ -3173,30 +3454,36 @@ ] }, "OrderBy": { - "type": "string" + "type": "string", + "description": "The sort order, ascending or descending." } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "The criteria used to sort." }, "SortCriteria-1": { "properties": { "Field": { - "type": "string" + "type": "string", + "description": "The finding detail field by which results are sorted.\n\nThis member is required." }, "SortOrder": { - "type": "string" + "type": "string", + "description": "The order by which findings are sorted.\n\nThis member is required." } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "Details about the criteria used to sort finding results." }, "SortCriterion": { "properties": { "Field": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The finding attribute used to sort findings." }, { "type": "null" @@ -3204,11 +3491,13 @@ ] }, "SortOrder": { - "type": "string" + "type": "string", + "description": "The order used to sort findings." } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "A collection of finding attributes used to sort findings." }, "Spec": { "allOf": [ @@ -3217,7 +3506,8 @@ "properties": { "custom_endpoint_url": { "type": "string", - "minLength": 1 + "minLength": 1, + "description": "The base URL endpoint the SDK API clients will use to make API calls to.\nThe SDK will suffix URI path and query elements to this endpoint." } }, "required": [ @@ -3228,14 +3518,17 @@ "properties": { "custom_endpoint_partition_id": { "type": "string", - "minLength": 1 + "minLength": 1, + "description": "The AWS partition the endpoint belongs to." }, "custom_endpoint_signing_region": { "type": "string", - "minLength": 1 + "minLength": 1, + "description": "The region that should be used for signing the request to the endpoint." }, "custom_endpoint_hostname_immutable": { - "type": "boolean" + "type": "boolean", + "description": "Specifies if the endpoint's hostname can be modified by the SDK's API client.\nWhen using something like LocalStack make sure to set it equal to `true`." } }, "required": [ @@ -3249,14 +3542,16 @@ "not": { "properties": { "org": { - "$ref": "#/$defs/Org" + "$ref": "#/$defs/Organization", + "description": "In AWS organization mode, CloudQuery will source all accounts underneath automatically." }, "accounts": { "items": { "$ref": "#/$defs/Account" }, "type": "array", - "minItems": 1 + "minItems": 1, + "description": "List of all accounts to fetch information from." } }, "required": [ @@ -3274,7 +3569,8 @@ "type": "string", "minLength": 1 }, - "type": "array" + "type": "array", + "description": "Regions to use." }, { "type": "null" @@ -3287,7 +3583,8 @@ "items": { "$ref": "#/$defs/Account" }, - "type": "array" + "type": "array", + "description": "List of all accounts to fetch information from." }, { "type": "null" @@ -3297,7 +3594,8 @@ "org": { "oneOf": [ { - "$ref": "#/$defs/Org" + "$ref": "#/$defs/Organization", + "description": "In AWS organization mode, CloudQuery will source all accounts underneath automatically." }, { "type": "null" @@ -3305,12 +3603,14 @@ ] }, "aws_debug": { - "type": "boolean" + "type": "boolean", + "description": "If `true`, will log AWS debug logs, including retries and other request/response metadata." }, "max_retries": { "oneOf": [ { "type": "integer", + "description": "Defines the maximum number of times an API request will be retried.", "default": 10 }, { @@ -3322,6 +3622,7 @@ "oneOf": [ { "type": "integer", + "description": "Defines the duration between retry attempts.", "default": 30 }, { @@ -3330,12 +3631,14 @@ ] }, "custom_endpoint_url": { - "type": "string" + "type": "string", + "description": "The base URL endpoint the SDK API clients will use to make API calls to.\nThe SDK will suffix URI path and query elements to this endpoint." }, "custom_endpoint_hostname_immutable": { "oneOf": [ { - "type": "boolean" + "type": "boolean", + "description": "Specifies if the endpoint's hostname can be modified by the SDK's API client.\nWhen using something like LocalStack make sure to set it equal to `true`." }, { "type": "null" @@ -3343,29 +3646,35 @@ ] }, "custom_endpoint_partition_id": { - "type": "string" + "type": "string", + "description": "The AWS partition the endpoint belongs to." }, "custom_endpoint_signing_region": { - "type": "string" + "type": "string", + "description": "The region that should be used for signing the request to the endpoint." }, "initialization_concurrency": { "type": "integer", "minimum": 1, + "description": "During initialization the AWS source plugin fetches information about each account and region.\nThis setting controls how many accounts can be initialized concurrently.