[feat][aws][azure] Add missing relationships between base and cloud r…

…esources (#2125)

fixlib/fixlib/baseresources.py

@@ -1220,12 +1220,12 @@ class BaseNetworkInterface(BaseResource):
     metadata: ClassVar[Dict[str, Any]] = {"icon": "network_interface", "group": "networking"}
     _categories: ClassVar[List[Category]] = [Category.networking]
     network_interface_status: str = ""
-    network_interface_type: str = ""
+    network_interface_type: Optional[str] = None
     mac: str = ""
     private_ips: List[str] = field(factory=list)
     public_ips: List[str] = field(factory=list)
-    v6_ips: List[str] = field(factory=list)
-    description: str = ""
+    v6_ips: Optional[List[str]] = None
+    description: Optional[str] = None
 
 
 @define(eq=False, slots=False)
@@ -1348,7 +1348,7 @@ class BaseHealthCheck(BaseResource):
     healthy_threshold: Optional[int] = None
     unhealthy_threshold: Optional[int] = None
     timeout: Optional[int] = None
-    health_check_type: str = ""
+    health_check_type: Optional[str] = None
 
 
 @define(eq=False, slots=False)

plugins/aws/fix_plugin_aws/resource/acm.py

@@ -7,6 +7,7 @@
 
 from fix_plugin_aws.resource.base import AwsResource, AwsApiSpec, GraphBuilder
 from fix_plugin_aws.utils import ToDict
+from fixlib.baseresources import BaseCertificate
 from fixlib.json_bender import Bender, S, ForallBend, Bend, F
 
 log = logging.getLogger("fix.plugins.aws")
@@ -66,7 +67,7 @@ class AwsAcmExtendedKeyUsage:
 
 
 @define(eq=False, slots=False)
-class AwsAcmCertificate(AwsResource):
+class AwsAcmCertificate(AwsResource, BaseCertificate):
     kind: ClassVar[str] = "aws_acm_certificate"
     kind_display: ClassVar[str] = "AWS ACM Certificate"
     aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/acm/home?region={region}#/certificates/{id}", "arn_tpl": "arn:{partition}:acm:{region}:{account}:certificate/{id}"}  # fmt: skip
@@ -102,6 +103,8 @@ class AwsAcmCertificate(AwsResource):
         "certificate_authority_arn": S("CertificateAuthorityArn"),
         "renewal_eligibility": S("RenewalEligibility"),
         "certificate_transparency_logging": S("Options", "CertificateTransparencyLoggingPreference"),
+        "expires": S("NotAfter"),
+        "dns_names": S("SubjectAlternativeNames", default=[]),
     }
     subject_alternative_names: Optional[List[str]] = field(factory=list, metadata={"description": "One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate. The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website."})  # fmt: skip
     domain_validation_options: Optional[List[AwsAcmDomainValidation]] = field(factory=list, metadata={"description": "Contains information about the initial validation of each domain name that occurs as a result of the RequestCertificate request. This field exists only when the certificate type is AMAZON_ISSUED."})  # fmt: skip

plugins/aws/fix_plugin_aws/resource/cloudfront.py

@@ -12,7 +12,7 @@
 from fix_plugin_aws.resource.s3 import AwsS3Bucket
 from fix_plugin_aws.resource.waf import AwsWafWebACL
 from fix_plugin_aws.utils import ToDict
-from fixlib.baseresources import ModelReference
+from fixlib.baseresources import BaseServerlessFunction, ModelReference
 from fixlib.graph import Graph
 from fixlib.json_bender import S, Bend, Bender, ForallBend, bend
 from fixlib.types import Json
@@ -758,7 +758,7 @@ class AwsCloudFrontFunctionConfig:
 
