extend aws.kms.keys {tags} (#6052)

Signed-off-by: Manuel Weber <manuel@mondoo.com>

Author: mm-weber

providers/aws/resources/aws.lr

@@ -725,6 +725,8 @@ private aws.kms.key @defaults("id region metadata.Description") {
   keyRotationEnabled() bool
   // Metadata for the key
   metadata() dict
+  // Tags for the KMS key
+  tags() map[string]string
 }
 
 

providers/aws/resources/aws.lr.go

@@ -2396,6 +2396,8 @@ resources:
       keyRotationEnabled: {}
       metadata: {}
       region: {}
+      tags:
+        min_mondoo_version: 9.0.0
     is_private: true
     min_mondoo_version: 5.15.0
     platform:
@@ -3784,7 +3786,6 @@ resources:
       name:
       - aws
   aws.waf.rule.statement.ratebasedstatement:
-    fields: {}
     is_private: true
     min_mondoo_version: 9.0.0
     platform:

providers/aws/resources/aws.lr.manifest.yaml

@@ -119,6 +119,27 @@ func (a *mqlAwsKmsKey) keyRotationEnabled() (bool, error) {
 	return key.KeyRotationEnabled, nil
 }
 
+func (a *mqlAwsKmsKey) tags() (map[string]any, error) {
+	conn := a.MqlRuntime.Connection.(*connection.AwsConnection)
+	keyArn := a.Arn.Data
+
+	svc := conn.Kms(a.Region.Data)
+	ctx := context.Background()
+
+	tags, err := svc.ListResourceTags(ctx, &kms.ListResourceTagsInput{KeyId: &keyArn})
+	if err != nil {
+		return nil, err
+	}
+
+	res := map[string]any{}
+	for i := range tags.Tags {
+		tag := tags.Tags[i]
+		res[convert.ToValue(tag.TagKey)] = convert.ToValue(tag.TagValue)
+	}
+
+	return res, nil
+}
+
 func (a *mqlAwsKmsKey) id() (string, error) {
 	return a.Arn.Data, nil
 }