@cloud-copilot/iam-collect 0.1.34 → 0.1.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/dist/cjs/services.d.ts +1 -1
- package/dist/cjs/services.d.ts.map +1 -1
- package/dist/cjs/services.js +1 -0
- package/dist/cjs/services.js.map +1 -1
- package/dist/cjs/syncs/ecr/ecrSyncs.d.ts +3 -0
- package/dist/cjs/syncs/ecr/ecrSyncs.d.ts.map +1 -0
- package/dist/cjs/syncs/ecr/ecrSyncs.js +73 -0
- package/dist/cjs/syncs/ecr/ecrSyncs.js.map +1 -0
- package/dist/cjs/syncs/syncMap.d.ts.map +1 -1
- package/dist/cjs/syncs/syncMap.js +2 -0
- package/dist/cjs/syncs/syncMap.js.map +1 -1
- package/dist/esm/services.d.ts +1 -1
- package/dist/esm/services.d.ts.map +1 -1
- package/dist/esm/services.js +1 -0
- package/dist/esm/services.js.map +1 -1
- package/dist/esm/syncs/ecr/ecrSyncs.d.ts +3 -0
- package/dist/esm/syncs/ecr/ecrSyncs.d.ts.map +1 -0
- package/dist/esm/syncs/ecr/ecrSyncs.js +70 -0
- package/dist/esm/syncs/ecr/ecrSyncs.js.map +1 -0
- package/dist/esm/syncs/syncMap.d.ts.map +1 -1
- package/dist/esm/syncs/syncMap.js +2 -0
- package/dist/esm/syncs/syncMap.js.map +1 -1
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -57,6 +57,8 @@ This will download the IAM data from the current account to the `./iam-data` dir
|
|
|
57
57
|
| iam | OIDC Providers | arn, audiences, thumbprints, url, tags |
|
|
58
58
|
| iam | SAML Providers | arn, metadata document, uuid, private keys, valid until, tags |
|
|
59
59
|
| dynamodb | Tables | name, arn, region, tags, resource policy |
|
|
60
|
+
| ecr | Repositories | name, arn, region, tags, resource policy, key id |
|
|
61
|
+
| ecr | Registries | policy |
|
|
60
62
|
| ec2 | VPC Endpoints | id, name, type, vpc, policy |
|
|
61
63
|
| kms | Keys | id, policy, tags |
|
|
62
64
|
| lambda | Functions | name, role, tags, policy |
|
package/dist/cjs/services.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* All Valid AWS Services
|
|
3
3
|
*/
|
|
4
|
-
export declare const allServices: readonly ["dynamodb", "ec2", "iam", "kms", "lambda", "organizations", "s3", "secretsmanager", "sns", "sqs", "sso"];
|
|
4
|
+
export declare const allServices: readonly ["dynamodb", "ec2", "ecr", "iam", "kms", "lambda", "organizations", "s3", "secretsmanager", "sns", "sqs", "sso"];
|
|
5
5
|
/**
|
|
6
6
|
* Type representing a valid AWS service. A union of all strings in `allServices`.
