Merge pull request #382 from 0xdabbad00/redshift_and_es_support

0xdabbad00 · web-flow · commit 9fc8e272b1ee · 2019-05-03T16:53:40.000-06:00
Redshift and es support
diff --git a/cloudmapper.py b/cloudmapper.py
@@ -31,7 +31,7 @@
 import importlib
 import commands
 
-__version__ = "2.5.4"
+__version__ = "2.5.5"
 
 
 def show_help(commands):
diff --git a/commands/prepare.py b/commands/prepare.py
@@ -32,7 +32,7 @@
 from netaddr import IPNetwork, IPAddress
 from shared.common import get_account, get_regions, is_external_cidr
 from shared.query import query_aws, get_parameter_file
-from shared.nodes import Account, Region, Vpc, Az, Subnet, Ec2, Elb, Elbv2, Rds, VpcEndpoint, Ecs, Lambda, Cidr, Connection
+from shared.nodes import Account, Region, Vpc, Az, Subnet, Ec2, Elb, Elbv2, Rds, VpcEndpoint, Ecs, Lambda, Redshift, ElasticSearch, Cidr, Connection
 
 __description__ = "Generate network connection information file"
 
@@ -117,6 +117,22 @@ def get_lambda_functions(region):
     return pyjq.all('.Functions[]|select(.VpcConfig!=null)', functions)
 
 
+def get_redshift(region):
+    clusters = query_aws(region.account, "redshift-describe-clusters", region.region)
+    return pyjq.all('.Clusters[]', clusters)
+
+
+def get_elasticsearch(region):
+    es_domains = []
+    domain_json = query_aws(region.account, "es-list-domain-names", region.region)
+    domains = pyjq.all('.DomainNames[]', domain_json)
+    for domain in domains:
+        es = get_parameter_file(region, 'es', 'describe-elasticsearch-domain', domain['DomainName'])['DomainStatus']
+        if 'VPCOptions' in es:
+            es_domains.append(es)
+    return es_domains
+
+
 def get_sgs(vpc):
     sgs = query_aws(vpc.account, "ec2-describe-security-groups", vpc.region)
     return pyjq.all('.SecurityGroups[] | select(.VpcId == "{}")'.format(vpc.local_id), sgs)
@@ -351,6 +367,16 @@ def build_data_structure(account_data, config, outputfilter):
             node = Lambda(region, lambda_json)
             nodes[node.arn] = node
 
+        # Redshift clusters
+        for node_json in get_redshift(region):
+            node = Redshift(region, node_json)
+            nodes[node.arn] = node
+
+        # ElasticSearch clusters
+        for node_json in get_elasticsearch(region):
+            node = ElasticSearch(region, node_json)
+            nodes[node.arn] = node
+
         # Filter out nodes based on tags
         if len(outputfilter.get("tags", [])) > 0:
             for node_id in list(nodes):
@@ -374,7 +400,7 @@ def build_data_structure(account_data, config, outputfilter):
                 # If there were no matches, remove the node
                 if not has_match:
                     del nodes[node_id]
-        
+
         # Add the nodes to their respective subnets
         for node_arn in list(nodes):
             node = nodes[node_arn]
diff --git a/shared/nodes.py b/shared/nodes.py
@@ -653,6 +653,90 @@ def __init__(self, parent, json_blob):
         super(Lambda, self).__init__(parent, json_blob)
 
