Skip to content

Commit 04809fa

Browse files
authored
Merge pull request #26 from cloudgraphdev/fix/CG-398
fix: add connection between networkInterface and securityGroup services
2 parents 6be83d5 + 8efe2aa commit 04809fa

File tree

6 files changed

+43
-8
lines changed

6 files changed

+43
-8
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
135135
| managedAirflow | iamRole, securityGroups, subnet, s3 |
136136
| nacl | vpc |
137137
| natGateway | networkInterface, subnet, vpc |
138-
| networkInterface | ec2, eip, efsMountTarget, natGateway, sageMakerNotebookInstance, subnet, vpc, flowLog |
138+
| networkInterface | ec2, eip, efsMountTarget, natGateway, sageMakerNotebookInstance, subnet, vpc, flowLog, securityGroup |
139139
| organization |
140140
| rdsCluster | appSync, rdsClusterSnapshot, rdsDbInstance, securityGroup, iamRole, kms |
141141
| rdsClusterSnapshot | kms, rdsCluster, vpc |
@@ -149,7 +149,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
149149
| sageMakerProject | |
150150
| s3 | cloudfront, cloudtrail, ecsCluster, iamRole, kinesisFirehose, lambda, managedAirflow, sns, sqs |
151151
| secretsManager | kms, lambda |
152-
| securityGroup | alb, asg, clientVpnEndpoint, codebuild, dmsReplicationInstance, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow, sageMakerNotebookInstance |
152+
| securityGroup | alb, asg, clientVpnEndpoint, codebuild, dmsReplicationInstance, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow, sageMakerNotebookInstance, networkInterface |
153153
| ses | |
154154
| sns | kms, cloudtrail, cloudwatch, s3 |
155155
| sqs | s3 |

src/services/networkInterface/connections.ts

Lines changed: 32 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import { RawAwsSubnet } from '../subnet/data'
66
import { RawFlowLog } from '../flowLogs/data'
77
import { RawNetworkInterface } from './data'
88
import { RawAwsSageMakerNotebookInstance } from '../sageMakerNotebookInstance/data'
9+
import { AwsSecurityGroup } from '../securityGroup/data'
910

1011
export default ({
1112
service: networkInterface,
@@ -18,7 +19,8 @@ export default ({
1819
}): {
1920
[property: string]: ServiceConnection[]
2021
} => {
21-
const { NetworkInterfaceId, SubnetId } = networkInterface
22+
const { NetworkInterfaceId, SubnetId, Groups = [] } = networkInterface
23+
const sgIds = Groups.map(({ GroupId }) => GroupId)
2224
const connections: ServiceConnection[] = []
2325
/**
2426
* Find Subnets used in Network Interface
@@ -87,6 +89,35 @@ export default ({
8789
}
8890
}
8991

92+
/**
93+
* Find related security groups
94+
*/
95+
const securityGroups: {
96+
name: string
97+
data: { [property: string]: any[] }
98+
} = data.find(({ name }) => name === services.sg)
99+
if (securityGroups?.data?.[region]) {
100+
const securityGroupsInRegion: AwsSecurityGroup[] = securityGroups.data[
101+
region
102+
].filter(
103+
({ GroupId }: AwsSecurityGroup) =>
104+
!isEmpty(sgIds) &&
105+
sgIds.filter(str => str.toLowerCase().includes(GroupId.toLowerCase()))
106+
.length > 0
107+
)
108+
if (!isEmpty(securityGroupsInRegion)) {
109+
for (const securityGroup of securityGroupsInRegion) {
110+
const { GroupId: id } = securityGroup
111+
connections.push({
112+
id,
113+
resourceType: services.sg,
114+
relation: 'child',
115+
field: 'securityGroups',
116+
})
117+
}
118+
}
119+
}
120+
90121
const natResult = {
91122
[NetworkInterfaceId]: connections,
92123
}

src/services/networkInterface/format.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ export default ({
3232
Tags: tags = {},
3333
} = rawData
3434

35-
const securityGroups = groups.map(({ GroupId }) => GroupId)
35+
const securityGroupsIds = groups.map(({ GroupId }) => GroupId)
3636

