aws_recon 0.5.25 → 0.5.28

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws_recon/collectors/ecr.rb +22 -2
  3. data/lib/aws_recon/collectors/glue.rb +116 -0
  4. data/lib/aws_recon/services.yaml +2 -0
  5. data/lib/aws_recon/version.rb +1 -1
  6. data/readme.md +1 -0
  7. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 26c0212e326609dc91f25d039e7d527447c9f4a7883918a4175a7f906d580993
4
- data.tar.gz: dcbb90f2240d483a9f96b6d786f44d4e82daae007b3ba81ef3de8f7c98d1ef13
3
+ metadata.gz: c8229a3057964333c58233cb39472a5fb27adadc6098660464018cd16645b5c9
4
+ data.tar.gz: 222eff40d76d1eeb68a6638a59ef369d53b8ef2994a43b0b765803096933b645
5
5
  SHA512:
6
- metadata.gz: ae1f07d98a57c38d110b30bfda20f3d6ecc85a06d48f5d996b76a8720acb1dd795fb6cc0dadbf5320ee6623fd2a2ec0cea16cd67139d4008d1b58c4787f382f3
7
- data.tar.gz: 2b844d1118bb8a4880e86ec466e068589fea42c8ea27a4496d32f05db83c1455e5f367e29764ac175353f34df5603a23e46295f64e2ec84259e9ab2b9e889ccc
6
+ metadata.gz: 7f2248fcc733f9f42ae109f5cb96ab0c6e82562182b9e3dbc4404dca72599e224a38c8be7a9fa967d846957427dd6e9edd5387441afcecc2c4de8f55ad001244
7
+ data.tar.gz: 62f854284d474f8376ac15cae45bae67bd111ed064bdd4fae1c0e6d5ee4a942d905aebee4ac3f12c297c9a5635fe56c58f774f69fa70896974ac211be23a6efb
data/lib/aws_recon/collectors/ecr.rb CHANGED
@@ -23,6 +23,25 @@ class ECR < Mapper
23
23
  struct.policy = @client
24
24
  .get_repository_policy({ repository_name: repo.repository_name }).policy_text.parse_policy
25
25
 
26
+ struct.images = []
27
+ #
28
+ # describe images
29
+ #
30
+ @client.list_images( {repository_name: repo.repository_name}).image_ids.each_with_index do | image, page |
31
+ log(response.context.operation_name, 'list_images', page)
32
+ image_hash = image.to_h
33
+ #
34
+ # describe image scan results
35
+ #
36
+ result = @client.describe_image_scan_findings({ repository_name: repo.repository_name, image_id: { image_digest: image.image_digest, image_tag: image.image_tag } })
37
+ image_hash["image_scan_status"] = result.image_scan_status.to_h
38
+ image_hash["image_scan_findings"] = result.image_scan_findings.to_h
39
+
40
+ rescue Aws::ECR::Errors::ScanNotFoundException => e
41
+ # No scan result for this image. No action needed
42
+ ensure
43
+ struct.images << image_hash
44
+ end
26
45
  rescue Aws::ECR::Errors::ServiceError => e
27
46
  log_error(e.code)
28
47
 