 
 @define(eq=False, slots=False)
-class AwsCloudFrontFunction(CloudFrontTaggable, CloudFrontResource, AwsResource):
+class AwsCloudFrontFunction(CloudFrontTaggable, BaseServerlessFunction, CloudFrontResource, AwsResource):
     kind: ClassVar[str] = "aws_cloudfront_function"
     kind_display: ClassVar[str] = "AWS CloudFront Function"
     aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/cloudfront/v3/home?region={region}#/functions/{name}", "arn_tpl": "arn:{partition}:cloudfront:{region}:{account}:function/{name}"}  # fmt: skip

plugins/aws/fix_plugin_aws/resource/ec2.py

@@ -24,6 +24,8 @@
 from fix_plugin_aws.utils import ToDict, TagsValue
 from fixlib.baseresources import (
     BaseInstance,
+    BaseKeyPair,
+    BaseNetworkAcl,
     EdgeType,
     BaseVolume,
     BaseInstanceType,
@@ -798,7 +800,7 @@ def called_mutator_apis(cls) -> List[AwsApiSpec]:
 
 
 @define(eq=False, slots=False)
-class AwsEc2KeyPair(EC2Taggable, AwsResource):
+class AwsEc2KeyPair(EC2Taggable, AwsResource, BaseKeyPair):
     kind: ClassVar[str] = "aws_ec2_keypair"
     kind_display: ClassVar[str] = "AWS EC2 Keypair"
     aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/ec2/home?region={region}#KeyPairs:search={name}", "arn_tpl": "arn:{partition}:ec2:{region}:{account}:keypair/{name}"}  # fmt: skip
@@ -818,6 +820,7 @@ class AwsEc2KeyPair(EC2Taggable, AwsResource):
         "key_type": S("KeyType"),
         "public_key": S("PublicKey"),
         "ctime": S("CreateTime"),
+        "fingerprint": S("KeyFingerprint"),
     }
     key_fingerprint: Optional[str] = field(default=None)
     key_type: Optional[str] = field(default=None)
@@ -1699,7 +1702,7 @@ class AwsEc2NetworkAclEntry:
 
 
 @define(eq=False, slots=False)
-class AwsEc2NetworkAcl(EC2Taggable, AwsResource):
+class AwsEc2NetworkAcl(EC2Taggable, AwsResource, BaseNetworkAcl):
     kind: ClassVar[str] = "aws_ec2_network_acl"
     kind_display: ClassVar[str] = "AWS EC2 Network ACL"
     aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/vpc/home?region={region}#NetworkAclDetails:networkAclId={NetworkAclId}", "arn_tpl": "arn:{partition}:ec2:{region}:{account}:network-acl/{id}"}  # fmt: skip

plugins/aws/fix_plugin_aws/resource/iam.py

@@ -13,6 +13,7 @@
     BasePolicy,
     BaseGroup,
     BaseAccessKey,
+    BaseRole,
     BaseUser,
     BaseInstanceProfile,
     EdgeType,
@@ -103,7 +104,7 @@ class AwsIamRoleLastUsed:
 
 
 @define(eq=False, slots=False)
-class AwsIamRole(AwsResource):
+class AwsIamRole(AwsResource, BaseRole):
     # Note: this resource is collected via AwsIamUser.collect.
     kind: ClassVar[str] = "aws_iam_role"
     aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/iam/home?region={region}#/roles/details/{RoleName}", "arn_tpl": "arn:{partition}:iam:{region}:{account}:role/{name}"}  # fmt: skip

plugins/aws/fix_plugin_aws/resource/waf.py

@@ -8,7 +8,7 @@
 
 from fix_plugin_aws.resource.base import AwsApiSpec, AwsResource, GraphBuilder, parse_json
 from fix_plugin_aws.utils import ToDict
-from fixlib.baseresources import ModelReference
+from fixlib.baseresources import BaseFirewall, ModelReference
 from fixlib.json_bender import Bender, S, Bend, ForallBend, ParseJson, MapDict
 from fixlib.types import Json
 
@@ -797,7 +797,7 @@ class AwsWafLoggingConfiguration:
 
 
 @define(eq=False, slots=False)
-class AwsWafWebACL(AwsResource):
+class AwsWafWebACL(AwsResource, BaseFirewall):
     kind: ClassVar[str] = "aws_waf_web_acl"
     kind_display: ClassVar[str] = "AWS WAF Web ACL"
     kind_description: ClassVar[str] = "An AWS WAF Web ACL (Web Access Control List) is used for monitoring HTTP and HTTPS requests directed to AWS resources, allowing you to control access by permitting or blocking specific requests based on defined criteria."  # fmt: skip

