EC2 Instance sync => new data model (#1146)

Refactors EC2 instance sync to use the cartography data model. Adds previously missing tests. This is not a breaking change as the ID conventions are still the same as before (e.g. using EC2Instance instanceid for id instead of arn), even if they are inconsistent with other modules. A follow-up PR will standardize IDs using ARNs.
lyft · Mar 31, 2023 · 915c254 · 915c254
1 parent 266ee2a
commit 915c254
Show file tree

Hide file tree

Showing 15 changed files with 1,066 additions and 576 deletions.
diff --git a/cartography/data/indexes.cypher b/cartography/data/indexes.cypher
@@ -97,27 +97,11 @@ CREATE INDEX IF NOT EXISTS FOR (n:DynamoDBTable) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:DynamoDBTable) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:EBSSnapshot) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:EBSSnapshot) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:EBSVolume) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:EBSVolume) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2Instance) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2Instance) ON (n.instanceid);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2Instance) ON (n.publicdnsname);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2Instance) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2KeyPair) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:EC2KeyPair) ON (n.keyfingerprint);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2KeyPair) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:EC2PrivateIp) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:EC2PrivateIp) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2Reservation) ON (n.reservationid);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2Reservation) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:EC2ReservedInstance) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:EC2ReservedInstance) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2SecurityGroup) ON (n.groupid);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2SecurityGroup) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2SecurityGroup) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2Subnet) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2Subnet) ON (n.subnetid);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2Subnet) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:ECRImage) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ECRImage) ON (n.digest);
 CREATE INDEX IF NOT EXISTS FOR (n:ECRImage) ON (n.lastupdated);
@@ -241,8 +225,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancer) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancerV2) ON (n.dnsname);
 CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancerV2) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancerV2) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:NetworkInterface) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:NetworkInterface) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:NameServer) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:NameServer) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:OktaOrganization) ON (n.id);

diff --git a/cartography/data/jobs/cleanup/aws_import_ec2_instances_cleanup.json b/cartography/data/jobs/cleanup/aws_import_ec2_instances_cleanup.json
diff --git a/cartography/graph/cleanupbuilder.py b/cartography/graph/cleanupbuilder.py
@@ -1,9 +1,11 @@
 from dataclasses import asdict
 from string import Template
+from typing import Dict
 from typing import List
 
 from cartography.graph.querybuilder import _build_match_clause
 from cartography.graph.querybuilder import rel_present_on_node_schema
+from cartography.models.core.common import PropertyRef
 from cartography.models.core.nodes import CartographyNodeSchema
 from cartography.models.core.relationships import CartographyRelSchema
 from cartography.models.core.relationships import LinkDirection
@@ -150,11 +152,12 @@ def _validate_target_node_matcher_for_cleanup_job(tgm: TargetNodeMatcher):
     class injects the sub resource id via a query kwarg parameter. See GraphJob and GraphStatement classes.
     This is a private function meant only to be called when we clean up the sub resource relationship.
     """
-    tgm_asdict = asdict(tgm)
+    tgm_asdict: Dict[str, PropertyRef] = asdict(tgm)
 
     for key, prop_ref in tgm_asdict.items():
         if not prop_ref.set_in_kwargs:
             raise ValueError(
                 f"TargetNodeMatcher PropertyRefs in the sub_resource_relationship must have set_in_kwargs=True. "
-                f"{key} has set_in_kwargs=False, please check.",
+                f"{key} has set_in_kwargs=False, please check by reviewing the full stack trace to know which object"
+                f"this message was raised from. Debug information: PropertyRef name = {prop_ref.name}.",
             )