Merge branch 'feature/CG-826' into 'master'

feat(services): add new service dmsReplicationInstance

Closes CG-826

See merge request auto-cloud/cloudgraph/provider/cloudgraph-provider-aws!216

Author: tyler-dunkel

README.md

@@ -88,6 +88,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | configurationRecorder       | iamRole                                                                                                                               |
 | customerGateway             | vpnConnection                                                                                                                                                                              |
 | dynamodb                    | appSync                                                                                                                                                                                    |
+| dmsReplicationInstance                         | securityGroup, subnet, vpc, kms                                                                                                                                      |
 | ebs                         | asg, ec2, emrInstance                                                                                                                                                                      |
 | ec2                         | alb, asg, ebs, eip, emrInstance, networkInterface, securityGroup, subnet, vpc, ecsContainer                                                                                                |
 | ecr                         |                                                                                                                                                                                            |
@@ -126,7 +127,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | iot                         |                                                                                                                                                                                            |
 | kinesisFirehose             | kinesisStream, s3                                                                                                                                                                          |
 | kinesisStream               | kinesisFirehose                                                                                                                                                                            |
-| kms                         | cloudtrail, cloudwatchLog, codebuild, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, lambda, sns, redshiftCluster                                                             |
+| kms                         | cloudtrail, cloudwatchLog, codebuild, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, lambda, sns, dmsReplicationInstance redshiftCluster                                                             |
 | lambda                      | appSync, cognitoUserPool, kms, securityGroup, subnet, vpc                                                                                                                                           |
 | managedAirflow                      | iamRole, securityGroups, subnet, s3                                                                                                                                          |
 | nacl                        | vpc                                                                                                                                                                                        |
@@ -143,14 +144,14 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | sageMakerExperiment                          |                                                                                                                                                   |
 | s3                          | cloudfront, cloudtrail, kinesisFirehose, managedAirflow                                                                                                                                                   |
 | secretsManager              |                                                                                                                                                                                            |
-| securityGroup               | alb, asg, clientVpnEndpoint, codebuild, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow                                             |
+| securityGroup               | alb, asg, clientVpnEndpoint, codebuild, dmsReplicationInstance, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow                                             |
 | ses                         |                                                                                                                                                                                            |
 | sns                         | kms, cloudtrail, cloudwatch                                                                                                                                                                            |
 | sqs                         |                                                                                                                                                                                            |
-| subnet                      | alb, asg, codebuild, ec2, ecsService, efsMountTarget, elastiCacheCluster, elasticSearchDomain, elb, lambda, managedAirflow, natGateway, networkInterface, routeTable, vpc, eksCluster, emrCluster, flowLog                                                     |
+| subnet                      | alb, asg, codebuild, dmsReplicationInstance, ec2, ecsService, efsMountTarget, elastiCacheCluster, elasticSearchDomain, elb, lambda, managedAirflow, natGateway, networkInterface, routeTable, vpc, eksCluster, emrCluster, flowLog                                                     |
 | transitGateway              | routeTable, transitGatewayAttachment, vpnConnection                                                                                                                                                                                           |
 | transitGatewayAttachment    | routeTable, transitGateway, vpc, vpnConnection                                                                                                                                                                            |
-| vpc                         | alb, codebuild, ec2, eip, elb, ecsService, efsMountTarget, eksCluster igw, elastiCacheCluster, elasticSearchDomain, lambda, nacl, natGateway, networkInterface, rdsDbInstance, redshiftCluster, route53HostedZone, routeTable, subnet, flowLog, vpnGateway, transitGatewayAttachment |
+| vpc                         | alb, codebuild, dmsReplicationInstance, ec2, eip, elb, ecsService, efsMountTarget, eksCluster igw, elastiCacheCluster, elasticSearchDomain, lambda, nacl, natGateway, networkInterface, rdsDbInstance, redshiftCluster, route53HostedZone, routeTable, subnet, flowLog, vpnGateway, transitGatewayAttachment |
 | vpnConnection               | customerGateway, transitGateway, transitGatewayAttachment, vpnGateway                                                                                                                                                                              |
 | vpnGateway                  | vpc, vpnConnection                                                                                                                                                                                        |
 | wafV2WebAcl                  |                                                                                                                                                                                        |

