mbessette
/
local-aws
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: mbessette:main
Branches Tags
mbessette:main
mbessette:prisma_migrate
...
pull from: mbessette:prisma_migrate
Branches Tags
mbessette:prisma_migrate
mbessette:main

7 Commits
main ... prisma_mig

Author SHA1 Message Date
Matthew Bessette d8930a6a30 More refactors, adding wider support 2025-01-17 00:01:59 -05:00
Matthew Bessette da84b6b085 WIP 2025-01-09 20:33:57 -05:00
Matthew Bessette 1dc45267ac Completed kms 2024-12-20 21:18:23 -05:00
Matthew Bessette c34ea76e4e Sts addition, kms updates, context object, improved exception handling 2024-12-20 01:07:33 -05:00
Matthew Bessette 095ecbd643 Migrate SQS to prisma and move queue messages to sqlite 2024-12-18 21:09:01 -05:00
Matthew Bessette 22da8d73d3 Migrates secrets to prisma 2024-12-18 19:31:43 -05:00
Matthew Bessette a7fdedd310 init prisma and migrate sns to prisma 2024-12-18 19:06:42 -05:00
112 changed files with 6940 additions and 9574 deletions
Show Stats Expand all files Collapse all files

2
README.md
View File

@ -33,5 +33,5 @@ abstract-action.handler.ts
* format: the format for output (XML or JSON)
* action: the action the handler is implementing (will be use to key by)
* validator: the Joi validator to be executed to check for required params
* handle(queryParams: T, awsProperties: AwsProperties): Record<string, any> | void
* handle(queryParams: T, { awsProperties} : RequestContext): Record<string, any> | void
* the method that implements the AWS action

4
docker-compose.yml
View File

@ -1,4 +0,0 @@
version: 3.7
services:
s3_provider:
image: minio

6418
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

50
package.json
View File

@ -10,49 +10,29 @@
"test": "jest"
},
"dependencies": {
"@nestjs/common": "^9.3.10",
"@nestjs/config": "^2.3.1",
"@nestjs/core": "^9.3.10",
"@nestjs/platform-express": "^9.3.10",
"@nestjs/typeorm": "^9.0.1",
"@aws-sdk/client-kms": "^3.716.0",
"@nestjs/common": "^10.4.15",
"@nestjs/config": "^3.3.0",
"@nestjs/core": "^10.4.15",
"@nestjs/platform-express": "^10.4.15",
"@prisma/client": "^6.1.0",
"class-transformer": "^0.5.1",
"execa": "^9.5.2",
"joi": "^17.9.0",
"js2xmlparser": "^5.0.0",
"morgan": "^1.10.0",
"rxjs": "^7.8.0",
"sqlite3": "^5.1.6",
"typeorm": "^0.3.12",
"uuidv4": "^6.2.13"
"sqlite3": "^5.1.6"
},
"devDependencies": {
"@aws-sdk/client-sns": "^3.321.1",
"@nestjs/cli": "^9.3.0",
"@nestjs/testing": "^9.4.0",
"@nestjs/cli": "^10.4.9",
"@types/express": "^4.17.17",
"@types/jest": "^29.5.1",
"@types/supertest": "^2.0.12",
"@types/joi": "^17.2.2",
"@types/node": "^22.10.2",
"eslint": "^8.36.0",
"jest": "^29.5.0",
"supertest": "^6.3.3",
"ts-jest": "^29.1.0"
"prisma": "^6.1.0"
},
"jest": {
"globalSetup": "./_jest_/setup.ts",
"globalTeardown": "./_jest_/teardown.ts",
"moduleFileExtensions": [
"js",
"json",
"ts"
],
"rootDir": "src",
"testRegex": ".*\\.*spec\\.ts$",
"transform": {
"^.+\\.(t|j)s$": "ts-jest"
},
"collectCoverageFrom": [
"**/*.(t|j)s"
],
"coverageDirectory": "../coverage",
"testEnvironment": "node"
"engines": {
"node": ">=22.11.0",
"npm": ">=10.9.0"
}
}

3
prisma/migrations/migration_lock.toml Normal file
View File

@ -0,0 +1,3 @@
# Please do not edit this file manually
# It should be added in your version-control system (e.g., Git)
provider = "sqlite"

169
prisma/schema.prisma Normal file
View File

@ -0,0 +1,169 @@
generator client {
provider = "prisma-client-js"
}
datasource db {
provider = "sqlite"
url = "file:local-aws-state.sqlite"
}
model Attribute {
id Int @id @default(autoincrement())
arn String
name String
value String
@@unique([arn, name])
}
model Audit {
id String @id
createdAt DateTime @default(now())
action String?
request String?
response String?
}
model IamRole {
id String @id
path String?
name String
assumeRolePolicy String?
description String?
maxSessionDuration Int?
permissionBoundaryArn String?
lastUsedDate DateTime?
lastUsedRegion String?
accountId String
createdAt DateTime @default(now())
policies IamRoleIamPolicyAttachment[]
@@unique([accountId, name])
}
model IamPolicy {
id String
version Int @default(1)
isDefault Boolean
path String?
name String
description String?
policy String
isAttachable Boolean @default(false)
accountId String
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
@@id([id, version])
@@unique([accountId, path, name])
}
model IamRoleIamPolicyAttachment {
iamRoleId String
iamPolicyId String
role IamRole @relation(fields: [iamRoleId], references: [id])
@@id([iamRoleId, iamPolicyId])
}
model KmsAlias {
name String
accountId String
region String
kmsKeyId String
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
kmsKey KmsKey @relation(fields: [kmsKeyId], references: [id])
@@id([accountId, region, name])
}
model KmsKey {
id String @id
enabled Boolean
usage String
description String
keySpec String
keyState String
origin String
multiRegion Boolean
policy String
key Bytes
rotationPeriod Int?
nextRotation DateTime?
accountId String
region String
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
aliases KmsAlias[]
}
model Secret {
versionId String @id
name String
description String?
secretString String
accountId String
region String
createdAt DateTime @default(now())
deletionDate DateTime?
@@index([name])
}
model SnsTopic {
id Int @id @default(autoincrement())
name String
accountId String
region String
@@unique([accountId, region, name])
}
model SnsTopicSubscription {
id String @id
topicArn String
endpoint String?
protocol String
accountId String
region String
}
model SqsQueue {
id Int @id @default(autoincrement())
name String
accountId String
region String
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
messages SqsQueueMessage[]
@@unique([accountId, region, name])
}
model SqsQueueMessage {
id String @id
queueId Int
senderId String
message String
inFlightRelease DateTime
createdAt DateTime @default(now())
queue SqsQueue @relation(fields: [queueId], references: [id])
@@index([queueId])
}
model Tag {
id Int @id @default(autoincrement())
arn String
name String
value String
@@unique([arn, name])
}

25
src/_context/exception.filter.ts Normal file
View File

@ -0,0 +1,25 @@
import { ArgumentsHost, Catch, ExceptionFilter } from "@nestjs/common";
import { Response } from 'express';
import { AwsException } from "../aws-shared-entities/aws-exceptions";
import { IRequest } from "./request.context";
import { Format } from "../abstract-action.handler";
@Catch(AwsException)
export class AwsExceptionFilter implements ExceptionFilter {
catch(exception: AwsException, host: ArgumentsHost) {
const ctx = host.switchToHttp();
const request = ctx.getRequest<IRequest>();
const response = ctx.getResponse<Response>();
exception.requestId = request.context.requestId;
if (request.context.format === Format.Xml) {
const xml = exception.toXml();
return response.status(exception.statusCode).send(xml);
}
const [newError, newHeaders] = exception.toJson();
response.setHeaders(new Map(Object.entries(newHeaders)));
return response.status(exception.statusCode).json(newError.getResponse());
}
}

21
src/_context/request.context.ts Normal file
View File

@ -0,0 +1,21 @@
import { Request } from "express";
import { Action } from "../action.enum";
import { AwsProperties, Format } from "../abstract-action.handler";
export interface RequestContext {
action?: Action;
format?: Format;
awsProperties: AwsProperties;
readonly requestId: string;
}
export interface IRequest extends Request {
context: RequestContext;
headers: {
'x-amz-target'?: string;
},
body: {
'Action'?: string;
}
}

19
src/_jest_/setup.ts
View File

@ -1,19 +0,0 @@
import { INestApplication } from '@nestjs/common';
import { Test, TestingModule } from '@nestjs/testing';
import { AppModule } from '../app.module';
const globalSetup = async (_globalConfig, _projectConfig) => {
const module: TestingModule = await Test.createTestingModule({
imports: [AppModule],
}).compile();
const app: INestApplication = module.createNestApplication();
await app.listen(4566);
globalThis.__TESTMODULE__ = module;
globalThis.__NESTAPP__ = app;
globalThis.__ENDPOINT__ = 'http://127.0.0.1:4566';
}
export default globalSetup;

8
src/_jest_/teardown.ts
View File

@ -1,8 +0,0 @@
import { INestApplication } from '@nestjs/common';
const globalTeardown = async (_globalConfig, _projectConfig) => {
await (globalThis.__NESTAPP__ as INestApplication).close();
}
export default globalTeardown;

9
src/_prisma/prisma.module.ts Normal file
View File

@ -0,0 +1,9 @@
import { Module } from "@nestjs/common";
import { PrismaService } from "./prisma.service";
@Module({
imports: [],
providers: [PrismaService],
exports: [PrismaService],
})
export class PrismaModule {}

8
src/_prisma/prisma.service.ts Normal file
View File

@ -0,0 +1,8 @@
import { OnModuleInit } from "@nestjs/common";
import { PrismaClient } from "@prisma/client";
export class PrismaService extends PrismaClient implements OnModuleInit {
async onModuleInit() {
await this.$connect();
}
}

26
src/abstract-action.handler.ts
View File

@ -1,6 +1,7 @@
import { randomUUID } from 'crypto';
import { Action } from './action.enum';
import * as uuid from 'uuid';
import * as Joi from 'joi';
import { RequestContext } from './_context/request.context';
export type AwsProperties = {
accountId: string;
@ -17,42 +18,43 @@ export abstract class AbstractActionHandler<T = Record<string, string | number |
audit = true;
abstract format: Format;
abstract action: Action;
abstract action: Action | Action[];
abstract validator: Joi.ObjectSchema<T>;
protected abstract handle(queryParams: T, awsProperties: AwsProperties): Record<string, any> | void;
protected abstract handle(queryParams: T, context: RequestContext): Record<string, any> | void;
async getResponse(queryParams: T, awsProperties: AwsProperties) {
async getResponse(queryParams: T, context: RequestContext) {
if (this.format === Format.Xml) {
return await this.getXmlResponse(queryParams, awsProperties);
return await this.getXmlResponse(queryParams, context);
}
return await this.getJsonResponse(queryParams, awsProperties);
return await this.getJsonResponse(queryParams, context);
}
private async getXmlResponse(queryParams: T, awsProperties: AwsProperties) {
private async getXmlResponse(queryParams: T, context: RequestContext) {
const response = {
'@': {
xmlns: "https://sns.amazonaws.com/doc/2010-03-31/"
},
ResponseMetadata: {
RequestId: uuid.v4(),
RequestId: randomUUID(),
}
}
const result = await this.handle(queryParams, awsProperties);
const result = await this.handle(queryParams, context);
if (!result) {
return response;
}
const action = Array.isArray(this.action) ? this.action[0] : this.action;
return {
[`${this.action}Result`]: {
[`${action}Result`]: {
...result,
}
}
}
private async getJsonResponse(queryParams: T, awsProperties: AwsProperties) {
const result = await this.handle(queryParams, awsProperties);
private async getJsonResponse(queryParams: T, context: RequestContext) {
const result = await this.handle(queryParams, context);
if (result) {
return result;
}

33
src/action.enum.ts
View File

@ -301,4 +301,37 @@ export enum Action {
SqsSetQueueAttributes = 'SetQueueAttributes',
SqsTagQueue = 'TagQueue',
SqsUntagQueue = 'UntagQueue',
// V2 SQS
V2_SqsAddPermisson = 'AmazonSQS.AddPermission',
V2_SqsChangeMessageVisibility = 'AmazonSQS.ChangeMessageVisibility',
V2_SqsChangeMessageVisibilityBatch = 'AmazonSQS.ChangeMessageVisibilityBatch',
V2_SqsCreateQueue = 'AmazonSQS.CreateQueue',
V2_SqsDeleteMessage = 'AmazonSQS.DeleteMessage',
V2_SqsDeleteMessageBatch = 'AmazonSQS.DeleteMessageBatch',
V2_SqsDeleteQueue = 'AmazonSQS.DeleteQueue',
V2_SqsGetQueueAttributes = 'AmazonSQS.GetQueueAttributes',
V2_SqsGetQueueUrl = 'AmazonSQS.GetQueueUrl',
V2_SqsListDeadLetterSourceQueues = 'AmazonSQS.ListDeadLetterSourceQueues',
V2_SqsListQueues = 'AmazonSQS.ListQueues',
V2_SqsListQueueTags = 'AmazonSQS.ListQueueTags',
V2_SqsPurgeQueue = 'AmazonSQS.PurgeQueue',
V2_SqsReceiveMessage = 'AmazonSQS.ReceiveMessage',
V2_SqsRemovePermission = 'AmazonSQS.RemovePermission',
V2_SqsSendMessage = 'AmazonSQS.SendMessage',
V2_SqsSendMessageBatch = 'AmazonSQS.SendMessageBatch',
V2_SqsSetQueueAttributes = 'AmazonSQS.SetQueueAttributes',
V2_SqsTagQueue = 'AmazonSQS.TagQueue',
V2_SqsUntagQueue = 'AmazonSQS.UntagQueue',
// STS
StsAssumeRole = 'AssumeRole',
StsAssumeRoleWithSaml = 'AssumeRoleWithSaml',
StsAssumeRoleWithWebIdentity = 'AssumeRoleWithWebIdentity',
StsAssumeRoot = 'AssumeRoot',
StsDecodeAuthorizationMessage = 'DecodeAuthorizationMessage',
StsGetAccessKeyInfo = 'GetAccessKeyInfo',
StsGetCallerIdentity = 'GetCallerIdentity',
StsGetFederationToken = 'GetFederationToken',
StsGetSessionToken = 'GetSessionToken',
}

43
src/app.controller.ts
View File

@ -1,13 +1,20 @@
import { BadRequestException, Body, Controller, Inject, Post, Headers, Req, HttpCode, UseInterceptors } from '@nestjs/common';
import { ActionHandlers } from './app.constants';
import * as Joi from 'joi';
import { Action } from './action.enum';
import { AbstractActionHandler, Format } from './abstract-action.handler';
import * as js2xmlparser from 'js2xmlparser';
import { BadRequestException, Body, Controller, Headers, HttpCode, Inject, Post, Req, UseInterceptors } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { CommonConfig } from './config/common-config.interface';
import { Request } from 'express';
import * as Joi from 'joi';
import * as js2xmlparser from 'js2xmlparser';
import { AbstractActionHandler, Format } from './abstract-action.handler';
import { Action } from './action.enum';
import { ActionHandlers } from './app.constants';
import { AuditInterceptor } from './audit/audit.interceptor';
import { CommonConfig } from './config/common-config.interface';
import { InvalidAction, ValidationError } from './aws-shared-entities/aws-exceptions';
import { IRequest } from './_context/request.context';
type QueryParams = {
__path: string;
} & Record<string, string>;
@Controller()
export class AppController {
@ -22,7 +29,7 @@ export class AppController {
@HttpCode(200)
@UseInterceptors(AuditInterceptor)
async post(
@Req() request: Request,
@Req() request: IRequest,
@Body() body: Record<string, any>,
@Headers() headers: Record<string, any>,
) {
@ -30,35 +37,31 @@ export class AppController {
const lowerCasedHeaders = Object.keys(headers).reduce((o, k) => {
o[k.toLocaleLowerCase()] = headers[k];
return o;
}, {})
}, {} as Record<string, string>)
const queryParams = { __path: request.path, ...body, ...lowerCasedHeaders };
const queryParams: QueryParams = { __path: request.path, ...body, ...lowerCasedHeaders };
const actionKey = queryParams['x-amz-target'] ? 'x-amz-target' : 'Action';
const { error: actionError } = Joi.object({
[actionKey]: Joi.string().valid(...Object.values(Action)).required(),
}).validate(queryParams, { allowUnknown: true });
if (actionError) {
throw new BadRequestException(actionError.message, { cause: actionError });
throw new InvalidAction(actionError.message);
}
const action = queryParams[actionKey];
const action = queryParams[actionKey] as Action;
const handler: AbstractActionHandler = this.actionHandlers[action];
const { error: validatorError, value: validQueryParams } = handler.validator.validate(queryParams, { allowUnknown: true, abortEarly: false });
if (validatorError) {
throw new BadRequestException(validatorError.message, { cause: validatorError });
throw new ValidationError(validatorError.message);
}
const awsProperties = {
accountId: this.configService.get('AWS_ACCOUNT_ID'),
region: this.configService.get('AWS_REGION'),
host: `${this.configService.get('PROTO')}://${this.configService.get('HOST')}:${this.configService.get('PORT')}`,
};
const jsonResponse = await handler.getResponse(validQueryParams, request.context);
const jsonResponse = await handler.getResponse(validQueryParams, awsProperties);
if (handler.format === Format.Xml) {
return js2xmlparser.parse(`${handler.action}Response`, jsonResponse);
const action = Array.isArray(handler.action) ? handler.action[0] : handler.action;
return js2xmlparser.parse(`${action}Response`, jsonResponse);
}
return jsonResponse;
}

48
src/app.module.ts
View File

@ -1,22 +1,22 @@
import { Module } from '@nestjs/common';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { TypeOrmModule } from '@nestjs/typeorm';
import { ConfigModule } from '@nestjs/config';
import { ActionHandlers } from './app.constants';
import { CommonConfig } from './config/common-config.interface';
import { AppController } from './app.controller';
import { AuditInterceptor } from './audit/audit.interceptor';
import { AwsSharedEntitiesModule } from './aws-shared-entities/aws-shared-entities.module';
import localConfig from './config/local.config';
import { KMSHandlers } from './kms/kms.constants';
import { KmsModule } from './kms/kms.module';
import { SecretsManagerHandlers } from './secrets-manager/secrets-manager.constants';
import { SecretsManagerModule } from './secrets-manager/secrets-manager.module';
import { SnsHandlers } from './sns/sns.constants';
import { SnsModule } from './sns/sns.module';
import { AppController } from './app.controller';
import { AwsSharedEntitiesModule } from './aws-shared-entities/aws-shared-entities.module';
import { SecretsManagerModule } from './secrets-manager/secrets-manager.module';
import { SecretsManagerHandlers } from './secrets-manager/secrets-manager.constants';
import { SqsModule } from './sqs/sqs.module';
import { SqsHandlers } from './sqs/sqs.constants';
import { Audit } from './audit/audit.entity';
import { AuditInterceptor } from './audit/audit.interceptor';
import { KmsModule } from './kms/kms.module';
import { KMSHandlers } from './kms/kms.constants';
import { configValidator } from './config/config.validator';
import { SqsModule } from './sqs/sqs.module';
import { PrismaModule } from './_prisma/prisma.module';
import { StsModule } from './sts/sts.module';
import { StsHandlers } from './sts/sts.constants';
import { IamModule } from './iam/iam.module';
import { IAMHandlers } from './iam/iam.constants';
@ -26,23 +26,14 @@ import { IAMHandlers } from './iam/iam.constants';
load: [localConfig],
isGlobal: true,
}),
TypeOrmModule.forRootAsync({
inject: [ConfigService],
useFactory: (configService: ConfigService<CommonConfig>) => ({
type: 'sqlite',
database: configService.get('DB_DATABASE') === ':memory:' ? configService.get('DB_DATABASE') : `${__dirname}/../data/${configService.get('DB_DATABASE')}`,
logging: configService.get('DB_LOGGING'),
synchronize: configService.get('DB_SYNCHRONIZE'),
entities: [__dirname + '/**/*.entity{.ts,.js}'],
}),
}),
TypeOrmModule.forFeature([Audit]),
PrismaModule,
AwsSharedEntitiesModule,
IamModule,
KmsModule,
SecretsManagerModule,
SnsModule,
SqsModule,
AwsSharedEntitiesModule,
StsModule,
],
controllers: [
AppController,
@ -53,11 +44,12 @@ import { IAMHandlers } from './iam/iam.constants';
provide: ActionHandlers,
useFactory: (...args) => args.reduce((m, hs) => ({ ...m, ...hs }), {}),
inject: [
IAMHandlers,
KMSHandlers,
SecretsManagerHandlers,
SnsHandlers,
SqsHandlers,
SecretsManagerHandlers,
KMSHandlers,
IAMHandlers,
StsHandlers,
],
},
],

11
src/audit/audit.controller.ts Normal file
View File

@ -0,0 +1,11 @@
import { Controller } from "@nestjs/common";
import { AuditService } from "./audit.service";
@Controller('_audit')
export class AuditController {
constructor(
private readonly auditService: AuditService,
) {}
}

