Skip to content

Commit 4cfa939

Browse files
hjaraujofhjaraujof
authored
Merge pull request #21 from cloudgraphdev/feature/CG-1063
feat(ecsTask): add connection to iamRole
2 parents bb27a44 + dd14cf8 commit 4cfa939

9 files changed

Lines changed: 100 additions & 14 deletions

File tree

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,8 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
9797
| ecsCluster | cloudwatchLog, ecsService, ecsTask, ecsTaskSet, kms, s3 |
9898
| ecsContainer | ecsTask, ec2 |
9999
| ecsService | ecsCluster, ecsTaskDefinition, ecsTaskSet, elb, iamRole, securityGroup, subnet, vpc |
100-
| ecsTask | ecsContainer, ecsCluster, ecsTaskDefinition |
101-
| ecsTaskDefinition | ecsService, ecsTask, ecsTaskSet |
100+
| ecsTask | ecsContainer, ecsCluster, ecsTaskDefinition, iamRole |
101+
| ecsTaskDefinition | ecsService, ecsTask, ecsTaskSet, iamRole |
102102
| ecsTaskSet | ecsCluster, ecsService, ecsTaskDefinition |
103103
| efs | kms |
104104
| efsMountTarget | networkInterface, subnet, vpc |
@@ -124,7 +124,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
124124
| iamServerCertificate | |
125125
| iamUser | iamGroup |
126126
| iamPolicy | iamRole, iamGroup |
127-
| iamRole | appSync, asg, cloudformationStackSet, codebuild, cognitoIdentityPool, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, emrCluster, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance, guardDutyDetector, lambda, kinesisFirehose, rdsCluster, rdsDbInstance, elasticBeanstalkApp, elasticBeanstalkEnv, elasticSearchDomain |
127+
| iamRole | appSync, asg, cloudformationStackSet, codebuild, cognitoIdentityPool, configurationRecorder, ec2, ecsTask, ecsTaskDefinition,iamInstanceProfile, iamPolicy, eksCluster, ecsService, emrCluster, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance, guardDutyDetector, lambda, kinesisFirehose, rdsCluster, rdsDbInstance, elasticBeanstalkApp, elasticBeanstalkEnv, elasticSearchDomain |
128128
| iamGroup | iamUser, iamPolicy |
129129
| igw | vpc |
130130
| iot | |

src/services/ecsTask/connections.ts

Lines changed: 37 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,11 @@ import { RawAwsEcsTask } from '../ecsTask/data'
44
import { RawAwsEcsContainer } from '../ecsContainer/data'
55
import { RawAwsEcsCluster } from '../ecsCluster/data'
66
import { RawAwsEcsTaskDefinition } from '../ecsTaskDefinition/data'
7+
import { RawAwsIamRole } from '../iamRole/data'
78
import services from '../../enums/services'
9+
import { globalRegionName } from '../../enums/regions'
810

911
export default ({
10-
account,
1112
service,
1213
data,
1314
region,
@@ -19,7 +20,7 @@ export default ({
1920
}): {
2021
[property: string]: ServiceConnection[]
2122
} => {
22-
const { taskArn: id } = service
23+
const { taskArn: id, overrides } = service
2324
const connections: ServiceConnection[] = []
2425

