UNPKG

alks

Version:

CLI for working with ALKS

github.com/Cox-Automotive/ALKS-CLI

Cox-Automotive/ALKS-CLI

117 lines (104 loc) 3.59 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
import ALKS from 'alks.js'; import clc from 'cli-color'; import commander from 'commander'; import { isEmpty, isUndefined } from 'underscore'; import { checkForUpdate } from '../checkForUpdate'; import { errorAndExit } from '../errorAndExit'; import { getAlks } from '../getAlks'; import { promptForAlksAccountAndRole } from '../promptForAlksAccountAndRole'; import { getAuth } from '../getAuth'; import { log } from '../log'; import { tryToExtractRole } from '../tryToExtractRole'; import { unpackTags } from '../unpackTags'; import { getAwsAccountFromString } from '../getAwsAccountFromString'; import { badAccountMessage } from '../badAccountMessage'; export async function handleAlksIamCreateTrustRole( options: commander.OptionValues ) { const roleNameDesc = 'alphanumeric including @+=._-'; const trustArnDesc = 'arn:aws|aws-us-gov:iam::d{12}:role/TestRole'; const ROLE_NAME_REGEX = /^[a-zA-Z0-9!@+=._-]+$/g; const TRUST_ARN_REGEX = /arn:(aws|aws-us-gov):iam::\d{12}:role\/?[a-zA-Z_0-9+=,.@-_/]+/g; const roleName = options.rolename; const roleType = options.roletype; const trustArn = options.trustarn; const enableAlksAccess = options.enableAlksAccess; let alksAccount = options.account as string | undefined; let alksRole = options.role as string | undefined; const tags = options.tags ? unpackTags(options.tags) : undefined; const filterFavorites = options.favorites || false; log('validating role name: ' + roleName); if (isEmpty(roleName) || !ROLE_NAME_REGEX.test(roleName)) { errorAndExit( 'The role name provided contains illegal characters. It must be ' + roleNameDesc ); } log('validating role type: ' + roleType); if ( isEmpty(roleType) || (roleType !== 'Cross Account' && roleType !== 'Inner Account') ) { errorAndExit('The role type is required'); } log('validating trust arn: ' + trustArn); if (isEmpty(trustArn) || !TRUST_ARN_REGEX.test(trustArn)) { errorAndExit( 'The trust arn provided contains illegal characters. It must be ' + trustArnDesc ); } if (!isUndefined(alksAccount) && isUndefined(alksRole)) { log('trying to extract role from account'); alksRole = tryToExtractRole(alksAccount); } try { if (!alksAccount || !alksRole) { log('getting accounts'); ({ alksAccount, alksRole } = await promptForAlksAccountAndRole({ iamOnly: true, filterFavorites, })); } else { log('using provided account/role'); } const auth = await getAuth(); const awsAccount = await getAwsAccountFromString(alksAccount); if (!awsAccount) { throw new Error(badAccountMessage); } log('calling api to create trust role: ' + roleName); const alks = await getAlks({ ...auth, }); let role; try { role = await alks.createNonServiceRole({ account: awsAccount.id, role: alksRole, roleName, roleType, trustArn, enableAlksAccess, includeDefaultPolicy: ALKS.PseudoBoolean.False, tags, }); } catch (err) { errorAndExit(err as Error); } console.log( clc.white(`The role "${roleName}" was created with the ARN: `) + clc.white.underline(role.roleArn) ); if (role.instanceProfileArn) { console.log( clc.white('An instance profile was also created with the ARN: ') + clc.white.underline(role.instanceProfileArn) ); } await checkForUpdate(); } catch (err) { errorAndExit((err as Error).message, err as Error); } }