Merge pull request #28 from cloudgraphdev/feature/subs

feat: Create azureSubscription service to contain all the data under one subscription
cloudgraphdev · Jul 27, 2022 · 3ff0f56 · 3ff0f56
2 parents 6b01d16 + 8b66479
commit 3ff0f56
Show file tree

Hide file tree

Showing 11 changed files with 431 additions and 4 deletions.
diff --git a/src/enums/schemasMap.ts b/src/enums/schemasMap.ts
@@ -4,6 +4,7 @@ import services from './services'
  * schemasMap is an object that contains schemas name by resource
  */
 export default {
+  subscription: 'azureSubscription',
   [services.actionGroup]: 'azureActionGroup',
   [services.activityLogAlerts]: 'azureActivityLogAlert',
   [services.adApplication]: 'azureADApplication',
@@ -29,8 +30,6 @@ export default {
   [services.cdnCustomDomains]: 'azureCdnCustomDomain',
   [services.cdnEndpoints]: 'azureCdnEndpoint',
   [services.cdnOriginGroups]: 'azureCdnOriginGroup',
-  [services.cdnOriginGroups]: 'azureCdnOriginGroup',
-  [services.cdnOrigins]: 'azureCdnOrigin',
   [services.cdnOrigins]: 'azureCdnOrigin',
   [services.cdnProfiles]: 'azureCdnProfile',
   [services.cognitiveServicesAccount]: 'azureCognitiveServicesAccount',
@@ -72,6 +71,7 @@ export default {
   [services.replicationAppliances]: 'azureReplicationAppliance',
   [services.replicationCenters]: 'azureReplicationCenter',
   [services.replicationNetworks]: 'azureReplicationNetwork',
+  [services.replicationPolicies]: 'azureReplicationPolicies',
   [services.resourceGroup]: 'azureResourceGroup',
   [services.securityAssesments]: 'azureSecurityAssesment',
   [services.securityContacts]: 'azureSecurityContact',

