def test_arnparse():
arn_str = "arn:aws:s3:us-west-1::"
arn_object = arn_parser.arnparse(arn_str)
assert isinstance(arn_object, arn_parser.Arn)
arn_str = "arn:aws:ec2:us-west-1::uniqueid"
arn_object = arn_parser.arnparse(arn_str)
assert isinstance(arn_object, arn_parser.Arn)
arn_str = "arn:partition:service:region:account-id:resource-type/resource-id"
arn_object = arn_parser.arnparse(arn_str)
assert isinstance(arn_object, arn_parser.Arn)
def _get_aws_client_data_from_node(node,
default_client=None,
default_region=None):
"""
Fetches client name and region from ARN, then from the node,
then from the connector.
"""
aws_region = client_str = None
arn_str = get_field_value(node, 'arn')
if arn_str:
arn_obj = arnparse(arn_str)
client_str = arn_obj.service
aws_region = arn_obj.region
if not client_str:
client_str = get_field_value(node, 'client')
if not client_str:
logger.info(
"No client type provided in snapshot, using client type from connector"
)
client_str = default_client
if not aws_region:
aws_region = get_field_value(node, 'region')
if not aws_region:
logger.info(
"No region provided in snapshot, using region from connector")
aws_region = default_region
aws_region = aws_region or default_region
client_str = client_str or default_client
return client_str, aws_region
def test_exception_arnparser():
arn_str = "aws:s3:us-west-1::"
try:
arn_object = arn_parser.arnparse(arn_str)
except Exception as e:
arn_object = str(e)
assert type(arn_object) is str
def _get_function_kwargs(arn_str, function_name, existing_json):
"""Fetches the correct keyword arguments for different detail functions"""
arn = arnparse(arn_str)
client_str = arn.service
resource_id = arn.resource
if client_str == "s3":
return {'Bucket': resource_id}
elif client_str == "rds" and function_name in ["describe_db_instances",\
"describe_db_snapshots"]:
return {'DBInstanceIdentifier': resource_id}
elif client_str == "ec2" and function_name == "describe_instance_attribute":
return {'Attribute': 'instanceType', 'InstanceId': resource_id}
elif client_str == "ec2" and function_name in [
"describe_instances", "monitor_instances"
]:
return {'InstanceIds': [resource_id]}
elif client_str == "ec2" and function_name == "describe_images":
try:
imageid = existing_json['Reservations'][0]['Instances'][0][
'ImageId']
except:
imageid = ""
return {'ImageIds': [imageid]}
elif client_str == "ec2" and function_name == "describe_volumes":
try:
volumeid = existing_json['Reservations'][0]['Instances'][0][
'BlockDeviceMappings'][0]['Ebs']['VolumeId']
except:
volumeid = ""
return {'VolumeIds': [volumeid]}
elif client_str == "ec2" and function_name == "describe_security_groups":
try:
groups = existing_json['Reservations'][0]['Instances'][0][
'SecurityGroups']
groupsidlist = [x['GroupId'] for x in groups]
except:
volumeid = []
return {'GroupIds': groupsidlist}
elif client_str == "ec2" and function_name == "describe_vpcs":
try:
vpicid = existing_json['Reservations'][0]['Instances'][0]['VpcId']
except:
vpicid = ""
return {'VpcIds': [vpicid]}
elif client_str == "ec2" and function_name == "describe_subnets":
try:
subnetid = existing_json['Reservations'][0]['Instances'][0][
'SubnetId']
except:
subnetid = ""
return {'SubnetIds': [subnetid]}
elif client_str == "ec2" and function_name == "describe_snapshots":
try:
ownerid = existing_json['Reservations'][0]['OwnerId']
except:
ownerid = ""
return {'OwnerIds': [ownerid]}
elif client_str == "ec2" and function_name == "describe_snapshot_attribute":
try:
snapshot_id = existing_json['Snapshots'][0]['SnapshotId']
except:
snapshot_id = ""
return {
'SnapshotId': snapshot_id,
'Attribute': 'createVolumePermission'
}
elif client_str == "elb" and function_name == "describe_load_balancers":
return {'LoadBalancerNames': [resource_id]}
elif client_str == "elb" and function_name in ["describe_load_balancers", "describe_load_balancer_attributes",\
"describe_load_balancer_policies"]:
return {'LoadBalancerName': resource_id}
elif client_str == "acm" and function_name == "describe_certificate":
return {'CertificateArn': arn_str}
elif client_str == "cloudformation" and function_name in ["describe_stack_resource",\
"describe_stack_events", "describe_stacks", "describe_stack_resource_drifts", \
"get_stack_policy"]:
return {'StackName': resource_id}
elif client_str == "cloudtrail" and function_name == "describe_trails":
return {'trailNameList': [resource_id]}
elif client_str == "cloudtrail" and function_name in ["get_event_selectors",\
"get_insight_selectors"]:
return {'TrailName': resource_id}
elif client_str == "apigateway" and function_name in ["get_rest_api",\
"get_documentation_parts", "get_documentation_versions",\
"get_gateway_responses", "get_models", "get_request_validators",\
"get_resources", "get_stages"]:
return {'restApiId': resource_id}
elif client_str == "route53" and function_name == "get_hosted_zone":
return {'Id': resource_id}
elif client_str == "route53" and function_name == "list_resource_record_sets":
return {'HostedZoneId': resource_id}
elif client_str == "iam" and function_name in ["get_user", "list_ssh_public_keys", \
