Sts addition, kms updates, context object, improved exception handling
This commit is contained in:
@@ -1,47 +0,0 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import * as Joi from 'joi';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import * as uuid from 'uuid';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
|
||||
import { IamRole } from './iam-role.entity';
|
||||
|
||||
type QueryParams = {
|
||||
PolicyArn: string;
|
||||
RoleName: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class AttachRolePolicyHandler extends AbstractActionHandler<QueryParams> {
|
||||
|
||||
constructor(
|
||||
@InjectRepository(IamRole)
|
||||
private readonly roleRepo: Repository<IamRole>,
|
||||
@InjectRepository(IamRolePolicyAttachment)
|
||||
private readonly attachRepo: Repository<IamRolePolicyAttachment>,
|
||||
) {
|
||||
super();
|
||||
}
|
||||
|
||||
format = Format.Xml;
|
||||
action = Action.IamAttachRolePolicy;
|
||||
validator = Joi.object<QueryParams, true>({
|
||||
PolicyArn: Joi.string().required(),
|
||||
RoleName: Joi.string().required(),
|
||||
});
|
||||
|
||||
protected async handle({ PolicyArn, RoleName }: QueryParams, awsProperties: AwsProperties) {
|
||||
|
||||
const role = await this.roleRepo.findOne({ where: { roleName: RoleName, accountId: awsProperties.accountId} });
|
||||
|
||||
await this.attachRepo.create({
|
||||
id: uuid.v4(),
|
||||
policyArn: PolicyArn,
|
||||
roleId: role.id,
|
||||
accountId: awsProperties.accountId,
|
||||
}).save();
|
||||
}
|
||||
}
|
||||
@@ -1,62 +0,0 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import * as Joi from 'joi';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import * as uuid from 'uuid';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
import { breakdownArn } from '../util/breakdown-arn';
|
||||
|
||||
type QueryParams = {
|
||||
PolicyArn: string;
|
||||
PolicyDocument: string;
|
||||
SetAsDefault: boolean;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class CreatePolicyVersionHandler extends AbstractActionHandler<QueryParams> {
|
||||
|
||||
constructor(
|
||||
@InjectRepository(IamPolicy)
|
||||
private readonly policyRepo: Repository<IamPolicy>,
|
||||
) {
|
||||
super();
|
||||
}
|
||||
|
||||
format = Format.Xml;
|
||||
action = Action.IamCreatePolicyVersion;
|
||||
validator = Joi.object<QueryParams, true>({
|
||||
PolicyArn: Joi.string().required(),
|
||||
PolicyDocument: Joi.string().required(),
|
||||
SetAsDefault: Joi.boolean().required(),
|
||||
});
|
||||
|
||||
protected async handle({ PolicyArn, PolicyDocument, SetAsDefault }: QueryParams, awsProperties: AwsProperties) {
|
||||
|
||||
const { identifier, accountId } = breakdownArn(PolicyArn);
|
||||
const [_policy, name] = identifier.split('/');
|
||||
const currentPolicy = await this.policyRepo.findOne({ where: { accountId, name, isDefault: true } });
|
||||
|
||||
if (SetAsDefault) {
|
||||
await this.policyRepo.update({ accountId, name }, { isDefault: false })
|
||||
}
|
||||
|
||||
const policy = await this.policyRepo.create({
|
||||
id: uuid.v4(),
|
||||
name: name,
|
||||
isDefault: SetAsDefault,
|
||||
version: currentPolicy.version + 1,
|
||||
document: PolicyDocument,
|
||||
accountId: awsProperties.accountId,
|
||||
}).save();
|
||||
|
||||
return {
|
||||
PolicyVersion: {
|
||||
IsDefaultVersion: policy.isDefault,
|
||||
VersionId: `v${policy.version}`,
|