2526
/**
@@ -30,8 +31,11 @@ export default ({
3031
data: { [property: string]: RawAwsEcsContainer[] }
3132
} = data.find(({ name }) => name === services.ecsContainer)
3233
if (containers?.data?.[region]) {
33-
const containersInRegion: RawAwsEcsContainer[] = containers.data[region].filter(
34-
({ containerInstanceArn }) => containerInstanceArn === service.containerInstanceArn
34+
const containersInRegion: RawAwsEcsContainer[] = containers.data[
35+
region
36+
].filter(
37+
({ containerInstanceArn }) =>
38+
containerInstanceArn === service.containerInstanceArn
3539
)
3640
if (!isEmpty(containersInRegion)) {
3741
for (const container of containersInRegion) {
@@ -60,7 +64,6 @@ export default ({
6064
)
6165
if (!isEmpty(clustersInRegion)) {
6266
for (const instance of clustersInRegion) {
63-
6467
connections.push({
6568
id: instance.clusterArn,
6669
resourceType: services.ecsCluster,
@@ -79,12 +82,13 @@ export default ({
7982
data: { [property: string]: RawAwsEcsTaskDefinition[] }
8083
} = data.find(({ name }) => name === services.ecsTaskDefinition)
8184
if (taskDefinitions?.data?.[region]) {
82-
const taskDefinitionsInRegion: RawAwsEcsTaskDefinition[] = taskDefinitions.data[region].filter(
83-
({ taskDefinitionArn }) => taskDefinitionArn === service.taskDefinitionArn
84-
)
85+
const taskDefinitionsInRegion: RawAwsEcsTaskDefinition[] =
86+
taskDefinitions.data[region].filter(
87+
({ taskDefinitionArn }) =>
88+
taskDefinitionArn === service.taskDefinitionArn
89+
)
8590
if (!isEmpty(taskDefinitionsInRegion)) {
8691
for (const instance of taskDefinitionsInRegion) {
87-
8892
connections.push({
8993
id: instance.taskDefinitionArn,
9094
resourceType: services.ecsTaskDefinition,
@@ -95,6 +99,30 @@ export default ({
9599
}
96100
}
97101

102+
/**
103+
* Find related IAM Roles
104+
*/
105+
const roles: { name: string; data: { [property: string]: any[] } } =
106+
data.find(({ name }) => name === services.iamRole)
107+
if (roles?.data?.[globalRegionName]) {
108+
const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
109+
({ Arn }: RawAwsIamRole) => overrides?.executionRoleArn === Arn ||
110+
overrides?.taskRoleArn === Arn
111+
)
112+
if (!isEmpty(dataAtRegion)) {
113+
for (const instance of dataAtRegion) {
114+
const { Arn: roleId } = instance
115+
116+
connections.push({
117+
id: roleId,
118+
resourceType: services.iamRole,
119+
relation: 'child',
120+
field: 'iamRoles',
121+
})
122+
}
123+
}
124+
}
125+
98126
const result = {
99127
[id]: connections,
100128
}

src/services/ecsTask/format.ts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,6 @@ export default ({
3838
stoppedAt,
3939
stoppedReason,
4040
stoppingAt,
41-
taskDefinitionArn,
4241
version,
4342
ephemeralStorage,
4443
Tags,

src/services/ecsTask/schema.graphql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
#TODO: add iam role connection
21
type awsEcsTask implements awsBaseService @key(fields: "arn") {
32
attachments: [awsEcsAttachment]
43
attributes: [awsEcsAttribute]
@@ -35,6 +34,7 @@ type awsEcsTask implements awsBaseService @key(fields: "arn") {
3534
ecsCluster: [awsEcsCluster] @hasInverse(field: ecsTask)
3635
ecsContainer: [awsEcsContainer] @hasInverse(field: ecsTask)
3736
ecsTaskDefinition: [awsEcsTaskDefinition] @hasInverse(field: ecsTask)
37+
iamRoles: [awsIamRole] @hasInverse(field: ecsTask)
3838
}
3939

4040
type awsEcsAttribute

src/services/ecsTaskDefinition/connections.ts

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
import { ServiceConnection } from '@cloudgraph/sdk'
2+
import { isEmpty } from 'lodash'
3+
import { RawAwsEcsTaskDefinition } from '../ecsTaskDefinition/data'
4+
import { RawAwsIamRole } from '../iamRole/data'
5+
import services from '../../enums/services'
6+
import { globalRegionName } from '../../enums/regions'
7+
8+
export default ({
9+
service,
10+
data,
11+
}: {
12+
account: string
13+
service: RawAwsEcsTaskDefinition
14+
data: { name: string; data: { [property: string]: any[] } }[]
15+
region: string
16+
}): {
17+
[property: string]: ServiceConnection[]
18+
} => {
19+
const { taskDefinitionArn: id, executionRoleArn } = service
20+
const connections: ServiceConnection[] = []
21+
22+
/**
23+
* Find related IAM Roles
24+
*/
25+
const roles: { name: string; data: { [property: string]: any[] } } =
26+
data.find(({ name }) => name === services.iamRole)
27+
if (roles?.data?.[globalRegionName]) {
28+
const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
29+
({ Arn }: RawAwsIamRole) => executionRoleArn === Arn
30+
)
31+
if (!isEmpty(dataAtRegion)) {
32+
for (const instance of dataAtRegion) {
33+
const { Arn: roleId } = instance
34+
35+
connections.push({
36+
id: roleId,
37+
resourceType: services.iamRole,
38+
relation: 'child',
39+
field: 'iamRole',
40+
})
41+
}
42+
}
43+
}
44+
45+
const result = {
46+
[id]: connections,
47+
}
48+
return result
49+
}

src/services/ecsTaskDefinition/index.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,15 @@ import {Service} from '@cloudgraph/sdk'
22
import BaseService from '../base'
33
import format from './format'
44
import getData from './data'
5+
import getConnections from './connections'
56
import mutation from './mutation'
67

