Definitions Update assets_query

alertlogic · Sep 19, 2020 · 4482acc · 4482acc
1 parent e7e3ade
commit 4482acc
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 36 deletions.
diff --git a/alsdkdefs/apis/assets_query/examples.yaml b/alsdkdefs/apis/assets_query/examples.yaml
@@ -3238,79 +3238,102 @@ TopologyPreviewExample:
   value:
     topology:
       assets:
-      - - deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
-      - - deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
-        - region/aws/us-east-1
-      - - deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
-        - region/aws/us-west-2
-      - - deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
-        - region/aws/us-east-1
-        - "/aws/us-east-1/vpc/vpc-1"
-      - - deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
-        - region/aws/us-east-1
-        - "/aws/us-east-1/vpc/vpc-1"
-        - subnet:/aws/us-east-1/subnet/subnet-1a-web
-      - - deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
-        - region/aws/us-east-1
-        - "/aws/us-east-1/vpc/vpc-1"
-        - subnet:/aws/us-east-1/subnet/subnet-1a-web
-        - host:/aws/us-east-1/host/alertlogic-ids-1
-      - - deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
-        - region/aws/us-east-1
-        - "/aws/us-east-1/vpc/vpc-1"
-        - host:/aws/us-east-1/host/alertlogic-ids-1
-      - - deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
-        - region/aws/us-east-1
-        - "/aws/us-east-1/image/ami-1"
-      - - deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
-        - region/aws/us-east-1
-        - "/aws/us-west-2/image/ami-2"
+      - - 814C2911-09BB-1005-9916-7831C1BAC182:deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
+        - 814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-west-2
+      - - 814C2911-09BB-1005-9916-7831C1BAC182:deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
+        - 814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/eu-west-1
+      - - 814C2911-09BB-1005-9916-7831C1BAC182:deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
+        - 814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:vpc:/aws/us-east-1/vpc/vpc-1
+      - - 814C2911-09BB-1005-9916-7831C1BAC182:deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
+        - 814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/eu-west-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:vpc:/aws/eu-west-1/vpc/vpc-1
+      - - 814C2911-09BB-1005-9916-7831C1BAC182:deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
+        - 814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:vpc:/aws/us-east-1/vpc/vpc-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:subnet:/aws/us-east-1/subnet/subnet-1a-web
+      - - 814C2911-09BB-1005-9916-7831C1BAC182:deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
+        - 814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:vpc:/aws/us-east-1/vpc/vpc-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:subnet:/aws/us-east-1/subnet/subnet-1a-web
+        - 814C2911-09BB-1005-9916-7831C1BAC182:host:/aws/us-east-1/host/web-1a-1
+      - - 814C2911-09BB-1005-9916-7831C1BAC182:deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
+        - 814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:vpc:/aws/us-east-1/vpc/vpc-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:host:/aws/us-east-1/host/web-1a-1
+      - - 814C2911-09BB-1005-9916-7831C1BAC182:deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
+        - 814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:/aws/us-east-1/image/ami-1
+      - - 814C2911-09BB-1005-9916-7831C1BAC182:deployment:/al/19000001/aws/814C2911-09BB-1005-9916-7831C1BAC182
+        - 814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1
+        - 814C2911-09BB-1005-9916-7831C1BAC182:/aws/us-west-2/image/ami-2
       data:
-        host:/aws/us-east-1/host/alertlogic-ids-1:
+        814C2911-09BB-1005-9916-7831C1BAC182:host:/aws/us-east-1/host/web-1a-1:
           alertlogic_agent: false
           alertlogic_appliance: true
           created_on: 1427317669928
+          group_membership: IN
           key: "/aws/us-east-1/host/web-1a-1"
           state: running
           threat_level: 2
           threatiness: 2
           type: host
-        image:/aws/us-east-1/image/ami-1:
+        814C2911-09BB-1005-9916-7831C1BAC182:image:/aws/us-east-1/image/ami-1:
           created_on: 1427317669792
+          group_membership: IN