|
|
7
7
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,WAAW,
|
|
1
|
+
{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,WAAW,2HAad,CAAA;AAEV;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,CAAC,CAAA"}
|
package/dist/cjs/services.js
CHANGED
package/dist/cjs/services.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"services.js","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,UAAU;IACV,KAAK;IACL,KAAK;IACL,KAAK;IACL,QAAQ;IACR,eAAe;IACf,IAAI;IACJ,gBAAgB;IAChB,KAAK;IACL,KAAK;IACL,KAAK;CACG,CAAA"}
|
|
1
|
+
{"version":3,"file":"services.js","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,UAAU;IACV,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,QAAQ;IACR,eAAe;IACf,IAAI;IACJ,gBAAgB;IAChB,KAAK;IACL,KAAK;IACL,KAAK;CACG,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ecrSyncs.d.ts","sourceRoot":"","sources":["../../../../src/syncs/ecr/ecrSyncs.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAA;AAGjC,eAAO,MAAM,QAAQ,EAAE,IAAI,EA8D1B,CAAA"}
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.EcrSyncs = void 0;
|
|
4
|
+
const client_ecr_1 = require("@aws-sdk/client-ecr");
|
|
5
|
+
const ClientPool_js_1 = require("../../aws/ClientPool.js");
|
|
6
|
+
const client_tools_js_1 = require("../../utils/client-tools.js");
|
|
7
|
+
const typedSync_js_1 = require("../typedSync.js");
|
|
8
|
+
exports.EcrSyncs = [
|
|
9
|
+
(0, typedSync_js_1.createTypedSyncOperation)('ecr', 'repositories', (0, typedSync_js_1.createResourceSyncType)({
|
|
10
|
+
client: client_ecr_1.ECRClient,
|
|
11
|
+
command: client_ecr_1.DescribeRepositoriesCommand,
|
|
12
|
+
key: 'repositories',
|
|
13
|
+
paginationConfig: {
|
|
14
|
+
inputKey: 'nextToken',
|
|
15
|
+
outputKey: 'nextToken'
|
|
16
|
+
},
|
|
17
|
+
arn: (repository, region, account, partition) => repositoryArn(repository, region, account, partition),
|
|
18
|
+
tags: (repository) => repository.extraFields.tags,
|
|
19
|
+
resourceTypeParts: (account, region) => ({
|
|
20
|
+
account,
|
|
21
|
+
service: 'ecr',
|
|
22
|
+
region,
|
|
23
|
+
resourceType: 'repository'
|
|
24
|
+
}),
|
|
25
|
+
extraFields: {
|
|
26
|
+
tags: async (client, repository, account, region, partition) => {
|
|
27
|
+
const result = await client.send(new client_ecr_1.ListTagsForResourceCommand({
|
|
28
|
+
resourceArn: repositoryArn(repository, region, account, partition)
|
|
29
|
+
}));
|
|
30
|
+
return result.tags;
|
|
31
|
+
},
|
|
32
|
+
policy: async (client, repository, account, region, partition) => {
|
|
33
|
+
const result = await client.send(new client_ecr_1.GetRepositoryPolicyCommand({
|
|
34
|
+
repositoryName: repository.repositoryName
|
|
35
|
+
}));
|
|
36
|
+
return JSON.parse(result.policyText || '{}');
|
|
37
|
+
}
|
|
38
|
+
},
|
|
39
|
+
results: (repository) => ({
|
|
40
|
+
metadata: {
|
|
41
|
+
repositoryName: repository.repositoryName,
|
|
42
|
+
key: repository.encryptionConfiguration?.kmsKey
|
|
43
|
+
},
|
|
44
|
+
policy: repository.extraFields.policy
|
|
45
|
+
})
|
|
46
|
+
})),
|
|
47
|
+
{
|
|
48
|
+
awsService: 'ecr',
|
|
49
|
+
name: 'registry',
|
|
50
|
+
execute: async (accountId, region, credentials, storage, endpoint, syncOptions) => {
|
|
51
|
+
const client = ClientPool_js_1.AwsClientPool.defaultInstance.client(client_ecr_1.ECRClient, credentials, region, endpoint);
|
|
52
|
+
const policyText = await (0, client_tools_js_1.runAndCatchError)('RegistryPolicyNotFoundException', async () => {
|
|
53
|
+
const result = await client.send(new client_ecr_1.GetRegistryPolicyCommand({}));
|
|
54
|
+
return result.policyText;
|
|
55
|
+
});
