12691320256

Committed 09 Jan 2025 01:54PM UTC coverage: 76.015% (+0.5%) from 75.552%

Build # 12691320256

Build Type

Pull #2879

github

Committed by

romulets

Commit Message

Add removed ids to related item ids

Pull Request Pull Request #2879: Refactor asset inventory

Run Details

181 of 190 new or added lines in 17 files covered. (95.26%)

2 existing lines in 2 files now uncovered.

8595 of 11307 relevant lines covered (76.01%)

16.53 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/internal/inventory/awsfetcher/fetcher_networking.go

// Licensed to Elasticsearch B.V. under one or more contributor
// license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright
// ownership. Elasticsearch B.V. licenses this file to you under
// the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

package awsfetcher

import (
        "context"

        "github.com/elastic/elastic-agent-libs/logp"

        "github.com/elastic/cloudbeat/internal/dataprovider/providers/cloud"
        "github.com/elastic/cloudbeat/internal/inventory"
        "github.com/elastic/cloudbeat/internal/resources/providers/awslib"
        "github.com/elastic/cloudbeat/internal/resources/providers/awslib/ec2"
        "github.com/elastic/cloudbeat/internal/resources/utils/pointers"
)

type networkingFetcher struct {
        logger      *logp.Logger
        provider    networkingProvider
        AccountId   string
        AccountName string
}

type (
        networkDescribeFunc func(context.Context) ([]awslib.AwsResource, error)
        networkingProvider  interface {
                DescribeInternetGateways(context.Context) ([]awslib.AwsResource, error)
                DescribeNatGateways(context.Context) ([]awslib.AwsResource, error)
                DescribeNetworkAcl(context.Context) ([]awslib.AwsResource, error)
                DescribeNetworkInterfaces(context.Context) ([]awslib.AwsResource, error)
                DescribeSecurityGroups(context.Context) ([]awslib.AwsResource, error)
                DescribeSubnets(context.Context) ([]awslib.AwsResource, error)
                DescribeTransitGatewayAttachments(context.Context) ([]awslib.AwsResource, error)
                DescribeTransitGateways(context.Context) ([]awslib.AwsResource, error)
                DescribeVpcPeeringConnections(context.Context) ([]awslib.AwsResource, error)
                DescribeVpcs(context.Context) ([]awslib.AwsResource, error)
        }
)

func newNetworkingFetcher(logger *logp.Logger, identity *cloud.Identity, provider networkingProvider) inventory.AssetFetcher {
        return &networkingFetcher{
                logger:      logger,
                provider:    provider,
                AccountId:   identity.Account,
                AccountName: identity.AccountAlias,
        }
}

func (s *networkingFetcher) Fetch(ctx context.Context, assetChannel chan<- inventory.AssetEvent) {
        resourcesToFetch := []struct {
                name           string
                function       networkDescribeFunc
                classification inventory.AssetClassification
        }{
                {"Internet Gateways", s.provider.DescribeInternetGateways, inventory.AssetClassificationAwsInternetGateway},
                {"NAT Gateways", s.provider.DescribeNatGateways, inventory.AssetClassificationAwsNatGateway},
                {"Network ACLs", s.provider.DescribeNetworkAcl, inventory.AssetClassificationAwsNetworkAcl},
                {"Network Interfaces", s.provider.DescribeNetworkInterfaces, inventory.AssetClassificationAwsNetworkInterface},
                {"Security Groups", s.provider.DescribeSecurityGroups, inventory.AssetClassificationAwsSecurityGroup},
                {"Subnets", s.provider.DescribeSubnets, inventory.AssetClassificationAwsSubnet},
                {"Transit Gateways", s.provider.DescribeTransitGateways, inventory.AssetClassificationAwsTransitGateway},
                {"Transit Gateway Attachments", s.provider.DescribeTransitGatewayAttachments, inventory.AssetClassificationAwsTransitGatewayAttachment},
                {"VPC Peering Connections", s.provider.DescribeVpcPeeringConnections, inventory.AssetClassificationAwsVpcPeeringConnection},
                {"VPCs", s.provider.DescribeVpcs, inventory.AssetClassificationAwsVpc},
        }
        for _, r := range resourcesToFetch {
                s.fetch(ctx, r.name, r.function, r.classification, assetChannel)
        }
}

func (s *networkingFetcher) fetch(ctx context.Context, resourceName string, function networkDescribeFunc, classification inventory.AssetClassification, assetChannel chan<- inventory.AssetEvent) {
        s.logger.Infof("Fetching %s", resourceName)
        defer s.logger.Infof("Fetching %s - Finished", resourceName)

