Merge pull request #141 from cloudgraphdev/feat/EP-3183

feat: Added more information to lambda service

Author: Marco Franceschi

src/services/iamPolicy/schema.graphql

@@ -32,6 +32,7 @@ type awsIamJSONPolicyStatement
   action: [String] @search(by: [hash])
   condition: [awsIamJSONPolicyCondition]
   effect: String @search(by: [hash, regexp])
+  sid: String @search(by: [hash, regexp])
   principal: [awsIamJSONPolicyPrincipal]
   resource: [String] @search(by: [hash])
   notAction: [String] @search(by: [hash])

src/services/lambda/data.ts

@@ -9,7 +9,12 @@ import Lambda, {
   GetFunctionConcurrencyRequest,
   GetFunctionConcurrencyResponse,
   ReservedConcurrentExecutions,
-  GetPolicyResponse
+  GetPolicyResponse,
+  ListEventSourceMappingsResponse,
+  EventSourceMappingConfiguration,
+  ListFunctionEventInvokeConfigsResponse,
+  FunctionEventInvokeConfig,
+  Layer
 } from 'aws-sdk/clients/lambda'
 import { AWSError } from 'aws-sdk/lib/error'
 import { Config } from 'aws-sdk/lib/config'
@@ -35,6 +40,9 @@ export interface RawAwsLambdaFunction extends FunctionConfiguration {
     Policy?: string
     RevisionId?: string
   }
+  EventSourceMappings?: EventSourceMappingConfiguration[]
+  EventInvokeConfigs?: FunctionEventInvokeConfig[]
+  Layers?: Layer[]
 }
 
 const listFunctionsForRegion = async ({
@@ -137,7 +145,7 @@ const getResourceTags = async (lambda: Lambda, arn: string): Promise<TagMap> =>
     }
   })
 
-  const getLambdaPolicy = async (lambda: Lambda, arn: string): Promise<{ Policy?: string; RevisionId?: string }> =>
+const getLambdaPolicy = async (lambda: Lambda, arn: string): Promise<{ Policy?: string; RevisionId?: string }> =>
   new Promise(resolve => {
     try {
       lambda.getPolicy(
@@ -159,6 +167,52 @@ const getResourceTags = async (lambda: Lambda, arn: string): Promise<TagMap> =>
     }
   })
 
+const getEventSourceMappings = async (lambda: Lambda, arn: string): Promise<EventSourceMappingConfiguration[]> =>
+  new Promise(resolve => {
+    try {
+      lambda.listEventSourceMappings(
+        { FunctionName: arn },
+        (err: AWSError, data: ListEventSourceMappingsResponse) => {
+          if (err) {
+            errorLog.generateAwsErrorLog({
+              functionName: 'lambda:listEventSourceMappings',
+              err,
+            })
+            resolve([])
+          }
+          const { EventSourceMappings = [] } = data || {}
+
+          resolve(EventSourceMappings)
+        }
+      )
+    } catch (error) {
+      resolve([])
+    }
+  })
+
+const getEventInvokeConfigs = async (lambda: Lambda, name: string): Promise<FunctionEventInvokeConfig[]> =>
+  new Promise(resolve => {
+    try {
+      lambda.listFunctionEventInvokeConfigs(
+        { FunctionName: name },
+        (err: AWSError, data: ListFunctionEventInvokeConfigsResponse) => {
+          if (err) {
+            errorLog.generateAwsErrorLog({
+              functionName: 'lambda:listFunctionEventInvokeConfigs',
+              err,
+            })
+            resolve([])
+          }
+          const { FunctionEventInvokeConfigs = [] } = data || {}
+
+          resolve(FunctionEventInvokeConfigs)
+        }
+      )
+    } catch (error) {
+      resolve([])
+    }
+  })
+
 export default async ({
   regions,
   config,
@@ -199,16 +253,22 @@ export default async ({
     logger.debug(lt.fetchedLambdas(lambdaData.length))
 
     // get all tags and policy for each Lambda
-    lambdaData.map(({ FunctionArn: arn, region }, idx) => {
+    lambdaData.map(({ FunctionArn: arn, region, FunctionName: name, Layers }, idx) => {
       const lambda = new Lambda({ ...config, region, endpoint })
-      const tagsAndPolicyPromise = new Promise<void>(async resolveData => {
+
+      const additionalMetadataPromise = new Promise<void>(async resolveData => {
         const envTags: TagMap = await getResourceTags(lambda, arn)
         lambdaData[idx].Tags = envTags
         const policy = await getLambdaPolicy(lambda, arn)
         lambdaData[idx].PolicyData = policy
+        const eventSourceMappings = await getEventSourceMappings(lambda, arn)
+        lambdaData[idx].EventSourceMappings = eventSourceMappings
+        const eventInvokeConfigs = await getEventInvokeConfigs(lambda, name)
+        lambdaData[idx].EventInvokeConfigs = eventInvokeConfigs
+        lambdaData[idx].Layers = Layers
         resolveData()
       })
-      tagsPromises.push(tagsAndPolicyPromise)
+      tagsPromises.push(additionalMetadataPromise)
     })
 
     logger.debug(lt.gettingLambdaTags)

src/services/lambda/format.ts

@@ -1,8 +1,10 @@
+import { generateUniqueId } from '@cloudgraph/sdk'
 import isEmpty from 'lodash/isEmpty'
 import t from '../../properties/translations'
-import { AwsLambda } from '../../types/generated'
+import { AwsLambda, AwsLambdaEventInvokeConfig, AwsLambdaEventSourceMappings, AwsLambdaLayerVersion } from '../../types/generated'
 import { formatTagsFromMap, formatIamJsonPolicy } from '../../utils/format'
 import { RawAwsLambdaFunction } from './data'
+import { EventSourceMappingConfiguration, FunctionEventInvokeConfig, Layer } from 'aws-sdk/clients/lambda'
 
