Skip to content

Commit 6f2f4fe

Browse files
tyler-dunkeltyler-dunkel
authored
Merge pull request #12 from cloudgraphdev/fix/CG-1074
fix: Included rawPolicy for aws services
2 parents 1104c82 + 6ee5cef commit 6f2f4fe

19 files changed

Lines changed: 86 additions & 53 deletions

File tree

src/services/apiGatewayRestApi/format.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ export default ({
3434
arn,
3535
region,
3636
description,
37+
rawPolicy: policy,
3738
policy: formatIamJsonPolicy(policy),
3839
endpointConfiguration,
3940
apiKeySource,

src/services/apiGatewayRestApi/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ type awsApiGatewayEndpointConfiguration {
66

77
type awsApiGatewayRestApi implements awsBaseService @key(fields: "arn") {
88
description: String @search(by: [hash, regexp, fulltext])
9+
rawPolicy: String @search(by: [hash, regexp])
910
policy: awsIamJSONPolicy
1011
endpointConfiguration: awsApiGatewayEndpointConfiguration
1112
apiKeySource: String @search(by: [hash])

src/services/elasticSearchDomain/format.ts

Lines changed: 33 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ export default ({
4848
const mappedEndpoints = Object.keys(endpoints ?? {}).map(key => ({
4949
id: cuid(),
5050
key,
51-
value: endpoints[key]
51+
value: endpoints[key],
5252
}))
5353

5454
const formattedElasticSearchClusterConfig = {
@@ -58,62 +58,64 @@ export default ({
5858
dedicatedMasterCount: elasticSearchClusterconfig?.DedicatedMasterCount,
5959
zoneAwarenessEnabled: elasticSearchClusterconfig?.ZoneAwarenessEnabled,
6060
zoneAwarenessConfig: {
61-
availabilityZoneCount: elasticSearchClusterconfig?.ZoneAwarenessConfig?.AvailabilityZoneCount
61+
availabilityZoneCount:
62+
elasticSearchClusterconfig?.ZoneAwarenessConfig?.AvailabilityZoneCount,
6263
},
6364
dedicatedMasterType: elasticSearchClusterconfig?.DedicatedMasterType,
6465
warmEnabled: elasticSearchClusterconfig?.WarmEnabled,
6566
warmType: elasticSearchClusterconfig?.WarmType,
6667
warmCount: elasticSearchClusterconfig?.WarmCount,
6768
coldStorageOptions: {
68-
enabled: elasticSearchClusterconfig?.ColdStorageOptions?.Enabled
69-
}
69+
enabled: elasticSearchClusterconfig?.ColdStorageOptions?.Enabled,
70+
},
7071
}
7172

7273
const formattedEbsOptions = {
7374
ebsEnabled: ebsOptions?.EBSEnabled,
7475
volumeType: ebsOptions?.VolumeType,
7576
volumeSize: ebsOptions?.VolumeSize,
76-
iops: ebsOptions?.Iops
77+
iops: ebsOptions?.Iops,
7778
}
7879

7980
const formattedSnapshotOptions = {
80-
automatedSnapshotStartHour: snapshotOptions?.AutomatedSnapshotStartHour
81+
automatedSnapshotStartHour: snapshotOptions?.AutomatedSnapshotStartHour,
8182
}
8283

8384
const formattedVpcOptions = {
8485
vpcId: vpcOptions?.VPCId,
8586
subnetIds: vpcOptions?.SubnetIds,
8687
availabilityZones: vpcOptions?.AvailabilityZones,
87-
securityGroupIds: vpcOptions?.SecurityGroupIds
88+
securityGroupIds: vpcOptions?.SecurityGroupIds,
8889
}
8990

9091
const formattedCognioOptions = {
9192
enabled: cognitoOptions?.Enabled,
9293
userPoolId: cognitoOptions?.UserPoolId,
9394
identityPoolId: cognitoOptions?.IdentityPoolId,
94-
roleArn: cognitoOptions?.RoleArn
95+
roleArn: cognitoOptions?.RoleArn,
9596
}
9697

9798
const formattedEncryptionAtRestOptions = {
9899
enabled: encryptionAtRestOptions?.Enabled,
99-
kmsKeyId: encryptionAtRestOptions?.KmsKeyId
100+
kmsKeyId: encryptionAtRestOptions?.KmsKeyId,
100101
}
101102

102103
const formattedNodeToNodeEncryptionOptions = {
103-
enabled: nodeToNodeEncryptionOptions?.Enabled
104+
enabled: nodeToNodeEncryptionOptions?.Enabled,
104105
}
105106

