api_gateway --> apigateway

someengineering · Jan 5, 2024 · e589032 · e589032
1 parent 4dfce79
commit e589032
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 40 deletions.
diff --git a/plugins/aws/resoto_plugin_aws/resource/apigateway.py b/plugins/aws/resoto_plugin_aws/resource/apigateway.py
@@ -62,7 +62,7 @@ def service_name(cls) -> str:
 
 @define(eq=False, slots=False)
 class AwsApiGatewayMethodResponse:
-    kind: ClassVar[str] = "aws_api_gateway_method_response"
+    kind: ClassVar[str] = "aws_apigateway_method_response"
     kind_display: ClassVar[str] = "AWS API Gateway Method Response"
     kind_description: ClassVar[str] = (
         "API Gateway Method Response allows users to define the response parameters"
@@ -81,7 +81,7 @@ class AwsApiGatewayMethodResponse:
 
 @define(eq=False, slots=False)
 class AwsApiGatewayIntegrationResponse:
-    kind: ClassVar[str] = "aws_api_gateway_integration_response"
+    kind: ClassVar[str] = "aws_apigateway_integration_response"
     kind_display: ClassVar[str] = "AWS API Gateway Integration Response"
     kind_description: ClassVar[str] = (
         "API Gateway Integration Response is used to define the response structure"
@@ -103,7 +103,7 @@ class AwsApiGatewayIntegrationResponse:
 
 @define(eq=False, slots=False)
 class AwsApiGatewayIntegration:
-    kind: ClassVar[str] = "aws_api_gateway_integration"
+    kind: ClassVar[str] = "aws_apigateway_integration"
     kind_display: ClassVar[str] = "AWS API Gateway Integration"
     kind_description: ClassVar[str] = (
         "API Gateway Integration is a feature provided by AWS API Gateway that allows"
@@ -146,7 +146,7 @@ class AwsApiGatewayIntegration:
 
 @define(eq=False, slots=False)
 class AwsApiGatewayMethod:
-    kind: ClassVar[str] = "aws_api_gateway_method"
+    kind: ClassVar[str] = "aws_apigateway_method"
     kind_display: ClassVar[str] = "AWS API Gateway Method"
     kind_description: ClassVar[str] = (
         "AWS API Gateway Method allows users to define the individual methods that"
@@ -182,13 +182,13 @@ class AwsApiGatewayMethod:
 @define(eq=False, slots=False)
 class AwsApiGatewayResource(AwsResource):
     # collection of resource resources happens in AwsApiGatewayRestApi.collect()
-    kind: ClassVar[str] = "aws_api_gateway_resource"
+    kind: ClassVar[str] = "aws_apigateway_resource"
     kind_display: ClassVar[str] = "AWS API Gateway Resource"
     kind_description: ClassVar[str] = (
         "API Gateway Resource is a logical unit used in API Gateway to represent a"
         " part of an API's resource hierarchy."
     )
-    reference_kinds: ClassVar[ModelReference] = {"successors": {"default": ["aws_api_gateway_authorizer"]}}
+    reference_kinds: ClassVar[ModelReference] = {"successors": {"default": ["aws_apigateway_authorizer"]}}
     mapping: ClassVar[Dict[str, Bender]] = {
         "id": S("id"),
         "resource_parent_id": S("parentId"),
@@ -234,7 +234,7 @@ def service_name(cls) -> str:
 @define(eq=False, slots=False)
 class AwsApiGatewayAuthorizer(AwsResource):
     # collection of authorizer resources happens in AwsApiGatewayRestApi.collect()
-    kind: ClassVar[str] = "aws_api_gateway_authorizer"
+    kind: ClassVar[str] = "aws_apigateway_authorizer"
     kind_display: ClassVar[str] = "AWS API Gateway Authorizer"
     kind_description: ClassVar[str] = (
         "API Gateway Authorizers are mechanisms that help control access to APIs"
@@ -303,7 +303,7 @@ def service_name(cls) -> str:
 
