@cloud-copilot/iam-collect
Version:
Collect IAM information from AWS Accounts
45 lines • 1.67 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecretSync = void 0;
const client_secrets_manager_1 = require("@aws-sdk/client-secrets-manager");
const client_tools_js_1 = require("../../utils/client-tools.js");
const typedSync_js_1 = require("../typedSync.js");
/**
* Sync AWS Secrets Manager secrets and their resource policies.
*/
exports.SecretSync = (0, typedSync_js_1.createTypedSyncOperation)('secretsmanager', 'secrets', (0, typedSync_js_1.createResourceSyncType)({
client: client_secrets_manager_1.SecretsManagerClient,
command: client_secrets_manager_1.ListSecretsCommand,
key: 'SecretList',
paginationConfig: {
inputKey: 'NextToken',
outputKey: 'NextToken'
},
resourceTypeParts: (accountId, region) => ({
service: 'secretsmanager',
resourceType: 'secret',
account: accountId,
region: region
}),
extraFields: {
policy: async (client, secret) => {
return (0, client_tools_js_1.runAndCatch404)(async () => {
const response = await client.send(new client_secrets_manager_1.GetResourcePolicyCommand({ SecretId: secret.ARN }));
if (response.ResourcePolicy) {
return JSON.parse(response.ResourcePolicy);
}
return undefined;
});
}
},
tags: (secret) => secret.Tags,
arn: (secret) => secret.ARN,
results: (secret) => ({
metadata: {
name: secret.Name,
kmsKey: secret.KmsKeyId
},
policy: secret.extraFields.policy
})
}));
//# sourceMappingURL=secrets.js.map