detect aws configurations (#970)

* detect aws configurations

* update effort score

---------

Co-authored-by: kaiqianyang <kaiqianyang@microsoftcom>
Co-authored-by: PhilipCattanach <31246010+PhilipCattanach@users.noreply.github.com>

rules/rules-reviewed/azure/azure-aws-config.windup.xml

@@ -0,0 +1,111 @@
+<?xml version="1.0"?>
+<ruleset id="azure-aws-config"
+         xmlns="http://windup.jboss.org/schema/jboss-ruleset"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://windup.jboss.org/schema/jboss-ruleset http://windup.jboss.org/schema/jboss-ruleset/windup-jboss-ruleset.xsd">
+    <metadata>
+        <description>
+            Check AWS related configurations.
+        </description>
+        <dependencies>
+            <addon id="org.jboss.windup.rules,windup-rules-xml,3.0.0.Final" />
+        </dependencies>
+        <sourceTechnology id="springboot"/>
+        <sourceTechnology id="eap" versionRange="[7,8)" />
+        <targetTechnology id="azure-spring-apps"/>
+        <targetTechnology id="azure-appservice"/>
+        <targetTechnology id="azure-aks"/>
+        <targetTechnology id="azure-container-apps"/>
+        <tag>AWS</tag>
+    </metadata>
+    <rules>
+        <rule id="azure-aws-config-credential-01000">
+            <when>
+                <or>
+                    <filecontent pattern="aws_access_key_id"/>
+                    <filecontent pattern="aws_secret_access_key"/>
+                    <filecontent pattern="aws.credentials"/>
+                </or>
+            </when>
+            <perform>
+                <hint title="AWS credential configuration" category-id="potential" effort="1">
+                    <message>
+                        <![CDATA[
+                            The application contains AWS credential configuration.
+                        ]]>
+                    </message>
+                </hint>
+            </perform>
+        </rule>
+        <rule id="azure-aws-config-region-02000">
+            <when>
+                <or>
+                    <filecontent pattern="aws.region"/>
+                    <filecontent pattern="AWS_REGION"/>
+                    <filecontent pattern="AWSRegion"/>
+                </or>
+            </when>
+            <perform>
+                <hint title="AWS region configuration" category-id="potential" effort="1">
+                    <message>
+                        <![CDATA[
+                            The application contains AWS region configuration.
+                        ]]>
+                    </message>
+                </hint>
+            </perform>
+        </rule>
+        <rule id="azure-aws-config-s3-03000">
+            <when>
+                <or>
+                    <filecontent pattern="aws.s3"/>
+                </or>
+            </when>
+            <perform>
+                <hint title="AWS S3 configuration" category-id="potential" effort="1">
+                    <message>
+                        <![CDATA[
+                            The application contains AWS S3 configuration.
+                            Consider using Azure Blob Storage instead.
+                        ]]>
+                    </message>
+                </hint>
+            </perform>
+        </rule>
+        <rule id="azure-aws-config-sqs-04000">
+            <when>
+                <or>
+                    <filecontent pattern="aws.sqs"/>
+                </or>
+            </when>
+            <perform>
+                <hint title="Amazon Simple Queue Service configuration" category-id="potential" effort="1">
+                    <message>
+                        <![CDATA[
+                            The application contains Amazon Simple Queue Service configuration.
+                            Consider using Azure Service Bus instead.
+                        ]]>
+                    </message>
+                </hint>
+            </perform>
+        </rule>
+        <rule id="azure-aws-config-secret-manager-05000">
+            <when>
+                <or>
+                <filecontent pattern="aws.secretsmanager"/>
+                <filecontent pattern="aws-secretsmanager"/>
+                </or>
+            </when>
+            <perform>
+                <hint title="AWS Secrets Manager configuration" category-id="potential" effort="1">
+                    <message>
+                        <![CDATA[
+                            The application contains AWS Secrets Manager configuration.
+                            Consider using Azure Key Vault instead.
+                        ]]>
+                    </message>
+                </hint>
+            </perform>
+        </rule>
+    </rules>
+</ruleset>

rules/rules-reviewed/azure/tests/azure-aws-config.windup.test.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0"?>
+<ruletest id="azure-aws-config-test" xmlns="http://windup.jboss.org/schema/jboss-ruleset" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://windup.jboss.org/schema/jboss-ruleset http://windup.jboss.org/schema/jboss-ruleset/windup-jboss-ruleset.xsd">
+    <testDataPath>data/azure-aws-config</testDataPath>
+    <rulePath>../azure-aws-config.windup.xml</rulePath>
+    <ruleset>
+        <rules>
+            <rule id="azure-aws-config-test-01000">
+                <when>
+                    <not>
+                        <iterable-filter size="8">
+                            <hint-exists message="The application contains AWS credential configuration" />
+                        </iterable-filter>
+                    </not>
+                </when>
+                <perform>
+                    <fail message="aws-credential-config hint was not found!" />
+                </perform>
+            </rule>
+            <rule id="azure-aws-config-test-02000">
+                <when>
+                    <not>
+                        <iterable-filter size="1">
+                            <hint-exists message="The application contains AWS region configuration" />
+                        </iterable-filter>
+                    </not>
+                </when>
+                <perform>
+                    <fail message="aws-region-config hint was not found!" />
+                </perform>
+            </rule>
+            <rule id="azure-aws-config-test-03000">
+                <when>
+                    <not>
+                        <iterable-filter size="2">
+                            <hint-exists message="The application contains AWS S3 configuration" />
+                        </iterable-filter>
+                    </not>
+                </when>
+                <perform>
+                    <fail message="aws-S3-config hint was not found!" />
+                </perform>
+            </rule>
+            <rule id="azure-aws-config-test-04000">
+                <when>
+                    <not>
+                        <iterable-filter size="2">
+                            <hint-exists message="The application contains Amazon Simple Queue Service configuration" />
+                        </iterable-filter>
+                    </not>
+                </when>
+                <perform>
+                    <fail message="aws-sqs-config hint was not found!" />
+                </perform>
+            </rule>
+        </rules>
+    </ruleset>
+</ruletest>

rules/rules-reviewed/azure/tests/data/azure-aws-config/application.properties

@@ -0,0 +1,11 @@
+# Spring Cloud AWS Configuration
+spring.cloud.aws.region.static=us-east-1
+spring.cloud.aws.credentials.accessKey=myaccesskey
+spring.cloud.aws.credentials.secretKey=mysecretkey
+
+spring.cloud.aws.s3.region=us-west-2
+spring.cloud.aws.s3.signature.version=s3v4
+
+# older version of AWS SQS Configuration
+cloud.aws.sqs.enabled=true
+cloud.aws.sqs.region=us-east-1

rules/rules-reviewed/azure/tests/data/azure-aws-config/credentials

@@ -0,0 +1,13 @@
+[default]
+aws_access_key_id = YOUR_ACCESS_KEY
+aws_secret_access_key = YOUR_SECRET_KEY
+
+[dev-profile]
+aws_access_key_id = DEV_ACCESS_KEY
+aws_secret_access_key = DEV_SECRET_KEY
+
+[prod-profile]
+aws_access_key_id = PROD_ACCESS_KEY
+aws_secret_access_key = PROD_SECRET_KEY
+
+fake-aws-s3