fix: Added missing connections to managedAirflow

Author: Marco Franceschi

src/enums/serviceAliases.ts

@@ -47,6 +47,7 @@ export default {
   [services.iamUser]: 'iamUsers',
   [services.kinesisStream]: 'kinesisStreams',
   [services.lambda]: 'lambdaFunctions',
+  [services.managedAirflow]: 'managedAirflows',
   [services.nat]: 'natGateway',
   [services.networkInterface]: 'networkInterfaces',
   [services.organization]: 'organizations',

src/services/cloudwatchLogs/schema.graphql

@@ -15,6 +15,7 @@ type awsCloudwatchLog @key(fields: "arn") {
   cloudtrail: [awsCloudtrail] @hasInverse(field: cloudwatchLog)
   ecsCluster: [awsEcsCluster] @hasInverse(field: cloudwatchLog)
   rdsDbInstance: [awsRdsDbInstance] @hasInverse(field: cloudwatchLogs)
+  managedAirflows: [awsManagedAirflow] @hasInverse(field: cloudwatchLogs)
 }
 
 type awsMetricFilter

src/services/iamRole/schema.graphql

@@ -20,8 +20,10 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
   iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamRoles)
   iamInstanceProfiles: [awsIamInstanceProfile] @hasInverse(field: iamRole)
   managedAirflows: [awsManagedAirflow] @hasInverse(field: iamRoles)
-  sageMakerNotebookInstances: [awsSageMakerNotebookInstance] @hasInverse(field: iamRole)
-  systemsManagerInstances: [awsSystemsManagerInstance] @hasInverse(field: iamRole)
+  sageMakerNotebookInstances: [awsSageMakerNotebookInstance]
+    @hasInverse(field: iamRole)
+  systemsManagerInstances: [awsSystemsManagerInstance]
+    @hasInverse(field: iamRole)
   s3: [awsS3] @hasInverse(field: iamRole)
   dynamodb: [awsDynamoDbTable] @hasInverse(field: iamRoles)
   ec2Instances: [awsEc2] @hasInverse(field: iamRole)

src/services/kms/schema.graphql

@@ -49,4 +49,5 @@ type awsKms implements awsBaseService @key(fields: "id") {
   cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: kms)
   rdsCluster: [awsRdsCluster] @hasInverse(field: kms)
   rdsDbInstance: [awsRdsDbInstance] @hasInverse(field: kms)
+  managedAirflows: [awsManagedAirflow] @hasInverse(field: kms)
 }

src/services/managedAirflow/connections.ts

@@ -4,6 +4,8 @@ import services from '../../enums/services'
 import { RawAwsManagedAirflow } from '../managedAirflow/data'
 import { RawAwsS3 } from '../s3/data'
 import { AwsSecurityGroup } from '../securityGroup/data'
+import { RawAwsLogGroup } from '../cloudwatchLogs/data'
+import { AwsKms } from '../kms/data'
 import { s3BucketArn } from '../../utils/generateArns'
 
 export default ({
@@ -17,49 +19,110 @@ export default ({
 }): {
   [property: string]: ServiceConnection[]
 } => {
-  const { Arn, SourceBucketArn, NetworkConfiguration: { SecurityGroupIds = [] } = {} } = airflow
+  const {
+    Arn: id,
+    SourceBucketArn,
+    NetworkConfiguration: { SecurityGroupIds = [] } = {},
+    LoggingConfiguration,
+    KmsKey,
+  } = airflow
   const connections: ServiceConnection[] = []
 
   /**
    * Find any S3 related data
    */
-   const buckets = data.find(({ name }) => name === services.s3)
-   if (buckets?.data?.[region]) {
-     const dataAtRegion: RawAwsS3[] = buckets.data[region].filter(
-       ({ Name: name }: RawAwsS3) =>
-         s3BucketArn({ name }) === SourceBucketArn
-     )
-     for (const bucket of dataAtRegion) {
-       connections.push({
-         id: bucket.Id,
-         resourceType: services.s3,
-         relation: 'child',
-         field: 's3',
-       })
-     }
-   }
+  const buckets = data.find(({ name }) => name === services.s3)
+  if (buckets?.data?.[region]) {
+    const dataAtRegion: RawAwsS3[] = buckets.data[region].filter(
+      ({ Name: name }: RawAwsS3) => s3BucketArn({ name }) === SourceBucketArn
+    )
+    for (const bucket of dataAtRegion) {
+      connections.push({
+        id: bucket.Id,
+        resourceType: services.s3,
+        relation: 'child',
+        field: 's3',
+      })
+    }
+  }
 
