def create_delete_model(record):
"""Create a security group model from a record."""
data = cloudwatch.get_historical_base_info(record)
group_id = cloudwatch.filter_request_parameters('groupId', record)
vpc_id = cloudwatch.filter_request_parameters('vpcId', record)
group_name = cloudwatch.filter_request_parameters('groupName', record)
arn = get_arn(group_id, record['account'])
log.debug('[-] Deleting Dynamodb Records. Hash Key: {arn}'.format(arn=arn))
# tombstone these records so that the deletion event time can be accurately tracked.
data.update({
'configuration': {}
})
items = list(CurrentSecurityGroupModel.query(arn, limit=1))
if items:
model_dict = items[0].__dict__['attribute_values'].copy()
model_dict.update(data)
model = CurrentSecurityGroupModel(**model_dict)
model.save()
return model
def describe_vpc(record):
"""Attempts to describe vpc ids."""
account_id = record['account']
vpc_name = cloudwatch.filter_request_parameters('vpcName', record)
vpc_id = cloudwatch.filter_request_parameters('vpcId', record)
try:
if vpc_id and vpc_name:
return describe_vpcs(account_number=account_id,
assume_role=HISTORICAL_ROLE,
region=CURRENT_REGION,
Filters=[{
'Name': 'vpc-id',
'Values': [vpc_id]
}])
elif vpc_id:
return describe_vpcs(account_number=account_id,
assume_role=HISTORICAL_ROLE,
region=CURRENT_REGION,
VpcIds=[vpc_id])
else:
raise Exception('[X] Describe requires VpcId.')
except ClientError as e:
if e.response['Error']['Code'] == 'InvalidVpc.NotFound':
return []
raise e
def describe_group(record):
"""Attempts to describe group ids."""
account_id = record['account']
group_name = cloudwatch.filter_request_parameters('groupName', record)
vpc_id = cloudwatch.filter_request_parameters('vpcId', record)
group_id = cloudwatch.filter_request_parameters('groupId', record)
try:
if vpc_id and group_name:
return describe_security_groups(account_number=account_id,
assume_role=HISTORICAL_ROLE,
region=CURRENT_REGION,
Filters=[{
'Name': 'group-name',
'Values': [group_name]
}, {
'Name': 'vpc-id',
'Values': [vpc_id]
}])['SecurityGroups']
elif group_id:
return describe_security_groups(account_number=account_id,
assume_role=HISTORICAL_ROLE,
region=CURRENT_REGION,
GroupIds=[group_id
])['SecurityGroups']
else:
raise Exception(
'Describe requires a groupId or a groupName and VpcId.')
except ClientError as e:
if e.response['Error']['Code'] == 'InvalidGroup.NotFound':
return []
raise e
def describe_group(record, region):
"""Attempts to describe group ids."""
account_id = record['account']
group_name = cloudwatch.filter_request_parameters('groupName', record)
vpc_id = cloudwatch.filter_request_parameters('vpcId', record)
group_id = cloudwatch.filter_request_parameters('groupId',
record,
look_in_response=True)
# Did this get collected already by the poller?
if cloudwatch.get_collected_details(record):
LOG.debug(
f"[<--] Received already collected security group data: {record['detail']['collected']}"
)
return [record['detail']['collected']]
try:
# Always depend on Group ID first:
if group_id: # pylint: disable=R1705
return describe_security_groups(account_number=account_id,
assume_role=HISTORICAL_ROLE,
region=region,
GroupIds=[group_id
])['SecurityGroups']
elif vpc_id and group_name:
return describe_security_groups(account_number=account_id,
assume_role=HISTORICAL_ROLE,
region=region,
Filters=[{
'Name': 'group-name',
'Values': [group_name]
}, {
'Name': 'vpc-id',
'Values': [vpc_id]
}])['SecurityGroups']
else:
raise Exception(
'[X] Did not receive Group ID or VPC/Group Name pairs. '
f'We got: ID: {group_id} VPC/Name: {vpc_id}/{group_name}.')
except ClientError as exc:
if exc.response['Error']['Code'] == 'InvalidGroup.NotFound':
return []
raise exc
def create_delete_model(record):
"""Create an S3 model from a record."""
arn = "arn:aws:s3:::{}".format(cloudwatch.filter_request_parameters('bucketName', record))
log.debug('[-] Deleting Dynamodb Records. Hash Key: {arn}'.format(arn=arn))
data = {
'arn': arn,
'principalId': cloudwatch.get_principal(record),
'userIdentity': cloudwatch.get_user_identity(record),
'accountId': record['account'],
'eventTime': record['detail']['eventTime'],
'BucketName': cloudwatch.filter_request_parameters('bucketName', record),
'Region': cloudwatch.get_region(record),
'Tags': {},
'configuration': {},
'eventSource': record["detail"]["eventSource"]
}
return CurrentS3Model(**data)
def test_filter_request_parameters():
"""Tests that specific elements can be pulled out of the Request Parameters in the CloudWatch Event."""
from historical.common.cloudwatch import filter_request_parameters
event = CloudwatchEventFactory(
detail=DetailFactory(
requestParameters={'GroupId': 'sg-4e386e31'}
)
)
data = json.loads(json.dumps(event, default=serialize))
assert filter_request_parameters('GroupId', data) == 'sg-4e386e31'
def describe_group(record):
"""Attempts to describe group ids."""
account_id = record['account']
group_name = cloudwatch.filter_request_parameters('groupName', record)
vpc_id = cloudwatch.filter_request_parameters('vpcId', record)
group_id = cloudwatch.filter_request_parameters('groupId', record, look_in_response=True)
try:
# Always depend on Group ID first:
if group_id:
return describe_security_groups(
account_number=account_id,
assume_role=HISTORICAL_ROLE,
region=CURRENT_REGION,
GroupIds=[group_id]
)['SecurityGroups']
elif vpc_id and group_name:
return describe_security_groups(
account_number=account_id,
assume_role=HISTORICAL_ROLE,
region=CURRENT_REGION,
Filters=[
{
'Name': 'group-name',
'Values': [group_name]
},
{
'Name': 'vpc-id',
'Values': [vpc_id]
}
]
)['SecurityGroups']
else:
raise Exception('[X] Did not receive Group ID or VPC/Group Name pairs. '
'We got: ID: {} VPC/Name: {}/{}.'.format(group_id, vpc_id, group_name))
except ClientError as e:
if e.response['Error']['Code'] == 'InvalidGroup.NotFound':
return []
raise e
def create_delete_model(record):
"""Create a vpc model from a record."""
data = cloudwatch.get_historical_base_info(record)
vpc_id = cloudwatch.filter_request_parameters('vpcId', record)
arn = get_arn(vpc_id, cloudwatch.get_region(record), record['account'])
LOG.debug(F'[-] Deleting Dynamodb Records. Hash Key: {arn}')
# tombstone these records so that the deletion event time can be accurately tracked.
data.update({'configuration': {}})
items = list(CurrentVPCModel.query(arn, limit=1))
if items:
model_dict = items[0].__dict__['attribute_values'].copy()
model_dict.update(data)
model = CurrentVPCModel(**model_dict)
model.save()
return model
return None
def test_filter_request_parameters():
from historical.common.cloudwatch import filter_request_parameters
event = CloudwatchEventFactory(detail=DetailFactory(
requestParameters={'GroupId': 'sg-4e386e31'}))
data = json.loads(json.dumps(event, default=serialize))
assert filter_request_parameters('GroupId', data) == 'sg-4e386e31'
