Add table oci_identity_db_credential Closes #594

docs/tables/oci_identity_db_credential.md

@@ -0,0 +1,102 @@
+---
+title: "Steampipe Table: oci_identity_db_credential - Query OCI Identity DB Credential using SQL"
+description: "Allows users to query information about users DB credential in OCI Identity."
+---
+
+# Table: oci_identity_db_credential - Query OCI Identity Users using SQL
+
+Oracle Cloud Infrastructure's Identity and Access Management (IAM) service lets you control who has access to your cloud resources. Identity DB credentials refer to the authentication details used to access Oracle databases securely within the Oracle Cloud Infrastructure. These credentials are part of the Oracle Cloud Infrastructure Identity and Access Management (IAM) service, which manages users, groups, and policies that control access to OCI resources. In the context of databases, these credentials
+
+## Table Usage Guide
+
+The `oci_identity_db_credential` table provides insights into users within OCI Identity and Access Management (IAM). As a security administrator, explore user-specific DB credential details through this table, including user ID, name, description, and associated metadata. Utilize it to uncover information about DB credential, such as their state, time of creation, time of expiration, and tenant ID.
+
+## Examples
+
+### Basic info
+Discover the segments that highlight DB credential details. This allows for better management and oversight of DB credential lifecycle state create time, expire time.
+
+```sql+postgres
+select
+  name,
+  id,
+  user_id,
+  description,
+  time_created,
+  lifecycle_state,
+  time_expires
+from
+  oci_identity_db_credential;
+```
+
+```sql+sqlite
+select
+  name,
+  id,
+  user_id,
+  description,
+  time_created,
+  lifecycle_state,
+  time_expires
+from
+  oci_identity_db_credential;
+```
+
+###  List Oracle Identity Cloud Service(IDCS) users
+Explore which users in the Oracle Identity Cloud Service have multi-factor authentication activated. This is beneficial to ensure security protocols are being followed within your organization.
+
+```sql+postgres
+select
+  c.user_id,
+  c.db_credential_id,
+  u.user_type,
+  u.is_mfa_activated,
+  u.email
+from
+  oci_identity_db_credential as c,
+  oci_identity_user as u
+where
+  c.user_id = u.user_id
+  and user_type = 'IDCS';
+```
+
+```sql+sqlite
+select
+  c.user_id,
+  c.db_credential_id,
+  u.user_type,
+  u.is_mfa_activated,
+  u.email
+from
+  oci_identity_db_credential as c
+  join oci_identity_user as u on c.user_id = u.user_id
+where
+  u.user_type = 'IDCS';
+```
+
+### List credentials that are set to expire within the next 10 days
+Useful for system administrators, security teams, and compliance officers in managing and maintaining the health and security of their OCI (Oracle Cloud Infrastructure) environment.
+
+```sql+postgres
+select
+  id,
+  user_id,
+  time_created,
+  time_expires
+from
+  oci_identity_db_credential
+where
+  time_expires >= now() - interval '10' day;
+```
+
+```sql+sqlite
+select
+  id,
+  user_id,
+  time_created,
+  time_expires
+from
+  oci_identity_db_credential
+where
+  time_expires >= datetime('now', '-10 days');
+```

oci-test/tests/oci_identity_db_credential/test-list-expected.json

@@ -0,0 +1,8 @@
+[
+  {
+    "description": "{{ output.description.value }}",
+    "id": "{{ output.credential_id.value }}",
+    "lifecycle_state": "{{ output.lifecycle_state.value }}",
+    "user_id": "{{ output.user_id.value }}"
+  }
+]

oci-test/tests/oci_identity_db_credential/test-list-query.sql

@@ -0,0 +1,3 @@
+select user_id, id, lifecycle_state, description
+from oci.oci_identity_db_credential
+where user_id = '{{ output.user_id.value }}';

oci-test/tests/oci_identity_db_credential/test-not-found-expected.json

@@ -0,0 +1 @@
+[]

oci-test/tests/oci_identity_db_credential/test-not-found-query.sql

@@ -0,0 +1,3 @@
+select title, tenant_id
+from oci.oci_identity_db_credential
+where user_id = 'ddd{{ output.user_id.value }}';

