From d5af1af67656058e42874dd0260b7d1bf63310f5 Mon Sep 17 00:00:00 2001 From: Harold Date: Tue, 12 Apr 2022 14:58:40 -0400 Subject: [PATCH] fix(elasticBeanstalkApp): add connection to iamRole, fixes to iamRole --- README.md | 4 +-- src/services/ecsService/schema.graphql | 2 +- src/services/eksCluster/schema.graphql | 2 +- .../elasticBeanstalkApplication/format.ts | 2 ++ .../schema.graphql | 6 ++--- .../connections.ts | 2 +- .../schema.graphql | 2 +- src/services/iamRole/connections.ts | 27 ++++++++++++++++++- src/services/iamRole/schema.graphql | 19 +++++++------ src/types/generated.ts | 11 +++++--- 10 files changed, 53 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index d962daf3..739b2940 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi | eksCluster | ec2, iamRole, kms, securityGroup, subnet, vpc | | elastiCacheCluster | securityGroup, subnet, vpc | | elastiCacheReplicationGroup | kms | -| elasticBeanstalkApp | elasticBeanstalkEnv | +| elasticBeanstalkApp | elasticBeanstalkEnv, iamRole | | elasticBeanstalkEnv | ec2, elasticBeanstalkApp | | elasticSearchDomain | kms, securityGroup, subnet, vpc | | elb | cloudfront, ecsService, securityGroup, subnet, vpc | @@ -124,7 +124,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi | iamServerCertificate | | | iamUser | iamGroup | | iamPolicy | iamRole, iamGroup | -| iamRole | appSync, asg, cloudformationStackSet, codebuild, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector, lambda, kinesisFirehose, rdsCluster | +| iamRole | appSync, asg, cloudformationStackSet, codebuild, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance, guardDutyDetector, lambda, kinesisFirehose, rdsCluster, elasticBeanstalkApp | | iamGroup | iamUser, iamPolicy | | igw | vpc | | iot | | diff --git a/src/services/ecsService/schema.graphql b/src/services/ecsService/schema.graphql index 52addc82..a84c247b 100644 --- a/src/services/ecsService/schema.graphql +++ b/src/services/ecsService/schema.graphql @@ -29,7 +29,7 @@ type awsEcsService implements awsBaseService @key(fields: "arn") { ecsTaskDefinition: [awsEcsTaskDefinition] @hasInverse(field: ecsService) ecsTaskSet: [awsEcsTaskSet] @hasInverse(field: ecsService) elb: [awsElb] @hasInverse(field: ecsService) - iamRoles: [awsIamRole] @hasInverse(field: ecsService) + iamRoles: [awsIamRole] @hasInverse(field: ecsServices) securityGroups: [awsSecurityGroup] @hasInverse(field: ecsService) subnet: [awsSubnet] @hasInverse(field: ecsService) #change to plural vpc: [awsVpc] @hasInverse(field: ecsService) diff --git a/src/services/eksCluster/schema.graphql b/src/services/eksCluster/schema.graphql index 8eb6c9ee..9e760c4a 100644 --- a/src/services/eksCluster/schema.graphql +++ b/src/services/eksCluster/schema.graphql @@ -13,7 +13,7 @@ type awsEksCluster implements awsBaseService @key(fields: "arn") { platformVersion: String @search(by: [hash, regexp]) encryptionConfig: [awsEksEncryptionConfig] tags: [awsRawTag] - iamRoles: [awsIamRole] @hasInverse(field: eksCluster) + iamRoles: [awsIamRole] @hasInverse(field: eksClusters) kms: [awsKms] @hasInverse(field: eksCluster) securityGroups: [awsSecurityGroup] @hasInverse(field: eksCluster) subnets: [awsSubnet] @hasInverse(field: eksCluster) diff --git a/src/services/elasticBeanstalkApplication/format.ts b/src/services/elasticBeanstalkApplication/format.ts index 61f25d63..8e248a10 100644 --- a/src/services/elasticBeanstalkApplication/format.ts +++ b/src/services/elasticBeanstalkApplication/format.ts @@ -19,6 +19,7 @@ export default ({ ApplicationName: name, Description: description, Tags = {}, + ResourceLifecycleConfig: { ServiceRole: iamServiceRole } = {}, } = application return { @@ -28,6 +29,7 @@ export default ({ name, description, region, + iamServiceRole, tags: formatTagsFromMap(Tags), } } diff --git a/src/services/elasticBeanstalkApplication/schema.graphql b/src/services/elasticBeanstalkApplication/schema.graphql index 23e04572..3ae84666 100644 --- a/src/services/elasticBeanstalkApplication/schema.graphql +++ b/src/services/elasticBeanstalkApplication/schema.graphql @@ -1,8 +1,8 @@ type awsElasticBeanstalkApp implements awsBaseService @key(fields: "arn") { name: String @search(by: [hash, regexp]) description: String @search(by: [hash, regexp]) - elasticBeanstalkEnv: [awsElasticBeanstalkEnv] #change to plural + iamServiceRole: String @search(by: [hash, regexp]) + elasticBeanstalkEnvs: [awsElasticBeanstalkEnv] @hasInverse(field: elasticBeanstalkApps) tags: [awsRawTag] + iamRole: [awsIamRole] @hasInverse(field: elasticBeanstalkApps) } - -#TODO: get iam role data and connection in format from ResourceLifecycleConfig diff --git a/src/services/elasticBeanstalkEnvironment/connections.ts b/src/services/elasticBeanstalkEnvironment/connections.ts index aab0fb21..68c91d20 100644 --- a/src/services/elasticBeanstalkEnvironment/connections.ts +++ b/src/services/elasticBeanstalkEnvironment/connections.ts @@ -44,7 +44,7 @@ export default ({ id: app.ApplicationArn, resourceType: services.elasticBeanstalkApp, relation: 'child', - field: 'elasticBeanstalkApp', + field: 'elasticBeanstalkApps', }) } } diff --git a/src/services/elasticBeanstalkEnvironment/schema.graphql b/src/services/elasticBeanstalkEnvironment/schema.graphql index f86bea83..b1b692a5 100644 --- a/src/services/elasticBeanstalkEnvironment/schema.graphql +++ b/src/services/elasticBeanstalkEnvironment/schema.graphql @@ -11,7 +11,7 @@ type awsElasticBeanstalkEnv implements awsBaseService @key(fields: "arn") { tier: String @search(by: [hash]) versionLabel: String @search(by: [hash, regexp]) tags: [awsRawTag] - elasticBeanstalkApp: [awsElasticBeanstalkApp] @hasInverse(field: elasticBeanstalkEnv) + elasticBeanstalkApps: [awsElasticBeanstalkApp] @hasInverse(field: elasticBeanstalkEnvs) ec2Instances: [awsEc2] @hasInverse(field: elasticBeanstalkEnv) } diff --git a/src/services/iamRole/connections.ts b/src/services/iamRole/connections.ts index 4dfc41df..488c8618 100644 --- a/src/services/iamRole/connections.ts +++ b/src/services/iamRole/connections.ts @@ -15,6 +15,7 @@ import { RawAwsManagedAirflow } from '../managedAirflow/data' import { RawAwsGuardDutyDetector } from '../guardDutyDetector/data' import { RawAwsSageMakerNotebookInstance } from '../sageMakerNotebookInstance/data' import { RawAwsSystemsManagerInstance } from '../systemsManagerInstance/data' +import { RawAwsElasticBeanstalkApp } from '../elasticBeanstalkApplication/data' /** * IAM Role @@ -81,7 +82,7 @@ export default ({ id: serviceArn, resourceType: services.ecsService, relation: 'child', - field: 'ecsService', + field: 'ecsServices', }) } } @@ -229,6 +230,30 @@ export default ({ } } + /** + * Find any elasticBeanstalkApp related data + */ + const elasticBApps = data.find( + ({ name }) => name === services.elasticBeanstalkApp + ) + if (elasticBApps?.data?.