 /**
  * Lambda
@@ -33,6 +35,9 @@ export default ({
     reservedConcurrentExecutions: rawReservedConcurrentExecutions,
     VpcConfig: vpcConfig,
     PolicyData: { Policy: policy = '', RevisionId: policyRevisionId = '' },
+    EventSourceMappings: eventSourceMappings = [],
+    EventInvokeConfigs: eventInvokeConfigs = [],
+    Layers: layers = []
   } = rawData
   const environmentVariables = []
   const secretNames = [t.pass, t.secret, t.private, t.cert]
@@ -68,10 +73,120 @@ export default ({
     securityGroupIds: vpcConfig?.SecurityGroupIds,
   }
 
+  const formatEventSourceMappings = (
+    eventSourceMappings?: EventSourceMappingConfiguration[]
+  ): AwsLambdaEventSourceMappings[] => {
+    return (
+      eventSourceMappings?.map(e => ({
+        id: generateUniqueId({
+          arn,
+          ...e,
+        }),
+        uuid: e.UUID,
+        startingPosition: e.StartingPosition,
+        batchSize: e.BatchSize,
+        maximumBatchingWindowInSeconds: e.MaximumBatchingWindowInSeconds,
+        parallelizationFactor: e.ParallelizationFactor,
+        eventSourceArn: e.EventSourceArn,
+        filterCriteria: e.FilterCriteria?.Filters?.map(f => f.Pattern) || [],
+        functionArn: e.FunctionArn,
+        lastModified: e.LastModified?.toISOString(),
+        lastProcessingResult: e.LastProcessingResult,
+        state: e.State,
+        stateTransitionReason: e.StateTransitionReason,
+        destinationConfig: {
+          id: generateUniqueId({
+            arn,
+            ...e.DestinationConfig,
+
+          }),
+          OnSuccess: e.DestinationConfig?.OnSuccess?.Destination,
+          OnFailure: e.DestinationConfig?.OnFailure?.Destination
+
+        },
+        topics: e.Topics,
+        queues: e.Queues,
+        maximumRecordAgeInSeconds: e.MaximumRecordAgeInSeconds,
+        bisectBatchOnFunctionError: e.BisectBatchOnFunctionError,
+        maximumRetryAttempts: e.MaximumRetryAttempts,
+        tumblingWindowInSeconds: e.TumblingWindowInSeconds,
+        functionResponseTypes: e.FunctionResponseTypes,
+        amazonManagedKafkaEventSourceConfig: {
+          id: generateUniqueId({
+            arn,
+            ...e.AmazonManagedKafkaEventSourceConfig
+          }),
+          consumerGroupId: e.AmazonManagedKafkaEventSourceConfig?.ConsumerGroupId
+        },
+        selfManagedKafkaEventSourceConfig: {
+          id: generateUniqueId({
+            arn,
+            ...e.SelfManagedKafkaEventSourceConfig
+          }),
+          consumerGroupId: e.SelfManagedKafkaEventSourceConfig?.ConsumerGroupId
+        }
+      })) || []
+    )
+  }
+
+  const formatEventInvokeConfigs = (
+    eventInvokeConfigs?: FunctionEventInvokeConfig[]
+  ): AwsLambdaEventInvokeConfig[] => {
+    return (
+      eventInvokeConfigs?.map(e => ({
+        id: generateUniqueId({
+          arn,
+          ...e,
+        }),
+        lastModified: e.LastModified?.toISOString(),
+        functionArn: e.FunctionArn,
+        maximumRetryAttempts: e.MaximumRetryAttempts,
+        maximumEventAgeInSeconds: e.MaximumEventAgeInSeconds,
+        destinationConfig: {
+          id: generateUniqueId({
+            arn,
+            ...e.DestinationConfig,
+
+          }),
+          OnSuccess: e.DestinationConfig?.OnSuccess?.Destination,
+          OnFailure: e.DestinationConfig?.OnFailure?.Destination
+        }
+      })) || []
+    )
+  }
+
+  const formatLayers = (
+    layers?: Layer[]
+  ): AwsLambdaLayerVersion[] => {
+    return (
+      layers?.map(l => {
+        const arnParts = l.Arn?.split(':')
+        // get layer name from arn:aws:lambda:_REGION_:_ACCOUNT_ID_:layer:_LAYER_NAME_:_LAYER_VERSION_
+        const layerName = arnParts[arnParts.length - 2]
+        return ({
+          id: generateUniqueId({
+            arn,
+            ...l,
+          }),
+          arn: l.Arn,
+          name: layerName,
+          codeSize: l.CodeSize,
+          signingProfileVersionArn: l.SigningProfileVersionArn,
+          signingJobArn: l.SigningJobArn,
+        })
+      }) || []
+    )
+  }
+
+  const functionName = arn.split(':').pop()
+  const functionPolicy = formatIamJsonPolicy(policy)
+  const policyStatementIds = functionPolicy?.statement?.map(s => s.sid) ?? []
+
   return {
     accountId: account,
     arn,
     region,
+    name: functionName,
     description,
     handler,
     id: arn,
@@ -88,7 +203,11 @@ export default ({
     vpcConfig: formattedVpcConfig,
     policyRevisionId,
     rawPolicy: policy,
-    policy: formatIamJsonPolicy(policy),
+    policy: functionPolicy,
+    policyStatementIds,
     tags: formatTagsFromMap(Tags),
+    eventSourceMappings: formatEventSourceMappings(eventSourceMappings),
+    eventInvokeConfigs: formatEventInvokeConfigs(eventInvokeConfigs),
+    layers: formatLayers(layers)
   }
 }

