Merge pull request #75 from cloudgraphdev/feature/CG-1204

tyler-dunkel · web-flow · commit 47be413611fe · 2022-05-24T14:05:30.000-05:00
feat(services): Add service vpcPeeringConnection
diff --git a/README.md b/README.md
@@ -161,8 +161,9 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | systemsManagerDocument      |                                                                                                                                                                                                                                                                                                                                                                               |
 | transitGateway              | routeTable, transitGatewayAttachment, vpnConnection                                                                                                                                                                                                                                                                                                                           |
 | transitGatewayAttachment    | routeTable, transitGateway, vpc, vpnConnection                                                                                                                                                                                                                                                                                                                                |
-| vpc                         | alb, codebuild, dmsReplicationInstance, ec2, eip, elb, ecsService, efsMountTarget, eksCluster igw, elastiCacheCluster, elasticSearchDomain, lambda, nacl, natGateway, networkInterface, rdsClusterSnapshot, rdsDbInstance, redshiftCluster, route53HostedZone, routeTable, subnet, flowLog, vpnGateway, transitGatewayAttachment, vpcEndpoint                                              |
+| vpc                         | alb, codebuild, dmsReplicationInstance, ec2, eip, elb, ecsService, efsMountTarget, eksCluster igw, elastiCacheCluster, elasticSearchDomain, lambda, nacl, natGateway, networkInterface, rdsClusterSnapshot, rdsDbInstance, redshiftCluster, route53HostedZone, routeTable, subnet, flowLog, vpnGateway, transitGatewayAttachment, vpcEndpoint, vpcPeeringConnection                                              |
 | vpcEndpoint                 | networkInterface, routeTable, securityGroup, subnet, vpc                                                                                                                                                                                                                                                                                                                                                             |
+| vpcPeeringConnection        | vpc                                                                                                                                                                                                                                                                                                                           |
 | vpnConnection               | customerGateway, transitGateway, transitGatewayAttachment, vpnGateway                                                                                                                                                                                                                                                                                                         |
 | vpnGateway                  | vpc, vpnConnection                                                                                                                                                                                                                                                                                                                                                            |