20
src/audit/audit.entity.ts
View File

@ -1,20 +0,0 @@
import { BaseEntity, Column, CreateDateColumn, Entity, PrimaryColumn } from 'typeorm';
@Entity('audit')
export class Audit extends BaseEntity {
@PrimaryColumn()
id: string;
@CreateDateColumn()
createdAt: string;
@Column({ nullable: true })
action: string;
@Column({ nullable: true })
request: string;
@Column({ nullable: true })
response: string;
}

121
src/audit/audit.interceptor.ts
View File

@ -1,55 +1,110 @@
import { CallHandler, ExecutionContext, Inject, Injectable, NestInterceptor } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Observable, tap } from 'rxjs';
import { Repository } from 'typeorm';
import { Audit } from './audit.entity';
import * as uuid from 'uuid';
import { CallHandler, ExecutionContext, HttpException, Inject, Injectable, Logger, NestInterceptor, RequestTimeoutException } from '@nestjs/common';
import { randomUUID } from 'crypto';
import { catchError, Observable, tap, throwError } from 'rxjs';
import { Request as ExpressRequest, Response } from 'express';
import * as Joi from 'joi';
import { PrismaService } from '../_prisma/prisma.service';
import { ActionHandlers } from '../app.constants';
import { Action } from '../action.enum';
import { Format } from '../abstract-action.handler';
import { AwsException, InternalFailure } from '../aws-shared-entities/aws-exceptions';
import { IRequest, RequestContext } from '../_context/request.context';
import { ConfigService } from '@nestjs/config';
@Injectable()
export class AuditInterceptor<T> implements NestInterceptor<T, Response> {
private readonly logger = new Logger(AuditInterceptor.name);
constructor(
@InjectRepository(Audit)
private readonly auditRepo: Repository<Audit>,
@Inject(ActionHandlers)
private readonly handlers: ActionHandlers,
private readonly prismaService: PrismaService,
private readonly configService: ConfigService,
) {}
intercept(context: ExecutionContext, next: CallHandler<T>): Observable<any> {
const awsProperties = {
accountId: this.configService.get('AWS_ACCOUNT_ID'),
region: this.configService.get('AWS_REGION'),
host: `${this.configService.get('PROTO')}://${this.configService.get('HOST')}:${this.configService.get('PORT')}`,
};
const requestId = uuid.v4();
const httpContext = context.switchToHttp();
const request = httpContext.getRequest();
const targetHeaderKey = Object.keys(request.headers).find( k => k.toLocaleLowerCase() === 'x-amz-target');
const action = request.headers[targetHeaderKey] ? request.headers[targetHeaderKey] : request.body.Action;
const response = context.switchToHttp().getResponse();
response.header('x-amzn-RequestId', requestId);
if (!this.handlers[action]?.audit) {
return next.handle();
const requestContext: RequestContext = {
requestId: randomUUID(),
awsProperties,
}
const httpContext = context.switchToHttp();
const request = httpContext.getRequest<IRequest>();
request.context = requestContext;
const hasTargetHeader = Object.keys(request.headers).some( k => k.toLocaleLowerCase() === 'x-amz-target');
const action = hasTargetHeader ? request.headers['x-amz-target'] : request.body.Action;
const { value: resolvedAction } = Joi.string().required().valid(...Object.values(Action)).validate(action) as { value: Action | undefined };
requestContext.action = resolvedAction;
const response = context.switchToHttp().getResponse<Response>();
response.header('x-amzn-RequestId', requestContext.requestId);
if (!resolvedAction || !this.handlers[resolvedAction]?.audit) {
return next.handle().pipe(
catchError(async (error: Error) => {
await this.prismaService.audit.create({
data: {
id: requestContext.requestId,
action,
request: JSON.stringify({ __path: request.path, ...request.headers, ...request.body }),
response: JSON.stringify(error),
}
});
this.logger.error(error.message);
return error;
})
);
}
const handler = this.handlers[resolvedAction];
requestContext.format = handler.format;
return next.handle().pipe(
catchError((error: Error) => {
return throwError(() => {
if (error instanceof AwsException) {
return error;
}
const defaultError = new InternalFailure('Unexpected local AWS exception...');
this.logger.error(error.message);
defaultError.requestId = requestContext.requestId;
return defaultError;
});
}),
tap({
next: async (data) => await this.auditRepo.create({
id: requestId,
action,
request: JSON.stringify({ __path: request.path, ...request.headers, ...request.body }),
response: JSON.stringify(data),
}).save(),
next: async (data) => await this.prismaService.audit.create({
data: {
id: requestContext.requestId,
action,
request: JSON.stringify({ __path: request.path, ...request.headers, ...request.body }),
response: JSON.stringify(data),
}
}),
error: async (error) => await this.auditRepo.create({
id: requestId,
action,
request: JSON.stringify({ __path: request.path, ...request.headers, ...request.body }),
response: JSON.stringify(error),
}).save(),
error: async (error) => await this.prismaService.audit.create({
data: {
id: requestContext.requestId,
action,
request: JSON.stringify({ __path: request.path, ...request.headers, ...request.body }),
response: JSON.stringify(error),
}
}),
})
);
}

12
src/audit/audit.module.ts Normal file
View File

@ -0,0 +1,12 @@
import { Module } from "@nestjs/common";
import { PrismaModule } from "../_prisma/prisma.module";
import { AuditController } from "./audit.controller";
import { AuditInterceptor } from "./audit.interceptor";
@Module({
imports: [PrismaModule],
controllers: [AuditController],
providers: [AuditInterceptor],
})
export class AuditModule {}

14
src/audit/audit.service.ts Normal file
View File

@ -0,0 +1,14 @@
import { Injectable } from "@nestjs/common";
import { PrismaService } from "../_prisma/prisma.service";
@Injectable()
export class AuditService {
constructor(
private readonly prismaService: PrismaService,
) {}
}

18
src/aws-shared-entities/attributes.entity.ts
View File

@ -1,18 +0,0 @@
import { BaseEntity, Column, Entity, Index, PrimaryColumn, PrimaryGeneratedColumn } from 'typeorm';
@Entity('attributes')
export class Attribute extends BaseEntity {
@PrimaryGeneratedColumn({ name: 'id' })
id: string;
@Column({ name: 'arn', nullable: false })
@Index()
arn: string;
@Column({ name: 'name', nullable: false })
name: string;
@Column({ name: 'value', nullable: false })
value: string;
}

67
src/aws-shared-entities/attributes.service.ts
View File

@ -1,8 +1,8 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { In, Repository } from 'typeorm';
import { Attribute } from './attributes.entity';
import { CreateAttributeDto } from './create-attribute.dto';
import { Attribute, Prisma } from '@prisma/client';
import { PrismaService } from '../_prisma/prisma.service';
import { breakdownAwsQueryParam } from '../util/breakdown-aws-query-param';
const ResourcePolicyName = 'ResourcePolicy';
@ -10,62 +10,75 @@ const ResourcePolicyName = 'ResourcePolicy';
export class AttributesService {
constructor(
@InjectRepository(Attribute)
private readonly repo: Repository<Attribute>,
private readonly prismaService: PrismaService,
) {}
async getByArn(arn: string): Promise<Attribute[]> {
return await this.repo.find({ where: { arn }});
return await this.prismaService.attribute.findMany({ where: { arn }});
}
async getResourcePolicyByArn(arn: string): Promise<Attribute> {
return await this.repo.findOne({ where: { arn, name: ResourcePolicyName }});
async getResourcePolicyByArn(arn: string): Promise<Attribute | null> {
return await this.prismaService.attribute.findFirst({ where: { arn, name: ResourcePolicyName }});
}
async getByArnAndName(arn: string, name: string): Promise<Attribute> {
return await this.repo.findOne({ where: { arn, name }});
async getByArnAndName(arn: string, name: string): Promise<Attribute | null> {
return await this.prismaService.attribute.findFirst({ where: { arn, name }});
}
async getByArnAndNames(arn: string, names: string[]): Promise<Attribute[]> {
return await this.repo.find({ where: { arn, name: In(names) }});
return await this.prismaService.attribute.findMany({ where: {
arn,
name: {
in: names
}
}});
}
async createResourcePolicy(arn: string, value: string): Promise<Attribute> {
return await this.create({arn, value, name: ResourcePolicyName });
}
async create(dto: CreateAttributeDto): Promise<Attribute> {
return await this.repo.save(dto);
async create(data: Prisma.AttributeCreateArgs['data']): Promise<Attribute> {
return await this.prismaService.attribute.create({ data });
}
async deleteByArn(arn: string) {
await this.repo.delete({ arn });
async deleteByArn(arn: string): Promise<void> {
await this.prismaService.attribute.deleteMany({ where: { arn } });
}
async deleteByArnAndName(arn: string, name: string) {
await this.repo.delete({ arn, name });
async deleteByArnAndName(arn: string, name: string): Promise<void> {
await this.prismaService.attribute.deleteMany({ where: { arn, name } });
}
async createMany(arn: string, records: { key: string, value: string }[]): Promise<void> {
for (const record of records) {
await this.create({ arn, name: record.key, value: record.value });
}
await this.prismaService.attribute.createMany({
data: records.map(r => ({
name: r.key,
value: r.value,
arn,
}))
});
}
static attributePairs(queryParams: Record<string, string>): { key: string, value: string }[] {
const pairs = [null];
const pairs: { key: string, value: string }[] = [];
for (const param of Object.keys(queryParams)) {
const [type, _, idx, slot] = param.split('.');
const components = breakdownAwsQueryParam(param);
if (!components) {
continue;
}
const [type, _, idx, slot] = components;
if (type === 'Attributes') {
if (!pairs[+idx]) {
pairs[+idx] = { key: '', value: ''};
if (!pairs[idx]) {
pairs[idx] = { key: '', value: ''};
}
pairs[+idx][slot] = queryParams[param];
pairs[idx][slot] = queryParams[param];
}
}
pairs.shift();
return pairs;
}

194
src/aws-shared-entities/aws-exceptions.ts Normal file
View File

@ -0,0 +1,194 @@
import { HttpException, HttpStatus } from "@nestjs/common";
import { randomUUID } from "crypto";
import * as js2xmlparser from 'js2xmlparser';
export abstract class AwsException {
requestId: string = randomUUID();
constructor(
readonly message: string,
readonly errorType: string,
readonly statusCode: HttpStatus,
) {}
toXml(): string {
return js2xmlparser.parse(`ErrorResponse`, {
RequestId: this.requestId,
Error: {
Code: this.errorType,
Message: this.message,
}
});
}
toJson(): [HttpException, Record<string, string>] {
return [
new HttpException({
message: this.message,
__type: this.errorType,
}, this.statusCode),
{
'Server': 'NestJS/local-aws',
'X-Amzn-Errortype': this.errorType,
'x-amzn-requestid': this.requestId,
}
];
}
}
export class AccessDeniedException extends AwsException {
constructor(message: string) {
super(
message,
AccessDeniedException.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class IncompleteSignature extends AwsException {
constructor(message: string) {
super(
message,
IncompleteSignature.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class InternalFailure extends AwsException {
constructor(message: string) {
super(
message,
InternalFailure.name,
HttpStatus.INTERNAL_SERVER_ERROR,
)
}
}
export class InvalidAction extends AwsException {
constructor(message: string) {
super(
message,
InvalidAction.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class InvalidClientTokenId extends AwsException {
constructor(message: string) {
super(
message,
InvalidClientTokenId.name,
HttpStatus.FORBIDDEN,
)
}
}
export class NotAuthorized extends AwsException {
constructor(message: string) {
super(
message,
NotAuthorized.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class OptInRequired extends AwsException {
constructor(message: string) {
super(
message,
OptInRequired.name,
HttpStatus.FORBIDDEN,
)
}
}
export class RequestExpired extends AwsException {
constructor(message: string) {
super(
message,
RequestExpired.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class ServiceUnavailable extends AwsException {
constructor(message: string) {
super(
message,
ServiceUnavailable.name,
HttpStatus.SERVICE_UNAVAILABLE,
)
}
}
export class ThrottlingException extends AwsException {
constructor(message: string) {
super(
message,
ThrottlingException.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class ValidationError extends AwsException {
constructor(message: string) {
super(
message,
ValidationError.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class NotFoundException extends AwsException {
constructor() {
super(
'The request was rejected because the specified entity or resource could not be found.',
NotFoundException.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class InvalidArnException extends AwsException {
constructor(message: string) {
super(
message,
InvalidArnException.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class UnsupportedOperationException extends AwsException {
constructor(message: string) {
super(
message,
UnsupportedOperationException.name,
HttpStatus.BAD_REQUEST,
)
}
}
export class EntityAlreadyExists extends AwsException {
constructor(message: string) {
super(
message,
EntityAlreadyExists.name,
HttpStatus.CONFLICT,
)
}
}
export class NoSuchEntity extends AwsException {
constructor() {
super(
'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.',
NoSuchEntity.name,
HttpStatus.NOT_FOUND,
)
}
}
export class QueueNameExists extends AwsException {
constructor() {
super(
'A queue with this name already exists. Amazon SQS returns this error only if the request includes attributes whose values differ from those of the existing queue.',
QueueNameExists.name,
HttpStatus.BAD_REQUEST,
)
}
}

7
src/aws-shared-entities/aws-shared-entities.module.ts
View File

@ -1,12 +1,11 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { Attribute } from './attributes.entity';
import { AttributesService } from './attributes.service';
import { Tag } from './tags.entity';
import { TagsService } from './tags.service';
import { PrismaModule } from '../_prisma/prisma.module';
@Module({
imports: [TypeOrmModule.forFeature([Attribute, Tag])],
imports: [PrismaModule],
providers: [AttributesService, TagsService],
exports: [AttributesService, TagsService],
})

5
src/aws-shared-entities/create-attribute.dto.ts
View File

@ -1,5 +0,0 @@
export interface CreateAttributeDto {
arn: string;
name: string;
value: string;
}

5
src/aws-shared-entities/create-tag.dto.ts
View File

@ -1,5 +0,0 @@
export interface CreateTagDto {
arn: string;
name: string;
value: string;
}

18
src/aws-shared-entities/tags.entity.ts
View File

@ -1,18 +0,0 @@
import { BaseEntity, Column, Entity, Index, PrimaryColumn, PrimaryGeneratedColumn } from 'typeorm';
@Entity('tags')
export class Tag extends BaseEntity {
@PrimaryGeneratedColumn({ name: 'id' })
id: string;
@Column({ name: 'arn', nullable: false})
@Index()
arn: string;
@Column({ name: 'name', nullable: false })
name: string;
@Column({ name: 'value', nullable: false })
value: string;
}

52
src/aws-shared-entities/tags.service.ts
View File

@ -1,53 +1,61 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { Tag } from './tags.entity';
import { CreateTagDto } from './create-tag.dto';
import { Prisma, Tag } from '@prisma/client';
import { PrismaService } from '../_prisma/prisma.service';
import { breakdownAwsQueryParam } from '../util/breakdown-aws-query-param';
@Injectable()
export class TagsService {
constructor(
@InjectRepository(Tag)
private readonly repo: Repository<Tag>,
private readonly prismaService: PrismaService,
) {}
async getByArn(arn: string): Promise<Tag[]> {
return await this.repo.find({ where: { arn }});
return await this.prismaService.tag.findMany({ where: { arn }});
}
async create(dto: CreateTagDto): Promise<Tag> {
return await this.repo.save(dto);
async create(data: Prisma.TagCreateArgs['data']): Promise<Tag> {
return await this.prismaService.tag.create({ data })
}
async createMany(arn: string, records: { Key: string, Value: string }[]): Promise<void> {
for (const record of records) {
await this.create({ arn, name: record.Key, value: record.Value });
}
async createMany(arn: string, records: { key: string, value: string }[]): Promise<void> {
await this.prismaService.tag.createMany({
data: records.map(r => ({
name: r.key,
value: r.value,
arn,
}))
});
}
async deleteByArn(arn: string) {
await this.repo.delete({ arn });
async deleteByArn(arn: string): Promise<void> {
await this.prismaService.tag.deleteMany({ where: { arn } });
}
async deleteByArnAndName(arn: string, name: string) {
await this.repo.delete({ arn, name });
async deleteByArnAndName(arn: string, name: string): Promise<void> {
await this.prismaService.tag.deleteMany({ where: { arn, name } });
}
static tagPairs(queryParams: Record<string, string>): { Key: string, Value: string }[] {
const pairs = [null];
static tagPairs(queryParams: Record<string, any>): { key: string, value: string }[] {
const pairs: { key: string, value: string }[] = [];
for (const param of Object.keys(queryParams)) {
const [type, _, idx, slot] = param.split('.');
const components = breakdownAwsQueryParam(param);
if (!components) {
return [];
}
const [type, _, idx, slot] = components;
if (type === 'Tags') {
if (!pairs[+idx]) {
pairs[+idx] = { Key: '', Value: ''};
pairs[+idx] = { key: '', value: ''};
}
pairs[+idx][slot] = queryParams[param];
}
}
pairs.shift();
return pairs;
}

4
src/default-action-handler/default-action-handler.provider.ts
View File

@ -1,10 +1,10 @@
import { Provider } from '@nestjs/common';
import { InjectionToken, Provider } from '@nestjs/common';
import { Action } from '../action.enum';
import { ExistingActionHandlers } from './default-action-handler.constants';
import * as Joi from 'joi';
import { AbstractActionHandler, Format } from '../abstract-action.handler';
export const DefaultActionHandlerProvider = (symbol, format: Format, actions: Action[]): Provider => ({
export const DefaultActionHandlerProvider = (symbol: InjectionToken, format: Format, actions: Action[]): Provider => ({
provide: symbol,
useFactory: (existingActionHandlers: ExistingActionHandlers) => {
const cloned = { ...existingActionHandlers };

16
src/default-action-handler/existing-action-handlers.provider.ts
View File

@ -1,12 +1,22 @@
import { Provider } from '@nestjs/common';
import { InjectionToken, OptionalFactoryDependency, Provider } from '@nestjs/common';
import { AbstractActionHandler } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { ExistingActionHandlers } from './default-action-handler.constants';
export const ExistingActionHandlersProvider = (inject): Provider => ({
export const ExistingActionHandlersProvider = (inject: Array<InjectionToken | OptionalFactoryDependency>): Provider => ({
provide: ExistingActionHandlers,
useFactory: (...args: AbstractActionHandler[]) => args.reduce((m, h) => {
if (Array.isArray(h.action)) {
for (const action of h.action) {
m[action] = h;
}
return m;
}
m[h.action] = h;
return m;
}, {}),
}, {} as Record<Action, AbstractActionHandler>),
inject,
});

28
src/iam/attach-role-policy.handler.ts
View File

@ -2,12 +2,8 @@ import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as uuid from 'uuid';
import { IamPolicy } from './iam-policy.entity';
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
import { IamRole } from './iam-role.entity';
import { IamService } from './iam.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
PolicyArn: string;
@ -18,10 +14,7 @@ type QueryParams = {
export class AttachRolePolicyHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(IamRole)
private readonly roleRepo: Repository<IamRole>,
@InjectRepository(IamRolePolicyAttachment)
private readonly attachRepo: Repository<IamRolePolicyAttachment>,
private readonly iamService: IamService,
) {
super();
}
@ -33,15 +26,12 @@ export class AttachRolePolicyHandler extends AbstractActionHandler<QueryParams>
RoleName: Joi.string().required(),
});
protected async handle({ PolicyArn, RoleName }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ PolicyArn, RoleName }: QueryParams, context: RequestContext) {
const role = await this.roleRepo.findOne({ where: { roleName: RoleName, accountId: awsProperties.accountId} });
await this.attachRepo.create({
id: uuid.v4(),
policyArn: PolicyArn,
roleId: role.id,
accountId: awsProperties.accountId,
}).save();
await this.iamService.attachPolicyToRoleName(
context.awsProperties.accountId,
PolicyArn,
RoleName
);
}
}

32
src/iam/create-policy-version.handler.ts
View File

@ -2,11 +2,9 @@ import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as uuid from 'uuid';
import { IamPolicy } from './iam-policy.entity';
import { breakdownArn } from '../util/breakdown-arn';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
PolicyArn: string;
@ -18,8 +16,6 @@ type QueryParams = {
export class CreatePolicyVersionHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(IamPolicy)
private readonly policyRepo: Repository<IamPolicy>,
) {
super();
}
@ -32,31 +28,9 @@ export class CreatePolicyVersionHandler extends AbstractActionHandler<QueryParam
SetAsDefault: Joi.boolean().required(),
});
protected async handle({ PolicyArn, PolicyDocument, SetAsDefault }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ PolicyArn, PolicyDocument, SetAsDefault }: QueryParams, { awsProperties} : RequestContext) {
const { identifier, accountId } = breakdownArn(PolicyArn);
const [_policy, name] = identifier.split('/');
const currentPolicy = await this.policyRepo.findOne({ where: { accountId, name, isDefault: true } });
if (SetAsDefault) {
await this.policyRepo.update({ accountId, name }, { isDefault: false })
}
const policy = await this.policyRepo.create({
id: uuid.v4(),
name: name,
isDefault: SetAsDefault,
version: currentPolicy.version + 1,
document: PolicyDocument,
accountId: awsProperties.accountId,
}).save();
return {
PolicyVersion: {
IsDefaultVersion: policy.isDefault,
VersionId: `v${policy.version}`,
CreateDate: new Date(policy.createdAt).toISOString(),
}
}
}
}

