UNPKG

api-deploy/plugins/apigateway/access-policies.js

Version:

2.82 kBJavaScriptView Raw

1var AWS = require('aws-sdk'),
  async = require('async');
3
4function getMethodID(method) {
  return method && method.data &&
      method.data['x-amazon-apigateway-integration'] &&
      method.data['x-amazon-apigateway-integration'].uri;
8}
9
10module.exports = {
  deployRestAPIAccessPolicies: function deployRestAPIAccessPolicies(done) {
      var _ = this;
13
      async.each(_.APIDeploy.methods, function(method, done) {
          _.deployRestAPIAccessPolicy(method, done);
      }, done);
  },
18
  updateRestAPIAccessPolicies: function updateRestAPIAccessPolicies(ids, done) {
      var _ = this;
21
      _.APIDeploy.findMethods(ids);
23
      async.each(_.APIDeploy.methods, function(method, done) {
          _.createRestAPIAccessPolicy(method, done);
      }, done);
  },
28
  deployRestAPIAccessPolicy: function deployRestAPIAccessPolicy(method, done) {
      var _ = this;
31
      if (getMethodID(method)) {
          _.updateRestAPIAccessPolicy(method, done);
      } else {
          _.createRestAPIAccessPolicy(method, done);
      }
  },
38
  createRestAPIAccessPolicy: function createRestAPIAccessPolicy(method, done) {
      var _ = this,
          lambda = new AWS.Lambda(),
          accountNumber = _.lambda.role.replace(/[^\d]+/g, ''),
          StatementId = 'api-deploy-access';
44
      _.APIDeploy.logger.log('Creating Access Policy         - ' + method._path + ' (' + method._method + ')');
46
      lambda.removePermission({
          FunctionName: method.data.operationId,
          StatementId: StatementId
      }, function(err, data) {
          lambda.addPermission({
              Action: 'lambda:InvokeFunction',
              FunctionName: method.data.operationId,
              Principal: 'apigateway.amazonaws.com',
              StatementId: StatementId,
              SourceArn:
                  'arn:aws:execute-api:' +
                  _.aws.region + ':' +
                  accountNumber + ':' +
                  _.APIDeploy.swagger.data['x-amazon-apigateway-restapi'].id + '/*/' +
                  method._method +
                  method._path.replace(/\/$/, '')
          }, function(err, data) {
              if (err) return done(err);
65
              _.APIDeploy.logger.log('Created Access Policy          - ' + method._path + ' (' + method._method + ')');
67
              done(err, data);
          });
      });
  },
72
  updateRestAPIAccessPolicy: function updateRestAPIAccessPolicy(method, done) {
      var _ = this;
75
      _.APIDeploy.logger.log('Updating Access Policy         - ' + method._path + ' (' + method._method + ')');
      _.APIDeploy.logger.log('Updated Access Policy          - ' + method._path + ' (' + method._method + ')');
78
      done();
  }
81};

1	`var AWS = require('aws-sdk'),`
2	`async = require('async');`
3
4	`function getMethodID(method) {`
5	`return method && method.data &&`
6	`method.data['x-amazon-apigateway-integration'] &&`
7	`method.data['x-amazon-apigateway-integration'].uri;`
8	`}`
9
10	`module.exports = {`
11	`deployRestAPIAccessPolicies: function deployRestAPIAccessPolicies(done) {`
12	`var _ = this;`
13
14	`async.each(_.APIDeploy.methods, function(method, done) {`
15	`_.deployRestAPIAccessPolicy(method, done);`
16	`}, done);`
17	`},`
18
19	`updateRestAPIAccessPolicies: function updateRestAPIAccessPolicies(ids, done) {`
20	`var _ = this;`
21
22	`_.APIDeploy.findMethods(ids);`
23
24	`async.each(_.APIDeploy.methods, function(method, done) {`
25	`_.createRestAPIAccessPolicy(method, done);`
26	`}, done);`
27	`},`
28
29	`deployRestAPIAccessPolicy: function deployRestAPIAccessPolicy(method, done) {`
30	`var _ = this;`
31
32	`if (getMethodID(method)) {`
33	`_.updateRestAPIAccessPolicy(method, done);`
34	`} else {`
35	`_.createRestAPIAccessPolicy(method, done);`
36	`}`
37	`},`
38
39	`createRestAPIAccessPolicy: function createRestAPIAccessPolicy(method, done) {`
40	`var _ = this,`
41	`lambda = new AWS.Lambda(),`
42	`accountNumber = _.lambda.role.replace(/[^\d]+/g, ''),`
43	`StatementId = 'api-deploy-access';`
44
45	`_.APIDeploy.logger.log('Creating Access Policy - ' + method._path + ' (' + method._method + ')');`
46
47	`lambda.removePermission({`
48	`FunctionName: method.data.operationId,`
49	`StatementId: StatementId`
50	`}, function(err, data) {`
51	`lambda.addPermission({`
52	`Action: 'lambda:InvokeFunction',`
53	`FunctionName: method.data.operationId,`
54	`Principal: 'apigateway.amazonaws.com',`
55	`StatementId: StatementId,`
56	`SourceArn:`
57	`'arn:aws:execute-api:' +`
58	`_.aws.region + ':' +`
59	`accountNumber + ':' +`
60	`_.APIDeploy.swagger.data['x-amazon-apigateway-restapi'].id + '/*/' +`
61	`method._method +`
62	`method._path.replace(/\/$/, '')`
63	`}, function(err, data) {`
64	`if (err) return done(err);`
65
66	`_.APIDeploy.logger.log('Created Access Policy - ' + method._path + ' (' + method._method + ')');`
67
68	`done(err, data);`
69	`});`
70	`});`
71	`},`
72
73	`updateRestAPIAccessPolicy: function updateRestAPIAccessPolicy(method, done) {`
74	`var _ = this;`
75
76	`_.APIDeploy.logger.log('Updating Access Policy - ' + method._path + ' (' + method._method + ')');`
77	`_.APIDeploy.logger.log('Updated Access Policy - ' + method._path + ' (' + method._method + ')');`
78
79	`done();`
80	`}`
81	`};`