\nOnly configurations with many accounts (either hardcoded or discovered via Organizations)\nshould require modifying this setting, to either lower it to avoid rate limit errors, or to increase it to speed up the initialization process.", "default": 4 }, "concurrency": { "type": "integer", "minimum": 1, + "description": "The best effort maximum number of Go routines to use. Lower this number to reduce memory usage.", "default": 50000 }, "use_paid_apis": { "type": "boolean", + "description": "When set to `true` plugin will sync data from APIs that incur a fee.\nCurrently only `aws_costexplorer*` and `aws_alpha_cloudwatch_metric*` tables require this flag to be set to `true`.", "default": false }, "table_options": { "oneOf": [ { - "$ref": "#/$defs/TableOptions" + "$ref": "#/$defs/TableOptions", + "description": "This is a preview feature (for more information about `preview` features look at [plugin versioning](/docs/plugins/sources/aws/versioning))\nthat enables users to override the default options for specific tables." }, { "type": "null" @@ -3375,7 +3684,8 @@ "event_based_sync": { "oneOf": [ { - "$ref": "#/$defs/EventBasedSync" + "$ref": "#/$defs/EventBasedSync", + "description": "This feature is available only in premium version of the plugin." }, { "type": "null" @@ -3383,7 +3693,8 @@ ] }, "scheduler": { - "$ref": "#/$defs/Strategy" + "$ref": "#/$defs/Strategy", + "description": "The scheduler to use when determining the priority of resources to sync.\n\nFor more information about this, see [performance tuning](/docs/advanced-topics/performance-tuning)." } }, "additionalProperties": false, @@ -3402,12 +3713,14 @@ "StringFilter": { "properties": { "Comparison": { - "type": "string" + "type": "string", + "description": "The operator to use when comparing values in the filter.\n\nThis member is required." }, "Value": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The value to filter on.\n\nThis member is required." }, { "type": "null" @@ -3416,17 +3729,20 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "An object that describes the details of a string filter." }, "StringFilter-1": { "properties": { "Comparison": { - "type": "string" + "type": "string", + "description": "The condition to apply to a string value when filtering Security Hub findings.\nTo search for values that have the filter value, use one of the following\ncomparison operators:\n - To search for values that include the filter value, use CONTAINS . For\n example, the filter Title CONTAINS CloudFront matches findings that have a\n Title that includes the string CloudFront.\n - To search for values that exactly match the filter value, use EQUALS . For\n example, the filter AwsAccountId EQUALS 123456789012 only matches findings\n that have an account ID of 123456789012 .\n - To search for values that start with the filter value, use PREFIX . For\n example, the filter ResourceRegion PREFIX us matches findings that have a\n ResourceRegion that starts with us . A ResourceRegion that starts with a\n different value, such as af , ap , or ca , doesn't match.\nCONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A\nfinding matches if it matches any one of those filters. For example, the filters\nTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that\nincludes either CloudFront , CloudWatch , or both strings in the title. To\nsearch for values that don’t have the filter value, use one of the following\ncomparison operators:\n - To search for values that exclude the filter value, use NOT_CONTAINS . For\n example, the filter Title NOT_CONTAINS CloudFront matches findings that have a\n Title that excludes the string CloudFront.\n - To search for values other than the filter value, use NOT_EQUALS . For\n example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings\n that have an account ID other than 123456789012 .\n - To search for values that don't start with the filter value, use\n PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS\n us matches findings with a ResourceRegion that starts with a value other than\n us .\nNOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are\njoined by AND . A finding matches only if it matches all of those filters. For\nexample, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS\nCloudWatch match a finding that excludes both CloudFront and CloudWatch in the\ntitle. You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the\nsame field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS\nor PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way\nreturns an error. CONTAINS filters can only be used with other CONTAINS\nfilters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.\nYou can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for\nthe same field. Security Hub first processes the PREFIX filters, and then the\nNOT_EQUALS or PREFIX_NOT_EQUALS filters. For example, for the following\nfilters, Security Hub first identifies findings that have resource types that\nstart with either AwsIam or AwsEc2 . It then excludes findings that have a\nresource type of AwsIamPolicy and findings that have a resource type of\nAwsEc2NetworkInterface .