Merge pull request #148 from cloudgraphdev/feat/EP-3196

feat: add ecr missing services

Author: dezky

src/properties/logger.ts

@@ -501,6 +501,10 @@ export default {
     `Found another ${num} ECR repos in this region...`,
   gettingECRRepos: 'Fetching ECR repos...',
   gettingECRRepoTags: 'Fetching tags for each ECR repo...',
+  gettingECRRepoLifecyclePolicy:
+    'Fetching lifecycle policy for each ECR repo...',
+  gettingECRRepoRepositoryPolicy:
+    'Fetching repository policy for each ECR repo...',
   /**
    * Transit Gateway
    */

src/services/ecr/data.ts

@@ -3,6 +3,8 @@ import { AWSError } from 'aws-sdk/lib/error'
 import ECR, {
   DescribeRepositoriesRequest,
   DescribeRepositoriesResponse,
+  GetLifecyclePolicyResponse,
+  GetRepositoryPolicyResponse,
   ListTagsForResourceResponse,
   Repository,
   RepositoryList,
@@ -27,6 +29,8 @@ const MAX_ITEMS = 1000
 export interface RawAwsEcr extends Repository {
   region: string
   Tags?: TagMap
+  lifecyclePolicy: GetLifecyclePolicyResponse
+  repositoryPolicy: GetRepositoryPolicyResponse
 }
 
 const listReposForRegion = async ({
@@ -99,6 +103,56 @@ const getResourceTags = async (ecr: ECR, arn: string): Promise<TagMap> =>
     }
   })
 
+const getLifecyclePolicy = async (
+  ecr: ECR,
+  registryId: string,
+  repositoryName: string
+): Promise<GetLifecyclePolicyResponse> =>
+  new Promise(resolve => {
+    try {
+      ecr.getLifecyclePolicy(
+        { registryId, repositoryName },
+        (err: AWSError, data: GetLifecyclePolicyResponse) => {
+          if (err) {
+            errorLog.generateAwsErrorLog({
+              functionName: 'ecr:getLifecyclePolicy',
+              err,
+            })
+            return resolve({})
+          }
+          resolve(data)
+        }
+      )
+    } catch (error) {
+      resolve({})
+    }
+  })
+
+const getRepositoryPolicy = async (
+  ecr: ECR,
+  registryId: string,
+  repositoryName: string
+): Promise<GetRepositoryPolicyResponse> =>
+  new Promise(resolve => {
+    try {
+      ecr.getRepositoryPolicy(
+        { registryId, repositoryName },
+        (err: AWSError, data: GetRepositoryPolicyResponse) => {
+          if (err) {
+            errorLog.generateAwsErrorLog({
+              functionName: 'ecr:getRepositoryPolicy',
+              err,
+            })
+            return resolve({})
+          }
+          resolve(data)
+        }
+      )
+    } catch (error) {
+      resolve({})
+    }
+  })
+
 export default async ({
   regions,
   config,
@@ -112,9 +166,11 @@ export default async ({
     const ecrData: RawAwsEcr[] = []
     const regionPromises = []
     const tagsPromises = []
+    const lifecyclePoliciesPromises = []
+    const repositoryPoliciesPromises = []
 
     // get all repositories for all regions
-    regions.split(',').map(region => {
+    regions.split(',').forEach(region => {
       const ecr = new ECR({ ...config, region, endpoint })
       const regionPromise = new Promise<void>(async resolveRegion => {
         const repositoryList = await listReposForRegion({
@@ -126,6 +182,8 @@ export default async ({
             ...repositoryList.map(repo => ({
               ...repo,
               region,
+              lifecyclePolicy: {},
+              repositoryPolicy: {},
             }))
           )
         }
@@ -138,7 +196,7 @@ export default async ({
     await Promise.all(regionPromises)
 
     // get all tags for each repository
-    ecrData.map(({ repositoryArn, region }, idx) => {
+    ecrData.forEach(({ repositoryArn, region }, idx) => {
       const ecr = new ECR({ ...config, region, endpoint })
       const tagsPromise = new Promise<void>(async resolveTags => {
         const envTags: TagMap = await getResourceTags(ecr, repositoryArn)
@@ -150,6 +208,47 @@ export default async ({
 
