geat: Handle TODOs for ecs task

Author: m-pizarro

src/services/ecsTask/connections.ts

@@ -4,10 +4,11 @@ import { RawAwsEcsTask } from '../ecsTask/data'
 import { RawAwsEcsContainer } from '../ecsContainer/data'
 import { RawAwsEcsCluster } from '../ecsCluster/data'
 import { RawAwsEcsTaskDefinition } from '../ecsTaskDefinition/data'
+import { RawAwsIamRole } from '../iamRole/data'
 import services from '../../enums/services'
+import { globalRegionName } from '../../enums/regions'
 
 export default ({
-  account,
   service,
   data,
   region,
@@ -19,7 +20,7 @@ export default ({
 }): {
   [property: string]: ServiceConnection[]
 } => {
-  const { taskArn: id } = service
+  const { taskArn: id, overrides } = service
   const connections: ServiceConnection[] = []
 
   /**
@@ -30,8 +31,11 @@ export default ({
     data: { [property: string]: RawAwsEcsContainer[] }
   } = data.find(({ name }) => name === services.ecsContainer)
   if (containers?.data?.[region]) {
-    const containersInRegion: RawAwsEcsContainer[] = containers.data[region].filter(
-      ({ containerInstanceArn }) => containerInstanceArn === service.containerInstanceArn
+    const containersInRegion: RawAwsEcsContainer[] = containers.data[
+      region
+    ].filter(
+      ({ containerInstanceArn }) =>
+        containerInstanceArn === service.containerInstanceArn
     )
     if (!isEmpty(containersInRegion)) {
       for (const container of containersInRegion) {
@@ -60,7 +64,6 @@ export default ({
     )
     if (!isEmpty(clustersInRegion)) {
       for (const instance of clustersInRegion) {
-
         connections.push({
           id: instance.clusterArn,
           resourceType: services.ecsCluster,
@@ -79,12 +82,13 @@ export default ({
     data: { [property: string]: RawAwsEcsTaskDefinition[] }
   } = data.find(({ name }) => name === services.ecsTaskDefinition)
   if (taskDefinitions?.data?.[region]) {
-    const taskDefinitionsInRegion: RawAwsEcsTaskDefinition[] = taskDefinitions.data[region].filter(
-      ({ taskDefinitionArn }) => taskDefinitionArn === service.taskDefinitionArn
-    )
+    const taskDefinitionsInRegion: RawAwsEcsTaskDefinition[] =
+      taskDefinitions.data[region].filter(
+        ({ taskDefinitionArn }) =>
+          taskDefinitionArn === service.taskDefinitionArn
+      )
     if (!isEmpty(taskDefinitionsInRegion)) {
       for (const instance of taskDefinitionsInRegion) {
-
         connections.push({
           id: instance.taskDefinitionArn,
           resourceType: services.ecsTaskDefinition,
@@ -95,6 +99,30 @@ export default ({
     }
   }
 
+  /**
+   * Find related IAM Roles
+   */
+  const roles: { name: string; data: { [property: string]: any[] } } =
+    data.find(({ name }) => name === services.iamRole)
+  if (roles?.data?.[globalRegionName]) {
+    const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
+      ({ Arn }: RawAwsIamRole) => overrides?.executionRoleArn === Arn || 
+      overrides?.taskRoleArn === Arn
+    )
+    if (!isEmpty(dataAtRegion)) {
+      for (const instance of dataAtRegion) {
+        const { Arn: roleId } = instance
+
+        connections.push({
+          id: roleId,
+          resourceType: services.iamRole,
+          relation: 'child',
+          field: 'iamRoles',
+        })
+      }
+    }
+  }
+
   const result = {
     [id]: connections,
   }

src/services/ecsTask/schema.graphql

@@ -38,6 +38,7 @@ type awsEcsTask @key(fields: "arn") {
   ecsCluster: [awsEcsCluster] @hasInverse(field: ecsTask)
   ecsContainer: [awsEcsContainer] @hasInverse(field: ecsTask)
   ecsTaskDefinition: [awsEcsTaskDefinition] @hasInverse(field: ecsTask)
+  iamRoles: [awsIamRole] @hasInverse(field: ecsTask)
 }
 
