Skip to content

Commit 2e00890

Browse files
hjaraujofhjaraujof
committed
fixes to schema, cleanup
1 parent 3a713f6 commit 2e00890

5 files changed

Lines changed: 28 additions & 54 deletions

File tree

src/services/iamPolicy/schema.graphql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ type awsIamPolicy implements awsBaseService @key(fields: "id") {
88
iamRoles: [awsIamRole] @hasInverse(field: iamAttachedPolicies)
99
iamGroups: [awsIamGroup] @hasInverse(field: iamAttachedPolicies)
1010
iamUsers: [awsIamUser] @hasInverse(field: iamAttachedPolicies)
11-
permissionboundaryOf: [awsIamRole] @hasInverse(field: iamPermissionBoundaryPolicy)
11+
permissionBoundaryOf: [awsIamRole] @hasInverse(field: iamPermissionBoundaryPolicy)
1212
}
1313

1414
type awsIamJSONPolicy

src/services/iamRole/data.ts

Lines changed: 6 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ import IAM, {
99
GetAccountAuthorizationDetailsResponse,
1010
GetRoleResponse,
1111
ListAttachedRolePoliciesResponse,
12-
ListRolePoliciesResponse,
1312
ListRolesResponse,
1413
ListRoleTagsResponse,
1514
Role,
@@ -44,8 +43,7 @@ export interface RawAwsIamRole extends Omit<Role, 'Tags'> {
4443
region: string
4544
Tags?: TagMap
4645
PermissionsBoundaryArn: string
47-
InlinePoliciesName: string[]
48-
InlinePoliciesDocuments: string[]
46+
InlinePolicies: Array<{ name: string; document: string }>
4947
}
5048

5149
const roleByRoleName = async (
@@ -103,32 +101,6 @@ const tagsByRoleName = async (
103101
)
104102
})
105103

106-
const policiesByRoleName = async (
107-
iam: IAM,
108-
{ RoleName }: Role
109-
): Promise<{ RoleName: string; Policies: string[] }> =>
110-
new Promise(resolve => {
111-
iam.listRolePolicies(
112-
{ RoleName },
113-
(err: AWSError, data: ListRolePoliciesResponse) => {
114-
if (err) {
115-
errorLog.generateAwsErrorLog({
116-
functionName: 'iam:listRolePolicies',
117-
err,
118-
})
119-
}
120-
121-
if (!isEmpty(data)) {
122-
const { PolicyNames = [] } = data
123-
124-
resolve({ RoleName, Policies: PolicyNames })
125-
}
126-
127-
resolve(null)
128-
}
129-
)
130-
})
131-
132104
const managedPoliciesByRoleName = async (
133105
iam: IAM,
134106
{ RoleName }: Role
@@ -196,7 +168,6 @@ export const listIamRoles = async ({
196168
}): Promise<RawAwsIamRole[]> =>
197169
new Promise(resolve => {
198170
const result: RawAwsIamRole[] = []
199-
const policiesByRoleNamePromises = []
200171
const tagsByRoleNamePromises = []
201172
const managedPoliciesByRoleNamePromises = []
202173
const roleByRoleNamePromises: Promise<{ RoleName: string; Role: Role }>[] =
@@ -216,15 +187,13 @@ export const listIamRoles = async ({
216187

217188
roles.map(role => {
218189
tagsByRoleNamePromises.push(tagsByRoleName(iam, role))
219-
policiesByRoleNamePromises.push(policiesByRoleName(iam, role))
220190
managedPoliciesByRoleNamePromises.push(
221191
managedPoliciesByRoleName(iam, role)
222192
)
223193
roleByRoleNamePromises.push(roleByRoleName(iam, role))
224194
})
225195

226196
const tags = await Promise.all(tagsByRoleNamePromises)
227-
const policies = await Promise.all(policiesByRoleNamePromises)
228197
const managedPolicies = await Promise.all(
229198
managedPoliciesByRoleNamePromises
230199
)
@@ -249,11 +218,6 @@ export const listIamRoles = async ({
249218
RoleLastUsed: detailedRoles?.find(
250219
r => r?.RoleName === RoleName
251220
)?.Role.RoleLastUsed,
252-
InlinePoliciesName:
253-
policies
254-
?.filter(p => p?.RoleName === RoleName)
255-
.map(p => p.Policies)
256-
.reduce((current, acc) => [...acc, ...current], []) || [],
257221
ManagedPolicies:
258222
managedPolicies
259223
?.filter(p => p?.RoleName === RoleName)
@@ -262,9 +226,12 @@ export const listIamRoles = async ({
262226
Tags: tags.find(t => t?.RoleName === RoleName)?.Tags || {},
263227
PermissionsBoundaryArn:
264228
PermissionsBoundary.PermissionsBoundaryArn,
265-
InlinePoliciesDocuments: roleAuthorizationDetails
229+
InlinePolicies: roleAuthorizationDetails
266230
.find(rAD => rAD.RoleName === RoleName)
267-
.RolePolicyList.map(rPl => rPl.PolicyDocument),
231+
.RolePolicyList.map(rPl => ({
232+
name: rPl.PolicyName,
233+
document: rPl.PolicyDocument,
234+
})),
268235
}
269236
}
270237
)

src/services/iamRole/format.ts

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,8 +24,7 @@ export default ({
2424
RoleLastUsed,
2525
AssumeRolePolicyDocument: assumeRolePolicy = '',
2626
MaxSessionDuration: maxSessionDuration = 0,
27-
InlinePoliciesName: inlinePolicies = [],
28-
InlinePoliciesDocuments: inlineFormattedPolicies,
27+
InlinePolicies: inlinePolicies = [],
2928
Tags: tags = {},
3029
} = rawData
3130

