Merge branch 'alpha' into feature/CG-1061

Author: m-pizarro

CHANGELOG.md

@@ -1,3 +1,11 @@
+# [0.79.0-alpha.1](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.78.2-alpha.1...0.79.0-alpha.1) (2022-04-07)
+
+
+### Features
+
+* Handle TODOs for dynamoDB ([625701e](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/625701ea2a47b6be8bdf1fe910a541fd6f1ed132))
+* Handle TODOs for dynamoDB ([2911751](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/2911751e96908793dc1b042b07c28bba340f1134))
+
 ## [0.78.2-alpha.1](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.78.1...0.78.2-alpha.1) (2022-04-06)
 
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloudgraph/cg-provider-aws",
-  "version": "0.78.2-alpha.1",
+  "version": "0.79.0-alpha.1",
   "description": "cloud-graph provider plugin for AWS used to fetch AWS cloud data.",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",

src/services/cloudFormationStack/connections.ts

@@ -1,12 +1,10 @@
 import { ServiceConnection } from '@cloudgraph/sdk'
 import { Stack } from 'aws-sdk/clients/cloudformation'
 import isEmpty from 'lodash/isEmpty'
-import resources from '../../enums/resources'
 import services from '../../enums/services'
 import { RawAwsCloudFormationStack } from './data'
 import { RawAwsIamRole } from '../iamRole/data'
 import { TagMap } from '../../types'
-import { getIamId } from '../../utils/ids'
 import { globalRegionName } from '../../enums/regions'
 
 /**
@@ -84,14 +82,10 @@ export default ({
     )
     if (!isEmpty(dataAtRegion)) {
       for (const instance of dataAtRegion) {
-        const { RoleId: roleId, RoleName: roleName } = instance
+        const { Arn: arn }: RawAwsIamRole = instance
 
         connections.push({
-          id: getIamId({
-            resourceId: roleId,
-            resourceName: roleName,
-            resourceType: resources.iamRole,
-          }),
+          id: arn,
           resourceType: services.iamRole,
           relation: 'child',
           field: 'iamRole',

src/services/cloudFormationStack/format.ts

@@ -124,7 +124,7 @@ export default ({
     timeoutInMinutes,
     capabilities,
     outputs: outputsList,
-    roleArn: roleArn || '', // TODO: create connection to IAM role if possible
+    roleArn: roleArn || '',
     tags: formatTagsFromMap(tags),
     enableTerminationProtection: enableTerminationProtection ? t.yes : t.no,
     parentId: parentId || '',

src/services/cognitoUserPool/connections.ts

@@ -1,7 +1,47 @@
-import { UserPoolType } from 'aws-sdk/clients/cognitoidentityserviceprovider';
+import { UserPoolType, LambdaConfigType } from 'aws-sdk/clients/cognitoidentityserviceprovider'
 
-import { ServiceConnection } from '@cloudgraph/sdk';
-import services from '../../enums/services';
+import { ServiceConnection } from '@cloudgraph/sdk'
+import { isEmpty } from 'lodash'
+import services from '../../enums/services'
+import { sesArn } from '../../utils/generateArns'
+import { RawAwsLambdaFunction } from '../lambda/data'
+import { RawAwsSes } from '../ses/data'
+import { RawAwsIamRole } from '../iamRole/data'
+import { AwsKms } from '../kms/data'
+
+const getLambdasArn = (
+  lambdaConfig?: LambdaConfigType
+): string[] => {
+  if (isEmpty(lambdaConfig)) {
+    return []
+  }
+
+  const {
+    PreSignUp,
+    CustomMessage,
+    PostConfirmation,
+    PreAuthentication,
+    PostAuthentication,
+    DefineAuthChallenge,
+    CreateAuthChallenge,
+    VerifyAuthChallengeResponse,
+    PreTokenGeneration,
+    UserMigration,
+  } = lambdaConfig
+
+  return [
+    PreSignUp,
+    CustomMessage,
+    PostConfirmation,
+    PreAuthentication,
+    PostAuthentication,
+    DefineAuthChallenge,
+    CreateAuthChallenge,
+    VerifyAuthChallengeResponse,
+    PreTokenGeneration,
+    UserMigration,
+  ]?.filter(l => l)
+}
 
 /**
  * Cognito User Pool
@@ -11,7 +51,9 @@ export default ({
   service: userPool,
   data,
   region,
+  account,
 }: {
+  account: string
   data: { name: string; data: { [property: string]: any[] } }[]
   service: UserPoolType & {
     region: string
@@ -23,38 +65,104 @@ export default ({
   const {
     Id: id,
     LambdaConfig: lambdaConfig,
+    EmailConfiguration: emailConfiguration,
+    SmsConfiguration: smsConfiguration,
   } = userPool
 
-  const defineAuthChallengeArn = lambdaConfig?.DefineAuthChallenge
-
   /**
    * Find Lambda Functions
-   * related to this Auto Scaling Group
+   * related to this cognito user pool
    */
+  const lambdasArn: string[] = getLambdasArn(lambdaConfig)
   const lambdas = data.find(({ name }) => name === services.lambda)
 
-  if (defineAuthChallengeArn && lambdas?.data?.[region]) {
-    const lambdaInRegion = lambdas.data[region].find(lambda =>
-      defineAuthChallengeArn === lambda.FunctionArn)
-      
-    if (lambdaInRegion) {
-      const lambdaFunctionArn = lambdaInRegion.FunctionArn
+  if (lambdasArn?.length > 0 && lambdas?.data?.[region]) {
+    const lambdasInRegion: RawAwsLambdaFunction[] = lambdas.data[region].filter(
+      ({ FunctionArn }: RawAwsLambdaFunction) =>
+        lambdasArn.includes(FunctionArn)
+    )
 