src/enums/schemasMap.ts

@@ -25,6 +25,7 @@ export default {
   [services.cognitoUserPool]: 'awsCognitoUserPool',
   [services.configurationRecorder]: 'awsConfigurationRecorder',
   [services.customerGateway]: 'awsCustomerGateway',
+  [services.dmsReplicationInstance]: 'awsDmsReplicationInstance',
   [services.dynamodb]: 'awsDynamoDbTable',
   [services.ebs]: 'awsEbs',
   [services.ec2Instance]: 'awsEc2',

src/enums/serviceMap.ts

@@ -88,6 +88,7 @@ import ManagedAirflow from '../services/managedAirflow'
 import WafV2WebAcl from '../services/wafV2WebAcl'
 import GuardDutyDetector from '../services/guardDutyDetector'
 import ElasticSearchDomain from '../services/elasticSearchDomain'
+import DmsReplicationInstance from '../services/dmsReplicationInstance'
 
 /**
  * serviceMap is an object that contains all currently supported services for AWS
@@ -134,6 +135,7 @@ export default {
   [services.emrCluster]: EmrCluster,
   [services.emrInstance]: EmrInstance,
   [services.emrStep]: EmrStep,
+  [services.dmsReplicationInstance]: DmsReplicationInstance,
   [services.dynamodb]: DynamoDB,
   [services.igw]: AwsInternetGateway,
   [services.iot]: IotThingAttribute,

src/enums/services.ts

@@ -20,6 +20,7 @@ export default {
   cognitoUserPool: 'cognitoUserPool',
   configurationRecorder: 'configurationRecorder',
   customerGateway: 'customerGateway',
+  dmsReplicationInstance: 'dmsReplicationInstance',
   dynamodb: 'dynamodb',
   ebs: 'ebs',
   ec2Instance: 'ec2Instance',

src/services/dmsReplicationInstance/connections.ts

@@ -0,0 +1,66 @@
+import { ServiceConnection } from '@cloudgraph/sdk'
+
+import services from '../../enums/services'
+import { AwsKms } from '../kms/data'
+import { RawAwsDmsReplicationInstance } from '../dmsReplicationInstance/data'
+import { AwsSecurityGroup } from '../securityGroup/data'
+
+export default ({
+  service: replication,
+  data,
+  region,
+}: {
+  service: RawAwsDmsReplicationInstance
+  data: Array<{ name: string; data: { [property: string]: any[] } }>
+  region: string
+}): {
+  [property: string]: ServiceConnection[]
+} => {
+  const { ReplicationInstanceArn, KmsKeyId, VpcSecurityGroups = [] } = replication
+  const connections: ServiceConnection[] = []
+  const sgIds = VpcSecurityGroups.map(({ VpcSecurityGroupId }) => VpcSecurityGroupId)
+  /**
+   * Find any kms related data
+   */
+  const keys = data.find(({ name }) => name === services.kms)
+  if (keys?.data?.[region]) {
+    const dataAtRegion: AwsKms[] = keys.data[region].filter(
+      ({
+        Arn
+      }: AwsKms) => Arn === KmsKeyId
+    )
+    for (const key of dataAtRegion) {
+      connections.push({
+        id: key.KeyId,
+        resourceType: services.kms,
+        relation: 'child',
+        field: 'kms',
+      })
+    }
+  }
+
+  /**
+   * Find any securityGroups related data
+   */
+   const securityGroups = data.find(({ name }) => name === services.sg)
+   if (securityGroups?.data?.[region]) {
+     const dataAtRegion: AwsSecurityGroup[] = securityGroups.data[region].filter(
+       ({
+        GroupId
+       }: AwsSecurityGroup) => sgIds.includes(GroupId)
+     )
+     for (const sg of dataAtRegion) {
+       connections.push({
+         id: sg.GroupId,
+         resourceType: services.sg,
+         relation: 'child',
+         field: 'securityGroups',
+       })
+     }
+   }
+
+  const natResult = {
+    [ReplicationInstanceArn]: connections,
+  }
+  return natResult
+}