-   /**
+  /**
    * Find any securityGroups related data
    */
-    const securityGroups = data.find(({ name }) => name === services.sg)
-    if (securityGroups?.data?.[region]) {
-      const dataAtRegion: AwsSecurityGroup[] = securityGroups.data[region].filter(
-        ({ GroupId  }: AwsSecurityGroup) =>
-        SecurityGroupIds.includes(GroupId)
-      )
-      for (const securityGroup of dataAtRegion) {
-        connections.push({
-          id: securityGroup.GroupId,
-          resourceType: services.sg,
-          relation: 'child',
-          field: 'securityGroups',
-        })
+  const securityGroups = data.find(({ name }) => name === services.sg)
+  if (securityGroups?.data?.[region]) {
+    const dataAtRegion: AwsSecurityGroup[] = securityGroups.data[region].filter(
+      ({ GroupId }: AwsSecurityGroup) => SecurityGroupIds.includes(GroupId)
+    )
+    for (const securityGroup of dataAtRegion) {
+      connections.push({
+        id: securityGroup.GroupId,
+        resourceType: services.sg,
+        relation: 'child',
+        field: 'securityGroups',
+      })
+    }
+  }
+
+  /**
+   * Find any cloudwatch log group related data
+   */
+  const cloudwatchLogs = data.find(
+    ({ name }) => name === services.cloudwatchLog
+  )
+  if (cloudwatchLogs?.data?.[region]) {
+    const dataAtRegion: RawAwsLogGroup[] = cloudwatchLogs.data[region].filter(
+      ({ logGroupName }: RawAwsLogGroup) => {
+        return (
+          LoggingConfiguration?.TaskLogs?.CloudWatchLogGroupArn?.includes(
+            logGroupName
+          ) ||
+          LoggingConfiguration?.SchedulerLogs?.CloudWatchLogGroupArn?.includes(
+            logGroupName
+          ) ||
+          LoggingConfiguration?.WorkerLogs?.CloudWatchLogGroupArn?.includes(
+            logGroupName
+          ) ||
+          LoggingConfiguration?.WebserverLogs?.CloudWatchLogGroupArn?.includes(
+            logGroupName
+          ) ||
+          LoggingConfiguration?.DagProcessingLogs?.CloudWatchLogGroupArn?.includes(
+            logGroupName
+          )
+        )
       }
+    )
+
+    for (const logGroup of dataAtRegion) {
+      connections.push({
+        id: logGroup.logGroupName,
+        resourceType: services.cloudwatchLog,
+        relation: 'child',
+        field: 'cloudwatchLogs',
+      })
+    }
+  }
+
+  /**
+   * Find any kms related data
+   */
+  const kms = data.find(({ name }) => name === services.kms)
+  if (kms?.data?.[region]) {
+    const dataAtRegion: AwsKms[] = kms.data[region].filter(
+      ({ Arn }: AwsKms) => Arn === KmsKey
+    )
+
+    for (const kmsKey of dataAtRegion) {
+      connections.push({
+        id: kmsKey.KeyId,
+        resourceType: services.kms,
+        relation: 'child',
+        field: 'kms',
+      })
     }
+  }
 
-  const natResult = {
-    [Arn]: connections,
+  return {
+    [id]: connections,
   }
-  return natResult
 }

src/services/managedAirflow/schema.graphql

@@ -26,6 +26,8 @@ type awsManagedAirflow implements awsBaseService @key(fields: "arn") {
   subnets: [awsSubnet] @hasInverse(field: managedAirflows)
   securityGroups: [awsSecurityGroup] @hasInverse(field: managedAirflows)
   s3: [awsS3] @hasInverse(field: managedAirflows)
+  kms: [awsKms] @hasInverse(field: managedAirflows)
+  cloudwatchLogs: [awsCloudwatchLog] @hasInverse(field: managedAirflows)
 }
 
 type awsManagedAirflowNetworkConfig {

src/types/generated.ts

@@ -922,6 +922,7 @@ export type AwsCloudwatchLog = {
   id: Scalars['String'];
   kms?: Maybe<Array<Maybe<AwsKms>>>;
   kmsKeyId?: Maybe<Scalars['String']>;
+  managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
   metricFilterCount?: Maybe<Scalars['Int']>;
   metricFilters?: Maybe<Array<Maybe<AwsMetricFilter>>>;
   rdsDbInstance?: Maybe<Array<Maybe<AwsRdsDbInstance>>>;
@@ -3218,6 +3219,7 @@ export type AwsKms = AwsBaseService & {
   keyRotationEnabled?: Maybe<Scalars['Boolean']>;
   keyState?: Maybe<Scalars['String']>;
   lambda?: Maybe<Array<Maybe<AwsLambda>>>;
+  managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
   origin?: Maybe<Scalars['String']>;
   policy?: Maybe<AwsIamJsonPolicy>;
   rdsCluster?: Maybe<Array<Maybe<AwsRdsCluster>>>;
@@ -3324,11 +3326,13 @@ export type AwsLcBlockDeviceMapping = {
 export type AwsManagedAirflow = AwsBaseService & {
   airflowConfigurationOptions?: Maybe<Array<Maybe<AwsRawTag>>>;
   airflowVersion?: Maybe<Scalars['String']>;
+  cloudwatchLogs?: Maybe<Array<Maybe<AwsCloudwatchLog>>>;
   createdAt?: Maybe<Scalars['DateTime']>;
   dagS3Path?: Maybe<Scalars['String']>;
   environmentClass?: Maybe<Scalars['String']>;
   executionRoleArn?: Maybe<Scalars['String']>;
   iamRoles?: Maybe<Array<Maybe<AwsIamRole>>>;
+  kms?: Maybe<Array<Maybe<AwsKms>>>;
   kmsKey?: Maybe<Scalars['String']>;
   lastUpdate?: Maybe<AwsManagedAirflowLastUpdate>;
   loggingConfiguration?: Maybe<AwsManagedAirflowLoggingConfig>;