 @define(eq=False, slots=False)
 class AwsApiGatewayCanarySetting:
-    kind: ClassVar[str] = "aws_api_gateway_canary_setting"
+    kind: ClassVar[str] = "aws_apigateway_canary_setting"
     kind_display: ClassVar[str] = "AWS API Gateway Canary Setting"
     kind_description: ClassVar[str] = (
         "API Gateway Canary Setting is a feature in AWS API Gateway that allows you"
@@ -325,7 +325,7 @@ class AwsApiGatewayCanarySetting:
 @define(eq=False, slots=False)
 class AwsApiGatewayStage(ApiGatewayTaggable, AwsResource):
     # collection of stage resources happens in AwsApiGatewayRestApi.collect()
-    kind: ClassVar[str] = "aws_api_gateway_stage"
+    kind: ClassVar[str] = "aws_apigateway_stage"
     kind_display: ClassVar[str] = "AWS API Gateway Stage"
     kind_description: ClassVar[str] = (
         "API Gateway Stages are environment configurations for deploying and managing"
@@ -386,14 +386,14 @@ def called_mutator_apis(cls) -> List[AwsApiSpec]:
 @define(eq=False, slots=False)
 class AwsApiGatewayDeployment(AwsResource):
     # collection of deployment resources happens in AwsApiGatewayRestApi.collect()
-    kind: ClassVar[str] = "aws_api_gateway_deployment"
+    kind: ClassVar[str] = "aws_apigateway_deployment"
     kind_display: ClassVar[str] = "AWS API Gateway Deployment"
     kind_description: ClassVar[str] = (
         "API Gateway Deployments represents a deployment of an API to an API Gateway stage."
         " This allows the API to be invocable by end-users."
     )
-    # edge to aws_api_gateway_stage is established in AwsApiGatewayRestApi.collect()
-    reference_kinds: ClassVar[ModelReference] = {"successors": {"default": ["aws_api_gateway_stage"]}}
+    # edge to aws_apigateway_stage is established in AwsApiGatewayRestApi.collect()
+    reference_kinds: ClassVar[ModelReference] = {"successors": {"default": ["aws_apigateway_stage"]}}
 
     mapping: ClassVar[Dict[str, Bender]] = {
         "id": S("id"),
@@ -428,7 +428,7 @@ def service_name(cls) -> str:
 
 @define(eq=False, slots=False)
 class AwsApiGatewayEndpointConfiguration:
-    kind: ClassVar[str] = "aws_api_gateway_endpoint_configuration"
+    kind: ClassVar[str] = "aws_apigateway_endpoint_configuration"
     kind_display: ClassVar[str] = "AWS API Gateway Endpoint Configuration"
     kind_description: ClassVar[str] = (
         "API Gateway Endpoint Configuration is a configuration that defines the"
@@ -445,7 +445,7 @@ class AwsApiGatewayEndpointConfiguration:
 
 @define(eq=False, slots=False)
 class AwsApiGatewayRestApi(ApiGatewayTaggable, AwsResource):
-    kind: ClassVar[str] = "aws_api_gateway_rest_api"
+    kind: ClassVar[str] = "aws_apigateway_rest_api"
     kind_display: ClassVar[str] = "AWS API Gateway REST API"
     kind_description: ClassVar[str] = (
         "API Gateway is a fully managed service that makes it easy for developers to"
@@ -458,9 +458,9 @@ class AwsApiGatewayRestApi(ApiGatewayTaggable, AwsResource):
         "successors": {
             "default": [
                 "aws_vpc_endpoint",
-                "aws_api_gateway_deployment",
-                "aws_api_gateway_authorizer",
-                "aws_api_gateway_resource",
+                "aws_apigateway_deployment",
+                "aws_apigateway_authorizer",
+                "aws_apigateway_resource",
             ],
             "delete": ["aws_vpc_endpoint"],
         }
@@ -581,7 +581,7 @@ def delete_resource(self, client: AwsClient, graph: Graph) -> bool:
 
 @define(eq=False, slots=False)
 class AwsApiGatewayMutualTlsAuthentication:
-    kind: ClassVar[str] = "aws_api_gateway_mutual_tls_authentication"
+    kind: ClassVar[str] = "aws_apigateway_mutual_tls_authentication"
     kind_display: ClassVar[str] = "AWS API Gateway Mutual TLS Authentication"
     kind_description: ClassVar[str] = (
         "API Gateway Mutual TLS Authentication enables mutual TLS authentication for"
@@ -600,7 +600,7 @@ class AwsApiGatewayMutualTlsAuthentication:
 
