deep-package-manager
Version:
DEEP Package Manager
191 lines (157 loc) • 4.34 kB
JavaScript
/**
* Created by AlexanderC on 11/24/15.
*/
;
Object.defineProperty(exports, "__esModule", {
value: true
});
exports.IAMDriver = undefined;
var _AbstractDriver = require('./AbstractDriver');
var _AbstractService = require('../Service/AbstractService');
var _APIGatewayService = require('../Service/APIGatewayService');
var _IAMService = require('../Service/IAMService');
class IAMDriver extends _AbstractDriver.AbstractDriver {
/**
* @param {*} args
*/
constructor(...args) {
super(...args);
}
/**
* @returns {String[]}
*/
static get AVAILABLE_REGIONS() {
return _IAMService.IAMService.AVAILABLE_REGIONS;
}
/**
* @todo: find a better way to handle IAM oidc-provider specific use case
*
* Overrides base _matchResource by adding support for oidc provider IAM resources
* e.g. arn:aws:iam::545786123497:oidc-provider/example.auth0.com
*
* @param {String} resource
* @param {Object} rawData
* @returns {Boolean}
* @private
*/
_matchResource(resource, rawData) {
if (IAMDriver.isOIDCProvider(resource)) {
let oidcProviderARN = null;
if (this._deployCfg && this._deployCfg.iam.identityProvider) {
oidcProviderARN = this._deployCfg.iam.identityProvider.OpenIDConnectProviderArn;
}
return oidcProviderARN ? resource === oidcProviderARN : false;
}
if (!this._matchResourceEnv(resource)) {
return false;
}
if (typeof this._baseHash === 'function') {
return this._baseHash.bind(this)(resource);
} else if (this._baseHash instanceof RegExp) {
return this._baseHash.test(resource);
}
return _AbstractService.AbstractService.extractBaseHashFromResourceName(resource) === this._baseHash;
}
/**
* @param {Function} cb
*/
list(cb) {
let methods = ['_listRoles', '_listOIDCProviders'];
let responseCount = 0;
let errors = [];
methods.forEach(methodName => {
this[methodName](error => {
responseCount++;
if (error) {
errors.push(error);
}
if (responseCount === methods.length) {
cb(errors.length > 0 ? errors.join('; ') : null);
}
});
});
}
/**
* @param {Function} cb
* @param {String|undefined} _marker
* @private
*/
_listRoles(cb, _marker) {
this._awsService.listRoles({
MaxItems: IAMDriver.MAX_ITEMS,
Marker: _marker
}, (error, data) => {
if (error) {
cb(error);
return;
}
for (let i in data.Roles) {
if (!data.Roles.hasOwnProperty(i)) {
continue;
}
let roleData = data.Roles[i];
let roleName = roleData.RoleName;
// skip global IAM role used for all applications
if (roleName !== _APIGatewayService.APIGatewayService.CLOUD_WATCH_LOGS_ROLE_NAME) {
this._checkPushStack(roleName, roleName, roleData);
}
}
if (data.Marker) {
return this._listRoles(cb, data.Marker);
}
cb(null);
});
}
/**
* @param {Function} cb
* @private
*/
_listOIDCProviders(cb) {
this._awsService.listOpenIDConnectProviders({}, (error, data) => {
if (error) {
cb(error);
return;
}
let responses = 0;
let errors = [];
let providers = data.OpenIDConnectProviderList;
if (providers.length === 0) {
cb(null);
return;
}
providers.forEach(provider => {
let oidcProviderArn = provider.Arn;
let params = {
OpenIDConnectProviderArn: oidcProviderArn
};
this._awsService.getOpenIDConnectProvider(params, (error, data) => {
responses++;
if (error) {
errors.push(error);
} else {
this._checkPushStack(oidcProviderArn, oidcProviderArn, data);
}
if (responses === providers.length) {
cb(errors.length > 0 ? errors.join('; ') : null);
}
});
});
});
}
/**
* @param {String} resource
* @returns {Boolean}
* @private
*/
static isOIDCProvider(resource) {
return (/^arn:aws:iam:.*:.*:oidc-provider\/.+$/.test(resource)
);
}
/**
* @returns {Number}
*/
static get MAX_ITEMS() {
return 1000;
}
}
exports.IAMDriver = IAMDriver;