Merge pull request #152 from cloudgraphdev/feat/EP-3201

feat: add efs missing services

Author: dezky

README.md

@@ -111,6 +111,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | ecsTaskDefinition            | ecsService, ecsTask, ecsTaskSet, iamRole                                                                                                                                                                                                                                                                                                                                                                                      |
 | ecsTaskSet                   | ecsCluster, ecsService, ecsTaskDefinition                                                                                                                                                                                                                                                                                                                                                                                     |
 | efs                          | kms                                                                                                                                                                                                                                                                                                                                                                                                                           |
+| efsAccessPoint               |                                                                                                                                                                                                                                                                                                                                                                                                                               |
 | efsMountTarget               | networkInterface, subnet, vpc                                                                                                                                                                                                                                                                                                                                                                                                 |
 | eip                          | ec2, networkInterface, vpc                                                                                                                                                                                                                                                                                                                                                                                                    |
 | eksCluster                   | ec2, iamRole, kms, securityGroup, subnet, vpc                                                                                                                                                                                                                                                                                                                                                                                 |

src/enums/serviceAliases.ts

@@ -33,6 +33,7 @@ export default {
   [services.ecsTask]: 'ecsTasks',
   [services.ecsTaskDefinition]: 'ecsTaskDefinitions',
   [services.ecsTaskSet]: 'ecsTaskSets',
+  [services.efsAccessPoint]: 'efsAccessPoints',
   [services.eksCluster]: 'eksClusters',
   [services.elastiCacheCluster]: 'elastiCacheClusters',
   [services.elastiCacheReplicationGroup]: 'elastiCacheReplicationGroups',

src/enums/serviceMap.ts

@@ -43,6 +43,7 @@ import EcsTask from '../services/ecsTask'
 import EcsTaskDefinition from '../services/ecsTaskDefinition'
 import EcsTaskSet from '../services/ecsTaskSet'
 import EFS from '../services/efs'
+import EfsAccessPoint from '../services/efsAccessPoint'
 import EfsMountTarget from '../services/efsMountTarget'
 import EIP from '../services/eip'
 import EKSCluster from '../services/eksCluster'
@@ -165,6 +166,7 @@ export default {
   [services.ec2Instance]: EC2,
   [services.ecr]: ECR,
   [services.efs]: EFS,
+  [services.efsAccessPoint]: EfsAccessPoint,
   [services.efsMountTarget]: EfsMountTarget,
   [services.eip]: EIP,
   [services.eksCluster]: EKSCluster,

src/enums/services.ts

@@ -43,6 +43,7 @@ export default {
   ecsTaskDefinition: 'ecsTaskDefinition',
   ecsTaskSet: 'ecsTaskSet',
   efs: 'efs',
+  efsAccessPoint: 'efsAccessPoint',
   efsMountTarget: 'efsMountTarget',
   eip: 'eip',
   eksCluster: 'eksCluster',

src/properties/logger.ts

@@ -360,6 +360,8 @@ export default {
     `Found ${num} EFS Mount Targets, adding them to the subnet`,
   doneFetchingEfsData: '✅ Done fetching EFS Data ✅',
   fetchedEfs: (num: number): string => `Fetched ${num} EFS`,
+  fetchedEfsAccessPoints: (num: number): string =>
+    `Fetched ${num} EFS Access Points`,
   fetchedEfsMountTargets: (num: number): string =>
     `Fetched ${num} EFS Mount Targets`,
   fetchedEfsMountTargetSecurityGroups: (num: number): string =>

src/services/account/schema.graphql

@@ -40,6 +40,7 @@ type awsAccount implements awsOptionalService @key(fields: "id") {
   ecsTaskDefinitions: [awsEcsTaskDefinition]
   ecsTaskSets: [awsEcsTaskSet]
   efs: [awsEfs]
+  efsAccessPoint: [awsEfsAccessPoint]
   efsMountTarget: [awsEfsMountTarget]
   eip: [awsEip]
   eksClusters: [awsEksCluster]

src/services/efs/data.ts

@@ -3,6 +3,9 @@ import EFS, {
   FileSystemDescription,
   DescribeFileSystemsRequest,
   DescribeFileSystemsResponse,
+  DescribeFileSystemPolicyRequest,
+  FileSystemPolicyDescription,
+  Policy,
 } from 'aws-sdk/clients/efs'
 import { AWSError } from 'aws-sdk/lib/error'
 import CloudGraph from '@cloudgraph/sdk'
@@ -20,6 +23,42 @@ const serviceName = 'EFS'
 const errorLog = new AwsErrorLog(serviceName)
 const endpoint = initTestEndpoint(serviceName)
 