||||
CreateDate: new Date(policy.createdAt).toISOString(),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,54 +0,0 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import * as Joi from 'joi';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import * as uuid from 'uuid';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
|
||||
type QueryParams = {
|
||||
PolicyName: string;
|
||||
PolicyDocument: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class CreatePolicyHandler extends AbstractActionHandler<QueryParams> {
|
||||
|
||||
constructor(
|
||||
@InjectRepository(IamPolicy)
|
||||
private readonly policyRepo: Repository<IamPolicy>,
|
||||
) {
|
||||
super();
|
||||
}
|
||||
|
||||
format = Format.Xml;
|
||||
action = Action.IamCreatePolicy;
|
||||
validator = Joi.object<QueryParams, true>({
|
||||
PolicyName: Joi.string().required(),
|
||||
PolicyDocument: Joi.string().required(),
|
||||
});
|
||||
|
||||
protected async handle({ PolicyName, PolicyDocument }: QueryParams, awsProperties: AwsProperties) {
|
||||
|
||||
const policy = await this.policyRepo.create({
|
||||
id: uuid.v4(),
|
||||
name: PolicyName,
|
||||
document: PolicyDocument,
|
||||
accountId: awsProperties.accountId,
|
||||
}).save();
|
||||
|
||||
return {
|
||||
Policy: {
|
||||
PolicyName: policy.name,
|
||||
DefaultVersionId: policy.version,
|
||||
PolicyId: policy.id,
|
||||
Path: '/',
|
||||
Arn: policy.arn,
|
||||
AttachmentCount: 0,
|
||||
CreateDate: new Date(policy.createdAt).toISOString(),
|
||||
UpdateDate: new Date(policy.updatedAt).toISOString(),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,65 +0,0 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import * as Joi from 'joi';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { IamRole } from './iam-role.entity';
|
||||
import * as uuid from 'uuid';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
|
||||
type QueryParams = {
|
||||
RoleName: string;
|
||||
Path: string;
|
||||
AssumeRolePolicyDocument: string;
|
||||
MaxSessionDuration: number;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class CreateRoleHandler extends AbstractActionHandler<QueryParams> {
|
||||
|
||||
constructor(
|
||||
@InjectRepository(IamRole)
|
||||
private readonly roleRepo: Repository<IamRole>,
|
||||
@InjectRepository(IamPolicy)
|
||||
private readonly policyRepo: Repository<IamPolicy>,
|
||||
) {
|
||||
super();
|
||||
}
|
||||
|
||||
format = Format.Xml;
|
||||
action = Action.IamCreateRole;
|
||||
validator = Joi.object<QueryParams, true>({
|
||||
RoleName: Joi.string().required(),
|
||||
Path: Joi.string().required(),
|
||||
AssumeRolePolicyDocument: Joi.string().required(),
|
||||
MaxSessionDuration: Joi.number().default(3600),
|
||||
});
|
||||
|
||||
protected async handle({ RoleName, Path, AssumeRolePolicyDocument, MaxSessionDuration }: QueryParams, awsProperties: AwsProperties) {
|
||||
|
||||
const policy = await this.policyRepo.create({
|
||||
id: uuid.v4(),
|
||||
name: `${RoleName}-AssumeRolePolicyDocument`,
|
||||
document: AssumeRolePolicyDocument,
|
||||
accountId: awsProperties.accountId,
|
||||
}).save();
|
||||
|
||||
const id = uuid.v4();
|
||||
|
||||
await this.roleRepo.create({
|
||||
id,
|
||||
roleName: RoleName,
|
||||
path: Path,
|
||||
accountId: awsProperties.accountId,
|
||||
assumeRolePolicyDocumentId: policy.id,
|
||||
maxSessionDuration: MaxSessionDuration,
