@cloud-copilot/iam-collect/dist/cjs/awsConfigClients/clients/AwsConfigOpenSearchClient.js

Collect IAM information from AWS Accounts

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AwsConfigOpenSearchClient = void 0;
const client_opensearch_1 = require("@aws-sdk/client-opensearch");
const AbstractClient_js_1 = require("../../customClients/AbstractClient.js");
const AwsConfigClientContext_js_1 = require("../AwsConfigClientContext.js");
const awsConfigUtils_js_1 = require("../awsConfigUtils.js");
/**
 * AWS Config-based OpenSearch client implementation
 */
class AwsConfigOpenSearchClient extends AbstractClient_js_1.AbstractClient {
    static clientName = client_opensearch_1.OpenSearchClient.name;
    constructor(options, customContext) {
        super(options, customContext);
    }
    /**
     * Register all OpenSearch command implementations
     */
    registerCommands() {
        this.registerCommand(AwsConfigDescribeDomainCommand);
        this.registerCommand(AwsConfigListDomainNamesCommand);
        this.registerCommand(AwsConfigListTagsCommand);
    }
}
exports.AwsConfigOpenSearchClient = AwsConfigOpenSearchClient;
/**
 * Config-based implementation of OpenSearch ListDomainNamesCommand
 * Returns all domain names from AWS Config
 */
const AwsConfigListDomainNamesCommand = (0, AwsConfigClientContext_js_1.awsConfigCommand)({
    command: client_opensearch_1.ListDomainNamesCommand,
    execute: async (input, context) => {
        const query = `
      SELECT
        arn,
        resourceId,
        resourceName,
        configuration.AccessPolicies,
        configuration.Id,
        configuration.DomainName,
        configuration.EncryptionAtRestOptions,
        tags
      WHERE
        resourceType = 'AWS::OpenSearch::Domain'
        AND awsRegion = '${context.region}'
        AND accountId = '${context.accountId}'
        AND ${awsConfigUtils_js_1.resourceStatusWhereClause}
    `;
        const results = await (0, awsConfigUtils_js_1.executeConfigQuery)(query, context);
        const domains = results
            .map((result) => {
            const { configItem, configuration, tags } = (0, awsConfigUtils_js_1.parseConfigItem)(result);
            // Cache data that will be needed by other commands
            // Use domain name as cache key since that's what DescribeDomainCommand uses
            if (configuration?.DomainName) {
                context.putCache(configuration.DomainName, 'configuration', configuration);
                context.putCache(configuration.DomainName, 'configItem', configItem);
                // Also cache by ARN for ListTagsCommand
                context.putCache(configItem.arn, 'tags', tags);
            }
            return {
                DomainName: configuration?.DomainName
            };
        })
            .filter((domain) => domain.DomainName);
        return {
            DomainNames: domains
        };
    }
});
/**
 * Config-based implementation of OpenSearch DescribeDomainCommand
 * Returns domain info including access policies from AWS Config
 */
const AwsConfigDescribeDomainCommand = (0, AwsConfigClientContext_js_1.awsConfigCommand)({
    command: client_opensearch_1.DescribeDomainCommand,
    execute: async (input, context) => {
        if (!input.DomainName) {
            throw new Error('DomainName is required');
        }
        const configuration = context.getCache(input.DomainName, 'configuration');
        const configItem = context.getCache(input.DomainName, 'configItem');
        // Parse the access policies from the configuration JSON string
        let accessPolicies = undefined;
        if (configuration?.AccessPolicies) {
            accessPolicies = JSON.stringify(configuration.AccessPolicies);
        }
        return {
            DomainStatus: {
                DomainId: configuration?.Id || configItem.resourceId,
                DomainName: configuration?.DomainName,
                ARN: configItem.arn,
                AccessPolicies: accessPolicies,
                EncryptionAtRestOptions: {
                    Enabled: configuration?.EncryptionAtRestOptions?.Enabled || false,
                    KmsKeyId: configuration?.EncryptionAtRestOptions?.KmsKeyId
                }
            }
        };
    }
});
/**
 * Config-based implementation of OpenSearch ListTagsCommand
 * Returns domain tags from AWS Config
 */
const AwsConfigListTagsCommand = (0, AwsConfigClientContext_js_1.awsConfigCommand)({
    command: client_opensearch_1.ListTagsCommand,
    execute: async (input, context) => {
        if (!input.ARN) {
            throw new Error('ARN is required');
        }
        const tags = context.getCache(input.ARN, 'tags');
        // Convert Config tags format to OpenSearch tags format
        const tagList = tags
            ? Object.entries(tags).map(([key, value]) => ({
                Key: key,
                Value: value
            }))
            : [];
        return {
            TagList: tagList
        };
    }
});
//# sourceMappingURL=AwsConfigOpenSearchClient.js.map