Skip to content

Commit bf402f4

Browse files
bbernaysbbernays
authored
fix: Redact Code Location and Fall back to other APIs to fully resolve aws_lambda_functions (#14381)
 #### Summary Redact Code Location and Fall back to other APIs to fully resolve `aws_lambda_functions`
1 parent 84ec046 commit bf402f4

1 file changed

Lines changed: 95 additions & 3 deletions

File tree

plugins/source/aws/resources/services/lambda/functions.go

Lines changed: 95 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55
"encoding/json"
66

77
"github.com/apache/arrow/go/v14/arrow"
8+
"github.com/aws/aws-sdk-go-v2/aws"
89
"github.com/aws/aws-sdk-go-v2/service/lambda"
910
"github.com/aws/aws-sdk-go-v2/service/lambda/types"
1011
"github.com/cloudquery/cloudquery/plugins/source/aws/client"
@@ -62,6 +63,24 @@ func Functions() *schema.Table {
6263
Type: arrow.BinaryTypes.String,
6364
Resolver: resolveRuntimeManagementConfig,
6465
},
66+
{
67+
Name: "code",
68+
Type: sdkTypes.ExtensionTypes.JSON,
69+
},
70+
{
71+
Name: "concurrency",
72+
Type: sdkTypes.ExtensionTypes.JSON,
73+
Resolver: resolveConcurrency,
74+
},
75+
{
76+
Name: "configuration",
77+
Type: sdkTypes.ExtensionTypes.JSON,
78+
},
79+
{
80+
Name: "tags",
81+
Type: sdkTypes.ExtensionTypes.JSON,
82+
Resolver: resolveTags,
83+
},
6584
},
6685

6786
Relations: []*schema.Table{
@@ -94,7 +113,6 @@ func getFunction(ctx context.Context, meta schema.ClientMeta, resource *schema.R
94113
cl := meta.(*client.Client)
95114
svc := cl.Services(client.AWSServiceLambda).Lambda
96115
f := resource.Item.(types.FunctionConfiguration)
97-
98116
funcResponse, err := svc.GetFunction(ctx, &lambda.GetFunctionInput{
99117
FunctionName: f.FunctionName,
100118
}, func(options *lambda.Options) {
@@ -116,10 +134,12 @@ func getFunction(ctx context.Context, meta schema.ClientMeta, resource *schema.R
116134
cl.Logger().Warn().Err(err).Msg("configuration data retrieved from ListFunctions will still be persisted")
117135
return nil
118136
}
119-
120137
return err
121138
}
122-
139+
if funcResponse.Code != nil {
140+
cl.Logger().Warn().Msg("location of lambda function redacted for security purposes")
141+
funcResponse.Code.Location = aws.String("REDACTED_FOR_SECURITY_PURPOSES")
142+
}
123143
resource.Item = funcResponse
124144
return nil
125145
}
@@ -231,3 +251,75 @@ func resolveRuntimeManagementConfig(ctx context.Context, meta schema.ClientMeta,
231251

232252
return resource.Set("update_runtime_on", runtimeManagementConfig.UpdateRuntimeOn)
233253
}
254+
255+
func resolveConcurrency(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, col schema.Column) error {
256+
r := resource.Item.(*lambda.GetFunctionOutput)
257+
// No way of getting functionName
258+
if r.Configuration == nil {
259+
return nil
260+
}
261+
262+
// setting concurrency value from GetFunction call
263+
if r.Code != nil {
264+
return resource.Set(col.Name, r.Concurrency)
265+
}
266+
cl := meta.(*client.Client)
267+
svc := cl.Services(client.AWSServiceLambda).Lambda
268+
269+
functionConcurrency, err := svc.GetFunctionConcurrency(ctx, &lambda.GetFunctionConcurrencyInput{
270+
FunctionName: r.Configuration.FunctionName,
271+
}, func(options *lambda.Options) {
272+
options.Region = cl.Region
273+
})
274+
275+
if err != nil {
276+
if cl.IsNotFoundError(err) {
277+
return nil
278+
}
279+
return err
280+
}
281+
282+
// convert from lambda.GetFunctionConcurrencyOutput to types.Concurrency
283+
284+
data, err := json.Marshal(functionConcurrency)
285+
if err != nil {
286+
return err
287+
}
288+
var funcConcurrency types.Concurrency
289+
err = json.Unmarshal(data, &funcConcurrency)
290+
if err != nil {
291+
return err
292+
}
293+
294+
return resource.Set(col.Name, functionConcurrency)
295+
}
296+
297+
func resolveTags(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, col schema.Column) error {
298+
r := resource.Item.(*lambda.GetFunctionOutput)
299+
// No way of getting functionName
300+
if r.Configuration == nil {
301+
return nil
302+
}
303+
304+
// setting tags value from GetFunction call
305+
if r.Code != nil {
306+
return resource.Set(col.Name, r.Concurrency)
307+
}
308+
309+
cl := meta.(*client.Client)
310+
svc := cl.Services(client.AWSServiceLambda).Lambda
311+
312+
funcTags, err := svc.ListTags(ctx, &lambda.ListTagsInput{
313+
Resource: r.Configuration.FunctionArn,
314+
}, func(options *lambda.Options) {
315+
options.Region = cl.Region
316+
})
317+
318+
if err != nil {
319+
if cl.IsNotFoundError(err) {
320+
return nil
321+
}
322+
return err
323+
}
324+
return resource.Set(col.Name, funcTags.Tags)
325+
}

0 commit comments

Comments
 (0)