           key: "/aws/us-east-1/image/ami-1"
           threat_level: 3
           threatiness: 14
           type: image
-        image:/aws/us-west-2/image/ami-2:
+        814C2911-09BB-1005-9916-7831C1BAC182:image:/aws/us-west-2/image/ami-2:
           created_on: 1427317669792
+          group_membership: IN
           key: "/aws/us-west-2/image/ami-2"
           threat_level: 3
           threatiness: 14
           type: image
-        region/aws/us-east-1:
+        814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1:
           created_on: 1427317669194
+          group_membership: IN
           key: "/aws/us-east-1"
           threat_level: 3
           threatiness: 22
           type: region
-        region/aws/us-west-2:
+        814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-west-2:
           created_on: 1589381951438
+          group_membership: NOT_IN
           key: "/aws/us-west-2"
           threat_level: 0
           threatiness: 0
           type: region
-        subnet:/aws/us-east-1/subnet/subnet-1a-web:
+        814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/eu-west-1:
+          created_on: 1589381951438
+          group_membership: EXCLUDED
+          key: "/aws/eu-west-1"
+          threat_level: 0
+          threatiness: 0
+          type: region
+        814C2911-09BB-1005-9916-7831C1BAC182:subnet:/aws/us-east-1/subnet/subnet-1a-web:
           created_on: 1427317669627
+          group_membership: IN
           key: "/aws/us-east-1/subnet/subnet-1a-web"
           threat_level: 2
           threatiness: 8
           type: subnet
-        vpc:/aws/us-east-1/vpc/vpc-1:
+        814C2911-09BB-1005-9916-7831C1BAC182:vpc:/aws/us-east-1/vpc/vpc-1:
           created_on: 1427317669270
+          group_membership: IN
           key: "/aws/us-east-1/vpc/vpc-1"
           threat_level: 3
           threatiness: 22
           type: vpc
+        814C2911-09BB-1005-9916-7831C1BAC182:vpc:/aws/eu-west-1/vpc/vpc-2:
+          created_on: 1427317669270
+          group_membership: EXCLUDED
+          key: "/aws/eu-west-1/vpc/vpc-2"
+          threat_level: 3
+          threatiness: 22
+          type: vpc
       rows: 9
 DisposeSingleRemediationExample:
   value:

diff --git a/alsdkdefs/apis/assets_query/schemas.yaml b/alsdkdefs/apis/assets_query/schemas.yaml
@@ -449,14 +449,29 @@ TopologyPreviewResponse:
           description: |-
             An array of arrays of asset references. Each element in the array is an array of asset
             references (that can be resolved by looking up the reference in the `topology.data`
-            object) that describe topological relationship sequences.
+            object) that describe topological relationship sequences. Note that all groupable assets
+            are returned in the rows, but the `topology.data` object must be consulted for each asset to determine
+            its inclusion or exclusion from the group. Intermediate topology assets do not have their own row in
+            the result (a VPC with subnets would not have an entry, but a VPC without subnets would have an entry).
         data:
           type: object
           description: |-
             An object containing all of the asset details for asset references in the
             `topology.assets`. The object keys are asset
             references produced by colon-joining deployment ID, asset type and asset key, e.g.,
-            `814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1`.
+            `814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1`. All assets are decorated with a
+            `group_membership` property that must be consulted to determine membership in the group. Possible values are described below:
+
+            `IN` - The asset is included in the group by scope definition.
+
+            `CONTAINS` - The asset does not meet the full criteria for inclusion in the group, but contains at least one successor asset in the group.
+
+            `CAN_CONTAIN` - The asset does not meet the full criteria for inclusion in the group. The scope definition does allow this asset to
+            potentially include future successors in the group.
+
+            `EXCLUDED` - The asset is excluded from the group by scope definition.
+
+            `NOT_IN` - The asset does not meet all criteria for inclusion in the group by scope definition, but is not explicitly excluded.
         rows:
           type: integer
           description: The count of rows in the `topology.assets` array.