 @define(eq=False, slots=False)
 class AwsApiGatewayDomainName(ApiGatewayTaggable, AwsResource):
-    kind: ClassVar[str] = "aws_api_gateway_domain_name"
+    kind: ClassVar[str] = "aws_apigateway_domain_name"
     kind_display: ClassVar[str] = "AWS API Gateway Domain Name"
     kind_description: ClassVar[str] = (
         "API Gateway Domain Name is a custom domain name that you can associate with"

diff --git a/plugins/aws/resoto_plugin_aws/resource/lambda_.py b/plugins/aws/resoto_plugin_aws/resource/lambda_.py
@@ -242,12 +242,12 @@ class AwsLambdaFunction(AwsResource, BaseServerlessFunction):
                 "aws_vpc",
                 "aws_ec2_subnet",
                 "aws_ec2_security_group",
-                "aws_api_gateway_rest_api",
-                "aws_api_gateway_resource",
+                "aws_apigateway_rest_api",
+                "aws_apigateway_resource",
             ],
             "delete": ["aws_vpc", "aws_ec2_subnet", "aws_ec2_security_group", "aws_kms_key"],
         },
-        "successors": {"default": ["aws_kms_key"], "delete": ["aws_api_gateway_rest_api", "aws_api_gateway_resource"]},
+        "successors": {"default": ["aws_kms_key"], "delete": ["aws_apigateway_rest_api", "aws_apigateway_resource"]},
     }
     mapping: ClassVar[Dict[str, Bender]] = {
         "id": S("FunctionName"),

diff --git a/plugins/aws/resoto_plugin_aws/resource/waf.py b/plugins/aws/resoto_plugin_aws/resource/waf.py
@@ -801,7 +801,7 @@ class AwsWafWebACL(AwsResource):
     kind: ClassVar[str] = "aws_waf_web_acl"
     api_spec: ClassVar[AwsApiSpec] = AwsApiSpec("wafv2", "get-web-acl", "WebACL")
     reference_kinds: ClassVar[ModelReference] = {
-        "successors": {"default": ["aws_alb", "aws_api_gateway_rest_api", "aws_cognito_user_pool"]}
+        "successors": {"default": ["aws_alb", "aws_apigateway_rest_api", "aws_cognito_user_pool"]}
     }
     mapping: ClassVar[Dict[str, Bender]] = {
         "id": S("Id"),

diff --git a/plugins/aws/test/resources/apigateway_test.py b/plugins/aws/test/resources/apigateway_test.py
@@ -15,10 +15,10 @@ def test_rest_apis() -> None:
     type_count: Dict[str, int] = defaultdict(int)
     for node in builder.graph.nodes:
         type_count[node.kind] += 1
-    assert type_count["aws_api_gateway_deployment"] == 2
-    assert type_count["aws_api_gateway_stage"] == 1
-    assert type_count["aws_api_gateway_authorizer"] == 1
-    assert type_count["aws_api_gateway_resource"] == 1
+    assert type_count["aws_apigateway_deployment"] == 2
+    assert type_count["aws_apigateway_stage"] == 1
+    assert type_count["aws_apigateway_authorizer"] == 1
+    assert type_count["aws_apigateway_resource"] == 1
 
 
 def test_api_tagging() -> None:

diff --git a/resotocore/resotocore/static/report/checks/aws/aws_acm.json b/resotocore/resotocore/static/report/checks/aws/aws_acm.json
@@ -5,11 +5,8 @@
         {
             "name": "certificate_transparency_logging_enabled",
             "title": "Ensure that ACM certificate transparency is enabled to enhance the security of your website by providing visibility into the issuance and lifecycle of SSL/TLS certificates, helping to detect unauthorized certificates.",
-            "result_kinds": [ ],
-            "categories": [
-                "security",
-                "compliance"
-            ],
+            "result_kinds": [ "aws_acm_certificate" ],
+            "categories": [ "security", "compliance"],
             "risk": "without ACM certificate transparency enabled, there's an increased risk of not being aware of potentially malicious or unauthorized SSL/TLS certificates, posing a threat to the security of your website or infrastructure",
             "severity": "medium",
             "detect": {

