def _parse_load_balancer(self, raw_load_balancer):
load_balancer = {'name': raw_load_balancer['LoadBalancerName']}
get_keys(raw_load_balancer, load_balancer, [
'DNSName', 'CreatedTime', 'AvailabilityZones', 'Subnets', 'Scheme',
'attributes'
])
load_balancer['security_groups'] = []
load_balancer['arn'] = 'arn:aws:elb:{}:{}:load-balancer/{}'.format(
self.region, self.facade.owner_id,
raw_load_balancer.get('LoadBalancerName'))
for sg in raw_load_balancer['SecurityGroups']:
load_balancer['security_groups'].append({'GroupId': sg})
load_balancer['listeners'] = {}
for l in raw_load_balancer['ListenerDescriptions']:
listener = l['Listener']
load_balancer['listeners'][l['Listener']
['LoadBalancerPort']] = listener
load_balancer['instances'] = []
for i in raw_load_balancer['Instances']:
load_balancer['instances'].append(i['InstanceId'])
if 'Tags' in raw_load_balancer and raw_load_balancer['Tags']:
load_balancer['tags'] = {
x['Key']: x['Value']
for x in raw_load_balancer['Tags']
}
return get_non_provider_id(load_balancer['name']), load_balancer
async def _parse_instance(self, raw_instance):
instance = {}
id = raw_instance['InstanceId']
instance['id'] = id
instance['reservation_id'] = raw_instance['ReservationId']
instance['monitoring_enabled'] = raw_instance['Monitoring'][
'State'] == 'enabled'
instance['user_data'] = await self.facade.ec2.get_instance_user_data(
self.region, id)
instance['user_data_secrets'] = self._identify_user_data_secrets(
instance['user_data'])
get_name(raw_instance, instance, 'InstanceId')
get_keys(raw_instance, instance, [
'KeyName', 'LaunchTime', 'InstanceType', 'State',
'IamInstanceProfile', 'SubnetId'
])
instance['network_interfaces'] = {}
for eni in raw_instance['NetworkInterfaces']:
nic = {}
get_keys(eni, nic, [
'Association', 'Groups', 'PrivateIpAddresses', 'SubnetId',
'Ipv6Addresses'
])
instance['network_interfaces'][eni['NetworkInterfaceId']] = nic
return id, instance
def parse_instance(self, global_params, region, reservation):
"""
Parse a single EC2 instance
:param reservation:
:param global_params: Parameters shared for all regions
:param region: Name of the AWS region
"""
for i in reservation['Instances']:
instance = {}
vpc_id = i['VpcId'] if 'VpcId' in i and i['VpcId'] else ec2_classic
manage_dictionary(self.vpcs, vpc_id,
VPCConfig(self.vpc_resource_types))
instance['reservation_id'] = reservation['ReservationId']
instance['id'] = i['InstanceId']
instance['monitoring_enabled'] = i['Monitoring'][
'State'] == 'enabled'
instance['user_data'] = self._get_user_data(region, instance['id'])
get_name(i, instance, 'InstanceId')
get_keys(i, instance, [
'KeyName', 'LaunchTime', 'InstanceType', 'State',
'IamInstanceProfile', 'SubnetId'
])
# Network interfaces & security groups
manage_dictionary(instance, 'network_interfaces', {})
for eni in i['NetworkInterfaces']:
nic = {}
get_keys(eni, nic, [
'Association', 'Groups', 'PrivateIpAddresses', 'SubnetId',
'Ipv6Addresses'
])
instance['network_interfaces'][eni['NetworkInterfaceId']] = nic
self.vpcs[vpc_id].instances[i['InstanceId']] = instance
def parse_route_table(self, global_params, region, rt):
route_table = {}
vpc_id = rt['VpcId']
get_name(rt, route_table, 'VpcId') # TODO: change get_name to have src then dst
get_keys(rt, route_table, ['Routes', 'Associations', 'PropagatingVgws'])
# Save
manage_dictionary(self.vpcs, vpc_id, SingleVPCConfig(self.vpc_resource_types))
self.vpcs[vpc_id].route_tables[rt['RouteTableId']] = route_table
def test_get_keys(self):
test1 = {"a": "b", "c": "d"}
test2 = {"a": "", "e": "f"}
get_keys(test1, test2, "a")
assert test2["a"] == "b"
assert "c" not in test2
get_keys(test1, test2, "c")
assert test2["c"] == "d"
def test_get_keys(self):
test1 = {'a': 'b', 'c': 'd'}
test2 = {'a': '', 'e': 'f'}
get_keys(test1, test2, 'a')
assert (test2['a'] == 'b')
assert ('c' not in test2)
get_keys(test1, test2, 'c')
assert (test2['c'] == 'd')
async def _parse_instance(self, raw_instance):
instance = {}
id = raw_instance['InstanceId']
instance['id'] = id
instance['arn'] = format_arn(self.partition, self.service, self.region,
raw_instance['OwnerId'],
raw_instance['InstanceId'],
self.resource_type)
instance['reservation_id'] = raw_instance['ReservationId']
instance['availability_zone'] = raw_instance.get(
'Placement', {}).get('AvailabilityZone')
instance['monitoring_enabled'] = raw_instance['Monitoring'][
'State'] == 'enabled'
instance['user_data'] = await self.facade.ec2.get_instance_user_data(
self.region, id)
instance['user_data_secrets'] = self._identify_user_data_secrets(
instance['user_data'])
get_name(raw_instance, instance, 'InstanceId')
get_keys(raw_instance, instance, [
'KeyName', 'LaunchTime', 'InstanceType', 'State',
