Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add table aws_organizations_organizational_unit and aws_organizations_root. closes #1674 #1677

Merged
merged 18 commits into from
Jan 15, 2024
Merged

Add table aws_organizations_organizational_unit and aws_organizations_root. closes #1674 #1677

merged 18 commits into from
Jan 15, 2024

Conversation

ParthaI
Copy link
Contributor

@ParthaI ParthaI commented Mar 30, 2023
edited
Loading

Integration test logs

Logs 
N/A

Example query results

Results 
> select * from aws_organizations_organizational_unit where parent_id = 'r-wxnb'
+--------------------------+------------------+----------------------------------------------------------------------+-----------+--------------------------+--------------------------------------------------------------------------+-----------+--------+--------------+->
| name                     | id               | arn                                                                  | parent_id | title                    | akas                                                                     | partition | region | account_id   | >
+--------------------------+------------------+----------------------------------------------------------------------+-----------+--------------------------+--------------------------------------------------------------------------+-----------+--------+--------------+->
| Jamal                    | ou-wxnb-05v0c1hg | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-05v0c1hg | r-wxnb    | Jamal                    | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-05v0c1hg"] | aws       | global | 210987654321 | >
| Turbot SaaS Dev          | ou-wxnb-m8l8tpaq | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-m8l8tpaq | r-wxnb    | Turbot SaaS Dev          | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-m8l8tpaq"] | aws       | global | 210987654321 | >
| Turbot SaaS Staging      | ou-wxnb-wofu2g1q | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-wofu2g1q | r-wxnb    | Turbot SaaS Staging      | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-wofu2g1q"] | aws       | global | 210987654321 | >
| Devgov                   | ou-wxnb-bijhomqq | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-bijhomqq | r-wxnb    | Devgov                   | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-bijhomqq"] | aws       | global | 210987654321 | >
| www                      | ou-wxnb-vch85tma | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-vch85tma | r-wxnb    | www                      | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-vch85tma"] | aws       | global | 210987654321 | >
| Rex                      | ou-wxnb-52uc2fbu | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-52uc2fbu | r-wxnb    | Rex                      | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-52uc2fbu"] | aws       | global | 210987654321 | >
| account creation testing | ou-wxnb-feyv7riq | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-feyv7riq | r-wxnb    | account creation testing | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-feyv7riq"] | aws       | global | 210987654321 | >
| Silverwater              | ou-wxnb-v66c90u3 | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-v66c90u3 | r-wxnb    | Silverwater              | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-v66c90u3"] | aws       | global | 210987654321 | >
| Personal Sandbox         | ou-wxnb-joldicj7 | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-joldicj7 | r-wxnb    | Personal Sandbox         | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-joldicj7"] | aws       | global | 210987654321 | >
| Turbot SaaS Prod         | ou-wxnb-5rbvg65u | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-5rbvg65u | r-wxnb    | Turbot SaaS Prod         | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-5rbvg65u"] | aws       | global | 210987654321 | >
+--------------------------+------------------+----------------------------------------------------------------------+-----------+--------------------------+--------------------------------------------------------------------------+-----------+--------+--------------+-


> select * from aws_organizations_organizational_unit where id = 'ou-wxnb-05v0c1hg'
+-------+------------------+----------------------------------------------------------------------+------------------+-------+--------------------------------------------------------------------------+-----------+--------+--------------+---------------------------+
| name  | id               | arn                                                                  | parent_id        | title | akas                                                                     | partition | region | account_id   | _ctx                      |
+-------+------------------+----------------------------------------------------------------------+------------------+-------+--------------------------------------------------------------------------+-----------+--------+--------------+---------------------------+
| Jamal | ou-wxnb-05v0c1hg | arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-05v0c1hg | ou-wxnb-05v0c1hg | Jamal | ["arn:aws:organizations::123456789012:ou/o-c3a5y4wd52/ou-wxnb-05v0c1hg"] | aws       | global | 210987654321 | {"connection_name":"aws"} |
+-------+------------------+----------------------------------------------------------------------+------------------+-------+--------------------------------------------------------------------------+-----------+--------+--------------+---------------------------+

@ParthaI ParthaI self-assigned this Mar 30, 2023
@ParthaI ParthaI marked this pull request as draft March 30, 2023 07:13
@ParthaI
Copy link
Contributor Author

ParthaI commented Mar 30, 2023

Hi @ajoga, We have added a new table aws_organizations_organizational_unit in this PR to address the issue. It would be very appreciated if you could give it a try and share your experience with us. Thanks!

@ParthaI ParthaI linked an issue Apr 3, 2023 that may be closed by this pull request
Add table aws_organizations_organizational_unit #1674
Closed
@ParthaI ParthaI requested a review from misraved April 4, 2023 10:19
@ParthaI ParthaI marked this pull request as ready for review April 4, 2023 10:19
@misraved
Copy link
Contributor

misraved commented Apr 5, 2023

@ParthaI could you please add a few more example queries in the table docs? Maybe you need to join it with other tables to reflect its usage.

@ajoga
Copy link

ajoga commented Apr 5, 2023

Hi @ParthaI, thank you for the swift addition. Unfortunately I do not have the rights to execute that particular API call to test this case :-(
This is very likely due to my circumstances rather than your implementation, so I can't give you feedback on this.

@ajoga
Copy link

ajoga commented Apr 5, 2023

Hi again @ParthaI, I'll elaborate on my limits as maybe this will impact #1675

I can call ListChildren that can yield either OUs or AWS accounts.

