Merge pull request #94 from cloudgraphdev/fix/CG-1258

fix: add missing statement elements needed for the policy definitions

Author: hjaraujof

src/services/iamPolicy/schema.graphql

@@ -33,6 +33,9 @@ type awsIamJSONPolicyStatement
   effect: String @search(by: [hash, regexp])
   principal: [awsIamJSONPolicyPrincipal]
   resource: [String] @search(by: [hash])
+  notAction: [String] @search(by: [hash])
+  notPrincipal: [awsIamJSONPolicyPrincipal]
+  notResource: [String] @search(by: [hash])
 }
 
 type awsIamJSONPolicyCondition

src/types/generated.ts

@@ -3107,6 +3107,9 @@ export type AwsIamJsonPolicyStatement = {
   condition?: Maybe<Array<Maybe<AwsIamJsonPolicyCondition>>>;
   effect?: Maybe<Scalars['String']>;
   id?: Maybe<Scalars['ID']>;
+  notAction?: Maybe<Array<Maybe<Scalars['String']>>>;
+  notPrincipal?: Maybe<Array<Maybe<AwsIamJsonPolicyPrincipal>>>;
+  notResource?: Maybe<Array<Maybe<Scalars['String']>>>;
   principal?: Maybe<Array<Maybe<AwsIamJsonPolicyPrincipal>>>;
   resource?: Maybe<Array<Maybe<Scalars['String']>>>;
 };

src/types/index.ts

@@ -17,3 +17,35 @@ export interface RawAwsService {
   cgId: string
   accountId: string
 }
+
+export interface RawAwsIamJsonPolicyStatementCondition {
+  // Condition operator
+  [key: string]: {
+    // Condition key: Condition value
+    [key: string]: string | number | string[] | number []
+  }
+}
+
+export interface RawAwsIamJsonPolicyStatementPrincipal {
+  [key: string]: string[]
+}
+
+export interface RawAwsIamJsonPolicyStatement {
+  Sid?: string
+  Condition?: RawAwsIamJsonPolicyStatementCondition
+  Effect: string
+  Principal?: RawAwsIamJsonPolicyStatementPrincipal
+  NotPrincipal?: RawAwsIamJsonPolicyStatementPrincipal
+  Action?: string[]
+  NotAction?: string[]
+  Resource?: string[]
+  NotResource?: string[]
+}
+
+export interface RawAwsIamJsonPolicy {
+  Version: string
+  Id?: string
+  Statement: RawAwsIamJsonPolicyStatement[]
+}
+
+export * from './generated'

src/utils/format.ts

@@ -2,8 +2,19 @@ import { parseString } from '@fast-csv/parse'
 import CloudGraph, { generateUniqueId } from '@cloudgraph/sdk'
 import isArray from 'lodash/isArray'
 import toString from 'lodash/toString'
-import { AwsRawTag, AwsIamJsonPolicy } from '../types/generated'
-import { AwsTag, TagMap } from '../types'
+import {
+  AwsRawTag,
+  AwsIamJsonPolicy,
+  AwsIamJsonPolicyCondition,
+  AwsIamJsonPolicyPrincipal,
+  AwsIamJsonPolicyStatement,
+  AwsTag,
+  RawAwsIamJsonPolicy,
+  RawAwsIamJsonPolicyStatement,
+  RawAwsIamJsonPolicyStatementCondition,
+  RawAwsIamJsonPolicyStatementPrincipal,
+  TagMap,
+} from '../types'
 
 const { logger } = CloudGraph
 
@@ -46,6 +57,7 @@ export const camelize = (key: string): string =>
  */
 export const pascalize = (key: string): string => {
   const camelized = camelize(key)
+  // TODO: Change to String.slice?
   return camelized.substr(0, 1).toUpperCase() + camelized.substr(1)
 }
 
@@ -65,7 +77,7 @@ export const parseCSV = (csv: string): Promise<any[]> =>
   })
 
 export const formatIamJsonPolicy = (json: string): AwsIamJsonPolicy => {
-  let object
+  let object: RawAwsIamJsonPolicy
   try {
     object = JSON.parse(json.replace(/\\"/g, '"'))
   } catch (err) {
@@ -75,7 +87,9 @@ export const formatIamJsonPolicy = (json: string): AwsIamJsonPolicy => {
   const statement = isArray(object.Statement)
     ? object.Statement
     : [object.Statement]
-  const formatCondition = condition => {
+  const formatCondition = (
+    condition: RawAwsIamJsonPolicyStatementCondition
+  ): AwsIamJsonPolicyCondition[] => {
     if (!condition) return null
     return Object.entries(condition).map(([key, value = {}]) => {
       const entry = Object.entries(value)[0] || []
@@ -88,7 +102,9 @@ export const formatIamJsonPolicy = (json: string): AwsIamJsonPolicy => {
     })
   }
 
-  const formatPrincipal = principal => {
+  const formatPrincipal = (
+    principal: RawAwsIamJsonPolicyStatementPrincipal
+  ): AwsIamJsonPolicyPrincipal[] => {
     if (!principal) return null
     return Object.entries(principal).map(([key, value]) => {
       const conVal = (isArray(value) ? value : [value]) || []
@@ -102,12 +118,21 @@ export const formatIamJsonPolicy = (json: string): AwsIamJsonPolicy => {
   return {
     id: generateUniqueId(json),
     version: object.Version,
-    statement: statement.map(el => ({
-      action: isArray(el.Action) ? el.Action : [toString(el.Action)],
-      condition: formatCondition(el.Condition),
-      effect: el.Effect,
-      principal: formatPrincipal(el.Principal),
-      resource: isArray(el.Resource) ? el.Resource : [toString(el.Resource)],
-    })),
+    statement: statement.map(
+      (el: RawAwsIamJsonPolicyStatement): AwsIamJsonPolicyStatement => ({
+        action: isArray(el.Action) ? el.Action : [toString(el.Action)],
+        notAction: isArray(el.NotAction)
+          ? el.NotAction
+          : [toString(el.NotAction)],
+        condition: formatCondition(el.Condition),
+        effect: el.Effect,
+        principal: formatPrincipal(el.Principal),
+        notPrincipal: formatPrincipal(el.NotPrincipal),
+        resource: isArray(el.Resource) ? el.Resource : [toString(el.Resource)],
+        notResource: isArray(el.NotResource)
+          ? el.NotResource
+          : [toString(el.NotResource)],
+      })
+    ),
   }
 }