fixes

docs/tables/aws_shield_protection_groups.md

@@ -5,6 +5,8 @@ A grouping of protected resources that you and Shield Advanced can monitor as a
 | Name        | Type           | Description  |
 | ------------- | ------------- | -----  |
 |account_id|text|The AWS Account ID of the resource.|
+|resources|text[]||
+|tags|jsonb||
 |aggregation|text|Defines how Shield combines resource data for the group in order to detect, mitigate, and report events  * Sum - Use the total traffic across the group This is a good choice for most cases|
 |members|text[]|The Amazon Resource Names (ARNs) of the resources to include in the protection group|
 |pattern|text|The criteria to use to choose the protected resources for inclusion in the group|

resources/provider/migrations/postgres/29_v0.11.3.down.sql

@@ -30,4 +30,4 @@ DROP TABLE IF EXISTS aws_shield_protections;
 DROP TABLE IF EXISTS aws_shield_protection_groups;
 
 -- Resource: shield.subscriptions
-DROP TABLE IF EXISTS aws_shield_subscriptions;
+DROP TABLE IF EXISTS aws_shield_subscriptions;

resources/provider/migrations/postgres/29_v0.11.3.up.sql

@@ -105,6 +105,7 @@ CREATE TABLE IF NOT EXISTS "aws_shield_protection_groups" (
     "id" text,
     "arn" text,
     "resource_type" text,
+    "tags" jsonb,
     CONSTRAINT aws_shield_protection_groups_pk PRIMARY KEY (arn),
     UNIQUE (cq_id)
 );
@@ -127,4 +128,3 @@ CREATE TABLE IF NOT EXISTS "aws_shield_subscriptions" (
     CONSTRAINT aws_shield_subscriptions_pk PRIMARY KEY (arn),
     UNIQUE (cq_id)
 );
-

resources/provider/migrations/timescale/29_v0.11.3.up.sql

@@ -114,6 +114,7 @@ CREATE TABLE IF NOT EXISTS "aws_shield_protection_groups" (
     "id" text,
     "arn" text,
     "resource_type" text,
+    "tags" jsonb,
     CONSTRAINT aws_shield_protection_groups_pk PRIMARY KEY (cq_fetch_date, arn),
     UNIQUE (cq_fetch_date, cq_id)
 );

resources/provider/provider.go

@@ -3,8 +3,6 @@ package provider
 import (
 	"embed"
 
-	"github.com/cloudquery/cq-provider-aws/resources/services/shield"
-
 	"github.com/cloudquery/cq-provider-sdk/provider"
 	"github.com/cloudquery/cq-provider-sdk/provider/module"
 	"github.com/cloudquery/cq-provider-sdk/provider/schema"
@@ -55,6 +53,7 @@ import (
 	"github.com/cloudquery/cq-provider-aws/resources/services/s3"
 	"github.com/cloudquery/cq-provider-aws/resources/services/sagemaker"
 	"github.com/cloudquery/cq-provider-aws/resources/services/secretsmanager"
+	"github.com/cloudquery/cq-provider-aws/resources/services/shield"
 	"github.com/cloudquery/cq-provider-aws/resources/services/sns"
 	"github.com/cloudquery/cq-provider-aws/resources/services/sqs"
 	"github.com/cloudquery/cq-provider-aws/resources/services/ssm"

resources/services/shield/gen.hcl

@@ -96,7 +96,7 @@ resource "aws" "shield" "subscriptions" {
   }
 
   column "protection_group_limits_pattern_type_limitsprotection_group_limits_arbitrary_pattern_limits_max_members" {
-    rename = "protection_group_limits_arbitrary_pattern_limits_max_members"
+    rename            = "protection_group_limits_arbitrary_pattern_limits_max_members"
     type              = "int"
     generate_resolver = true
   }
@@ -107,7 +107,6 @@ resource "aws" "shield" "subscriptions" {
   }
 
 
-
   column "time_commitment_in_seconds" {
     type              = "int"
     generate_resolver = true
@@ -203,4 +202,9 @@ resource "aws" "shield" "protection_groups" {
   column "protection_group_arn" {
     rename = "arn"
   }
+
+  userDefinedColumn "tags" {
+    type              = "json"
+    generate_resolver = true
+  }
 }

resources/services/shield/protection_groups.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/shield"
+	"github.com/aws/aws-sdk-go-v2/service/shield/types"
 	"github.com/cloudquery/cq-provider-aws/client"
 	"github.com/cloudquery/cq-provider-sdk/provider/diag"
 	"github.com/cloudquery/cq-provider-sdk/provider/schema"
@@ -28,6 +29,11 @@ func ProtectionGroups() *schema.Table {
 				Type:        schema.TypeString,
 				Resolver:    client.ResolveAWSAccount,
 			},
+			{
+				Name:     "tags",
+				Type:     schema.TypeJSON,
+				Resolver: ResolveShieldProtectionGroupTags,
+			},
 			{
 				Name:        "aggregation",
 				Description: "Defines how Shield combines resource data for the group in order to detect, mitigate, and report events  * Sum - Use the total traffic across the group This is a good choice for most cases",
@@ -88,3 +94,24 @@ func fetchShieldProtectionGroups(ctx context.Context, meta schema.ClientMeta, pa
 	}
 	return nil
 }
+func ResolveShieldProtectionGroupTags(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error {
+	r := resource.Item.(types.ProtectionGroup)
+	cli := meta.(*client.Client)
+	svc := cli.Services().Shield
+	config := shield.ListTagsForResourceInput{ResourceARN: r.ProtectionGroupArn}
+
+	output, err := svc.ListTagsForResource(ctx, &config, func(o *shield.Options) {
+		o.Region = cli.Region
+	})
+	if err != nil {
+		if cli.IsNotFoundError(err) {
+			return nil
+		}
+		return diag.WrapError(err)
+	}
+
+	tags := map[string]string{}
+	client.TagsIntoMap(output.Tags, tags)
+
+	return resource.Set(c.Name, tags)
+}

resources/services/shield/protection_groups_mock_test.go

@@ -20,6 +20,13 @@ func buildProtectionGroups(t *testing.T, ctrl *gomock.Controller) client.Service
 	pp.NextToken = nil
 	m.EXPECT().ListProtectionGroups(gomock.Any(), gomock.Any(), gomock.Any()).Return(&pp, nil)
 
+	tags := shield.ListTagsForResourceOutput{}
+	err = faker.FakeData(&tags)
+	if err != nil {
+		t.Fatal(err)
+	}
+	m.EXPECT().ListTagsForResource(gomock.Any(), gomock.Any(), gomock.Any()).Return(&tags, nil)
+
 	return client.Services{
 		Shield: m,
 	}