+const getFileSystemPolicy = async ({
+  efs,
+  FileSystemId,
+}: {
+  efs: EFS
+  FileSystemId: string
+}): Promise<Policy> =>
+  new Promise<Policy>(resolve => {
+    const args: DescribeFileSystemPolicyRequest = { FileSystemId }
+    try {
+      efs.describeFileSystemPolicy(
+        args,
+        (err: AWSError, data: FileSystemPolicyDescription) => {
+          if (err) {
+            errorLog.generateAwsErrorLog({
+              functionName: 'efs:describeFileSystemPolicy',
+              err,
+            })
+          }
+
+          /**
+           * No policy for this file system
+           */
+          if (isEmpty(data)) {
+            return resolve('')
+          }
+
+          const { Policy: policy } = data
+          resolve(policy)
+        }
+      )
+    } catch (error) {
+      resolve('')
+    }
+  })
+
 const listFileSystems = async ({
   efs,
   region,
@@ -29,7 +68,7 @@ const listFileSystems = async ({
   efs: EFS
   region: string
   token?: string
-  resolveRegion: Function
+  resolveRegion: () => void
 }): Promise<FileSystemDescription[]> =>
   new Promise<FileSystemDescription[]>(resolve => {
     const efsList: FileSystemDescription[] = []
@@ -57,10 +96,7 @@ const listFileSystems = async ({
             return resolveRegion()
           }
 
-          const {
-            FileSystems: fileSystems = [],
-            NextMarker: token,
-          }: { FileSystems?: any; NextMarker?: any } = data
+          const { FileSystems: fileSystems = [], NextMarker: token } = data
 
           efsList.push(...fileSystems)
 
@@ -100,6 +136,7 @@ const listFileSystems = async ({
 
 export interface RawAwsEfs extends Omit<FileSystemDescription, 'Tags'> {
   region: string
+  policy: Policy
   Tags?: TagMap
 }
 
@@ -115,21 +152,23 @@ export default async ({
   new Promise(async resolve => {
     const efsFileSystems: RawAwsEfs[] = []
     const regionPromises = []
+    const policyPromises = []
 
     /**
      * Get all the EFS File Systems
      */
 
-    regions.split(',').map(region => {
+    regions.split(',').forEach(region => {
       const efs = new EFS({ ...config, region, endpoint })
       const regionPromise = new Promise<void>(async resolveRegion => {
         const efsList = await listFileSystems({ efs, region, resolveRegion })
         if (!isEmpty(efsList)) {
           efsFileSystems.push(
-            ...efsList.map(efs => ({
-              ...efs,
+            ...efsList.map(efsItem => ({
+              ...efsItem,
               region,
-              Tags: convertAwsTagsToTagMap(efs.Tags),
+              policy: '',
+              Tags: convertAwsTagsToTagMap(efsItem.Tags),
             }))
           )
         }
@@ -139,6 +178,21 @@ export default async ({
     })
 
     await Promise.all(regionPromises)
+
+    // get policy for each rest api
+    efsFileSystems.forEach(({ FileSystemId: id, region }, idx) => {
+      const efs = new EFS({ ...config, region, endpoint })
+      const modelPromise = new Promise<void>(async resolvePolicy => {
+        efsFileSystems[idx].policy = await getFileSystemPolicy({
+          efs,
+          FileSystemId: id,
+        })
+        resolvePolicy()
+      })
+      policyPromises.push(modelPromise)
+    })
+    await Promise.all(policyPromises)
+
     errorLog.reset()
 
     resolve(groupBy(efsFileSystems, 'region'))

src/services/efs/format.ts

@@ -27,6 +27,7 @@ export default ({
     ProvisionedThroughputInMibps: provisionedThroughputInMibps,
     AvailabilityZoneName: availabilityZoneName,
     AvailabilityZoneId: availabilityZoneId,
+    policy,
     Tags,
   } = service
 
