aws-cdk
Version:
AWS CDK CLI, the command line tool for CDK apps
68 lines • 9.78 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecurityGroupContextProviderPlugin = void 0;
exports.hasAllTrafficEgress = hasAllTrafficEgress;
const api_1 = require("../../../@aws-cdk/tmp-toolkit-helpers/src/api");
const sdk_provider_1 = require("../api/aws-auth/sdk-provider");
class SecurityGroupContextProviderPlugin {
constructor(aws) {
this.aws = aws;
}
async getValue(args) {
if (args.securityGroupId && args.securityGroupName) {
throw new api_1.ContextProviderError("'securityGroupId' and 'securityGroupName' can not be specified both when looking up a security group");
}
if (!args.securityGroupId && !args.securityGroupName) {
throw new api_1.ContextProviderError("'securityGroupId' or 'securityGroupName' must be specified to look up a security group");
}
const ec2 = (await (0, sdk_provider_1.initContextProviderSdk)(this.aws, args)).ec2();
const filters = [];
if (args.vpcId) {
filters.push({
Name: 'vpc-id',
Values: [args.vpcId],
});
}
if (args.securityGroupName) {
filters.push({
Name: 'group-name',
Values: [args.securityGroupName],
});
}
const response = await ec2.describeSecurityGroups({
GroupIds: args.securityGroupId ? [args.securityGroupId] : undefined,
Filters: filters.length > 0 ? filters : undefined,
});
const securityGroups = response.SecurityGroups ?? [];
if (securityGroups.length === 0) {
throw new api_1.ContextProviderError(`No security groups found matching ${JSON.stringify(args)}`);
}
if (securityGroups.length > 1) {
throw new api_1.ContextProviderError(`More than one security groups found matching ${JSON.stringify(args)}`);
}
const [securityGroup] = securityGroups;
return {
securityGroupId: securityGroup.GroupId,
allowAllOutbound: hasAllTrafficEgress(securityGroup),
};
}
}
exports.SecurityGroupContextProviderPlugin = SecurityGroupContextProviderPlugin;
/**
* @internal
*/
function hasAllTrafficEgress(securityGroup) {
let hasAllTrafficCidrV4 = false;
let hasAllTrafficCidrV6 = false;
for (const ipPermission of securityGroup.IpPermissionsEgress ?? []) {
const isAllProtocols = ipPermission.IpProtocol === '-1';
if (isAllProtocols && ipPermission.IpRanges?.some((m) => m.CidrIp === '0.0.0.0/0')) {
hasAllTrafficCidrV4 = true;
}
if (isAllProtocols && ipPermission.Ipv6Ranges?.some((m) => m.CidrIpv6 === '::/0')) {