57
src/iam/create-policy.handler.ts
View File

@ -1,23 +1,25 @@
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { AbstractActionHandler, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as uuid from 'uuid';
import { IamPolicy } from './iam-policy.entity';
import { IamService } from './iam.service';
import { TagsService } from '../aws-shared-entities/tags.service';
import { randomUUID } from 'crypto';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
PolicyName: string;
Description: string;
Path: string;
PolicyDocument: string;
}
PolicyName: string;
} & Record<string, string>;
@Injectable()
export class CreatePolicyHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(IamPolicy)
private readonly policyRepo: Repository<IamPolicy>,
private readonly iamService: IamService,
private readonly tagsService: TagsService,
) {
super();
}
@ -25,30 +27,29 @@ export class CreatePolicyHandler extends AbstractActionHandler<QueryParams> {
format = Format.Xml;
action = Action.IamCreatePolicy;
validator = Joi.object<QueryParams, true>({
PolicyName: Joi.string().required(),
PolicyDocument: Joi.string().required(),
Description: Joi.string().max(1000).allow(null, '').default(null),
Path: Joi.string().min(1).max(512).default(null).regex(new RegExp(`((/[A-Za-z0-9\.,\+@=_-]+)*)/`)),
PolicyDocument: Joi.string().min(1).max(131072).required(),
PolicyName: Joi.string().min(1).max(128).required(),
});
protected async handle({ PolicyName, PolicyDocument }: QueryParams, awsProperties: AwsProperties) {
protected async handle(params: QueryParams, context: RequestContext) {
const policy = await this.policyRepo.create({
id: uuid.v4(),
const { Description, Path, PolicyName, PolicyDocument } = params;
const policy = await this.iamService.createPolicy({
id: randomUUID(),
version: 1,
isDefault: true,
name: PolicyName,
document: PolicyDocument,
accountId: awsProperties.accountId,
}).save();
path: Path,
description: Description,
policy: PolicyDocument,
accountId: context.awsProperties.accountId,
});
return {
Policy: {
PolicyName: policy.name,
DefaultVersionId: policy.version,
PolicyId: policy.id,
Path: '/',
Arn: policy.arn,
AttachmentCount: 0,
CreateDate: new Date(policy.createdAt).toISOString(),
UpdateDate: new Date(policy.updatedAt).toISOString(),
}
}
Policy: policy.metadata
};
}
}

49
src/iam/create-role.handler.ts
View File

@ -2,61 +2,48 @@ import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { IamRole } from './iam-role.entity';
import * as uuid from 'uuid';
import { IamPolicy } from './iam-policy.entity';
import { IamService } from './iam.service';
import { randomUUID } from 'crypto';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
RoleName: string;
Path: string;
AssumeRolePolicyDocument: string;
MaxSessionDuration: number;
Description: string;
}
@Injectable()
export class CreateRoleHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(IamRole)
private readonly roleRepo: Repository<IamRole>,
@InjectRepository(IamPolicy)
private readonly policyRepo: Repository<IamPolicy>,
private readonly iamService: IamService,
) {
super();
}
format = Format.Xml;
action = Action.IamCreateRole;
validator = Joi.object<QueryParams, true>({
RoleName: Joi.string().required(),
Path: Joi.string().required(),
AssumeRolePolicyDocument: Joi.string().required(),
MaxSessionDuration: Joi.number().default(3600),
validator = Joi.object<QueryParams, true>({
AssumeRolePolicyDocument: Joi.string().min(1).max(131072).required(),
Description: Joi.string().max(1000).allow(null, '').default(null),
MaxSessionDuration: Joi.number().min(3600).max(43200).default(3600),
Path: Joi.string().min(1).max(512).required(),
RoleName: Joi.string().min(1).max(64).required(),
});
protected async handle({ RoleName, Path, AssumeRolePolicyDocument, MaxSessionDuration }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ RoleName, Path, AssumeRolePolicyDocument, MaxSessionDuration, Description }: QueryParams, { awsProperties} : RequestContext) {
const policy = await this.policyRepo.create({
id: uuid.v4(),
name: `${RoleName}-AssumeRolePolicyDocument`,
document: AssumeRolePolicyDocument,
const role = await this.iamService.createRole({
id: randomUUID(),
accountId: awsProperties.accountId,
}).save();
const id = uuid.v4();
await this.roleRepo.create({
id,
roleName: RoleName,
name: RoleName,
path: Path,
accountId: awsProperties.accountId,
assumeRolePolicyDocumentId: policy.id,
assumeRolePolicy: AssumeRolePolicyDocument,
maxSessionDuration: MaxSessionDuration,
}).save();
const role = await this.roleRepo.findOne({ where: { id }});
description: Description,
});
return {
Role: role.metadata,

31
src/iam/delete-role.handler.ts Normal file
View File

@ -0,0 +1,31 @@
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { IamService } from './iam.service';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
RoleName: string;
}
@Injectable()
export class DeleteRoleHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly iamService: IamService,
) {
super();
}
format = Format.Xml;
action = Action.IamDeleteRole;
validator = Joi.object<QueryParams, true>({
RoleName: Joi.string().min(1).max(64).required(),
});
protected async handle({ RoleName }: QueryParams, { awsProperties} : RequestContext) {
await this.iamService.deleteRoleByName(awsProperties.accountId, RoleName);
}
}

34
src/iam/get-policy-version.handler.ts
View File

@ -1,12 +1,9 @@
import { Injectable, NotFoundException, Version } from '@nestjs/common';
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { IamPolicy } from './iam-policy.entity';
import { breakdownArn } from '../util/breakdown-arn';
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
import { RequestContext } from '../_context/request.context';
import { IamService } from './iam.service';
type QueryParams = {
PolicyArn: string;
@ -17,10 +14,7 @@ type QueryParams = {
export class GetPolicyVersionHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(IamPolicy)
private readonly policyRepo: Repository<IamPolicy>,
@InjectRepository(IamRolePolicyAttachment)
private readonly attachmentRepo: Repository<IamRolePolicyAttachment>,
private readonly iamService: IamService,
) {
super();
}
@ -32,22 +26,16 @@ export class GetPolicyVersionHandler extends AbstractActionHandler<QueryParams>
VersionId: Joi.string().required(),
});
protected async handle({ PolicyArn, VersionId }: QueryParams, awsProperties: AwsProperties) {
const { identifier, accountId } = breakdownArn(PolicyArn);
const [_policy, name] = identifier.split('/');
const policy = await this.policyRepo.findOne({ where: { name, accountId, version: +VersionId }});
if (!policy) {
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
}
protected async handle({ PolicyArn, VersionId }: QueryParams, { awsProperties} : RequestContext) {
const maybeVersion = Number(VersionId);
const version = Number.isNaN(maybeVersion) ? Number(VersionId.toLowerCase().split('v')[1]) : Number(maybeVersion);
const policy = await this.iamService.getPolicyByArnAndVersion(PolicyArn, version);
return {
PolicyVersion: {
Document: policy.document,
Document: policy.policy,
IsDefaultVersion: policy.isDefault,
VersionId: `${policy.version}`,
CreateDate: new Date(policy.createdAt).toISOString(),
VersionId: policy.version,
CreateDate: policy.createdAt.toISOString(),
}
}
}

39
src/iam/get-policy.handler.ts
View File

@ -1,12 +1,9 @@
import { Injectable, NotFoundException } from '@nestjs/common';
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { IamPolicy } from './iam-policy.entity';
import { breakdownArn } from '../util/breakdown-arn';
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
import { RequestContext } from '../_context/request.context';
import { IamService } from './iam.service';
type QueryParams = {
PolicyArn: string;
@ -16,10 +13,7 @@ type QueryParams = {
export class GetPolicyHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(IamPolicy)
private readonly policyRepo: Repository<IamPolicy>,
@InjectRepository(IamRolePolicyAttachment)
private readonly attachmentRepo: Repository<IamRolePolicyAttachment>,
private readonly iamService: IamService,
) {
super();
}
@ -30,29 +24,10 @@ export class GetPolicyHandler extends AbstractActionHandler<QueryParams> {
PolicyArn: Joi.string().required(),
});
protected async handle({ PolicyArn }: QueryParams, awsProperties: AwsProperties) {
const { identifier, accountId } = breakdownArn(PolicyArn);
const [_policy, name] = identifier.split('/');
const policy = await this.policyRepo.findOne({ where: { name, accountId, isDefault: true }});
if (!policy) {
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
}
const attachmentCount = await this.attachmentRepo.count({ where: { policyArn: policy.arn } });
protected async handle({ PolicyArn }: QueryParams, { awsProperties} : RequestContext) {
const policy = await this.iamService.getPolicyByArn(PolicyArn);
return {
Policy: {
PolicyName: policy.name,
DefaultVersionId: policy.version,
PolicyId: policy.id,
Path: '/',
Arn: policy.arn,
AttachmentCount: attachmentCount,
CreateDate: new Date(policy.createdAt).toISOString(),
UpdateDate: new Date(policy.updatedAt).toISOString(),
}
Policy: policy.metadata,
}
}
}

23
src/iam/get-role.handler.ts
View File

@ -1,10 +1,10 @@
import { Injectable, NotFoundException } from '@nestjs/common';
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { IamRole } from './iam-role.entity';
import { IamService } from './iam.service';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
RoleName: string;
@ -14,8 +14,7 @@ type QueryParams = {
export class GetRoleHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(IamRole)
private readonly roleRepo: Repository<IamRole>,
private readonly iamService: IamService,
) {
super();
}
@ -23,17 +22,11 @@ export class GetRoleHandler extends AbstractActionHandler<QueryParams> {
format = Format.Xml;
action = Action.IamGetRole;
validator = Joi.object<QueryParams, true>({
RoleName: Joi.string().required(),
RoleName: Joi.string().min(1).max(64).required(),
});
protected async handle({ RoleName }: QueryParams, awsProperties: AwsProperties) {
const role = await this.roleRepo.findOne({ where: { roleName: RoleName, accountId: awsProperties.accountId } });
if (!role) {
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
}
protected async handle({ RoleName }: QueryParams, { awsProperties} : RequestContext) {
const role = await this.iamService.findOneRoleByName(awsProperties.accountId, RoleName);
return {
Role: role.metadata,
}

74
src/iam/iam-policy.entity.ts
View File

@ -1,38 +1,54 @@
import { BaseEntity, Column, CreateDateColumn, Entity, JoinColumn, OneToMany, OneToOne, PrimaryColumn, UpdateDateColumn } from 'typeorm';
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
import { IamRole } from './iam-role.entity';
import { IamPolicy as PrismaIamPolicy } from "@prisma/client";
@Entity({ name: 'iam_policy' })
export class IamPolicy extends BaseEntity {
export class IamPolicy implements PrismaIamPolicy {
@PrimaryColumn()
id: string;
@Column({ default: 1 })
version: number;
@Column({ name: 'is_default', default: true })
isDefault: boolean;
@Column()
name: string;
@Column()
document: string;
@Column({ name: 'account_id', nullable: false })
accountId: string;
name: string;
version: number;
isDefault: boolean;
policy: string;
path: string | null;
description: string | null;
isAttachable: boolean;
createdAt: Date;
updatedAt: Date;
@CreateDateColumn()
createdAt: string;
@UpdateDateColumn()
updatedAt: string;
@OneToOne(() => IamRole, role => role.assumeRolePolicyDocument)
iamRole: IamRole;
constructor(p: PrismaIamPolicy) {
this.id = p.id;
this.accountId = p.accountId;
this.name = p.name;
this.version = p.version;
this.isDefault = p.isDefault;
this.policy = p.policy;
this.path = p.path;
this.description = p.description;
this.isAttachable = p.isAttachable;
this.createdAt = p.createdAt;
this.updatedAt = p.updatedAt;
}
get arn() {
return `arn:aws:iam::${this.accountId}:policy/${this.name}`;
const parts = ['policy'];
if (this.path && this.path !== '/') {
parts.push(this.path);
}
parts.push(this.name);
return `arn:aws:iam::${this.accountId}:${parts.join('/')}`;
}
get metadata() {
return {
Arn: this.arn,
AttachmentCount: 0,
CreateDate: this.createdAt.toISOString(),
DefaultVersionId: `v${this.version}`,
Description: this.description,
IsAttachable: this.isAttachable,
Path: this.path,
PolicyId: this.id,
PolicyName: this.name,
UpdateDate: this.updatedAt.toISOString(),
}
}
}

18
src/iam/iam-role-policy-attachment.entity.ts
View File

@ -1,18 +0,0 @@
import { BaseEntity, Column, Entity, JoinColumn, ManyToOne, PrimaryColumn } from 'typeorm';
import { IamPolicy } from './iam-policy.entity';
@Entity({ name: 'iam_role_policy_attachment' })
export class IamRolePolicyAttachment extends BaseEntity {
@PrimaryColumn()
id: string;
@Column({ name: 'policy_arn' })
policyArn: string;
@Column({ name: 'role_name' })
roleId: string;
@Column({ name: 'account_id'})
accountId: string;
}

68
src/iam/iam-role.entity.ts
View File

@ -1,50 +1,50 @@
import { BaseEntity, Column, CreateDateColumn, Entity, JoinColumn, OneToOne, PrimaryColumn, UpdateDateColumn } from 'typeorm';
import { IamPolicy } from './iam-policy.entity';
@Entity({ name: 'iam_role' })
export class IamRole extends BaseEntity {
import { IamRole as PrismaIamRole } from '@prisma/client';
@PrimaryColumn()
id: string
export class IamRole implements PrismaIamRole {
@Column({ name: 'role_name' })
roleName: string;
@Column()
path: string;
@Column({ name: 'assume_role_policy_document_id', nullable: false })
assumeRolePolicyDocumentId: string;
@Column({ name: 'account_id', nullable: false })
accountId: string;
path: string | null;
name: string;
createdAt: Date;
id: string;
maxSessionDuration: number | null;
assumeRolePolicy: string | null;
description: string | null;
permissionBoundaryArn: string | null;
lastUsedDate: Date | null;
lastUsedRegion: string | null;
@Column({ name: 'max_session_duration', nullable: false, default: 0 })
maxSessionDuration: number;
@CreateDateColumn()
createdAt: string;
@UpdateDateColumn()
updatedAt: string;
@OneToOne(() => IamPolicy, (policy) => policy.id, { eager: true })
@JoinColumn({ name: 'assume_role_policy_document_id' })
assumeRolePolicyDocument: IamPolicy;
constructor(p: PrismaIamRole) {
this.accountId = p.accountId;
this.path = p.path;
this.name = p.name;
this.createdAt = p.createdAt;
this.id = p.id;
this.maxSessionDuration = p.maxSessionDuration;
this.assumeRolePolicy = p.assumeRolePolicy;
this.description = p.description;
this.permissionBoundaryArn = p.permissionBoundaryArn;
this.lastUsedDate = p.lastUsedDate;
this.lastUsedRegion = p.lastUsedRegion;
}
get arn() {
const identifier = this.path.split('/');
identifier.push(this.roleName);
return `arn:aws:iam::${this.accountId}:role/${identifier.join('/')}`;
const parts = ['role'];
if (this.path && this.path !== '/') {
parts.push(this.path);
}
parts.push(this.name);
return `arn:aws:iam::${this.accountId}:${parts.join('/')}`;
}
get metadata() {
return {
Path: this.path,
Arn: this.arn,
RoleName: this.roleName,
AssumeRolePolicyDocument: this.assumeRolePolicyDocument.document,
CreateDate: new Date(this.createdAt).toISOString(),
RoleName: this.name,
AssumeRolePolicyDocument: this.assumeRolePolicy,
CreateDate: this.createdAt.toISOString(),
RoleId: this.id,
MaxSessionDuration: this.maxSessionDuration,
}

23
src/iam/iam.module.ts
View File

@ -1,34 +1,28 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { AwsSharedEntitiesModule } from '../aws-shared-entities/aws-shared-entities.module';
import { DefaultActionHandlerProvider } from '../default-action-handler/default-action-handler.provider';
import { ExistingActionHandlersProvider } from '../default-action-handler/existing-action-handlers.provider';
import { AttachRolePolicyHandler } from './attach-role-policy.handler';
import { CreatePolicyVersionHandler } from './create-policy-version.handler';
import { CreatePolicyHandler } from './create-policy.handler';
import { CreateRoleHandler } from './create-role.handler';
import { GetPolicyVersionHandler } from './get-policy-version.handler';
import { GetPolicyHandler } from './get-policy.handler';
import { GetRoleHandler } from './get-role.handler';
import { IamPolicy } from './iam-policy.entity';
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
import { IamRole } from './iam-role.entity';
import { IAMHandlers } from './iam.constants';
import { PrismaModule } from '../_prisma/prisma.module';
import { IamService } from './iam.service';
import { GetRoleHandler } from './get-role.handler';
import { GetPolicyHandler } from './get-policy.handler';
import { GetPolicyVersionHandler } from './get-policy-version.handler';
import { AttachRolePolicyHandler } from './attach-role-policy.handler';
import { ListAttachedRolePoliciesHandler } from './list-attached-role-policies';
import { ListRolePoliciesHandler } from './list-role-policies.handler';
const handlers = [
AttachRolePolicyHandler,
CreatePolicyHandler,
CreatePolicyVersionHandler,
CreateRoleHandler,
GetPolicyVersionHandler,
GetPolicyHandler,
GetRoleHandler,
GetPolicyVersionHandler,
ListAttachedRolePoliciesHandler,
ListRolePoliciesHandler,
]
const actions = [
@ -194,11 +188,12 @@ const actions = [
@Module({
imports: [
TypeOrmModule.forFeature([IamPolicy, IamRole, IamRolePolicyAttachment]),
AwsSharedEntitiesModule,
PrismaModule,
],
providers: [
...handlers,
IamService,
ExistingActionHandlersProvider(handlers),
DefaultActionHandlerProvider(IAMHandlers, Format.Xml, actions),
],

129
src/iam/iam.service.ts Normal file
View File

@ -0,0 +1,129 @@
import { Injectable } from "@nestjs/common";
import { PrismaService } from "../_prisma/prisma.service";
import { Prisma } from "@prisma/client";
import { IamPolicy } from "./iam-policy.entity";
import { IamRole } from "./iam-role.entity";
import { EntityAlreadyExists, NoSuchEntity, NotFoundException } from "../aws-shared-entities/aws-exceptions";
import { ArnUtil } from "../util/arn-util.static";
@Injectable()
export class IamService {
constructor(
private readonly prismaService: PrismaService,
) {}
async createRole(data: Prisma.IamRoleCreateInput): Promise<IamRole> {
try {
const record = await this.prismaService.iamRole.create({ data });
return new IamRole(record);
} catch (err) {
throw new EntityAlreadyExists(`RoleName ${data.name} already exists`);
}
}
async findOneRoleByName(accountId: string, name: string): Promise<IamRole> {
try {
const record = await this.prismaService.iamRole.findFirstOrThrow({
where: {
name,
accountId,
}
});
return new IamRole(record);
} catch (error) {
throw new NotFoundException();
}
}
async deleteRoleByName(accountId: string, name: string) {
await this.prismaService.iamRole.deleteMany({
where: {
name,
accountId,
}
});
}
async listRolePolicies(): Promise<IamPolicy[]> {
// return await this.prismaService;
return [];
}
async getPolicyByArn(arn: string): Promise<IamPolicy> {
try {
const name = arn.split('/')[1];
const record = await this.prismaService.iamPolicy.findFirstOrThrow({
where: {
name,
},
orderBy: {
version: 'desc',
},
});
return new IamPolicy(record);
} catch (err) {
throw new NoSuchEntity();
}
}
async getPolicyByArnAndVersion(arn: string, version: number): Promise<IamPolicy> {
try {
const name = arn.split('/')[1];
const record = await this.prismaService.iamPolicy.findFirstOrThrow({
where: {
name,
version,
}
});
return new IamPolicy(record);
} catch (err) {
throw new NoSuchEntity();
}
}
async createPolicy(data: Prisma.IamPolicyCreateInput): Promise<IamPolicy> {
try {
const record = await this.prismaService.iamPolicy.create({ data });
return new IamPolicy(record);
} catch (err) {
throw new EntityAlreadyExists(`PolicyName ${data.name} already exists`);
}
}
async attachPolicyToRoleName(accountId: string, arn: string, roleName: string) {
const policy = await this.getPolicyByArn(arn);
const role = await this.findOneRoleByName(accountId, roleName);
await this.prismaService.iamRoleIamPolicyAttachment.create({
data: {
iamPolicyId: policy.id,
iamRoleId: role.id,
}
});
}
async findAttachedRolePoliciesByRoleName(accountId: string, roleName: string): Promise<IamPolicy[]> {
try {
const record = await this.prismaService.iamRole.findFirstOrThrow({
where: {
name: roleName,
accountId,
},
include: {
policies: true,
}
});
const policyIds = record.policies.map(p => p.iamPolicyId);
const policies = await this.prismaService.iamPolicy.findMany({ where: {
id: {
in: policyIds,
},
isDefault: true,
}});
return policies.map(p => new IamPolicy(p));
} catch (error) {
throw new NotFoundException();
}
}
}