"get_account_summary", "get_account_password_policy", "list_attached_user_policies"]:
return {'UserName': resource_id}
elif client_str == "iam" and function_name == "get_role":
return {'RoleName': resource_id}
elif client_str == "kms" and function_name in [
"get_key_rotation_status",
"describe_key",
]:
return {'KeyId': resource_id}
elif client_str == "dynamodb" and function_name == "describe_table":
return {'TableName': resource_id}
elif client_str == "dynamodb" and function_name == "describe_backup":
return {'BackupArn': arn_str}
elif client_str == "ecs" and function_name == "describe_task_definition":
return {'taskDefinition': resource_id}
elif client_str == "eks" and function_name == "describe_cluster":
return {'name': resource_id}
elif client_str == "elasticache" and function_name == "describe_replication_groups":
return {'ReplicationGroupId': resource_id}
elif client_str == "elasticache" and function_name == "describe_cache_subnet_groups":
return {'CacheSubnetGroupName': resource_id}
elif client_str == "kinesis" and function_name == "describe_stream":
return {'StreamName': resource_id}
elif client_str == "lambda" and function_name == "get_function":
return {'FunctionName': resource_id}
elif client_str == "redshift" and function_name == "describe_clusters":
return {'ClusterIdentifier': resource_id}
elif client_str == "sns" and function_name == "get_topic_attributes":
return {'TopicArn': arn_str}
elif client_str == "sqs" and function_name == "get_queue_attributes":
return {
'QueueUrl': 'https:{url}'.format(url=resource_id),
'AttributeNames': ['All']
}
elif client_str == "config" and function_name in [
"describe_configuration_recorders",
"describe_configuration_recorder_status"
]:
return {'ConfigurationRecorderNames': [resource_id]}
elif client_str == "es" and function_name == "describe_elasticsearch_domain":
return {'DomainName': resource_id}
elif client_str == "cloudfront" and function_name == "get_distribution":
return {'Id': resource_id}
elif client_str == "ec2" and function_name == "describe_vpn_gateways":
return {'VpnGatewayIds': [resource_id]}
elif client_str == "efs" and function_name == "describe_file_systems":
return {'FileSystemId': resource_id}
elif client_str == 'ec2' and function_name == 'describe_route_tables':
return {'RouteTableIds': [resource_id]}
elif client_str == 'ec2' and function_name == 'describe_network_acls':
return {'NetworkAclIds': [resource_id]}
elif client_str == 'rds' and function_name == 'describe_event_subscriptions':
return {'SubscriptionName': resource_id}
elif client_str == 'rds' and function_name == 'describe_db_snapshot_attributes':
return {'DBSnapshotIdentifier': resource_id}
else:
return {}
def get_node(awsclient, node, snapshot_source):
"""
Fetch node from aws using connection. In this case using boto API's
describe functions.
"""
collection = node['collection'] if 'collection' in node else COLLECTION
parts = snapshot_source.split('.')
function_to_call = None
db_record = {
"structure": "aws",
"error": None,
"reference": "",
"source": parts[0],
"path": '',
"timestamp": int(time.time() * 1000),
"queryuser": "",
"checksum": hashlib.md5("{}".encode('utf-8')).hexdigest(),
"node": node,
"snapshotId": node['snapshotId'],
"collection": collection.replace('.', '').lower(),
"json": {
} # Refactor when node is absent it should None, when empty object put it as {}
}
detail_methods = get_field_value(node, "detailMethods")
if detail_methods is None:
function_to_call = _get_aws_function(awsclient, node)
if function_to_call and callable(function_to_call):
queryval = get_field_value(node, 'id')
try:
data = function_to_call(**queryval)
if data:
db_record['json'] = data
checksum = get_checksum(data)
if checksum:
db_record['checksum'] = checksum
else:
put_in_currentdata('errors', data)
logger.info("Describe function does not exist: %s",
str(function_to_call))
db_record[
'error'] = "Describe function does not exist: %s" % str(
function_to_call)
except Exception as ex:
logger.info('Describe function exception: %s', ex)
db_record['error'] = 'Describe function exception: %s' % ex
else:
logger.info('Invalid function exception: %s',
str(function_to_call))
db_record['error'] = 'Invalid function exception: %s' % str(
function_to_call)
else:
json_to_put = {}
arn_str = get_field_value(node, "arn")
arn_obj = arnparse(arn_str)
client_str = arn_obj.service
resourceid = arn_obj.resource
for each_method_str in detail_methods:
function_to_call = getattr(awsclient, each_method_str, None)
if function_to_call and callable(function_to_call):
params = _get_function_kwargs(arn_str, each_method_str,
json_to_put)
try:
data = function_to_call(**params)
if data:
json_to_put.update(data)
except Exception as ex:
logger.info('Describe function exception: %s', ex)
db_record['error'] = 'Describe function exception: %s' % ex
else:
logger.info('Invalid function exception: %s',
str(function_to_call))
db_record['error'] = 'Invalid function exception: %s' % str(
function_to_call)
db_record['json'] = json_to_put
return db_record