Skip to content

Commit 66689c7

Browse files
authored
Merge pull request #11 from cloudgraphdev/fix/CG-908
fix: Added iamRole for lambda service
2 parents f94724f + 52678c4 commit 66689c7

File tree

6 files changed

+138
-109
lines changed

6 files changed

+138
-109
lines changed

README.md

Lines changed: 97 additions & 96 deletions
Large diffs are not rendered by default.

src/services/iamRole/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,4 +26,5 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
2626
ec2Instances: [awsEc2] @hasInverse(field: iamRole)
2727
cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: iamRole)
2828
appSync: [awsAppSync] @hasInverse(field: iamRoles)
29+
lambda: [awsLambda] @hasInverse(field: iamRole)
2930
}

src/services/lambda/connections.ts

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ import { SecurityGroup } from 'aws-sdk/clients/ec2'
77

88
import services from '../../enums/services'
99
import { RawAwsSubnet } from '../subnet/data'
10+
import { RawAwsIamRole } from '../iamRole/data'
11+
import { globalRegionName } from '../../enums/regions'
1012

1113
export default ({
1214
service: lambda,
@@ -22,6 +24,7 @@ export default ({
2224
const {
2325
KMSKeyArn,
2426
FunctionArn: id,
27+
Role,
2528
VpcConfig: { SecurityGroupIds: sgIds = [], SubnetIds: subnetIds = [] } = {},
2629
} = lambda
2730
const connections: ServiceConnection[] = []
@@ -83,7 +86,7 @@ export default ({
8386
if (!isEmpty(subnetsInRegion)) {
8487
for (const subnet of subnetsInRegion) {
8588
connections.push({
86-
id:subnet.SubnetId,
89+
id: subnet.SubnetId,
8790
resourceType: services.subnet,
8891
relation: 'child',
8992
field: 'subnet',
@@ -92,6 +95,30 @@ export default ({
9295
}
9396
}
9497

98+
/**
99+
* Find IAM Role
100+
* related to this lambda function
101+
*/
102+
const iamRoles: {
103+
name: string
104+
data: { [property: string]: RawAwsIamRole[] }
105+
} = data.find(({ name }) => name === services.iamRole)
106+
if (iamRoles?.data?.[globalRegionName]) {
107+
const iamRolesInRegion: RawAwsIamRole[] = iamRoles.data[
108+
globalRegionName
109+
].filter(({ Arn }: RawAwsIamRole) => Arn === Role)
110+
if (!isEmpty(iamRolesInRegion)) {
111+
for (const role of iamRolesInRegion) {
112+
connections.push({
113+
id: role.Arn,
114+
resourceType: services.iamRole,
115+
relation: 'child',
116+
field: 'iamRole',
117+
})
118+
}
119+
}
120+
}
121+
95122
const lambdaResult = {
96123
[id]: connections,
97124
}

src/services/lambda/format.ts

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,16 @@
11
import isEmpty from 'lodash/isEmpty'
22
import t from '../../properties/translations'
33
import { AwsLambda } from '../../types/generated'
4-
import { formatTagsFromMap } from '../../utils/format'
4+
import { formatTagsFromMap, formatIamJsonPolicy } from '../../utils/format'
55
import { RawAwsLambdaFunction } from './data'
6-
import { formatIamJsonPolicy } from '../../utils/format'
76

87
/**
98
* Lambda
109
*/
1110
export default ({
1211
service: rawData,
1312
account,
14-
region
13+
region,
1514
}: {
1615
service: RawAwsLambdaFunction
1716
account: string
@@ -33,10 +32,7 @@ export default ({
3332
Version: version,
3433
reservedConcurrentExecutions: rawReservedConcurrentExecutions,
3534
VpcConfig: vpcConfig,
36-
PolicyData: {
37-
Policy: policy = '',
38-
RevisionId: policyRevisionId = ''
39-
}
35+
PolicyData: { Policy: policy = '', RevisionId: policyRevisionId = '' },
4036
} = rawData
4137
const environmentVariables = []
4238
const secretNames = [t.pass, t.secret, t.private, t.cert]
@@ -53,7 +49,11 @@ export default ({
5349
}
5450
})
5551

