All files / src/handlers/rulegroups ListRuleGroupsHandler.ts

100% Statements 27/27
81.48% Branches 22/27
100% Functions 3/3
100% Lines 25/25

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113                                    2x 2x   2x 2x         2x 2x                                                                     2x         3x   3x               3x   3x 3x 1x   3x 3x     3x   3x         3x   3x         3x 3x   3x   3x 3x 3x      
/* 
  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  
  Licensed under the Apache License, Version 2.0 (the "License").
  You may not use this file except in compliance with the License.
  You may obtain a copy of the License at
  
      http://www.apache.org/licenses/LICENSE-2.0
  
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
*/
 
import { APIGatewayProxyEvent, Context } from 'aws-lambda';
import { Logger, LoggerFactory } from 'shared_types';
import { RuleGroupDataSourceService } from 'src/service/RuleGroupDataSourceService';
import { inject, injectable } from 'tsyringe';
import { AsyncRequestHandler } from 'src/common/AsyncRequestHandler';
import { ServerlessResponse } from 'src/common/ServerlessResponse';
import { parse, build } from "@aws-sdk/util-arn-parser";
 
export type ConfigurationEvaluationTriggerEvent = {
    ruleGroupId: string,
}
const MAX_NUM_RESULTS = 100;
const STS_ROLE_REGEX = /(assumed-role)\/(.*)\/(.*)/;
/**
 * @api {get} /rulegroups List rule groups
 * @apiGroup RuleGroup
 * @apiDescription List rule groups belongs to this requestor's arn
 * @apiVersion 1.0.0
 * @apiExample {curl} CURL Example:
 curl --location --request GET 'https://<rest_api_id>.execute-api.ap-southeast-2.amazonaws.com/prod/rulegroups/'
* @apiParam (Optional Query Parameters) {number{1-100}} [limit=100] The number of object per page.
* @apiParam (Optional Query Parameters) {string} [nextToken] The pagination token.
* @apiSuccess (Success 200) Object results
* @apiError (Error 502) Timeout Service timed out
* @apiError (Error 503) InternalError Internal error occurred 
* 
* @apiSuccessExample Success-Response: 
*      HTTP/1.1 200 OK
*  {
    "results": [
        {
            "ruleGroupArn": "arn:aws:network-firewall:ap-southeast-2:<account_number>:stateful-rulegroup/anfwconfig-testrulegroup-demo",
            "ownerGroup": [
                "arn:aws:iam::<account_number>:role/ObjectExtensionSecOpsAdminRole"
            ],
            "description": "integration rule group admin only",
            "id": "integration-CRUD-test-group-4dadbfc5-58f2-4e3d-a9bc-193753a49a23",
            "createdTimestamp": "2021-09-15T02:53:53.435Z",
            "aggregatorName": "org-replicator"
        }
    ],
    "nextToken": "integration-CRUD-test-group-4dadbfc5-58f2-4e3d-a9bc-193753a49a23"
}
* 
* @apiSampleRequest off
*/
@injectable()
export class ListRuleGroupsHandler
    implements AsyncRequestHandler<APIGatewayProxyEvent, ServerlessResponse> {
    private readonly logger: Logger;
 
    constructor(@inject('LoggerFactory') loggerFactory: LoggerFactory,
        @inject('RuleGroupDataSourceService') private ruleGroupDataSourceService: RuleGroupDataSourceService,
    ) {
        this.logger = loggerFactory.getLogger('RuleConfigHandler');
    }
 
    async handle(
        event: APIGatewayProxyEvent,
        // eslint-disable-next-line @typescript-eslint/no-unused-vars
        _context: Context
    ): Promise<ServerlessResponse> {
        this.logger.info('lambda event', event);
 
        let limit = parseInt(event.queryStringParameters?.limit as string);
        if (!limit || limit <= 0 || limit > MAX_NUM_RESULTS) {
            limit = MAX_NUM_RESULTS;
        }
        const requestorIdentity = event.requestContext.identity?.userArn ?? 'Unkonwn';
        this.logger.debug(
            `Listing ruleGroups for ${requestorIdentity}, up to ${limit} estates will be returned.`
        );
        const requestorAssumedRole = this.extractRequestorAssumedRole(requestorIdentity, event.requestContext.accountId);
 
        const ruleGroups = await this.ruleGroupDataSourceService.getRuleGroups(
            limit,
            event.queryStringParameters?.nextToken,
            requestorAssumedRole
        );
        this.logger.debug(`Found ${ruleGroups?.results.length} rulegroups.`);
 
        return ServerlessResponse.ofObject(200, ruleGroups);
 
    }
 
    private extractRequestorAssumedRole(requestorIdentity: string, accountId: string) {
        const result = parse(requestorIdentity);
        const match = result.resource.match(STS_ROLE_REGEX);
 
        const roleName = match && match[2];
 
        const requestorAssumedRole = build({ accountId: accountId, region: '', service: 'iam', resource: `role/${roleName}` });
        this.logger.info(`requestorAssumedRole ${requestorAssumedRole}`, )
        return requestorAssumedRole;
    }
}