plugins/aws/test/resources/acm_test.py

@@ -3,4 +3,4 @@
 
 
 def test_certificates() -> None:
-    round_trip_for(AwsAcmCertificate)
+    round_trip_for(AwsAcmCertificate, "sha1_fingerprint")

plugins/aws/test/resources/elb_test.py

@@ -7,12 +7,12 @@
 
 
 def test_elbs() -> None:
-    first, graph = round_trip_for(AwsElb, "public_ip_address")
+    first, graph = round_trip_for(AwsElb, "public_ip_address", "health_check_type")
     assert len(first.tags) == 2
 
 
 def test_elb_deletion() -> None:
-    elb, _ = round_trip_for(AwsElb, "public_ip_address")
+    elb, _ = round_trip_for(AwsElb, "public_ip_address", "health_check_type")
 
     def validate_delete_args(**kwargs: Any) -> None:
         assert kwargs["action"] == "delete-load-balancer"
@@ -23,7 +23,7 @@ def validate_delete_args(**kwargs: Any) -> None:
 
 
 def test_tagging() -> None:
-    elb, _ = round_trip_for(AwsElb, "public_ip_address")
+    elb, _ = round_trip_for(AwsElb, "public_ip_address", "health_check_type")
 
     def validate_update_args(**kwargs: Any) -> None:
         assert kwargs["action"] == "add-tags"

plugins/aws/test/resources/elbv2_test.py

@@ -24,7 +24,7 @@ def validate_delete_args(**kwargs: Any) -> None:
 
 
 def test_alb_target_group_deletion() -> None:
-    alb, _ = round_trip_for(AwsAlbTargetGroup)
+    alb, _ = round_trip_for(AwsAlbTargetGroup, "health_check_type")
 
     def validate_delete_args(**kwargs: Any) -> None:
         assert kwargs["action"] == "delete-target-group"
@@ -35,7 +35,7 @@ def validate_delete_args(**kwargs: Any) -> None:
 
 
 def test_alb_target_groups() -> None:
-    first, graph = round_trip_for(AwsAlbTargetGroup)
+    first, graph = round_trip_for(AwsAlbTargetGroup, "health_check_type")
     assert len(first.tags) == 4
 
 

plugins/azure/fix_plugin_azure/resource/base.py

@@ -12,7 +12,7 @@
 from fix_plugin_azure.azure_client import AzureApiSpec, AzureClient
 from fix_plugin_azure.config import AzureConfig, AzureCredentials
 from fixlib.utils import utc
-from fixlib.baseresources import BaseResource, Cloud, EdgeType, BaseAccount, BaseRegion, ModelReference
+from fixlib.baseresources import BaseGroup, BaseResource, Cloud, EdgeType, BaseAccount, BaseRegion, ModelReference
 from fixlib.core.actions import CoreFeedback
 from fixlib.graph import Graph, EdgeKey
 from fixlib.json_bender import Bender, bend, S, ForallBend, Bend
@@ -296,7 +296,7 @@ class AzureLocation(AzureResource, BaseRegion):
 
 
 @define(eq=False, slots=False)
-class AzureResourceGroup(AzureResource):
+class AzureResourceGroup(AzureResource, BaseGroup):
     kind: ClassVar[str] = "azure_resource_group"
     api_spec: ClassVar[AzureApiSpec] = AzureApiSpec(
         service="resources",

plugins/azure/fix_plugin_azure/resource/compute.py

@@ -28,6 +28,7 @@
 from fixlib.types import Json
 from fixlib.baseresources import (
     BaseInstance,
+    BaseKeyPair,
     BaseVolume,
     BaseInstanceType,
     BaseSnapshot,
@@ -2190,7 +2191,7 @@ def connect_in_graph(self, builder: GraphBuilder, source: Json) -> None:
 
 
 @define(eq=False, slots=False)
-class AzureSshPublicKeyResource(AzureResource):
+class AzureSshPublicKeyResource(AzureResource, BaseKeyPair):
     kind: ClassVar[str] = "azure_ssh_public_key_resource"
     api_spec: ClassVar[AzureApiSpec] = AzureApiSpec(
         service="compute",

plugins/azure/fix_plugin_azure/resource/containerservice.py

@@ -14,7 +14,7 @@
     AzurePrincipalClient,
     AzureManagedServiceIdentity,
 )
-from fixlib.baseresources import EdgeType, ModelReference
+from fixlib.baseresources import BaseManagedKubernetesClusterProvider, BaseSnapshot, EdgeType, ModelReference
 from fixlib.json_bender import Bender, S, Bend, ForallBend
 from fixlib.types import Json
 