56-
environmentVariables.push({ id: `${key}:${desiredValue}`, key, value: desiredValue })
52+
environmentVariables.push({
53+
id: `${key}:${desiredValue}`,
54+
key,
55+
value: desiredValue,
56+
})
5757
})
5858
}
5959
}
@@ -65,7 +65,7 @@ export default ({
6565
const formattedVpcConfig = {
6666
vpcId: vpcConfig?.VpcId,
6767
subnetIds: vpcConfig?.SubnetIds,
68-
securityGroupIds: vpcConfig?.SecurityGroupIds
68+
securityGroupIds: vpcConfig?.SecurityGroupIds,
6969
}
7070

7171
return {
@@ -79,7 +79,6 @@ export default ({
7979
lastModified,
8080
memorySize,
8181
reservedConcurrentExecutions,
82-
role: handler,
8382
runtime,
8483
sourceCodeSize: `${codeSize * 0.001} Kb`,
8584
timeout,

src/services/lambda/schema.graphql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@ type awsLambda implements awsBaseService @key(fields: "arn") {
55
lastModified: String @search(by: [hash, regexp])
66
memorySize: Int @search
77
reservedConcurrentExecutions: Int @search
8-
role: String @search(by: [hash, regexp]) # TODO: add iamRole connection here
98
runtime: String @search(by: [hash, regexp])
109
sourceCodeSize: String @search(by: [hash, regexp])
1110
timeout: Int @search
@@ -22,6 +21,7 @@ type awsLambda implements awsBaseService @key(fields: "arn") {
2221
vpc: [awsVpc] @hasInverse(field: lambda)
2322
cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: lambdas)
2423
appSync: [awsAppSync] @hasInverse(field: lambda)
24+
iamRole: [awsIamRole] @hasInverse(field: lambda)
2525
}
2626

2727
type awsLambdaEnvironmentVariable

src/types/generated.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3064,6 +3064,7 @@ export type AwsIamRole = AwsBaseService & {
30643064
iamAttachedPolicies?: Maybe<Array<Maybe<AwsIamPolicy>>>;
30653065
iamInstanceProfiles?: Maybe<Array<Maybe<AwsIamInstanceProfile>>>;
30663066
inlinePolicies?: Maybe<Array<Maybe<Scalars['String']>>>;
3067+
lambda?: Maybe<Array<Maybe<AwsLambda>>>;
30673068
managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
30683069
maxSessionDuration?: Maybe<Scalars['Int']>;
30693070
name?: Maybe<Scalars['String']>;
@@ -3211,14 +3212,14 @@ export type AwsLambda = AwsBaseService & {
32113212
description?: Maybe<Scalars['String']>;
32123213
environmentVariables?: Maybe<Array<Maybe<AwsLambdaEnvironmentVariable>>>;
32133214
handler?: Maybe<Scalars['String']>;
3215+
iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
32143216
kms?: Maybe<Array<Maybe<AwsKms>>>;
32153217
kmsKeyArn?: Maybe<Scalars['String']>;
32163218
lastModified?: Maybe<Scalars['String']>;
32173219
memorySize?: Maybe<Scalars['Int']>;
32183220
policy?: Maybe<AwsIamJsonPolicy>;
32193221
policyRevisionId?: Maybe<Scalars['String']>;
32203222
reservedConcurrentExecutions?: Maybe<Scalars['Int']>;
3221-
role?: Maybe<Scalars['String']>;
32223223
runtime?: Maybe<Scalars['String']>;
32233224
securityGroups?: Maybe<Array<Maybe<AwsSecurityGroup>>>;
32243225
sourceCodeSize?: Maybe<Scalars['String']>;

0 commit comments

Comments
 (0)