@csermet/multiprovider/dist/services/iamRole/connections.js

cloud-graph provider plugin for AWS used to fetch AWS cloud data.

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const flatMap_1 = __importDefault(require("lodash/flatMap"));
const isEmpty_1 = __importDefault(require("lodash/isEmpty"));
const services_1 = __importDefault(require("../../enums/services"));
const generateArns_1 = require("../../utils/generateArns");
/**
 * IAM Role
 */
exports.default = ({ account, service: role, data, region, }) => {
    const connections = [];
    const { Arn: id, ManagedPolicies: managedPolicies, PermissionsBoundaryArn, } = role;
    const policies = flatMap_1.default(data.find(({ name: serviceName }) => serviceName === services_1.default.iamPolicy)
        ?.data) || [];
    /** Find Permission Boundary Policy
     *  related to this IAM Role
     */
    const permissionBoundaryPolicy = policies.find(({ Arn: arn }) => PermissionsBoundaryArn === arn);
    if (permissionBoundaryPolicy) {
        connections.push({
            id: PermissionsBoundaryArn,
            resourceType: services_1.default.iamPolicy,
            relation: 'child',
            field: 'iamPermissionBoundaryPolicy',
        });
    }
    /**
     * Find Managed Policies
     * related to this IAM Role
     */
    const attachedPolicies = policies.filter(({ Arn: arn }) => managedPolicies.find(p => p.PolicyArn === arn));
    if (!isEmpty_1.default(attachedPolicies)) {
        for (const instance of attachedPolicies) {
            const { Arn: policyId } = instance;
            connections.push({
                id: policyId,
                resourceType: services_1.default.iamPolicy,
                relation: 'child',
                field: 'iamAttachedPolicies',
            });
        }
    }
    /**
     * Find related ECS service
     */
    const ecsServices = data.find(({ name }) => name === services_1.default.ecsService);
    if (ecsServices?.data?.[region]) {
        const ecsServicesInRegion = ecsServices.data[region].filter(({ roleArn }) => roleArn === role.Arn);
        if (!isEmpty_1.default(ecsServicesInRegion)) {
            for (const service of ecsServicesInRegion) {
                const { serviceArn } = service;
                connections.push({
                    id: serviceArn,
                    resourceType: services_1.default.ecsService,
                    relation: 'child',
                    field: 'ecsServices',
                });
            }
        }
    }
    /**
     * Find any FlowLog related data
     */
    const flowLogs = data.find(({ name }) => name === services_1.default.flowLog);
    if (flowLogs?.data?.[region]) {
        const dataAtRegion = flowLogs.data[region].filter(({ DeliverLogsPermissionArn }) => DeliverLogsPermissionArn === role.Arn);
        for (const flowLog of dataAtRegion) {
            connections.push({
                id: flowLog.FlowLogId,
                resourceType: services_1.default.flowLog,
                relation: 'child',
                field: 'flowLogs',
            });
        }
    }
    /**
     * Find any CodeBuild related data
     */
    const codebuild = data.find(({ name }) => name === services_1.default.codebuild);
    if (codebuild?.data?.[region]) {
        const dataAtRegion = codebuild.data[region].filter(({ serviceRole, resourceAccessRole }) => serviceRole === role.Arn || resourceAccessRole === role.Arn);
        for (const cb of dataAtRegion) {
            connections.push({
                id: cb.arn,
                resourceType: services_1.default.codebuild,
                relation: 'child',
                field: 'codebuilds',
            });
        }
    }
    /**
     * Find any glueJob related data
     */
    const jobs = data.find(({ name }) => name === services_1.default.glueJob);
    if (jobs?.data?.[region]) {
        const dataAtRegion = jobs.data[region].filter(({ Role }) => Role === role.Arn);
        for (const job of dataAtRegion) {
            const arn = generateArns_1.glueJobArn({ region, account, name: job.Name });
            connections.push({
                id: arn,
                resourceType: services_1.default.glueJob,
                relation: 'child',
                field: 'glueJobs',
            });
        }
    }
    /**
     * Find any managedAirflow related data
     */
    const managedAirflow = data.find(({ name }) => name === services_1.default.managedAirflow);
    if (managedAirflow?.data?.[region]) {
        const dataAtRegion = managedAirflow.data[region].filter(({ ServiceRoleArn, ExecutionRoleArn }) => ServiceRoleArn === role.Arn || ExecutionRoleArn === role.Arn);
        for (const airflow of dataAtRegion) {
            connections.push({
                id: airflow.Arn,
                resourceType: services_1.default.managedAirflow,
                relation: 'child',
                field: 'managedAirflows',
            });
        }
    }
    /**
     * Find any guardDutyDetector related data
     */
    const detectors = data.find(({ name }) => name === services_1.default.guardDutyDetector);
    if (detectors?.data?.[region]) {
        const dataAtRegion = detectors.data[region].filter(({ ServiceRole }) => ServiceRole === role.Arn);
        for (const detector of dataAtRegion) {
            connections.push({
                id: detector.id,
                resourceType: services_1.default.guardDutyDetector,
                relation: 'child',
                field: 'guardDutyDetectors',
            });
        }
    }
    /**
     * Find any systemsManagerInstance related data
     */
    const systemsManagerInstances = data.find(({ name }) => name === services_1.default.systemsManagerInstance);
    if (systemsManagerInstances?.data?.[region]) {
        const dataAtRegion = systemsManagerInstances.data[region].filter(({ IamRole }) => IamRole === role.Arn);
        for (const instance of dataAtRegion) {
            connections.push({
                id: instance.InstanceId,
                resourceType: services_1.default.systemsManagerInstance,
                relation: 'child',
                field: 'systemManagerInstances',
            });
        }
    }
    /**
     * Find any sageMakerNotebookInstance related data
     */
    const notebooks = data.find(({ name }) => name === services_1.default.sageMakerNotebookInstance);
    if (notebooks?.data?.[region]) {
        const dataAtRegion = notebooks.data[region].filter(({ RoleArn }) => RoleArn === role.Arn);
        for (const notebook of dataAtRegion) {
            connections.push({
                id: notebook.NotebookInstanceArn,
                resourceType: services_1.default.sageMakerNotebookInstance,
                relation: 'child',
                field: 'sageMakerNotebookInstances',
            });
        }
    }
    /**
     * Find any elasticBeanstalkApp related data
     */
    const elasticBApps = data.find(({ name }) => name === services_1.default.elasticBeanstalkApp);
    if (elasticBApps?.data?.[region]) {
        const dataAtRegion = elasticBApps.data[region].filter(({ ResourceLifecycleConfig: { ServiceRole: iamServiceRole } = {}, }) => iamServiceRole === role.Arn);
        for (const elasticBApp of dataAtRegion) {
            connections.push({
                id: elasticBApp.ApplicationArn,
                resourceType: services_1.default.elasticBeanstalkApp,
                relation: 'child',
                field: 'elasticBeanstalkApps',
            });
        }
    }
    /**
     * Find any elasticBeanstalkEnv related data
     */
    const elasticBEnvs = data.find(({ name }) => name === services_1.default.elasticBeanstalkEnv);
    if (elasticBEnvs?.data?.[region]) {
        const dataAtRegion = elasticBEnvs.data[region].filter(({ OperationsRole }) => OperationsRole === role.Arn);
        for (const elasticBEnv of dataAtRegion) {
            connections.push({
                id: elasticBEnv.EnvironmentId,
                resourceType: services_1.default.elasticBeanstalkEnv,
                relation: 'child',
                field: 'elasticBeanstalkEnvs',
            });
        }
    }
    return {
        [id]: connections,
    };
};