aws_recon 0.5.24 → 0.5.27

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b8ed454cc2f353e9e3b2d063983ae46d020a3f498fed12da5a958b070d76d92
-  data.tar.gz: 60599857caa5c8b1a9fe73ddd11689cebd70fe318e375b8a65fba9882de0f374
+  metadata.gz: cce979a262416efd0a1dbaf81e121ad470f27de6843675a853079cb281199dcb
+  data.tar.gz: 5eded20d231a31694bafbcde065a11738941f5511e5a3253fd04d8b64a9ad284
 SHA512:
-  metadata.gz: fe8fd51fde0b6f1c1b875c1ca24d71b6e6abc110832814ffb2505e4f5f7c27532019bfd019204d76422181488efe17534705bd52982e9b373212ebe8a8de53a4
-  data.tar.gz: 8cbc656f70d64b70a209a9033a3764c7aabb77a4b103308aee99dbbd341cc7712de959a662e2893646d4ae1367d02fef3e1e4ea392be54d3e873c235a4ca3741
+  metadata.gz: eb267321a1b086650427684322e8449c8db2bbd0d9fcfc7b900fd2104f52f6973a4baa1a5229b4037ee5f36b1613b873d98e8b7a90d59876d9a9f1dd7cf73da9
+  data.tar.gz: a7d19878e37496237020c1fccb9a693eaa8802802ae291fe5cbff27b4d43b538543ac1c7f0a2f26c792c9e41bb454ce5f9e2a11b9d53061f1584ba10979162e3

data/lib/aws_recon/collectors/ecr.rb

@@ -23,6 +23,25 @@ class ECR < Mapper
         struct.policy = @client
                         .get_repository_policy({ repository_name: repo.repository_name }).policy_text.parse_policy
 
+        struct.images = []
+        #
+        # describe images
+        #
+        @client.list_images( {repository_name: repo.repository_name}).image_ids.each_with_index do | image, page |
+          log(response.context.operation_name, 'list_images', page)
+          image_hash = image.to_h
+          # 
+          # describe image scan results
+          #
+          result = @client.describe_image_scan_findings({ repository_name: repo.repository_name, image_id: { image_digest: image.image_digest, image_tag: image.image_tag } })
+          image_hash["image_scan_status"] = result.image_scan_status.to_h
+          image_hash["image_scan_findings"] = result.image_scan_findings.to_h
+
+          rescue Aws::ECR::Errors::ScanNotFoundException => e
+            # No scan result for this image. No action needed
+          ensure
+            struct.images << image_hash
+        end
       rescue Aws::ECR::Errors::ServiceError => e
         log_error(e.code)
 
@@ -40,7 +59,8 @@ class ECR < Mapper
   # not an error
   def suppressed_errors
     %w[
-      RepositoryPolicyNotFoundException
-    ]
+      RepositoryPolicyNotFoundException,
+      ScanNotFoundException
+      ]
   end
 end

data/lib/aws_recon/collectors/emr.rb

@@ -46,6 +46,22 @@ class EMR < Mapper
       end
     end
 
+    #
+    # list_security_configurations
+    #
+    @client.list_security_configurations.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.security_configurations.each do |security_configuration|
+        log(response.context.operation_name, security_configuration.name)
+
+        struct = OpenStruct.new(@client.describe_security_configuration({ name: security_configuration.name }).security_configuration.parse_policy)
+        struct.type = 'security_configuration'
+        struct.arn = "arn:aws:emr:#{@region}:#{@account}:security-configuration/#{security_configuration.name}" # no true ARN
+        resources.push(struct.to_h)
+      end
+    end
+
     resources
   end
 