@@ -46,14 +47,15 @@ export default ({
       value: sizeInBytes?.Value,
       timestamp: sizeInBytes?.Timestamp?.toISOString(),
       valueInIA: sizeInBytes?.ValueInIA,
-      valueInStandard: sizeInBytes?.ValueInStandard
+      valueInStandard: sizeInBytes?.ValueInStandard,
     },
     performanceMode,
     encrypted,
     throughputMode,
     provisionedThroughputInMibps,
     availabilityZoneName,
     availabilityZoneId,
+    policy,
     tags: formatTagsFromMap(Tags),
   }
 }

src/services/efs/schema.graphql

@@ -16,6 +16,7 @@ type awsEfs implements awsBaseService @key(fields: "arn") {
   tags: [awsRawTag]
   efsMountTarget: [awsEfsMountTarget] @hasInverse(field: efs) #change to plural
   kms: [awsKms] @hasInverse(field: efs)
+  policy: String
 }
 
 type awsEfsFileSystemSize

src/services/efsAccessPoint/data.ts

@@ -0,0 +1,118 @@
+import { Config } from 'aws-sdk'
+import EFS, {
+  DescribeAccessPointsResponse,
+  DescribeAccessPointsRequest,
+  AccessPointDescription,
+} from 'aws-sdk/clients/efs'
+import { AWSError } from 'aws-sdk/lib/error'
+import CloudGraph from '@cloudgraph/sdk'
+import groupBy from 'lodash/groupBy'
+import isEmpty from 'lodash/isEmpty'
+import awsLoggerText from '../../properties/logger'
+import AwsErrorLog from '../../utils/errorLog'
+import { initTestEndpoint } from '../../utils'
+
+const lt = { ...awsLoggerText }
+const { logger } = CloudGraph
+const serviceName = 'EFS Access Point'
+const errorLog = new AwsErrorLog(serviceName)
+const endpoint = initTestEndpoint(serviceName)
+
+export interface RawAwsEfsAccessPoint extends AccessPointDescription {
+  region: string
+}
+
+const listAccessPoint = async ({
+  efs,
+}: {
+  efs: EFS
+}): Promise<AccessPointDescription[]> =>
+  new Promise<AccessPointDescription[]>(resolve => {
+    const accessPointList: AccessPointDescription[] = []
+    const args: DescribeAccessPointsRequest = {}
+    const listAllAccessPoints = (token?: string): void => {
+      if (token) {
+        args.NextToken = token
+      }
+
+      try {
+        efs.describeAccessPoints(
+          args,
+          (err: AWSError, data: DescribeAccessPointsResponse) => {
+            if (err) {
+              errorLog.generateAwsErrorLog({
+                functionName: 'efs:describeAccessPoints',
+                err,
+              })
+            }
+
+            /**
+             * No EFS access point data for this region
+             */
+            if (isEmpty(data)) {
+              return resolve([])
+            }
+
+            const { AccessPoints: accessPoints = [], NextToken: nextToken } =
+              data
+
+            accessPointList.push(...accessPoints)
+
+            /**
+             * Check to see if there are more
+             */
+
+            if (nextToken) {
+              listAllAccessPoints(nextToken)
+            } else {
+              resolve(accessPointList)
+            }
+          }
+        )
+      } catch (error) {
+        resolve([])
+      }
+    }
+    listAllAccessPoints()
+  })
+
+export default async ({
+  regions,
+  config,
+}: {
+  regions: string
+  config: Config
+}): Promise<{
+  [region: string]: RawAwsEfsAccessPoint[]
+}> =>
+  new Promise(async resolve => {
+    const efsAccessPoints: RawAwsEfsAccessPoint[] = []
+    const regionPromises = []
+
+    /**
+     * Get all the EFS Access points
+     */
+
+    regions.split(',').forEach(region => {
+      const efs = new EFS({ ...config, region, endpoint })
+      const regionPromise = new Promise<void>(async resolveRegion => {
+        const accessPointList = await listAccessPoint({ efs })
+        if (!isEmpty(accessPointList)) {
+          efsAccessPoints.push(
+            ...accessPointList.map(accessPoint => ({
+              ...accessPoint,
+              region,
+            }))
+          )
+        }
+        resolveRegion()
+      })
+      regionPromises.push(regionPromise)
+    })
+
+    await Promise.all(regionPromises)
+    logger.debug(lt.fetchedEfsAccessPoints(efsAccessPoints.length))
+    errorLog.reset()
+
+    resolve(groupBy(efsAccessPoints, 'region'))
+  })