various bug fixes

.python/common.py

@@ -867,9 +867,9 @@ def write_import(type,theid,tfid):
       ## todo -  if theid starts with a number or is an od (but what if its hexdecimal  ?)
 
       if tfid is None:
-            tfid=theid.replace("/","_").replace(".","_").replace(":","_").replace("|","_").replace("$","_").replace(",","_").replace("&","_").replace("#","_").replace("[","_").replace("]","_")
+            tfid=theid.replace("/","_").replace(".","_").replace(":","_").replace("|","_").replace("$","_").replace(",","_").replace("&","_").replace("#","_").replace("[","_").replace("]","_").replace("=","_")
       else:
-            tfid=tfid.replace("/", "_").replace(".", "_").replace(":", "_").replace("|", "_").replace("$", "_").replace(",","_").replace("&","_").replace("#","_").replace("[","_").replace("]","_")
+            tfid=tfid.replace("/", "_").replace(".", "_").replace(":", "_").replace("|", "_").replace("$", "_").replace(",","_").replace("&","_").replace("#","_").replace("[","_").replace("]","_").replace("=","_")
 
          #catch tfid starts with number
       if tfid[:1].isdigit(): tfid="r-"+tfid

.python/fixtf.py

@@ -614,13 +614,11 @@ def deref_array(t1,tt1,tt2,ttft,prefix,skip):
 
 
 def deref_role_arn(t1,tt1,tt2):
-
     if ":role/aws-service-role" in tt2:	t1=globals_replace(t1,tt1,tt2)
-
     elif ":role/" in tt2:
         if tt2.endswith("*"): return t1
+        if tt2.startswith("arn:"): tt2=tt2.split('/')[-1]
         if tt2 in globals.rolelist:
-            tt2=tt2.split('/')[-1]
             t1=tt1 + " = aws_iam_role." + tt2 + ".arn\n"
             common.add_dependancy("aws_iam_role",tt2)
     return t1

.python/fixtf_aws_resources/aws_common.py

@@ -20,7 +20,7 @@ def check_key(keyid):
 			return True
 		else:
 			print("WARNING: key is not valid or is managed by AWS")
-			print(str(kresp))
+			#print(str(kresp))
 			return False
 	except Exception as e:
 		print("WARNING: can't access key",keyid)
@@ -176,20 +176,14 @@ def aws_common(type,t1,tt1,tt2,flag1,flag2):
             or tt1=="source_arn" or tt1 == "cloudwatch_role_arn" or tt1=="service_linked_role_arn" \
             or tt1=="cloud_watch_logs_role_arn" or "_role_arn" in tt1:
                 # deref_role_arn - checks ":role/" is in the arn
-                print("------defref_role_arn >>>>>>", tt2)
                 t1=fixtf.deref_role_arn(t1,tt1,tt2)
 
-
-
         elif tt1=="target_group_arn" and tt2 != "null":
             tgarn=tt2
             tt2=tt2.replace("/","_").replace(".","_").replace(":","_")
             t1 = tt1 + " = aws_lb_target_group."+tt2+".arn\n"
             common.add_dependancy("aws_lb_target_group",tgarn)
 
-
-
-
         ## generic arn processing note also pass type - may not get them all
         #elif "arn:" in tt2:   t1=fixtf.generic_deref_arn(t1, tt1, tt2)
 

.python/fixtf_aws_resources/aws_not_implemented.py

@@ -103,7 +103,7 @@
     "aws_connect_user_hierarchy_structure": True,
     "aws_connect_contact_flow_module": True,
     #"aws_connect_quick_connect": True,
-    "aws_connect_vocabulary": True,
+    #"aws_connect_vocabulary": True,
     #
     "aws_controltower_control": True,
     #

.python/fixtf_aws_resources/fixtf_apprunner.py

@@ -1,3 +1,4 @@
+import globals
 def aws_apprunner_auto_scaling_configuration_version(t1,tt1,tt2,flag1,flag2):
 	skip=0
 	return skip,t1,flag1,flag2
@@ -20,6 +21,14 @@ def aws_apprunner_observability_configuration(t1,tt1,tt2,flag1,flag2):
 
 def aws_apprunner_service(t1,tt1,tt2,flag1,flag2):
 	skip=0
+	if tt1=="auto_scaling_configuration_arn":
+		if "autoscalingconfiguration/DefaultConfiguration/1" in tt2: skip=1
+	if tt1=="image_identifier":
+		print(tt2)
+		if tt2.startswith(globals.acc) and globals.region in tt2:
+			backend=tt2.split("/")[-1]
+			t1=tt1 + " = format(\"%s.dkr.ecr.%s.amazonaws.com/%s\",data.aws_caller_identity.current.account_id,data.aws_region.current.name,\""+backend+"\")\n"
+
 	return skip,t1,flag1,flag2
 
 def aws_apprunner_vpc_connector(t1,tt1,tt2,flag1,flag2):