'IamInstanceProfile', 'SubnetId', 'Tags'
])
if "IamInstanceProfile" in raw_instance:
instance['iam_instance_profile_id'] = raw_instance[
'IamInstanceProfile']['Id']
instance['iam_instance_profile_arn'] = raw_instance[
'IamInstanceProfile']['Arn']
instance['network_interfaces'] = {}
for eni in raw_instance['NetworkInterfaces']:
nic = {}
get_keys(eni, nic, [
'Association', 'Groups', 'PrivateIpAddresses', 'SubnetId',
'Ipv6Addresses'
])
instance['network_interfaces'][eni['NetworkInterfaceId']] = nic
instance['metadata_options'] = raw_instance.get('MetadataOptions', {})
if 'IamInstanceProfile' in raw_instance:
instance['iam_role'] = raw_instance['IamInstanceProfile'][
'Arn'].split('/')[-1]
else:
instance['iam_role'] = None
return id, instance
def parse_elb(self, global_params, region, lb):
"""
:param lb:
:param global_params:
:param region: Name of the AWS region
:return:
"""
elb = {'name': lb.pop('LoadBalancerName')}
vpc_id = lb['VPCId'] if 'VPCId' in lb and lb['VPCId'] else ec2_classic
manage_dictionary(self.vpcs, vpc_id,
VPCConfig(self.vpc_resource_types))
get_keys(lb, elb, [
'DNSName', 'CreatedTime', 'AvailabilityZones', 'Subnets', 'Scheme'
])
elb['security_groups'] = []
for sg in lb['SecurityGroups']:
elb['security_groups'].append({'GroupId': sg})
manage_dictionary(elb, 'listeners', {})
policy_names = []
for l in lb['ListenerDescriptions']:
listener = l['Listener']
manage_dictionary(listener, 'policies', [])
for policy_name in l['PolicyNames']:
policy_id = self.get_non_provider_id(policy_name)
listener['policies'].append(policy_id)
if policy_id not in self.elb_policies:
policy_names.append(policy_name)
elb['listeners'][l['Listener']['LoadBalancerPort']] = listener
# Fetch LB policies here. This is not ideal, but the alternative is to download all policies and clean up
# after...
if len(policy_names):
policies = \
api_clients[region].describe_load_balancer_policies(LoadBalancerName=elb['name'],
PolicyNames=policy_names)['PolicyDescriptions']
for policy in policies:
policy['name'] = policy.pop('PolicyName')
policy_id = self.get_non_provider_id(policy['name'])
self.elb_policies[policy_id] = policy
manage_dictionary(elb, 'instances', [])
for i in lb['Instances']:
elb['instances'].append(i['InstanceId'])
# Get attributes
elb['attributes'] = api_clients[
region].describe_load_balancer_attributes(
LoadBalancerName=elb['name'])['LoadBalancerAttributes']
self.vpcs[vpc_id].elbs[self.get_non_provider_id(elb['name'])] = elb
def _parse_load_balancer(self, raw_load_balancer):
load_balancer = {'name': raw_load_balancer['LoadBalancerName']}
get_keys(raw_load_balancer, load_balancer, [
'DNSName', 'CreatedTime', 'AvailabilityZones', 'Subnets', 'Scheme',
'attributes'
])
load_balancer['security_groups'] = []
for sg in raw_load_balancer['SecurityGroups']:
load_balancer['security_groups'].append({'GroupId': sg})
load_balancer['listeners'] = {}
for l in raw_load_balancer['ListenerDescriptions']:
listener = l['Listener']
load_balancer['listeners'][l['Listener']
['LoadBalancerPort']] = listener
load_balancer['instances'] = []
for i in raw_load_balancer['Instances']:
load_balancer['instances'].append(i['InstanceId'])
return get_non_provider_id(load_balancer['name']), load_balancer
def parse_roles(self, fetched_role, params):
"""
Parse a single IAM role and fetch additional data
"""
role = {'instances_count': 'N/A'}
# When resuming upon throttling error, skip if already fetched
if fetched_role['RoleName'] in self.roles:
return
api_client = params['api_client']
# Ensure consistent attribute names across resource types
role['id'] = fetched_role.pop('RoleId')
role['name'] = fetched_role.pop('RoleName')
role['arn'] = fetched_role.pop('Arn')
# Get other attributes
get_keys(fetched_role, role, ['CreateDate', 'Path'])
# Get role policies
policies = self.__get_inline_policies(api_client, 'role', role['id'],
role['name'])
if len(policies):
role['inline_policies'] = policies
role['inline_policies_count'] = len(policies)
# Get instance profiles
profiles = handle_truncated_response(
api_client.list_instance_profiles_for_role,
{'RoleName': role['name']}, ['InstanceProfiles'])
manage_dictionary(role, 'instance_profiles', {})
for profile in profiles['InstanceProfiles']:
manage_dictionary(role['instance_profiles'],
profile['InstanceProfileId'], {})
role['instance_profiles'][
profile['InstanceProfileId']]['arn'] = profile['Arn']
role['instance_profiles'][profile['InstanceProfileId']][
'name'] = profile['InstanceProfileName']
# Get trust relationship
role['assume_role_policy'] = {}
role['assume_role_policy']['PolicyDocument'] = fetched_role.pop(
'AssumeRolePolicyDocument')
# Save role
self.roles[role['id']] = role