[region]) { + const dataAtRegion: RawAwsElasticBeanstalkApp[] = elasticBApps.data[ + region + ].filter( + ({ + ResourceLifecycleConfig: { ServiceRole: iamServiceRole } = {}, + }: RawAwsElasticBeanstalkApp) => iamServiceRole === role.Arn + ) + for (const elasticBApp of dataAtRegion) { + connections.push({ + id: elasticBApp.ApplicationArn, + resourceType: services.elasticBeanstalkApp, + relation: 'child', + field: 'elasticBeanstalkApps', + }) + } + } + return { [id]: connections, } diff --git a/src/services/iamRole/schema.graphql b/src/services/iamRole/schema.graphql index a3e0b12a..566109a2 100644 --- a/src/services/iamRole/schema.graphql +++ b/src/services/iamRole/schema.graphql @@ -7,21 +7,20 @@ type awsIamRole implements awsBaseService @key(fields: "id") { maxSessionDuration: Int @search tags: [awsRawTag] inlinePolicies: [String] - iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamRoles) - eksCluster: [awsEksCluster] @hasInverse(field: iamRoles) #change to plural - ecsService: [awsEcsService] @hasInverse(field: iamRoles) #change to plural - flowLogs: [awsFlowLog] @hasInverse(field: iamRole) cloudFormationStack: [awsCloudFormationStack] @hasInverse(field: iamRole) - configurationRecorder: [awsConfigurationRecorder] @hasInverse(field: iamRole) codebuilds: [awsCodebuild] @hasInverse(field: iamRoles) + configurationRecorder: [awsConfigurationRecorder] @hasInverse(field: iamRole) + ecsServices: [awsEcsService] @hasInverse(field: iamRoles) + eksClusters: [awsEksCluster] @hasInverse(field: iamRoles) + elasticBeanstalkApps: [awsElasticBeanstalkApp] @hasInverse(field: iamRole) + flowLogs: [awsFlowLog] @hasInverse(field: iamRole) glueJobs: [awsGlueJob] @hasInverse(field: iamRole) - managedAirflows: [awsManagedAirflow] @hasInverse(field: iamRoles) guardDutyDetectors: [awsGuardDutyDetector] @hasInverse(field: iamRole) - sageMakerNotebookInstances: [awsSageMakerNotebookInstance] - @hasInverse(field: iamRole) - systemsManagerInstances: [awsSystemsManagerInstance] - @hasInverse(field: iamRole) + iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamRoles) iamInstanceProfiles: [awsIamInstanceProfile] @hasInverse(field: iamRole) + managedAirflows: [awsManagedAirflow] @hasInverse(field: iamRoles) + sageMakerNotebookInstances: [awsSageMakerNotebookInstance] @hasInverse(field: iamRole) + systemsManagerInstances: [awsSystemsManagerInstance] @hasInverse(field: iamRole) s3: [awsS3] @hasInverse(field: iamRole) dynamodb: [awsDynamoDbTable] @hasInverse(field: iamRoles) ec2Instances: [awsEc2] @hasInverse(field: iamRole) diff --git a/src/types/generated.ts b/src/types/generated.ts index c0d20e55..4b3f7232 100644 --- a/src/types/generated.ts +++ b/src/types/generated.ts @@ -2490,7 +2490,9 @@ export type AwsElastiCacheUserGroupsUpdateStatus = { export type AwsElasticBeanstalkApp = AwsBaseService & { description?: Maybe; - elasticBeanstalkEnv?: Maybe>>; + elasticBeanstalkEnvs?: Maybe>>; + iamRole?: Maybe>>; + iamServiceRole?: Maybe; name?: Maybe; tags?: Maybe>>; }; @@ -2500,7 +2502,7 @@ export type AwsElasticBeanstalkEnv = AwsBaseService & { cname?: Maybe; description?: Maybe; ec2Instances?: Maybe>>; - elasticBeanstalkApp?: Maybe>>; + elasticBeanstalkApps?: Maybe>>; endpointUrl?: Maybe; name?: Maybe; platformArn?: Maybe; @@ -3060,8 +3062,9 @@ export type AwsIamRole = AwsBaseService & { description?: Maybe; dynamodb?: Maybe>>; ec2Instances?: Maybe>>; - ecsService?: Maybe>>; - eksCluster?: Maybe>>; + ecsServices?: Maybe>>; + eksClusters?: Maybe>>; + elasticBeanstalkApps?: Maybe>>; flowLogs?: Maybe>>; glueJobs?: Maybe>>; guardDutyDetectors?: Maybe>>;