 | wafV2WebAcl                 | appSync, apiGatewayStage, alb                                                                                                                                                                                                                                                                                                                                                 |
diff --git a/src/enums/schemasMap.ts b/src/enums/schemasMap.ts
@@ -80,6 +80,7 @@ export default {
   [services.subnet]: 'awsSubnet',
   [services.vpc]: 'awsVpc',
   [services.vpcEndpoint]: 'awsVpcEndpoint',
+  [services.vpcPeeringConnection]: 'awsVpcPeeringConnection',
   [services.vpnGateway]: 'awsVpnGateway',
   [services.sqs]: 'awsSqs',
   [services.rdsCluster]: 'awsRdsCluster',
diff --git a/src/enums/serviceAliases.ts b/src/enums/serviceAliases.ts
@@ -72,4 +72,5 @@ export default {
   [services.transitGatewayAttachment]: 'transitGatewayAttachments',
   [services.vpcEndpoint]: 'vpcEndpoints',
   [services.vpnConnection]: 'vpnConnections',
+  [services.vpcPeeringConnection]: 'vpcPeeringConnections',
 }
diff --git a/src/enums/serviceMap.ts b/src/enums/serviceMap.ts
@@ -99,6 +99,7 @@ import RdsClusterSnapshot from '../services/rdsClusterSnapshot'
 import VpcEndpoint from '../services/vpcEndpoint'
 import APIGatewayDomainName from '../services/apiGatewayDomainName'
 import APIGatewayHttpApi from '../services/apiGatewayHttpApi'
+import VpcPeeringConnection from '../services/vpcPeeringConnection'
 
 /**
  * serviceMap is an object that contains all currently supported services for AWS
@@ -164,6 +165,7 @@ export default {
   [services.subnet]: AwsSubnet,
   [services.vpc]: VPC,
   [services.vpcEndpoint]: VpcEndpoint,
+  [services.vpcPeeringConnection]: VpcPeeringConnection,
   [services.sqs]: SQS,
   [services.rdsCluster]: RDSCluster,
   [services.rdsClusterSnapshot]: RdsClusterSnapshot,
diff --git a/src/enums/services.ts b/src/enums/services.ts
@@ -94,6 +94,7 @@ export default {
   transitGatewayAttachment: 'transitGatewayAttachment',
   vpc: 'vpc',
   vpcEndpoint: 'vpcEndpoint',
+  vpcPeeringConnection: 'vpcPeeringConnection',
   vpnConnection: 'vpnConnection',
   vpnGateway: 'vpnGateway',
   wafV2WebAcl: 'wafV2WebAcl',
diff --git a/src/properties/logger.ts b/src/properties/logger.ts
@@ -676,4 +676,8 @@ export default {
    * Access Analyzers
    */
   fetchedaccessAnalyzers: (num: number): string => `Found ${num} Access Analyzers`,
+  /**
+   * Vpc Peering Connections
+   */
+  fetchedVpcPeeringConnections: (num: number): string => `Found ${num} Vpc Peering Connections`,
 }
diff --git a/src/services/account/schema.graphql b/src/services/account/schema.graphql
@@ -95,6 +95,7 @@ type awsAccount implements awsOptionalService @key(fields: "id") {
   transitGatewayAttachments: [awsTransitGatewayAttachment]
   vpc: [awsVpc]
   vpcEndpoints: [awsVpcEndpoint]
+  vpcPeeringConnections: [awsVpcPeeringConnection]
   vpnConnections: [awsVpnConnection]
   vpnGateway: [awsVpnGateway]
   wafV2WebAcl: [awsWafV2WebAcl]
diff --git a/src/services/tag/connections.ts b/src/services/tag/connections.ts
@@ -69,6 +69,7 @@ import { RawAwsVpcEndpoint } from '../vpcEndpoint/data'
 import { RawAwsApiGatewayHttpApi } from '../apiGatewayHttpApi/data'
 import { RawAwsApiGatewayDomainName } from '../apiGatewayDomainName/data'
 import { RawAwsAnalyzerSummary } from '../iamAccessAnalyzer/data'
+import { RawAwsVpcPeeringConnection } from '../vpcPeeringConnection/data'
 
 const findServiceInstancesWithTag = (tag: any, service: any): any => {
   const { id } = tag
@@ -1807,6 +1808,32 @@ export default ({
         }
       }
     }
+
+    /**
+     * Find related Vpc Peering Connections
+     */
+     const vpcPeeringConnections: {
+      name: string
+      data: { [property: string]: RawAwsVpcPeeringConnection[] }
