refactor: use shared parseWizReport helper for OpenSearch inventory

Address review feedback to leverage the shared CSV parsing infrastructure
instead of duplicating the column-index logic. Also updates README with
currently supported resource types.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: revied

README.md

@@ -66,10 +66,10 @@ Version Guard implements a **two-stage detection pipeline**:
 Currently implemented:
 - **Aurora** (RDS MySQL/PostgreSQL) - AWS RDS EOL API + Wiz inventory
 - **EKS** (Kubernetes) - AWS EKS API + endoflife.date (hybrid) + Wiz inventory
+- **ElastiCache** (Redis/Valkey/Memcached) - endoflife.date + Wiz inventory
+- **OpenSearch** - endoflife.date + Wiz inventory
 
 Easily extensible to:
-- ElastiCache (Redis/Valkey/Memcached)
-- OpenSearch
 - Lambda (Node.js, Python, Java)
 - Cloud SQL (GCP)
 - GKE (GCP)

pkg/inventory/wiz/opensearch.go

@@ -4,10 +4,6 @@ import (
 	"context"
 	"fmt"
 	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go-v2/aws/arn"
-	"github.com/pkg/errors"
 
 	"github.com/block/Version-Guard/pkg/registry"
 	"github.com/block/Version-Guard/pkg/types"
@@ -32,7 +28,6 @@ func NewOpenSearchInventorySource(client *Client, reportID string) *OpenSearchIn
 }
 
 // WithRegistryClient adds optional registry integration for service attribution.
-// When tags are missing, the registry will be queried to map AWS account → service.
 func (s *OpenSearchInventorySource) WithRegistryClient(registryClient registry.Client) *OpenSearchInventorySource {
 	s.registryClient = registryClient
 	return s
@@ -57,58 +52,37 @@ func (s *OpenSearchInventorySource) CloudProvider() types.CloudProvider {
 	return types.CloudProviderAWS
 }
 
+var openSearchRequiredColumns = []string{
+	colHeaderExternalID,
+	colHeaderName,
+	colHeaderNativeType,
+	colHeaderAccountID,
+	colHeaderVersion,
+	colHeaderRegion,
+	colHeaderTags,
+	colHeaderEngineKind,
+}
+
 // ListResources fetches all OpenSearch resources from Wiz
-//
-//nolint:dupl // follows established inventory source pattern (aurora, elasticache)
 func (s *OpenSearchInventorySource) ListResources(ctx context.Context, resourceType types.ResourceType) ([]*types.Resource, error) {
 	if resourceType != types.ResourceTypeOpenSearch {
 		return nil, fmt.Errorf("unsupported resource type: %s (only OPENSEARCH supported)", resourceType)
 	}
 
-	// Fetch report data
-	rows, err := s.client.GetReportData(ctx, s.reportID)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to fetch Wiz report data")
-	}
-
-	if len(rows) < 2 {
-		// Empty report (only header row)
-		return []*types.Resource{}, nil
-	}
-
-	// Skip header row, parse data rows
-	var resources []*types.Resource
-	for i, row := range rows[1:] {
-		if len(row) < colMinRequired {
-			// Skip malformed rows
-			continue
-		}
-
-		// Filter for OpenSearch domain resources only
-		nativeType := row[colNativeType]
-		if !isOpenSearchResource(nativeType) {
-			continue
-		}
-
-		resource, err := s.parseOpenSearchRow(ctx, row)
-		if err != nil {
-			// Log error but continue processing other rows
-			// TODO: add proper logging
-			_ = fmt.Sprintf("row %d: failed to parse OpenSearch resource: %v", i+1, err)
-			continue
-		}
-
-		if resource != nil {
-			resources = append(resources, resource)
-		}
-	}
-
-	return resources, nil
+	return parseWizReport(
+		ctx,
+		s.client,
+		s.reportID,
+		openSearchRequiredColumns,
+		func(cols columnIndex, row []string) bool {
+			return isOpenSearchResource(cols.col(row, colHeaderNativeType))
+		},
+		s.parseOpenSearchRow,
+	)
 }
 
 // GetResource fetches a specific OpenSearch resource by ARN
 func (s *OpenSearchInventorySource) GetResource(ctx context.Context, resourceType types.ResourceType, id string) (*types.Resource, error) {
-	// For Wiz source, we fetch all and filter
 	resources, err := s.ListResources(ctx, resourceType)
 	if err != nil {
 		return nil, err
@@ -123,73 +97,15 @@ func (s *OpenSearchInventorySource) GetResource(ctx context.Context, resourceTyp
 	return nil, fmt.Errorf("resource not found: %s", id)
 }
 
-// parseOpenSearchRow parses a single CSV row into a Resource
-func (s *OpenSearchInventorySource) parseOpenSearchRow(ctx context.Context, row []string) (*types.Resource, error) {
-	resourceARN := row[colARN]
-	if resourceARN == "" {
-		return nil, fmt.Errorf("missing ARN")
-	}
-
-	// Parse ARN
-	parsedARN, err := arn.Parse(resourceARN)
+// parseOpenSearchRow parses a single CSV row into a Resource.
+// Uses the shared parseAWSResourceRow helper, then normalizes the version
+// to strip the "OpenSearch_" prefix that Wiz sometimes includes.
+func (s *OpenSearchInventorySource) parseOpenSearchRow(ctx context.Context, cols columnIndex, row []string) (*types.Resource, error) {
+	resource, err := parseAWSResourceRow(ctx, cols, row, types.ResourceTypeOpenSearch, normalizeOpenSearchKind, s.tagConfig, s.registryClient)
 	if err != nil {
-		return nil, errors.Wrapf(err, "invalid ARN: %s", resourceARN)
-	}
-
-	// Extract metadata
-	resourceName := row[colResourceName]
-	accountID := row[colAWSAccountID]
-	if accountID == "" {
-		accountID = parsedARN.AccountID
-	}
-
-	engine := normalizeOpenSearchKind(row[colEngineKind])
-	version := normalizeOpenSearchVersion(row[colEngineVersion])
-	region := row[colRegion]
-
-	// Parse tags
-	tagsJSON := row[colTags]
-	tags, err := ParseTags(tagsJSON)
-	if err != nil {
-		// Non-fatal, just use empty tags
-		tags = make(map[string]string)
-	}
-
-	// Extract service name from tags (using configurable tag keys)
-	service := s.tagConfig.GetAppTag(tags)
-	if service == "" {
-		// Try registry lookup by AWS account (if registry is configured)
-		if s.registryClient != nil {
-			if serviceInfo, err := s.registryClient.GetServiceByAWSAccount(ctx, accountID, region); err == nil {
-				service = serviceInfo.ServiceName
-			}
-			// Ignore registry errors - fall through to name parsing
-		}
-
-		// Final fallback: extract from resource name or ARN
-		if service == "" {
-			service = extractServiceFromName(resourceName)
-		}
-	}
-
-	// Extract brand (using configurable tag keys)
-	brand := s.tagConfig.GetBrandTag(tags)
-
-	resource := &types.Resource{
-		ID:             resourceARN,
-		Name:           resourceName,
-		Type:           types.ResourceTypeOpenSearch,
-		CloudProvider:  types.CloudProviderAWS,
-		Service:        service,
-		CloudAccountID: accountID,
-		CloudRegion:    region,
-		Brand:          brand,
-		CurrentVersion: version,
-		Engine:         engine,
-		Tags:           tags,
-		DiscoveredAt:   time.Now(),
+		return nil, err
 	}
-
+	resource.CurrentVersion = normalizeOpenSearchVersion(resource.CurrentVersion)
 	return resource, nil
 }