Merge remote-tracking branch 'origin/alpha' into fix/connection-subnet-nacl

Author: hjaraujof

CHANGELOG.md

@@ -1,3 +1,72 @@
+# [0.79.0-alpha.8](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.7...0.79.0-alpha.8) (2022-04-11)
+
+
+### Bug Fixes
+
+* Added iamRole connection to kinesisFirehose service ([dc17214](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/dc1721403a6d86aa1d7a00542dff237011514654))
+
+# [0.79.0-alpha.7](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.6...0.79.0-alpha.7) (2022-04-11)
+
+
+### Bug Fixes
+
+* Added iamRole to lambda service ([ae6177d](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/ae6177de995975ab5194c5d2fcc8aaf98ec8d06d))
+
+# [0.79.0-alpha.6](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.5...0.79.0-alpha.6) (2022-04-11)
+
+
+### Features
+
+* Handle TODOs for ecs cluster ([554dff7](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/554dff7785dc2c69403a41416c7739625fd02263))
+* Update kms connection ([1e3e66d](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/1e3e66d41e886bbb39ad9f000167fa93c7313b26))
+* Updated README connections ([f536b73](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/f536b73f97c1f0ddbea687588e5d10f089fd2500))
+
+# [0.79.0-alpha.5](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.4...0.79.0-alpha.5) (2022-04-08)
+
+
+### Bug Fixes
+
+* Fixed error scanning iamUsers without enough permissions ([43b7d22](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/43b7d22c4b3c8b0056ec302f7ec8e7ec9646fa0f))
+
+# [0.79.0-alpha.4](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.3...0.79.0-alpha.4) (2022-04-08)
+
+
+### Features
+
+* Handle TODOs for dynamoDB ([d2b42ce](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/d2b42cec491776ecebbedc30f691a49960cfd47e))
+* Handle TODOs for dynamoDB ([9b3ae42](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/9b3ae425097f06972f292f3c82930bd7f97bb5ac))
+
+# [0.79.0-alpha.3](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.2...0.79.0-alpha.3) (2022-04-08)
+
+
+### Features
+
+* **appSync:** add iamRole/wafV2WebAcl connections ([36b90f2](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/36b90f256445568dd33d9f0fcbed8dc66531407a))
+
+# [0.79.0-alpha.2](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.1...0.79.0-alpha.2) (2022-04-08)
+
+
+### Features
+
+* Added iamInstanceProfile connection ([652f2f7](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/652f2f7b9bf551cab37afa2893bea5bb504699c9))
+* Added IamRole connection to ec2 ([4ff22ec](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/4ff22ecb130345de06cd6afd06c15f2978c8a4c7))
+* Handle TODOs for EC2 ([832fc7b](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/832fc7bdff1a02d89fbdbf50d1d030669d7568b9))
+
+# [0.79.0-alpha.1](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.78.2-alpha.1...0.79.0-alpha.1) (2022-04-07)
+
+
+### Features
+
+* Handle TODOs for dynamoDB ([625701e](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/625701ea2a47b6be8bdf1fe910a541fd6f1ed132))
+* Handle TODOs for dynamoDB ([2911751](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/2911751e96908793dc1b042b07c28bba340f1134))
+
+## [0.78.2-alpha.1](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.78.1...0.78.2-alpha.1) (2022-04-06)
+
+
+### Bug Fixes
+
+* Standardized aws service schemas using base schema ([f0f7cfd](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/f0f7cfdc3b71a202f211ed7255ea6b0aa1e4988d))
+
 ## [0.78.1](https://gitlab.com/auto-cloud/cloudgraph/provider/cloudgraph-provider-aws/compare/0.78.0...0.78.1) (2022-03-29)
 
 

README.md

@@ -1,6 +1,6 @@
 {
   "name": "@cloudgraph/cg-provider-aws",
-  "version": "0.78.1",
+  "version": "0.79.0-alpha.8",
   "description": "cloud-graph provider plugin for AWS used to fetch AWS cloud data.",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",
@@ -76,4 +76,4 @@
       "git add --force"
     ]
   }
-}
+}

package.json

@@ -8,4 +8,5 @@ export default {
   route53HostedZone: ['route53Record'],
   emrCluster: ['emrInstance', 'emrStep'],
   ecsService: ['ecsTaskSet', 'ecsTaskDefinition'],
+  iamInstanceProfile: ['ec2Instance'],
 }

src/enums/relations.ts

@@ -1,5 +1,4 @@
-type awsAccount @key(fields: "id") {
-  id: String! @id @search(by: [hash])
+type awsAccount implements awsOptionalService @key(fields: "id") {
   regions: [String] @search(by: [hash])
   albs: [awsAlb]
   apiGatewayResources: [awsApiGatewayResource]

src/services/account/schema.graphql

@@ -1,9 +1,5 @@
-type awsAlb @key(fields: "arn") {
-  id: String! @id @search(by: [hash, regexp])
+type awsAlb implements awsBaseService @key(fields: "arn") {
   name: String @search(by: [hash, regexp])
-  accountId: String! @search(by: [hash, regexp])
-  arn: String! @id @search(by: [hash, regexp])
-  region: String @search(by: [hash, regexp])
   dnsName: String @search(by: [hash, regexp])
   scheme: String @search(by: [hash, regexp])
   type: String @search(by: [hash, regexp])

src/services/alb/schema.graphql

@@ -6,12 +6,8 @@ type awsApiGatewayMethod @key(fields: "arn") {
   apiKeyRequired: Boolean @search
 }
 