|
||||
}).save();
|
||||
|
||||
const role = await this.roleRepo.findOne({ where: { id }});
|
||||
|
||||
return {
|
||||
Role: role.metadata,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,54 +0,0 @@
|
||||
import { Injectable, NotFoundException, Version } from '@nestjs/common';
|
||||
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import * as Joi from 'joi';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
import { breakdownArn } from '../util/breakdown-arn';
|
||||
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
|
||||
|
||||
type QueryParams = {
|
||||
PolicyArn: string;
|
||||
VersionId: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class GetPolicyVersionHandler extends AbstractActionHandler<QueryParams> {
|
||||
|
||||
constructor(
|
||||
@InjectRepository(IamPolicy)
|
||||
private readonly policyRepo: Repository<IamPolicy>,
|
||||
@InjectRepository(IamRolePolicyAttachment)
|
||||
private readonly attachmentRepo: Repository<IamRolePolicyAttachment>,
|
||||
) {
|
||||
super();
|
||||
}
|
||||
|
||||
format = Format.Xml;
|
||||
action = Action.IamGetPolicyVersion;
|
||||
validator = Joi.object<QueryParams, true>({
|
||||
PolicyArn: Joi.string().required(),
|
||||
VersionId: Joi.string().required(),
|
||||
});
|
||||
|
||||
protected async handle({ PolicyArn, VersionId }: QueryParams, awsProperties: AwsProperties) {
|
||||
|
||||
const { identifier, accountId } = breakdownArn(PolicyArn);
|
||||
const [_policy, name] = identifier.split('/');
|
||||
const policy = await this.policyRepo.findOne({ where: { name, accountId, version: +VersionId }});
|
||||
|
||||
if (!policy) {
|
||||
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
|
||||
}
|
||||
|
||||
return {
|
||||
PolicyVersion: {
|
||||
Document: policy.document,
|
||||
IsDefaultVersion: policy.isDefault,
|
||||
VersionId: `${policy.version}`,
|
||||
CreateDate: new Date(policy.createdAt).toISOString(),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,58 +0,0 @@
|
||||
import { Injectable, NotFoundException } from '@nestjs/common';
|
||||
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import * as Joi from 'joi';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
import { breakdownArn } from '../util/breakdown-arn';
|
||||
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
|
||||
|
||||
type QueryParams = {
|
||||
PolicyArn: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class GetPolicyHandler extends AbstractActionHandler<QueryParams> {
|
||||
|
||||
constructor(
|
||||
@InjectRepository(IamPolicy)
|
||||
private readonly policyRepo: Repository<IamPolicy>,
|
||||
@InjectRepository(IamRolePolicyAttachment)
|
||||
private readonly attachmentRepo: Repository<IamRolePolicyAttachment>,
|
||||
) {
|
||||
super();
|
||||
}
|
||||
|
||||
format = Format.Xml;
|
||||
action = Action.IamGetPolicy;
|
||||
validator = Joi.object<QueryParams, true>({
|
||||
PolicyArn: Joi.string().required(),
|
||||
});
|
||||
|
||||
protected async handle({ PolicyArn }: QueryParams, awsProperties: AwsProperties) {
|
||||
|
||||
const { identifier, accountId } = breakdownArn(PolicyArn);
|
||||
const [_policy, name] = identifier.split('/');
|
||||
const policy = await this.policyRepo.findOne({ where: { name, accountId, isDefault: true }});
|
||||
|
||||
if (!policy) {
|
||||
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
|
||||
}
|
||||
|
||||