|
|
56
|
+
const policy = policyText ? JSON.parse(policyText) : undefined;
|
|
57
|
+
await storage.saveAccountMetadata(accountId, `ecr-registry-policy.${region}`, policy);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
];
|
|
61
|
+
/**
|
|
62
|
+
* Make an ECR Repository ARN
|
|
63
|
+
*
|
|
64
|
+
* @param repository the ECR Repository object
|
|
65
|
+
* @param region the AWS region
|
|
66
|
+
* @param account the AWS account ID
|
|
67
|
+
* @param partition the AWS partition (e.g., 'aws', 'aws-cn', 'aws-us-gov')
|
|
68
|
+
* @returns the ARN of the ECR Repository
|
|
69
|
+
*/
|
|
70
|
+
function repositoryArn(repository, region, account, partition) {
|
|
71
|
+
return `arn:${partition}:ecr:${region}:${account}:repository/${repository.repositoryName}`;
|
|
72
|
+
}
|
|
73
|
+
//# sourceMappingURL=ecrSyncs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ecrSyncs.js","sourceRoot":"","sources":["../../../../src/syncs/ecr/ecrSyncs.ts"],"names":[],"mappings":";;;AAAA,oDAO4B;AAC5B,2DAAuD;AACvD,iEAA8D;AAE9D,kDAAkF;AAErE,QAAA,QAAQ,GAAW;IAC9B,IAAA,uCAAwB,EACtB,KAAK,EACL,cAAc,EACd,IAAA,qCAAsB,EAAC;QACrB,MAAM,EAAE,sBAAS;QACjB,OAAO,EAAE,wCAA2B;QACpC,GAAG,EAAE,cAAc;QACnB,gBAAgB,EAAE;YAChB,QAAQ,EAAE,WAAW;YACrB,SAAS,EAAE,WAAW;SACvB;QACD,GAAG,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAC9C,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC;QACvD,IAAI,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI;QACjD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;YACvC,OAAO;YACP,OAAO,EAAE,KAAK;YACd,MAAM;YACN,YAAY,EAAE,YAAY;SAC3B,CAAC;QACF,WAAW,EAAE;YACX,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;gBAC7D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAC9B,IAAI,uCAA0B,CAAC;oBAC7B,WAAW,EAAE,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC;iBACnE,CAAC,CACH,CAAA;gBACD,OAAO,MAAM,CAAC,IAAI,CAAA;YACpB,CAAC;YACD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;gBAC/D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAC9B,IAAI,uCAA0B,CAAC;oBAC7B,cAAc,EAAE,UAAU,CAAC,cAAc;iBAC1C,CAAC,CACH,CAAA;gBACD,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAA;YAC9C,CAAC;SACF;QACD,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YACxB,QAAQ,EAAE;gBACR,cAAc,EAAE,UAAU,CAAC,cAAc;gBACzC,GAAG,EAAE,UAAU,CAAC,uBAAuB,EAAE,MAAM;aAChD;YACD,MAAM,EAAE,UAAU,CAAC,WAAW,CAAC,MAAM;SACtC,CAAC;KACH,CAAC,CACH;IACD;QACE,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE;YAChF,MAAM,MAAM,GAAG,6BAAa,CAAC,eAAe,CAAC,MAAM,CAAC,sBAAS,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;YAC7F,MAAM,UAAU,GAAG,MAAM,IAAA,kCAAgB,EAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;gBACtF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,qCAAwB,CAAC,EAAE,CAAC,CAAC,CAAA;gBAClE,OAAO,MAAM,CAAC,UAAU,CAAA;YAC1B,CAAC,CAAC,CAAA;YAEF,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAC9D,MAAM,OAAO,CAAC,mBAAmB,CAAC,SAAS,EAAE,uBAAuB,MAAM,EAAE,EAAE,MAAM,CAAC,CAAA;QACvF,CAAC;KACF;CACF,CAAA;AAED;;;;;;;;GAQG;AACH,SAAS,aAAa,CACpB,UAAsB,EACtB,MAAc,EACd,OAAe,EACf,SAAiB;IAEjB,OAAO,OAAO,SAAS,QAAQ,MAAM,IAAI,OAAO,eAAe,UAAU,CAAC,cAAc,EAAE,CAAA;AAC5F,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syncMap.d.ts","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"syncMap.d.ts","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAe3C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAqChC;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMpE;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMtE"}
|
|
@@ -4,6 +4,7 @@ exports.getGlobalSyncsForService = getGlobalSyncsForService;
|
|
|
4
4
|
exports.getRegionalSyncsForService = getRegionalSyncsForService;