     logger.debug(lt.gettingECRRepoTags)
     await Promise.all(tagsPromises)
+
+    // get lifecycle policy for each repository
+    ecrData.forEach(({ registryId, repositoryName, region }, idx) => {
+      const ecr = new ECR({ ...config, region, endpoint })
+      const lifecyclePolicyPromise = new Promise<void>(
+        async resolveLifecyclePolicy => {
+          const lifecyclePolicy = await getLifecyclePolicy(
+            ecr,
+            registryId,
+            repositoryName
+          )
+          ecrData[idx].lifecyclePolicy = lifecyclePolicy
+          resolveLifecyclePolicy()
+        }
+      )
+      lifecyclePoliciesPromises.push(lifecyclePolicyPromise)
+    })
+
+    logger.debug(lt.gettingECRRepoLifecyclePolicy)
+    await Promise.all(lifecyclePoliciesPromises)
+
+    // get repository policy for each repository
+    ecrData.forEach(({ registryId, repositoryName, region }, idx) => {
+      const ecr = new ECR({ ...config, region, endpoint })
+      const repositoryPolicyPromise = new Promise<void>(
+        async resolveRepositoryPolicy => {
+          const repositoryPolicy = await getRepositoryPolicy(
+            ecr,
+            registryId,
+            repositoryName
+          )
+          ecrData[idx].repositoryPolicy = repositoryPolicy
+          resolveRepositoryPolicy()
+        }
+      )
+      repositoryPoliciesPromises.push(repositoryPolicyPromise)
+    })
+
+    logger.debug(lt.gettingECRRepoRepositoryPolicy)
+    await Promise.all(repositoryPoliciesPromises)
+
     errorLog.reset()
 
     resolve(groupBy(ecrData, 'region'))

src/services/ecr/format.ts

@@ -5,7 +5,7 @@ import { RawAwsEcr } from './data'
 export default ({
   service: rawData,
   account,
-  region
+  region,
 }: {
   service: RawAwsEcr
   account: string
@@ -19,8 +19,13 @@ export default ({
     createdAt,
     imageTagMutability,
     imageScanningConfiguration: { scanOnPush: imageScanOnPush = false } = {},
-    encryptionConfiguration: { encryptionType: type = 'none', kmsKey = '' } = {},
+    encryptionConfiguration: {
+      encryptionType: type = 'none',
+      kmsKey = '',
+    } = {},
     Tags,
+    lifecyclePolicy,
+    repositoryPolicy,
   } = rawData
 
   return {
@@ -36,5 +41,7 @@ export default ({
     registryAccountId,
     repositoryUri,
     tags: formatTagsFromMap(Tags),
+    lifecyclePolicy,
+    repositoryPolicy,
   }
 }

src/services/ecr/schema.graphql

@@ -8,6 +8,8 @@ type awsEcr implements awsBaseService @key(fields: "arn") {
   repositoryUri: String @search(by: [hash, regexp])
   scanOnPush: Boolean @search
   tags: [awsRawTag]
+  lifecyclePolicy: awsEcrLifecyclePolicy
+  repositoryPolicy: awsEcrRepositoryPolicy
 }
 
 type awsEcrEncryptionConfiguration
@@ -19,3 +21,15 @@ type awsEcrEncryptionConfiguration
   type: String @search(by: [hash, regexp])
   kmsKey: String @search(by: [hash, regexp])
 }
+
+type awsEcrLifecyclePolicy {
+  registryId: String
+  repositoryName: String
+  lifecyclePolicyText: String
+}
+
+type awsEcrRepositoryPolicy {
+  registryId: String
+  repositoryName: String
+  policyText: String
+}

src/types/generated.ts

@@ -1749,8 +1749,10 @@ export type AwsEcr = AwsBaseService & {
   encryptionConfig?: Maybe<AwsEcrEncryptionConfiguration>;
   imageScanOnPush?: Maybe<Scalars['Boolean']>;
   imageTagMutability?: Maybe<Scalars['String']>;
+  lifecyclePolicy?: Maybe<AwsEcrLifecyclePolicy>;
   name?: Maybe<Scalars['String']>;
   registryAccountId?: Maybe<Scalars['String']>;
+  repositoryPolicy?: Maybe<AwsEcrRepositoryPolicy>;
   repositoryUri?: Maybe<Scalars['String']>;
   scanOnPush?: Maybe<Scalars['Boolean']>;
   tags?: Maybe<Array<Maybe<AwsRawTag>>>;
@@ -1761,6 +1763,18 @@ export type AwsEcrEncryptionConfiguration = {
   type?: Maybe<Scalars['String']>;
 };
 
+export type AwsEcrLifecyclePolicy = {
+  lifecyclePolicyText?: Maybe<Scalars['String']>;
+  registryId?: Maybe<Scalars['String']>;
+  repositoryName?: Maybe<Scalars['String']>;
+};
+
+export type AwsEcrRepositoryPolicy = {
+  policyText?: Maybe<Scalars['String']>;
+  registryId?: Maybe<Scalars['String']>;
+  repositoryName?: Maybe<Scalars['String']>;
+};
+
 export type AwsEcsAttachment = {
   details?: Maybe<Array<Maybe<AwsEcsAttachmentDetail>>>;
   id: Scalars['String'];