src/services/dmsReplicationInstance/data.ts

@@ -0,0 +1,85 @@
+import { Config } from 'aws-sdk/lib/config'
+import { PromiseResult } from 'aws-sdk/lib/request'
+import { AWSError } from 'aws-sdk/lib/error'
+import DMS from 'aws-sdk/clients/dms'
+import { groupBy, isEmpty } from 'lodash'
+import { convertToPromise, fetchAllPaginatedData } from '../../utils/fetchUtils'
+import { initTestEndpoint } from '../../utils'
+import AwsErrorLog from '../../utils/errorLog'
+import { convertAwsTagsToTagMap } from '../../utils/format'
+import { TagMap, AwsTag } from '../../types'
+
+const serviceName = 'dms'
+const errorLog = new AwsErrorLog(serviceName)
+const endpoint = initTestEndpoint(serviceName)
+
+export interface RawAwsDmsReplicationInstance extends DMS.ReplicationInstance {
+  region: string
+  Tags: TagMap
+}
+
+/**
+ * DmsReplicationInstance
+ */
+
+export default async ({
+  regions,
+  config,
+}: {
+  regions: string
+  config: Config
+}): Promise<{ [region: string]: RawAwsDmsReplicationInstance[] }> => {
+  const result: RawAwsDmsReplicationInstance[] = []
+
+  const activeRegions = regions.split(',')
+
+  for (const region of activeRegions) {
+    const client = new DMS({ ...config, region, endpoint })
+    let dmsReplicationInstanceData: DMS.ReplicationInstance[]
+    try {
+      dmsReplicationInstanceData = await fetchAllPaginatedData({
+        getResourcesFn: convertToPromise({
+          sdkContext: client,
+          fnName: 'describeReplicationInstances',
+        }),
+        accessor: '',
+      })
+    } catch (err) {
+      errorLog.generateAwsErrorLog({
+        functionName: 'describeReplicationInstances',
+        err,
+      })
+    }
+    if (!isEmpty(dmsReplicationInstanceData)) {
+      const arns = dmsReplicationInstanceData.map(
+        ({ ReplicationInstanceArn }) => ReplicationInstanceArn
+      )
+      let tagData: PromiseResult<DMS.ListTagsForResourceResponse, AWSError>
+      try {
+        tagData = await client
+          .listTagsForResource({ ResourceArnList: arns })
+          .promise()
+      } catch (err) {
+        errorLog.generateAwsErrorLog({
+          functionName: 'listTagsForResource',
+          err,
+        })
+      }
+      for (const replication of dmsReplicationInstanceData) {
+        result.push({
+          ...replication,
+          region,
+          Tags: convertAwsTagsToTagMap(
+            tagData?.TagList?.filter(
+              ({ ResourceArn }) =>
+                ResourceArn === replication.ReplicationInstanceArn
+            ) as AwsTag[]
+          ),
+        })
+      }
+    }
+  }
+
+  errorLog.reset()
+  return groupBy(result, 'region')
+}