diff --git a/resotocore/resotocore/static/report/checks/aws/aws_apigateway.json b/resotocore/resotocore/static/report/checks/aws/aws_apigateway.json
@@ -5,13 +5,13 @@
         {
             "name": "authorizers_enabled",
             "title": "Check if API Gateway has configured authorizers.",
-            "result_kinds": ["aws_api_gateway_rest_api"],
+            "result_kinds": ["aws_apigateway_rest_api"],
             "categories": ["security", "compliance"],
             "risk": "If no authorizer is defined, anyone can use the service.",
             "severity": "medium",
             "url": "https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html",
             "detect": {
-                "resoto": "is(aws_api_gateway_rest_api) with(empty, --> is(aws_api_gateway_authorizer))"
+                "resoto": "is(aws_apigateway_rest_api) with(empty, --> is(aws_apigateway_authorizer))"
             },
             "remediation": {
                 "text": "Add a Cognito pool or attach a Lambda function to control access to your API.",
@@ -23,13 +23,13 @@
         {
             "name": "client_certificate_enabled",
             "title": "Check if API Gateway has client certificate enabled to access your backend endpoint.",
-            "result_kinds": ["aws_api_gateway_stage"],
+            "result_kinds": ["aws_apigateway_stage"],
             "categories": ["security", "compliance"],
             "risk": "Man in the middle attacks are possible and other similar risks.",
             "severity": "medium",
             "url": "https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-mutual-tls.html",
             "detect": {
-                "resoto": "is(aws_api_gateway_stage) and stage_client_certificate_id==null <-[2]- is(aws_api_gateway_rest_api)"
+                "resoto": "is(aws_apigateway_stage) and stage_client_certificate_id==null <-[2]- is(aws_apigateway_rest_api)"
             },
             "remediation": {
                 "text": "Enable client certificate. Mutual TLS is recommended and commonly used for business-to-business (B2B) applications. It iss used in standards such as Open Banking. API Gateway now provides integrated mutual TLS authentication at no additional cost.",
@@ -39,12 +39,12 @@
         {
             "name": "logging_enabled",
             "title": "Check if API Gateway has logging enabled.",
-            "result_kinds": ["aws_api_gateway_stage"],
+            "result_kinds": ["aws_apigateway_stage"],
             "categories": ["compliance"],
             "risk": "If not enabled, monitoring of service use is not possible. Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms.",
             "severity": "medium",
             "detect": {
-                "resoto": "is(aws_api_gateway_stage) and stage_method_settings!={}"
+                "resoto": "is(aws_apigateway_stage) and stage_method_settings!={}"
             },
             "remediation": {
                 "text": "Monitoring is an important part of maintaining the reliability, availability and performance of API Gateway and your AWS solutions. You should collect monitoring data from all of the parts of your AWS solution. CloudTrail provides a record of actions taken by a user, role, or an AWS service in API Gateway. Using the information collected by CloudTrail, you can determine the request that was made to API Gateway, the IP address from which the request was made, who made the request, etc.",
@@ -54,12 +54,12 @@
         {
             "name": "waf_acl_attached",
             "title": "Check if API Gateway has a WAF ACL attached.",
-            "result_kinds": ["aws_api_gateway_stage"],
+            "result_kinds": ["aws_apigateway_stage"],
             "categories": ["security"],
             "risk": "Potential attacks and / or abuse of service for internet reachable services.",
             "severity": "medium",
             "detect": {
-                "resoto": "is(aws_api_gateway_stage) and stage_web_acl_arn==null"
+                "resoto": "is(aws_apigateway_stage) and stage_web_acl_arn==null"
             },
             "remediation": {
                 "text": "Use AWS WAF to protect your API Gateway API from common web exploits, such as SQL injection and cross-site scripting (XSS) attacks. These could affect API availability and performance, compromise security or consume excessive resources.",