horkos 0.2.0 - Docs.rs

//! Generated from rds_create_database.yaml
//! DO NOT EDIT - regenerate with `cargo run -p horkos-codegen`

use crate::resources::{Param, PreferredParam, ResourceDefinition, SecurityParam};
use crate::types::ResolvedType;

/// Create an RDS database instance with secure defaults
///
/// Terraform: `aws_db_instance`
///
/// Credentials: AWS Secrets Manager by default (manage_master_user_password = true).
/// Hardcoded passwords require `unsafe` with justification.
pub fn rds_create_database() -> ResourceDefinition {
    ResourceDefinition {
        module: "RDS",
        function: "createDatabase",
        required_params: vec![
            Param::string("identifier"),
            Param::string("engine"),
            Param::string("engineVersion"),
            Param::new("subnet", ResolvedType::Subnet),
        ],
        optional_params: vec![
            Param::string("username"),         // Default: "admin"
            Param::string("instanceClass"),    // Default: "db.t3.micro"
            Param::number("allocatedStorage"), // Default: 20 GB
            Param::string("storageType"),      // Default: "gp3"
            Param::string("kmsKeyId"),         // Custom KMS key
            Param::number("port"),
            Param::string("maintenanceWindow"),
            Param::string("backupWindow"),
            Param::tags("tags"),
        ],
        preferred_params: vec![
            PreferredParam::bool("multiAz", true),
            PreferredParam::number("backupRetention", 7.0),
            PreferredParam::bool("deletionProtection", true),
            PreferredParam::bool("performanceInsights", true),
            PreferredParam::bool("autoMinorVersionUpgrade", true),
            PreferredParam::bool("enhancedMonitoring", true),
        ],
        security_params: vec![
            SecurityParam::new("encryption", true, false),
            SecurityParam::new("publiclyAccessible", false, true),
            SecurityParam::new("iamAuth", true, false),
            SecurityParam::new("skipFinalSnapshot", false, true), // true = data loss risk
            SecurityParam::presence("password"), // Any hardcoded password requires unsafe
        ],
        returns: ResolvedType::Database,
    }
}

#[allow(dead_code)]
mod security_rules {
    pub const RDS_001: &str = "Database storage must be encrypted at rest";
    pub const RDS_002: &str = "Databases should not be publicly accessible";
    pub const RDS_003: &str = "IAM authentication provides better access control";
}

#[allow(dead_code)]
mod preferred_rules {
    pub const RDS_P01: &str = "Multi-AZ recommended for production workloads";
    pub const RDS_P02: &str = "Backup retention of 7+ days recommended";
    pub const RDS_P03: &str = "Deletion protection recommended for production";
    pub const RDS_P04: &str = "Performance Insights aids in troubleshooting";
    pub const RDS_P05: &str = "Auto upgrades keep database patched";
}