106107
const mappedAdvancedOptions = Object.keys(advancedOptions ?? {}).map(key => ({
107108
id: cuid(),
108109
key,
109-
value: advancedOptions[key]
110+
value: advancedOptions[key],
110111
}))
111112

112113
const mappedLogPublishingOptions = Object.keys(logPublishingOptions ?? {}).map(key => ({
113114
id: cuid(),
114115
key,
115116
enabled: logPublishingOptions[key]?.Enabled,
116-
cloudWatchLogsLogGroupArn: logPublishingOptions[key]?.CloudWatchLogsLogGroupArn
117+
cloudWatchLogsLogGroupArn:
118+
logPublishingOptions[key]?.CloudWatchLogsLogGroupArn,
117119
}))
118120

119121
const formattedServiceSoftwareOptions = {
@@ -123,43 +125,49 @@ export default ({
123125
cancellable: serviceSoftwareOptions?.Cancellable,
124126
updateStatus: serviceSoftwareOptions?.UpdateStatus,
125127
description: serviceSoftwareOptions?.Description,
126-
automatedUpdateDate: serviceSoftwareOptions?.AutomatedUpdateDate?.toISOString(),
127-
optionalDeployment: serviceSoftwareOptions?.OptionalDeployment
128+
automatedUpdateDate:
129+
serviceSoftwareOptions?.AutomatedUpdateDate?.toISOString(),
130+
optionalDeployment: serviceSoftwareOptions?.OptionalDeployment,
128131
}
129132

130133
const formattedDomainEndpointOptions = {
131134
enforceHttps: domainEndpointOptions?.EnforceHTTPS,
132135
tlsSecurityPolicy: domainEndpointOptions?.TLSSecurityPolicy,
133136
customEndpointEnabled: domainEndpointOptions?.CustomEndpointEnabled,
134137
customEndpoint: domainEndpointOptions?.CustomEndpoint,
135-
customEndpointCertificateArn: domainEndpointOptions?.CustomEndpointCertificateArn
138+
customEndpointCertificateArn:
139+
domainEndpointOptions?.CustomEndpointCertificateArn,
136140
}
137141

138142
const formattedAdvancedSecurityOptions = {
139143
enabled: advancedSecurityOptions?.Enabled,
140-
internalUserDatabaseEnabled: advancedSecurityOptions?.InternalUserDatabaseEnabled,
144+
internalUserDatabaseEnabled:
145+
advancedSecurityOptions?.InternalUserDatabaseEnabled,
141146
samlOptions: {
142147
enabled: advancedSecurityOptions?.SAMLOptions?.Enabled,
143148
idp: {
144-
metadataContent: advancedSecurityOptions?.SAMLOptions?.Idp?.MetadataContent,
145-
entityId: advancedSecurityOptions?.SAMLOptions?.Idp?.EntityId
149+
metadataContent:
150+
advancedSecurityOptions?.SAMLOptions?.Idp?.MetadataContent,
151+
entityId: advancedSecurityOptions?.SAMLOptions?.Idp?.EntityId,
146152
},
147153
subjectKey: advancedSecurityOptions?.SAMLOptions?.SubjectKey,
148154
rolesKey: advancedSecurityOptions?.SAMLOptions?.RolesKey,
149-
sessionTimeoutMinutes: advancedSecurityOptions?.SAMLOptions?.SessionTimeoutMinutes
155+
sessionTimeoutMinutes:
156+
advancedSecurityOptions?.SAMLOptions?.SessionTimeoutMinutes,
150157
},
151-
anonymousAuthDisableDate: advancedSecurityOptions?.AnonymousAuthDisableDate?.toISOString(),
152-
anonymousAuthEnabled: advancedSecurityOptions?.AnonymousAuthEnabled
158+
anonymousAuthDisableDate:
159+
advancedSecurityOptions?.AnonymousAuthDisableDate?.toISOString(),
160+
anonymousAuthEnabled: advancedSecurityOptions?.AnonymousAuthEnabled,
153161
}
154162

155163
const formattedAutoTuneOptions = {
156164
state: autoTuneOptions?.State,
157-
errorMessage: autoTuneOptions?.ErrorMessage
165+
errorMessage: autoTuneOptions?.ErrorMessage,
158166
}
159167

160168
const formattedChangeProgressDetails = {
161169
changeId: changeProcessDetails?.ChangeId,
162-
message: changeProcessDetails?.Message
170+
message: changeProcessDetails?.Message,
163171
}
164172