@@ -126,7 +126,8 @@ def collect_fleets() -> None:
                 expect_array=True,
             )
             items: List[Json] = graph_builder.client.list(api_spec)
-
+            if not items:
+                return
             item: Json = next(iter(items), {})
 
             try:
@@ -772,7 +773,7 @@ class AzureServiceMeshProfile:
 
 
 @define(eq=False, slots=False)
-class AzureManagedCluster(AzureResource):
+class AzureManagedCluster(AzureResource, BaseManagedKubernetesClusterProvider):
     kind: ClassVar[str] = "azure_managed_cluster"
     api_spec: ClassVar[AzureApiSpec] = AzureApiSpec(
         service="containerservice",
@@ -842,6 +843,8 @@ class AzureManagedCluster(AzureResource):
         "windows_profile": S("properties", "windowsProfile") >> Bend(AzureManagedClusterWindowsProfile.mapping),
         "workload_auto_scaler_profile": S("properties", "workloadAutoScalerProfile")
         >> Bend(AzureManagedClusterWorkloadAutoScalerProfile.mapping),
+        "version": S("properties", "currentKubernetesVersion"),
+        "endpoint": S("properties", "fqdn"),
     }
     aad_profile: Optional[AzureManagedClusterAADProfile] = field(default=None, metadata={'description': 'For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad).'})  # fmt: skip
     addon_profiles: Optional[Dict[str, AzureManagedClusterAddonProfile]] = field(default=None, metadata={'description': 'The profile of managed cluster add-on.'})  # fmt: skip
@@ -956,7 +959,7 @@ class AzureOSOptionProperty:
 
 
 @define(eq=False, slots=False)
-class AzureManagedClusterSnapshot(AzureResource):
+class AzureManagedClusterSnapshot(AzureResource, BaseSnapshot):
     kind: ClassVar[str] = "azure_managed_cluster_snapshot"
     api_spec: ClassVar[AzureApiSpec] = AzureApiSpec(
         service="containerservice",
@@ -983,6 +986,9 @@ class AzureManagedClusterSnapshot(AzureResource):
         "os_type": S("properties", "osType"),
         "snapshot_type": S("properties", "snapshotType"),
         "vm_size": S("properties", "vmSize"),
+        "owner_alias": S("systemData", "createdBy"),
+        "encrypted": S("properties", "enableFIPS"),
+        "location": S("location"),
     }
     creation_data_source_id: Optional[str] = field(default=None, metadata={'description': 'Data used when creating a target resource from a source resource.'})  # fmt: skip
     enable_fips: Optional[bool] = field(default=None, metadata={"description": "Whether to use a FIPS-enabled OS."})
@@ -992,8 +998,17 @@ class AzureManagedClusterSnapshot(AzureResource):
     os_type: Optional[str] = field(default=None, metadata={'description': 'The operating system type. The default is Linux.'})  # fmt: skip
     snapshot_type: Optional[str] = field(default=None, metadata={'description': 'The type of a snapshot. The default is NodePool.'})  # fmt: skip
     vm_size: Optional[str] = field(default=None, metadata={"description": "The size of the VM."})
+    location: Optional[str] = field(default=None, metadata={"description": "Resource location."})
 
     def connect_in_graph(self, builder: GraphBuilder, source: Json) -> None:
+        from fix_plugin_azure.resource.compute import AzureVirtualMachineSize
+
+        if (snapshot_vm_size := self.vm_size) and (location := self.location):
+            vm_sizes = builder.nodes(clazz=AzureVirtualMachineSize, name=snapshot_vm_size, location=location)
+            for vm_size in vm_sizes:
+                if size := vm_size.os_disk_size_in_mb:
+                    self.volume_size = size // 1024
+
         if agent_pool_id := self.creation_data_source_id:
             cluster_id = "/".join((agent_pool_id.split("/")[:-2]))
             builder.add_edge(self, edge_type=EdgeType.default, reverse=True, clazz=AzureManagedCluster, id=cluster_id)