Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | 6x 6x 6x 29x 29x 18x 18x 18x 12x 12x 12x 12x 12x 7x 7x 6x 1x 1x | import { ConfigServiceClient, SelectAggregateResourceConfigCommand, SelectAggregateResourceConfigCommandInput, SelectAggregateResourceConfigCommandOutput } from "@aws-sdk/client-config-service"; import pMemoize from 'p-memoize'; import { FlowTarget, FlowRuleGroup, ResolvedFlowTarget } from "../../FlowDefinitions"; import { Logger } from"../../logger-type"; import { TargetResolver } from "./TargetResolver"; import { CommonAddress } from "./Types"; export abstract class CloudResourceTargetResolver implements TargetResolver { abstract canResolve(object: FlowTarget): boolean; abstract resolve(object: FlowTarget, ruleGroup?: FlowRuleGroup): Promise<ResolvedFlowTarget>; queryAwsConfig: (key: FlowRuleGroup | undefined, value: string | undefined) => Promise<SelectAggregateResourceConfigCommandOutput>; constructor( protected configServiceClient: ConfigServiceClient, protected defaultAggregatorName?: string) { this.queryAwsConfig = pMemoize(this.rawQueryAwsConfig, { maxAge: 1000 * 60 , cacheKey: JSON.stringify, cachePromiseRejection: false }); } protected async rawQueryAwsConfig(ruleGroup: FlowRuleGroup | undefined, configAdvancedQueryString: string | undefined): Promise<SelectAggregateResourceConfigCommandOutput> { const params: SelectAggregateResourceConfigCommandInput = { ConfigurationAggregatorName: ruleGroup?.aggregatorName ?? this.defaultAggregatorName, Expression: configAdvancedQueryString }; const command = new SelectAggregateResourceConfigCommand(params); return await this.configServiceClient.send(command); } protected parseResult(logger: Logger, data: SelectAggregateResourceConfigCommandOutput, ruleObject: FlowTarget): ResolvedFlowTarget { logger.info('resolveObject result', data.Results); const results = data.Results?.map(r => <CommonAddress>JSON.parse(r)); logger.info('resolveObject QueryInfo', data.QueryInfo); logger.info('resolveObject results', results); return { ...ruleObject, addresses: results?.map(r => r.configuration.privateIpAddress ?? r.configuration.cidrBlock) ?? [] }; } protected async parseRule(logger: Logger, ruleGroup: FlowRuleGroup | undefined, configAdvancedQueryString: string | undefined, ruleObject: FlowTarget): Promise<ResolvedFlowTarget> { try { const data = await this.queryAwsConfig(ruleGroup, configAdvancedQueryString); return this.parseResult(logger, data, ruleObject); } catch (e) { logger.error('Encoutner error while query for object', ruleObject, e); return { ...ruleObject, addresses: [], failureReasons: ['AwsConfigClient failed ' + (e as any).message] }; } } } |