UNPKG

aws-cfn-constructor

Version:

Constructor for AWS CloudFormation resources using AWS CDK

github.com/hmin01/aws-cloudformation-resources-constructor

hmin01/aws-cloudformation-resources-constructor

273 lines (272 loc) 8.44 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.setPrincipal = exports.streamToBuffer = exports.loadJsonFile = exports.initialSetting = exports.extractTags = exports.extractDataFromArn = exports.delay = exports.checkAwsArnPattern = exports.createId = exports.changePartForArn = void 0; const crypto_1 = require("crypto"); const fs_1 = require("fs"); // Response const response_1 = require("../models/response"); /** * Change the part for aws arn * @param arn arn for resource * @param type part type * @param content content * @returns changed arn */ function changePartForArn(arn, type, content) { // Split the arn const split = arn.split(":"); // Return by output type switch (type) { case "partition": split[1] = content; break; case "service": split[2] = content; break; case "region": split[3] = content; break; case "account": split[4] = content; break; case "resource": split[5] = content; break; default: break; } // Join to array return split.join(":"); } exports.changePartForArn = changePartForArn; /** * Create the logical id for resource to be used aws cdk * @param content content to create hash value * @returns created id */ function createId(content) { return `TOV${(0, crypto_1.createHash)("sha256").update(content).digest("hex")}`; } exports.createId = createId; /** * Check if it matches the arn format. * @param target the target of comparison * @returns comparsion result */ function checkAwsArnPattern(target) { // Set the regex for arn pattern const arnPattern = new RegExp("^arn:([^:\n]*):([^:\n]*):([^:\n]*):([^:\n]*):(([^:\/\n]*)[:\/])?(.*)$"); // Check pattern return arnPattern.test(target); } exports.checkAwsArnPattern = checkAwsArnPattern; /** * Delay process * @param ms delay time * @returns none */ async function delay(ms) { return new Promise(resolve => setTimeout(resolve, ms)); } exports.delay = delay; /** * Extract the data from arn * @description https://docs.aws.amazon.com/ko_kr/general/latest/gr/aws-arns-and-namespaces.html * @param arn arn for resource * @param type output type [partition|service|region|accout|resource] * @returns output data */ function extractDataFromArn(arn, type) { // Split the arn const split = arn.split(":"); const service = split[2]; // Return by output type switch (type) { case "partition": return split[1]; case "service": return split[2]; case "region": return split[3]; case "account": return split[4]; case "resource": if (service === "cognito-idp" || service === "dynamodb") { const temp = split[5].split("/"); return temp[1]; } else if (service === "iam") { const temp = split[5].split("/"); return temp.length > 1 ? temp[temp.length - 1] : split[5]; } else if (service === "lambda") { return split[6]; } else { return split[5]; } case "qualifier": if (service === "lambda") { return split[7] !== undefined ? split[7] : ""; } else { return ""; } default: return ""; } } exports.extractDataFromArn = extractDataFromArn; /** * Extract a list of tag based on input data * @param tags content of tags * @returns a list of tag */ function extractTags(tags) { // Check the input parameter type const type = Object.prototype.toString.call(tags); // if (type === "Object") { return Object.entries(tags).map((elem) => { return { key: elem.key, value: elem.value }; }); } else if (type === "Array") { return tags.map((elem) => { return { key: elem.Key !== undefined ? elem.Key : elem.key, vallue: elem.Value !== undefined ? elem.Value : elem.value }; }); } else { return []; } } exports.extractTags = extractTags; /** * Initial setting * @param envPath environment file path */ function initialSetting(envPath) { // Load a configuration data const env = loadJsonFile(envPath); // Set the environment various process.env.ASSUME_ROLE_ARN = env.ASSUME_ROLE_ARN; process.env.ORIGIN_ACCOUNT = env.ORIGIN_ACCOUNT; process.env.ORIGIN_REGION = env.ORIGIN_REGION; process.env.TARGET_ACCOUNT = env.TARGET_ACCOUNT; process.env.TARGET_REGION = env.TARGET_REGION; // Catch error if (!process.env.ORIGIN_ACCOUNT || !process.env.ORIGIN_REGION || !process.env.TARGET_ACCOUNT || !process.env.TARGET_REGION) { (0, response_1.catchError)(response_1.CODE.ERROR.COMMON.INVALIED_ENV, true); } } exports.initialSetting = initialSetting; /** * Load a json data (configuration) * @param filePath file path * @returns loaded data */ function loadJsonFile(filePath) { try { // Read a file ata const data = (0, fs_1.readFileSync)(filePath).toString(); // Transform to json and return data return JSON.parse(data); } catch (err) { // Print error message if (typeof err === "string" || err instanceof Error) { console.error(`[ERROR] ${err}`); } // Exit process.exit(1); } } exports.loadJsonFile = loadJsonFile; /** * Stream to string * @param steam readable stream * @returns converted string */ async function streamToBuffer(steam) { return new Promise((resolve, reject) => { const chunks = []; steam.on("data", chunk => chunks.push(chunk)); steam.on("error", err => reject(err)); steam.on("end", () => resolve(Buffer.concat(chunks))); }); } exports.streamToBuffer = streamToBuffer; /** * Set a principal content in policy * @param value principal content * @returns changed content */ function _setPrincipal(value) { // Set a default pattern for account number const accountNumberPattern = new RegExp("^[0-9]{12}"); // Check a value format (if it match a format for aws arn) if (checkAwsArnPattern(value)) { // Extract an account number and service type from arn const account = extractDataFromArn(value, "account"); // Change an account number in arn if (account === process.env.ORIGIN_ACCOUNT) { return changePartForArn(value, "account", process.env.TARGET_ACCOUNT); } else { return value; } } else if (accountNumberPattern.test(value)) { // if it match a format for aws account number if (value === process.env.ORIGIN_ACCOUNT) { return process.env.TARGET_ACCOUNT; } else { return value; } } else { return value; } } /** * Set a principal content * @param principal principal content * @returns changed content */ function setPrincipal(principal) { try { const result = {}; // Process for (const key of Object.keys(principal)) { // Extract a value by key const value = principal[key]; // Anaysis a principal if (key === "AWS" || key === "Faderated") { // If value type is array if (Object.prototype.toString.call(value) === "Array") { result[key] = value.map((elem) => _setPrincipal(elem)); } else { // value type is string result[key] = _setPrincipal(value); } } else { // "CanonicalUser" or "Service" // If value type is array if (Object.prototype.toString.call(value) === "Array") { result[key] = value.map((elem) => elem); } else { // value type is string result[key] = value; } } } // Return return result; } catch (err) { console.error(`[ERROR] Failed to set the principals in policy\n-> ${err}`); process.exit(1); } } exports.setPrincipal = setPrincipal;