\n - ResourceType PREFIX AwsIam\n - ResourceType PREFIX AwsEc2\n - ResourceType NOT_EQUALS AwsIamPolicy\n - ResourceType NOT_EQUALS AwsEc2NetworkInterface\nCONTAINS and NOT_CONTAINS operators can be used only with automation rules. For\nmore information, see Automation rules (https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html)\nin the Security Hub User Guide." }, "Value": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The string filter value. Filter values are case sensitive. For example, the\nproduct name for control-based findings is Security Hub . If you provide\nsecurity hub as the filter value, there's no match." }, { "type": "null" @@ -3435,14 +3751,16 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "A string filter for filtering Security Hub findings." }, "TableOptions": { "properties": { "aws_accessanalyzer_analyzer_findings": { "oneOf": [ { - "$ref": "#/$defs/AccessAnalyzerFindings" + "$ref": "#/$defs/AccessAnalyzerFindings", + "description": "Override options for `aws_accessanalyzer_analyzer_findings` table." }, { "type": "null" @@ -3452,7 +3770,8 @@ "aws_cloudtrail_events": { "oneOf": [ { - "$ref": "#/$defs/CloudtrailEvents" + "$ref": "#/$defs/CloudtrailEvents", + "description": "Override options for `aws_cloudtrail_events` table." }, { "type": "null" @@ -3462,7 +3781,8 @@ "aws_alpha_cloudwatch_metrics": { "oneOf": [ { - "$ref": "#/$defs/CloudwatchMetrics" + "$ref": "#/$defs/CloudwatchMetrics", + "description": "Override options for `aws_alpha_cloudwatch_metrics` table." }, { "type": "null" @@ -3472,7 +3792,8 @@ "aws_alpha_costexplorer_cost_custom": { "oneOf": [ { - "$ref": "#/$defs/CostExplorerAPIs" + "$ref": "#/$defs/CostExplorerAPIs", + "description": "Override options for `aws_alpha_costexplorer_cost_custom` table." }, { "type": "null" @@ -3482,7 +3803,8 @@ "aws_ecs_cluster_tasks": { "oneOf": [ { - "$ref": "#/$defs/ECSTasks" + "$ref": "#/$defs/ECSTasks", + "description": "Override options for `aws_ecs_cluster_tasks` table." }, { "type": "null" @@ -3492,7 +3814,8 @@ "aws_inspector2_findings": { "oneOf": [ { - "$ref": "#/$defs/Inspector2Findings" + "$ref": "#/$defs/Inspector2Findings", + "description": "Override options for `aws_inspector2_findings` table." }, { "type": "null" @@ -3502,7 +3825,8 @@ "aws_securityhub_findings": { "oneOf": [ { - "$ref": "#/$defs/SecurityHubFindings" + "$ref": "#/$defs/SecurityHubFindings", + "description": "Override options for `aws_securityhub_findings` table." }, { "type": "null" @@ -3511,14 +3835,16 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "TableOptions allows users to override the default options for specific tables." }, "TagValues": { "properties": { "Key": { "oneOf": [ { - "type": "string" + "type": "string", + "description": "The key for the tag." }, { "type": "null" @@ -3531,7 +3857,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "The match options that you can use to filter your results. MatchOptions is only\napplicable for actions related to Cost Category. The default values for\nMatchOptions are EQUALS and CASE_SENSITIVE ." }, { "type": "null" @@ -3544,7 +3871,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "description": "The specific value of the tag." }, { "type": "null" @@ -3553,7 +3881,8 @@ } }, "additionalProperties": false, - "type": "object" + "type": "object", + "description": "The values that are available for a tag." } } } diff --git a/jsonschema/generate.go b/jsonschema/generate.go index 9459326..2ef56bb 100644 --- a/jsonschema/generate.go +++ b/jsonschema/generate.go @@ -11,8 +11,15 @@ import ( // Generate returns a formatted JSON schema for the input struct, according to the tags // defined by https://github.com/invopop/jsonschema -func Generate(a any) ([]byte, error) { - sc := (&jsonschema.Reflector{RequiredFromJSONSchemaTags: true, NullableFromType: true}).Reflect(a) +func Generate(a any, options ...Option) ([]byte, error) { + reflector := &jsonschema.Reflector{ + RequiredFromJSONSchemaTags: true, + NullableFromType: true, + } + for _, opt := range options { + opt(reflector) + } + sc := reflector.Reflect(a) if err := Sanitize(sc); err != nil { return nil, err } @@ -20,8 +27,8 @@ func Generate(a any) ([]byte, error) { return json.MarshalIndent(sc, "", " ") } -func GenerateIntoFile(a any, filePath string) { - data, err := Generate(a) +func GenerateIntoFile(a any, filePath string, options ...Option) { + data, err := Generate(a, options...) if err != nil { log.Fatalf("failed to generate JSON schema for %T", a) } diff --git a/jsonschema/options.go b/jsonschema/options.go new file mode 100644 index 0000000..bf92b18 --- /dev/null +++ b/jsonschema/options.go @@ -0,0 +1,14 @@ +package jsonschema + +import "github.com/invopop/jsonschema" + +type Option func(*jsonschema.Reflector) + +func WithAddGoComments(base, path string) Option { + return func(reflector *jsonschema.Reflector) { + err := reflector.AddGoComments(base, path) + if err != nil { + panic(err) + } + } +}