diff --git a/src/enums/serviceAliases.ts b/src/enums/serviceAliases.ts
@@ -0,0 +1,81 @@
+import services from './services'
+
+export default {
+  [services.actionGroup]: 'actionGroups',
+  [services.activityLogAlerts]: 'activityLogAlerts',
+  [services.aksManagedCluster]: 'aksManagedClusters',
+  [services.appServiceEnvironment]: 'appServiceEnvironments',
+  [services.appInsights]: 'appInsights',
+  [services.appServicePlan]: 'appServicePlans',
+  [services.appServiceWebApp]: 'appServiceWebApps',
+  [services.arcConnectedCluster]: 'arcConnectedClusters',
+  [services.authRoleAssignment]: 'authRoleAssignments',
+  [services.authRoleDefinition]: 'authRoleDefinitions',
+  [services.autoProvisioningSettings]: 'autoProvisioningSettings',
+  [services.backupVault]: 'backupVaults',
+  [services.backupInstance]: 'backupInstances',
+  [services.backupPolicy]: 'backupPolicies',
+  [services.cdnCustomDomains]: 'cdnCustomDomains',
+  [services.cdnEndpoints]: 'cdnEndpoints',
+  [services.cdnOriginGroups]: 'cdnOriginGroups',
+  [services.cdnOrigins]: 'cdnOrigins',
+  [services.cdnProfiles]: 'cdnProfiles',
+  [services.cognitiveServicesAccount]: 'cognitiveServicesAccounts',
+  [services.containerRegistry]: 'containerRegistries',
+  [services.cosmosDb]: 'cosmosDbs',
+  [services.dataCollectionRule]: 'dataCollectionRules',
+  [services.dataFactory]: 'dataFactories',
+  [services.databaseManagedSqlInstance]: 'databaseManagedSqlInstances',
+  [services.databaseMySql]: 'databaseMySql',
+  [services.databasePostgreSql]: 'databasePostgreSql',
+  [services.databaseSqlVm]: 'databaseSqlVm',
+  [services.databaseSql]: 'databaseSql',
+  [services.dataLakeStorageAccounts]: 'dataLakeStorageAccounts',
+  [services.diagnosticSettings]: 'diagnosticSettings',
+  [services.disk]: 'disks',
+  [services.dns]: 'dnsZones',
+  [services.eventGrid]: 'eventGrids',
+  [services.eventHub]: 'eventHubs',
+  [services.expressRouteGateways]: 'expressRouteGateways',
+  [services.fileShare]: 'fileShares',
+  [services.firewall]: 'firewalls',
+  [services.functionApp]: 'functionApps',
+  [services.integrationRuntime]: 'integrationRuntimes',
+  [services.keyVault]: 'keyVaults',
+  [services.loadBalancer]: 'loadBalancers',
+  [services.logAnalyticsSolution]: 'logAnalyticsSolutions',
+  [services.logAnalyticsWorkspace]: 'logAnalyticsWorkspaces',
+  [services.logProfiles]: 'logProfiles',
+  [services.machineLearningWorkspaces]: 'machineLearningWorkspaces',
+  [services.metricAlert]: 'metricAlerts',
+  [services.mySqlServers]: 'mySqlServers',
+  [services.networkInterface]: 'networkInterfaces',
+  [services.policyAssignment]: 'policyAssignments',
+  [services.postgreSqlServers]: 'postgreSqlServers',
+  [services.privateDns]: 'privateDnsZones',
+  [services.publicIp]: 'publicIps',
+  [services.recoveryVaults]: 'recoveryVaults',
+  [services.redisCaches]: 'redisCaches',
+  [services.replicationAppliances]: 'replicationAppliances',
+  [services.replicationCenters]: 'replicationCenters',
+  [services.replicationNetworks]: 'replicationNetworks',
+  [services.replicationPolicies]: 'replicationPolicies',
+  [services.resourceGroup]: 'resourceGroups',
+  [services.securityAssesments]: 'securityAssesments',
+  [services.securityContacts]: 'securityContacts',
+  [services.securityGroup]: 'securityGroups',
+  [services.securityPricings]: 'securityPricings',
+  [services.securitySettings]: 'securitySettings',
+  [services.serviceBus]: 'serviceBuses',
+  [services.sqlServers]: 'sqlServers',
+  [services.storageAccount]: 'storageAccounts',
+  [services.storageBlob]: 'storageBlobs',
+  [services.storageContainer]: 'storageContainers',
+  [services.synapseBigDataPools]: 'synapseBigDataPools',
+  [services.synapseSqlPools]: 'synapseSqlPools',
+  [services.synapseWorkspaces]: 'synapseWorkspaces',
+  [services.trafficManagerProfile]: 'trafficManagerProfiles',
+  [services.virtualMachineScaleSet]: 'virtualMachineScaleSets',
+  [services.virtualMachine]: 'virtualMachines',
+  [services.virtualNetwork]: 'virtualNetworks',
+}
diff --git a/src/enums/serviceMap.ts b/src/enums/serviceMap.ts
@@ -84,12 +84,14 @@ import AzureBackupInstance from '../services/backupInstance'
 import AzureBackupPolicy from '../services/backupPolicy'
 import AzureBilling from '../services/billing'
 import AzureLogProfiles from '../services/logProfiles'
+import Subscription from '../services/subscription'
 
 /**
  * serviceMap is an object that contains all currently supported services for AWS
  * serviceMap is used by the serviceFactory to produce instances of service classes
  */
 export default {
+  subscription: Subscription,
   [services.actionGroup]: AzureActionGroup,
   [services.activityLogAlerts]: AzureActivityLogAlerts,
   [services.adApplication]: AzureADApplication,

diff --git a/src/services/base/enhancers.ts b/src/services/base/enhancers.ts
@@ -0,0 +1,48 @@
+import { ProviderData } from '@cloudgraph/sdk'
+import { rawDataInterface } from '../../types'
+import { checkAndMergeConnections } from '../../utils'
+import addSubscriptionConnections from '../subscription/connections'
+
+/**
+ * Data Enhancers
+ */
+export interface EnhancerConfig {
+  rawData: rawDataInterface[]
+  subscriptions: { id: string; accountId: string; regions: string[] }[]
+  configuredRegions: string
+  data: ProviderData
+}
+
+/**
+ * Generates Azure services connections to Scanned subscriptions
+ * @param {EnhancerConfig} subscriptions Scanned subscriptions
+ * @param {EnhancerConfig} data Azure Services fetched data
+ * @returns {ProviderData}
+ */
+export const connectAzureServicesToSubscription = ({
+  subscriptions,
+  data,
+}: EnhancerConfig): ProviderData => {
+  let subscriptionsConnections = {}
+  for (const account of subscriptions) {
+    const connections = addSubscriptionConnections({
+      service: account,
+      data: data.entities,
+    })
+    subscriptionsConnections = {
+      ...subscriptionsConnections,
+      ...connections,
+    }
+  }
+  return {
+    entities: data.entities,
+    connections: checkAndMergeConnections(
+      data.connections,
+      subscriptionsConnections
+    ),
+  }
+}
+
+export default [
+  { name: 'subscription', enhancer: connectAzureServicesToSubscription },
+]
diff --git a/src/services/index.ts b/src/services/index.ts
@@ -32,6 +32,7 @@ import {
   getClientSecretCredentials,
   getTokenCredentials,
 } from '../utils/authUtils'
+import enhancers, { EnhancerConfig } from './base/enhancers'
 
 export const enums = {
   services,
@@ -473,6 +474,26 @@ export default class Provider extends CloudGraph.Client {
     return result
   }
 
