Merge branch 'alpha' into feature/CG-1063

m-pizarro · m-pizarro · commit 9a0eab28befa · 2022-04-11T14:00:39.000-03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,19 @@
+# [0.79.0-alpha.7](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.6...0.79.0-alpha.7) (2022-04-11)
+
+
+### Bug Fixes
+
+* Added iamRole to lambda service ([ae6177d](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/ae6177de995975ab5194c5d2fcc8aaf98ec8d06d))
+
+# [0.79.0-alpha.6](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.5...0.79.0-alpha.6) (2022-04-11)
+
+
+### Features
+
+* Handle TODOs for ecs cluster ([554dff7](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/554dff7785dc2c69403a41416c7739625fd02263))
+* Update kms connection ([1e3e66d](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/1e3e66d41e886bbb39ad9f000167fa93c7313b26))
+* Updated README connections ([f536b73](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/f536b73f97c1f0ddbea687588e5d10f089fd2500))
+
 # [0.79.0-alpha.5](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.4...0.79.0-alpha.5) (2022-04-08)
 
 
diff --git a/README.md b/README.md
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@cloudgraph/cg-provider-aws",
-  "version": "0.79.0-alpha.5",
+  "version": "0.79.0-alpha.7",
   "description": "cloud-graph provider plugin for AWS used to fetch AWS cloud data.",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",
diff --git a/src/services/cloudwatchLogs/schema.graphql b/src/services/cloudwatchLogs/schema.graphql
@@ -13,6 +13,7 @@ type awsCloudwatchLog @key(fields: "arn") {
   kms: [awsKms] @hasInverse(field: cloudwatchLog)
   cloudwatch: [awsCloudwatch] @hasInverse(field: cloudwatchLog)
   cloudtrail: [awsCloudtrail] @hasInverse(field: cloudwatchLog)
+  ecsCluster: [awsEcsCluster] @hasInverse(field: cloudwatchLog)
 }
 
 type awsMetricFilter
diff --git a/src/services/cognitoUserPool/connections.ts b/src/services/cognitoUserPool/connections.ts
@@ -103,7 +103,7 @@ export default ({
 
   if (kmsKeyID && kms?.data?.[region]) {
     const kmsInRegion: AwsKms = kms.data[region].find(
-      ({ KeyId }: AwsKms) => kmsKeyID === KeyId
+      ({ KeyArn }: AwsKms) => kmsKeyID === KeyArn
     )
 
     if (kmsInRegion) {
diff --git a/src/services/ecsCluster/connections.ts b/src/services/ecsCluster/connections.ts
@@ -0,0 +1,97 @@
+import { ServiceConnection } from '@cloudgraph/sdk'
+
+import { isEmpty } from 'lodash'
+import services from '../../enums/services'
+import { RawAwsEcsCluster } from '../ecsCluster/data'
+import { RawAwsS3 } from '../s3/data'
+import { RawAwsLogGroup } from '../cloudwatchLogs/data'
+import { AwsKms } from '../kms/data'
+import { gets3BucketId } from '../../utils/ids'
+
+export default ({
+  service: ecsCluster,
+  data,
+  region,
+}: {
+  service: RawAwsEcsCluster
+  data: Array<{ name: string; data: { [property: string]: any[] } }>
+  region: string
+}): {
+  [property: string]: ServiceConnection[]
+} => {
+  const {
+    clusterArn: arn,
+    configuration: {
+      executeCommandConfiguration: { logConfiguration, kmsKeyId } = {},
+    } = {},
+  } = ecsCluster
+  const connections: ServiceConnection[] = []
+
+  /**
+   * Find S3
+   * related to this ecs cluster
+   */
+  const buckets = data.find(({ name }) => name === services.s3)
+  if (buckets?.data?.[region]) {
+    const dataAtRegion: RawAwsS3[] = buckets.data[region].filter(
+      ({ Name: name }: RawAwsS3) => name === logConfiguration?.s3BucketName
+    )
+    for (const bucket of dataAtRegion) {
+      connections.push({
+        id: gets3BucketId(bucket.Name),
+        resourceType: services.s3,
+        relation: 'child',
+        field: 's3',
+      })
+    }
+  }
+
+  /**
+   * Find Cloudwatch Log Group
+   * related to this ecs cluster
+   */
+  const logGroups = data.find(({ name }) => name === services.cloudwatchLog)
+  let logGroupsInRegion: RawAwsLogGroup[] = []
+  if (logGroups?.data?.[region]) {
+    logGroupsInRegion = logGroups.data[region].filter(
+      ({ logGroupName }: RawAwsLogGroup) =>
+        logGroupName === logConfiguration?.cloudWatchLogGroupName
+    )
+  }
+
+  if (!isEmpty(logGroupsInRegion)) {
+    for (const logGroup of logGroupsInRegion) {
+      connections.push({
+        id: logGroup.logGroupName,
+        resourceType: services.cloudwatchLog,
+        relation: 'child',
+        field: 'cloudwatchLog',
+      })
+    }
+  }
+
+  /**
+   * Find MKS
+   * related to this ecs cluster
+   */
+  const kms = data.find(({ name }) => name === services.kms)
+  if (kms?.data?.[region]) {
+    const kmsInRegion: AwsKms = kms.data[region].find(
+      ({ KeyArn }: AwsKms) => KeyArn === kmsKeyId
+    )
+
+    if (kmsInRegion) {
+      connections.push({
+        id: kmsInRegion.KeyId,
+        resourceType: services.kms,
+        relation: 'child',
+        field: 'kms',
+      })
+    }
+  }
+
+  const natResult = {
+    [arn]: connections,
+  }
+  return natResult
+}
diff --git a/src/services/ecsCluster/index.ts b/src/services/ecsCluster/index.ts
@@ -2,12 +2,15 @@ import {Service} from '@cloudgraph/sdk'
 import BaseService from '../base'
 import format from './format'
 import getData from './data'
+import getConnections from './connections'
 import mutation from './mutation'
 