39
src/iam/list-attached-role-policies.ts
View File

@ -1,13 +1,9 @@
import { Injectable, NotFoundException } from '@nestjs/common';
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { In, Repository } from 'typeorm';
import { IamRole } from './iam-role.entity';
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
import { IamPolicy } from './iam-policy.entity';
import { breakdownArn } from '../util/breakdown-arn';
import { RequestContext } from '../_context/request.context';
import { IamService } from './iam.service';
type QueryParams = {
RoleName: string;
@ -17,12 +13,7 @@ type QueryParams = {
export class ListAttachedRolePoliciesHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(IamRole)
private readonly roleRepo: Repository<IamRole>,
@InjectRepository(IamPolicy)
private readonly policyRepo: Repository<IamPolicy>,
@InjectRepository(IamRolePolicyAttachment)
private readonly attachmentRepo: Repository<IamRolePolicyAttachment>,
private readonly iamService: IamService,
) {
super();
}
@ -33,25 +24,15 @@ export class ListAttachedRolePoliciesHandler extends AbstractActionHandler<Query
RoleName: Joi.string().required(),
});
protected async handle({ RoleName }: QueryParams, awsProperties: AwsProperties) {
const role = await this.roleRepo.findOne({ where: { roleName: RoleName, accountId: awsProperties.accountId } });
if (!role) {
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
}
const attachments = await this.attachmentRepo.find({ where: { roleId: role.id } })
const policyIds = attachments.map(({ policyArn }) => breakdownArn(policyArn)).map(({ identifier }) => identifier.split('/')[1]);
const policies = await this.policyRepo.find({ where: { name: In(policyIds), isDefault: true } });
protected async handle({ RoleName }: QueryParams, { awsProperties} : RequestContext) {
const policies = await this.iamService.findAttachedRolePoliciesByRoleName(awsProperties.accountId, RoleName);
return {
AttachedPolicies: {
member: [role.assumeRolePolicyDocument, ...policies].map(p => ({
AttachedPolicies: policies.map(p => ({
member: {
PolicyName: p.name,
PolicyArn: p.arn,
})),
}
}
})),
}
}
}

29
src/iam/list-role-policies.handler.ts
View File

@ -1,13 +1,12 @@
import { Injectable, NotFoundException } from '@nestjs/common';
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { IamRole } from './iam-role.entity';
import { IamRolePolicyAttachment } from './iam-role-policy-attachment.entity';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
Marker: string;
MaxItems: number;
RoleName: string;
}
@ -15,30 +14,20 @@ type QueryParams = {
export class ListRolePoliciesHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(IamRole)
private readonly roleRepo: Repository<IamRole>,
@InjectRepository(IamRolePolicyAttachment)
private readonly attachmentRepo: Repository<IamRolePolicyAttachment>,
) {
super();
}
format = Format.Xml;
action = Action.IamListRolePolicies;
validator = Joi.object<QueryParams, true>({
validator = Joi.object<QueryParams, true>({
Marker: Joi.string().allow(null),
MaxItems: Joi.number().min(1).max(1000).default(100),
RoleName: Joi.string().required(),
});
protected async handle({ RoleName }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ RoleName }: QueryParams, { awsProperties} : RequestContext) {
const role = await this.roleRepo.findOne({ where: { roleName: RoleName, accountId: awsProperties.accountId } });
if (!role) {
throw new NotFoundException('NoSuchEntity', 'The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.');
}
return {
PolicyNames: [],
}
}
}

29
src/kms/create-alias.handler.ts
View File

@ -2,9 +2,9 @@ import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { KmsKeyAlias } from './kms-key-alias.entity';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { KmsService } from './kms.service';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
AliasName: string;
@ -15,8 +15,7 @@ type QueryParams = {
export class CreateAliasHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(KmsKeyAlias)
private readonly aliasRepo: Repository<KmsKeyAlias>,
private readonly kmsService: KmsService,
) {
super();
}
@ -24,17 +23,27 @@ export class CreateAliasHandler extends AbstractActionHandler<QueryParams> {
format = Format.Json;
action = Action.KmsCreateAlias;
validator = Joi.object<QueryParams, true>({
AliasName: Joi.string().required(),
TargetKeyId: Joi.string().required(),
AliasName: Joi.string().min(1).max(256).regex(new RegExp(`^alias/[a-zA-Z0-9/_-]+$`)).required(),
});
protected async handle({ AliasName, TargetKeyId }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ TargetKeyId, AliasName }: QueryParams, { awsProperties} : RequestContext) {
await this.aliasRepo.save({
name: AliasName.split('/')[1],
targetKeyId: TargetKeyId,
const keyRecord = await this.kmsService.findOneByRef(TargetKeyId, awsProperties);
if (!keyRecord) {
throw new NotFoundException();
}
await this.kmsService.createAlias({
accountId: awsProperties.accountId,
region: awsProperties.region,
name: AliasName,
kmsKey: {
connect: {
id: keyRecord.id,
},
},
});
}
}

185
src/kms/create-key.handler.ts Normal file
View File

@ -0,0 +1,185 @@
import { CustomerMasterKeySpec, KeySpec, KeyState, KeyUsageType, OriginType, Tag } from '@aws-sdk/client-kms';
import { Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { KmsService } from './kms.service';
import * as crypto from 'crypto';
import { keySpecToUsageType } from './kms-key.entity';
import { UnsupportedOperationException } from '../aws-shared-entities/aws-exceptions';
import { TagsService } from '../aws-shared-entities/tags.service';
import { RequestContext } from '../_context/request.context';
type NoUndefinedField<T> = { [P in keyof T]-?: NoUndefinedField<NonNullable<T[P]>> };
type QueryParams = {
BypassPolicyLockoutSafetyCheck: boolean;
CustomerMasterKeySpec: CustomerMasterKeySpec;
CustomKeyStoreId: string;
Description: string;
KeySpec: KeySpec;
KeyUsage: KeyUsageType;
MultiRegion: boolean;
Origin: OriginType;
Policy: string;
Tags: NoUndefinedField<Tag>[];
XksKeyId: string;
}
const generateDefaultPolicy = (accountId: string) => JSON.stringify({
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Principal": {
"AWS": `arn:aws:iam::${accountId}:root`
},
"Action": "kms:*",
"Resource": "*"
})
@Injectable()
export class CreateKeyHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly kmsService: KmsService,
private readonly tagsService: TagsService,
) {
super();
}
format = Format.Json;
action = Action.KmsCreateKey;
validator = Joi.object<QueryParams, true>({
BypassPolicyLockoutSafetyCheck: Joi.boolean().default(false),
CustomerMasterKeySpec: Joi.string().allow(...Object.values(CustomerMasterKeySpec)),
CustomKeyStoreId: Joi.string().min(1).max(64),
Description: Joi.string().min(0).max(8192).default(''),
KeySpec: Joi.string().allow(...Object.values(KeySpec)).default(KeySpec.SYMMETRIC_DEFAULT),
KeyUsage: Joi.string().allow(...Object.values(KeyUsageType)).default(KeyUsageType.ENCRYPT_DECRYPT),
MultiRegion: Joi.boolean().default(false),
Origin: Joi.string().allow(...Object.values(OriginType)).default(OriginType.AWS_KMS),
Policy: Joi.string().min(1).max(32768),
Tags: Joi.array().items(
Joi.object<Tag, true>({
TagKey: Joi.string().min(1).max(128).required(),
TagValue: Joi.string().min(0).max(256).required(),
})
),
XksKeyId: Joi.when('Origin', {
is: OriginType.EXTERNAL_KEY_STORE,
then: Joi.string().min(1).max(128),
otherwise: Joi.forbidden(),
}) as unknown as Joi.StringSchema,
});
protected async handle({ KeyUsage, Description, KeySpec, Origin, MultiRegion, Policy, Tags, CustomerMasterKeySpec }: QueryParams, { awsProperties} : RequestContext) {
const keySpec = CustomerMasterKeySpec ?? KeySpec;
if (!keySpecToUsageType[keySpec].includes(KeyUsage)) {
throw new UnsupportedOperationException(`KeySpec ${KeySpec} is not valid for KeyUsage ${KeyUsage}`);
}
const key = this.keyGeneratorMap[keySpec]();
const createdKey = await this.kmsService.createKmsKey({
id: crypto.randomUUID(),
enabled: true,
usage: KeyUsage,
description: Description,
keySpec: keySpec,
keyState: KeyState.Enabled,
origin: Origin,
multiRegion: MultiRegion,
policy: Policy ?? generateDefaultPolicy(awsProperties.accountId),
key,
accountId: awsProperties.accountId,
region: awsProperties.region,
});
await this.tagsService.createMany(createdKey.arn, Tags.map(({ TagKey, TagValue }) => ({ key: TagKey, value: TagValue })));
return {
KeyMetadata: createdKey.metadata,
}
}
private keyGeneratorMap: Record<KeySpec, () => Buffer> = {
ECC_NIST_P256: function (): Buffer {
const { privateKey, publicKey } = crypto.generateKeyPairSync('ec', { namedCurve: 'X9_62_prime256v1' });
return Buffer.from(JSON.stringify({ privateKey, publicKey }));
},
ECC_NIST_P384: function (): Buffer {
const { privateKey, publicKey } = crypto.generateKeyPairSync('ec', { namedCurve: 'secp384r1' });
return Buffer.from(JSON.stringify({ privateKey, publicKey }));
},
ECC_NIST_P521: function (): Buffer {
const { privateKey, publicKey } = crypto.generateKeyPairSync('ec', { namedCurve: 'secp521r1' });
return Buffer.from(JSON.stringify({ privateKey, publicKey }));
},
ECC_SECG_P256K1: function (): Buffer {
const { privateKey, publicKey } = crypto.generateKeyPairSync('ec', { namedCurve: 'secp256k1' });
return Buffer.from(JSON.stringify({ privateKey, publicKey }));
},
HMAC_224: function (): Buffer {
return crypto.randomBytes(32);
},
HMAC_256: function (): Buffer {
return crypto.randomBytes(32);
},
HMAC_384: function (): Buffer {
return crypto.randomBytes(32);
},
HMAC_512: function (): Buffer {
return crypto.randomBytes(32);
},
RSA_2048: function (): Buffer {
const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
modulusLength: 2048,
publicKeyEncoding: {
type: 'pkcs1',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem'
}
});
return Buffer.from(JSON.stringify({ privateKey, publicKey }));
},
RSA_3072: function (): Buffer {
const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
modulusLength: 3072,
publicKeyEncoding: {
type: 'pkcs1',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem'
}
});
return Buffer.from(JSON.stringify({ privateKey, publicKey }));
},
RSA_4096: function (): Buffer {
const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'pkcs1',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem'
}
});
return Buffer.from(JSON.stringify({ privateKey, publicKey }));
},
SM2: function (): Buffer {
throw new Error('Function not implemented.');
},
SYMMETRIC_DEFAULT: function (): Buffer {
return crypto.randomBytes(32);
}
}
}

32
src/kms/describe-key.handler.ts
View File

@ -2,13 +2,12 @@ import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { KmsKey } from './kms-key.entity';
import { breakdownArn } from '../util/breakdown-arn';
import { KmsService } from './kms.service';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
GrantTokens?: string[];
KeyId: string;
}
@ -17,8 +16,6 @@ export class DescribeKeyHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly kmsService: KmsService,
@InjectRepository(KmsKey)
private readonly keyRepo: Repository<KmsKey>,
) {
super();
}
@ -27,27 +24,16 @@ export class DescribeKeyHandler extends AbstractActionHandler<QueryParams> {
action = Action.KmsDescribeKey;
validator = Joi.object<QueryParams, true>({
KeyId: Joi.string().required(),
GrantTokens: Joi.array().items(Joi.string()),
});
protected async handle({ KeyId }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ KeyId }: QueryParams, { awsProperties} : RequestContext) {
const searchable = KeyId.startsWith('arn') ? breakdownArn(KeyId) : {
service: 'kms',
region: awsProperties.region,
accountId: awsProperties.accountId,
identifier: KeyId,
};
const [ type, pk ] = searchable.identifier.split('/');
const keyId: Promise<string> = type === 'key' ?
Promise.resolve(pk) :
this.kmsService.findKeyIdFromAlias(pk, searchable);
const keyRecord = await this.kmsService.findOneByRef(KeyId, awsProperties);
const keyRecord = await this.keyRepo.findOne({ where: {
id: await keyId,
region: searchable.region,
accountId: searchable.accountId,
}});
if (!keyRecord) {
throw new NotFoundException();
}
return {
KeyMetadata: keyRecord.metadata,

46
src/kms/enable-key-rotation.handler.ts Normal file
View File

@ -0,0 +1,46 @@
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { KmsService } from './kms.service';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
KeyId: string;
RotationPeriodInDays: number;
}
@Injectable()
export class EnableKeyRotationHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly kmsService: KmsService,
) {
super();
}
format = Format.Json;
action = Action.KmsEnableKeyRotation;
validator = Joi.object<QueryParams, true>({
KeyId: Joi.string().required(),
RotationPeriodInDays: Joi.number().min(90).max(2560).default(365),
});
protected async handle({ KeyId, RotationPeriodInDays }: QueryParams, context: RequestContext) {
const keyRecord = await this.kmsService.findOneByRef(KeyId, context.awsProperties);
if (!keyRecord) {
throw new NotFoundException();
}
const next = new Date();
next.setDate(next.getDate() + RotationPeriodInDays);
await this.kmsService.updateKmsKey(keyRecord.id, {
rotationPeriod: RotationPeriodInDays,
nextRotation: next,
});
}
}

43
src/kms/get-key-policy.handler.ts Normal file
View File

@ -0,0 +1,43 @@
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { KmsService } from './kms.service';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
PolicyName: string;
KeyId: string;
}
@Injectable()
export class GetKeyPolicyHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly kmsService: KmsService,
) {
super();
}
format = Format.Json;
action = Action.KmsGetKeyPolicy;
validator = Joi.object<QueryParams, true>({
KeyId: Joi.string().required(),
PolicyName: Joi.string().min(1).max(128).default('default'),
});
protected async handle({ KeyId, PolicyName }: QueryParams, context: RequestContext) {
const keyRecord = await this.kmsService.findOneByRef(KeyId, context.awsProperties);
if (!keyRecord) {
throw new NotFoundException();
}
return {
PolicyName,
Policy: keyRecord.policy,
}
}
}

43
src/kms/get-key-rotation-status.handler.ts Normal file
View File

@ -0,0 +1,43 @@
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { KmsService } from './kms.service';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
KeyId: string;
}
@Injectable()
export class GetKeyRotationStatusHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly kmsService: KmsService,
) {
super();
}
format = Format.Json;
action = Action.KmsGetKeyRotationStatus;
validator = Joi.object<QueryParams, true>({
KeyId: Joi.string().required(),
});
protected async handle({ KeyId }: QueryParams, { awsProperties} : RequestContext) {
const keyRecord = await this.kmsService.findOneByRef(KeyId, awsProperties);
if (!keyRecord) {
throw new NotFoundException();
}
return {
KeyId: keyRecord.id,
KeyRotationEnabled: !!keyRecord.rotationPeriod,
NextRotationDate: keyRecord.nextRotation,
RotationPeriodInDays: keyRecord.rotationPeriod,
}
}
}

98
src/kms/get-public-key.handler.ts
View File

@ -2,45 +2,18 @@ import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { KeySpec, KeyUsage, KmsKey } from './kms-key.entity';
import { breakdownArn } from '../util/breakdown-arn';
import { KmsService } from './kms.service';
import * as crypto from 'crypto';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
GrantTokens: string[];
KeyId: string;
}
interface StandardOutput {
KeyId: string;
KeySpec: KeySpec;
KeyUsage: KeyUsage;
PublicKey: string;
CustomerMasterKeySpec: KeySpec;
}
interface EncryptDecrypt extends StandardOutput {
KeyUsage: 'ENCRYPT_DECRYPT';
EncryptionAlgorithms: ('SYMMETRIC_DEFAULT' | 'RSAES_OAEP_SHA_1' | 'RSAES_OAEP_SHA_256' | 'SM2PKE')[];
}
interface SignVerify extends StandardOutput {
KeyUsage: 'SIGN_VERIFY';
SigningAlgorithms: ('RSASSA_PSS_SHA_256' | 'RSASSA_PSS_SHA_384' | 'RSASSA_PSS_SHA_512' | 'RSASSA_PKCS1_V1_5_SHA_256' | 'RSASSA_PKCS1_V1_5_SHA_384' | 'RSASSA_PKCS1_V1_5_SHA_512' | 'ECDSA_SHA_256' | 'ECDSA_SHA_384' | 'ECDSA_SHA_512' | 'SM2DSA')[];
}
type Output = EncryptDecrypt | SignVerify | StandardOutput;
@Injectable()
export class GetPublicKeyHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(KmsKey)
private readonly keyRepo: Repository<KmsKey>,
private readonly kmsService: KmsService,
) {
super();
@ -50,74 +23,19 @@ export class GetPublicKeyHandler extends AbstractActionHandler<QueryParams> {
action = Action.KmsGetPublicKey;
validator = Joi.object<QueryParams, true>({
KeyId: Joi.string().required(),
GrantTokens: Joi.array().items(Joi.string()),
});
protected async handle({ KeyId }: QueryParams, awsProperties: AwsProperties): Promise<Output> {
protected async handle({ KeyId }: QueryParams, { awsProperties} : RequestContext) {
const searchable = KeyId.startsWith('arn') ? breakdownArn(KeyId) : {
service: 'kms',
region: awsProperties.region,
accountId: awsProperties.accountId,
identifier: KeyId,
};
const [ type, pk ] = searchable.identifier.split('/');
const keyId: Promise<string> = type === 'key' ?
Promise.resolve(pk) :
this.kmsService.findKeyIdFromAlias(pk, searchable);
const keyRecord = await this.kmsService.findOneByRef(KeyId, awsProperties);
const keyRecord = await this.keyRepo.findOne({ where: {
id: await keyId,
region: searchable.region,
accountId: searchable.accountId,
}});
const pubKeyObject = crypto.createPublicKey({
key: keyRecord.key,//.split(String.raw`\n`).join('\n'),
format: 'pem',
});
if (keyRecord.usage === 'ENCRYPT_DECRYPT') {
return {
CustomerMasterKeySpec: keyRecord.keySpec,
EncryptionAlgorithms: [ "SYMMETRIC_DEFAULT" ],
KeyId: keyRecord.arn,
KeySpec: keyRecord.keySpec,
KeyUsage: keyRecord.usage,
PublicKey: Buffer.from(pubKeyObject.export({
format: 'der',
type: 'spki',
})).toString('base64'),
}
}
if (keyRecord.usage === 'SIGN_VERIFY') {
const PublicKey = Buffer.from(pubKeyObject.export({
format: 'der',
type: 'spki',
})).toString('base64')
console.log({PublicKey})
return {
CustomerMasterKeySpec: keyRecord.keySpec,
KeyId: keyRecord.arn,
KeySpec: keyRecord.keySpec,
KeyUsage: keyRecord.usage,
PublicKey,
SigningAlgorithms: [ 'RSASSA_PKCS1_V1_5_SHA_256' ]
}
if (!keyRecord) {
throw new NotFoundException();
}
return {
CustomerMasterKeySpec: keyRecord.keySpec,
KeyId: keyRecord.arn,
KeySpec: keyRecord.keySpec,
KeyUsage: keyRecord.usage,
PublicKey: Buffer.from(pubKeyObject.export({
format: 'pem',
type: 'spki',
})).toString('utf-8'),
...keyRecord.metadata,
PublicKey: Buffer.from(keyRecord.keyPair.publicKey).toString('base64'),
}
}
}

34
src/kms/kms-alias.entity.ts Normal file
View File

@ -0,0 +1,34 @@
import { KmsAlias as PrismaKeyAlias } from "@prisma/client"
export class KmsAlias implements PrismaKeyAlias {
name: string
accountId: string
region: string
kmsKeyId: string
createdAt: Date;
updatedAt: Date;
constructor(p: PrismaKeyAlias) {
this.name = p.name;
this.accountId = p.accountId;
this.region = p.region;
this.kmsKeyId = p.kmsKeyId;
this.createdAt = p.createdAt;
this.updatedAt = p.updatedAt;
}
get arn() {
return `arn:aws:kms:${this.region}:${this.accountId}:${this.name}`;
}
toAws() {
return {
AliasArn: this.arn,
AliasName: this.name,
CreationDate: this.createdAt.getAwsTime(),
LastUpdatedDate: this.updatedAt.getAwsTime(),
TargetKeyId: this.kmsKeyId,
}
}
}

