def create_delete_model(record): """Create a security group model from a record.""" data = cloudwatch.get_historical_base_info(record) group_id = cloudwatch.filter_request_parameters('groupId', record) vpc_id = cloudwatch.filter_request_parameters('vpcId', record) group_name = cloudwatch.filter_request_parameters('groupName', record) arn = get_arn(group_id, record['account']) log.debug('[-] Deleting Dynamodb Records. Hash Key: {arn}'.format(arn=arn)) # tombstone these records so that the deletion event time can be accurately tracked. data.update({ 'configuration': {} }) items = list(CurrentSecurityGroupModel.query(arn, limit=1)) if items: model_dict = items[0].__dict__['attribute_values'].copy() model_dict.update(data) model = CurrentSecurityGroupModel(**model_dict) model.save() return model
def describe_vpc(record): """Attempts to describe vpc ids.""" account_id = record['account'] vpc_name = cloudwatch.filter_request_parameters('vpcName', record) vpc_id = cloudwatch.filter_request_parameters('vpcId', record) try: if vpc_id and vpc_name: return describe_vpcs(account_number=account_id, assume_role=HISTORICAL_ROLE, region=CURRENT_REGION, Filters=[{ 'Name': 'vpc-id', 'Values': [vpc_id] }]) elif vpc_id: return describe_vpcs(account_number=account_id, assume_role=HISTORICAL_ROLE, region=CURRENT_REGION, VpcIds=[vpc_id]) else: raise Exception('[X] Describe requires VpcId.') except ClientError as e: if e.response['Error']['Code'] == 'InvalidVpc.NotFound': return [] raise e
def describe_group(record): """Attempts to describe group ids.""" account_id = record['account'] group_name = cloudwatch.filter_request_parameters('groupName', record) vpc_id = cloudwatch.filter_request_parameters('vpcId', record) group_id = cloudwatch.filter_request_parameters('groupId', record) try: if vpc_id and group_name: return describe_security_groups(account_number=account_id, assume_role=HISTORICAL_ROLE, region=CURRENT_REGION, Filters=[{ 'Name': 'group-name', 'Values': [group_name] }, { 'Name': 'vpc-id', 'Values': [vpc_id] }])['SecurityGroups'] elif group_id: return describe_security_groups(account_number=account_id, assume_role=HISTORICAL_ROLE, region=CURRENT_REGION, GroupIds=[group_id ])['SecurityGroups'] else: raise Exception( 'Describe requires a groupId or a groupName and VpcId.') except ClientError as e: if e.response['Error']['Code'] == 'InvalidGroup.NotFound': return [] raise e
def describe_group(record, region): """Attempts to describe group ids.""" account_id = record['account'] group_name = cloudwatch.filter_request_parameters('groupName', record) vpc_id = cloudwatch.filter_request_parameters('vpcId', record) group_id = cloudwatch.filter_request_parameters('groupId', record, look_in_response=True) # Did this get collected already by the poller? if cloudwatch.get_collected_details(record): LOG.debug( f"[<--] Received already collected security group data: {record['detail']['collected']}" ) return [record['detail']['collected']] try: # Always depend on Group ID first: if group_id: # pylint: disable=R1705 return describe_security_groups(account_number=account_id, assume_role=HISTORICAL_ROLE, region=region, GroupIds=[group_id ])['SecurityGroups'] elif vpc_id and group_name: return describe_security_groups(account_number=account_id, assume_role=HISTORICAL_ROLE, region=region, Filters=[{ 'Name': 'group-name', 'Values': [group_name] }, { 'Name': 'vpc-id', 'Values': [vpc_id] }])['SecurityGroups'] else: raise Exception( '[X] Did not receive Group ID or VPC/Group Name pairs. ' f'We got: ID: {group_id} VPC/Name: {vpc_id}/{group_name}.') except ClientError as exc: if exc.response['Error']['Code'] == 'InvalidGroup.NotFound': return [] raise exc
def create_delete_model(record): """Create an S3 model from a record.""" arn = "arn:aws:s3:::{}".format(cloudwatch.filter_request_parameters('bucketName', record)) log.debug('[-] Deleting Dynamodb Records. Hash Key: {arn}'.format(arn=arn)) data = { 'arn': arn, 'principalId': cloudwatch.get_principal(record), 'userIdentity': cloudwatch.get_user_identity(record), 'accountId': record['account'], 'eventTime': record['detail']['eventTime'], 'BucketName': cloudwatch.filter_request_parameters('bucketName', record), 'Region': cloudwatch.get_region(record), 'Tags': {}, 'configuration': {}, 'eventSource': record["detail"]["eventSource"] } return CurrentS3Model(**data)
def test_filter_request_parameters(): """Tests that specific elements can be pulled out of the Request Parameters in the CloudWatch Event.""" from historical.common.cloudwatch import filter_request_parameters event = CloudwatchEventFactory( detail=DetailFactory( requestParameters={'GroupId': 'sg-4e386e31'} ) ) data = json.loads(json.dumps(event, default=serialize)) assert filter_request_parameters('GroupId', data) == 'sg-4e386e31'
def describe_group(record): """Attempts to describe group ids.""" account_id = record['account'] group_name = cloudwatch.filter_request_parameters('groupName', record) vpc_id = cloudwatch.filter_request_parameters('vpcId', record) group_id = cloudwatch.filter_request_parameters('groupId', record, look_in_response=True) try: # Always depend on Group ID first: if group_id: return describe_security_groups( account_number=account_id, assume_role=HISTORICAL_ROLE, region=CURRENT_REGION, GroupIds=[group_id] )['SecurityGroups'] elif vpc_id and group_name: return describe_security_groups( account_number=account_id, assume_role=HISTORICAL_ROLE, region=CURRENT_REGION, Filters=[ { 'Name': 'group-name', 'Values': [group_name] }, { 'Name': 'vpc-id', 'Values': [vpc_id] } ] )['SecurityGroups'] else: raise Exception('[X] Did not receive Group ID or VPC/Group Name pairs. ' 'We got: ID: {} VPC/Name: {}/{}.'.format(group_id, vpc_id, group_name)) except ClientError as e: if e.response['Error']['Code'] == 'InvalidGroup.NotFound': return [] raise e
def create_delete_model(record): """Create a vpc model from a record.""" data = cloudwatch.get_historical_base_info(record) vpc_id = cloudwatch.filter_request_parameters('vpcId', record) arn = get_arn(vpc_id, cloudwatch.get_region(record), record['account']) LOG.debug(F'[-] Deleting Dynamodb Records. Hash Key: {arn}') # tombstone these records so that the deletion event time can be accurately tracked. data.update({'configuration': {}}) items = list(CurrentVPCModel.query(arn, limit=1)) if items: model_dict = items[0].__dict__['attribute_values'].copy() model_dict.update(data) model = CurrentVPCModel(**model_dict) model.save() return model return None
def test_filter_request_parameters(): from historical.common.cloudwatch import filter_request_parameters event = CloudwatchEventFactory(detail=DetailFactory( requestParameters={'GroupId': 'sg-4e386e31'})) data = json.loads(json.dumps(event, default=serialize)) assert filter_request_parameters('GroupId', data) == 'sg-4e386e31'