 export default class EcsCluster extends BaseService implements Service {
   format = format.bind(this)
 
   getData = getData.bind(this)
 
+  getConnections = getConnections.bind(this)
+  
   mutation = mutation
 }
diff --git a/src/services/ecsCluster/schema.graphql b/src/services/ecsCluster/schema.graphql
@@ -16,10 +16,11 @@ type awsEcsCluster implements awsBaseService @key(fields: "arn") {
   ecsService: [awsEcsService] @hasInverse(field: ecsCluster)
   ecsTask: [awsEcsTask] @hasInverse(field: ecsCluster)
   ecsTaskSet: [awsEcsTaskSet] @hasInverse(field: ecsCluster)
+  s3: [awsS3] @hasInverse(field: ecsCluster)
+  cloudwatchLog: [awsCloudwatchLog] @hasInverse(field: ecsCluster)
+  kms: [awsKms] @hasInverse(field: ecsCluster)
 }
 
-#TODO: add connections to cloudwatchLog, s3,
-
 type AwsEcsExecuteCommandLogConfiguration
   @generate(
     query: { get: false, query: true, aggregate: false }
diff --git a/src/services/iamRole/schema.graphql b/src/services/iamRole/schema.graphql
@@ -28,4 +28,5 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
   ec2Instances: [awsEc2] @hasInverse(field: iamRole)
   cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: iamRole)
   appSync: [awsAppSync] @hasInverse(field: iamRoles)
+  lambda: [awsLambda] @hasInverse(field: iamRole)
 }
diff --git a/src/services/kms/schema.graphql b/src/services/kms/schema.graphql
@@ -28,6 +28,7 @@ type awsKms implements awsBaseService @key(fields: "id") {
   sageMakerNotebookInstances: [awsSageMakerNotebookInstance]
     @hasInverse(field: kms)
   rdsClusterSnapshots: [awsRdsClusterSnapshot] @hasInverse(field: kms)
+  ecsCluster: [awsEcsCluster] @hasInverse(field: kms)
   dynamodb: [awsDynamoDbTable] @hasInverse(field: kms)
   cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: kms)
 }
diff --git a/src/services/lambda/connections.ts b/src/services/lambda/connections.ts
@@ -7,6 +7,8 @@ import { SecurityGroup } from 'aws-sdk/clients/ec2'
 
 import services from '../../enums/services'
 import { RawAwsSubnet } from '../subnet/data'
+import { RawAwsIamRole } from '../iamRole/data'
+import { globalRegionName } from '../../enums/regions'
 
 export default ({
   service: lambda,
@@ -22,6 +24,7 @@ export default ({
   const {
     KMSKeyArn,
     FunctionArn: id,
+    Role,
     VpcConfig: { SecurityGroupIds: sgIds = [], SubnetIds: subnetIds = [] } = {},
   } = lambda
   const connections: ServiceConnection[] = []
@@ -83,7 +86,7 @@ export default ({
     if (!isEmpty(subnetsInRegion)) {
       for (const subnet of subnetsInRegion) {
         connections.push({
-          id:subnet.SubnetId,
+          id: subnet.SubnetId,
           resourceType: services.subnet,
           relation: 'child',
           field: 'subnet',
@@ -92,6 +95,30 @@ export default ({
     }
   }
 
