General fixes and new kms support

2023-06-27 15:03:04 -04:00
parent e1aaeaa90e
commit a5c90f7a26
16 changed files with 278 additions and 29 deletions
--- a/src/iam/create-policy.handler.ts
+++ b/src/iam/create-policy.handler.ts
@@ -41,7 +41,7 @@ export class CreatePolicyHandler extends AbstractActionHandler<QueryParams> {
    return {
      Policy: {
        PolicyName: policy.name,
-        DefaultVersionId: 'v1',
+        DefaultVersionId: policy.version,
        PolicyId: policy.id,
        Path: '/',
        Arn: policy.arn,
--- a/src/iam/create-role.handler.ts
+++ b/src/iam/create-role.handler.ts
@@ -12,6 +12,7 @@ type QueryParams = {
  RoleName: string;
  Path: string;
  AssumeRolePolicyDocument: string;
+  MaxSessionDuration: number;
 }

@Injectable()
@@ -32,9 +33,10 @@ export class CreateRoleHandler extends AbstractActionHandler<QueryParams> {
    RoleName: Joi.string().required(),
    Path: Joi.string().required(),
    AssumeRolePolicyDocument: Joi.string().required(),
+    MaxSessionDuration: Joi.number().default(3600),
  });

-  protected async handle({ RoleName, Path, AssumeRolePolicyDocument }: QueryParams, awsProperties: AwsProperties) {
+  protected async handle({ RoleName, Path, AssumeRolePolicyDocument, MaxSessionDuration }: QueryParams, awsProperties: AwsProperties) {

    const policy = await this.policyRepo.create({
      id: uuid.v4(),
@@ -51,6 +53,7 @@ export class CreateRoleHandler extends AbstractActionHandler<QueryParams> {
      path: Path,
      accountId: awsProperties.accountId,
      assumeRolePolicyDocumentId: policy.id,
+      maxSessionDuration: MaxSessionDuration,
    }).save();

    const role = await this.roleRepo.findOne({ where: { id }});
--- a/src/iam/get-policy-version.handler.ts
+++ b/src/iam/get-policy-version.handler.ts
@@ -0,0 +1,54 @@
+import { Injectable, NotFoundException, Version } from '@nestjs/common';
+import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
+import { Action } from '../action.enum';
+import * as Joi from 'joi';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { IamPolicy } from './iam-policy.entity';
+import { breakdownArn } from '../util/breakdown-arn';
+import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
+
+type QueryParams = {
+  PolicyArn: string;
+  VersionId: string;
+}
+
+@Injectable()
+export class GetPolicyVersionHandler extends AbstractActionHandler<QueryParams> {
+
+  constructor(
+    @InjectRepository(IamPolicy)
+    private readonly policyRepo: Repository<IamPolicy>,
+    @InjectRepository(IamRolePolicyAttachment)
+    private readonly attachmentRepo: Repository<IamRolePolicyAttachment>,
+  ) {
+    super();
+  }
+
+  format = Format.Xml;
+  action = Action.IamGetPolicyVersion;
+  validator = Joi.object<QueryParams, true>({ 
+    PolicyArn: Joi.string().required(),
+    VersionId: Joi.string().required(),
+  });
+
+  protected async handle({ PolicyArn, VersionId }: QueryParams, awsProperties: AwsProperties) {
+
+    const { identifier, accountId } = breakdownArn(PolicyArn);
+    const [_policy, name] = identifier.split('/');
+    const policy = await this.policyRepo.findOne({ where: { name, accountId, version: +VersionId }});
+
+    if (!policy) {
+      throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
+    }
+
+    return {
+      PolicyVersion: {
+        Document: policy.document,
+        IsDefaultVersion: policy.isDefault,
+        VersionId: `${policy.version}`,
+        CreateDate: new Date(policy.createdAt).toISOString(),
+      }
+    }
+  }
+}
--- a/src/iam/get-policy.handler.ts
+++ b/src/iam/get-policy.handler.ts
@@ -45,7 +45,7 @@ export class GetPolicyHandler extends AbstractActionHandler<QueryParams> {
    return {
      Policy: {
        PolicyName: policy.name,
-        DefaultVersionId: `v${policy.version}`,
+        DefaultVersionId: policy.version,
        PolicyId: policy.id,
        Path: '/',
        Arn: policy.arn,
--- a/src/iam/iam-role.entity.ts
+++ b/src/iam/iam-role.entity.ts
@@ -19,6 +19,9 @@ export class IamRole extends BaseEntity {
  @Column({ name: 'account_id', nullable: false })
  accountId: string;

+  @Column({ name: 'max_session_duration', nullable: false, default: 0 })
+  maxSessionDuration: number;
+
  @CreateDateColumn()
  createdAt: string;

@@ -43,6 +46,7 @@ export class IamRole extends BaseEntity {
      AssumeRolePolicyDocument: this.assumeRolePolicyDocument.document,
      CreateDate: new Date(this.createdAt).toISOString(),
      RoleId: this.id,
+      MaxSessionDuration: this.maxSessionDuration,
    }
  }
 }
--- a/src/iam/iam.module.ts
+++ b/src/iam/iam.module.ts
@@ -9,6 +9,7 @@ import { AttachRolePolicyHandler } from './attach-role-policy.handler';
 import { CreatePolicyVersionHandler } from './create-policy-version.handler';
 import { CreatePolicyHandler } from './create-policy.handler';
 import { CreateRoleHandler } from './create-role.handler';
+import { GetPolicyVersionHandler } from './get-policy-version.handler';
 import { GetPolicyHandler } from './get-policy.handler';
 import { GetRoleHandler } from './get-role.handler';
 import { IamPolicy } from './iam-policy.entity';
@@ -25,6 +26,7 @@ const handlers = [
  CreateRoleHandler,
  GetPolicyHandler,
  GetRoleHandler,
+  GetPolicyVersionHandler,
  ListAttachedRolePoliciesHandler,
  ListRolePoliciesHandler,
 ]