def sort_vpc_flow_logs_callback(self, current_config, path, current_path, flow_log_id, callback_args):
attached_resource = current_config['resource_id']
if attached_resource.startswith('vpc-'):
vpc_path = combine_paths(
current_path[0:4], ['vpcs', attached_resource])
try:
attached_vpc = get_object_at(self, vpc_path)
except Exception:
print_debug(
'It appears that the flow log %s is attached to a resource that was previously deleted (%s).' % (
flow_log_id, attached_resource))
return
manage_dictionary(attached_vpc, 'flow_logs', [])
if flow_log_id not in attached_vpc['flow_logs']:
attached_vpc['flow_logs'].append(flow_log_id)
for subnet_id in attached_vpc['subnets']:
manage_dictionary(
attached_vpc['subnets'][subnet_id], 'flow_logs', [])
if flow_log_id not in attached_vpc['subnets'][subnet_id]['flow_logs']:
attached_vpc['subnets'][subnet_id]['flow_logs'].append(
flow_log_id)
elif attached_resource.startswith('subnet-'):
subnet_path = combine_paths(current_path[0:4],
['vpcs', self.subnet_map[attached_resource]['vpc_id'], 'subnets',
attached_resource])
subnet = get_object_at(self, subnet_path)
manage_dictionary(subnet, 'flow_logs', [])
if flow_log_id not in subnet['flow_logs']:
subnet['flow_logs'].append(flow_log_id)
else:
print_exception('Resource %s attached to flow logs is not handled' % attached_resource)
def sort_vpc_flow_logs_callback(self, current_config, path, current_path, flow_log_id, callback_args):
attached_resource = current_config['ResourceId']
if attached_resource.startswith('vpc-'):
vpc_path = combine_paths(current_path[0:4], ['vpcs', attached_resource])
try:
attached_vpc = get_object_at(self, vpc_path)
except Exception as e:
printDebug(
'It appears that the flow log %s is attached to a resource that was previously deleted (%s).' % (
flow_log_id, attached_resource))
return
manage_dictionary(attached_vpc, 'flow_logs', [])
if flow_log_id not in attached_vpc['flow_logs']:
attached_vpc['flow_logs'].append(flow_log_id)
for subnet_id in attached_vpc['subnets']:
manage_dictionary(attached_vpc['subnets'][subnet_id], 'flow_logs', [])
if flow_log_id not in attached_vpc['subnets'][subnet_id]['flow_logs']:
attached_vpc['subnets'][subnet_id]['flow_logs'].append(flow_log_id)
elif attached_resource.startswith('subnet-'):
subnet_path = combine_paths(current_path[0:4],
['vpcs', self.subnet_map[attached_resource]['vpc_id'], 'subnets', attached_resource])
subnet = get_object_at(self, subnet_path)
manage_dictionary(subnet, 'flow_logs', [])
if flow_log_id not in subnet['flow_logs']:
subnet['flow_logs'].append(flow_log_id)
# TODO this is pre-merge (from Loic) code
# all_vpcs = get_object_at(self, combine_paths(current_path[0:2], ['vpcs']))
# for vpc in self.services['vpc']:
# if attached_resource in all_vpcs[vpc]['subnets']:
# manage_dictionary(all_vpcs[vpc]['subnets'][attached_resource], 'flow_logs', [])
# if flow_log_id not in all_vpcs[vpc]['subnets'][attached_resource]['flow_logs']:
# all_vpcs[vpc]['subnets'][attached_resource]['flow_logs'].append(flow_log_id)
# break
else:
printError('Resource %s attached to flow logs is not handled' % attached_resource)
def match_security_groups_and_resources_callback(self, current_config,
path, current_path,
resource_id,
callback_args):
service = current_path[1]
original_resource_path = combine_paths(copy.deepcopy(current_path),
[resource_id])
resource = get_object_at(self, original_resource_path)
if not 'resource_id_path' in callback_args:
resource_type = current_path[-1]
resource_path = copy.deepcopy(current_path)
resource_path.append(resource_id)
else:
resource_path = combine_paths(copy.deepcopy(current_path),
callback_args['resource_id_path'])
resource_id = resource_path[-1]
resource_type = resource_path[-2]
if 'status_path' in callback_args:
status_path = combine_paths(copy.deepcopy(original_resource_path),
callback_args['status_path'])
resource_status = get_object_at(self,
status_path).replace('.', '_')
else:
resource_status = None
unknown_vpc_id = True if current_path[4] != 'vpcs' else False
# Issue 89 & 91 : can instances have no security group?
try:
try:
sg_attribute = get_object_at(
resource, callback_args['sg_list_attribute_name'])
except:
return
if type(sg_attribute) != list:
sg_attribute = [sg_attribute]
for resource_sg in sg_attribute:
if type(resource_sg) == dict:
sg_id = resource_sg[callback_args['sg_id_attribute_name']]
else:
sg_id = resource_sg
if unknown_vpc_id:
vpc_id = self.sg_map[sg_id]['vpc_id']
sg_base_path = copy.deepcopy(current_path[0:4])
sg_base_path[1] = 'ec2'
sg_base_path = sg_base_path + [
'vpcs', vpc_id, 'security_groups'
]
else:
sg_base_path = copy.deepcopy(current_path[0:6])
sg_base_path[1] = 'ec2'
sg_base_path.append('security_groups')
sg_path = copy.deepcopy(sg_base_path)
sg_path.append(sg_id)
sg = get_object_at(self, sg_path)
# Add usage information
manage_dictionary(sg, 'used_by', {})
manage_dictionary(sg['used_by'], service, {})
manage_dictionary(sg['used_by'][service], 'resource_type', {})
manage_dictionary(sg['used_by'][service]['resource_type'],
resource_type, {} if resource_status else [])
if resource_status:
manage_dictionary(
sg['used_by'][service]['resource_type'][resource_type],
resource_status, [])
if not resource_id in sg['used_by'][service][
'resource_type'][resource_type][resource_status]:
sg['used_by'][service]['resource_type'][resource_type][
resource_status].append(resource_id)
else:
sg['used_by'][service]['resource_type'][
resource_type].append(resource_id)
except Exception as e:
region = current_path[3]
vpc_id = current_path[5]
if vpc_id == ec2_classic and resource_type == 'elbs':
pass
else:
printError('Failed to parse %s in %s in %s' %
(resource_type, vpc_id, region))
printException(e)
def match_security_groups_and_resources_callback(self, current_config, path, current_path, resource_id,
callback_args):
if 'ec2' in self.service_list: # validate that the service was included in run
service = current_path[1]
original_resource_path = combine_paths(
copy.deepcopy(current_path), [resource_id])
resource = get_object_at(self, original_resource_path)
if 'resource_id_path' not in callback_args:
resource_type = current_path[-1]
resource_path = copy.deepcopy(current_path)
resource_path.append(resource_id)
else:
resource_path = combine_paths(copy.deepcopy(
current_path), callback_args['resource_id_path'])
resource_id = resource_path[-1]
resource_type = resource_path[-2]
if 'status_path' in callback_args:
status_path = combine_paths(copy.deepcopy(
original_resource_path), callback_args['status_path'])
resource_status = get_object_at(self, status_path).replace('.', '_')
else:
resource_status = None
unknown_vpc_id = True if current_path[4] != 'vpcs' else False
# Issue 89 & 91 : can instances have no security group?
try:
try:
sg_attribute = get_object_at(
resource, callback_args['sg_list_attribute_name'])
except Exception as e:
return
if type(sg_attribute) != list:
sg_attribute = [sg_attribute]
for resource_sg in sg_attribute:
if type(resource_sg) == dict:
sg_id = resource_sg[callback_args['sg_id_attribute_name']]
else:
sg_id = resource_sg
if unknown_vpc_id:
vpc_id = self.sg_map[sg_id]['vpc_id']
sg_base_path = copy.deepcopy(current_path[0:4])
sg_base_path[1] = 'ec2'
sg_base_path = sg_base_path + \
['vpcs', vpc_id, 'security_groups']
else:
sg_base_path = copy.deepcopy(current_path[0:6])
sg_base_path[1] = 'ec2'
sg_base_path.append('security_groups')
sg_path = copy.deepcopy(sg_base_path)
sg_path.append(sg_id)
sg = get_object_at(self, sg_path)
# Add usage information
manage_dictionary(sg, 'used_by', {})
manage_dictionary(sg['used_by'], service, {})
manage_dictionary(sg['used_by'][service], 'resource_type', {})
manage_dictionary(sg['used_by'][service]['resource_type'], resource_type, {
} if resource_status else [])
if resource_status:
manage_dictionary(
sg['used_by'][service]['resource_type'][resource_type], resource_status, [])
if resource_id not in sg['used_by'][service]['resource_type'][resource_type][resource_status]:
sg['used_by'][service]['resource_type'][resource_type][resource_status].append(
{'id': resource_id, 'name': resource['name']})
else:
sg['used_by'][service]['resource_type'][resource_type].append(
{'id': resource_id, 'name': resource['name']})
except Exception as e:
if resource_type == 'elbs' and current_path[5] == ec2_classic:
pass
elif not self.services['ec2']: # service not included in run
pass
elif not str(e):
print_exception(f'Failed to parse {resource_type}')
else:
print_exception(f'Failed to parse {resource_type}: {e}')