src/services/lambda/schema.graphql

@@ -1,5 +1,97 @@
+type awsLambdaEventSourceConfig
+  @generate(
+    query: { get: false, query: true, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  id: String! @id
+  consumerGroupId: String @search(by: [hash, regexp])
+}
+
+type awsLambdaSourceAccessConfiguration
+  @generate(
+    query: { get: false, query: true, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  id: String! @id
+  type: String @search(by: [hash, regexp])
+  uri: String @search(by: [hash, regexp])
+}
+
+type awsLambdaDestinationConfig
+  @generate(
+    query: { get: false, query: true, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  id: String! @id
+  OnSuccess: String @search(by: [hash, regexp])
+  OnFailure: String @search(by: [hash, regexp])
+}
+
+type awsLambdaEventInvokeConfig
+  @generate(
+    query: { get: false, query: true, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  id: String! @id
+  lastModified: DateTime @search(by: [day])
+  functionArn: String @search(by: [hash, regexp])
+  maximumRetryAttempts: Int
+  maximumEventAgeInSeconds: Int
+  destinationConfig: awsLambdaDestinationConfig
+}
+
+type awsLambdaEventSourceMappings
+  @generate(
+    query: { get: false, query: true, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  id: String! @id
+  uuid: String @search(by: [hash, regexp])
+  startingPosition: String @search(by: [hash, regexp])
+  batchSize: Int
+  maximumBatchingWindowInSeconds: Int
+  parallelizationFactor: Int
+  eventSourceArn: String @search(by: [hash, regexp])
+  filterCriteria: [String] @search(by: [hash, regexp])
+  functionArn: String @search(by: [hash, regexp])
+  lastModified: DateTime @search(by: [day])
+  lastProcessingResult: String @search(by: [hash, regexp])
+  state: String @search(by: [hash, regexp])
+  stateTransitionReason: String @search(by: [hash, regexp])
+  destinationConfig: awsLambdaDestinationConfig
+  topics: [String] @search(by: [hash, regexp])
+  queues: [String] @search(by: [hash, regexp])
+  maximumRecordAgeInSeconds: Int
+  bisectBatchOnFunctionError: Boolean
+  maximumRetryAttempts: Int
+  tumblingWindowInSeconds: Int
+  functionResponseTypes: [String] @search(by: [hash, regexp])
+  amazonManagedKafkaEventSourceConfig: awsLambdaEventSourceConfig
+  selfManagedKafkaEventSourceConfig: awsLambdaEventSourceConfig
+}
+
+type awsLambdaLayerVersion
+  @generate(
+    query: { get: false, query: true, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  id: String! @id
+  arn: String @search(by: [hash, regexp])
+  name: String @search(by: [hash, regexp])
+  codeSize: Float
+  signingProfileVersionArn: String @search(by: [hash, regexp])
+  signingJobArn: String @search(by: [hash, regexp])
+}
+
 type awsLambda implements awsBaseService @key(fields: "arn") {
   description: String @search(by: [hash, regexp, fulltext])
+  name: String @search(by: [hash, regexp])
   handler: String @search(by: [hash, regexp])
   kmsKeyArn: String @search(by: [hash, regexp])
   lastModified: String @search(by: [hash, regexp])
@@ -15,6 +107,10 @@ type awsLambda implements awsBaseService @key(fields: "arn") {
   policyRevisionId: String @search(by: [hash, regexp])
   rawPolicy: String @search(by: [hash, regexp])
   policy: awsIamJSONPolicy
+  policyStatementIds: [String] @search(by: [hash, regexp])
+  eventSourceMappings: [awsLambdaEventSourceMappings]
+  eventInvokeConfigs: [awsLambdaEventInvokeConfig]
+  layers: [awsLambdaLayerVersion]
   tags: [awsRawTag]
   kms: [awsKms] @hasInverse(field: lambda)
   securityGroups: [awsSecurityGroup] @hasInverse(field: lambda)