oci-test/tests/oci_identity_db_credential/test-turbot-expected.json

@@ -0,0 +1,6 @@
+[
+  {
+    "tenant_id": "{{ output.tenancy_ocid.value }}",
+    "title": "{{ output.credential_id.value }}"
+  }
+]

oci-test/tests/oci_identity_db_credential/test-turbot-query.sql

@@ -0,0 +1,3 @@
+select title, tenant_id
+from oci.oci_identity_db_credential
+where user_id = '{{ output.user_id.value }}';

oci-test/tests/oci_identity_db_credential/variables.tf

@@ -0,0 +1,63 @@
+variable "resource_name" {
+  type        = string
+  default     = "turbot-test-20200125-create-update"
+  description = "Name of the resource used throughout the test."
+}
+
+variable "config_file_profile" {
+  type        = string
+  default     = "DEFAULT"
+  description = "OCI credentials profile used for the test. Default is to use the default profile."
+}
+
+variable "tenancy_ocid" {
+  type        = string
+  default     = ""
+  description = "OCI credentials profile used for the test. Default is to use the default profile."
+}
+
+variable "region" {
+  type        = string
+  default     = "ap-mumbai-1"
+  description = "OCI region used for the test. Does not work with default region in config, so must be defined here."
+}
+
+provider "oci" {
+  tenancy_ocid        = var.tenancy_ocid
+  config_file_profile = var.config_file_profile
+  region              = var.region
+}
+
+resource "oci_identity_user" "named_test_resource" {
+  compartment_id = var.tenancy_ocid
+  description    = var.resource_name
+  name           = var.resource_name
+}
+
+resource "oci_identity_db_credential" "named_test_resource" {
+    #Required
+    description = "testing"
+    password = "TurbotKolkata@123"
+    user_id = oci_identity_user.named_test_resource.id
+}
+
+output "tenancy_ocid" {
+  value = var.tenancy_ocid
+}
+
+output "user_id" {
+  value = oci_identity_db_credential.named_test_resource.user_id
+}
+
+output "credential_id" {
+  value = split("dbCredentials/",oci_identity_db_credential.named_test_resource.id)[1]
+}
+
+output "lifecycle_state" {
+  value = oci_identity_db_credential.named_test_resource.state
+}
+
+output "description" {
+  value = oci_identity_db_credential.named_test_resource.description
+}
+

oci/plugin.go

@@ -135,6 +135,7 @@ func Plugin(ctx context.Context) *plugin.Plugin {
 			"oci_identity_availability_domain":                             tableIdentityAvailabilityDomain(ctx),
 			"oci_identity_compartment":                                     tableIdentityCompartment(ctx),
 			"oci_identity_customer_secret_key":                             tableIdentityCustomerSecretKey(ctx),
+			"oci_identity_db_credential":                                   tableIdentityDBCredential(ctx),
 			"oci_identity_domain":                                          tableIdentityDomain(ctx),
 			"oci_identity_dynamic_group":                                   tableIdentityDynamicGroup(ctx),
 			"oci_identity_group":                                           tableIdentityGroup(ctx),