+  /**
+   * Find IAM Role
+   * related to this lambda function
+   */
+  const iamRoles: {
+    name: string
+    data: { [property: string]: RawAwsIamRole[] }
+  } = data.find(({ name }) => name === services.iamRole)
+  if (iamRoles?.data?.[globalRegionName]) {
+    const iamRolesInRegion: RawAwsIamRole[] = iamRoles.data[
+      globalRegionName
+    ].filter(({ Arn }: RawAwsIamRole) => Arn === Role)
+    if (!isEmpty(iamRolesInRegion)) {
+      for (const role of iamRolesInRegion) {
+        connections.push({
+          id: role.Arn,
+          resourceType: services.iamRole,
+          relation: 'child',
+          field: 'iamRole',
+        })
+      }
+    }
+  }
+
   const lambdaResult = {
     [id]: connections,
   }
diff --git a/src/services/lambda/format.ts b/src/services/lambda/format.ts
@@ -1,17 +1,16 @@
 import isEmpty from 'lodash/isEmpty'
 import t from '../../properties/translations'
 import { AwsLambda } from '../../types/generated'
-import { formatTagsFromMap } from '../../utils/format'
+import { formatTagsFromMap, formatIamJsonPolicy } from '../../utils/format'
 import { RawAwsLambdaFunction } from './data'
-import { formatIamJsonPolicy } from '../../utils/format'
 
 /**
  * Lambda
  */
 export default ({
   service: rawData,
   account,
-  region
+  region,
 }: {
   service: RawAwsLambdaFunction
   account: string
@@ -33,10 +32,7 @@ export default ({
     Version: version,
     reservedConcurrentExecutions: rawReservedConcurrentExecutions,
     VpcConfig: vpcConfig,
-    PolicyData: {
-      Policy: policy = '',
-      RevisionId: policyRevisionId = ''
-    }
+    PolicyData: { Policy: policy = '', RevisionId: policyRevisionId = '' },
   } = rawData
   const environmentVariables = []
   const secretNames = [t.pass, t.secret, t.private, t.cert]
@@ -53,7 +49,11 @@ export default ({
           }
         })
 
-        environmentVariables.push({ id: `${key}:${desiredValue}`, key, value: desiredValue })
+        environmentVariables.push({
+          id: `${key}:${desiredValue}`,
+          key,
+          value: desiredValue,
+        })
       })
     }
   }
@@ -65,7 +65,7 @@ export default ({
   const formattedVpcConfig = {
     vpcId: vpcConfig?.VpcId,
     subnetIds: vpcConfig?.SubnetIds,
-    securityGroupIds: vpcConfig?.SecurityGroupIds
+    securityGroupIds: vpcConfig?.SecurityGroupIds,
   }
 
   return {
@@ -79,7 +79,6 @@ export default ({
     lastModified,
     memorySize,
     reservedConcurrentExecutions,
-    role: handler,
     runtime,
     sourceCodeSize: `${codeSize * 0.001} Kb`,
     timeout,
diff --git a/src/services/lambda/schema.graphql b/src/services/lambda/schema.graphql
@@ -5,7 +5,6 @@ type awsLambda implements awsBaseService @key(fields: "arn") {
   lastModified: String @search(by: [hash, regexp])
   memorySize: Int @search
   reservedConcurrentExecutions: Int @search
-  role: String @search(by: [hash, regexp]) # TODO: add iamRole connection here
   runtime: String @search(by: [hash, regexp])
   sourceCodeSize: String @search(by: [hash, regexp])
   timeout: Int @search
@@ -22,6 +21,7 @@ type awsLambda implements awsBaseService @key(fields: "arn") {
   vpc: [awsVpc] @hasInverse(field: lambda)
   cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: lambdas)
   appSync: [awsAppSync] @hasInverse(field: lambda)
+  iamRole: [awsIamRole] @hasInverse(field: lambda)
 }
 
