UNPKG

aws-lager

Version:

AWS Lambda / API Gateway / Endpoint Router

147 lines (133 loc) 4.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
'use strict'; var _ = require('lodash'); var AWS = require('aws-sdk'); var Promise = require('bluebird'); var fs = require('fs'); var nameGenerator = require('./name_generator'); var policyHelperFn = require('./policy_helper'); AWS.config.apiVersions = { iam: '2010-05-08' }; /** * Constructor function * @param Object options */ var policyBuilder = function(options) { this.environment = options.environment; this.pathPrefix = '/' + (this.environment ? this.environment + '/' : ''); this.iam = new AWS.IAM(); this.policyHelper = policyHelperFn(this.iam); }; /* istanbul ignore next */ /** * Deploy all policies in a directory * @param String path * @return Promise */ policyBuilder.prototype.deployAll = function(path) { // Retrieve policy configuration directories var policyPaths = _.map(fs.readdirSync(path), function(dirName) { return path + '/' + dirName; }); // Run the functions in serie return Promise.mapSeries(policyPaths, this.deploy.bind(this)); }; /* istanbul ignore next */ /** * Deploy a policy configuration * @param String pathToPolicy * @return Promise */ policyBuilder.prototype.deploy = function(pathToPolicy) { var policyName = nameGenerator(pathToPolicy, this.environment); var policyDocument = fs.readFileSync(pathToPolicy).toString(); console.log(' * Deploying policy ' + policyName); var params = { PathPrefix: this.pathPrefix, OnlyAttached: false, Scope: 'Local' }; return this.policyHelper.getPolicyByName(policyName, params) .then(function(currentPolicy) { if (!currentPolicy) { // If the policy could not be found, create it console.log(' * The policy does not exist yet'); var params = { PolicyDocument: policyDocument, PolicyName: policyName, Description: 'Policy generated by LAGER', Path: this.pathPrefix }; return Promise.promisify(this.iam.createPolicy.bind(this.iam))(params); } else { // If the policy already exists, we update it if necessary console.log(' * The policy already exists'); var params = { PolicyArn: currentPolicy.Arn, VersionId: currentPolicy.DefaultVersionId }; return Promise.promisify(this.iam.getPolicyVersion.bind(this.iam))(params) .then(function(data) { if (unescape(data.PolicyVersion.Document) === policyDocument) { console.log(' * The policy is already up-to-date'); return Promise.resolve(currentPolicy); } else { console.log(' * The policy must be updated'); return this.updatePolicy(currentPolicy.Arn, policyDocument); } }); } }.bind(this)); }; /** * Update a policy taking car of the limit of 5 versions * Deletes the version that has the smallest ID and is not set as default * @param String policyArn * @param String policyDocument * @return Promise */ policyBuilder.prototype.updatePolicy = function(policyArn, policyDocument) { return Promise.promisify(this.iam.listPolicyVersions.bind(this.iam))({ PolicyArn: policyArn }) .then(function(data) { if (data.Versions.length < 5) { // If the policy has less than 5 versions, we can create a new version return this.createPolicyVersion(policyArn, policyDocument); } else { // If the policy already has 5 versions, we have to delete the oldest one // Look for the smallest version number console.log(' * 5 versions exist already'); var minVersion = _.reduce(data.Versions, function(result, value, key) { if (value.IsDefaultVersion || value.VersionId > result) { return result; } return value.VersionId; }, Infinity); console.log(' * Deleting version ' + minVersion); var params = { PolicyArn: policyArn, VersionId: minVersion }; return Promise.promisify(this.iam.deletePolicyVersion.bind(this.iam))(params) .then(function() { return this.createPolicyVersion(policyArn, policyDocument); }); } }); }; /** * Create a policy version * @param String policyArn * @param String policyDocument * @return Promise */ policyBuilder.prototype.createPolicyVersion = function(policyArn, policyDocument) { // @TODO We should SetAsDefault only once the deployment is performed console.log(' * Creating a new version'); var params = { PolicyArn: policyArn, PolicyDocument: policyDocument, SetAsDefault: true }; return Promise.promisify(this.iam.createPolicyVersion.bind(this.iam))(params); }; module.exports = policyBuilder;