+  private enhanceData({ data, ...config }: EnhancerConfig): ProviderData {
+    let enhanceData = {
+      entities: data.entities,
+      connections: data.connections,
+    }
+    for (const { name, enhancer } of enhancers) {
+      try {
+        enhanceData = enhancer({ ...config, data: enhanceData })
+      } catch (error: any) {
+        this.logger.error(
+          `There was an error enriching Azure data with ${name} data`
+        )
+        this.logger.debug(error)
+        return enhanceData
+      }
+    }
+
+    return enhanceData
+  }
+
   /**
    * getData is used to fetch all provider data specified in the config for the provider
    * @param opts: A set of optional values to configure how getData works
@@ -519,10 +540,18 @@ export default class Provider extends CloudGraph.Client {
     let rawData: rawDataInterface[] = []
     const tagRegion = GLOBAL_REGION
     const tags = { name: 'tag', data: { [tagRegion]: [] } }
-
+    const subscriptions = {
+      className: 'AzureSubscription',
+      name: 'subscription',
+      data: { [GLOBAL_REGION]: [] },
+    }
     for (const account of configuredAccounts) {
       const newRawData = await this.getRawData(account, opts)
       rawData = [...rawData, ...newRawData]
+      subscriptions.data[GLOBAL_REGION].push({
+        id: account.subscriptionId,
+        regions: configuredRegions.split(','),
+      })
     }
 