 type awsLambdaEnvironmentVariable
diff --git a/src/services/s3/schema.graphql b/src/services/s3/schema.graphql
@@ -23,6 +23,7 @@ type awsS3 implements awsBaseService @key(fields: "arn") {
   cloudfrontDistribution: [awsCloudfront] @hasInverse(field: s3) #change to plural
   cloudtrail: [awsCloudtrail] @hasInverse(field: s3) #change to plural
   managedAirflows: [awsManagedAirflow] @hasInverse(field: s3)
+  ecsCluster: [awsEcsCluster] @hasInverse(field: s3)
 }
 
 # TODO: use getBucketReplication and getBucketNotificationConfiguration to make connections to lambda, sns, iamRole, SQS
diff --git a/src/types/generated.ts b/src/types/generated.ts
@@ -914,6 +914,7 @@ export type AwsCloudwatchLog = {
   cloudtrail?: Maybe<Array<Maybe<AwsCloudtrail>>>;
   cloudwatch?: Maybe<Array<Maybe<AwsCloudwatch>>>;
   creationTime?: Maybe<Scalars['String']>;
+  ecsCluster?: Maybe<Array<Maybe<AwsEcsCluster>>>;
   id: Scalars['String'];
   kms?: Maybe<Array<Maybe<AwsKms>>>;
   kmsKeyId?: Maybe<Scalars['String']>;
@@ -1595,15 +1596,18 @@ export type AwsEcsCluster = AwsBaseService & {
   attachments?: Maybe<Array<Maybe<AwsEcsAttachment>>>;
   attachmentsStatus?: Maybe<Scalars['String']>;
   capacityProviders?: Maybe<Array<Maybe<Scalars['String']>>>;
+  cloudwatchLog?: Maybe<Array<Maybe<AwsCloudwatchLog>>>;
   clusterName?: Maybe<Scalars['String']>;
   configuration?: Maybe<AwsEcsClusterConfiguration>;
   defaultCapacityProviderStrategy?: Maybe<Array<Maybe<AwsEcsCapacityProviderStrategyItem>>>;
   ecsService?: Maybe<Array<Maybe<AwsEcsService>>>;
   ecsTask?: Maybe<Array<Maybe<AwsEcsTask>>>;
   ecsTaskSet?: Maybe<Array<Maybe<AwsEcsTaskSet>>>;
+  kms?: Maybe<Array<Maybe<AwsKms>>>;
   pendingTasksCount?: Maybe<Scalars['Int']>;
   registeredContainerInstancesCount?: Maybe<Scalars['Int']>;
   runningTasksCount?: Maybe<Scalars['Int']>;
+  s3?: Maybe<Array<Maybe<AwsS3>>>;
   settings?: Maybe<Array<Maybe<AwsEcsClusterSettings>>>;
   statistics?: Maybe<Array<Maybe<AwsEcsStatistics>>>;
   status?: Maybe<Scalars['String']>;
@@ -3064,6 +3068,7 @@ export type AwsIamRole = AwsBaseService & {
   iamAttachedPolicies?: Maybe<Array<Maybe<AwsIamPolicy>>>;
   iamInstanceProfiles?: Maybe<Array<Maybe<AwsIamInstanceProfile>>>;
   inlinePolicies?: Maybe<Array<Maybe<Scalars['String']>>>;
+  lambda?: Maybe<Array<Maybe<AwsLambda>>>;
   managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
   maxSessionDuration?: Maybe<Scalars['Int']>;
   name?: Maybe<Scalars['String']>;
@@ -3183,6 +3188,7 @@ export type AwsKms = AwsBaseService & {
   description?: Maybe<Scalars['String']>;
   dmsReplicationInstances?: Maybe<Array<Maybe<AwsDmsReplicationInstance>>>;
   dynamodb?: Maybe<Array<Maybe<AwsDynamoDbTable>>>;
+  ecsCluster?: Maybe<Array<Maybe<AwsEcsCluster>>>;
   efs?: Maybe<Array<Maybe<AwsEfs>>>;
   eksCluster?: Maybe<Array<Maybe<AwsEksCluster>>>;
   elastiCacheReplicationGroup?: Maybe<Array<Maybe<AwsElastiCacheReplicationGroup>>>;
@@ -3210,14 +3216,14 @@ export type AwsLambda = AwsBaseService & {
   description?: Maybe<Scalars['String']>;
   environmentVariables?: Maybe<Array<Maybe<AwsLambdaEnvironmentVariable>>>;
   handler?: Maybe<Scalars['String']>;
+  iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
   kms?: Maybe<Array<Maybe<AwsKms>>>;
   kmsKeyArn?: Maybe<Scalars['String']>;
   lastModified?: Maybe<Scalars['String']>;
   memorySize?: Maybe<Scalars['Int']>;
   policy?: Maybe<AwsIamJsonPolicy>;
   policyRevisionId?: Maybe<Scalars['String']>;
   reservedConcurrentExecutions?: Maybe<Scalars['Int']>;
-  role?: Maybe<Scalars['String']>;
   runtime?: Maybe<Scalars['String']>;
   securityGroups?: Maybe<Array<Maybe<AwsSecurityGroup>>>;
   sourceCodeSize?: Maybe<Scalars['String']>;
@@ -3680,6 +3686,7 @@ export type AwsS3 = AwsBaseService & {
   cloudtrail?: Maybe<Array<Maybe<AwsCloudtrail>>>;
   corsConfiguration?: Maybe<Scalars['String']>;
   crossRegionReplication?: Maybe<Scalars['String']>;
+  ecsCluster?: Maybe<Array<Maybe<AwsEcsCluster>>>;
   encrypted?: Maybe<Scalars['String']>;
   ignorePublicAcls?: Maybe<Scalars['String']>;
   kinesisFirehose?: Maybe<Array<Maybe<AwsKinesisFirehose>>>;

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@cloudgraph/cg-provider-aws",`
`3`		`- "version": "0.79.0-alpha.5",`
	`3`	`+ "version": "0.79.0-alpha.7",`
`4`	`4`	`"description": "cloud-graph provider plugin for AWS used to fetch AWS cloud data.",`
`5`	`5`	`"publishConfig": {`
`6`	`6`	`"registry": "https://registry.npmjs.org/",`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ type awsCloudwatchLog @key(fields: "arn") {`
`13`	`13`	`kms: [awsKms] @hasInverse(field: cloudwatchLog)`
`14`	`14`	`cloudwatch: [awsCloudwatch] @hasInverse(field: cloudwatchLog)`
`15`	`15`	`cloudtrail: [awsCloudtrail] @hasInverse(field: cloudwatchLog)`
	`16`	`+ ecsCluster: [awsEcsCluster] @hasInverse(field: cloudwatchLog)`
`16`	`17`	`}`
`17`	`18`
`18`	`19`	`type awsMetricFilter`
Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ export default ({`
`103`	`103`
`104`	`104`	`if (kmsKeyID && kms?.data?.[region]) {`
`105`	`105`	`const kmsInRegion: AwsKms = kms.data[region].find(`
`106`		`- ({ KeyId }: AwsKms) => kmsKeyID === KeyId`
	`106`	`+ ({ KeyArn }: AwsKms) => kmsKeyID === KeyArn`
`107`	`107`	`)`
`108`	`108`
`109`	`109`	`if (kmsInRegion) {`
Original file line number	Diff line number	Diff line change
`@@ -28,4 +28,5 @@ type awsIamRole implements awsBaseService @key(fields: "id") {`
`28`	`28`	`ec2Instances: [awsEc2] @hasInverse(field: iamRole)`
`29`	`29`	`cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: iamRole)`
`30`	`30`	`appSync: [awsAppSync] @hasInverse(field: iamRoles)`
	`31`	`+ lambda: [awsLambda] @hasInverse(field: iamRole)`
`31`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ type awsKms implements awsBaseService @key(fields: "id") {`
`28`	`28`	`sageMakerNotebookInstances: [awsSageMakerNotebookInstance]`
`29`	`29`	`@hasInverse(field: kms)`
`30`	`30`	`rdsClusterSnapshots: [awsRdsClusterSnapshot] @hasInverse(field: kms)`
	`31`	`+ ecsCluster: [awsEcsCluster] @hasInverse(field: kms)`
`31`	`32`	`dynamodb: [awsDynamoDbTable] @hasInverse(field: kms)`
`32`	`33`	`cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: kms)`
`33`	`34`	`}`