        awsResources, err := function(ctx)
        if err != nil {
                s.logger.Errorf("Could not fetch %s: %v", resourceName, err)
                return
        }

        for _, item := range awsResources {
                assetChannel <- inventory.NewAssetEvent(
                        classification,
                        item.GetResourceArn(),
                        item.GetResourceName(),
                        inventory.WithRelatedAssetIds([]string{pointers.Deref(s.retrieveId(item))}),
                        inventory.WithRawAsset(item),
                        inventory.WithCloud(inventory.Cloud{
                                Provider:    inventory.AwsCloudProvider,
                                Region:      item.GetRegion(),
                                AccountID:   s.AccountId,
                                AccountName: s.AccountName,
                                ServiceName: "AWS Networking",
                        }),
                )
        }
}

func (s *networkingFetcher) retrieveId(awsResource awslib.AwsResource) *string {
        switch resource := awsResource.(type) {
        case *ec2.InternetGatewayInfo:
                return resource.InternetGateway.InternetGatewayId
        case *ec2.NatGatewayInfo:
                return resource.NatGateway.NatGatewayId
        case *ec2.NACLInfo:
                return resource.NetworkAclId
        case *ec2.NetworkInterfaceInfo:
                return resource.NetworkInterface.NetworkInterfaceId
        case *ec2.SecurityGroup:
                return resource.GroupId
        case *ec2.SubnetInfo:
                return resource.Subnet.SubnetId
        case *ec2.TransitGatewayAttachmentInfo:
                return resource.TransitGatewayAttachment.TransitGatewayAttachmentId
        case *ec2.TransitGatewayInfo:
                return resource.TransitGateway.TransitGatewayId
        case *ec2.VpcPeeringConnectionInfo:
                return resource.VpcPeeringConnection.VpcPeeringConnectionId
        case *ec2.VpcInfo:
                return resource.Vpc.VpcId
        default:
                s.logger.Warnf("Unsupported Networking Fetcher type %T (id)", resource)
                return nil
        }
}

