def run_scan( muxer: AWSScanMuxer, config: Config, artifact_writer: ArtifactWriter, artifact_reader: ArtifactReader, ) -> Tuple[ScanManifest, GraphSet]: if config.scan.scan_sub_accounts: account_ids = get_sub_account_ids(config.scan.accounts, config.access.accessor) else: account_ids = config.scan.accounts account_scan_plan = AccountScanPlan(account_ids=account_ids, regions=config.scan.regions, accessor=config.access.accessor) logger = Logger() logger.info(event=AWSLogEvents.ScanAWSAccountsStart) # now combine account_scan_results and org_details to build a ScanManifest scanned_accounts: List[str] = [] artifacts: List[str] = [] errors: Dict[str, List[str]] = {} unscanned_accounts: List[str] = [] stats = MultilevelCounter() graph_set = None for account_scan_manifest in muxer.scan( account_scan_plan=account_scan_plan): account_id = account_scan_manifest.account_id if account_scan_manifest.artifacts: for account_scan_artifact in account_scan_manifest.artifacts: artifacts.append(account_scan_artifact) artifact_graph_set_dict = artifact_reader.read_json( account_scan_artifact) artifact_graph_set = GraphSet.from_dict( artifact_graph_set_dict) if graph_set is None: graph_set = artifact_graph_set else: graph_set.merge(artifact_graph_set) if account_scan_manifest.errors: errors[account_id] = account_scan_manifest.errors unscanned_accounts.append(account_id) else: scanned_accounts.append(account_id) else: unscanned_accounts.append(account_id) account_stats = MultilevelCounter.from_dict( account_scan_manifest.api_call_stats) stats.merge(account_stats) if graph_set is None: raise Exception("BUG: No graph_set generated.") master_artifact_path = artifact_writer.write_json(name="master", data=graph_set.to_dict()) logger.info(event=AWSLogEvents.ScanAWSAccountsEnd) start_time = graph_set.start_time end_time = graph_set.end_time scan_manifest = ScanManifest( scanned_accounts=scanned_accounts, master_artifact=master_artifact_path, artifacts=artifacts, errors=errors, unscanned_accounts=unscanned_accounts, api_call_stats=stats.to_dict(), start_time=start_time, end_time=end_time, ) artifact_writer.write_json("manifest", data=scan_manifest.to_dict()) return scan_manifest, graph_set
def run_scan( muxer: AWSScanMuxer, config: AWSConfig, aws_resource_region_mapping_repo: AWSResourceRegionMappingRepository, artifact_writer: ArtifactWriter, artifact_reader: ArtifactReader, ) -> Tuple[ScanManifest, ValidatedGraphSet]: if config.scan.accounts: scan_account_ids = config.scan.accounts else: sts_client = boto3.client("sts") scan_account_id = sts_client.get_caller_identity()["Account"] scan_account_ids = (scan_account_id,) if config.scan.scan_sub_accounts: account_ids = get_sub_account_ids(scan_account_ids, config.accessor) else: account_ids = scan_account_ids scan_plan = ScanPlan( account_ids=account_ids, regions=config.scan.regions, aws_resource_region_mapping_repo=aws_resource_region_mapping_repo, accessor=config.accessor, ) logger = Logger() logger.info(event=AWSLogEvents.ScanAWSAccountsStart) # now combine account_scan_results and org_details to build a ScanManifest scanned_accounts: List[str] = [] artifacts: List[str] = [] errors: Dict[str, List[str]] = {} unscanned_accounts: Set[str] = set() graph_sets: List[GraphSet] = [] for account_scan_manifest in muxer.scan(scan_plan=scan_plan): account_id = account_scan_manifest.account_id if account_scan_manifest.errors: errors[account_id] = account_scan_manifest.errors unscanned_accounts.add(account_id) if account_scan_manifest.artifacts: for account_scan_artifact in account_scan_manifest.artifacts: artifacts.append(account_scan_artifact) artifact_graph_set_dict = artifact_reader.read_json(account_scan_artifact) graph_sets.append(GraphSet.parse_obj(artifact_graph_set_dict)) scanned_accounts.append(account_id) else: unscanned_accounts.add(account_id) if not graph_sets: raise Exception("BUG: No graph_sets generated.") validated_graph_set = ValidatedGraphSet.from_graph_set(GraphSet.from_graph_sets(graph_sets)) master_artifact_path: Optional[str] = None if config.write_master_json: master_artifact_path = artifact_writer.write_json(name="master", data=validated_graph_set) logger.info(event=AWSLogEvents.ScanAWSAccountsEnd) start_time = validated_graph_set.start_time end_time = validated_graph_set.end_time scan_manifest = ScanManifest( scanned_accounts=scanned_accounts, master_artifact=master_artifact_path, artifacts=artifacts, errors=errors, unscanned_accounts=list(unscanned_accounts), start_time=start_time, end_time=end_time, ) artifact_writer.write_json("manifest", data=scan_manifest) return scan_manifest, validated_graph_set