+    if (!isEmpty(lambdasInRegion)) {
+      for (const lambda of lambdasInRegion) {
+        connections.push({
+          id: lambda.FunctionArn,
+          resourceType: services.lambda,
+          relation: 'child',
+          field: 'lambdas',
+        })
+      }
+    }
+  }
+
+  /**
+   * Find MKS
+   * related to this cognito user pool
+   */
+  const kmsKeyID = lambdaConfig?.KMSKeyID
+  const kms = data.find(({ name }) => name === services.kms)
+
+  if (kmsKeyID && kms?.data?.[region]) {
+    const kmsInRegion: AwsKms = kms.data[region].find(
+      ({ KeyId }: AwsKms) => kmsKeyID === KeyId
+    )
+
+    if (kmsInRegion) {
       connections.push({
-        id: lambdaFunctionArn,
-        resourceType: services.lambda,
+        id: kmsInRegion.KeyId,
+        resourceType: services.kms,
         relation: 'child',
-        field: 'lambda',
+        field: 'kms',
       })
     }
   }
 
-  // TODO Email Sender
+  /**
+   * Find SES sender
+   * related to this cognito user pool
+   */
+  const emailConfigSourceArn = emailConfiguration?.SourceArn
+  const emails = data.find(({ name }) => name === services.ses)
 
-  // TODO SMS Sender
+  if (emailConfigSourceArn && emails?.data?.[region]) {
+    const emailInRegion: RawAwsSes = emails.data[region].find(
+      ({ Identity }: RawAwsSes) =>
+        emailConfigSourceArn === sesArn({ region, account, email: Identity })
+    )
+
+    if (emailInRegion) {
+      connections.push({
+        id: sesArn({ region, account, email: emailInRegion.Identity }),
+        resourceType: services.ses,
+        relation: 'child',
+        field: 'ses',
+      })
+    }
+  }
+
+  /**
+   * Find SNS caller
+   * related to this cognito user pool
+   */
+  const smsConfigSnsCallerArn = smsConfiguration?.SnsCallerArn
+  const iamRoles = data.find(({ name }) => name === services.iamRole)
+
+  if (smsConfigSnsCallerArn && iamRoles?.data?.[region]) {
+    const iamRoleInRegion: RawAwsIamRole = iamRoles.data[region].find(
+      ({ Arn }: RawAwsIamRole) => smsConfigSnsCallerArn === Arn
+    )
+
+    if (iamRoleInRegion) {
+      connections.push({
+        id: iamRoleInRegion.Arn,
+        resourceType: services.iamRole,
+        relation: 'child',
+        field: 'iamRole',
+      })
+    }
+  }
 
   const userPoolResult = {
     [id]: connections,
   }
   return userPoolResult
-}
+}

src/services/cognitoUserPool/schema.graphql

@@ -119,9 +119,9 @@ type awsCognitoUserPool implements awsBaseService @key(fields: "id") {
   usernameConfigurationCaseSensitive: String @search(by: [hash, regexp])
   accountRecoverySettings: [awsAccountRecoverySetting]
   tags: [awsRawTag]
-  lambda: [awsLambda] @hasInverse(field: cognitoUserPool) #change to plural
+  lambdas: [awsLambda] @hasInverse(field: cognitoUserPools)
   appSync: [awsAppSync] @hasInverse(field: cognitoUserPool)
-}
-
-# TODO: add connetion to kms
-# TODO: add connection to iamRole using SmsConfiguration.SnsCallerArn
+  kms: [awsKms] @hasInverse(field: cognitoUserPools)
+  ses: [awsSes] @hasInverse(field: cognitoUserPools)
+  iamRole: [awsIamRole] @hasInverse(field: cognitoUserPools)
+}

src/services/iamRole/schema.graphql

@@ -23,4 +23,5 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
     @hasInverse(field: iamRole)
   iamInstanceProfiles: [awsIamInstanceProfile] @hasInverse(field: iamRole)
   ec2Instances: [awsEc2] @hasInverse(field: iamRole)
+  cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: iamRole)
 }

src/services/kms/schema.graphql

@@ -28,4 +28,5 @@ type awsKms implements awsBaseService @key(fields: "id") {
   sageMakerNotebookInstances: [awsSageMakerNotebookInstance]
     @hasInverse(field: kms)
   rdsClusterSnapshots: [awsRdsClusterSnapshot] @hasInverse(field: kms)
+  cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: kms)
 }

src/services/lambda/schema.graphql

@@ -20,7 +20,7 @@ type awsLambda implements awsBaseService @key(fields: "arn") {
   securityGroups: [awsSecurityGroup] @hasInverse(field: lambda)
   subnet: [awsSubnet] @hasInverse(field: lambda) #change to plural
   vpc: [awsVpc] @hasInverse(field: lambda)
-  cognitoUserPool: [awsCognitoUserPool] @hasInverse(field: lambda) #change to plural
+  cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: lambdas)
   appSync: [awsAppSync] @hasInverse(field: lambda)
 }
 

src/services/ses/schema.graphql

@@ -1,4 +1,5 @@
 type awsSes implements awsBaseService @key(fields: "arn") {
   email: String @search(by: [hash, regexp])
   verificationStatus: String @search(by: [hash, regexp])
+  cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: ses)
 }