21
src/kms/kms-key-alias.entity.ts
View File

@ -1,21 +0,0 @@
import { BaseEntity, Column, Entity, PrimaryColumn } from 'typeorm';
@Entity({ name: 'kms_key_alias' })
export class KmsKeyAlias extends BaseEntity {
@PrimaryColumn()
name: string;
@Column({ name: 'target_key_id' })
targetKeyId: string;
@Column({ name: 'account_id', nullable: false })
accountId: string;
@Column({ name: 'region', nullable: false })
region: string;
get arn() {
return `arn:aws:kms:${this.region}:${this.accountId}:alias/${this.name}`;
}
}

136
src/kms/kms-key.entity.ts
View File

@ -1,61 +1,121 @@
import { BaseEntity, Column, CreateDateColumn, Entity, PrimaryColumn } from 'typeorm';
import { KeySpec, KeyUsageType, KeyState, AlgorithmSpec, OriginType, ExpirationModelType, KeyAgreementAlgorithmSpec, MacAlgorithmSpec, MultiRegionKeyType, SigningAlgorithmSpec } from '@aws-sdk/client-kms';
import { KmsKey as PrismaKmsKey } from '@prisma/client';
export type KeySpec = 'RSA_2048' | 'RSA_3072' | 'RSA_4096' | 'ECC_NIST_P256' | 'ECC_NIST_P384' | 'ECC_NIST_P521' | 'ECC_SECG_P256K1' | 'SYMMETRIC_DEFAULT' | 'HMAC_224' | 'HMAC_256' | 'HMAC_384' | 'HMAC_512' | 'SM2';
export type KeyUsage = 'SIGN_VERIFY' | 'ENCRYPT_DECRYPT' | 'GENERATE_VERIFY_MAC';
export const keySpecToUsageType: Record<KeySpec, KeyUsageType[]> = {
ECC_NIST_P256: [KeyUsageType.SIGN_VERIFY, KeyUsageType.KEY_AGREEMENT],
ECC_NIST_P384: [KeyUsageType.SIGN_VERIFY, KeyUsageType.KEY_AGREEMENT],
ECC_NIST_P521: [KeyUsageType.SIGN_VERIFY, KeyUsageType.KEY_AGREEMENT],
ECC_SECG_P256K1: [KeyUsageType.SIGN_VERIFY],
HMAC_224: [KeyUsageType.GENERATE_VERIFY_MAC],
HMAC_256: [KeyUsageType.GENERATE_VERIFY_MAC],
HMAC_384: [KeyUsageType.GENERATE_VERIFY_MAC],
HMAC_512: [KeyUsageType.GENERATE_VERIFY_MAC],
RSA_2048: [KeyUsageType.ENCRYPT_DECRYPT, KeyUsageType.SIGN_VERIFY],
RSA_3072: [KeyUsageType.ENCRYPT_DECRYPT, KeyUsageType.SIGN_VERIFY],
RSA_4096: [KeyUsageType.ENCRYPT_DECRYPT, KeyUsageType.SIGN_VERIFY],
SM2: [KeyUsageType.ENCRYPT_DECRYPT, KeyUsageType.SIGN_VERIFY, KeyUsageType.KEY_AGREEMENT],
SYMMETRIC_DEFAULT: [KeyUsageType.ENCRYPT_DECRYPT]
}
@Entity({ name: 'kms_key'})
export class KmsKey extends BaseEntity {
export class KmsKey implements PrismaKmsKey {
@PrimaryColumn()
id: string;
@Column({ name: 'usage' })
usage: KeyUsage;
@Column({ name: 'description' })
enabled: boolean;
usage: KeyUsageType;
description: string;
@Column({ name: 'key_spec' })
keySpec: KeySpec;
@Column({ name: 'key' })
key: string;
@Column({ name: 'account_id', nullable: false })
keyState: KeyState;
origin: OriginType;
multiRegion: boolean;
policy: string;
key: Buffer;
nextRotation: Date | null;
rotationPeriod: number | null;
accountId: string;
@Column({ name: 'region', nullable: false })
region: string;
createdAt: Date;
updatedAt: Date;
@CreateDateColumn()
createdAt: string;
constructor(p: PrismaKmsKey) {
this.id = p.id;
this.enabled = p.enabled;
this.usage = p.usage as KeyUsageType;
this.description = p.description;
this.keySpec = p.keySpec as KeySpec;
this.keyState = p.keyState as KeyState;
this.origin = p.origin as OriginType;
this.multiRegion = p.multiRegion;
this.policy = p.policy;
this.key = Buffer.from(p.key);
this.nextRotation = p.nextRotation;
this.rotationPeriod = p.rotationPeriod;
this.accountId = p.accountId;
this.region = p.region;
this.createdAt = p.createdAt;
this.updatedAt = p.updatedAt;
}
get arn() {
return `arn:aws:kms:${this.region}:${this.accountId}:key/${this.id}`;
}
get keyPair(): { publicKey: string; privateKey: string } {
return JSON.parse(Buffer.from(this.key).toString('utf-8'));
}
get metadata() {
const dynamicContent: Record<string, any> = {};
if (keySpecToUsageType[this.keySpec].includes(KeyUsageType.ENCRYPT_DECRYPT)) {
dynamicContent.EncryptionAlgorithms = Object.values(AlgorithmSpec);
}
if (this.origin === OriginType.EXTERNAL) {
dynamicContent.ExpirationModel = ExpirationModelType.KEY_MATERIAL_DOES_NOT_EXPIRE;
}
if (keySpecToUsageType[this.keySpec].includes(KeyUsageType.KEY_AGREEMENT)) {
dynamicContent.KeyAgreementAlgorithms = Object.values(KeyAgreementAlgorithmSpec);
}
if (keySpecToUsageType[this.keySpec].includes(KeyUsageType.GENERATE_VERIFY_MAC)) {
dynamicContent.MacAlgorithms = Object.values(MacAlgorithmSpec);
}
if (this.multiRegion) {
dynamicContent.MultiRegionConfiguration = {
MultiRegionKeyType: MultiRegionKeyType.PRIMARY,
PrimaryKey: {
Arn: this.arn,
Region: this.region,
},
ReplicaKeys: [],
}
}
if (keySpecToUsageType[this.keySpec].includes(KeyUsageType.SIGN_VERIFY)) {
dynamicContent.SigningAlgorithms = Object.values(SigningAlgorithmSpec);
}
return {
AWSAccountId: this.accountId,
KeyId: this.id,
Arn: this.arn,
CreationDate: new Date(this.createdAt).toISOString(),
Enabled: true,
Description: this.description,
KeyUsage: this.usage,
KeyState: 'Enabled',
KeyManager: "CUSTOMER",
CreationDate: this.createdAt.getAwsTime(),
CustomerMasterKeySpec: this.keySpec,
Description: this.description,
Enabled: true,
KeyId: this.id,
KeyManager: undefined,
KeySpec: this.keySpec,
DeletionDate: null,
SigningAlgorithms: [
"RSASSA_PSS_SHA_256",
"RSASSA_PSS_SHA_384",
"RSASSA_PSS_SHA_512",
"RSASSA_PKCS1_V1_5_SHA_256",
"RSASSA_PKCS1_V1_5_SHA_384",
"RSASSA_PKCS1_V1_5_SHA_512"
]
KeyState: this.keyState,
KeyUsage: this.usage,
MultiRegion: this.multiRegion,
Origin: this.origin,
PendingDeletionWindowInDays: undefined,
ValidTo: undefined,
XksKeyConfiguration: undefined,
...dynamicContent,
}
}
}

27
src/kms/kms.module.ts
View File

@ -1,22 +1,35 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { AwsSharedEntitiesModule } from '../aws-shared-entities/aws-shared-entities.module';
import { DefaultActionHandlerProvider } from '../default-action-handler/default-action-handler.provider';
import { ExistingActionHandlersProvider } from '../default-action-handler/existing-action-handlers.provider';
import { CreateAliasHandler } from './create-alias.handler';
import { DescribeKeyHandler } from './describe-key.handler';
import { KmsKeyAlias } from './kms-key-alias.entity';
import { KmsKey } from './kms-key.entity';
import { KMSHandlers } from './kms.constants';
import { KmsService } from './kms.service';
import { KMSHandlers } from './kms.constants';
import { DescribeKeyHandler } from './describe-key.handler';
import { PrismaModule } from '../_prisma/prisma.module';
import { ListAliasesHandler } from './list-aliases.handler';
import { CreateKeyHandler } from './create-key.handler';
import { EnableKeyRotationHandler } from './enable-key-rotation.handler';
import { GetKeyRotationStatusHandler } from './get-key-rotation-status.handler';
import { GetKeyPolicyHandler } from './get-key-policy.handler';
import { ListResourceTagsHandler } from './list-resource-tags.handler';
import { CreateAliasHandler } from './create-alias.handler';
import { GetPublicKeyHandler } from './get-public-key.handler';
import { SignHandler } from './sign.handler';
const handlers = [
CreateAliasHandler,
CreateKeyHandler,
DescribeKeyHandler,
EnableKeyRotationHandler,
GetKeyPolicyHandler,
GetKeyRotationStatusHandler,
GetPublicKeyHandler,
ListAliasesHandler,
ListResourceTagsHandler,
SignHandler,
]
const actions = [
@ -74,8 +87,8 @@ const actions = [
@Module({
imports: [
TypeOrmModule.forFeature([KmsKey, KmsKeyAlias]),
AwsSharedEntitiesModule,
PrismaModule,
],
providers: [
...handlers,

121
src/kms/kms.service.ts
View File

@ -1,22 +1,117 @@
import { Injectable } from '@nestjs/common';
import { ArnParts } from '../util/breakdown-arn';
import { InjectRepository } from '@nestjs/typeorm';
import { KmsKeyAlias } from './kms-key-alias.entity';
import { Repository } from 'typeorm';
import { Prisma } from '@prisma/client';
import { PrismaService } from '../_prisma/prisma.service';
import { breakdownArn } from '../util/breakdown-arn';
import { KmsKey } from './kms-key.entity';
import { KmsAlias } from './kms-alias.entity';
import { AwsProperties } from '../abstract-action.handler';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
@Injectable()
export class KmsService {
constructor(
@InjectRepository(KmsKeyAlias)
private readonly aliasRepo: Repository<KmsKeyAlias>,
private readonly prismaService: PrismaService,
) {}
async findKeyIdFromAlias(alias: string, arn: ArnParts): Promise<string> {
const record = await this.aliasRepo.findOne({ where: {
name: alias,
accountId: arn.accountId,
region: arn.region,
}});
return record.targetKeyId;
async findOneByRef(ref: string, awsProperties: AwsProperties): Promise<KmsKey> {
if (ref.startsWith('arn')) {
return await this.findOneByArn(ref);
}
return await this.findOneById(awsProperties.accountId, awsProperties.region, ref);
}
async findOneByArn(arn: string): Promise<KmsKey> {
const parts = breakdownArn(arn);
return await this.findOneById(parts.accountId, parts.region, parts.identifier.split('/')[1]);
}
async findOneById(accountId: string, region: string, ref: string): Promise<KmsKey> {
const [alias, record] = await Promise.all([
this.prismaService.kmsAlias.findFirst({
include: {
kmsKey: true
},
where: {
accountId,
region,
name: ref,
}
}),
this.prismaService.kmsKey.findFirst({
where: {
accountId,
region,
id: ref,
}
})
]);
if (!alias?.kmsKey && !record) {
throw new NotFoundException();
}
return record ? new KmsKey(record) : new KmsKey(alias!.kmsKey);
}
async findAndCountAliasesByKeyId(accountId: string, region: string, limit: number, kmsKeyId: string, marker = ''): Promise<KmsAlias[]> {
const take = limit + 1;
const records = await this.prismaService.kmsAlias.findMany({
where: {
accountId,
region,
kmsKeyId,
name: {
gte: marker,
}
},
take,
orderBy: {
name: 'desc',
},
});
return records.map(r => new KmsAlias(r));
}
async findAndCountAliases(accountId: string, region: string, limit: number, marker = ''): Promise<KmsAlias[]> {
const take = limit + 1;
const records = await this.prismaService.kmsAlias.findMany({
where: {
accountId,
region,
name: {
gte: marker,
}
},
take,
orderBy: {
name: 'desc',
},
});
return records.map(r => new KmsAlias(r));
}
async createKmsKey(data: Prisma.KmsKeyCreateInput): Promise<KmsKey> {
const record = await this.prismaService.kmsKey.create({
data
});
return new KmsKey(record);
}
async updateKmsKey(id: string, data: Prisma.KmsKeyUpdateInput): Promise<void> {
await this.prismaService.kmsKey.update({
where: { id },
data,
});
}
async createAlias(data: Prisma.KmsAliasCreateInput) {
await this.prismaService.kmsAlias.create({
data
});
}
}

47
src/kms/list-aliases.handler.ts Normal file
View File

@ -0,0 +1,47 @@
import { Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { KmsService } from './kms.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
KeyId?: string;
Limit: number;
Marker?: string;
}
@Injectable()
export class ListAliasesHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly kmsService: KmsService,
) {
super();
}
format = Format.Json;
action = Action.KmsListAliases;
validator = Joi.object<QueryParams, true>({
KeyId: Joi.string(),
Limit: Joi.number().min(1).max(100).default(50),
Marker: Joi.string(),
});
protected async handle({ KeyId, Limit, Marker }: QueryParams, { awsProperties} : RequestContext) {
const records = await (KeyId
? this.kmsService.findAndCountAliasesByKeyId(awsProperties.accountId, awsProperties.region, Limit, KeyId, Marker)
: this.kmsService.findAndCountAliases(awsProperties.accountId, awsProperties.region, Limit, Marker)
)
const nextMarker = records.length > Limit ? records.pop() : null;
return {
Aliases: records.map(r => r.toAws()),
NextMarker: nextMarker?.name,
Truncated: !!nextMarker,
}
}
}

49
src/kms/list-resource-tags.handler.ts Normal file
View File

@ -0,0 +1,49 @@
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { KmsService } from './kms.service';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { TagsService } from '../aws-shared-entities/tags.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
KeyId: string;
Limit: number;
Marker: string;
}
@Injectable()
export class ListResourceTagsHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly kmsService: KmsService,
private readonly tagsService: TagsService,
) {
super();
}
format = Format.Json;
action = Action.KmsListResourceTags;
validator = Joi.object<QueryParams, true>({
KeyId: Joi.string().required(),
Limit: Joi.number().min(1).max(100).default(50),
Marker: Joi.string(),
});
protected async handle({ KeyId }: QueryParams, context: RequestContext) {
const keyRecord = await this.kmsService.findOneByRef(KeyId, context.awsProperties);
if (!keyRecord) {
throw new NotFoundException();
}
const tags = await this.tagsService.getByArn(keyRecord.arn);
return {
Tags: tags.map(({ name, value }) => ({ TagKey: name, TagValue: value })),
Truncated: false,
}
}
}

91
src/kms/sign.handler.ts Normal file
View File

@ -0,0 +1,91 @@
import { Injectable } from '@nestjs/common';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { KmsService } from './kms.service';
import { NotFoundException, UnsupportedOperationException } from '../aws-shared-entities/aws-exceptions';
import * as crypto from 'crypto';
import { KeySpec, SigningAlgorithmSpec } from '@aws-sdk/client-kms';
import { KmsKey } from './kms-key.entity';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
KeyId: string;
Message: string;
MessageType: string;
SigningAlgorithm: string;
}
const signingAlgorithmToSigningFn: Record<SigningAlgorithmSpec, (base64: string, key: KmsKey) => string> = {
ECDSA_SHA_256: function (base64: string): string {
throw new Error('Function not implemented.');
},
ECDSA_SHA_384: function (base64: string): string {
throw new Error('Function not implemented.');
},
ECDSA_SHA_512: function (base64: string): string {
throw new Error('Function not implemented.');
},
RSASSA_PKCS1_V1_5_SHA_256: function (base64: string, key: KmsKey): string {
const buffer = Buffer.from(base64);
return crypto.sign('sha256WithRSAEncryption', buffer, key.keyPair.privateKey).toString('base64');
},
RSASSA_PKCS1_V1_5_SHA_384: function (base64: string): string {
throw new Error('Function not implemented.');
},
RSASSA_PKCS1_V1_5_SHA_512: function (base64: string): string {
throw new Error('Function not implemented.');
},
RSASSA_PSS_SHA_256: function (base64: string): string {
throw new Error('Function not implemented.');
},
RSASSA_PSS_SHA_384: function (base64: string): string {
throw new Error('Function not implemented.');
},
RSASSA_PSS_SHA_512: function (base64: string): string {
throw new Error('Function not implemented.');
},
SM2DSA: function (base64: string): string {
throw new Error('Function not implemented.');
}
}
@Injectable()
export class SignHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly kmsService: KmsService,
) {
super();
}
format = Format.Json;
action = Action.KmsSign;
validator = Joi.object<QueryParams, true>({
KeyId: Joi.string().required(),
Message: Joi.string().required(),
MessageType: Joi.string().required(),
SigningAlgorithm: Joi.string().required(),
});
protected async handle({ KeyId, Message, SigningAlgorithm }: QueryParams, { awsProperties } : RequestContext) {
const keyRecord = await this.kmsService.findOneByRef(KeyId, awsProperties);
if (!keyRecord) {
throw new NotFoundException();
}
if (!(keyRecord.metadata as any).SigningAlgorithms.includes(SigningAlgorithm)) {
throw new UnsupportedOperationException('Invalid signing algorithm');
}
const signature = signingAlgorithmToSigningFn[SigningAlgorithm as SigningAlgorithmSpec](Message, keyRecord);
return {
KeyId: keyRecord.arn,
Signature: signature,
SigningAlgorithm,
}
}
}

27
src/main.ts
View File

@ -1,19 +1,32 @@
import { ClassSerializerInterceptor } from '@nestjs/common';
import { NestFactory, Reflector } from '@nestjs/core';
import { AppModule } from './app.module';
import * as morgan from 'morgan';
import { CommonConfig } from './config/common-config.interface';
import { ConfigService } from '@nestjs/config';
import { NestFactory, Reflector } from '@nestjs/core';
import { AppModule } from './app.module';
import { CommonConfig } from './config/common-config.interface';
import { AwsExceptionFilter } from './_context/exception.filter';
const bodyParser = require('body-parser');
declare global {
interface Date {
getAwsTime(): number;
}
}
Date.prototype.getAwsTime = function (this: Date) {
return Math.floor(this.getTime() / 1000);
};
(async () => {
const app = await NestFactory.create(AppModule);
app.use(morgan('dev'));
app.useGlobalInterceptors(new ClassSerializerInterceptor(app.get(Reflector)));
// app.useGlobalInterceptors(new ClassSerializerInterceptor(app.get(Reflector)));
app.useGlobalFilters(new AwsExceptionFilter());
app.use(bodyParser.json({ type: 'application/x-amz-json-1.0'}));
app.use(bodyParser.json({ type: 'application/x-amz-json-1.1'}));
const configService: ConfigService<CommonConfig> = app.get(ConfigService)
const configService: ConfigService<CommonConfig, true> = app.get(ConfigService);
await app.listen(configService.get('PORT'), () => console.log(`Listening on port ${configService.get('PORT')}`));
})();

8
src/secrets-manager/create-secret.dto.ts
View File

@ -1,8 +0,0 @@
export interface CreateSecretDto {
versionId?: string;
name: string;
description?: string;
secretString?: string;
accountId: string;
region: string;
}

22
src/secrets-manager/create-secret.handler.ts
View File

@ -1,8 +1,12 @@
import { Injectable } from '@nestjs/common';
import { randomUUID } from 'crypto';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { ArnUtil } from '../util/arn-util.static';
import { SecretService } from './secret.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
Name: string;
@ -22,26 +26,28 @@ export class CreateSecretHandler extends AbstractActionHandler<QueryParams> {
format = Format.Json;
action = Action.SecretsManagerCreateSecret;
validator = Joi.object<QueryParams, true>({
validator = Joi.object<QueryParams, true>({
Name: Joi.string().required(),
Description: Joi.string().allow('', null),
SecretString: Joi.string().allow('', null),
SecretString: Joi.string().allow('', null).default(''),
ClientRequestToken: Joi.string(),
});
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
protected async handle(params: QueryParams, context: RequestContext) {
const { Name: name, Description: description, SecretString: secretString, ClientRequestToken } = params;
const secret = await this.secretService.create({
versionId: ClientRequestToken,
versionId: ClientRequestToken ?? randomUUID(),
description,
name,
secretString,
accountId: awsProperties.accountId,
region: awsProperties.region,
accountId: context.awsProperties.accountId,
region: context.awsProperties.region,
});
return { ARN: secret.arn, VersionId: secret.versionId, Name: secret.name };
const arn = ArnUtil.fromSecret(secret);
return { ARN: arn, VersionId: secret.versionId, Name: secret.name };
}
}