165173
return {
@@ -173,6 +181,7 @@ export default ({
173181
processing,
174182
upgradeProcessing,
175183
elasticSearchVersion,
184+
rawPolicy: accessPolicies,
176185
accessPolicies: formatIamJsonPolicy(accessPolicies),
177186
domainName,
178187
endpoints: mappedEndpoints,
@@ -190,6 +199,6 @@ export default ({
190199
advancedSecurityOptions: formattedAdvancedSecurityOptions,
191200
autoTuneOptions: formattedAutoTuneOptions,
192201
changeProcessDetails: formattedChangeProgressDetails,
193-
tags: formatTagsFromMap(tags ?? {})
202+
tags: formatTagsFromMap(tags ?? {}),
194203
}
195204
}

src/services/elasticSearchDomain/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ type awsElasticSearchDomain implements awsBaseService @key(fields: "arn") {
66
processing: Boolean @search
77
upgradeProcessing: Boolean @search
88
elasticSearchVersion: String @search(by: [hash, regexp])
9+
rawPolicy: String @search(by: [hash, regexp])
910
accessPolicies: awsIamJSONPolicy
1011
endpoints: [awsRawTag]
1112
elasticSearchClusterConfig: awsElasticSearchClusterConfig

src/services/iamPolicy/format.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ export default ({
3434
arn,
3535
accountId: arn.includes(GLOBAL_ARN_PREFIX) ? 'global' : account, // Uses global for AWS managed policies
3636
path,
37+
rawPolicy: policyContent,
3738
policyContent: formatIamJsonPolicy(policyContent),
3839
description,
3940
tags: policyTags,

src/services/iamPolicy/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ type awsIamPolicy implements awsBaseService @key(fields: "id") {
22
name: String @search(by: [hash, regexp])
33
path: String @search(by: [hash, regexp])
44
description: String @search(by: [hash, regexp])
5+
rawPolicy: String @search(by: [hash, regexp])
56
policyContent: awsIamJSONPolicy
67
tags: [awsRawTag]
78
iamRoles: [awsIamRole] @hasInverse(field: iamAttachedPolicies)

src/services/iamRole/format.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ export default ({
3838
path,
3939
createdAt: createdAt?.toISOString() || '',
4040
description,
41+
rawPolicy: assumeRolePolicy,
4142
assumeRolePolicy: formatIamJsonPolicy(assumeRolePolicy),
4243
maxSessionDuration,
4344
inlinePolicies,

src/services/iamRole/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
type awsIamRole implements awsBaseService @key(fields: "id") {
22
name: String @search(by: [hash, regexp])
33
path: String @search(by: [hash, regexp])
4+
rawPolicy: String @search(by: [hash, regexp])
45
assumeRolePolicy: awsIamJSONPolicy
56
description: String @search(by: [hash, regexp])
67
createdAt: String @search(by: [hash, regexp])

src/services/kms/format.ts

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,10 @@
11
import { AliasListEntry } from 'aws-sdk/clients/kms'
22
import cuid from 'cuid'
33
import { AwsKms } from './data'
4-
import { AwsKms as AwsKmsType, AwsKmsAliasListEntry } from '../../types/generated'
4+
import {
5+
AwsKms as AwsKmsType,
6+
AwsKmsAliasListEntry,
7+
} from '../../types/generated'
58
import { formatTagsFromMap, formatIamJsonPolicy } from '../../utils/format'
69

710
export const formatAliases = (
@@ -26,7 +29,7 @@ export const formatAliases = (
2629
export default ({
2730
service: key,
2831
account,
29-
region
32+
region,
3033
}: {
3134
service: AwsKms
3235
account: string
@@ -48,7 +51,7 @@ export default ({
4851
Origin: origin,
4952
DeletionDate: deletionDate,
5053
ValidTo: validTo,
51-
Aliases: aliases = []
54+
Aliases: aliases = [],
5255
} = key
5356

5457
return {
@@ -59,6 +62,7 @@ export default ({
5962
description,
6063
keyRotationEnabled,
6164
usage,
65+
rawPolicy: policy,
6266
policy: formatIamJsonPolicy(policy),
6367
enabled,
6468
keyState,

src/services/kms/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ type awsKms implements awsBaseService @key(fields: "id") {
1616
description: String @search(by: [hash, regexp, fulltext])
1717
keyRotationEnabled: Boolean @search
1818
usage: String @search(by: [hash, regexp])
19+
rawPolicy: String @search(by: [hash, regexp])
1920
policy: awsIamJSONPolicy
2021
enabled: Boolean @search
2122
keyState: String @search(by: [hash, regexp])

0 commit comments

Comments
 (0)