const attachmentCount = await this.attachmentRepo.count({ where: { policyArn: policy.arn } });
|
||||
|
||||
return {
|
||||
Policy: {
|
||||
PolicyName: policy.name,
|
||||
DefaultVersionId: policy.version,
|
||||
PolicyId: policy.id,
|
||||
Path: '/',
|
||||
Arn: policy.arn,
|
||||
AttachmentCount: attachmentCount,
|
||||
CreateDate: new Date(policy.createdAt).toISOString(),
|
||||
UpdateDate: new Date(policy.updatedAt).toISOString(),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,41 +0,0 @@
|
||||
import { Injectable, NotFoundException } from '@nestjs/common';
|
||||
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import * as Joi from 'joi';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { IamRole } from './iam-role.entity';
|
||||
|
||||
type QueryParams = {
|
||||
RoleName: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class GetRoleHandler extends AbstractActionHandler<QueryParams> {
|
||||
|
||||
constructor(
|
||||
@InjectRepository(IamRole)
|
||||
private readonly roleRepo: Repository<IamRole>,
|
||||
) {
|
||||
super();
|
||||
}
|
||||
|
||||
format = Format.Xml;
|
||||
action = Action.IamGetRole;
|
||||
validator = Joi.object<QueryParams, true>({
|
||||
RoleName: Joi.string().required(),
|
||||
});
|
||||
|
||||
protected async handle({ RoleName }: QueryParams, awsProperties: AwsProperties) {
|
||||
|
||||
const role = await this.roleRepo.findOne({ where: { roleName: RoleName, accountId: awsProperties.accountId } });
|
||||
|
||||
if (!role) {
|
||||
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
|
||||
}
|
||||
|
||||
return {
|
||||
Role: role.metadata,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,38 +0,0 @@
|
||||
import { BaseEntity, Column, CreateDateColumn, Entity, JoinColumn, OneToMany, OneToOne, PrimaryColumn, UpdateDateColumn } from 'typeorm';
|
||||
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
|
||||
import { IamRole } from './iam-role.entity';
|
||||
|
||||
@Entity({ name: 'iam_policy' })
|
||||
export class IamPolicy extends BaseEntity {
|
||||
|
||||
@PrimaryColumn()
|
||||
id: string;
|
||||
|
||||
@Column({ default: 1 })
|
||||
version: number;
|
||||
|
||||
@Column({ name: 'is_default', default: true })
|
||||
isDefault: boolean;
|
||||
|
||||
@Column()
|
||||
name: string;
|
||||
|
||||
@Column()
|
||||
document: string;
|
||||
|
||||
@Column({ name: 'account_id', nullable: false })
|
||||
accountId: string;
|
||||
|
||||
@CreateDateColumn()
|
||||
createdAt: string;
|
||||
|
||||
@UpdateDateColumn()
|
||||
updatedAt: string;
|
||||
|
||||
@OneToOne(() => IamRole, role => role.assumeRolePolicyDocument)
|
||||
iamRole: IamRole;
|
||||
|
||||
get arn() {
|
||||
return `arn:aws:iam::${this.accountId}:policy/${this.name}`;
|
||||
}
|
||||
}
|
||||
@@ -1,18 +0,0 @@
|
||||
import { BaseEntity, Column, Entity, JoinColumn, ManyToOne, PrimaryColumn } from 'typeorm';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
|
||||
@Entity({ name: 'iam_role_policy_attachment' })
|
||||
export class IamRolePolicyAttachment extends BaseEntity {
|
||||
|
||||
@PrimaryColumn()
|
||||
id: string;
|
||||
|
||||
@Column({ name: 'policy_arn' })
|
||||
policyArn: string;
|
||||
|
||||
@Column({ name: 'role_name' })
|
||||
roleId: string;
|
||||
|
||||
@Column({ name: 'account_id'})
|
||||
accountId: string;
|
||||
}
|
||||
@@ -1,52 +0,0 @@
|
||||