34
src/secrets-manager/delete-secret.handler.ts
View File

@ -1,9 +1,12 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { PrismaService } from '../_prisma/prisma.service';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { Secret } from './secret.entity';
import { ArnUtil } from '../util/arn-util.static';
import { SecretService } from './secret.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
SecretId: string;
@ -12,24 +15,25 @@ type QueryParams = {
@Injectable()
export class DeleteSecretHandler extends AbstractActionHandler {
constructor(
private readonly secretService: SecretService,
private readonly prismaService: PrismaService,
) {
super();
}
format = Format.Json;
action = Action.SecretsManagerDeleteSecret;
validator = Joi.object<QueryParams, true>({
validator = Joi.object<QueryParams, true>({
SecretId: Joi.string().required(),
VersionId: Joi.string().allow(null, ''),
});
protected async handle({ SecretId, VersionId}: QueryParams, awsProperties: AwsProperties) {
protected async handle({ SecretId, VersionId }: QueryParams, { awsProperties} : RequestContext) {
const name = Secret.getNameFromSecretId(SecretId);
const secret = VersionId ?
const name = ArnUtil.getSecretNameFromSecretId(SecretId);
const secret = VersionId ?
await this.secretService.findByNameAndVersion(name, VersionId) :
await this.secretService.findLatestByNameAndRegion(name, awsProperties.region);
@ -37,10 +41,20 @@ export class DeleteSecretHandler extends AbstractActionHandler {
throw new BadRequestException('ResourceNotFoundException', "Secrets Manager can't find the resource that you asked for.");
}
secret.deletionDate = new Date(Date.now() + 1000 * 60 * 60 * 24 * 5).toISOString();
await secret.save();
await this.prismaService.secret.update({
data: {
deletionDate: new Date(Date.now() + 1000 * 60 * 60 * 24 * 5),
},
where: {
versionId: secret.versionId,
name: secret.name,
}
});
const arn = ArnUtil.fromSecret(secret);
return {
Arn: secret.arn,
Arn: arn,
DeletionDate: secret.deletionDate,
Name: secret.name,
}

32
src/secrets-manager/describe-secret.handler.ts
View File

@ -1,11 +1,13 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { Secret } from './secret.entity';
import { TagsService } from '../aws-shared-entities/tags.service';
import { ArnUtil } from '../util/arn-util.static';
import { SecretService } from './secret.service';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
SecretId: string;
@ -13,10 +15,9 @@ type QueryParams = {
@Injectable()
export class DescribeSecretHandler extends AbstractActionHandler {
constructor(
@InjectRepository(Secret)
private readonly secretRepo: Repository<Secret>,
private readonly secretService: SecretService,
private readonly tagsService: TagsService,
) {
super();
@ -26,22 +27,21 @@ export class DescribeSecretHandler extends AbstractActionHandler {
action = Action.SecretsManagerDescribeSecret;
validator = Joi.object<QueryParams, true>({ SecretId: Joi.string().required() });
protected async handle({ SecretId }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ SecretId }: QueryParams, { awsProperties} : RequestContext) {
console.log({ SecretId })
const name = Secret.getNameFromSecretId(SecretId);
const secret = await this.secretRepo.findOne({ where: { name }, order: { createdAt: 'DESC' } });
const name = ArnUtil.getSecretNameFromSecretId(SecretId);
const secret = await this.secretService.findLatestByNameAndRegion(name, awsProperties.region);
if (!secret) {
throw new BadRequestException('ResourceNotFoundException', "Secrets Manager can't find the resource that you asked for.");
throw new NotFoundException();
}
const tags = await this.tagsService.getByArn(secret.arn);
const arn = ArnUtil.fromSecret(secret);
const tags = await this.tagsService.getByArn(arn);
const listOfTagPairs = TagsService.getJsonSafeTagsMap(tags);
return {
"ARN": secret.arn,
"ARN": arn,
"CreatedDate": new Date(secret.createdAt).toISOString(),
"DeletedDate": secret.deletionDate ? new Date(secret.deletionDate).toISOString() : null,
"Description": secret.description,

23
src/secrets-manager/get-resource-policy.handler.ts
View File

@ -1,11 +1,12 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { Secret } from './secret.entity';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { ArnUtil } from '../util/arn-util.static';
import { SecretService } from './secret.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
SecretId: string;
@ -15,8 +16,7 @@ type QueryParams = {
export class GetResourcePolicyHandler extends AbstractActionHandler {
constructor(
@InjectRepository(Secret)
private readonly secretRepo: Repository<Secret>,
private readonly secretService: SecretService,
private readonly attributesService: AttributesService,
) {
super();
@ -26,18 +26,19 @@ export class GetResourcePolicyHandler extends AbstractActionHandler {
action = Action.SecretsManagerGetResourcePolicy;
validator = Joi.object<QueryParams, true>({ SecretId: Joi.string().required() });
protected async handle({ SecretId }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ SecretId }: QueryParams, { awsProperties} : RequestContext) {
const name = Secret.getNameFromSecretId(SecretId);
const secret = await this.secretRepo.findOne({ where: { name }, order: { createdAt: 'DESC' } });
const name = ArnUtil.getSecretNameFromSecretId(SecretId);
const secret = await this.secretService.findLatestByNameAndRegion(name, awsProperties.region);
if (!secret) {
throw new BadRequestException('ResourceNotFoundException', "Secrets Manager can't find the resource that you asked for.");
}
const attribute = await this.attributesService.getResourcePolicyByArn(secret.arn);
const arn = ArnUtil.fromSecret(secret);
const attribute = await this.attributesService.getResourcePolicyByArn(arn);
return {
ARN: secret.arn,
ARN: arn,
Name: secret.name,
ResourcePolicy: attribute?.value,
}

14
src/secrets-manager/get-secret-value.handler.ts
View File

@ -1,9 +1,11 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { Secret } from './secret.entity';
import { ArnUtil } from '../util/arn-util.static';
import { SecretService } from './secret.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
SecretId: string;
@ -26,9 +28,9 @@ export class GetSecretValueHandler extends AbstractActionHandler {
VersionId: Joi.string().allow(null, ''),
});
protected async handle({ SecretId, VersionId}: QueryParams, awsProperties: AwsProperties) {
protected async handle({ SecretId, VersionId}: QueryParams, { awsProperties} : RequestContext) {
const name = Secret.getNameFromSecretId(SecretId);
const name = ArnUtil.getSecretNameFromSecretId(SecretId);
const secret = VersionId ?
await this.secretService.findByNameAndVersion(name, VersionId) :
await this.secretService.findLatestByNameAndRegion(name, awsProperties.region);
@ -37,8 +39,10 @@ export class GetSecretValueHandler extends AbstractActionHandler {
throw new BadRequestException('ResourceNotFoundException', "Secrets Manager can't find the resource that you asked for.");
}
const arn = ArnUtil.fromSecret(secret);
return {
ARN: secret.arn,
ARN: arn,
CreatedDate: new Date(secret.createdAt).valueOf() / 1000,
Name: secret.name,
SecretString: secret.secretString,

23
src/secrets-manager/put-resource-policy.handler.ts
View File

@ -1,11 +1,12 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { Secret } from './secret.entity';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { ArnUtil } from '../util/arn-util.static';
import { SecretService } from './secret.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
SecretId: string;
@ -16,8 +17,7 @@ type QueryParams = {
export class PutResourcePolicyHandler extends AbstractActionHandler {
constructor(
@InjectRepository(Secret)
private readonly secretRepo: Repository<Secret>,
private readonly secretService: SecretService,
private readonly attributesService: AttributesService,
) {
super();
@ -30,18 +30,19 @@ export class PutResourcePolicyHandler extends AbstractActionHandler {
ResourcePolicy: Joi.string().required(),
});
protected async handle({ SecretId, ResourcePolicy }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ SecretId, ResourcePolicy }: QueryParams, context: RequestContext) {
const name = Secret.getNameFromSecretId(SecretId);
const secret = await this.secretRepo.findOne({ where: { name }, order: { createdAt: 'DESC' } });
const name = ArnUtil.getSecretNameFromSecretId(SecretId);
const secret = await this.secretService.findLatestByNameAndRegion(name, context.awsProperties.region);
if (!secret) {
throw new BadRequestException('ResourceNotFoundException', "Secrets Manager can't find the resource that you asked for.");
}
await this.attributesService.createResourcePolicy(secret.arn, ResourcePolicy);
const arn = ArnUtil.fromSecret(secret);
await this.attributesService.createResourcePolicy(arn, ResourcePolicy);
return {
ARN: secret.arn,
ARN: arn,
Name: secret.name,
}
}

23
src/secrets-manager/put-secret-value.handler.ts
View File

@ -1,9 +1,12 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { randomUUID } from 'crypto';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { Secret } from './secret.entity';
import { ArnUtil } from '../util/arn-util.static';
import { SecretService } from './secret.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
ClientRequestToken?: string;
@ -28,24 +31,26 @@ export class PutSecretValueHandler extends AbstractActionHandler<QueryParams> {
SecretString: Joi.string(),
});
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
protected async handle(params: QueryParams, context: RequestContext) {
const { SecretId, SecretString: secretString, ClientRequestToken } = params;
const name = Secret.getNameFromSecretId(SecretId);
const oldSecret = await this.secretService.findLatestByNameAndRegion(name, awsProperties.region);
const name = ArnUtil.getSecretNameFromSecretId(SecretId);
const oldSecret = await this.secretService.findLatestByNameAndRegion(name, context.awsProperties.region);
if (!oldSecret) {
throw new BadRequestException('ResourceNotFoundException', "Secrets Manager can't find the resource that you asked for.");
}
const secret = await this.secretService.create({
versionId: ClientRequestToken,
versionId: ClientRequestToken ?? randomUUID(),
name: oldSecret.name,
secretString,
accountId: awsProperties.accountId,
region: awsProperties.region,
accountId: context.awsProperties.accountId,
region: context.awsProperties.region,
});
return { ARN: secret.arn, VersionId: secret.versionId, Name: secret.name, VersionStages: [] }
const arn = ArnUtil.fromSecret(secret);
return { ARN: arn, VersionId: secret.versionId, Name: secret.name, VersionStages: [] }
}
}

39
src/secrets-manager/secret.entity.ts
View File

@ -1,39 +0,0 @@
import { BaseEntity, Column, CreateDateColumn, Entity, Index, PrimaryColumn, PrimaryGeneratedColumn } from 'typeorm';
@Entity('secret')
export class Secret extends BaseEntity {
@PrimaryColumn({ name: 'versionId' })
versionId: string;
@Column({ name: 'name', nullable: false })
@Index()
name: string;
@Column({ name: 'description', nullable: true })
description: string;
@Column({ name: 'secret_string', nullable: true })
secretString: string;
@Column({ name: 'account_id', nullable: false })
accountId: string;
@Column({ name: 'region', nullable: false })
region: string;
@CreateDateColumn()
createdAt: string;
@Column({ name: 'deletion_date', nullable: true })
deletionDate: string;
get arn(): string {
return `arn:aws:secretsmanager:${this.region}:${this.accountId}:${this.name}`;
}
static getNameFromSecretId(secretId: string) {
const parts = secretId.split(':');
return parts.length > 1 ? parts.pop() : secretId;
}
}

34
src/secrets-manager/secret.service.ts
View File

@ -1,32 +1,30 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { CreateSecretDto } from './create-secret.dto';
import { Secret } from './secret.entity';
import * as uuid from 'uuid';
import { Prisma, Secret } from '@prisma/client';
import { randomUUID } from 'crypto';
import { PrismaService } from '../_prisma/prisma.service';
@Injectable()
export class SecretService {
constructor(
@InjectRepository(Secret)
private readonly secretRepo: Repository<Secret>,
private readonly prismaService: PrismaService,
) {}
async findLatestByNameAndRegion(name: string, region: string): Promise<Secret> {
return await this.secretRepo.findOne({ where: { name, region }, order: { createdAt: 'DESC' } });
async findLatestByNameAndRegion(name: string, region: string): Promise<Secret | null> {
return await this.prismaService.secret.findFirst({ where: { name, region }, orderBy: { createdAt: 'desc' } });
}
async findByNameAndVersion(name: string, versionId: string): Promise<Secret> {
// TypeORM BUG: https://github.com/typeorm/typeorm/issues/5694 - Cannot use findOne here
const [ secret ] = await this.secretRepo.find({ where: { name, versionId } });
return secret;
async findByNameAndVersion(name: string, versionId: string): Promise<Secret | null> {
return await this.prismaService.secret.findFirst({ where: { name, versionId } });
}
async create(dto: CreateSecretDto): Promise<Secret> {
return await this.secretRepo.create({
...dto,
versionId: dto.versionId ?? uuid.v4(),
}).save();
async create(data: Prisma.SecretCreateInput): Promise<Secret> {
return await this.prismaService.secret.create({
data: {
...data,
versionId: data.versionId ?? randomUUID(),
}
});
}
}

6
src/secrets-manager/secrets-manager.module.ts
View File

@ -1,5 +1,6 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { PrismaModule } from '../_prisma/prisma.module';
import { Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { AwsSharedEntitiesModule } from '../aws-shared-entities/aws-shared-entities.module';
@ -12,7 +13,6 @@ import { GetResourcePolicyHandler } from './get-resource-policy.handler';
import { GetSecretValueHandler } from './get-secret-value.handler';
import { PutResourcePolicyHandler } from './put-resource-policy.handler';
import { PutSecretValueHandler } from './put-secret-value.handler';
import { Secret } from './secret.entity';
import { SecretService } from './secret.service';
import { SecretsManagerHandlers } from './secrets-manager.constants';
@ -53,7 +53,7 @@ const actions = [
@Module({
imports: [
TypeOrmModule.forFeature([Secret]),
PrismaModule,
AwsSharedEntitiesModule,
],
providers: [

165
src/sns/__tests__/sns.module.spec.ts
View File

@ -1,165 +0,0 @@
import { CreateTopicCommand, CreateTopicCommandOutput, GetSubscriptionAttributesCommand, GetTopicAttributesCommand, ListTagsForResourceCommand, ListTopicsCommand, PublishCommand, SNSClient, SubscribeCommand, SubscribeCommandOutput } from '@aws-sdk/client-sns';
import { TestingModule } from '@nestjs/testing';
import { getRepositoryToken } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { Tag } from '../../aws-shared-entities/tags.entity';
import { SnsTopicSubscription } from '../sns-topic-subscription.entity';
import { SnsTopic } from '../sns-topic.entity';
describe('SNS Module', () => {
let snsClient: SNSClient;
beforeAll(async () => {
snsClient = new SNSClient({
endpoint: globalThis.__ENDPOINT__,
});
});
const describeCleanup = async () => {
const testModule: TestingModule = globalThis.__TESTMODULE__;
const snsTopicRepo = testModule.get<Repository<SnsTopic>>(getRepositoryToken(SnsTopic));
await snsTopicRepo.delete({});
const subscriptionRepo = testModule.get<Repository<SnsTopicSubscription>>(getRepositoryToken(SnsTopicSubscription));
await subscriptionRepo.delete({});
const tagsRepo = testModule.get<Repository<Tag>>(getRepositoryToken(Tag));
await tagsRepo.delete({});
};
describe('creation', () => {
afterAll(describeCleanup);
it('can create a topic', async () => {
const response = await snsClient.send(new CreateTopicCommand({
Name: 'test-topic-1',
}));
expect(response.TopicArn).toBe('arn:aws:sns:us-east-1:000000000000:test-topic-1');
});
it('can subscribe', async () => {
const topicResponse = await snsClient.send(new CreateTopicCommand({
Name: 'test-topic-2',
}));
const response = await snsClient.send(new SubscribeCommand({
TopicArn: topicResponse.TopicArn,
Protocol: 'https',
Endpoint: 'https://google.com',
}));
expect(response.SubscriptionArn).toBeDefined();
});
it('can publish', async () => {
const topicResponse = await snsClient.send(new CreateTopicCommand({
Name: 'test-topic-3',
}));
const response = await snsClient.send(new PublishCommand({
Message: "hello world",
TopicArn: topicResponse.TopicArn,
}));
expect(response.MessageId).toBeDefined();
});
});
describe('reading', () => {
afterAll(describeCleanup);
let subscribedTopic: CreateTopicCommandOutput;
let subscription: SubscribeCommandOutput;
beforeAll(async () => {
subscribedTopic = await snsClient.send(new CreateTopicCommand({
Name: 'test-topic-4',
Tags: [{ Key: 'V_a', Value: 'a' }, { Key: 'V_b', Value: 'b', }]
}));
await snsClient.send(new CreateTopicCommand({
Name: 'test-topic-5',
}));
await snsClient.send(new CreateTopicCommand({
Name: 'test-topic-6',
}));
subscription = await snsClient.send(new SubscribeCommand({
TopicArn: subscribedTopic.TopicArn,
Protocol: 'https',
Endpoint: 'https://google.com',
}));
});
it('can get subscription attributes', async () => {
const response = await snsClient.send(new GetSubscriptionAttributesCommand({
SubscriptionArn: subscription.SubscriptionArn,
}));
expect(response.Attributes).toEqual(expect.objectContaining({
"ConfirmationWasAuthenticated": "true",
"PendingConfirmation": "false",
"Owner": "000000000000",
"SubscriptionArn": subscription.SubscriptionArn,
"TopicArn": subscribedTopic.TopicArn,
"TracingConfig": "PassThrough"
}));
});
it('can get topic attributes', async () => {
const response = await snsClient.send(new GetTopicAttributesCommand({
TopicArn: subscribedTopic.TopicArn,
}));
expect(response.Attributes).toEqual(expect.objectContaining({
"DisplayName": 'test-topic-4',
"Owner": "000000000000",
"SubscriptionsConfirmed": "1",
"SubscriptionsDeleted": "0",
"SubscriptionsPending": "0",
"TopicArn": subscribedTopic.TopicArn,
"TracingConfig": "PassThrough"
}));
});
it('can list tags for resource', async () => {
const response = await snsClient.send(new ListTagsForResourceCommand({
ResourceArn: subscribedTopic.TopicArn,
}));
expect(response.Tags).toHaveLength(2);
const map = new Map(response.Tags.map(({ Key, Value }) => [ Key, Value ]));
expect(map.get('V_a')).toBe('a');
expect(map.get('V_b')).toBe('b');
});
it('can list all topics', async () => {
const response = await snsClient.send(new ListTopicsCommand({}));
expect(response.Topics).toHaveLength(3);
});
});
// describe('updating', () => {
// afterAll(describeCleanup);
// });
// describe('deleting', () => {
// afterAll(describeCleanup);
// });
});

31
src/sns/create-topic.handler.ts
View File

@ -1,11 +1,12 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as Joi from 'joi';
import { PrismaService } from '../_prisma/prisma.service';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { SnsTopic } from './sns-topic.entity';
import * as Joi from 'joi';
import { TagsService } from '../aws-shared-entities/tags.service';
import { ArnUtil } from '../util/arn-util.static';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
Name: string;
@ -15,8 +16,7 @@ type QueryParams = {
export class CreateTopicHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(SnsTopic)
private readonly snsTopicRepo: Repository<SnsTopic>,
private readonly prismaService: PrismaService,
private readonly tagsService: TagsService,
) {
super();
@ -26,19 +26,22 @@ export class CreateTopicHandler extends AbstractActionHandler<QueryParams> {
action = Action.SnsCreateTopic;
validator = Joi.object<QueryParams, true>({ Name: Joi.string().required() });
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
protected async handle(params: QueryParams, context: RequestContext) {
const { Name: name } = params;
const topic = await this.snsTopicRepo.create({
name,
accountId: awsProperties.accountId,
region: awsProperties.region,
}).save();
const topic = await this.prismaService.snsTopic.create({
data: {
name,
accountId: context.awsProperties.accountId,
region: context.awsProperties.region,
},
});
const tags = TagsService.tagPairs(params);
await this.tagsService.createMany(topic.topicArn, tags);
const arn = ArnUtil.fromTopic(topic);
await this.tagsService.createMany(arn, tags);
return { TopicArn: topic.topicArn };
return { TopicArn: arn };
}
}