hasAllTrafficCidrV6 = true;
}
}
return hasAllTrafficCidrV4 && hasAllTrafficCidrV6;
}
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHktZ3JvdXBzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsic2VjdXJpdHktZ3JvdXBzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQWdFQSxrREFpQkM7QUE5RUQsdUVBQXFGO0FBQ3JGLCtEQUF3RjtBQUd4RixNQUFhLGtDQUFrQztJQUM3QyxZQUE2QixHQUFnQjtRQUFoQixRQUFHLEdBQUgsR0FBRyxDQUFhO0lBQzdDLENBQUM7SUFFRCxLQUFLLENBQUMsUUFBUSxDQUFDLElBQStCO1FBQzVDLElBQUksSUFBSSxDQUFDLGVBQWUsSUFBSSxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUNuRCxNQUFNLElBQUksMEJBQW9CLENBQzVCLHNHQUFzRyxDQUN2RyxDQUFDO1FBQ0osQ0FBQztRQUVELElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxJQUFJLENBQUMsSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDckQsTUFBTSxJQUFJLDBCQUFvQixDQUFDLHdGQUF3RixDQUFDLENBQUM7UUFDM0gsQ0FBQztRQUVELE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSxJQUFBLHFDQUFzQixFQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUVqRSxNQUFNLE9BQU8sR0FBYSxFQUFFLENBQUM7UUFDN0IsSUFBSSxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDZixPQUFPLENBQUMsSUFBSSxDQUFDO2dCQUNYLElBQUksRUFBRSxRQUFRO2dCQUNkLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUM7YUFDckIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDM0IsT0FBTyxDQUFDLElBQUksQ0FBQztnQkFDWCxJQUFJLEVBQUUsWUFBWTtnQkFDbEIsTUFBTSxFQUFFLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDO2FBQ2pDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLEdBQUcsQ0FBQyxzQkFBc0IsQ0FBQztZQUNoRCxRQUFRLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDbkUsT0FBTyxFQUFFLE9BQU8sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLFNBQVM7U0FDbEQsQ0FBQyxDQUFDO1FBRUgsTUFBTSxjQUFjLEdBQUcsUUFBUSxDQUFDLGNBQWMsSUFBSSxFQUFFLENBQUM7UUFDckQsSUFBSSxjQUFjLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2hDLE1BQU0sSUFBSSwwQkFBb0IsQ0FBQyxxQ0FBcUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDOUYsQ0FBQztRQUVELElBQUksY0FBYyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM5QixNQUFNLElBQUksMEJBQW9CLENBQUMsZ0RBQWdELElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3pHLENBQUM7UUFFRCxNQUFNLENBQUMsYUFBYSxDQUFDLEdBQUcsY0FBYyxDQUFDO1FBRXZDLE9BQU87WUFDTCxlQUFlLEVBQUUsYUFBYSxDQUFDLE9BQVE7WUFDdkMsZ0JBQWdCLEVBQUUsbUJBQW1CLENBQUMsYUFBYSxDQUFDO1NBQ3JELENBQUM7SUFDSixDQUFDO0NBQ0Y7QUFwREQsZ0ZBb0RDO0FBRUQ7O0dBRUc7QUFDSCxTQUFnQixtQkFBbUIsQ0FBQyxhQUE0QjtJQUM5RCxJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztJQUNoQyxJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztJQUVoQyxLQUFLLE1BQU0sWUFBWSxJQUFJLGFBQWEsQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLEVBQUUsQ0FBQztRQUNuRSxNQUFNLGNBQWMsR0FBRyxZQUFZLENBQUMsVUFBVSxLQUFLLElBQUksQ0FBQztRQUV4RCxJQUFJLGNBQWMsSUFBSSxZQUFZLENBQUMsUUFBUSxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sS0FBSyxXQUFXLENBQUMsRUFBRSxDQUFDO1lBQ25GLG1CQUFtQixHQUFHLElBQUksQ0FBQztRQUM3QixDQUFDO1FBRUQsSUFBSSxjQUFjLElBQUksWUFBWSxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFRLEtBQUssTUFBTSxDQUFDLEVBQUUsQ0FBQztZQUNsRixtQkFBbUIsR0FBRyxJQUFJLENBQUM7UUFDN0IsQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLG1CQUFtQixJQUFJLG1CQUFtQixDQUFDO0FBQ3BELENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgdHlwZSB7IFNlY3VyaXR5R3JvdXBDb250ZXh0UXVlcnkgfSBmcm9tICdAYXdzLWNkay9jbG91ZC1hc3NlbWJseS1zY2hlbWEnO1xuaW1wb3J0IHR5cGUgeyBTZWN1cml0eUdyb3VwQ29udGV4dFJlc3BvbnNlIH0gZnJvbSAnQGF3cy1jZGsvY3gtYXBpJztcbmltcG9ydCB0eXBlIHsgRmlsdGVyLCBTZWN1cml0eUdyb3VwIH0gZnJvbSAnQGF3cy1zZGsvY2xpZW50LWVjMic7XG5pbXBvcnQgeyBDb250ZXh0UHJvdmlkZXJFcnJvciB9IGZyb20gJy4uLy4uLy4uL0Bhd3MtY2RrL3RtcC10b29sa2l0LWhlbHBlcnMvc3JjL2FwaSc7XG5pbXBvcnQgeyB0eXBlIFNka1Byb3ZpZGVyLCBpbml0Q29udGV4dFByb3ZpZGVyU2RrIH0gZnJvbSAnLi4vYXBpL2F3cy1hdXRoL3Nkay1wcm92aWRlcic7XG5pbXBvcnQgdHlwZSB7IENvbnRleHRQcm92aWRlclBsdWdpbiB9IGZyb20gJy4uL2FwaS9wbHVnaW4nO1xuXG5leHBvcnQgY2xhc3MgU2VjdXJpdHlHcm91cENvbnRleHRQcm92aWRlclBsdWdpbiBpbXBsZW1lbnRzIENvbnRleHRQcm92aWRlclBsdWdpbiB7XG4gIGNvbnN0cnVjdG9yKHByaXZhdGUgcmVhZG9ubHkgYXdzOiBTZGtQcm92aWRlcikge1xuICB9XG5cbiAgYXN5bmMgZ2V0VmFsdWUoYXJnczogU2VjdXJpdHlHcm91cENvbnRleHRRdWVyeSk6IFByb21pc2U8U2VjdXJpdHlHcm91cENvbnRleHRSZXNwb25zZT4ge1xuICAgIGlmIChhcmdzLnNlY3VyaXR5R3JvdXBJZCAmJiBhcmdzLnNlY3VyaXR5R3JvdXBOYW1lKSB7XG4gICAgICB0aHJvdyBuZXcgQ29udGV4dFByb3ZpZGVyRXJyb3IoXG4gICAgICAgIFwiJ3NlY3VyaXR5R3JvdXBJZCcgYW5kICdzZWN1cml0eUdyb3VwTmFtZScgY2FuIG5vdCBiZSBzcGVjaWZpZWQgYm90aCB3aGVuIGxvb2tpbmcgdXAgYSBzZWN1cml0eSBncm91cFwiLFxuICAgICAgKTtcbiAgICB9XG5cbiAgICBpZiAoIWFyZ3Muc2VjdXJpdHlHcm91cElkICYmICFhcmdzLnNlY3VyaXR5R3JvdXBOYW1lKSB7XG4gICAgICB0aHJvdyBuZXcgQ29udGV4dFByb3ZpZGVyRXJyb3IoXCInc2VjdXJpdHlHcm91cElkJyBvciAnc2VjdXJpdHlHcm91cE5hbWUnIG11c3QgYmUgc3BlY2lmaWVkIHRvIGxvb2sgdXAgYSBzZWN1cml0eSBncm91cFwiKTtcbiAgICB9XG5cbiAgICBjb25zdCBlYzIgPSAoYXdhaXQgaW5pdENvbnRleHRQcm92aWRlclNkayh0aGlzLmF3cywgYXJncykpLmVjMigpO1xuXG4gICAgY29uc3QgZmlsdGVyczogRmlsdGVyW10gPSBbXTtcbiAgICBpZiAoYXJncy52cGNJZCkge1xuICAgICAgZmlsdGVycy5wdXNoKHtcbiAgICAgICAgTmFtZTogJ3ZwYy1pZCcsXG4gICAgICAgIFZhbHVlczogW2FyZ3MudnBjSWRdLFxuICAgICAgfSk7XG4gICAgfVxuICAgIGlmIChhcmdzLnNlY3VyaXR5R3JvdXBOYW1lKSB7XG4gICAgICBmaWx0ZXJzLnB1c2goe1xuICAgICAgICBOYW1lOiAnZ3JvdXAtbmFtZScsXG4gICAgICAgIFZhbHVlczogW2FyZ3Muc2VjdXJpdHlHcm91cE5hbWVdLFxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBlYzIuZGVzY3JpYmVTZWN1cml0eUdyb3Vwcyh7XG4gICAgICBHcm91cElkczogYXJncy5zZWN1cml0eUdyb3VwSWQgPyBbYXJncy5zZWN1cml0eUdyb3VwSWRdIDogdW5kZWZpbmVkLFxuICAgICAgRmlsdGVyczogZmlsdGVycy5sZW5ndGggPiAwID8gZmlsdGVycyA6IHVuZGVmaW5lZCxcbiAgICB9KTtcblxuICAgIGNvbnN0IHNlY3VyaXR5R3JvdXBzID0gcmVzcG9uc2UuU2VjdXJpdHlHcm91cHMgPz8gW107XG4gICAgaWYgKHNlY3VyaXR5R3JvdXBzLmxlbmd0aCA9PT0gMCkge1xuICAgICAgdGhyb3cgbmV3IENvbnRleHRQcm92aWRlckVycm9yKGBObyBzZWN1cml0eSBncm91cHMgZm91bmQgbWF0Y2hpbmcgJHtKU09OLnN0cmluZ2lmeShhcmdzKX1gKTtcbiAgICB9XG5cbiAgICBpZiAoc2VjdXJpdHlHcm91cHMubGVuZ3RoID4gMSkge1xuICAgICAgdGhyb3cgbmV3IENvbnRleHRQcm92aWRlckVycm9yKGBNb3JlIHRoYW4gb25lIHNlY3VyaXR5IGdyb3VwcyBmb3VuZCBtYXRjaGluZyAke0pTT04uc3RyaW5naWZ5KGFyZ3MpfWApO1xuICAgIH1cblxuICAgIGNvbnN0IFtzZWN1cml0eUdyb3VwXSA9IHNlY3VyaXR5R3JvdXBzO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIHNlY3VyaXR5R3JvdXBJZDogc2VjdXJpdHlHcm91cC5Hcm91cElkISxcbiAgICAgIGFsbG93QWxsT3V0Ym91bmQ6IGhhc0FsbFRyYWZmaWNFZ3Jlc3Moc2VjdXJpdHlHcm91cCksXG4gICAgfTtcbiAgfVxufVxuXG4vKipcbiAqIEBpbnRlcm5hbFxuICovXG5leHBvcnQgZnVuY3Rpb24gaGFzQWxsVHJhZmZpY0VncmVzcyhzZWN1cml0eUdyb3VwOiBTZWN1cml0eUdyb3VwKSB7XG4gIGxldCBoYXNBbGxUcmFmZmljQ2lkclY0ID0gZmFsc2U7XG4gIGxldCBoYXNBbGxUcmFmZmljQ2lkclY2ID0gZmFsc2U7XG5cbiAgZm9yIChjb25zdCBpcFBlcm1pc3Npb24gb2Ygc2VjdXJpdHlHcm91cC5JcFBlcm1pc3Npb25zRWdyZXNzID8/IFtdKSB7XG4gICAgY29uc3QgaXNBbGxQcm90b2NvbHMgPSBpcFBlcm1pc3Npb24uSXBQcm90b2NvbCA9PT0gJy0xJztcblxuICAgIGlmIChpc0FsbFByb3RvY29scyAmJiBpcFBlcm1pc3Npb24uSXBSYW5nZXM/LnNvbWUoKG0pID0+IG0uQ2lkcklwID09PSAnMC4wLjAuMC8wJykpIHtcbiAgICAgIGhhc0FsbFRyYWZmaWNDaWRyVjQgPSB0cnVlO1xuICAgIH1cblxuICAgIGlmIChpc0FsbFByb3RvY29scyAmJiBpcFBlcm1pc3Npb24uSXB2NlJhbmdlcz8uc29tZSgobSkgPT4gbS5DaWRySXB2NiA9PT0gJzo6LzAnKSkge1xuICAgICAgaGFzQWxsVHJhZmZpY0NpZHJWNiA9IHRydWU7XG4gICAgfVxuICB9XG5cbiAgcmV0dXJuIGhhc0FsbFRyYWZmaWNDaWRyVjQgJiYgaGFzQWxsVHJhZmZpY0NpZHJWNjtcbn1cbiJdfQ==