Merge pull request #11 from cloudgraphdev/fix/CG-908

fix: Added iamRole for lambda service

Author: tyler-dunkel

README.md

@@ -26,4 +26,5 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
   ec2Instances: [awsEc2] @hasInverse(field: iamRole)
   cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: iamRole)
   appSync: [awsAppSync] @hasInverse(field: iamRoles)
+  lambda: [awsLambda] @hasInverse(field: iamRole)
 }

src/services/iamRole/schema.graphql

@@ -7,6 +7,8 @@ import { SecurityGroup } from 'aws-sdk/clients/ec2'
 
 import services from '../../enums/services'
 import { RawAwsSubnet } from '../subnet/data'
+import { RawAwsIamRole } from '../iamRole/data'
+import { globalRegionName } from '../../enums/regions'
 
 export default ({
   service: lambda,
@@ -22,6 +24,7 @@ export default ({
   const {
     KMSKeyArn,
     FunctionArn: id,
+    Role,
     VpcConfig: { SecurityGroupIds: sgIds = [], SubnetIds: subnetIds = [] } = {},
   } = lambda
   const connections: ServiceConnection[] = []
@@ -83,7 +86,7 @@ export default ({
     if (!isEmpty(subnetsInRegion)) {
       for (const subnet of subnetsInRegion) {
         connections.push({
-          id:subnet.SubnetId,
+          id: subnet.SubnetId,
           resourceType: services.subnet,
           relation: 'child',
           field: 'subnet',
@@ -92,6 +95,30 @@ export default ({
     }
   }
 
+  /**
+   * Find IAM Role
+   * related to this lambda function
+   */
+  const iamRoles: {
+    name: string
+    data: { [property: string]: RawAwsIamRole[] }
+  } = data.find(({ name }) => name === services.iamRole)
+  if (iamRoles?.data?.[globalRegionName]) {
+    const iamRolesInRegion: RawAwsIamRole[] = iamRoles.data[
+      globalRegionName
+    ].filter(({ Arn }: RawAwsIamRole) => Arn === Role)
+    if (!isEmpty(iamRolesInRegion)) {
+      for (const role of iamRolesInRegion) {
+        connections.push({
+          id: role.Arn,
+          resourceType: services.iamRole,
+          relation: 'child',
+          field: 'iamRole',
+        })
+      }
+    }
+  }
+
   const lambdaResult = {
     [id]: connections,
   }

src/services/lambda/connections.ts

@@ -1,17 +1,16 @@
 import isEmpty from 'lodash/isEmpty'
 import t from '../../properties/translations'
 import { AwsLambda } from '../../types/generated'
-import { formatTagsFromMap } from '../../utils/format'
+import { formatTagsFromMap, formatIamJsonPolicy } from '../../utils/format'
 import { RawAwsLambdaFunction } from './data'
-import { formatIamJsonPolicy } from '../../utils/format'
 
 /**
  * Lambda
  */
 export default ({
   service: rawData,
   account,
-  region
+  region,
 }: {
   service: RawAwsLambdaFunction
   account: string
@@ -33,10 +32,7 @@ export default ({
     Version: version,
     reservedConcurrentExecutions: rawReservedConcurrentExecutions,
     VpcConfig: vpcConfig,
-    PolicyData: {
-      Policy: policy = '',
-      RevisionId: policyRevisionId = ''
-    }
+    PolicyData: { Policy: policy = '', RevisionId: policyRevisionId = '' },
   } = rawData
   const environmentVariables = []
   const secretNames = [t.pass, t.secret, t.private, t.cert]
@@ -53,7 +49,11 @@ export default ({
           }
         })
 
-        environmentVariables.push({ id: `${key}:${desiredValue}`, key, value: desiredValue })
+        environmentVariables.push({
+          id: `${key}:${desiredValue}`,
+          key,
+          value: desiredValue,
+        })
       })
     }
   }
@@ -65,7 +65,7 @@ export default ({
   const formattedVpcConfig = {
     vpcId: vpcConfig?.VpcId,
     subnetIds: vpcConfig?.SubnetIds,
-    securityGroupIds: vpcConfig?.SecurityGroupIds
+    securityGroupIds: vpcConfig?.SecurityGroupIds,
   }
 
   return {
@@ -79,7 +79,6 @@ export default ({
     lastModified,
     memorySize,
     reservedConcurrentExecutions,
-    role: handler,
     runtime,
     sourceCodeSize: `${codeSize * 0.001} Kb`,
     timeout,

src/services/lambda/format.ts

@@ -5,7 +5,6 @@ type awsLambda implements awsBaseService @key(fields: "arn") {
   lastModified: String @search(by: [hash, regexp])
   memorySize: Int @search
   reservedConcurrentExecutions: Int @search
-  role: String @search(by: [hash, regexp]) # TODO: add iamRole connection here
   runtime: String @search(by: [hash, regexp])
   sourceCodeSize: String @search(by: [hash, regexp])
   timeout: Int @search
@@ -22,6 +21,7 @@ type awsLambda implements awsBaseService @key(fields: "arn") {
   vpc: [awsVpc] @hasInverse(field: lambda)
   cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: lambdas)
   appSync: [awsAppSync] @hasInverse(field: lambda)
+  iamRole: [awsIamRole] @hasInverse(field: lambda)
 }
 
 type awsLambdaEnvironmentVariable

src/services/lambda/schema.graphql

@@ -3064,6 +3064,7 @@ export type AwsIamRole = AwsBaseService & {
   iamAttachedPolicies?: Maybe<Array<Maybe<AwsIamPolicy>>>;
   iamInstanceProfiles?: Maybe<Array<Maybe<AwsIamInstanceProfile>>>;
   inlinePolicies?: Maybe<Array<Maybe<Scalars['String']>>>;
+  lambda?: Maybe<Array<Maybe<AwsLambda>>>;
   managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
   maxSessionDuration?: Maybe<Scalars['Int']>;
   name?: Maybe<Scalars['String']>;
@@ -3211,14 +3212,14 @@ export type AwsLambda = AwsBaseService & {
   description?: Maybe<Scalars['String']>;
   environmentVariables?: Maybe<Array<Maybe<AwsLambdaEnvironmentVariable>>>;
   handler?: Maybe<Scalars['String']>;
+  iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
   kms?: Maybe<Array<Maybe<AwsKms>>>;
   kmsKeyArn?: Maybe<Scalars['String']>;
   lastModified?: Maybe<Scalars['String']>;
   memorySize?: Maybe<Scalars['Int']>;
   policy?: Maybe<AwsIamJsonPolicy>;
   policyRevisionId?: Maybe<Scalars['String']>;
   reservedConcurrentExecutions?: Maybe<Scalars['Int']>;
-  role?: Maybe<Scalars['String']>;
   runtime?: Maybe<Scalars['String']>;
   securityGroups?: Maybe<Array<Maybe<AwsSecurityGroup>>>;
   sourceCodeSize?: Maybe<Scalars['String']>;