|
|
5
5
|
const tables_js_1 = require("./dynamodb/tables.js");
|
|
6
6
|
const vpcEndpoints_js_1 = require("./ec2/vpcEndpoints.js");
|
|
7
|
+
const ecrSyncs_js_1 = require("./ecr/ecrSyncs.js");
|
|
7
8
|
const authorizationDetails_js_1 = require("./iam/authorizationDetails.js");
|
|
8
9
|
const identityProviders_js_1 = require("./iam/identityProviders.js");
|
|
9
10
|
const key_js_1 = require("./kms/key.js");
|
|
@@ -19,6 +20,7 @@ const allSyncs = [
|
|
|
19
20
|
accountBpa_js_1.AccountS3BpaSync,
|
|
20
21
|
authorizationDetails_js_1.AuthorizationDetailsSync,
|
|
21
22
|
tables_js_1.DynamoDBTableSync,
|
|
23
|
+
...ecrSyncs_js_1.EcrSyncs,
|
|
22
24
|
...identityProviders_js_1.IdentityProviderSyncs,
|
|
23
25
|
key_js_1.KeySync,
|
|
24
26
|
lambda_js_1.LambdaSync,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syncMap.js","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"syncMap.js","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":";;AA0DA,4DAMC;AAQD,gEAMC;AA7ED,oDAAwD;AACxD,2DAAwD;AACxD,mDAA4C;AAC5C,2EAAwE;AACxE,qEAAkE;AAClE,yCAAsC;AACtC,kDAA+C;AAC/C,uEAAmE;AACnE,sDAAqD;AACrD,gDAA4D;AAC5D,4DAAwD;AACxD,+CAA+C;AAC/C,+CAA8C;AAC9C,2DAAmD;AAGnD,MAAM,QAAQ,GAAG;IACf,gCAAgB;IAChB,kDAAwB;IACxB,6BAAiB;IACjB,GAAG,sBAAQ;IACX,GAAG,4CAAqB;IACxB,gBAAO;IACP,sBAAU;IACV,mCAAgB;IAChB,uCAA0B;IAC1B,uBAAU;IACV,yBAAa;IACb,wBAAY;IACZ,6BAAW;IACX,kCAAgB;CACjB,CAAA;AAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoD,CAAA;AAE3E,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAA;IAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;YACnB,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,EAAE;SACX,CAAC,CAAA;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;IACnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,wBAAwB,CAAC,OAAmB;IAC1D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,0BAA0B,CAAC,OAAmB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,QAAQ,CAAA;AACvB,CAAC"}
|
package/dist/esm/services.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* All Valid AWS Services
|
|
3
3
|
*/
|
|
4
|
-
export declare const allServices: readonly ["dynamodb", "ec2", "iam", "kms", "lambda", "organizations", "s3", "secretsmanager", "sns", "sqs", "sso"];
|
|
4
|
+
export declare const allServices: readonly ["dynamodb", "ec2", "ecr", "iam", "kms", "lambda", "organizations", "s3", "secretsmanager", "sns", "sqs", "sso"];
|
|
5
5
|
/**
|
|
6
6
|
* Type representing a valid AWS service. A union of all strings in `allServices`.
|
|
7
7
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,WAAW,
|
|
1
|
+
{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,WAAW,2HAad,CAAA;AAEV;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,CAAC,CAAA"}
|
package/dist/esm/services.js
CHANGED
package/dist/esm/services.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"services.js","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,UAAU;IACV,KAAK;IACL,KAAK;IACL,KAAK;IACL,QAAQ;IACR,eAAe;IACf,IAAI;IACJ,gBAAgB;IAChB,KAAK;IACL,KAAK;IACL,KAAK;CACG,CAAA"}
|
|
1
|
+
{"version":3,"file":"services.js","sourceRoot":"","sources":["../../src/services.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,UAAU;IACV,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,QAAQ;IACR,eAAe;IACf,IAAI;IACJ,gBAAgB;IAChB,KAAK;IACL,KAAK;IACL,KAAK;CACG,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ecrSyncs.d.ts","sourceRoot":"","sources":["../../../../src/syncs/ecr/ecrSyncs.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAA;AAGjC,eAAO,MAAM,QAAQ,EAAE,IAAI,EA8D1B,CAAA"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { DescribeRepositoriesCommand, ECRClient, GetRegistryPolicyCommand, GetRepositoryPolicyCommand, ListTagsForResourceCommand } from '@aws-sdk/client-ecr';