As I suggested the addition of that table so Steampipe can then link accounts back to OUs (which is, iirc, an information you can only have from the AWS organization account), maybe you would have an interest to use ListChildren rather than ListAccountsForParent?

I'm thinking out loud here and obviously biased toward using ListChildren rather than ListAccountsForParent, so feel free to not go this way.

ajoga
ajoga reviewed Apr 5, 2023
View reviewed changes
docs/tables/aws_organizations_organizational_unit.md Outdated

A container for accounts within a root. An OU also can contain other OUs, enabling you to create a hierarchy that resembles an upside-down tree, with a root at the top and branches of OUs that reach down, ending in accounts that are the leaves of the tree. When you attach a policy to one of the nodes in the hierarchy, it flows down and affects all the branches (OUs) and leaves (accounts) beneath it. An OU can have exactly one parent, and currently each account can be a member of exactly one OU.

**Note**: The `parent_id` is the required to make the API call. It is the unique identifier (ID) of the root or OU whose child OUs you want to list.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your second example in this ticket does not specify parent_id, how come it worked?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your second example in this ticket does not specify parent_id, how come it worked?

In the table definition we have two config one is List Config and another one is Get Config.
In List config we generally make list API call and in Get config we make the get API call.

Here we are using ListAccountsForParent API in the List config, for making the ListAccountsForParent API call we must need to pass the ParentId in param of this API call, so parent_id is required to make list API call.

In Get config we are using the DescribeOrganizationalUnit API call, for making this API call we must have to pass the OrganizationalUnitId, we do not need ParentId for this API call.

The Get API will be called if we are providing id as query parameter, so in second example we need to pass the parent_id.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it for the logic underneath ; may I suggest a working like this?

Suggested change
**Note**: The `parent_id` is the required to make the API call. It is the unique identifier (ID) of the root or OU whose child OUs you want to list.
You **_must_** specify a single `parent_id` or `id` in a where or join clause in order to use this table.

I found similar wording/format for aws_route53_record, aws_iam_access_advisor, aws_cloudtrail_trail_event and others

Also from a user perspective I find it odd that we can't have the listing without a parent_id, but looking at API reference it looks tricky to get the root id reliably...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah @ajoga, this looks better, will push the changes. Thanks!

@ParthaI
Copy link
Contributor Author

ParthaI commented Apr 5, 2023

Hi again @ParthaI, I'll elaborate on my limits as maybe this will impact #1675

I can call ListChildren that can yield either OUs or AWS accounts.

As I suggested the addition of that table so Steampipe can then link accounts back to OUs (which is, iirc, an information you can only have from the AWS organization account), maybe you would have an interest to use ListChildren rather than ListAccountsForParent?

I'm thinking out loud here and obviously biased toward using ListChildren rather than ListAccountsForParent, so feel free to not go this way.

@ajoga Thanks for the suggestion will play around those APIs and will let you know. Thanks again.

@github-actions
Copy link

github-actions bot commented Jun 4, 2023

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the stale No recent activity has been detected on this issue/PR and it will be closed label Jun 4, 2023
@misraved misraved removed the stale No recent activity has been detected on this issue/PR and it will be closed label Jun 5, 2023
@github-actions
Copy link

github-actions bot commented Aug 4, 2023

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the stale No recent activity has been detected on this issue/PR and it will be closed label Aug 4, 2023
@github-actions
Copy link

github-actions bot commented Sep 3, 2023

This PR was closed because it has been stalled for 90 days with no activity.

@github-actions github-actions bot closed this Sep 3, 2023
@misraved misraved reopened this Sep 4, 2023
@misraved misraved removed the stale No recent activity has been detected on this issue/PR and it will be closed label Sep 4, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 3, 2023

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the stale No recent activity has been detected on this issue/PR and it will be closed label Nov 3, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 3, 2023

This PR was closed because it has been stalled for 90 days with no activity.

@github-actions github-actions bot closed this Dec 3, 2023
@misraved misraved reopened this Dec 4, 2023
@github-actions github-actions bot removed the stale No recent activity has been detected on this issue/PR and it will be closed label Dec 4, 2023
@ParthaI ParthaI marked this pull request as draft December 22, 2023 05:18
@ParthaI
Merge branch 'main' of github.com:turbot/steampipe-plugin-aws into is…
a296915 
…sue-1674
@ParthaI
Updated the table aws_organizations_account by adding an optional qua…
14cc4db 
…l parent_id. And now this table can be join with the table aws_organizations_organizational_unit
@ParthaI ParthaI mentioned this pull request Dec 22, 2023
Closed
@bigdatasourav bigdatasourav marked this pull request as ready for review January 10, 2024 15:01
@bigdatasourav bigdatasourav changed the title Add table aws_organizations_organizational_unit. closes #1674 Add table aws_organizations_organizational_unit and aws_organizations_root. closes #1674 Jan 10, 2024
madhushreeray30
madhushreeray30 reviewed Jan 15, 2024
View reviewed changes
docs/tables/aws_organizations_organizational_unit.md Outdated

### Select organizational units with a path that matches a specific pattern

```sql
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add queries for both postgres and sqlite

@madhushreeray30 madhushreeray30 merged commit 2784950 into main Jan 15, 2024
1 check passed
@madhushreeray30 madhushreeray30 deleted the issue-1674 branch January 15, 2024 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajoga ajoga ajoga left review comments

@madhushreeray30 madhushreeray30 madhushreeray30 approved these changes

@misraved misraved Awaiting requested review from misraved

Assignees

@ParthaI ParthaI

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add table aws_organizations_organizational_unit
5 participants
@ParthaI @misraved @ajoga @madhushreeray30 @bigdatasourav