1	// Licensed to Elasticsearch B.V. under one or more contributor
2	// license agreements. See the NOTICE file distributed with
3	// this work for additional information regarding copyright
4	// ownership. Elasticsearch B.V. licenses this file to you under
5	// the Apache License, Version 2.0 (the "License"); you may
6	// not use this file except in compliance with the License.
7	// You may obtain a copy of the License at
8	//
9	// http://www.apache.org/licenses/LICENSE-2.0
10	//
11	// Unless required by applicable law or agreed to in writing,
12	// software distributed under the License is distributed on an
13	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14	// KIND, either express or implied. See the License for the
15	// specific language governing permissions and limitations
16	// under the License.
17
18	package awsfetcher
19
20	import (
21	"context"
22
23	"github.com/elastic/elastic-agent-libs/logp"
24
25	"github.com/elastic/cloudbeat/internal/dataprovider/providers/cloud"
26	"github.com/elastic/cloudbeat/internal/inventory"
27	"github.com/elastic/cloudbeat/internal/resources/providers/awslib"
28	"github.com/elastic/cloudbeat/internal/resources/providers/awslib/ec2"
29	"github.com/elastic/cloudbeat/internal/resources/utils/pointers"
30	)
31
32	type networkingFetcher struct {
33	logger *logp.Logger
34	provider networkingProvider
35	AccountId string
36	AccountName string
37	}
38
39	type (
40	networkDescribeFunc func(context.Context) ([]awslib.AwsResource, error)
41	networkingProvider interface {
42	DescribeInternetGateways(context.Context) ([]awslib.AwsResource, error)
43	DescribeNatGateways(context.Context) ([]awslib.AwsResource, error)
44	DescribeNetworkAcl(context.Context) ([]awslib.AwsResource, error)
45	DescribeNetworkInterfaces(context.Context) ([]awslib.AwsResource, error)
46	DescribeSecurityGroups(context.Context) ([]awslib.AwsResource, error)
47	DescribeSubnets(context.Context) ([]awslib.AwsResource, error)
48	DescribeTransitGatewayAttachments(context.Context) ([]awslib.AwsResource, error)
49	DescribeTransitGateways(context.Context) ([]awslib.AwsResource, error)
50	DescribeVpcPeeringConnections(context.Context) ([]awslib.AwsResource, error)
51	DescribeVpcs(context.Context) ([]awslib.AwsResource, error)
52	}
53	)
54
55	func newNetworkingFetcher(logger logp.Logger, identity cloud.Identity, provider networkingProvider) inventory.AssetFetcher {	×
56	return &networkingFetcher{	×
57	logger: logger,	×
58	provider: provider,	×
59	AccountId: identity.Account,	×
60	AccountName: identity.AccountAlias,	×
61	}	×
62	}	×
63
64	func (s *networkingFetcher) Fetch(ctx context.Context, assetChannel chan<- inventory.AssetEvent) {	×
65	resourcesToFetch := []struct {	×
66	name string	×
67	function networkDescribeFunc	×
68	classification inventory.AssetClassification	×
69	}{	×
70	{"Internet Gateways", s.provider.DescribeInternetGateways, inventory.AssetClassificationAwsInternetGateway},	×
71	{"NAT Gateways", s.provider.DescribeNatGateways, inventory.AssetClassificationAwsNatGateway},	×
72	{"Network ACLs", s.provider.DescribeNetworkAcl, inventory.AssetClassificationAwsNetworkAcl},	×
73	{"Network Interfaces", s.provider.DescribeNetworkInterfaces, inventory.AssetClassificationAwsNetworkInterface},	×
74	{"Security Groups", s.provider.DescribeSecurityGroups, inventory.AssetClassificationAwsSecurityGroup},	×
75	{"Subnets", s.provider.DescribeSubnets, inventory.AssetClassificationAwsSubnet},	×
76	{"Transit Gateways", s.provider.DescribeTransitGateways, inventory.AssetClassificationAwsTransitGateway},	×
77	{"Transit Gateway Attachments", s.provider.DescribeTransitGatewayAttachments, inventory.AssetClassificationAwsTransitGatewayAttachment},	×
78	{"VPC Peering Connections", s.provider.DescribeVpcPeeringConnections, inventory.AssetClassificationAwsVpcPeeringConnection},	×
79	{"VPCs", s.provider.DescribeVpcs, inventory.AssetClassificationAwsVpc},	×
80	}	×
81	for _, r := range resourcesToFetch {	×
82	s.fetch(ctx, r.name, r.function, r.classification, assetChannel)	×
83	}	×
84	}
85
86	func (s *networkingFetcher) fetch(ctx context.Context, resourceName string, function networkDescribeFunc, classification inventory.AssetClassification, assetChannel chan<- inventory.AssetEvent) {	×
87	s.logger.Infof("Fetching %s", resourceName)	×
88	defer s.logger.Infof("Fetching %s - Finished", resourceName)	×
89		×
90	awsResources, err := function(ctx)	×
91	if err != nil {	×
92	s.logger.Errorf("Could not fetch %s: %v", resourceName, err)	×
93	return	×
94	}	×
95
96	for _, item := range awsResources {	×
97	assetChannel <- inventory.NewAssetEvent(	×
98	classification,	×
NEW 99	item.GetResourceArn(),	×
100	item.GetResourceName(),	×
NEW 101	inventory.WithRelatedAssetIds([]string{pointers.Deref(s.retrieveId(item))}),	×
102	inventory.WithRawAsset(item),	×
NEW 103	inventory.WithCloud(inventory.Cloud{	×
NEW 104	Provider: inventory.AwsCloudProvider,	×
NEW 105	Region: item.GetRegion(),	×
NEW 106	AccountID: s.AccountId,	×
NEW 107	AccountName: s.AccountName,	×
NEW 108	ServiceName: "AWS Networking",	×
109	}),	×
110	)	×
111	}	×
112	}
113
UNCOV 114	func (s networkingFetcher) retrieveId(awsResource awslib.AwsResource) string {	×
115	switch resource := awsResource.(type) {	×
116	case *ec2.InternetGatewayInfo:	×
117	return resource.InternetGateway.InternetGatewayId	×
118	case *ec2.NatGatewayInfo:	×
119	return resource.NatGateway.NatGatewayId	×
120	case *ec2.NACLInfo:	×
121	return resource.NetworkAclId	×
122	case *ec2.NetworkInterfaceInfo:	×
123	return resource.NetworkInterface.NetworkInterfaceId	×
124	case *ec2.SecurityGroup:	×
125	return resource.GroupId	×
126	case *ec2.SubnetInfo:	×
127	return resource.Subnet.SubnetId	×
128	case *ec2.TransitGatewayAttachmentInfo:	×
129	return resource.TransitGatewayAttachment.TransitGatewayAttachmentId	×
130	case *ec2.TransitGatewayInfo:	×
131	return resource.TransitGateway.TransitGatewayId	×
132	case *ec2.VpcPeeringConnectionInfo:	×
133	return resource.VpcPeeringConnection.VpcPeeringConnectionId	×
134	case *ec2.VpcInfo:	×
135	return resource.Vpc.VpcId	×
136	default:	×
137	s.logger.Warnf("Unsupported Networking Fetcher type %T (id)", resource)	×
138	return nil	×
139	}
140	}

elastic / cloudbeat / 12691320256

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous