Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | 3x 3x 3x 3x 3x 3x 3x 3x 3x 2x 2x 2x 2x 2x 3x 3x 2x 1x | import { build, parse } from "@aws-sdk/util-arn-parser"; import { Logger, LoggerFactory } from 'shared_types'; import { inject, injectable } from "tsyringe"; import { AppConfiguration } from "./configuration/AppConfiguration"; import RuleConfigError from "./RuleConfigError"; const STS_ROLE_REGEX = /(assumed-role)\/(.*)\/(.*)/; @injectable() export class RoleChecker { logger: Logger; constructor(@inject('LoggerFactory') loggerFactory: LoggerFactory, @inject('AppConfiguration') private appConfiguration: AppConfiguration, ) { this.logger = loggerFactory.getLogger('RoleChecker'); } public extractRequestorAssumedRole(requestorIdentity: string, accountId: string): string { const result = parse(requestorIdentity); const match = result.resource.match(STS_ROLE_REGEX); const roleName = match && match[2]; const requestorAssumedRole = build({ accountId: accountId, region: '', service: 'iam', resource: `role/${roleName}` }); this.logger.info(`requestorAssumedRole ${requestorAssumedRole}`,) return requestorAssumedRole; } public isAdmin(requestorIdentity: string, accountId: string): boolean { try{ const assumedRole = this.extractRequestorAssumedRole(requestorIdentity, accountId); return this.appConfiguration.adminRole === assumedRole; }catch (e) { throw new RuleConfigError( `Encounter error ${e}`, 500, false ); } } } |