All files / src/resolvers/objects NetworkObjectResolver.ts

100% Statements 28/28
100% Branches 7/7
100% Functions 4/4
100% Lines 28/28

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87                                4x               4x 4x 8x               8x 8x       5x 4x 4x   4x 4x 4x   1x               4x 4x   4x   4x 4x 4x                   4x 4x 4x   3x 3x   1x 1x   4x 4x      
/* 
  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  
  Licensed under the Apache License, Version 2.0 (the "License").
  You may not use this file except in compliance with the License.
  You may obtain a copy of the License at
  
      http://www.apache.org/licenses/LICENSE-2.0
  
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
*/
import { ConfigServiceClient } from "@aws-sdk/client-config-service";
import { ARN, parse } from "@aws-sdk/util-arn-parser";
import {
  FlowObject,
  FlowRuleBundle,
  ResolvedFlowObject,
} from "../../FlowDefinitions";
import { LoggerFactory } from "../../logger-factory";
import { Logger } from "../../logger-type";
import { CloudResourceObjectResolver } from "./CloudResourceObjectResolver";
export class NetworkObjectResolver extends CloudResourceObjectResolver {
  SUPPORTED_EC2_RESOURCE_REGX = /(vpc|subnet)\/(.+)/;
  logger: Logger;
  constructor(
    loggerFactory: LoggerFactory,
 
    configServiceClient: ConfigServiceClient,
    defaultAggregatorName?: string
  ) {
    super(configServiceClient, defaultAggregatorName);
    this.logger = loggerFactory.getLogger("NetworkObjectResolver");
  }
 
  canResolve(object: FlowObject): boolean {
    if (object.type === "Arn") {
      const arn = parse(object.value);
      const match = arn.resource.match(this.SUPPORTED_EC2_RESOURCE_REGX);
      const canResolve =
        arn.service === "ec2" && match != null && match[1] != null;
      this.logger.info(`arn  ${arn} is resolvable => ${canResolve}`);
      return canResolve;
    } else {
      return false;
    }
  }
 
  async resolve(
    object: FlowObject,
    ruleGroup?: FlowRuleBundle
  ): Promise<ResolvedFlowObject> {
    const arn = parse(object.value);
    this.logger.info("parsed arn", arn);
 
    const match = arn.resource.match(this.SUPPORTED_EC2_RESOURCE_REGX);
    // eslint-disable-next-line  @typescript-eslint/no-non-null-assertion
    const configAdvancedQueryString = this.createQueryString(match!, arn);
    this.logger.info(`configAdvancedQueryString ${configAdvancedQueryString}`);
    return this.parseRule(
      this.logger,
      ruleGroup,
      configAdvancedQueryString,
      object
    );
  }
 
  private createQueryString(match: RegExpMatchArray, arn: ARN) {
    let configAdvancedQueryString;
    const resourceId = match[2];
    this.logger.info(`query for type ${match[1]}`);
    switch (match[1]) {
      case "vpc":
        configAdvancedQueryString = `SELECT configuration.cidrBlock WHERE resourceType='AWS::EC2::VPC' AND  resourceId = '${resourceId}' and accountId=${arn.accountId}`;
        break;
      case "subnet":
        configAdvancedQueryString = `SELECT configuration.cidrBlock WHERE resourceType='AWS::EC2::Subnet' AND  resourceId = '${resourceId}' and accountId=${arn.accountId}`;
        break;
    }
    this.logger.info(`configAdvancedQueryString ${configAdvancedQueryString}`);
    return configAdvancedQueryString;
  }
}