@@ -44,10 +43,12 @@ export default ({
4443
rawPolicy: assumeRolePolicy,
4544
assumeRolePolicy: formatIamJsonPolicy(assumeRolePolicy),
4645
maxSessionDuration,
47-
inlinePolicies,
48-
inlineFormattedPolicies: inlineFormattedPolicies.map(p =>
49-
formatIamJsonPolicy(p)
50-
),
46+
inlinePolicies: inlinePolicies.map(
47+
({ name: inlinePolicyName, document: inlinePolicyDocument }) => ({
48+
name: inlinePolicyName,
49+
document: formatIamJsonPolicy(inlinePolicyDocument),
50+
})
51+
) ?? [],
5152
tags: roleTags,
5253
}
5354
return role

src/services/iamRole/schema.graphql

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
type awsIamRoleInlinePolicy {
2+
name: String @search(by: [hash, regexp])
3+
document: awsIamJSONPolicy
4+
}
5+
16
type awsIamRole implements awsBaseService @key(fields: "id") {
27
name: String @search(by: [hash, regexp])
38
path: String @search(by: [hash, regexp])
@@ -8,9 +13,7 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
813
lastUsedDate: DateTime @search(by: [day])
914
maxSessionDuration: Int @search
1015
tags: [awsRawTag]
11-
inlinePolicies: [String]
12-
rawInlinePolicies: [String] @search(by: [hash, regexp])
13-
inlineFormattedPolicies: [awsIamJSONPolicy]
16+
inlinePolicies: [awsIamRoleInlinePolicy]
1417
cloudFormationStack: [awsCloudFormationStack] @hasInverse(field: iamRole)
1518
codebuilds: [awsCodebuild] @hasInverse(field: iamRoles)
1619
configurationRecorder: [awsConfigurationRecorder] @hasInverse(field: iamRole)
@@ -22,7 +25,7 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
2225
glueJobs: [awsGlueJob] @hasInverse(field: iamRole)
2326
guardDutyDetectors: [awsGuardDutyDetector] @hasInverse(field: iamRole)
2427
iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamRoles)
25-
iamPermissionBoundaryPolicy: [awsIamPolicy] @hasInverse(field: permissionboundaryOf)
28+
iamPermissionBoundaryPolicy: [awsIamPolicy] @hasInverse(field: permissionBoundaryOf)
2629
iamInstanceProfiles: [awsIamInstanceProfile] @hasInverse(field: iamRole)
2730
managedAirflows: [awsManagedAirflow] @hasInverse(field: iamRoles)
2831
sageMakerNotebookInstances: [awsSageMakerNotebookInstance]

src/types/generated.ts

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3150,7 +3150,7 @@ export type AwsIamPolicy = AwsBaseService & {
31503150
iamUsers?: Maybe<Array<Maybe<AwsIamUser>>>;
31513151
name?: Maybe<Scalars['String']>;
31523152
path?: Maybe<Scalars['String']>;
3153-
permissionboundaryOf?: Maybe<Array<Maybe<AwsIamRole>>>;
3153+
permissionBoundaryOf?: Maybe<Array<Maybe<AwsIamRole>>>;
31543154
policyContent?: Maybe<AwsIamJsonPolicy>;
31553155
rawPolicy?: Maybe<Scalars['String']>;
31563156
tags?: Maybe<Array<Maybe<AwsRawTag>>>;
@@ -3184,16 +3184,14 @@ export type AwsIamRole = AwsBaseService & {
31843184
iamAttachedPolicies?: Maybe<Array<Maybe<AwsIamPolicy>>>;
31853185
iamInstanceProfiles?: Maybe<Array<Maybe<AwsIamInstanceProfile>>>;
31863186
iamPermissionBoundaryPolicy?: Maybe<Array<Maybe<AwsIamPolicy>>>;
3187-
inlineFormattedPolicies?: Maybe<Array<Maybe<AwsIamJsonPolicy>>>;
3188-
inlinePolicies?: Maybe<Array<Maybe<Scalars['String']>>>;
3187+
inlinePolicies?: Maybe<Array<Maybe<AwsIamRoleInlinePolicy>>>;
31893188
kinesisFirehose?: Maybe<Array<Maybe<AwsKinesisFirehose>>>;
31903189
lambda?: Maybe<Array<Maybe<AwsLambda>>>;
31913190
lastUsedDate?: Maybe<Scalars['DateTime']>;
31923191
managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
31933192
maxSessionDuration?: Maybe<Scalars['Int']>;
31943193
name?: Maybe<Scalars['String']>;
31953194
path?: Maybe<Scalars['String']>;
3196-
rawInlinePolicies?: Maybe<Array<Maybe<Scalars['String']>>>;
31973195
rawPolicy?: Maybe<Scalars['String']>;
31983196
rdsCluster?: Maybe<Array<Maybe<AwsRdsCluster>>>;
31993197
rdsDbInstance?: Maybe<Array<Maybe<AwsRdsDbInstance>>>;
@@ -3203,6 +3201,11 @@ export type AwsIamRole = AwsBaseService & {
32033201
tags?: Maybe<Array<Maybe<AwsRawTag>>>;
32043202
};
32053203

3204+
export type AwsIamRoleInlinePolicy = {
3205+
document?: Maybe<AwsIamJsonPolicy>;
3206+
name?: Maybe<Scalars['String']>;
3207+
};
3208+
32063209
export type AwsIamSamlProvider = AwsOptionalService & {
32073210
awsCognitoIdentityPool?: Maybe<Array<Maybe<AwsCognitoIdentityPool>>>;
32083211
createdDate?: Maybe<Scalars['String']>;

0 commit comments

Comments
 (0)