Added support for AWS API Gateway #539
Conversation
# Please enter a commit message to explain why this merge is necessary, # especially if it merges an updated upstream into a topic branch. # # Lines starting with '#' will be ignored, and an empty message aborts # the commit.
…aphy into aws-apigateway
# Conflicts: # cartography/intel/aws/__init__.py
# Conflicts: # cartography/intel/aws/__init__.py # docs/schema/aws.md
| return apis | ||
|
|
||
|
|
||
| @timeit |
There was a problem hiding this comment.
Nit: probably not necessary for a transform.
There was a problem hiding this comment.
@achantavy I removed the transform_apigateway_rest_apis() function altogether and added it's body within the load_apigateway_rest_apis() function.
cartography/intel/aws/apigateway.py
Outdated
|
|
||
|
|
||
| @timeit | ||
| def get_rest_api_stages(api, client): |
There was a problem hiding this comment.
[question] Do we need to handle regions here as well? @marco-lancini
| return stages['item'] | ||
|
|
||
|
|
||
| @timeit |
cartography/intel/aws/apigateway.py
Outdated
|
|
||
|
|
||
| @timeit | ||
| @aws_handle_regions |
There was a problem hiding this comment.
handle regions is not necessary for a load function.
There was a problem hiding this comment.
@achantavy Removed it :)
| ingest_rest_apis = """ | ||
| UNWIND {rest_apis_list} AS r | ||
| MERGE (rest_api:APIGatewayRestAPI{id:r.id}) | ||
| ON CREATE SET rest_api.firstseen = timestamp(), |
There was a problem hiding this comment.
The id field you're using here is an arn? If so, also set rest_api.arn in the ON CREATE SET.
There was a problem hiding this comment.
@achantavy id field is an identifier for the REST API. Rest apis don't have arns so we don't need to capture them.
cartography/intel/aws/apigateway.py
Outdated
| """ | ||
| ingest_stages = """ | ||
| UNWIND {stages_list} AS stage | ||
| MERGE (s:APIGatewayStage{id: stage.stageName}) |
There was a problem hiding this comment.
Same comment about also setting an arn field so we know what the id was derived from (assuming the id was derived from an arn. otherwise use whatever the original field was.).
There was a problem hiding this comment.
@achantavy For stages, I created a new field 'arn' since stage name may be same for multiple rest apis.
| ingest_certificates = """ | ||
| UNWIND {certificates_list} as certificate | ||
| MERGE (c:APIGatewayClientCertificate{id: certificate.clientCertificateId}) | ||
| ON CREATE SET c.firstseen = timestamp(), c.createddate = certificate.createdDate |
There was a problem hiding this comment.
@achantavy Client certificates don't have an arn. Just an identifier.
|
@achantavy I've made all the changes as per your review. Please let me know if there are any more changes! :) |
# Conflicts: # cartography/intel/aws/resources.py
This is an initial version of pulling API Gateway REST APIs, Resources, Stages and the Client Certificate details and populating graph db.