-type awsApiGatewayResource @key(fields: "arn") {
-  id: String! @search(by: [hash])
-  accountId: String! @search(by: [hash])
-  arn: String! @id @search(by: [hash, regexp])
-  region: String @search(by: [hash, regexp])
+type awsApiGatewayResource implements awsBaseService @key(fields: "arn") {
   restApi: [awsApiGatewayRestApi] @hasInverse(field: resources) #change to plural
   path: String @search(by: [hash, regexp])
   methods: [awsApiGatewayMethod]
-}
+}

src/services/apiGatewayResource/schema.graphql

@@ -4,11 +4,7 @@ type awsApiGatewayEndpointConfiguration {
   vpcEndpointIds: [String] @search(by: [hash])
 }
 
-type awsApiGatewayRestApi @key(fields: "arn") {
-  id: String! @id @search(by: [hash])
-  accountId: String! @search(by: [hash])
-  arn: String! @id @search(by: [hash, regexp])
-  region: String @search(by: [hash, regexp])
+type awsApiGatewayRestApi implements awsBaseService @key(fields: "arn") {
   description: String @search(by: [hash, regexp, fulltext])
   policy: awsIamJSONPolicy
   endpointConfiguration: awsApiGatewayEndpointConfiguration
@@ -21,5 +17,3 @@ type awsApiGatewayRestApi @key(fields: "arn") {
   resources: [awsApiGatewayResource] @hasInverse(field: restApi)
   route53Record: [awsRoute53Record] @hasInverse(field: restApi) #change to plural
 }
-
-

src/services/apiGatewayRestApi/schema.graphql

@@ -20,11 +20,7 @@ type awsApiGatewayStageVariable
   value: String @search(by: [hash])
 }
 
-type awsApiGatewayStage @key(fields: "arn") {
-  id: String! @search(by: [hash])
-  accountId: String! @search(by: [hash])
-  arn: String! @id @search(by: [hash, regexp])
-  region: String @search(by: [hash, regexp])
+type awsApiGatewayStage implements awsBaseService @key(fields: "arn") {
   name: String @search(by: [hash, regexp])
   description: String @search(by: [hash, regexp, fulltext])
   cacheCluster: Boolean @search

src/services/apiGatewayStage/schema.graphql

@@ -10,6 +10,9 @@ import { RawAwsDynamoDbTable } from '../dynamodb/data'
 import { RawAwsLambdaFunction } from '../lambda/data'
 import { RawAwsCognitoUserPool } from '../cognitoUserPool/data'
 import { RawAwsRdsCluster } from '../rdsCluster/data'
+import { RawAwsIamRole } from '../iamRole/data'
+import { globalRegionName } from '../../enums/regions'
+import { RawAwsWafV2WebAcl } from '../wafV2WebAcl/data'
 
 /**
  * AppSync
@@ -27,7 +30,7 @@ export default ({
   region: string
 }): { [key: string]: ServiceConnection[] } => {
   const connections: ServiceConnection[] = []
-  const { apiId: id, awsDataSources, userPoolConfig } = appSync
+  const { apiId: id, awsDataSources, userPoolConfig, wafWebAclArn } = appSync
 
   /**
    * Find cognito user pools
@@ -153,6 +156,60 @@ export default ({
     }
   }
 
+  /**
+   * Find related IAM Roles
+   */
+  const roles: { name: string; data: { [property: string]: any[] } } =
+    data.find(({ name }) => name === services.iamRole)
+
+  const roleArns = awsDataSources?.map(
+    ({ serviceRoleArn }) => serviceRoleArn
+  )
+
+  if (roles?.data?.[globalRegionName]) {
+    const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
+      role => roleArns.includes(role.Arn)
+    )
+    if (!isEmpty(dataAtRegion)) {
+      for (const instance of dataAtRegion) {
+        const { Arn: arn }: RawAwsIamRole = instance
+
+        connections.push({
+          id: arn,
+          resourceType: services.iamRole,
+          relation: 'child',
+          field: 'iamRoles',
+        })
+      }
+    }
+  }
+
+  /**
+   * Find wafV2WebAcls
+   */
+  const acls: {
+    name: string
+    data: { [property: string]: RawAwsWafV2WebAcl[] }
+  } = data.find(({ name }) => name === services.wafV2WebAcl)
+
+  if (acls?.data) {
+    const allAcls = Object.values(acls.data).flat()
+    const dataInRegion: RawAwsWafV2WebAcl[] = allAcls.filter(
+      ({ ARN }: RawAwsWafV2WebAcl) => ARN === wafWebAclArn
+    )
+
+    if (!isEmpty(dataInRegion)) {
+      for (const acl of dataInRegion) {
+        connections.push({
+          id: acl.Id,
+          resourceType: services.wafV2WebAcl,
+          relation: 'child',
+          field: 'webAcl',
+        })
+      }
+    }
+  }
+  
   const appSyncResult = {
     [id]: connections,
   }