import { BaseEntity, Column, CreateDateColumn, Entity, JoinColumn, OneToOne, PrimaryColumn, UpdateDateColumn } from 'typeorm';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
|
||||
@Entity({ name: 'iam_role' })
|
||||
export class IamRole extends BaseEntity {
|
||||
|
||||
@PrimaryColumn()
|
||||
id: string
|
||||
|
||||
@Column({ name: 'role_name' })
|
||||
roleName: string;
|
||||
|
||||
@Column()
|
||||
path: string;
|
||||
|
||||
@Column({ name: 'assume_role_policy_document_id', nullable: false })
|
||||
assumeRolePolicyDocumentId: string;
|
||||
|
||||
@Column({ name: 'account_id', nullable: false })
|
||||
accountId: string;
|
||||
|
||||
@Column({ name: 'max_session_duration', nullable: false, default: 0 })
|
||||
maxSessionDuration: number;
|
||||
|
||||
@CreateDateColumn()
|
||||
createdAt: string;
|
||||
|
||||
@UpdateDateColumn()
|
||||
updatedAt: string;
|
||||
|
||||
@OneToOne(() => IamPolicy, (policy) => policy.id, { eager: true })
|
||||
@JoinColumn({ name: 'assume_role_policy_document_id' })
|
||||
assumeRolePolicyDocument: IamPolicy;
|
||||
|
||||
get arn() {
|
||||
const identifier = this.path.split('/');
|
||||
identifier.push(this.roleName);
|
||||
return `arn:aws:iam::${this.accountId}:role/${identifier.join('/')}`;
|
||||
}
|
||||
|
||||
get metadata() {
|
||||
return {
|
||||
Path: this.path,
|
||||
Arn: this.arn,
|
||||
RoleName: this.roleName,
|
||||
AssumeRolePolicyDocument: this.assumeRolePolicyDocument.document,
|
||||
CreateDate: new Date(this.createdAt).toISOString(),
|
||||
RoleId: this.id,
|
||||
MaxSessionDuration: this.maxSessionDuration,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
import { AbstractActionHandler } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
|
||||
export type IAMHandlers = Record<Action, AbstractActionHandler>;
|
||||
export const IAMHandlers = Symbol.for('IAMHandlers');
|
||||
@@ -1,207 +0,0 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
import { Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import { AwsSharedEntitiesModule } from '../aws-shared-entities/aws-shared-entities.module';
|
||||
import { DefaultActionHandlerProvider } from '../default-action-handler/default-action-handler.provider';
|
||||
import { ExistingActionHandlersProvider } from '../default-action-handler/existing-action-handlers.provider';
|
||||
import { AttachRolePolicyHandler } from './attach-role-policy.handler';
|
||||
import { CreatePolicyVersionHandler } from './create-policy-version.handler';
|
||||
import { CreatePolicyHandler } from './create-policy.handler';
|
||||
import { CreateRoleHandler } from './create-role.handler';
|
||||
import { GetPolicyVersionHandler } from './get-policy-version.handler';
|
||||
import { GetPolicyHandler } from './get-policy.handler';
|
||||
import { GetRoleHandler } from './get-role.handler';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
|
||||
import { IamRole } from './iam-role.entity';
|
||||
import { IAMHandlers } from './iam.constants';
|
||||
import { ListAttachedRolePoliciesHandler } from './list-attached-role-policies';
|
||||
import { ListRolePoliciesHandler } from './list-role-policies.handler';
|
||||
|
||||
const handlers = [
|
||||
AttachRolePolicyHandler,
|
||||
CreatePolicyHandler,
|
||||
CreatePolicyVersionHandler,
|
||||
CreateRoleHandler,
|
||||
GetPolicyHandler,
|
||||
GetRoleHandler,
|
||||
GetPolicyVersionHandler,
|
||||
ListAttachedRolePoliciesHandler,