+    } = data.find(({ name }) => name === services.vpcPeeringConnection)
+    if (vpcPeeringConnections?.data?.[region]) {
+      const dataAtRegion = findServiceInstancesWithTag(
+        tag,
+        vpcPeeringConnections.data[region]
+      )
+      if (!isEmpty(dataAtRegion)) {
+        for (const instance of dataAtRegion) {
+          const { VpcPeeringConnectionId: id }: RawAwsVpcPeeringConnection = instance
+
+          connections.push({
+            id,
+            resourceType: services.vpcPeeringConnection,
+            relation: 'child',
+            field: 'vpcPeeringConnections',
+          })
+        }
+      }
+    }
   }
 
   const tagResult = {
diff --git a/src/services/tag/schema.graphql b/src/services/tag/schema.graphql
@@ -72,6 +72,7 @@ type awsTag @key(fields: "id") {
   elasticSearchDomains: [awsElasticSearchDomain]
   dmsReplicationInstances: [awsDmsReplicationInstance]
   systemsManagerDocuments: [awsSystemsManagerDocument]
+  vpcPeeringConnections: [awsVpcPeeringConnection]
   vpcEndpoints: [awsVpcEndpoint]
 }
 
diff --git a/src/services/vpc/schema.graphql b/src/services/vpc/schema.graphql
@@ -32,5 +32,6 @@ type awsVpc implements awsBaseService @key(fields: "id") {
   elasticSearchDomains: [awsElasticSearchDomain] @hasInverse(field: vpc)
   dmsReplicationInstances: [awsDmsReplicationInstance] @hasInverse(field: vpc)
   rdsClusterSnapshots: [awsRdsClusterSnapshot] @hasInverse(field: vpc)
+  vpcPeeringConnection: [awsVpcPeeringConnection] @hasInverse(field: vpc)
   vpcEndpoints: [awsVpcEndpoint] @hasInverse(field: vpc)
 }
diff --git a/src/services/vpcPeeringConnection/connections.ts b/src/services/vpcPeeringConnection/connections.ts
@@ -0,0 +1,60 @@
+import isEmpty from 'lodash/isEmpty'
+import { ServiceConnection } from '@cloudgraph/sdk'
+import services from '../../enums/services'
+import { RawAwsVpcPeeringConnection } from './data'
+import { RawAwsVpc } from '../vpc/data'
+
+/**
+ * Vpc Peering Connection
+ */
+
+export default ({
+  service: vpcPeeringConnection,
+  data,
+  region,
+}: {
+  account: string
+  data: { name: string; data: { [property: string]: any[] } }[]
+  service: RawAwsVpcPeeringConnection
+  region: string
+}): { [key: string]: ServiceConnection[] } => {
+  const connections: ServiceConnection[] = []
+  const {
+    VpcPeeringConnectionId: id,
+    AccepterVpcInfo: accepterVpcInfo,
+    RequesterVpcInfo: requesterVpcInfo,
+  } = vpcPeeringConnection
+
+  /**
+   * Find VPCs
+   * related to this Vpc Peering Connection
+   */
+  const vpcs: {
+    name: string
+    data: { [property: string]: any[] }
+  } = data.find(({ name }) => name === services.vpc)
+
+  if (vpcs?.data?.[region]) {
+    const dataAtRegion: RawAwsVpc[] = vpcs.data[region].filter(
+      ({ VpcId }: RawAwsVpc) =>
+        VpcId === accepterVpcInfo?.VpcId || VpcId === requesterVpcInfo?.VpcId
+    )
+
+    if (!isEmpty(dataAtRegion)) {
+      for (const vpc of dataAtRegion) {
+        const { VpcId }: RawAwsVpc = vpc
+        connections.push({
+          id: VpcId,
+          resourceType: services.vpc,
+          relation: 'child',
+          field: 'vpc',
+        })
+      }
+    }
+  }
+
+  const vpcPeeringConnectionResult = {
+    [id]: connections,
+  }
+  return vpcPeeringConnectionResult
+}
diff --git a/src/services/vpcPeeringConnection/data.ts b/src/services/vpcPeeringConnection/data.ts
@@ -0,0 +1,134 @@
+import CloudGraph from '@cloudgraph/sdk'
+import groupBy from 'lodash/groupBy'
+import isEmpty from 'lodash/isEmpty'
+
+import EC2, {
+  DescribeVpcPeeringConnectionsRequest,
+  DescribeVpcPeeringConnectionsResult,
+  VpcPeeringConnection,
+} from 'aws-sdk/clients/ec2'
+
+import { Config } from 'aws-sdk/lib/config'
+import { AWSError } from 'aws-sdk/lib/error'
+import { AwsTag, TagMap } from '../../types'
+import awsLoggerText from '../../properties/logger'
+import { initTestEndpoint } from '../../utils'