|
|
2
|
+
import { AwsClientPool } from '../../aws/ClientPool.js';
|
|
3
|
+
import { runAndCatchError } from '../../utils/client-tools.js';
|
|
4
|
+
import { createResourceSyncType, createTypedSyncOperation } from '../typedSync.js';
|
|
5
|
+
export const EcrSyncs = [
|
|
6
|
+
createTypedSyncOperation('ecr', 'repositories', createResourceSyncType({
|
|
7
|
+
client: ECRClient,
|
|
8
|
+
command: DescribeRepositoriesCommand,
|
|
9
|
+
key: 'repositories',
|
|
10
|
+
paginationConfig: {
|
|
11
|
+
inputKey: 'nextToken',
|
|
12
|
+
outputKey: 'nextToken'
|
|
13
|
+
},
|
|
14
|
+
arn: (repository, region, account, partition) => repositoryArn(repository, region, account, partition),
|
|
15
|
+
tags: (repository) => repository.extraFields.tags,
|
|
16
|
+
resourceTypeParts: (account, region) => ({
|
|
17
|
+
account,
|
|
18
|
+
service: 'ecr',
|
|
19
|
+
region,
|
|
20
|
+
resourceType: 'repository'
|
|
21
|
+
}),
|
|
22
|
+
extraFields: {
|
|
23
|
+
tags: async (client, repository, account, region, partition) => {
|
|
24
|
+
const result = await client.send(new ListTagsForResourceCommand({
|
|
25
|
+
resourceArn: repositoryArn(repository, region, account, partition)
|
|
26
|
+
}));
|
|
27
|
+
return result.tags;
|
|
28
|
+
},
|
|
29
|
+
policy: async (client, repository, account, region, partition) => {
|
|
30
|
+
const result = await client.send(new GetRepositoryPolicyCommand({
|
|
31
|
+
repositoryName: repository.repositoryName
|
|
32
|
+
}));
|
|
33
|
+
return JSON.parse(result.policyText || '{}');
|
|
34
|
+
}
|
|
35
|
+
},
|
|
36
|
+
results: (repository) => ({
|
|
37
|
+
metadata: {
|
|
38
|
+
repositoryName: repository.repositoryName,
|
|
39
|
+
key: repository.encryptionConfiguration?.kmsKey
|
|
40
|
+
},
|
|
41
|
+
policy: repository.extraFields.policy
|
|
42
|
+
})
|
|
43
|
+
})),
|
|
44
|
+
{
|
|
45
|
+
awsService: 'ecr',
|
|
46
|
+
name: 'registry',
|
|
47
|
+
execute: async (accountId, region, credentials, storage, endpoint, syncOptions) => {
|
|
48
|
+
const client = AwsClientPool.defaultInstance.client(ECRClient, credentials, region, endpoint);
|
|
49
|
+
const policyText = await runAndCatchError('RegistryPolicyNotFoundException', async () => {
|
|
50
|
+
const result = await client.send(new GetRegistryPolicyCommand({}));
|
|
51
|
+
return result.policyText;
|
|
52
|
+
});
|
|
53
|
+
const policy = policyText ? JSON.parse(policyText) : undefined;
|
|
54
|
+
await storage.saveAccountMetadata(accountId, `ecr-registry-policy.${region}`, policy);
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
];
|
|
58
|
+
/**
|
|
59
|
+
* Make an ECR Repository ARN
|
|
60
|
+
*
|
|
61
|
+
* @param repository the ECR Repository object
|
|
62
|
+
* @param region the AWS region
|
|
63
|
+
* @param account the AWS account ID
|
|
64
|
+
* @param partition the AWS partition (e.g., 'aws', 'aws-cn', 'aws-us-gov')
|
|
65
|
+
* @returns the ARN of the ECR Repository
|
|
66
|
+
*/
|
|
67
|
+
function repositoryArn(repository, region, account, partition) {
|
|
68
|
+
return `arn:${partition}:ecr:${region}:${account}:repository/${repository.repositoryName}`;
|
|
69
|
+
}
|
|
70
|
+