|
||||
ListRolePoliciesHandler,
|
||||
]
|
||||
|
||||
const actions = [
|
||||
Action.IamAddClientIDToOpenIDConnectProvider,
|
||||
Action.IamAddRoleToInstanceProfile,
|
||||
Action.IamAddUserToGroup,
|
||||
Action.IamAttachGroupPolicy,
|
||||
Action.IamAttachRolePolicy,
|
||||
Action.IamAttachUserPolicy,
|
||||
Action.IamChangePassword,
|
||||
Action.IamCreateAccessKey,
|
||||
Action.IamCreateAccountAlias,
|
||||
Action.IamCreateGroup,
|
||||
Action.IamCreateInstanceProfile,
|
||||
Action.IamCreateLoginProfile,
|
||||
Action.IamCreateOpenIDConnectProvider,
|
||||
Action.IamCreatePolicy,
|
||||
Action.IamCreatePolicyVersion,
|
||||
Action.IamCreateRole,
|
||||
Action.IamCreateSAMLProvider,
|
||||
Action.IamCreateServiceLinkedRole,
|
||||
Action.IamCreateServiceSpecificCredential,
|
||||
Action.IamCreateUser,
|
||||
Action.IamCreateVirtualMFADevice,
|
||||
Action.IamDeactivateMFADevice,
|
||||
Action.IamDeleteAccessKey,
|
||||
Action.IamDeleteAccountAlias,
|
||||
Action.IamDeleteAccountPasswordPolicy,
|
||||
Action.IamDeleteGroup,
|
||||
Action.IamDeleteGroupPolicy,
|
||||
Action.IamDeleteInstanceProfile,
|
||||
Action.IamDeleteLoginProfile,
|
||||
Action.IamDeleteOpenIDConnectProvider,
|
||||
Action.IamDeletePolicy,
|
||||
Action.IamDeletePolicyVersion,
|
||||
Action.IamDeleteRole,
|
||||
Action.IamDeleteRolePermissionsBoundary,
|
||||
Action.IamDeleteRolePolicy,
|
||||
Action.IamDeleteSAMLProvider,
|
||||
Action.IamDeleteServerCertificate,
|
||||
Action.IamDeleteServiceLinkedRole,
|
||||
Action.IamDeleteServiceSpecificCredential,
|
||||
Action.IamDeleteSigningCertificate,
|
||||
Action.IamDeleteSSHPublicKey,
|
||||
Action.IamDeleteUser,
|
||||
Action.IamDeleteUserPermissionsBoundary,
|
||||
Action.IamDeleteUserPolicy,
|
||||
Action.IamDeleteVirtualMFADevice,
|
||||
Action.IamDetachGroupPolicy,
|
||||
Action.IamDetachRolePolicy,
|
||||
Action.IamDetachUserPolicy,
|
||||
Action.IamEnableMFADevice,
|
||||
Action.IamGenerateCredentialReport,
|
||||
Action.IamGenerateOrganizationsAccessReport,
|
||||
Action.IamGenerateServiceLastAccessedDetails,
|
||||
Action.IamGetAccessKeyLastUsed,
|
||||
Action.IamGetAccountAuthorizationDetails,
|
||||
Action.IamGetAccountPasswordPolicy,
|
||||
Action.IamGetAccountSummary,
|
||||
Action.IamGetContextKeysForCustomPolicy,
|
||||
Action.IamGetContextKeysForPrincipalPolicy,
|
||||
Action.IamGetCredentialReport,
|
||||
Action.IamGetGroup,
|
||||
Action.IamGetGroupPolicy,
|
||||
Action.IamGetInstanceProfile,
|
||||
Action.IamGetLoginProfile,
|
||||
Action.IamGetOpenIDConnectProvider,
|
||||
Action.IamGetOrganizationsAccessReport,
|
||||
Action.IamGetPolicy,
|
||||
Action.IamGetPolicyVersion,
|
||||
Action.IamGetRole,
|
||||
Action.IamGetRolePolicy,
|
||||
Action.IamGetSAMLProvider,
|
||||
Action.IamGetServerCertificate,
|
||||
Action.IamGetServiceLastAccessedDetails,
|
||||
Action.IamGetServiceLastAccessedDetailsWithEntities,
|
||||
Action.IamGetServiceLinkedRoleDeletionStatus,
|
||||
Action.IamGetSSHPublicKey,
|
||||
Action.IamGetUser,
|
||||
Action.IamGetUserPolicy,
|
||||
Action.IamListAccessKeys,
|
||||
Action.IamListAccountAliases,
|
||||
Action.IamListAttachedGroupPolicies,
|
||||
Action.IamListAttachedRolePolicies,
|
||||
Action.IamListAttachedUserPolicies,
|
||||
Action.IamListEntitiesForPolicy,
|
||||
Action.IamListGroupPolicies,
|
||||
Action.IamListGroups,
|
||||
Action.IamListGroupsForUser,
