@cloud-copilot/iam-collect/dist/cjs/syncs/ecr/ecrSyncs.js

Collect IAM information from AWS Accounts

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.EcrSyncs = void 0;
const client_ecr_1 = require("@aws-sdk/client-ecr");
const client_tools_js_1 = require("../../utils/client-tools.js");
const json_js_1 = require("../../utils/json.js");
const typedSync_js_1 = require("../typedSync.js");
exports.EcrSyncs = [
    (0, typedSync_js_1.createTypedSyncOperation)('ecr', 'repositories', (0, typedSync_js_1.createResourceSyncType)({
        client: client_ecr_1.ECRClient,
        command: client_ecr_1.DescribeRepositoriesCommand,
        key: 'repositories',
        paginationConfig: {
            inputKey: 'nextToken',
            outputKey: 'nextToken'
        },
        arn: (repository, region, account, partition) => repositoryArn(repository, region, account, partition),
        tags: (repository) => repository.extraFields.tags,
        resourceTypeParts: (account, region) => ({
            account,
            service: 'ecr',
            region,
            resourceType: 'repository'
        }),
        extraFields: {
            tags: async (client, repository, account, region, partition) => {
                const result = await client.send(new client_ecr_1.ListTagsForResourceCommand({
                    resourceArn: repositoryArn(repository, region, account, partition)
                }));
                return result.tags;
            },
            policy: async (client, repository, account, region, partition) => {
                const policy = await (0, client_tools_js_1.runAndCatchError)('RepositoryPolicyNotFoundException', async () => {
                    const result = await client.send(new client_ecr_1.GetRepositoryPolicyCommand({
                        repositoryName: repository.repositoryName
                    }));
                    return (0, json_js_1.parseIfPresent)(result.policyText);
                });
                return policy;
            }
        },
        results: (repository) => ({
            metadata: {
                repositoryName: repository.repositoryName,
                key: repository.encryptionConfiguration?.kmsKey
            },
            policy: repository.extraFields.policy
        })
    })),
    {
        awsService: 'ecr',
        name: 'registry',
        execute: async (accountId, region, credentials, storage, endpoint, syncOptions) => {
            const client = syncOptions.clientPool.client(client_ecr_1.ECRClient, credentials, region, endpoint);
            const policyText = await (0, client_tools_js_1.runAndCatchError)('RegistryPolicyNotFoundException', async () => {
                const result = await client.send(new client_ecr_1.GetRegistryPolicyCommand({}));
                return result.policyText;
            });
            const policy = policyText ? JSON.parse(policyText) : undefined;
            await storage.saveAccountMetadata(accountId, `ecr-registry-policy.${region}`, policy);
        }
    }
];
/**
 * Make an ECR Repository ARN
 *
 * @param repository the ECR Repository object
 * @param region the AWS region
 * @param account the AWS account ID
 * @param partition the AWS partition (e.g., 'aws', 'aws-cn', 'aws-us-gov')
 * @returns the ARN of the ECR Repository
 */
function repositoryArn(repository, region, account, partition) {
    return `arn:${partition}:ecr:${region}:${account}:repository/${repository.repositoryName}`;
}
//# sourceMappingURL=ecrSyncs.js.map