All files / src/resolvers/objects NetworkTargetResolver.ts

100% Statements 28/28
100% Branches 7/7
100% Functions 4/4
100% Lines 28/28

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56  4x       4x 4x 7x           7x 7x       5x 4x 4x 4x 4x 4x   1x         4x 4x   4x   4x 4x 4x         4x 4x 4x   3x 3x   1x 1x   4x 4x    
import { ConfigServiceClient } from "@aws-sdk/client-config-service";
import { ARN, parse } from "@aws-sdk/util-arn-parser";
import { FlowTarget, FlowRuleGroup,  ResolvedFlowTarget } from "../../FlowDefinitions";
import { LoggerFactory } from "../../logger-factory";
import { Logger } from "../../logger-type";
import { CloudResourceTargetResolver } from "./CloudResourceTargetResolver";
export class NetworkTargetResolver extends CloudResourceTargetResolver {
    SUPPORTED_EC2_RESOURCE_REGX = /(vpc|subnet)\/(.+)/
    logger: Logger;
    constructor(loggerFactory: LoggerFactory,
 
        configServiceClient: ConfigServiceClient,
        defaultAggregatorName?: string) {
        super(configServiceClient, defaultAggregatorName);
        this.logger = loggerFactory.getLogger('NetworkObjectResolver');
    }
 
    canResolve(target: FlowTarget): boolean {
        if (target.type === 'Arn') {
            const arn = parse(target.value);
            const match = arn.resource.match(this.SUPPORTED_EC2_RESOURCE_REGX);
            const canResolve = arn.service === 'ec2' && match != null && match[1] != null;
            this.logger.info(`arn  ${arn} is resovable => ${canResolve}`);
            return canResolve;
        } else {
            return false;
        }
    }
 
    async resolve(target: FlowTarget, ruleGroup?: FlowRuleGroup): Promise<ResolvedFlowTarget> {
        const arn = parse(target.value);
        this.logger.info('parsed arn', arn);
 
        const match = arn.resource.match(this.SUPPORTED_EC2_RESOURCE_REGX);
 
        const configAdvancedQueryString = this.createQueryString(match!, arn);
        this.logger.info(`configAdvancedQueryString ${configAdvancedQueryString}`);
        return await this.parseRule(this.logger, ruleGroup, configAdvancedQueryString, target);
    }
 
    private createQueryString(match: RegExpMatchArray, arn: ARN) {
        let configAdvancedQueryString;
        const resourceId = match![2];
        this.logger.info(`query for type ${match![1]}`);
        switch (match![1]) {
            case 'vpc':
                configAdvancedQueryString = `SELECT configuration.cidrBlock WHERE resourceType='AWS::EC2::VPC' AND  resourceId = '${resourceId}' and accountId=${arn.accountId}`;
                break;
            case 'subnet':
                configAdvancedQueryString = `SELECT configuration.cidrBlock WHERE resourceType='AWS::EC2::Subnet' AND  resourceId = '${resourceId}' and accountId=${arn.accountId}`;
                break;
        }
        this.logger.info(`configAdvancedQueryString ${configAdvancedQueryString}`);
        return configAdvancedQueryString;
    }
}