|
||||
Action.IamListInstanceProfiles,
|
||||
Action.IamListInstanceProfilesForRole,
|
||||
Action.IamListInstanceProfileTags,
|
||||
Action.IamListMFADevices,
|
||||
Action.IamListMFADeviceTags,
|
||||
Action.IamListOpenIDConnectProviders,
|
||||
Action.IamListOpenIDConnectProviderTags,
|
||||
Action.IamListPolicies,
|
||||
Action.IamListPoliciesGrantingServiceAccess,
|
||||
Action.IamListPolicyTags,
|
||||
Action.IamListPolicyVersions,
|
||||
Action.IamListRolePolicies,
|
||||
Action.IamListRoles,
|
||||
Action.IamListRoleTags,
|
||||
Action.IamListSAMLProviders,
|
||||
Action.IamListSAMLProviderTags,
|
||||
Action.IamListServerCertificates,
|
||||
Action.IamListServerCertificateTags,
|
||||
Action.IamListServiceSpecificCredentials,
|
||||
Action.IamListSigningCertificates,
|
||||
Action.IamListSSHPublicKeys,
|
||||
Action.IamListUserPolicies,
|
||||
Action.IamListUsers,
|
||||
Action.IamListUserTags,
|
||||
Action.IamListVirtualMFADevices,
|
||||
Action.IamPutGroupPolicy,
|
||||
Action.IamPutRolePermissionsBoundary,
|
||||
Action.IamPutRolePolicy,
|
||||
Action.IamPutUserPermissionsBoundary,
|
||||
Action.IamPutUserPolicy,
|
||||
Action.IamRemoveClientIDFromOpenIDConnectProvider,
|
||||
Action.IamRemoveRoleFromInstanceProfile,
|
||||
Action.IamRemoveUserFromGroup,
|
||||
Action.IamResetServiceSpecificCredential,
|
||||
Action.IamResyncMFADevice,
|
||||
Action.IamSetDefaultPolicyVersion,
|
||||
Action.IamSetSecurityTokenServicePreferences,
|
||||
Action.IamSimulateCustomPolicy,
|
||||
Action.IamSimulatePrincipalPolicy,
|
||||
Action.IamTagInstanceProfile,
|
||||
Action.IamTagMFADevice,
|
||||
Action.IamTagOpenIDConnectProvider,
|
||||
Action.IamTagPolicy,
|
||||
Action.IamTagRole,
|
||||
Action.IamTagSAMLProvider,
|
||||
Action.IamTagServerCertificate,
|
||||
Action.IamTagUser,
|
||||
Action.IamUntagInstanceProfile,
|
||||
Action.IamUntagMFADevice,
|
||||
Action.IamUntagOpenIDConnectProvider,
|
||||
Action.IamUntagPolicy,
|
||||
Action.IamUntagRole,
|
||||
Action.IamUntagSAMLProvider,
|
||||
Action.IamUntagServerCertificate,
|
||||
Action.IamUntagUser,
|
||||
Action.IamUpdateAccessKey,
|
||||
Action.IamUpdateAccountPasswordPolicy,
|
||||
Action.IamUpdateAssumeRolePolicy,
|
||||
Action.IamUpdateGroup,
|
||||
Action.IamUpdateLoginProfile,
|
||||
Action.IamUpdateOpenIDConnectProviderThumbprint,
|
||||
Action.IamUpdateRole,
|
||||
Action.IamUpdateRoleDescription,
|
||||
Action.IamUpdateSAMLProvider,
|
||||
Action.IamUpdateServerCertificate,
|
||||
Action.IamUpdateServiceSpecificCredential,
|
||||
Action.IamUpdateSigningCertificate,
|
||||
Action.IamUpdateSSHPublicKey,
|
||||
Action.IamUpdateUser,
|
||||
Action.IamUploadServerCertificate,
|
||||
Action.IamUploadSigningCertificate,
|
||||
Action.IamUploadSSHPublicKey,
|
||||
]
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
TypeOrmModule.forFeature([IamPolicy, IamRole, IamRolePolicyAttachment]),
|
||||
AwsSharedEntitiesModule,
|
||||
],
|
||||
providers: [
|
||||
...handlers,
|
||||
ExistingActionHandlersProvider(handlers),
|
||||
DefaultActionHandlerProvider(IAMHandlers, Format.Xml, actions),
|
||||
],
|
||||
exports: [IAMHandlers],
|
||||
})
|
||||
export class IamModule {}
|
||||
@@ -1,57 +0,0 @@
|
||||
import { Injectable, NotFoundException } from '@nestjs/common';
|
||||
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import * as Joi from 'joi';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { In, Repository } from 'typeorm';