 
+class Redshift(Leaf):
+    @property
+    def ips(self):
+        ips = []
+        for cluster_node in self._json_blob['ClusterNodes']:
+            ips.append(cluster_node['PrivateIPAddress'])
+            ips.append(cluster_node['PublicIPAddress'])
+        return ips
+
+    @property
+    def can_egress(self):
+        return False
+
+    @property
+    def subnets(self):
+        return []
+
+    @property
+    def tags(self):
+        return pyjq.all('.Tags[]', self._json_blob)
+
+    @property
+    def is_public(self):
+        for ip in self.ips:
+            if is_public_ip(ip):
+                return True
+        return False
+
+    @property
+    def security_groups(self):
+        return pyjq.all('.VpcSecurityGroups[].VpcSecurityGroupId', self._json_blob)
+
+    def __init__(self, parent, json_blob):
+        self._type = "redshift"
+
+        # Set the parent to a VPC
+        # Redshift has no subnet
+        assert(parent._type == "region")
+        for vpc in parent.children:
+            if vpc.local_id == json_blob['VpcId']:
+                self._parent = vpc
+
+        self._local_id = json_blob['ClusterIdentifier']
+        self._arn = json_blob['Endpoint']['Address']
+        self._name = truncate(json_blob['ClusterIdentifier'])
+        super(Redshift, self).__init__(self._parent, json_blob)
+
+
+class ElasticSearch(Leaf):
+    @property
+    def ips(self):
+        return []
+
+    @property
+    def can_egress(self):
+        return False
+
+    @property
+    def subnets(self):
+        return pyjq.all('.VPCOptions.SubnetIds[]', self._json_blob)
+
+    @property
+    def tags(self):
+        # TODO Custom collection is required for the tags because list-domains returns a domain name,
+        # but getting the tags requires calling `es list-tags --arn ARN` and you get the ARN from
+        # the  `es-describe-elasticsearch-domain` files
+        return []
+
+    @property
+    def is_public(self):
+        return False
+
+    @property
+    def security_groups(self):
+        return pyjq.all('.VPCOptions.SecurityGroupIds[]', self._json_blob)
+
+    def __init__(self, parent, json_blob):
+        self._type = "elasticsearch"
+
+        self._local_id = json_blob['ARN']
+        self._arn = json_blob['ARN']
+        self._name = truncate(json_blob['DomainName'])
+        super(ElasticSearch, self).__init__(parent, json_blob)
+
 class Cidr(Leaf):
     def ips(self):
         return [self._local_id]
diff --git a/shared/public.py b/shared/public.py
@@ -122,6 +122,9 @@ def get_public_nodes(account, config, use_cache=False):
             for ip in target_node['node_data']['ips']:
                 if is_public_ip(ip):
                     target['hostname'] = ip
+        elif target_node['type'] == 'redshift':
+            target['type'] = 'redshift'
+            target['hostname'] = target_node['node_data'].get('Endpoint', {}).get('Address', '')
         else:
             # Unknown node
             raise Exception('Unknown type: {}'.format(target_node['type']))
diff --git a/web/icons/aws/elasticsearch.svg b/web/icons/aws/elasticsearch.svg
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   id="Product_Icon"
+   data-name="Product Icon"
+   viewBox="0 0 75 75"
+   version="1.1"
+   sodipodi:docname="Amazon-Elasticsearch-Service_light-bg.svg"
+   width="75"
+   height="75"
+   inkscape:version="0.92.2 5c3e80d, 2017-08-06">
+  <metadata
+     id="metadata25">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title>Amazon-Elasticsearch-Service</dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <defs
+     id="defs23" />
+  <sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="640"
+     inkscape:window-height="480"
+     id="namedview21"
+     showgrid="false"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     fit-margin-bottom="0"
+     inkscape:zoom="3.1466667"
+     inkscape:cx="37.5"
+     inkscape:cy="37.5"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="0"
+     inkscape:current-layer="Product_Icon" />
+  <title
+     id="title2">Amazon-Elasticsearch-Service</title>
+  <rect
+     id="Purple_Light_BG"
+     data-name="Purple Light BG"
+     width="75"
+     height="75"
+     style="fill:#693cc5"
+     x="0"
+     y="0" />
+  <g
+     id="Product_Icon-2"
+     data-name="Product Icon">
+    <path
+       d="m 22.5,27.25 h -9 a 1,1 0 0 0 -1,1 v 32 a 1,1 0 0 0 1,1 h 9 a 1,1 0 0 0 1,-1 v -32 a 1,1 0 0 0 -1,-1 z m -1,32 h -7 v -30 h 7 z"
+       style="fill:#ffffff"
+       id="path5"
+       inkscape:connector-curvature="0" />
+    <path
+       d="m 36.5,54.67 v 5.58 a 1,1 0 0 1 -1,1 h -9 a 1,1 0 0 1 -1,-1 V 43 a 14.74,14.74 0 0 0 2,5.24 v 11 h 7 V 54 a 13.55,13.55 0 0 0 2,0.67 z"
+       style="fill:#ffffff"
+       id="path7"
+       inkscape:connector-curvature="0" />
+    <path
+       d="m 36.5,22.25 v 3.54 a 13.55,13.55 0 0 0 -2,0.71 v -3.25 h -7 v 9 a 14.74,14.74 0 0 0 -2,5.24 V 22.25 a 1,1 0 0 1 1,-1 h 9 a 1,1 0 0 1 1,1 z"
+       style="fill:#ffffff"
+       id="path9"
+       inkscape:connector-curvature="0" />
+    <path
+       d="m 47.5,55.47 v 3.78 h -7 v -4 0 a 14.71,14.71 0 0 1 -2,-0.13 v 5.13 a 1,1 0 0 0 1,1 h 9 a 1,1 0 0 0 1,-1 v -2.78 z m 1,-42.22 h -9 a 1,1 0 0 0 -1,1 v 11.13 a 14.42,14.42 0 0 1 2,-0.13 v 0 -10 h 7 V 27 a 14.44,14.44 0 0 1 2,1.28 v -14 a 1,1 0 0 0 -1,-1.03 z"
+       style="fill:#ffffff"
+       id="path11"
+       inkscape:connector-curvature="0" />
+    <path
+       d="m 61.5,18.25 h -9 a 1,1 0 0 0 -1,1 v 10.84 a 14.58,14.58 0 0 1 2,2.74 V 20.25 h 7 V 51 l 2,2 V 19.25 a 1,1 0 0 0 -1,-1 z"
+       style="fill:#ffffff"
+       id="path13"
+       inkscape:connector-curvature="0" />
+    <path
+       d="m 61.29,54.65 -9,-9 a 13,13 0 1 0 -5.74,6.07 l 8.85,8.84 a 4.1613249,4.1613249 0 0 0 5.89,-5.88 z M 29.5,40.23 a 11,11 0 1 1 11,11 11,11 0 0 1 -11,-11 z m 30.37,18.89 a 2.17,2.17 0 0 1 -3.06,0 L 48.29,50.6 a 13.21,13.21 0 0 0 3,-3.17 l 8.6,8.64 a 2.16,2.16 0 0 1 -0.02,3.05 z"
+       style="fill:#ffffff"
+       id="path15"
+       inkscape:connector-curvature="0" />
+    <path
+       d="m 36.07,45 a 6.46,6.46 0 1 1 7.69,-10.38 l -1.19,1.61 a 4.4610817,4.4610817 0 1 0 -5.31,7.17 z"
+       style="fill:#ffffff"
+       id="path17"
+       inkscape:connector-curvature="0" />
+  </g>
+</svg>
diff --git a/web/style.json b/web/style.json
@@ -265,6 +265,15 @@
         "background-clip": "none"
         }
     },
+    {
+        "selector": "[type = \"elasticsearch\"]",
+        "css": {
+        "background-opacity": 0,
+        "background-image": "./icons/aws/elasticsearch.svg",
+        "background-fit": "contain",
+        "background-clip": "none"
+        }
+    },
     {
         "selector": "[type = \"kinesis\"]",
         "css": {