 type awsEcsAttribute

src/services/ecsTaskDefinition/connections.ts

@@ -0,0 +1,49 @@
+import { ServiceConnection } from '@cloudgraph/sdk'
+import { isEmpty } from 'lodash'
+import { RawAwsEcsTaskDefinition } from '../ecsTaskDefinition/data'
+import { RawAwsIamRole } from '../iamRole/data'
+import services from '../../enums/services'
+import { globalRegionName } from '../../enums/regions'
+
+export default ({
+  service,
+  data,
+}: {
+  account: string
+  service: RawAwsEcsTaskDefinition
+  data: { name: string; data: { [property: string]: any[] } }[]
+  region: string
+}): {
+  [property: string]: ServiceConnection[]
+} => {
+  const { taskDefinitionArn: id, executionRoleArn } = service
+  const connections: ServiceConnection[] = []
+
+  /**
+   * Find related IAM Roles
+   */
+  const roles: { name: string; data: { [property: string]: any[] } } =
+    data.find(({ name }) => name === services.iamRole)
+  if (roles?.data?.[globalRegionName]) {
+    const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
+      ({ Arn }: RawAwsIamRole) => executionRoleArn === Arn
+    )
+    if (!isEmpty(dataAtRegion)) {
+      for (const instance of dataAtRegion) {
+        const { Arn: roleId } = instance
+
+        connections.push({
+          id: roleId,
+          resourceType: services.iamRole,
+          relation: 'child',
+          field: 'iamRole',
+        })
+      }
+    }
+  }
+
+  const result = {
+    [id]: connections,
+  }
+  return result
+}

src/services/ecsTaskDefinition/index.ts

@@ -2,12 +2,15 @@ import {Service} from '@cloudgraph/sdk'
 import BaseService from '../base'
 import format from './format'
 import getData from './data'
+import getConnections from './connections'
 import mutation from './mutation'
 
 export default class EcsTaskDefinition extends BaseService implements Service {
   format = format.bind(this)
 
   getData = getData.bind(this)
 
+  getConnections = getConnections.bind(this)
+  
   mutation = mutation
 }

src/services/ecsTaskDefinition/schema.graphql

@@ -28,6 +28,7 @@ type awsEcsTaskDefinition @key(fields: "arn") {
   ecsService: [awsEcsService] @hasInverse(field: ecsTaskDefinition)
   ecsTask: [awsEcsTask] @hasInverse(field: ecsTaskDefinition)
   ecsTaskSet: [awsEcsTaskSet] @hasInverse(field: ecsTaskDefinition)
+  iamRole: [awsIamRole] @hasInverse(field: ecsTaskDefinition)
 }
 
 type awsEcsContainerDefinition

src/services/iamRole/schema.graphql

@@ -23,4 +23,6 @@ type awsIamRole @key(fields: "id") {
   sageMakerNotebookInstances: [awsSageMakerNotebookInstance] @hasInverse(field: iamRole)
   systemsManagerInstances: [awsSystemsManagerInstance] @hasInverse(field: iamRole)
   iamInstanceProfiles: [awsIamInstanceProfile] @hasInverse(field: iamRole)
+  ecsTask: [awsEcsTask] @hasInverse(field: iamRoles)
+  ecsTaskDefinition: [awsEcsTaskDefinition] @hasInverse(field: iamRole)
 }

src/types/generated.ts

@@ -2104,6 +2104,7 @@ export type AwsEcsTask = {
   executionStoppedAt?: Maybe<Scalars['String']>;
   group?: Maybe<Scalars['String']>;
   healthStatus?: Maybe<Scalars['String']>;
+  iamRoles?: Maybe<Array<Maybe<AwsIamRole>>>;
   id: Scalars['String'];
   inferenceAccelerators?: Maybe<Array<Maybe<AwsEcsInferenceAccelerator>>>;
   lastStatus?: Maybe<Scalars['String']>;
@@ -2136,6 +2137,7 @@ export type AwsEcsTaskDefinition = {
   ephemeralStorage?: Maybe<AwsEcsEphemeralStorage>;
   executionRoleArn?: Maybe<Scalars['String']>;
   family?: Maybe<Scalars['String']>;
+  iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
   id: Scalars['String'];
   inferenceAccelerators?: Maybe<Array<Maybe<AwsEcsInferenceAccelerator>>>;
   ipcMode?: Maybe<Scalars['String']>;
@@ -3191,6 +3193,8 @@ export type AwsIamRole = {
   createdAt?: Maybe<Scalars['String']>;
   description?: Maybe<Scalars['String']>;
   ecsService?: Maybe<Array<Maybe<AwsEcsService>>>;
+  ecsTask?: Maybe<Array<Maybe<AwsEcsTask>>>;
+  ecsTaskDefinition?: Maybe<Array<Maybe<AwsEcsTaskDefinition>>>;
   eksCluster?: Maybe<Array<Maybe<AwsEksCluster>>>;
   flowLogs?: Maybe<Array<Maybe<AwsFlowLog>>>;
   glueJobs?: Maybe<Array<Maybe<AwsGlueJob>>>;