Skip to content

fix: add connection between networkInterface and securityGroup services #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 13, 2022
Merged

fix: add connection between networkInterface and securityGroup services #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
| managedAirflow | iamRole, securityGroups, subnet, s3 |
| nacl | vpc |
| natGateway | networkInterface, subnet, vpc |
| networkInterface | ec2, eip, efsMountTarget, natGateway, sageMakerNotebookInstance, subnet, vpc, flowLog |
| networkInterface | ec2, eip, efsMountTarget, natGateway, sageMakerNotebookInstance, subnet, vpc, flowLog, securityGroup |
| organization |
| rdsCluster | appSync, rdsClusterSnapshot, rdsDbInstance, securityGroup, iamRole, kms |
| rdsClusterSnapshot | kms, rdsCluster, vpc |
Expand All @@ -149,7 +149,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
| sageMakerProject | |
| s3 | cloudfront, cloudtrail, ecsCluster, iamRole, kinesisFirehose, lambda, managedAirflow, sns, sqs |
| secretsManager | kms, lambda |
| securityGroup | alb, asg, clientVpnEndpoint, codebuild, dmsReplicationInstance, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow, sageMakerNotebookInstance |
| securityGroup | alb, asg, clientVpnEndpoint, codebuild, dmsReplicationInstance, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow, sageMakerNotebookInstance, networkInterface |
| ses | |
| sns | kms, cloudtrail, cloudwatch, s3 |
| sqs | s3 |
Expand Down
33 changes: 32 additions & 1 deletion src/services/networkInterface/connections.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import { RawAwsSubnet } from '../subnet/data'
import { RawFlowLog } from '../flowLogs/data'
import { RawNetworkInterface } from './data'
import { RawAwsSageMakerNotebookInstance } from '../sageMakerNotebookInstance/data'
import { AwsSecurityGroup } from '../securityGroup/data'

export default ({
service: networkInterface,
Expand All @@ -18,7 +19,8 @@ export default ({
}): {
[property: string]: ServiceConnection[]
} => {
const { NetworkInterfaceId, SubnetId } = networkInterface
const { NetworkInterfaceId, SubnetId, Groups = [] } = networkInterface
const sgIds = Groups.map(({ GroupId }) => GroupId)
const connections: ServiceConnection[] = []
/**
* Find Subnets used in Network Interface
Expand Down Expand Up @@ -87,6 +89,35 @@ export default ({
}
}

/**
* Find related security groups
*/
const securityGroups: {
name: string
data: { [property: string]: any[] }
} = data.find(({ name }) => name === services.sg)
if (securityGroups?.data?.[region]) {
const securityGroupsInRegion: AwsSecurityGroup[] = securityGroups.data[
region
].filter(
({ GroupId }: AwsSecurityGroup) =>
!isEmpty(sgIds) &&
sgIds.filter(str => str.toLowerCase().includes(GroupId.toLowerCase()))
.length > 0
)
if (!isEmpty(securityGroupsInRegion)) {
for (const securityGroup of securityGroupsInRegion) {
const { GroupId: id } = securityGroup
connections.push({
id,
resourceType: services.sg,
relation: 'child',
field: 'securityGroups',
})
}
}
}

const natResult = {
[NetworkInterfaceId]: connections,
}
Expand Down
6 changes: 3 additions & 3 deletions src/services/networkInterface/format.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ export default ({
Tags: tags = {},
} = rawData

const securityGroups = groups.map(({ GroupId }) => GroupId)
const securityGroupsIds = groups.map(({ GroupId }) => GroupId)

const privateIps = privateIpAddresses.map(
({ PrivateIpAddress }) => PrivateIpAddress
Expand All @@ -46,15 +46,15 @@ export default ({
accountId: account,
arn: networkInterfaceArn({region, account, id}),
region,
subnetId, // TODO: Add subnet connection to network interface
subnetId,
macAddress,
privateIps,
description,
availabilityZone,
status,
vpcId,
interfaceType,
securityGroups,
securityGroupsIds,
privateDnsName,
attachment: {
attachmentId: attachment?.AttachmentId || '',
Expand Down
3 changes: 2 additions & 1 deletion src/services/networkInterface/schema.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ type awsNetworkInterface implements awsBaseService @key(fields: "arn") {
status: String @search(by: [hash, regexp])
vpcId: String @search(by: [hash])
interfaceType: String @search(by: [hash, regexp])
securityGroups: [String] @search(by: [hash])
securityGroupsIds: [String] @search(by: [hash])
privateDnsName: String @search(by: [hash, regexp])
privateIps: [String] @search(by: [hash, regexp])
attachment: awsNetworkInterfaceAttachment
Expand All @@ -20,6 +20,7 @@ type awsNetworkInterface implements awsBaseService @key(fields: "arn") {
flowLogs: [awsFlowLog] @hasInverse(field: networkInterface) #change to singular
sageMakerNotebookInstances: [awsSageMakerNotebookInstance]
@hasInverse(field: networkInterface)
securityGroups: [awsSecurityGroup] @hasInverse(field: networkInterfaces)
}

type awsNetworkInterfaceAttachment
Expand Down
1 change: 1 addition & 0 deletions src/services/securityGroup/schema.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ type awsSecurityGroup implements awsBaseService @key(fields: "id") {
clientVpnEndpoint: [awsClientVpnEndpoint] @hasInverse(field: securityGroups) #change to plural
codebuilds: [awsCodebuild] @hasInverse(field: securityGroups)
managedAirflows: [awsManagedAirflow] @hasInverse(field: securityGroups)
networkInterfaces: [awsNetworkInterface] @hasInverse(field: securityGroups)
elasticSearchDomains: [awsElasticSearchDomain]
@hasInverse(field: securityGroups)
dmsReplicationInstances: [awsDmsReplicationInstance]
Expand Down
4 changes: 3 additions & 1 deletion src/types/generated.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3453,7 +3453,8 @@ export type AwsNetworkInterface = AwsBaseService & {
privateDnsName?: Maybe<Scalars['String']>;
privateIps?: Maybe<Array<Maybe<Scalars['String']>>>;
sageMakerNotebookInstances?: Maybe<Array<Maybe<AwsSageMakerNotebookInstance>>>;
securityGroups?: Maybe<Array<Maybe<Scalars['String']>>>;
securityGroups?: Maybe<Array<Maybe<AwsSecurityGroup>>>;
securityGroupsIds?: Maybe<Array<Maybe<Scalars['String']>>>;
status?: Maybe<Scalars['String']>;
subnet?: Maybe<Array<Maybe<AwsSubnet>>>;
subnetId?: Maybe<Scalars['String']>;
Expand Down Expand Up @@ -3868,6 +3869,7 @@ export type AwsSecurityGroup = AwsBaseService & {
lambda?: Maybe<Array<Maybe<AwsLambda>>>;
managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
name?: Maybe<Scalars['String']>;
networkInterfaces?: Maybe<Array<Maybe<AwsNetworkInterface>>>;
outboundRuleCount?: Maybe<Scalars['Int']>;
outboundRules?: Maybe<Array<Maybe<AwsSgOutboundRule>>>;
owner?: Maybe<Scalars['String']>;
Expand Down