.python/fixtf_aws_resources/fixtf_secretsmanager.py

@@ -32,6 +32,8 @@ def aws_secretsmanager_secret_version(t1,tt1,tt2,flag1,flag2):
                 client = boto3.client('secretsmanager')
                 response = client.get_secret_value(SecretId=globals.secid,VersionId=globals.secvid)
                 sv=response['SecretString']
+                if '""""' in sv:
+                    sv=sv.replace('""""', '""')
                 t1 = tt1 + " = jsonencode("+sv+")\n"
         if tt1 == "secret_binary": 
             t1="\n lifecycle {\n   ignore_changes = [secret_binary,secret_string]\n}\n"

.python/get_aws_resources/aws_ec2.py

@@ -975,7 +975,7 @@ def get_aws_vpc_endpoint(type, id, clfn, descfn, topkey, key, filterid):
     try:
         response = []
         client = boto3.client(clfn)
-        pkey=type+"."+id
+
         if id is None:
             paginator = client.get_paginator(descfn)
             for page in paginator.paginate():

.python/get_aws_resources/aws_glue.py

@@ -28,13 +28,19 @@ def get_aws_glue_catalog_database(type, id, clfn, descfn, topkey, key, filterid)
         else: 
             if ":" in id:   id =id.split(":")[1]    
             response = client.get_database(Name=id)
-            if response == []: print("Empty response for "+type+ " id="+str(id)+" returning"); return True
+            if response == []: 
+                print("Empty response for "+type+ " id="+str(id)+" returning")
+                gkey="aws_glue_catalog_table."+pkey
+                globals.rproc[gkey]=True
+                return True
             j=response['Database']
             pkey=globals.acc+":"+j[key]
             tfid="d-"+pkey.replace(":","__")
             common.write_import(type,pkey,tfid)
             #print("KD add aws_glue_catalog_table "+pkey)
             common.add_dependancy("aws_glue_catalog_table",pkey)
+            gkey="aws_glue_catalog_table."+pkey
+            globals.rproc[gkey]=True
 
 
     except Exception as e:

.python/get_aws_resources/aws_kms.py

@@ -65,7 +65,7 @@ def get_aws_kms_key(type,id,clfn,descfn,topkey,key,filterid):
                         common.add_dependancy("aws_kms_alias","k-"+theid)
                     else:
                         print("WARNING: key is not enabled or is managed by AWS")
-                        print(str(kresp))
+                        #print(str(kresp))
                         continue
                 except Exception as e:
                     print("WARNING: can't access key",theid)

.python/get_aws_resources/aws_sns.py

@@ -37,18 +37,22 @@ def get_aws_sns_topic_policy(type, id, clfn, descfn, topkey, key, filterid):
         print("--> In "+str(inspect.currentframe().f_code.co_name)+" doing " + type + ' with id ' + str(id) +
               " clfn="+clfn+" descfn="+descfn+" topkey="+topkey+" key="+key+" filterid="+filterid)
     try:
-
         response = []
         client = boto3.client(clfn)
         if id is None:
             print("WARNING: Must pass TopicARN as parameter")
             return True
 
         else:
-
             response = client.get_topic_attributes(TopicArn=id)
-            if response == []: print("Empty response for "+type+ " id="+str(id)+" returning"); return True
+            if response == []: 
+                print("Empty response for "+type+ " id="+str(id)+" returning"); 
+                pkey="aws_sns_topic_policy."+id
+                globals.rproc[pkey]=True
+                return True
             common.write_import(type,id,None)
+            pkey="aws_sns_topic_policy."+id
+            globals.rproc[pkey]=True
 
     except Exception as e:
         common.handle_error(e,str(inspect.currentframe().f_code.co_name),clfn,descfn,topkey,id)

.python/resources.py

@@ -9,6 +9,7 @@ def resource_types(type):
     elif type == "acm": rets=["aws_acm_certificate"]; return rets # ACM Certificates
     elif type == "api" or type == "apigw": rets = ["aws_api_gateway_rest_api"]; return rets # API Gateway and dependancies
     elif type == "appmesh": rets=["aws_appmesh_mesh"]; return rets # App Mesh and depandancies
+    elif type == "apprunner": rets=["aws_apprunner_service"]; return rets # App Mesh and depandancies
     elif type == "appstream": rets=["aws_appstream_image_builder","aws_appstream_stack","aws_appstream_fleet","aws_appstream_user"]; return rets # Appstream fleet, users etc.
     elif type == "artifact": rets=["aws_codeartifact_domain","aws_codeartifact_repository"]; return rets # Code Artifact
     elif type == "athena": rets=["aws_athena_named_query","aws_athena_data_catalog"]; return rets # Athena Resources

aws2tf.py

@@ -8,6 +8,7 @@
 import sys
 import shutil
 import datetime
+import json
 
 
 sys.path.insert(0, './.python')
@@ -71,6 +72,8 @@ def build_lists():
     response=[]
     paginator = client.get_paginator('list_roles')
     for page in paginator.paginate(): response = response + page['Roles']
+    with open('imported/roles.json', 'w') as f: json.dump(response, f, indent=2,default=str)
+
     for j in response: globals.rolelist[j['RoleName']]=True
     response=[]
     #if globals.debug: print(str(globals.vpclist))