3737
const privateIps = privateIpAddresses.map(
3838
({ PrivateIpAddress }) => PrivateIpAddress
@@ -46,15 +46,15 @@ export default ({
4646
accountId: account,
4747
arn: networkInterfaceArn({region, account, id}),
4848
region,
49-
subnetId, // TODO: Add subnet connection to network interface
49+
subnetId,
5050
macAddress,
5151
privateIps,
5252
description,
5353
availabilityZone,
5454
status,
5555
vpcId,
5656
interfaceType,
57-
securityGroups,
57+
securityGroupsIds,
5858
privateDnsName,
5959
attachment: {
6060
attachmentId: attachment?.AttachmentId || '',

src/services/networkInterface/schema.graphql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ type awsNetworkInterface implements awsBaseService @key(fields: "arn") {
66
status: String @search(by: [hash, regexp])
77
vpcId: String @search(by: [hash])
88
interfaceType: String @search(by: [hash, regexp])
9-
securityGroups: [String] @search(by: [hash])
9+
securityGroupsIds: [String] @search(by: [hash])
1010
privateDnsName: String @search(by: [hash, regexp])
1111
privateIps: [String] @search(by: [hash, regexp])
1212
attachment: awsNetworkInterfaceAttachment
@@ -20,6 +20,7 @@ type awsNetworkInterface implements awsBaseService @key(fields: "arn") {
2020
flowLogs: [awsFlowLog] @hasInverse(field: networkInterface) #change to singular
2121
sageMakerNotebookInstances: [awsSageMakerNotebookInstance]
2222
@hasInverse(field: networkInterface)
23+
securityGroups: [awsSecurityGroup] @hasInverse(field: networkInterfaces)
2324
}
2425

2526
type awsNetworkInterfaceAttachment

src/services/securityGroup/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ type awsSecurityGroup implements awsBaseService @key(fields: "id") {
2222
clientVpnEndpoint: [awsClientVpnEndpoint] @hasInverse(field: securityGroups) #change to plural
2323
codebuilds: [awsCodebuild] @hasInverse(field: securityGroups)
2424
managedAirflows: [awsManagedAirflow] @hasInverse(field: securityGroups)
25+
networkInterfaces: [awsNetworkInterface] @hasInverse(field: securityGroups)
2526
elasticSearchDomains: [awsElasticSearchDomain]
2627
@hasInverse(field: securityGroups)
2728
dmsReplicationInstances: [awsDmsReplicationInstance]

src/types/generated.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3458,7 +3458,8 @@ export type AwsNetworkInterface = AwsBaseService & {
34583458
privateDnsName?: Maybe<Scalars['String']>;
34593459
privateIps?: Maybe<Array<Maybe<Scalars['String']>>>;
34603460
sageMakerNotebookInstances?: Maybe<Array<Maybe<AwsSageMakerNotebookInstance>>>;
3461-
securityGroups?: Maybe<Array<Maybe<Scalars['String']>>>;
3461+
securityGroups?: Maybe<Array<Maybe<AwsSecurityGroup>>>;
3462+
securityGroupsIds?: Maybe<Array<Maybe<Scalars['String']>>>;
34623463
status?: Maybe<Scalars['String']>;
34633464
subnet?: Maybe<Array<Maybe<AwsSubnet>>>;
34643465
subnetId?: Maybe<Scalars['String']>;
@@ -3873,6 +3874,7 @@ export type AwsSecurityGroup = AwsBaseService & {
38733874
lambda?: Maybe<Array<Maybe<AwsLambda>>>;
38743875
managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
38753876
name?: Maybe<Scalars['String']>;
3877+
networkInterfaces?: Maybe<Array<Maybe<AwsNetworkInterface>>>;
38763878
outboundRuleCount?: Maybe<Scalars['Int']>;
38773879
outboundRules?: Maybe<Array<Maybe<AwsSgOutboundRule>>>;
38783880
owner?: Maybe<Scalars['String']>;

0 commit comments

Comments
 (0)