All files / common RoleChecker.ts

100% Statements 20/20
100% Branches 2/2
100% Functions 3/3
100% Lines 18/18

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 413x   3x 3x 3x 3x   3x       3x   3x       3x 2x   2x   2x 2x 2x       3x 3x 2x   1x                
import { build, parse } from "@aws-sdk/util-arn-parser";
import { Logger, LoggerFactory } from 'shared_types';
import { inject, injectable } from "tsyringe";
import { AppConfiguration } from "./configuration/AppConfiguration";
import RuleConfigError from "./RuleConfigError";
const STS_ROLE_REGEX = /(assumed-role)\/(.*)\/(.*)/;
@injectable()
export class RoleChecker {
    logger: Logger;
 
    constructor(@inject('LoggerFactory') loggerFactory: LoggerFactory,
        @inject('AppConfiguration') private appConfiguration: AppConfiguration,
    ) {
        this.logger = loggerFactory.getLogger('RoleChecker');
    }
 
    public extractRequestorAssumedRole(requestorIdentity: string, accountId: string): string {
        const result = parse(requestorIdentity);
        const match = result.resource.match(STS_ROLE_REGEX);
 
        const roleName = match && match[2];
 
        const requestorAssumedRole = build({ accountId: accountId, region: '', service: 'iam', resource: `role/${roleName}` });
        this.logger.info(`requestorAssumedRole ${requestorAssumedRole}`,)
        return requestorAssumedRole;
    }
 
    public isAdmin(requestorIdentity: string, accountId: string): boolean {
        try{
            const assumedRole = this.extractRequestorAssumedRole(requestorIdentity, accountId);
            return this.appConfiguration.adminRole === assumedRole;
        }catch (e) {
            throw new RuleConfigError(
                `Encounter error ${e}`,
                500,
                false
            );
        }
        
    }
}