src/services/dmsReplicationInstance/format.ts

@@ -0,0 +1,103 @@
+import { formatTagsFromMap } from '../../utils/format' // TODO: Build this
+import { AwsDmsReplicationInstance } from '../../types/generated'
+import { RawAwsDmsReplicationInstance } from './data'
+import cuid from 'cuid'
+
+/**
+ * DmsReplicationInstance
+ */
+
+export default ({
+  account,
+  service: rawData,
+  region,
+}: {
+  account: string
+  service: RawAwsDmsReplicationInstance
+  region: string
+}): AwsDmsReplicationInstance => {
+  const {
+    ReplicationInstanceIdentifier: replicationInstanceIdentifier,
+    ReplicationInstanceArn: arn,
+    ReplicationInstanceClass: replicationInstanceClass,
+    ReplicationInstanceStatus: replicationInstanceStatus,
+    AllocatedStorage: allocatedStorage,
+    InstanceCreateTime: instanceCreateTime,
+    VpcSecurityGroups: vpcSecurityGroups,
+    AvailabilityZone: availabilityZone,
+    ReplicationSubnetGroup: replicationSubnetGroup,
+    PreferredMaintenanceWindow: preferredMaintenanceWindow,
+    PendingModifiedValues: pendingModifiedValues,
+    MultiAZ: multiAz,
+    EngineVersion: engineVersion,
+    AutoMinorVersionUpgrade: autoMinorVersionUpgrade,
+    KmsKeyId: kmsKeyId,
+    ReplicationInstancePrivateIpAddress: replicationInstancePrivateIpAddress,
+    ReplicationInstancePublicIpAddress: replicationInstancePublicIpAddress,
+    ReplicationInstancePrivateIpAddresses: replicationInstancePrivateIpAddresses,
+    ReplicationInstancePublicIpAddresses: replicationInstancePublicIpAddresses,
+    PubliclyAccessible: publiclyAccessible,
+    SecondaryAvailabilityZone: secondaryAvailabilityZone,
+    FreeUntil: freeUntil,
+    DnsNameServers: dnsNameServers,
+    Tags: tags,
+  } = rawData
+
+  const mappedVpcSecurityGroups = vpcSecurityGroups?.map(({ VpcSecurityGroupId, Status }) => ({
+    id: cuid(),
+    status: Status,
+    vpcSecurityGroupId: VpcSecurityGroupId
+  }))
+
+  const formattedReplicationSubnetGroup = {
+    replicationSubnetGroupIdentifier: replicationSubnetGroup?.ReplicationSubnetGroupIdentifier,
+    replicationSubnetGroupDescription: replicationSubnetGroup?.ReplicationSubnetGroupDescription,
+    vpcId: replicationSubnetGroup?.VpcId,
+    subnetGroupStatus: replicationSubnetGroup?.SubnetGroupStatus,
+    subnets: replicationSubnetGroup?.Subnets?.map(({ SubnetAvailabilityZone, SubnetIdentifier, SubnetStatus }) => ({
+      id: cuid(),
+      subnetAvailabilityZone: {
+        name: SubnetAvailabilityZone?.Name
+      },
+      subnetIdentifier: SubnetIdentifier,
+      subnetStatus: SubnetStatus
+    }))
+  }
+
+  const formattedPendingModifiedValues = {
+    replicationInstanceClass: pendingModifiedValues?.ReplicationInstanceClass,
+    allocatedStorage: pendingModifiedValues?.AllocatedStorage,
+    multiAZ: pendingModifiedValues?.MultiAZ,
+    engineVersion: pendingModifiedValues?.EngineVersion
+  }
+
+  return {
+    id: arn,
+    arn,
+    region,
+    accountId: account,
+    replicationInstanceIdentifier,
+    replicationInstanceClass,
+    replicationInstanceStatus,
+    allocatedStorage,
+    instanceCreateTime: instanceCreateTime?.toISOString(),
+    vpcSecurityGroups: mappedVpcSecurityGroups,
+    availabilityZone,
+    replicationSubnetGroup: formattedReplicationSubnetGroup,
+    preferredMaintenanceWindow,
+    pendingModifiedValues: formattedPendingModifiedValues,
+    replicationInstancePrivateIpAddress,
+    replicationInstancePublicIpAddress,
+    replicationInstancePrivateIpAddresses,
+    replicationInstancePublicIpAddresses,
+    multiAz,
+    engineVersion,
+    autoMinorVersionUpgrade,
+    kmsKeyId,
+    publiclyAccessible,
+    freeUntil: freeUntil?.toISOString(),
+    secondaryAvailabilityZone,
+    dnsNameServers,
+    tags: formatTagsFromMap(tags ?? {})
+  }
+}

src/services/dmsReplicationInstance/index.ts

@@ -0,0 +1,17 @@
+import { Service } from '@cloudgraph/sdk'
+  import BaseService from '../base'
+  import format from './format'
+  import getData from './data'
+  import mutation from './mutation'
+  import getConnections from './connections'
+      
+  export default class DmsReplicationInstance extends BaseService implements Service {
+    format = format.bind(this)
+      
+    getData = getData.bind(this)
+
+    getConnections = getConnections.bind(this)
+      
+    mutation = mutation
+  }
+  

src/services/dmsReplicationInstance/mutation.ts

@@ -0,0 +1,5 @@
+export default `mutation($input: [AddawsDmsReplicationInstanceInput!]!) {
+  addawsDmsReplicationInstance(input: $input, upsert: true) {
+    numUids
+  }
+}`;