|
||||
import { IamRole } from './iam-role.entity';
|
||||
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
|
||||
import { IamPolicy } from './iam-policy.entity';
|
||||
import { breakdownArn } from '../util/breakdown-arn';
|
||||
|
||||
type QueryParams = {
|
||||
RoleName: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class ListAttachedRolePoliciesHandler extends AbstractActionHandler<QueryParams> {
|
||||
|
||||
constructor(
|
||||
@InjectRepository(IamRole)
|
||||
private readonly roleRepo: Repository<IamRole>,
|
||||
@InjectRepository(IamPolicy)
|
||||
private readonly policyRepo: Repository<IamPolicy>,
|
||||
@InjectRepository(IamRolePolicyAttachment)
|
||||
private readonly attachmentRepo: Repository<IamRolePolicyAttachment>,
|
||||
) {
|
||||
super();
|
||||
}
|
||||
|
||||
format = Format.Xml;
|
||||
action = Action.IamListAttachedRolePolicies;
|
||||
validator = Joi.object<QueryParams, true>({
|
||||
RoleName: Joi.string().required(),
|
||||
});
|
||||
|
||||
protected async handle({ RoleName }: QueryParams, awsProperties: AwsProperties) {
|
||||
|
||||
const role = await this.roleRepo.findOne({ where: { roleName: RoleName, accountId: awsProperties.accountId } });
|
||||
|
||||
if (!role) {
|
||||
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
|
||||
}
|
||||
|
||||
const attachments = await this.attachmentRepo.find({ where: { roleId: role.id } })
|
||||
const policyIds = attachments.map(({ policyArn }) => breakdownArn(policyArn)).map(({ identifier }) => identifier.split('/')[1]);
|
||||
const policies = await this.policyRepo.find({ where: { name: In(policyIds), isDefault: true } });
|
||||
|
||||
return {
|
||||
AttachedPolicies: {
|
||||
member: [role.assumeRolePolicyDocument, ...policies].map(p => ({
|
||||
PolicyName: p.name,
|
||||
PolicyArn: p.arn,
|
||||
})),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,44 +0,0 @@
|
||||
import { Injectable, NotFoundException } from '@nestjs/common';
|
||||
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
|
||||
import { Action } from '../action.enum';
|
||||
import * as Joi from 'joi';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { IamRole } from './iam-role.entity';
|
||||
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
|
||||
|
||||
type QueryParams = {
|
||||
RoleName: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class ListRolePoliciesHandler extends AbstractActionHandler<QueryParams> {
|
||||
|
||||
constructor(
|
||||
@InjectRepository(IamRole)
|
||||
private readonly roleRepo: Repository<IamRole>,
|
||||
@InjectRepository(IamRolePolicyAttachment)
|
||||
private readonly attachmentRepo: Repository<IamRolePolicyAttachment>,
|
||||
) {
|
||||
super();
|
||||
}
|
||||
|
||||
format = Format.Xml;
|
||||
action = Action.IamListRolePolicies;
|
||||
validator = Joi.object<QueryParams, true>({
|
||||
RoleName: Joi.string().required(),
|
||||
});
|
||||
|
||||
protected async handle({ RoleName }: QueryParams, awsProperties: AwsProperties) {
|
||||
|
||||
const role = await this.roleRepo.findOne({ where: { roleName: RoleName, accountId: awsProperties.accountId } });
|
||||
|
||||
if (!role) {
|
||||
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
|
||||
}
|
||||
|
||||
return {
|
||||
PolicyNames: [],
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user