Merge branch 'alpha' into feature/CG-1063

Author: m-pizarro

CHANGELOG.md

@@ -1,3 +1,40 @@
+# [0.79.0-alpha.13](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.12...0.79.0-alpha.13) (2022-04-12)
+
+
+### Features
+
+* **asg:** add iam role connection ([06285db](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/06285db82a8b2feb821d95446e3e0fe87c54cd51))
+
+# [0.79.0-alpha.12](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.11...0.79.0-alpha.12) (2022-04-12)
+
+
+### Bug Fixes
+
+* add connection between nacl and subnet services ([6ed6dee](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/6ed6dee345daa6342f651e5c00bb92178b259954))
+
+# [0.79.0-alpha.11](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.10...0.79.0-alpha.11) (2022-04-12)
+
+
+### Features
+
+* **s3:** Add connections to iamRole, lambda, sns and sqs services ([1ca01fd](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/1ca01fd9b1dabc110b87e0c74e3e63b5c0cb1099))
+* **s3:** Add connections to iamRole, lambda, sns and sqs services ([22a8cfd](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/22a8cfdbd1365a5b94fdbc91d54886b1135c9682))
+
+# [0.79.0-alpha.10](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.9...0.79.0-alpha.10) (2022-04-12)
+
+
+### Features
+
+* **cloudFormationStackSet:** add iam role connection ([e25bffb](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/e25bffb1f467706ff6a0cc752804a6b3738f6c8b))
+
+# [0.79.0-alpha.9](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.8...0.79.0-alpha.9) (2022-04-12)
+
+
+### Features
+
+* Handle TODOs for secrets manager ([d7a975d](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/d7a975dc2a5ffdb784eef36c4a827d553e7ac1c3))
+* Update README file ([0ddf442](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/0ddf44211fe3f324371e6a21c6d5df3bc69facfb))
+
 # [0.79.0-alpha.8](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.7...0.79.0-alpha.8) (2022-04-11)
 
 

README.md

@@ -1,6 +1,6 @@
 {
   "name": "@cloudgraph/cg-provider-aws",
-  "version": "0.79.0-alpha.8",
+  "version": "0.79.0-alpha.13",
   "description": "cloud-graph provider plugin for AWS used to fetch AWS cloud data.",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",

package.json

@@ -427,6 +427,7 @@ export default {
   gettingRotationStatus: 'Checking rotation status for each key...',
   gettingPolicies: 'Fetching default Policy for each key...',
   gettingTags: 'Fetching Tags for each key...',
+  gettingAliases: 'Fetching Aliases for each key...',
 
   /**
    * EKS

src/properties/logger.ts

@@ -10,6 +10,8 @@ import { SecurityGroup, Volume } from 'aws-sdk/clients/ec2'
 import { isEmpty } from 'lodash'
 import services from '../../enums/services'
 import { RawAwsSubnet } from '../subnet/data'
+import { RawAwsIamRole } from '../iamRole/data'
+import { globalRegionName } from '../../enums/regions'
 
 /**
  * ASG
@@ -34,6 +36,7 @@ export default ({
     AutoScalingGroupARN: id,
     Instances: instances = [],
     VPCZoneIdentifier: commaSeparatedSubnetIds = '',
+    ServiceLinkedRoleARN: roleArn,
   } = asg
 
   const { SecurityGroups: sgIds = [] } = asg.LaunchConfiguration
@@ -142,6 +145,29 @@ export default ({
     }
   }
 
+  /**
+   * Find related IAM Roles
+   */
+  const roles: { name: string; data: { [property: string]: any[] } } =
+    data.find(({ name }) => name === services.iamRole)
+  if (roles?.data?.[globalRegionName]) {
+    const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
+      role => role.Arn === roleArn
+    )
+    if (!isEmpty(dataAtRegion)) {
+      for (const instance of dataAtRegion) {
+        const { Arn: arn }: RawAwsIamRole = instance
+
+        connections.push({
+          id: arn,
+          resourceType: services.iamRole,
+          relation: 'child',
+          field: 'iamRole',
+        })
+      }
+    }
+  }
+
   const asgResult = {
     [id]: connections,
   }

src/services/asg/connections.ts

@@ -134,4 +134,5 @@ type awsAsg implements awsBaseService @key(fields: "arn") {
   securityGroups: [awsSecurityGroup] @hasInverse(field: asg)
   ebs: [awsEbs] @hasInverse(field: asg)
   subnet: [awsSubnet] @hasInverse(field: asg) #change to plural
+  iamRole: [awsIamRole] @hasInverse(field: asg)
 }

src/services/asg/schema.graphql

@@ -1,34 +1,60 @@
-// TODO: Enable when IAM is added
-// import { ServiceConnection } from '@cloudgraph/sdk';
-// import { Stack } from 'aws-sdk/clients/cloudformation';
-// import { TagMap } from '../../types'
+import isEmpty from 'lodash/isEmpty'
+import { ServiceConnection } from '@cloudgraph/sdk';
+import { StackSet } from 'aws-sdk/clients/cloudformation';
+import { TagMap } from '../../types'
+import services from '../../enums/services'
+import { RawAwsIamRole } from '../iamRole/data'
+import { globalRegionName } from '../../enums/regions'
 