data/lib/aws_recon/collectors/glue.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+#
+# Collect Glue resources
+#
+class Glue < Mapper
+    #
+    # Returns an array of resources.
+    #
+    def collect
+      resources = []
+      # 
+      # get_data_catalog_encryption_settings
+      #
+      @client.get_data_catalog_encryption_settings.each_with_index do | response, page|
+        log(response.context.operation_name, page)
+
+        struct = OpenStruct.new(response.to_h)
+        struct.type = 'catalog_encryption_settings'
+        struct.arn = "arn:aws:glue:#{@region}:#{@account}:data-catalog-encryption-settings" # no true ARN
+        resources.push(struct.to_h)
+      end
+
+      #
+      # get_security_configurations
+      #
+      @client.get_security_configurations.each_with_index do | response, page |
+        log(response.context.operation_name, page)
+
+        response.security_configurations.each do | security_configuration |
+            struct = OpenStruct.new(security_configuration.to_h)
+            struct.type = 'security_configuration'
+            struct.arn = "arn:aws:glue:#{@region}:#{@account}:security-configuration/#{security_configuration.name}" # no true ARN
+            resources.push(struct.to_h)
+        end
+      end
+
+      # 
+      # get_jobs
+      #
+      @client.get_jobs.each_with_index do | response, page |
+        log(response.context.operation_name, page)
+
+        response.jobs.each do | job |
+            struct = OpenStruct.new(job.to_h)
+            struct.type = 'job'
+            struct.arn = "arn:aws:glue:#{@region}:#{@account}:job/#{job.name}" 
+            resources.push(struct.to_h)
+        end
+      end
+
+      # 
+      # get_dev_endpoints
+      #
+      @client.get_dev_endpoints.each_with_index do | response, page |
+        log(response.context.operation_name, page)
+
+        response.dev_endpoints.each do | dev_endpoint |
+            struct = OpenStruct.new(dev_endpoint.to_h)
+            struct.type = 'dev_endpoint'
+            struct.arn = "arn:aws:glue:#{@region}:#{@account}:devEndpoint/#{dev_endpoint.endpoint_name}" 
+            resources.push(struct.to_h)
+        end
+      end
+
+      # 
+      # get_crawlers
+      #
+      @client.get_crawlers.each_with_index do | response, page |
+        log(response.context.operation_name, page)
+
+        response.crawlers.each do | crawler |
+            struct = OpenStruct.new(crawler.to_h)
+            struct.type = 'crawler'
+            struct.arn = "arn:aws:glue:#{@region}:#{@account}:crawler/#{crawler.name}"
+            resources.push(struct.to_h)
+        end
+      end
+
+      # 
+      # get_connections
+      #
+      @client.get_connections.each_with_index do | response, page |
+        log(response.context.operation_name, page)
+
+        response.connection_list.each do | connection |
+            struct = OpenStruct.new(connection.to_h)
+            struct.type = 'connection'
+            struct.arn = "arn:aws:glue:#{@region}:#{@account}:connection/#{connection.name}"
+            resources.push(struct.to_h)
+        end
+      end
+      resources
+    end
+
+end
+  

data/lib/aws_recon/services.yaml

@@ -41,6 +41,8 @@
   alias: elasticache
 - name: EMR
   alias: emr
+- name: Glue
+  alias: glue
 - name: IAM
   global: true
   alias: iam

data/lib/aws_recon/version.rb

@@ -1,3 +1,3 @@
 module AwsRecon
-  VERSION = "0.5.24"
+  VERSION = "0.5.27"
 end

data/readme.md

@@ -368,6 +368,7 @@ AWS Recon aims to collect all resources and metadata that are relevant in determ
 - [x] Firehose
 - [ ] FMS
 - [ ] Glacier
+- [x] Glue
 - [x] IAM
 - [x] KMS
 - [x] Kafka

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_recon
 version: !ruby/object:Gem::Version
-  version: 0.5.24
+  version: 0.5.27
 platform: ruby
 authors:
 - Josh Larsen
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-23 00:00:00.000000000 Z
+date: 2022-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -212,6 +212,7 @@ files:
 - lib/aws_recon/collectors/elasticsearch.rb
 - lib/aws_recon/collectors/emr.rb
 - lib/aws_recon/collectors/firehose.rb
+- lib/aws_recon/collectors/glue.rb
 - lib/aws_recon/collectors/guardduty.rb
 - lib/aws_recon/collectors/iam.rb
 - lib/aws_recon/collectors/kafka.rb