@@ -40,7 +59,8 @@ class ECR < Mapper
40
59
  # not an error
41
60
  def suppressed_errors
42
61
  %w[
43
- RepositoryPolicyNotFoundException
44
- ]
62
+ RepositoryPolicyNotFoundException,
63
+ ScanNotFoundException
64
+ ]
45
65
  end
46
66
  end
data/lib/aws_recon/collectors/glue.rb ADDED
@@ -0,0 +1,116 @@
1
+ # frozen_string_literal: true
2
+
3
+ #
4
+ # Collect Glue resources
5
+ #
6
+ class Glue < Mapper
7
+ #
8
+ # Returns an array of resources.
9
+ #
10
+ def collect
11
+ resources = []
12
+ #
13
+ # get_data_catalog_encryption_settings
14
+ #
15
+ @client.get_data_catalog_encryption_settings.each_with_index do |response, page|
16
+ log(response.context.operation_name, page)
17
+
18
+ struct = OpenStruct.new(response.to_h)
19
+ struct.type = 'catalog_encryption_settings'
20
+ struct.arn = "arn:aws:glue:#{@region}:#{@account}:data-catalog-encryption-settings" # no true ARN
21
+ resources.push(struct.to_h)
22
+ end
23
+
24
+ #
25
+ # get_security_configurations
26
+ #
27
+ @client.get_security_configurations.each_with_index do |response, page|
28
+ log(response.context.operation_name, page)
29
+
30
+ response.security_configurations.each do |security_configuration|
31
+ struct = OpenStruct.new(security_configuration.to_h)
32
+ struct.type = 'security_configuration'
33
+ struct.arn = "arn:aws:glue:#{@region}:#{@account}:security-configuration/#{security_configuration.name}" # no true ARN
34
+ resources.push(struct.to_h)
35
+ end
36
+ end
37
+
38
+ #
39
+ # get_databases
40
+ #
41
+ @client.get_databases.each_with_index do |response, page|
42
+ log(response.context.operation_name, page)
43
+
44
+ response.database_list.each do |database|
45
+ struct = OpenStruct.new(database.to_h)
46
+ struct.type = 'database'
47
+ struct.arn = "arn:aws:glue:#{@region}:#{@account}:database/#{database.name}"
48
+
49
+ #
50
+ # get_tables
51
+ #
52
+ tables = @client.get_tables({ database_name: database.name })
53
+ struct.tables = tables.to_h
54
+
55
+ resources.push(struct.to_h)
56
+ end
57
+ end
58
+
59
+ #
60
+ # get_jobs
61
+ #
62
+ @client.get_jobs.each_with_index do |response, page|
63
+ log(response.context.operation_name, page)
64
+
65
+ response.jobs.each do |job|
66
+ struct = OpenStruct.new(job.to_h)
67
+ struct.type = 'job'
68
+ struct.arn = "arn:aws:glue:#{@region}:#{@account}:job/#{job.name}"
69
+ resources.push(struct.to_h)
70
+ end
71
+ end
72
+
73
+ #
74
+ # get_dev_endpoints
75
+ #
76
+ @client.get_dev_endpoints.each_with_index do |response, page|
77
+ log(response.context.operation_name, page)
78
+
79
+ response.dev_endpoints.each do |dev_endpoint|
80
+ struct = OpenStruct.new(dev_endpoint.to_h)
81
+ struct.type = 'dev_endpoint'
82
+ struct.arn = "arn:aws:glue:#{@region}:#{@account}:devEndpoint/#{dev_endpoint.endpoint_name}"
83
+ resources.push(struct.to_h)
84
+ end
85
+ end
86
+
87
+ #
88
+ # get_crawlers
89
+ #
90
+ @client.get_crawlers.each_with_index do |response, page|
91
+ log(response.context.operation_name, page)
92
+
93
+ response.crawlers.each do |crawler|
94
+ struct = OpenStruct.new(crawler.to_h)
95
+ struct.type = 'crawler'
96
+ struct.arn = "arn:aws:glue:#{@region}:#{@account}:crawler/#{crawler.name}"
97
+ resources.push(struct.to_h)
98
+ end
99
+ end
100
+
101
+ #
102
+ # get_connections
103
+ #
104
+ @client.get_connections.each_with_index do |response, page|
105
+ log(response.context.operation_name, page)
106
+
107
+ response.connection_list.each do |connection|
108
+ struct = OpenStruct.new(connection.to_h)
109
+ struct.type = 'connection'
110
+ struct.arn = "arn:aws:glue:#{@region}:#{@account}:connection/#{connection.name}"
111
+ resources.push(struct.to_h)
112
+ end
113
+ end
114
+ resources
115
+ end
116
+ end
data/lib/aws_recon/services.yaml CHANGED
@@ -41,6 +41,8 @@
41
41
  alias: elasticache
42
42
  - name: EMR
43
43
  alias: emr
44
+ - name: Glue
45
+ alias: glue
44
46
  - name: IAM
45
47
  global: true
46
48
  alias: iam
data/lib/aws_recon/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AwsRecon
2
- VERSION = "0.5.25"
2
+ VERSION = "0.5.28"
3
3
  end
data/readme.md CHANGED
@@ -368,6 +368,7 @@ AWS Recon aims to collect all resources and metadata that are relevant in determ
368
368
  - [x] Firehose
369
369
  - [ ] FMS
370
370
  - [ ] Glacier
371
+ - [x] Glue
371
372
  - [x] IAM
372
373
  - [x] KMS
373
374
  - [x] Kafka
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_recon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.25
4
+ version: 0.5.28
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Larsen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2022-03-02 00:00:00.000000000 Z
12
+ date: 2022-03-31 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk
@@ -212,6 +212,7 @@ files:
212
212
  - lib/aws_recon/collectors/elasticsearch.rb
213
213
  - lib/aws_recon/collectors/emr.rb
214
214
  - lib/aws_recon/collectors/firehose.rb
215
+ - lib/aws_recon/collectors/glue.rb
215
216
  - lib/aws_recon/collectors/guardduty.rb
216
217
  - lib/aws_recon/collectors/iam.rb
217
218
  - lib/aws_recon/collectors/kafka.rb