-// /**
-//  * Cloud Formation StackSet
-//  */
+/**
+ * Cloud Formation StackSet
+ */
 
-// export default ({
-//   service: cfStackSet,
-//   data,
-//   region,
-// }: {
-//   data: { name: string; data: { [property: string]: any[] } }[]
-//   service: Stack & {
-//     region: string
-//     Tags: TagMap,
-//   },
-//   region: string
-// }): { [key: string]: ServiceConnection[] } => {
-//   const connections: ServiceConnection[] = []
+export default ({
+  service: cfStackSet,
+  data,
+  region,
+}: {
+  data: { name: string; data: { [property: string]: any[] } }[]
+  service: StackSet & {
+    region: string
+    Tags: TagMap,
+  },
+  region: string
+}): { [key: string]: ServiceConnection[] } => {
+  const connections: ServiceConnection[] = []
 
-//   const {
-//     StackId: id,
-//     // TODO add connection role
-//     // AdministrationRoleARN: administrationRoleARN
-//   } = cfStackSet
+  const {
+    StackSetId: id,
+    AdministrationRoleARN: administrationRoleARN,
+    ExecutionRoleName: executionRoleName,
+  } = cfStackSet
 
-//   const cfStackSetResult = {
-//     [id]: connections,
-//   }
-//   return cfStackSetResult
-// }
+  /**
+   * Find related IAM Roles
+   */
+  const roles: { name: string; data: { [property: string]: any[] } } =
+    data.find(({ name }) => name === services.iamRole)
+  if (roles?.data?.[globalRegionName]) {
+    const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
+      role => role.Arn === administrationRoleARN || role.RoleName === executionRoleName
+    )
+    if (!isEmpty(dataAtRegion)) {
+      for (const instance of dataAtRegion) {
+        const { Arn: arn }: RawAwsIamRole = instance
+
+        connections.push({
+          id: arn,
+          resourceType: services.iamRole,
+          relation: 'child',
+          field: 'iamRoles',
+        })
+      }
+    }
+  }
+
+  const cfStackSetResult = {
+    [id]: connections,
+  }
+  return cfStackSetResult
+}

src/services/cloudFormationStackSet/connections.ts

@@ -2,16 +2,15 @@ import { Service } from '@cloudgraph/sdk';
 import BaseService from '../base';
 import format from './format';
 import getData from './data';
-// import getConnections from './connections'
+import getConnections from './connections'
 import mutation from './mutation';
 
 export default class AwsCloudFormation extends BaseService implements Service {
   format = format.bind(this);
 
   getData = getData.bind(this);
 
-  // TODO: Enable when IAM is added
-  // getConnections = getConnections.bind(this)
+  getConnections = getConnections.bind(this)
 
   mutation = mutation;
 }

src/services/cloudFormationStackSet/index.ts

@@ -40,7 +40,7 @@ type awsCloudFormationStackAutoDeploymentConfig {
   enabled: String @search(by: [hash, regexp])
   retainStacksOnAccountRemoval: String @search(by: [hash, regexp])
 }
-# TODO: add accountId to cloudFormationStackSet
+
 type awsCloudFormationStackSet implements awsBaseService @key(fields: "arn") {
   name: String @search(by: [hash, regexp])
   description: String @search(by: [hash, regexp])
@@ -55,6 +55,5 @@ type awsCloudFormationStackSet implements awsBaseService @key(fields: "arn") {
   autoDeploymentConfig: awsCloudFormationStackAutoDeploymentConfig
   permissionModel: String @search(by: [hash, regexp])
   organizationalUnitIds: [String] @search
+  iamRoles: [awsIamRole] @hasInverse(field: cloudFormationStackSet)
 }
-
-# TODO: add iam role connection using AdministrationRoleARN (also see if a connection can be made using ExecutionRoleName)

src/services/cloudFormationStackSet/schema.graphql

@@ -18,7 +18,7 @@ type awsCloudfront implements awsBaseService @key(fields: "id") {
   origins: [awsCloudfrontOriginData]
   logging: awsCloudfrontLoggingConfig
   elb: [awsElb] @hasInverse(field: cloudfrontDistribution)
-  s3: [awsS3] @hasInverse(field: cloudfrontDistribution)
+  s3: [awsS3] @hasInverse(field: cloudfrontDistributions)
   tags: [awsRawTag]
   webAcl: [awsWafV2WebAcl] @hasInverse(field: cloudfront)
 }