20
src/sns/get-subscription-attributes.handler.ts
View File

@ -1,11 +1,12 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as Joi from 'joi';
import { PrismaService } from '../_prisma/prisma.service';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { SnsTopicSubscription } from './sns-topic-subscription.entity';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { ArnUtil } from '../util/arn-util.static';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
SubscriptionArn: string;
@ -15,8 +16,7 @@ type QueryParams = {
export class GetSubscriptionAttributesHandler extends AbstractActionHandler {
constructor(
@InjectRepository(SnsTopicSubscription)
private readonly snsTopicSubscriptionRepo: Repository<SnsTopicSubscription>,
private readonly prismaService: PrismaService,
private readonly attributeService: AttributesService,
) {
super();
@ -26,10 +26,10 @@ export class GetSubscriptionAttributesHandler extends AbstractActionHandler {
action = Action.SnsGetSubscriptionAttributes;
validator = Joi.object<QueryParams, true>({ SubscriptionArn: Joi.string().required() });
protected async handle({ SubscriptionArn }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ SubscriptionArn }: QueryParams, { awsProperties} : RequestContext) {
const id = SubscriptionArn.split(':').pop();
const subscription = await this.snsTopicSubscriptionRepo.findOne({ where: { id }});
const subscription = await this.prismaService.snsTopicSubscription.findFirst({ where: { id }});
if (!subscription) {
return;
@ -39,13 +39,13 @@ export class GetSubscriptionAttributesHandler extends AbstractActionHandler {
const attributeMap = attributes.reduce((m, a) => {
m[a.name] = a.value;
return m;
}, {});
}, {} as Record<string, string>);
const response = {
ConfirmationWasAuthenticated: 'true',
PendingConfirmation: 'false',
Owner: subscription.accountId,
SubscriptionArn: subscription.arn,
SubscriptionArn: ArnUtil.fromTopicSub(subscription),
TopicArn: subscription.topicArn,
...attributeMap,
TracingConfig: attributeMap['TracingConfig'] ?? 'PassThrough',

25
src/sns/get-topic-attributes.handler.ts
View File

@ -1,12 +1,12 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as Joi from 'joi';
import { PrismaService } from '../_prisma/prisma.service';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { SnsTopic } from './sns-topic.entity';
import * as Joi from 'joi';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { SnsTopicSubscription } from './sns-topic-subscription.entity';
import { ArnUtil } from '../util/arn-util.static';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
TopicArn: string;
@ -16,10 +16,7 @@ type QueryParams = {
export class GetTopicAttributesHandler extends AbstractActionHandler {
constructor(
@InjectRepository(SnsTopic)
private readonly snsTopicRepo: Repository<SnsTopic>,
@InjectRepository(SnsTopicSubscription)
private readonly snsTopicSubscriptionRepo: Repository<SnsTopicSubscription>,
private readonly prismaService: PrismaService,
private readonly attributeService: AttributesService,
) {
super();
@ -29,10 +26,10 @@ export class GetTopicAttributesHandler extends AbstractActionHandler {
action = Action.SnsGetTopicAttributes;
validator = Joi.object<QueryParams, true>({ TopicArn: Joi.string().required() });
protected async handle({ TopicArn }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ TopicArn }: QueryParams, { awsProperties} : RequestContext) {
const name = TopicArn.split(':').pop();
const topic = await this.snsTopicRepo.findOne({ where: { name }});
const topic = await this.prismaService.snsTopic.findFirst({ where: { name }});
if (!topic) {
throw new BadRequestException();
@ -42,9 +39,9 @@ export class GetTopicAttributesHandler extends AbstractActionHandler {
const attributeMap = attributes.reduce((m, a) => {
m[a.name] = a.value;
return m;
}, {});
}, {} as Record<string, string>);
const subscriptionCount = await this.snsTopicSubscriptionRepo.count({ where: { topicArn: TopicArn } });
const subscriptionCount = await this.prismaService.snsTopicSubscription.count({ where: { topicArn: TopicArn } });
const response = {
DisplayName: topic.name,
@ -52,7 +49,7 @@ export class GetTopicAttributesHandler extends AbstractActionHandler {
SubscriptionsConfirmed: `${subscriptionCount}`,
SubscriptionsDeleted: '0',
SubscriptionsPending: '0',
TopicArn: topic.topicArn,
TopicArn: ArnUtil.fromTopic(topic),
...attributeMap,
TracingConfig: attributeMap['TracingConfig'] ?? 'PassThrough',
}

9
src/sns/list-tags-for-resource.handler.ts
View File

@ -1,11 +1,10 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { SnsTopic } from './sns-topic.entity';
import * as Joi from 'joi';
import { TagsService } from '../aws-shared-entities/tags.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
ResourceArn: string;
@ -24,7 +23,7 @@ export class ListTagsForResourceHandler extends AbstractActionHandler {
action = Action.SnsListTagsForResource;
validator = Joi.object<QueryParams, true>({ ResourceArn: Joi.string().required() });
protected async handle({ ResourceArn }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ ResourceArn }: QueryParams, { awsProperties} : RequestContext) {
const tags = await this.tagsService.getByArn(ResourceArn);
return TagsService.getXmlSafeTagsMap(tags);
}

21
src/sns/list-topics.handler.ts
View File

@ -1,10 +1,11 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as Joi from 'joi';
import { PrismaService } from '../_prisma/prisma.service';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { SnsTopic } from './sns-topic.entity';
import * as Joi from 'joi';
import { ArnUtil } from '../util/arn-util.static';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
NextToken: number;
@ -14,8 +15,7 @@ type QueryParams = {
export class ListTopicsHandler extends AbstractActionHandler {
constructor(
@InjectRepository(SnsTopic)
private readonly snsTopicRepo: Repository<SnsTopic>,
private readonly prismaService: PrismaService,
) {
super();
}
@ -24,10 +24,13 @@ export class ListTopicsHandler extends AbstractActionHandler {
action = Action.SnsListTopics;
validator = Joi.object<QueryParams, true>({ NextToken: Joi.number().default(0) });
protected async handle({ NextToken: skip }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ NextToken: skip }: QueryParams, { awsProperties} : RequestContext) {
const [ topics, total ] = await this.snsTopicRepo.findAndCount({ order: { name: 'DESC' }, take: 100, skip });
const response = { Topics: { member: topics.map(t => ({ TopicArn: t.topicArn } ))} };
const [ topics, total ] = await Promise.all([
this.prismaService.snsTopic.findMany({ orderBy: { name: 'desc' }, take: 100, skip }),
this.prismaService.snsTopic.count(),
]);
const response = { Topics: { member: topics.map(t => ({ TopicArn: ArnUtil.fromTopic(t) } ))} };
if (total >= 100) {
return {

31
src/sns/publish.handler.ts
View File

@ -1,14 +1,15 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import * as Joi from 'joi';
import { randomUUID } from 'crypto';
import { PrismaService } from '../_prisma/prisma.service';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { SqsQueueEntryService } from '../sqs/sqs-queue-entry.service';
import { SnsTopicSubscription } from './sns-topic-subscription.entity';
import * as uuid from 'uuid';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { SqsQueueEntryService } from '../sqs/sqs-queue-entry.service';
import { SqsQueue } from '../sqs/sqs-queue.entity';
import { ArnUtil } from '../util/arn-util.static';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
TopicArn: string;
@ -21,8 +22,7 @@ type QueryParams = {
export class PublishHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(SnsTopicSubscription)
private readonly snsTopicSubscriptionRepo: Repository<SnsTopicSubscription>,
private readonly prismaService: PrismaService,
private readonly sqsQueueEntryService: SqsQueueEntryService,
private readonly attributeService: AttributesService,
) {
@ -38,21 +38,22 @@ export class PublishHandler extends AbstractActionHandler<QueryParams> {
Message: Joi.string().required(),
});
protected async handle({ TopicArn, TargetArn, Message, Subject }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ TopicArn, TargetArn, Message, Subject }: QueryParams, context: RequestContext) {
const arn = TopicArn ?? TargetArn;
if (!arn) {
throw new BadRequestException();
}
const MessageId = uuid.v4();
const subscriptions = await this.snsTopicSubscriptionRepo.find({ where: { topicArn: arn } });
const MessageId = randomUUID();
const subscriptions = await this.prismaService.snsTopicSubscription.findMany({ where: { topicArn: arn } });
const topicAttributes = await this.attributeService.getByArn(arn);
for (const sub of subscriptions) {
const attributes = await this.attributeService.getByArn(sub.arn);
if (sub.protocol === 'sqs') {
const { value: isRaw } = attributes.find(a => a.name === 'RawMessageDelivery');
const subArn = ArnUtil.fromTopicSub(sub);
const attributes = await this.attributeService.getByArn(subArn);
if (sub.protocol === 'sqs' && sub.endpoint) {
const { value: isRaw } = attributes.find(a => a.name === 'RawMessageDelivery') ?? {};
const [queueAccountId, queueName] = SqsQueue.tryGetAccountIdAndNameFromPathOrArn(sub.endpoint);
const message = isRaw === 'true' ? Message : JSON.stringify({
@ -65,7 +66,7 @@ export class PublishHandler extends AbstractActionHandler<QueryParams> {
SignatureVersion: topicAttributes.find(a => a.name === 'SignatureVersion')?.value ?? '1',
Signature: '',
SigningCertURL: '',
UnsubscribeURL: `${awsProperties.host}/?Action=Unsubscribe&SubscriptionArn=${sub.arn}`,
UnsubscribeURL: `${context.awsProperties.host}/?Action=Unsubscribe&SubscriptionArn=${subArn}`,
});
await this.sqsQueueEntryService.publish(queueAccountId, queueName, message);

6
src/sns/set-subscription-attributes.handler.ts
View File

@ -1,8 +1,10 @@
import { Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
AttributeName: string;
@ -27,7 +29,7 @@ export class SetSubscriptionAttributesHandler extends AbstractActionHandler<Quer
TopicArn: Joi.string().required(),
});
protected async handle({ AttributeName, AttributeValue, TopicArn }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ AttributeName, AttributeValue, TopicArn }: QueryParams, { awsProperties} : RequestContext) {
await this.attributeService.create({ name: AttributeName, value: AttributeValue, arn: TopicArn });
}
}

6
src/sns/set-topic-attributes.handler.ts
View File

@ -1,8 +1,10 @@
import { Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
AttributeName: string;
@ -27,7 +29,7 @@ export class SetTopicAttributesHandler extends AbstractActionHandler<QueryParams
TopicArn: Joi.string().required(),
});
protected async handle({ AttributeName, AttributeValue, TopicArn }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ AttributeName, AttributeValue, TopicArn }: QueryParams, { awsProperties} : RequestContext) {
await this.attributeService.create({ name: AttributeName, value: AttributeValue, arn: TopicArn });
}
}

27
src/sns/sns-topic-subscription.entity.ts
View File

@ -1,27 +0,0 @@
import { BaseEntity, Column, Entity, PrimaryColumn, PrimaryGeneratedColumn } from 'typeorm';
@Entity('sns_topic_subscription')
export class SnsTopicSubscription extends BaseEntity {
@PrimaryColumn({ name: 'id' })
id: string;
@Column({ name: 'topic_arn' })
topicArn: string;
@Column({ name: 'endpoint', nullable: true })
endpoint: string;
@Column({ name: 'protocol' })
protocol: string;
@Column({ name: 'account_id', nullable: false })
accountId: string;
@Column({ name: 'region', nullable: false })
region: string;
get arn() {
return `${this.topicArn}:${this.id}`;
}
}

18
src/sns/sns-topic.entity.ts
View File

@ -1,18 +0,0 @@
import { BaseEntity, Column, Entity, PrimaryColumn } from 'typeorm';
@Entity('sns_topic')
export class SnsTopic extends BaseEntity {
@PrimaryColumn({ name: 'name' })
name: string;
@Column({ name: 'account_id', nullable: false })
accountId: string;
@Column({ name: 'region', nullable: false })
region: string;
get topicArn(): string {
return `arn:aws:sns:${this.region}:${this.accountId}:${this.name}`;
}
}

9
src/sns/sns.module.ts
View File

@ -1,9 +1,7 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { AbstractActionHandler, Format } from '../abstract-action.handler';
import { Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { AwsSharedEntitiesModule } from '../aws-shared-entities/aws-shared-entities.module';
import { ExistingActionHandlers } from '../default-action-handler/default-action-handler.constants';
import { DefaultActionHandlerProvider } from '../default-action-handler/default-action-handler.provider';
import { ExistingActionHandlersProvider } from '../default-action-handler/existing-action-handlers.provider';
import { SqsModule } from '../sqs/sqs.module';
@ -15,11 +13,10 @@ import { ListTopicsHandler } from './list-topics.handler';
import { PublishHandler } from './publish.handler';
import { SetSubscriptionAttributesHandler } from './set-subscription-attributes.handler';
import { SetTopicAttributesHandler } from './set-topic-attributes.handler';
import { SnsTopicSubscription } from './sns-topic-subscription.entity';
import { SnsTopic } from './sns-topic.entity';
import { SnsHandlers } from './sns.constants';
import { SubscribeHandler } from './subscribe.handler';
import { UnsubscribeHandler } from './unsubscribe.handler';
import { PrismaModule } from '../_prisma/prisma.module';
const handlers = [
CreateTopicHandler,
@ -81,8 +78,8 @@ const actions = [
@Module({
imports: [
TypeOrmModule.forFeature([SnsTopic, SnsTopicSubscription]),
AwsSharedEntitiesModule,
PrismaModule,
SqsModule,
],
providers: [

51
src/sns/subscribe.handler.ts
View File

@ -1,15 +1,14 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { Injectable } from '@nestjs/common';
import { randomUUID } from 'crypto';
import * as Joi from 'joi';
import { TagsService } from '../aws-shared-entities/tags.service';
import { PrismaService } from '../_prisma/prisma.service';
import { AbstractActionHandler, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { SnsTopicSubscription } from './sns-topic-subscription.entity';
import * as uuid from 'uuid';
import { SqsQueueEntryService } from '../sqs/sqs-queue-entry.service';
import { SqsQueue } from '../sqs/sqs-queue.entity';
import { TagsService } from '../aws-shared-entities/tags.service';
import { ArnUtil } from '../util/arn-util.static';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
TopicArn: string;
@ -21,11 +20,9 @@ type QueryParams = {
export class SubscribeHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(SnsTopicSubscription)
private readonly snsTopicSubscription: Repository<SnsTopicSubscription>,
private readonly prismaService: PrismaService,
private readonly tagsService: TagsService,
private readonly attributeService: AttributesService,
private readonly sqsQueueEntryService: SqsQueueEntryService,
) {
super();
}
@ -38,23 +35,27 @@ export class SubscribeHandler extends AbstractActionHandler<QueryParams> {
Protocol: Joi.string().required(),
});
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
protected async handle(params: QueryParams, context: RequestContext) {
const subscription = await this.snsTopicSubscription.create({
id: uuid.v4(),
topicArn: params.TopicArn,
protocol: params.Protocol,
endpoint: params.Endpoint,
accountId: awsProperties.accountId,
region: awsProperties.region,
}).save();
const subscription = await this.prismaService.snsTopicSubscription.create({
data: {
id: randomUUID(),
topicArn: params.TopicArn,
protocol: params.Protocol,
endpoint: params.Endpoint,
accountId: context.awsProperties.accountId,
region: context.awsProperties.region,
}
});
const arn = ArnUtil.fromTopicSub(subscription);
const tags = TagsService.tagPairs(params);
await this.tagsService.createMany(subscription.arn, tags);
await this.tagsService.createMany(arn, tags);
const attributes = AttributesService.attributePairs(params);
await this.attributeService.createMany(subscription.arn, attributes);
await this.attributeService.createMany(arn, attributes);
return { SubscriptionArn: subscription.arn };
return { SubscriptionArn: arn };
}
}

26
src/sns/unsubscribe.handler.ts
View File

@ -1,13 +1,12 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { TagsService } from '../aws-shared-entities/tags.service';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { SnsTopicSubscription } from './sns-topic-subscription.entity';
import * as uuid from 'uuid';
import { PrismaService } from '../_prisma/prisma.service';
import { ArnUtil } from '../util/arn-util.static';
import { NotFoundException } from '../aws-shared-entities/aws-exceptions';
type QueryParams = {
SubscriptionArn: string;
@ -17,8 +16,7 @@ type QueryParams = {
export class UnsubscribeHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(SnsTopicSubscription)
private readonly snsTopicSubscription: Repository<SnsTopicSubscription>,
private readonly prismaService: PrismaService,
private readonly tagsService: TagsService,
private readonly attributeService: AttributesService,
) {
@ -31,13 +29,19 @@ export class UnsubscribeHandler extends AbstractActionHandler<QueryParams> {
SubscriptionArn: Joi.string().required(),
});
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
protected async handle(params: QueryParams) {
const id = params.SubscriptionArn.split(':').pop();
const subscription = await this.snsTopicSubscription.findOne({ where: { id } });
const subscription = await this.prismaService.snsTopicSubscription.findFirst({ where: { id } });
await this.tagsService.deleteByArn(subscription.arn);
await this.attributeService.deleteByArn(subscription.arn);
await this.snsTopicSubscription.delete({ id });
if (!subscription) {
throw new NotFoundException();
}
const arn = ArnUtil.fromTopicSub(subscription);
await this.tagsService.deleteByArn(arn);
await this.attributeService.deleteByArn(arn);
await this.prismaService.snsTopicSubscription.delete({ where: { id } });
}
}

41
src/sqs/create-queue.handler.ts
View File

@ -1,49 +1,18 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { TagsService } from '../aws-shared-entities/tags.service';
import { SqsQueue } from './sqs-queue.entity';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { V2CreateQueueHandler } from './v2-create-queue.handler';
type QueryParams = {
QueueName: string;
}
@Injectable()
export class CreateQueueHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(SqsQueue)
private readonly sqsQueueRepo: Repository<SqsQueue>,
private readonly tagsService: TagsService,
private readonly attributeService: AttributesService,
) {
super();
}
export class CreateQueueHandler extends V2CreateQueueHandler {
format = Format.Xml;
action = Action.SqsCreateQueue;
validator = Joi.object<QueryParams, true>({ QueueName: Joi.string().required() });
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
const { QueueName: name } = params;
const queue = await this.sqsQueueRepo.create({
name,
accountId: awsProperties.accountId,
region: awsProperties.region,
}).save();
const tags = TagsService.tagPairs(params);
await this.tagsService.createMany(queue.arn, tags);
const attributes = SqsQueue.attributePairs(params);
await this.attributeService.createMany(queue.arn, attributes);
return { QueueUrl: queue.getUrl(awsProperties.host) };
}
}

12
src/sqs/delete-message-batch.handler.ts
View File

@ -1,13 +1,15 @@
import { Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { SqsQueue } from './sqs-queue.entity';
import { SqsQueueEntryService } from './sqs-queue-entry.service';
import { SqsQueue } from './sqs-queue.entity';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
QueueUrl: string;
}
} & Record<string, string>;
@Injectable()
export class DeleteMessageBatchHandler extends AbstractActionHandler<QueryParams> {
@ -25,7 +27,7 @@ export class DeleteMessageBatchHandler extends AbstractActionHandler<QueryParams
QueueUrl: Joi.string().required(),
});
protected async handle( params : QueryParams, awsProperties: AwsProperties) {
protected async handle( params : QueryParams, { awsProperties} : RequestContext) {
const { QueueUrl } = params;
const [accountId, name] = SqsQueue.tryGetAccountIdAndNameFromPathOrArn(QueueUrl);
@ -33,7 +35,7 @@ export class DeleteMessageBatchHandler extends AbstractActionHandler<QueryParams
for (const header of Object.keys(params)) {
if (header.includes('DeleteMessageBatchRequestEntry') && header.includes('ReceiptHandle')) {
const ReceiptHandle = params[header];
await this.sqsQueueEntryService.deleteMessage(accountId, name, ReceiptHandle);
await this.sqsQueueEntryService.deleteMessage(ReceiptHandle);
}
}
}

12
src/sqs/delete-message.handler.ts
View File

@ -1,9 +1,11 @@
import { Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { SqsQueue } from './sqs-queue.entity';
import { SqsQueueEntryService } from './sqs-queue-entry.service';
import { SqsQueue } from './sqs-queue.entity';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
QueueUrl: string;
@ -27,9 +29,7 @@ export class DeleteMessageHandler extends AbstractActionHandler<QueryParams> {
ReceiptHandle: Joi.string().required(),
});
protected async handle({ QueueUrl, ReceiptHandle }: QueryParams, awsProperties: AwsProperties) {
const [accountId, name] = SqsQueue.tryGetAccountIdAndNameFromPathOrArn(QueueUrl);
await this.sqsQueueEntryService.deleteMessage(accountId, name, ReceiptHandle);
protected async handle({ QueueUrl, ReceiptHandle }: QueryParams, { awsProperties} : RequestContext) {
await this.sqsQueueEntryService.deleteMessage(ReceiptHandle);
}
}