+import { convertAwsTagsToTagMap } from '../../utils/format'
+import AwsErrorLog from '../../utils/errorLog'
+
+const lt = { ...awsLoggerText }
+const { logger } = CloudGraph
+const serviceName = 'Vpc Peering Connection'
+const errorLog = new AwsErrorLog(serviceName)
+const endpoint = initTestEndpoint(serviceName)
+
+const listVpcPeeringConnectionsData = async ({
+  ec2,
+  resolveRegion,
+}: {
+  ec2: EC2
+  resolveRegion: () => void
+}): Promise<VpcPeeringConnection[]> =>
+  new Promise<VpcPeeringConnection[]>(resolve => {
+    const vpcPeeringConnectionsList: VpcPeeringConnection[] = []
+    let args: DescribeVpcPeeringConnectionsRequest = {}
+
+    const listVpcPeeringConnections = (token?: string): void => {
+      if (token) {
+        args = { ...args, NextToken: token }
+      }
+      try {
+        ec2.describeVpcPeeringConnections(
+          args,
+          (err: AWSError, data: DescribeVpcPeeringConnectionsResult) => {
+            if (err) {
+              errorLog.generateAwsErrorLog({
+                functionName: 'ec2:describeVpcPeeringConnections',
+                err,
+              })
+            }
+
+            if (isEmpty(data)) {
+              return resolveRegion()
+            }
+
+            const {
+              NextToken: nextToken,
+              VpcPeeringConnections: vpcPeeringConnections = [],
+            } = data
+
+            if (isEmpty(vpcPeeringConnections)) {
+              return resolveRegion()
+            }
+
+            vpcPeeringConnectionsList.push(...vpcPeeringConnections)
+
+            logger.debug(
+              lt.fetchedVpcPeeringConnections(vpcPeeringConnections.length)
+            )
+
+            if (nextToken) {
+              listVpcPeeringConnections(nextToken)
+            } else {
+              resolve(vpcPeeringConnectionsList)
+            }
+          }
+        )
+      } catch (error) {
+        resolve([])
+      }
+    }
+    listVpcPeeringConnections()
+  })
+
+/**
+ * Vpc Peering Connection
+ */
+export interface RawAwsVpcPeeringConnection
+  extends Omit<VpcPeeringConnection, 'Tags'> {
+  region: string
+  Tags?: TagMap
+}
+
+export default async ({
+  regions,
+  config,
+}: {
+  regions: string
+  config: Config
+}): Promise<{
+  [region: string]: RawAwsVpcPeeringConnection[]
+}> =>
+  new Promise(async resolve => {
+    const vpcPeeringConnectionsResult: RawAwsVpcPeeringConnection[] = []
+
+    const regionPromises = regions.split(',').map(region => {
+      const ec2 = new EC2({ ...config, region, endpoint })
+
+      return new Promise<void>(async resolveRegion => {
+        const vpcPeeringConnections = await listVpcPeeringConnectionsData({
+          ec2,
+          resolveRegion,
+        })
+
+        if (!isEmpty(vpcPeeringConnections)) {
+          for (const vpcPeeringConnection of vpcPeeringConnections) {
+            vpcPeeringConnectionsResult.push({
+              ...vpcPeeringConnection,
+              region,
+              Tags: convertAwsTagsToTagMap(
+                vpcPeeringConnection.Tags as AwsTag[]
+              ),
+            })
+          }
+        }
+
+        resolveRegion()
+      })
+    })
+
+    await Promise.all(regionPromises)
+    errorLog.reset()
+
+    resolve(groupBy(vpcPeeringConnectionsResult, 'region'))
+  })
diff --git a/src/services/vpcPeeringConnection/format.ts b/src/services/vpcPeeringConnection/format.ts
@@ -0,0 +1,72 @@
+import { VpcPeeringConnectionVpcInfo } from 'aws-sdk/clients/ec2'
+import cuid from 'cuid'
+import { isEmpty } from 'lodash'
+import { formatTagsFromMap } from '../../utils/format'
+import { RawAwsVpcPeeringConnection } from './data'
+import { AwsVpcPeeringConnection, AwsVpcPeeringConnectionVpcInfo } from '../../types/generated'
+import { vpcPeeringConnectionArn } from '../../utils/generateArns'
+
+const formatVpcInfo = (
+  vpcInfo: VpcPeeringConnectionVpcInfo
+): AwsVpcPeeringConnectionVpcInfo => {
