UNPKG

@csermet/multiprovider

Version:

cloud-graph provider plugin for AWS used to fetch AWS cloud data.

www.cloudgraph.dev

cloudgraphdev/cloudgraph-provider-aws

146 lines (145 loc) 5.57 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.listIamPolicies = void 0; const sdk_1 = __importDefault(require("@cloudgraph/sdk")); const groupBy_1 = __importDefault(require("lodash/groupBy")); const isEmpty_1 = __importDefault(require("lodash/isEmpty")); const unionBy_1 = __importDefault(require("lodash/unionBy")); const iam_1 = __importDefault(require("aws-sdk/clients/iam")); const logger_1 = __importDefault(require("../../properties/logger")); const utils_1 = require("../../utils"); const errorLog_1 = __importDefault(require("../../utils/errorLog")); const regions_1 = require("../../enums/regions"); const format_1 = require("../../utils/format"); const constants_1 = require("../../config/constants"); const messageInterval_1 = __importDefault(require("../../utils/messageInterval")); const MAX_ITEMS = 1000; const lt = { ...logger_1.default }; const { logger } = sdk_1.default; const serviceName = 'IAM Policy'; const errorLog = new errorLog_1.default(serviceName); const endpoint = utils_1.initTestEndpoint(serviceName); const customRetrySettings = utils_1.setAwsRetryOptions({ maxRetries: constants_1.MAX_FAILED_AWS_REQUEST_RETRIES, baseDelay: constants_1.IAM_CUSTOM_DELAY, }); const tagsByPolicyArn = async (iam, { Arn }) => new Promise(resolve => { iam.listPolicyTags({ PolicyArn: Arn }, (err, data) => { if (err) { errorLog.generateAwsErrorLog({ functionName: 'iam:listPolicyTags', err, }); } if (!isEmpty_1.default(data)) { const { Tags: tags = [] } = data; resolve({ Arn, Tags: format_1.convertAwsTagsToTagMap(tags), }); } resolve(null); }); }); const policyVersionByPolicyArn = async (iam, { Arn, DefaultVersionId }) => new Promise(resolve => { iam.getPolicyVersion({ PolicyArn: Arn, VersionId: DefaultVersionId }, (err, data) => { if (err) { errorLog.generateAwsErrorLog({ functionName: 'iam:getPolicyVersion', err, }); } if (!isEmpty_1.default(data)) { const { PolicyVersion = { Document: '' } } = data; resolve({ Arn, Content: decodeURIComponent(PolicyVersion.Document), }); } resolve(null); }); }); const listIamPolicies = async ({ iam, marker, intervalMessage, scope, }) => new Promise(resolve => { const result = []; const tagsByArnPromises = []; const policyDetailByArnePromises = []; iam.listPolicies({ Marker: marker, MaxItems: MAX_ITEMS, OnlyAttached: scope === 'All', Scope: scope, }, async (err, data) => { if (err) { errorLog.generateAwsErrorLog({ functionName: 'iam:listPolicies', err, }); } if (!isEmpty_1.default(data)) { const { Policies: policies = [], IsTruncated, Marker } = data; policies.map(policy => { tagsByArnPromises.push(tagsByPolicyArn(iam, policy)); policyDetailByArnePromises.push(policyVersionByPolicyArn(iam, policy)); }); const tags = await Promise.all(tagsByArnPromises); const policiesDetails = await Promise.all(policyDetailByArnePromises); result.push(...policies.map(({ Arn, Tags, ...policy }) => { return { Arn, ...policy, region: regions_1.globalRegionName, Document: policiesDetails.find(p => p?.Arn === Arn)?.Content || '', Tags: tags.find(p => p?.Arn === Arn)?.Tags || {}, }; })); intervalMessage.updateFetchedCounter(result.length); if (IsTruncated) { result.push(...(await exports.listIamPolicies({ iam, marker: Marker, intervalMessage, scope, }))); } resolve(result); } resolve([]); }); }); exports.listIamPolicies = listIamPolicies; /** * IAM Policy */ exports.default = async ({ config, }) => new Promise(async (resolve) => { let policiesData = []; const intervalMessage = new messageInterval_1.default('IAM Policies'); const client = new iam_1.default({ ...config, region: regions_1.globalRegionName, endpoint, ...customRetrySettings, }); logger.debug(lt.lookingForIamPolicies); logger.warn('Please be patient, IAM policies can take a long time to fetch if you have a large account'); intervalMessage.start(); // Fetch IAM Policies (scope: All, Attached: true) const allAttachedPolicies = await exports.listIamPolicies({ iam: client, intervalMessage, scope: 'All', }); // Fetch IAM Policies (scope: Local, Attached: false) const localPolicies = await exports.listIamPolicies({ iam: client, intervalMessage, scope: 'Local', }); intervalMessage.stop(); policiesData = unionBy_1.default(allAttachedPolicies, localPolicies, 'Arn'); errorLog.reset(); logger.debug(lt.foundPolicies(policiesData.length)); resolve(groupBy_1.default(policiesData, 'region')); });