26
src/sqs/delete-queue.handler.ts
View File

@ -1,13 +1,12 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { InjectRepository } from '@nestjs/typeorm';
import { SqsQueue } from './sqs-queue.entity';
import { Repository } from 'typeorm';
import { SqsQueueEntryService } from './sqs-queue-entry.service';
import { TagsService } from '../aws-shared-entities/tags.service';
import { SqsQueueEntryService } from './sqs-queue-entry.service';
import { SqsQueue } from './sqs-queue.entity';
type QueryParams = {
QueueUrl?: string,
@ -18,8 +17,6 @@ type QueryParams = {
export class DeleteQueueHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(SqsQueue)
private readonly sqsQueueRepo: Repository<SqsQueue>,
private readonly tagsService: TagsService,
private readonly attributeService: AttributesService,
private readonly sqsQueueEntryService: SqsQueueEntryService,
@ -34,25 +31,18 @@ export class DeleteQueueHandler extends AbstractActionHandler<QueryParams> {
__path: Joi.string().required(),
});
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
protected async handle(params: QueryParams) {
const [accountId, name] = SqsQueue.tryGetAccountIdAndNameFromPathOrArn(params.QueueUrl ?? params.__path);
const queue = await this.sqsQueueRepo.findOne({ where: { accountId , name } });
const queue = await this.sqsQueueEntryService.findQueueByAccountIdAndName(accountId, name);
if(!queue) {
if (!queue) {
throw new BadRequestException('ResourceNotFoundException');
}
await this.sqsQueueEntryService.purge(accountId, name);
await this.tagsService.deleteByArn(queue.arn);
await this.attributeService.deleteByArn(queue.arn);
await queue.remove();
}
private async getAttributes(attributeNames: string[], queueArn: string) {
if (attributeNames.length === 0 || attributeNames.length === 1 && attributeNames[0] === 'All') {
return await this.attributeService.getByArn(queueArn);
}
return await this.attributeService.getByArnAndNames(queueArn, attributeNames);
await this.sqsQueueEntryService.deleteQueue(queue.id);
}
}

28
src/sqs/get-queue-attributes.handler.ts
View File

@ -1,25 +1,22 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { InjectRepository } from '@nestjs/typeorm';
import { SqsQueue } from './sqs-queue.entity';
import { Repository } from 'typeorm';
import { SqsQueueEntryService } from './sqs-queue-entry.service';
import { SqsQueue } from './sqs-queue.entity';
type QueryParams = {
QueueUrl?: string,
'AttributeName.1'?: string;
__path: string;
}
} & Record<string, string>;
@Injectable()
export class GetQueueAttributesHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(SqsQueue)
private readonly sqsQueueRepo: Repository<SqsQueue>,
private readonly attributeService: AttributesService,
private readonly sqsQueueEntryService: SqsQueueEntryService,
) {
@ -34,7 +31,7 @@ export class GetQueueAttributesHandler extends AbstractActionHandler<QueryParams
__path: Joi.string().required(),
});
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
protected async handle(params: QueryParams) {
const attributeNames = Object.keys(params).reduce((l, k) => {
const [name, _] = k.split('.');
@ -42,23 +39,23 @@ export class GetQueueAttributesHandler extends AbstractActionHandler<QueryParams
l.push(params[k]);
}
return l;
}, []);
}, [] as string[]);
const [accountId, name] = SqsQueue.tryGetAccountIdAndNameFromPathOrArn(params.QueueUrl ?? params.__path);
const queue = await this.sqsQueueRepo.findOne({ where: { accountId , name } });
const queue = await this.sqsQueueEntryService.findQueueByAccountIdAndName(accountId, name);
if(!queue) {
return;
}
const queueMetrics = this.sqsQueueEntryService.metrics(queue.arn);
const queueMetrics = await this.sqsQueueEntryService.metrics(queue.id);
const attributes = await this.getAttributes(attributeNames, queue.arn);
const attributeMap = attributes.reduce((m, a) => {
m[a.name] = a.value;
return m;
}, {});
}, {} as Record<string, string>);
const response = {
const response: Record<string, string> = {
...attributeMap,
ApproximateNumberOfMessages: `${queueMetrics.total}`,
ApproximateNumberOfMessagesNotVisible: `${queueMetrics.inFlight}`,
@ -66,7 +63,8 @@ export class GetQueueAttributesHandler extends AbstractActionHandler<QueryParams
LastModifiedTimestamp: `${new Date(queue.updatedAt).getTime()}`,
QueueArn: queue.arn,
}
return { Attribute: Object.keys(response).map(k => ({
return {
Attribute: Object.keys(response).map(k => ({
Name: k,
Value: response[k],
}))

34
src/sqs/list-queues.handler.ts
View File

@ -1,34 +1,18 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { SqsQueue } from './sqs-queue.entity';
type QueryParams = {
}
import { Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { V2ListQueuesHandler } from './v2-list-queues.handler';
import { RequestContext } from '../_context/request.context';
@Injectable()
export class ListQueuesHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(SqsQueue)
private readonly sqsQueueRepo: Repository<SqsQueue>,
) {
super();
}
export class ListQueuesHandler extends V2ListQueuesHandler {
format = Format.Xml;
action = Action.SqsListQueues;
validator = Joi.object<QueryParams, true>();
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
const queues = await this.sqsQueueRepo.find({ where: { accountId: awsProperties.accountId }});
return {
QueueUrl: queues.map((q) => q.getUrl(awsProperties.host))
}
override async handle(params: {}, context: RequestContext) {
const response: any = await super.handle(params, context);
return { QueueUrl: response.QueueUrls }
}
}

3
src/sqs/purge-queue.handler.ts
View File

@ -4,6 +4,7 @@ import { Action } from '../action.enum';
import * as Joi from 'joi';
import { SqsQueue } from './sqs-queue.entity';
import { SqsQueueEntryService } from './sqs-queue-entry.service';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
QueueUrl: string;
@ -22,7 +23,7 @@ export class PurgeQueueHandler extends AbstractActionHandler<QueryParams> {
action = Action.SqsPurgeQueue;
validator = Joi.object<QueryParams, true>({ QueueUrl: Joi.string().required() });
protected async handle({ QueueUrl }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ QueueUrl }: QueryParams, { awsProperties} : RequestContext) {
const [accountId, name] = SqsQueue.tryGetAccountIdAndNameFromPathOrArn(QueueUrl);
await this.sqsQueueEntryService.purge(accountId, name);

2
src/sqs/receive-message.handler.ts
View File

@ -30,7 +30,7 @@ export class ReceiveMessageHandler extends AbstractActionHandler<QueryParams> {
VisibilityTimeout: Joi.number(),
});
protected async handle({ QueueUrl, MaxNumberOfMessages, VisibilityTimeout }: QueryParams, awsProperties: AwsProperties) {
protected async handle({ QueueUrl, MaxNumberOfMessages, VisibilityTimeout }: QueryParams) {
const [accountId, name] = SqsQueue.tryGetAccountIdAndNameFromPathOrArn(QueueUrl);
const records = await this.sqsQueueEntryService.receiveMessages(accountId, name, MaxNumberOfMessages, VisibilityTimeout);

13
src/sqs/set-queue-attributes.handler.ts
View File

@ -1,11 +1,11 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import * as Joi from 'joi';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { InjectRepository } from '@nestjs/typeorm';
import { SqsQueueEntryService } from './sqs-queue-entry.service';
import { SqsQueue } from './sqs-queue.entity';
import { Repository } from 'typeorm';
type QueryParams = {
'Attribute.Name': string;
@ -17,9 +17,8 @@ type QueryParams = {
export class SetQueueAttributesHandler extends AbstractActionHandler<QueryParams> {
constructor(
@InjectRepository(SqsQueue)
private readonly sqsQueueRepo: Repository<SqsQueue>,
private readonly attributeService: AttributesService,
private readonly sqsQueueEntryService: SqsQueueEntryService,
) {
super();
}
@ -32,9 +31,9 @@ export class SetQueueAttributesHandler extends AbstractActionHandler<QueryParams
__path: Joi.string().required(),
});
protected async handle(params: QueryParams, awsProperties: AwsProperties) {
protected async handle(params: QueryParams) {
const [accountId, name] = SqsQueue.getAccountIdAndNameFromPath(params.__path);
const queue = await this.sqsQueueRepo.findOne({ where: { accountId , name } });
const queue = await this.sqsQueueEntryService.findQueueByAccountIdAndName(accountId, name);
const attributes = SqsQueue.attributePairs(params);
if (params['Attribute.Name'] && params['Attribute.Value']) {

133
src/sqs/sqs-queue-entry.service.ts
View File

@ -1,8 +1,10 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { Prisma, SqsQueueMessage } from '@prisma/client';
import { randomUUID } from 'crypto';
import { PrismaService } from '../_prisma/prisma.service';
import { SqsQueue } from './sqs-queue.entity';
import * as uuid from 'uuid';
import { QueueNameExists } from '../aws-shared-entities/aws-exceptions';
type QueueEntry = {
id: string;
@ -20,94 +22,119 @@ const FIFTEEN_SECONDS = 15 * 1000;
@Injectable()
export class SqsQueueEntryService {
// Heavy use may require event-driven locking implementation
private queues: Record<string, QueueEntry[]> = {};
private queueObjectCache: Record<string, [Date, SqsQueue]> = {};
constructor(
@InjectRepository(SqsQueue)
private readonly sqsQueueRepo: Repository<SqsQueue>,
private readonly prismaService: PrismaService,
) {}
async findQueueByAccountIdAndName(accountId: string, name: string): Promise<SqsQueue> {
return await this.sqsQueueRepo.findOne({ where: { accountId, name } });
async findQueueByAccountIdAndName(accountId: string, name: string): Promise<SqsQueue | null> {
const prisma = await this.prismaService.sqsQueue.findFirst({ where: { accountId, name } });
return prisma ? new SqsQueue(prisma) : null;
}
metrics(queueArn: string): Metrics {
async createQueue(data: Prisma.SqsQueueCreateInput): Promise<SqsQueue> {
try {
const prisma = await this.prismaService.sqsQueue.create({ data });
return new SqsQueue(prisma);
} catch (error) {
throw new QueueNameExists();
}
}
async deleteQueue(id: number): Promise<void> {
await this.prismaService.sqsQueue.delete({ where: { id }});
}
async metrics(queueId: number): Promise<Metrics> {
const now = new Date();
return this.getQueueList(queueArn).reduce<Metrics>((acc, e) => {
acc.total += 1;
acc.inFlight += e.inFlightReleaseDate > now ? 1 : 0;
return acc;
}, { total: 0, inFlight: 0 });
const [total, inFlight] = await Promise.all([
this.prismaService.sqsQueueMessage.count({ where: { queueId }}),
this.prismaService.sqsQueueMessage.count({ where: { queueId, inFlightRelease: { gt: now } }}),
]);
return { total, inFlight }
}
async publish(accountId: string, queueName: string, message: string) {
const queue = await this.sqsQueueRepo.findOne({ where: { accountId, name: queueName }});
const prisma = await this.prismaService.sqsQueue.findFirst({ where: { accountId, name: queueName }});
if (!queue) {
if (!prisma) {
console.warn(`Warning bad subscription to ${queueName}`);
return;
}
this.getQueueList(queue.arn).push({
id: uuid.v4(),
queueArn: queue.arn,
senderId: accountId,
message,
inFlightReleaseDate: new Date(),
createdAt: new Date(),
const queue = new SqsQueue(prisma);
await this.prismaService.sqsQueueMessage.create({
data: {
id: randomUUID(),
queueId: queue.id,
senderId: accountId,
message,
inFlightRelease: new Date(),
}
});
}
async receiveMessages(accountId: string, queueName: string, maxNumberOfMessages = 10, visabilityTimeout = 0): Promise<QueueEntry[]> {
async receiveMessages(accountId: string, queueName: string, maxNumberOfMessages = 10, visabilityTimeout = 0): Promise<SqsQueueMessage[]> {
const queue = await this.getQueueHelper(accountId, queueName);
const accessDate = new Date();
const newInFlightReleaseDate = new Date(accessDate);
newInFlightReleaseDate.setSeconds(accessDate.getSeconds() + visabilityTimeout);
const records = this.getQueueList(queue.arn).filter(e => e.inFlightReleaseDate <= accessDate).slice(0, maxNumberOfMessages - 1);
records.forEach(e => e.inFlightReleaseDate = newInFlightReleaseDate);
return records;
const records = await this.prismaService.sqsQueueMessage.findMany({
where: {
queueId: queue.id,
inFlightRelease: {
lte: accessDate,
}
},
take: maxNumberOfMessages,
});
await this.prismaService.sqsQueueMessage.updateMany({
data: {
inFlightRelease: newInFlightReleaseDate
},
where: {
id: {
in: records.map(r => r.id)
}
}
});
return records.map(r => ({ ...r, inFlightRelease: newInFlightReleaseDate }));
}
async deleteMessage(accountId: string, queueName: string, id: string): Promise<void> {
const queue = await this.getQueueHelper(accountId, queueName);
const records = this.getQueueList(queue.arn);
const loc = records.findIndex(r => r.id === id);
records.splice(loc, 1);
async deleteMessage(id: string): Promise<void> {
await this.prismaService.sqsQueueMessage.delete({ where: { id }});
}
async purge(accountId: string, queueName: string) {
const queue = await this.sqsQueueRepo.findOne({ where: { accountId, name: queueName }});
this.queues[queue.arn] = [];
const queue = await this.findQueueByAccountIdAndName(accountId, queueName);
if (!queue) {
return;
}
await this.prismaService.sqsQueueMessage.deleteMany({ where: { queueId: queue.id }});
}
private async getQueueHelper(accountId: string, queueName: string): Promise<SqsQueue> {
if (!this.queueObjectCache[`${accountId}/${queueName}`] || this.queueObjectCache[`${accountId}/${queueName}`][0] < new Date()) {
this.queueObjectCache[`${accountId}/${queueName}`] = [new Date(Date.now() + FIFTEEN_SECONDS), await this.sqsQueueRepo.findOne({ where: { accountId, name: queueName }})];
const queue = await this.findQueueByAccountIdAndName(accountId, queueName);
if (!queue) {
throw new BadRequestException('Queue not found');
}
this.queueObjectCache[`${accountId}/${queueName}`] = [new Date(Date.now() + FIFTEEN_SECONDS), queue];
}
const [_, queue] = this.queueObjectCache[`${accountId}/${queueName}`];
if (!queue) {
throw new BadRequestException('Queue not found');
}
return queue;
}
private getQueueList(arn: string): QueueEntry[] {
if (!this.queues[arn]) {
this.queues[arn] = [];
}
return this.queues[arn];
}
}

67
src/sqs/sqs-queue.entity.ts
View File

@ -1,4 +1,5 @@
import { BaseEntity, Column, CreateDateColumn, Entity, PrimaryColumn, UpdateDateColumn } from 'typeorm';
import { SqsQueue as PrismaSqsQueue } from '@prisma/client';
import { getPathFromUrl } from '../util/get-path-from-url';
const attributeSlotMap = {
@ -6,23 +7,24 @@ const attributeSlotMap = {
'Value': 'value',
}
@Entity('sqs_queue')
export class SqsQueue extends BaseEntity {
export class SqsQueue implements PrismaSqsQueue {
@PrimaryColumn({ name: 'name' })
id: number;
name: string;
@Column({ name: 'account_id', nullable: false })
accountId: string;
@Column({ name: 'region', nullable: false })
region: string;
createdAt: Date;
updatedAt: Date;
@CreateDateColumn()
createdAt: string;
constructor(p: PrismaSqsQueue) {
this.id = p.id;
this.name = p.name;
this.accountId = p.accountId;
this.region = p.region;
this.createdAt = p.createdAt;
this.updatedAt = p.updatedAt;
}
@UpdateDateColumn()
updatedAt: string;
get arn(): string {
return `arn:aws:sqs:${this.region}:${this.accountId}:${this.name}`;
@ -39,8 +41,8 @@ export class SqsQueue extends BaseEntity {
static getAccountIdAndNameFromArn(arn: string): [string, string] {
const parts = arn.split(':');
const name = parts.pop();
const accountId = parts.pop();
const name = parts.pop() as string;
const accountId = parts.pop() as string;
return [accountId, name];
}
@ -52,19 +54,42 @@ export class SqsQueue extends BaseEntity {
return SqsQueue.getAccountIdAndNameFromPath(workingString);
}
static attributePairs(queryParams: Record<string, string>): { key: string, value: string }[] {
const pairs = [null];
static attributePairs(queryParams: Record<string, any>): { key: string, value: string }[] {
if (queryParams.Attributes) {
return Object.entries(queryParams.Attributes as Record<string, string>).map(([key, value]) => ({ key, value }));
}
const pairs: { key: string, value: string }[] = [];
for (const param of Object.keys(queryParams)) {
const [type, idx, slot] = param.split('.');
const components = this.breakdownAwsQueryParam(param);
if (!components) {
continue;
}
const [type, idx, slot] = components;
if (type === 'Attribute') {
if (!pairs[+idx]) {
pairs[+idx] = { key: '', value: ''};
if (!pairs[idx]) {
pairs[idx] = { key: '', value: ''};
}
pairs[+idx][attributeSlotMap[slot]] = queryParams[param];
pairs[+idx][slot] = queryParams[param];
}
}
pairs.shift();
return pairs;
}
private static breakdownAwsQueryParam(paramKey: string): [string, number, 'key' | 'value'] | null {
const parts = paramKey.split('.');
if (parts.length !== 3) {
return null;
}
const [type, idx, slot] = parts;
return [type, +idx, attributeSlotMap[slot as 'Name' | 'Value'] as 'key' | 'value'];
}
}

30
src/sqs/sqs.module.ts
View File

@ -1,5 +1,5 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { AwsSharedEntitiesModule } from '../aws-shared-entities/aws-shared-entities.module';
@ -14,9 +14,11 @@ import { PurgeQueueHandler } from './purge-queue.handler';
import { ReceiveMessageHandler } from './receive-message.handler';
import { SetQueueAttributesHandler } from './set-queue-attributes.handler';
import { SqsQueueEntryService } from './sqs-queue-entry.service';
import { SqsQueue } from './sqs-queue.entity';
import { SqsHandlers } from './sqs.constants';
import { DeleteMessageBatchHandler } from './delete-message-batch.handler';
import { PrismaModule } from '../_prisma/prisma.module';
import { V2ListQueuesHandler } from './v2-list-queues.handler';
import { V2CreateQueueHandler } from './v2-create-queue.handler';
const handlers = [
CreateQueueHandler,
@ -28,6 +30,8 @@ const handlers = [
PurgeQueueHandler,
ReceiveMessageHandler,
SetQueueAttributesHandler,
V2CreateQueueHandler,
V2ListQueuesHandler,
]
const actions = [
@ -51,12 +55,32 @@ const actions = [
Action.SqsSetQueueAttributes,
Action.SqsTagQueue,
Action.SqsUntagQueue,
Action.V2_SqsAddPermisson,
Action.V2_SqsChangeMessageVisibility,
Action.V2_SqsChangeMessageVisibilityBatch,
Action.V2_SqsCreateQueue,
Action.V2_SqsDeleteMessage,
Action.V2_SqsDeleteMessageBatch,
Action.V2_SqsDeleteQueue,
Action.V2_SqsGetQueueAttributes,
Action.V2_SqsGetQueueUrl,
Action.V2_SqsListDeadLetterSourceQueues,
Action.V2_SqsListQueues,
Action.V2_SqsListQueueTags,
Action.V2_SqsPurgeQueue,
Action.V2_SqsReceiveMessage,
Action.V2_SqsRemovePermission,
Action.V2_SqsSendMessage,
Action.V2_SqsSendMessageBatch,
Action.V2_SqsSetQueueAttributes,
Action.V2_SqsTagQueue,
Action.V2_SqsUntagQueue,
]
@Module({
imports: [
TypeOrmModule.forFeature([SqsQueue]),
AwsSharedEntitiesModule,
PrismaModule,
],
providers: [
...handlers,

51
src/sqs/v2-create-queue.handler.ts Normal file
View File

@ -0,0 +1,51 @@
import { Injectable } from '@nestjs/common';
import * as Joi from 'joi';
import { AbstractActionHandler, AwsProperties, Format } from '../abstract-action.handler';
import { Action } from '../action.enum';
import { AttributesService } from '../aws-shared-entities/attributes.service';
import { TagsService } from '../aws-shared-entities/tags.service';
import { SqsQueueEntryService } from './sqs-queue-entry.service';
import { SqsQueue } from './sqs-queue.entity';
import { RequestContext } from '../_context/request.context';
type QueryParams = {
QueueName: string;
}
@Injectable()
export class V2CreateQueueHandler extends AbstractActionHandler<QueryParams> {
constructor(
private readonly sqsQueueEntryService: SqsQueueEntryService,
private readonly tagsService: TagsService,
private readonly attributeService: AttributesService,
) {
super();
}
format = Format.Json;
action = Action.V2_SqsCreateQueue;
validator = Joi.object<QueryParams, true>({
QueueName: Joi.string().required(),
});
protected async handle(params: QueryParams, context: RequestContext) {
const { QueueName: name } = params;
const queue = await this.sqsQueueEntryService.createQueue({
name,
accountId: context.awsProperties.accountId,
region: context.awsProperties.region,
});
const tags = TagsService.tagPairs(params);
await this.tagsService.createMany(queue.arn, tags);
const attributes = SqsQueue.attributePairs(params);
await this.attributeService.createMany(queue.arn, attributes);
return { QueueUrl: queue.getUrl(context.awsProperties.host) };
}
}

Some files were not shown because too many files have changed in this diff Show More