+
+  if (isEmpty(vpcInfo)) {
+    return {}
+  }
+
+  return {
+    cidrBlock: vpcInfo.CidrBlock,
+    ipv6CidrBlockSet: vpcInfo.Ipv6CidrBlockSet?.map( c => ({
+      id: cuid(),
+      ipv6CidrBlock: c.Ipv6CidrBlock,
+    })) || [],
+    cidrBlockSet: vpcInfo.CidrBlockSet?.map( c => ({
+      id: cuid(),
+      cidrBlock: c.CidrBlock,
+    })) || [],
+    peeringOptions: vpcInfo.PeeringOptions ? {
+      allowDnsResolutionFromRemoteVpc : vpcInfo.PeeringOptions.AllowDnsResolutionFromRemoteVpc,
+      allowEgressFromLocalClassicLinkToRemoteVpc : vpcInfo.PeeringOptions.AllowEgressFromLocalClassicLinkToRemoteVpc,
+      allowEgressFromLocalVpcToRemoteClassicLink : vpcInfo.PeeringOptions.AllowEgressFromLocalVpcToRemoteClassicLink,
+    } : {},
+    vpcId: vpcInfo.VpcId,
+  }
+}
+
+/**
+ * Vpc Peering Connection
+ */
+
+export default ({
+  service: rawData,
+  account,
+  region,
+}: {
+  service: RawAwsVpcPeeringConnection
+  account: string
+  region: string
+}): AwsVpcPeeringConnection => {
+  const {
+    VpcPeeringConnectionId: id,
+    AccepterVpcInfo: accepterVpcInfo = {},
+    ExpirationTime: expirationTime,
+    RequesterVpcInfo: requesterVpcInfo = {},
+    Status: status = {},
+    Tags: tags = {},
+  } = rawData
+
+  const vpcPeeringConnection = {
+    id,
+    accountId: account,
+    arn: vpcPeeringConnectionArn({region, account, id}),
+    region,
+    accepterVpcInfo: formatVpcInfo(accepterVpcInfo),
+    expirationTime: expirationTime?.toISOString(),
+    requesterVpcInfo: formatVpcInfo(requesterVpcInfo),
+    statusCode: status?.Code,
+    statusMessage: status?.Message,
+    tags: formatTagsFromMap(tags),
+  }
+
+  return vpcPeeringConnection
+}
diff --git a/src/services/vpcPeeringConnection/index.ts b/src/services/vpcPeeringConnection/index.ts
diff --git a/src/services/vpcPeeringConnection/mutation.ts b/src/services/vpcPeeringConnection/mutation.ts
diff --git a/src/services/vpcPeeringConnection/schema.graphql b/src/services/vpcPeeringConnection/schema.graphql
diff --git a/src/types/generated.ts b/src/types/generated.ts
diff --git a/src/utils/generateArns.ts b/src/utils/generateArns.ts

Original file line number	Diff line number	Diff line change
`@@ -72,4 +72,5 @@ export default {`
`72`	`72`	`[services.transitGatewayAttachment]: 'transitGatewayAttachments',`
`73`	`73`	`[services.vpcEndpoint]: 'vpcEndpoints',`
`74`	`74`	`[services.vpnConnection]: 'vpnConnections',`
	`75`	`+ [services.vpcPeeringConnection]: 'vpcPeeringConnections',`
`75`	`76`	`}`
Original file line number	Diff line number	Diff line change
`@@ -676,4 +676,8 @@ export default {`
`676`	`676`	`* Access Analyzers`
`677`	`677`	`*/`
`678`	`678`	fetchedaccessAnalyzers: (num: number): string => `Found ${num} Access Analyzers`,
	`679`	`+ /**`
	`680`	`+ * Vpc Peering Connections`
	`681`	`+ */`
	`682`	+ fetchedVpcPeeringConnections: (num: number): string => `Found ${num} Vpc Peering Connections`,
`679`	`683`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,7 @@ type awsTag @key(fields: "id") {`
`72`	`72`	`elasticSearchDomains: [awsElasticSearchDomain]`
`73`	`73`	`dmsReplicationInstances: [awsDmsReplicationInstance]`
`74`	`74`	`systemsManagerDocuments: [awsSystemsManagerDocument]`
	`75`	`+ vpcPeeringConnections: [awsVpcPeeringConnection]`
`75`	`76`	`vpcEndpoints: [awsVpcEndpoint]`
`76`	`77`	`}`
`77`	`78`
Original file line number	Diff line number	Diff line change
`@@ -32,5 +32,6 @@ type awsVpc implements awsBaseService @key(fields: "id") {`
`32`	`32`	`elasticSearchDomains: [awsElasticSearchDomain] @hasInverse(field: vpc)`
`33`	`33`	`dmsReplicationInstances: [awsDmsReplicationInstance] @hasInverse(field: vpc)`
`34`	`34`	`rdsClusterSnapshots: [awsRdsClusterSnapshot] @hasInverse(field: vpc)`
	`35`	`+ vpcPeeringConnection: [awsVpcPeeringConnection] @hasInverse(field: vpc)`
`35`	`36`	`vpcEndpoints: [awsVpcEndpoint] @hasInverse(field: vpc)`
`36`	`37`	`}`