     // Handle global tag entities
@@ -549,6 +578,7 @@ export default class Provider extends CloudGraph.Client {
           })
         }
       }
+      rawData.push(subscriptions)
       const existingTagsIdx = rawData.findIndex(({ name }) => {
         return name === 'tag'
       })
@@ -670,6 +700,12 @@ export default class Provider extends CloudGraph.Client {
       )
       this.logger.debug(error)
     }
-    return result
+
+    return this.enhanceData({
+      subscriptions: subscriptions.data[GLOBAL_REGION],
+      configuredRegions,
+      rawData,
+      data: result,
+    })
   }
 }
diff --git a/src/services/subscription/connections.ts b/src/services/subscription/connections.ts
@@ -0,0 +1,46 @@
+import { Entity, ServiceConnection } from '@cloudgraph/sdk'
+import { flatMap } from 'lodash'
+import services from '../../enums/services'
+import aliases from '../../enums/serviceAliases'
+
+export default ({
+  service,
+  data,
+}: {
+  service: { id: string; regions: string[] }
+  data: Entity[]
+}): {
+  [property: string]: ServiceConnection[]
+} => {
+  const { id: subscriptionId } = service
+  const connections: ServiceConnection[] = []
+  const connectTo = Object.values(services)
+
+  for (const serviceName of connectTo) {
+    const instances: {
+      name: string
+      data: { [property: string]: any[] }
+    } = data.find(({ name }) => name === serviceName)
+
+    if (instances?.data) {
+      const filtered = flatMap(instances.data).filter(
+        i => i.subscriptionId === subscriptionId
+      )
+
+      for (const instance of filtered) {
+        if (instance) {
+          connections.push({
+            id: instance.id,
+            resourceType: serviceName,
+            relation: 'child',
+            field: aliases[serviceName] ? aliases[serviceName] : serviceName,
+          })
+        }
+      }
+    }
+  }
+
+  return {
+    [subscriptionId]: connections,
+  }
+}
diff --git a/src/services/subscription/index.ts b/src/services/subscription/index.ts
@@ -0,0 +1,11 @@
+import { Service } from '@cloudgraph/sdk'
+import BaseService from '../base'
+import mutation from './mutation'
+
+export default class AzureSubscription extends BaseService implements Service {
+  format = ({ service }: { service: any }): any => service
+
+  getData
+
+  mutation = mutation
+}
diff --git a/src/services/subscription/mutation.ts b/src/services/subscription/mutation.ts
@@ -0,0 +1,5 @@
+export default `mutation($input: [AddazureSubscriptionInput!]!) {
+  addazureSubscription(input: $input, upsert: true) {
+    numUids
+  }
+}`
diff --git a/src/services/subscription/schema.graphql b/src/services/subscription/schema.graphql
@@ -0,0 +1,81 @@
+type azureSubscription implements azureBaseResource @key(fields: "id") {
+  regions: [String] @search(by: [hash])
+  actionGroups: [azureActionGroup]
+  activityLogAlerts: [azureActivityLogAlert],
+  aksManagedClusters: [azureAksManagedCluster]
+  appInsights: [azureAppInsights]
+  appServiceEnvironments: [azureAppServiceEnvironment]
+  appServicePlans: [azureAppServicePlan]
+  appServiceWebApps: [azureAppServiceWebApp]
+  arcConnectedClusters: [azureArcConnectedCluster]
+  authRoleAssignments: [azureAuthRoleAssignment]
+  authRoleDefinitions: [azureAuthRoleDefinition]
+  autoProvisioningSettings: [azureAutoProvisioningSetting]
+  backupVaults: [azureBackupVault]
+  backupInstances: [azureBackupInstance]
+  backupPolicies: [azureBackupPolicy]
+  billing: [azureBilling]
+  cdnCustomDomains: [azureCdnCustomDomain]
+  cdnEndpoints: [azureCdnEndpoint]
+  cdnProfiles: [azureCdnProfile]
+  cognitiveServicesAccounts: [azureCognitiveServicesAccount]
+  containerRegistries: [azureContainerRegistry]
+  cosmosDbs: [azureCosmosDb]
+  databaseManagedSqlInstances: [azureDatabaseManagedSqlInstance]
+  databaseMySql: [azureDatabaseMySql]
+  databasePostgreSql: [azureDatabasePostgreSql]
+  databaseSql: [azureDatabaseSql]
+  databaseSqlVm: [azureDatabaseSqlVm]
+  dataCollectionRules: [azureDataCollectionRule]
+  dataFactories: [azureDataFactory]
+  dataLakeStorageAccounts: [azureDataLakeStorageAccount]
+  diagnosticSettings: [azureDiagnosticSetting]
+  disks: [azureDisk]
+  dnsZoneRecordSets: [azureDnsZoneRecordSet]
+  dnsZones: [azureDnsZone]
+  eventGrids: [azureEventGrid],
+  eventHubs: [azureEventHub],
+  expressRouteGateways: [azureExpressRouteGateway]
+  fileShares: [azureFileShare]
+  firewalls: [azureFirewall]
+  functionApps: [azureFunctionApp]
+  integrationRuntimes: [azureIntegrationRuntime],
+  keyVaults: [azureKeyVault]
+  loadBalancers: [azureLoadBalancer]
+  logAnalyticsSolutions: [azureLogAnalyticsSolution]
+  logAnalyticsWorkspaces: [azureLogAnalyticsWorkspace]
+  logProfiles: [azureLogProfile]
+  machineLearningWorkspaces: [azureMachineLearningWorkspace]
+  metricAlerts: [azureMetricAlert]
+  mySqlServers: [azureMySqlServer]
+  networkInterfaces: [azureNetworkInterface]
+  networkSecurityGroups: [azureNetworkSecurityGroup]
+  policyAssignments: [azurePolicyAssignment]
+  postgreSqlServers: [azurePostgreSqlServer]
+  privateDnsZones: [azurePrivateDnsZone]
+  publicIps: [azurePublicIp]
+  recoveryVaults: [azureRecoveryVault]
+  redisCaches: [azureRedisCache]
+  replicationAppliances: [azureReplicationAppliance]
+  replicationCenters: [azureReplicationCenter]
+  replicationNetworks: [azureReplicationNetwork]
+  replicationPolicies: [azureReplicationPolicy]
+  resourceGroups: [azureResourceGroup]
+  securityAssesments: [azureSecurityAssesment],
+  securityContacts: [azureSecurityContact]
+  securityGroups: [azureNetworkSecurityGroup]
+  securityPricings: [azureSecurityPricing]
+  securitySettings: [azureSecuritySetting]
+  serviceBuses: [azureServiceBus]
+  sqlServers: [azureSqlServer]
+  storageAccounts: [azureStorageAccount]
+  storageBlobs: [azureStorageBlob]
+  storageContainers: [azureStorageContainer]
+  synapseBigDataPools: [azureSynapseBigDataPool]
+  synapseSqlPools: [azureSynapseSqlPool]
+  synapseWorkspaces: [azureSynapseWorkspace]
+  trafficManagerProfiles: [azureTrafficManagerProfile]
+  virtualMachines: [azureVirtualMachine]
+  virtualMachineScaleSets: [azureVirtualMachineScaleSet]
+  virtualNetworks: [azureVirtualNetwork]
+}