def _process_access

def _process_access_policy()

in cartography/intel/aws/elasticsearch.py [0:0]

8 lines of code
4 McCabe index (conditional complexity)


def _process_access_policy(session, domain_id, domain_data):
    """
    Link the ES domain to its DNS FQDN endpoint and create associated nodes in the graph
    if needed

    :param session: Neo4j session object
    :param domain_id: ES domain id
    :param domain_data: domain data
    """
    tag_es = "MATCH (es:ESDomain{id: {DomainId}}) SET es.exposed_internet = {InternetExposed}"

    exposed_internet = False

    if domain_data.get("Endpoint") and domain_data.get("AccessPolicies"):
        policy = Policy(json.loads(domain_data['AccessPolicies']))
        if policy.is_internet_accessible():
            exposed_internet = True

    session.run(tag_es, DomainId=domain_id, InternetExposed=exposed_internet)