78
export default class EcsTaskDefinition extends BaseService implements Service {
89
format = format.bind(this)
910

1011
getData = getData.bind(this)
1112

13+
getConnections = getConnections.bind(this)
14+
1215
mutation = mutation
1316
}

src/services/ecsTaskDefinition/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ type awsEcsTaskDefinition implements awsBaseService @key(fields: "arn") {
2424
ecsService: [awsEcsService] @hasInverse(field: ecsTaskDefinition)
2525
ecsTask: [awsEcsTask] @hasInverse(field: ecsTaskDefinition)
2626
ecsTaskSet: [awsEcsTaskSet] @hasInverse(field: ecsTaskDefinition)
27+
iamRole: [awsIamRole] @hasInverse(field: ecsTaskDefinition)
2728
}
2829

2930
type awsEcsContainerDefinition

src/services/iamRole/schema.graphql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
2424
@hasInverse(field: iamRole)
2525
systemsManagerInstances: [awsSystemsManagerInstance]
2626
@hasInverse(field: iamRole)
27+
ecsTask: [awsEcsTask] @hasInverse(field: iamRoles)
28+
ecsTaskDefinition: [awsEcsTaskDefinition] @hasInverse(field: iamRole)
2729
s3: [awsS3] @hasInverse(field: iamRole)
2830
dynamodb: [awsDynamoDbTable] @hasInverse(field: iamRoles)
2931
ec2Instances: [awsEc2] @hasInverse(field: iamRole)

src/types/generated.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2057,6 +2057,7 @@ export type AwsEcsTask = AwsBaseService & {
20572057
executionStoppedAt?: Maybe<Scalars['String']>;
20582058
group?: Maybe<Scalars['String']>;
20592059
healthStatus?: Maybe<Scalars['String']>;
2060+
iamRoles?: Maybe<Array<Maybe<AwsIamRole>>>;
20602061
inferenceAccelerators?: Maybe<Array<Maybe<AwsEcsInferenceAccelerator>>>;
20612062
lastStatus?: Maybe<Scalars['String']>;
20622063
launchType?: Maybe<Scalars['String']>;
@@ -2086,6 +2087,7 @@ export type AwsEcsTaskDefinition = AwsBaseService & {
20862087
ephemeralStorage?: Maybe<AwsEcsEphemeralStorage>;
20872088
executionRoleArn?: Maybe<Scalars['String']>;
20882089
family?: Maybe<Scalars['String']>;
2090+
iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
20892091
inferenceAccelerators?: Maybe<Array<Maybe<AwsEcsInferenceAccelerator>>>;
20902092
ipcMode?: Maybe<Scalars['String']>;
20912093
memory?: Maybe<Scalars['String']>;
@@ -3085,6 +3087,8 @@ export type AwsIamRole = AwsBaseService & {
30853087
dynamodb?: Maybe<Array<Maybe<AwsDynamoDbTable>>>;
30863088
ec2Instances?: Maybe<Array<Maybe<AwsEc2>>>;
30873089
ecsServices?: Maybe<Array<Maybe<AwsEcsService>>>;
3090+
ecsTask?: Maybe<Array<Maybe<AwsEcsTask>>>;
3091+
ecsTaskDefinition?: Maybe<Array<Maybe<AwsEcsTaskDefinition>>>;
30883092
eksClusters?: Maybe<Array<Maybe<AwsEksCluster>>>;
30893093
elasticBeanstalkApps?: Maybe<Array<Maybe<AwsElasticBeanstalkApp>>>;
30903094
elasticBeanstalkEnvs?: Maybe<Array<Maybe<AwsElasticBeanstalkEnv>>>;

0 commit comments

Comments
 (0)