oci/table_oci_identity_db_credential.go

@@ -0,0 +1,157 @@
+package oci
+
+import (
+	"context"
+
+	"github.com/oracle/oci-go-sdk/v65/common"
+	"github.com/oracle/oci-go-sdk/v65/identity"
+	"github.com/turbot/go-kit/types"
+	"github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto"
+	"github.com/turbot/steampipe-plugin-sdk/v5/plugin"
+	"github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform"
+)
+
+//// TABLE DEFINITION
+
+func tableIdentityDBCredential(_ context.Context) *plugin.Table {
+	return &plugin.Table{
+		Name:        "oci_identity_db_credential",
+		Description: "OCI Identity DB Credential",
+		Get: &plugin.GetConfig{
+			KeyColumns: plugin.SingleColumn("id"),
+			Hydrate:    getDomain,
+		},
+		List: &plugin.ListConfig{
+			ParentHydrate: listUsers,
+			Hydrate:       listIdentityDBCredentials,
+			KeyColumns: []*plugin.KeyColumn{
+				{
+					Name:    "lifecycle_state",
+					Require: plugin.Optional,
+				},
+				{
+					Name:    "user_id",
+					Require: plugin.Optional,
+				},
+			},
+		},
+		Columns: commonColumnsForAllResource([]*plugin.Column{
+			{
+				Name:        "id",
+				Description: "The OCID of the DB credential.",
+				Type:        proto.ColumnType_STRING,
+				Transform:   transform.FromCamel(),
+			},
+			{
+				Name:        "user_id",
+				Description: "The OCID of the user the DB credential belongs to.",
+				Type:        proto.ColumnType_STRING,
+				Transform:   transform.FromCamel(),
+			},
+			{
+				Name:        "description",
+				Description: "The description you assign to the DB credential. Does not have to be unique, and it's changeable.",
+				Type:        proto.ColumnType_STRING,
+			},
+			{
+				Name:        "time_created",
+				Description: "Date and time the DbCredential object was created, in the format defined by RFC3339.",
+				Type:        proto.ColumnType_TIMESTAMP,
+				Transform:   transform.FromField("TimeCreated.Time"),
+			},
+			{
+				Name:        "time_expires",
+				Description: "Date and time when this credential will expire, in the format defined by RFC3339.",
+				Type:        proto.ColumnType_TIMESTAMP,
+				Transform:   transform.FromField("TimeCreated.Time").Transform(transform.NullIfZeroValue),
+			},
+			{
+				Name:        "lifecycle_state",
+				Description: "The credential's current state.",
+				Type:        proto.ColumnType_STRING,
+			},
+			// Standard Steampipe columns
+			{
+				Name:        "title",
+				Description: ColumnDescriptionTitle,
+				Type:        proto.ColumnType_STRING,
+				Transform:   transform.FromField("Id"),
+			},
+
+			// Standard OCI columns
+			{
+				Name:        "tenant_id",
+				Description: ColumnDescriptionTenantId,
+				Type:        proto.ColumnType_STRING,
+				Hydrate:     plugin.HydrateFunc(getTenantId).WithCache(),
+				Transform:   transform.FromValue(),
+			},
+		}),
+	}
+}
+
+//// LIST FUNCTION
+
+func listIdentityDBCredentials(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) {
+	equalQuals := d.EqualsQuals
+	user := h.Item.(identity.User)
+
+	// Minimize API call with given User ID.
+	if d.EqualsQualString("user_id") != "" && d.EqualsQualString("user_id") != *user.Id {
+		return nil, nil
+	}
+
+	// Create Session
+	session, err := identityService(ctx, d)
+	if err != nil {
+		plugin.Logger(ctx).Error("oci_identity_db_credential.listIdentityDBCredentials", "session_error", err)
+		return nil, err
+	}
+
+	// The OCID of the tenancy containing the compartment.
+	request := identity.ListDbCredentialsRequest{
+		UserId: user.Id,
+		Limit:  types.Int(1000),
+		RequestMetadata: common.RequestMetadata{
+			RetryPolicy: getDefaultRetryPolicy(d.Connection),
+		},
+	}
+
+	// Check for additional filters
+	if equalQuals["lifecycle_state"] != nil {
+		lifecycleState := d.EqualsQualString("lifecycle_state")
+		request.LifecycleState = identity.DbCredentialLifecycleStateEnum(lifecycleState)
+	}
+
+	limit := d.QueryContext.Limit
+	if d.QueryContext.Limit != nil {
+		if *limit < int64(*request.Limit) {
+			request.Limit = types.Int(int(*limit))
+		}
+	}
+
+	pagesLeft := true
+	for pagesLeft {
+		response, err := session.IdentityClient.ListDbCredentials(ctx, request)
+		if err != nil {
+			plugin.Logger(ctx).Error("oci_identity_db_credential.listIdentityDBCredentials", "api_error", err)
+			return nil, err
+		}
+
+		for _, credential := range response.Items {
+			d.StreamListItem(ctx, credential)
+
+			// Context can be cancelled due to manual cancellation or the limit has been hit
+			if d.RowsRemaining(ctx) == 0 {
+				return nil, nil
+			}
+		}
+		if response.OpcNextPage != nil {
+			request.Page = response.OpcNextPage
+		} else {
+			pagesLeft = false
+		}
+	}
+
+	return nil, err
+}