//# sourceMappingURL=ecrSyncs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ecrSyncs.js","sourceRoot":"","sources":["../../../../src/syncs/ecr/ecrSyncs.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,2BAA2B,EAC3B,SAAS,EACT,wBAAwB,EACxB,0BAA0B,EAC1B,0BAA0B,EAE3B,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAE9D,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAElF,MAAM,CAAC,MAAM,QAAQ,GAAW;IAC9B,wBAAwB,CACtB,KAAK,EACL,cAAc,EACd,sBAAsB,CAAC;QACrB,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,2BAA2B;QACpC,GAAG,EAAE,cAAc;QACnB,gBAAgB,EAAE;YAChB,QAAQ,EAAE,WAAW;YACrB,SAAS,EAAE,WAAW;SACvB;QACD,GAAG,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAC9C,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC;QACvD,IAAI,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI;QACjD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;YACvC,OAAO;YACP,OAAO,EAAE,KAAK;YACd,MAAM;YACN,YAAY,EAAE,YAAY;SAC3B,CAAC;QACF,WAAW,EAAE;YACX,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;gBAC7D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAC9B,IAAI,0BAA0B,CAAC;oBAC7B,WAAW,EAAE,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC;iBACnE,CAAC,CACH,CAAA;gBACD,OAAO,MAAM,CAAC,IAAI,CAAA;YACpB,CAAC;YACD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;gBAC/D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAC9B,IAAI,0BAA0B,CAAC;oBAC7B,cAAc,EAAE,UAAU,CAAC,cAAc;iBAC1C,CAAC,CACH,CAAA;gBACD,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAA;YAC9C,CAAC;SACF;QACD,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YACxB,QAAQ,EAAE;gBACR,cAAc,EAAE,UAAU,CAAC,cAAc;gBACzC,GAAG,EAAE,UAAU,CAAC,uBAAuB,EAAE,MAAM;aAChD;YACD,MAAM,EAAE,UAAU,CAAC,WAAW,CAAC,MAAM;SACtC,CAAC;KACH,CAAC,CACH;IACD;QACE,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE;YAChF,MAAM,MAAM,GAAG,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;YAC7F,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;gBACtF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,wBAAwB,CAAC,EAAE,CAAC,CAAC,CAAA;gBAClE,OAAO,MAAM,CAAC,UAAU,CAAA;YAC1B,CAAC,CAAC,CAAA;YAEF,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAC9D,MAAM,OAAO,CAAC,mBAAmB,CAAC,SAAS,EAAE,uBAAuB,MAAM,EAAE,EAAE,MAAM,CAAC,CAAA;QACvF,CAAC;KACF;CACF,CAAA;AAED;;;;;;;;GAQG;AACH,SAAS,aAAa,CACpB,UAAsB,EACtB,MAAc,EACd,OAAe,EACf,SAAiB;IAEjB,OAAO,OAAO,SAAS,QAAQ,MAAM,IAAI,OAAO,eAAe,UAAU,CAAC,cAAc,EAAE,CAAA;AAC5F,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syncMap.d.ts","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"syncMap.d.ts","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAe3C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAqChC;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMpE;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMtE"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { DynamoDBTableSync } from './dynamodb/tables.js';
|
|
2
2
|
import { VpcEndpointsSync } from './ec2/vpcEndpoints.js';
|
|
3
|
+
import { EcrSyncs } from './ecr/ecrSyncs.js';
|
|
3
4
|
import { AuthorizationDetailsSync } from './iam/authorizationDetails.js';
|
|
4
5
|
import { IdentityProviderSyncs } from './iam/identityProviders.js';
|
|
5
6
|
import { KeySync } from './kms/key.js';
|
|
@@ -15,6 +16,7 @@ const allSyncs = [
|
|
|
15
16
|
AccountS3BpaSync,
|
|
16
17
|
AuthorizationDetailsSync,
|
|
17
18
|
DynamoDBTableSync,
|
|
19
|
+
...EcrSyncs,
|
|
18
20
|
...IdentityProviderSyncs,
|
|
19
21
|
KeySync,
|
|
20
22
|
LambdaSync,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syncMap.js","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AACxD,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAA;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA;AAClE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAA;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAGnD,MAAM,QAAQ,GAAG;IACf,gBAAgB;IAChB,wBAAwB;IACxB,iBAAiB;IACjB,GAAG,qBAAqB;IACxB,OAAO;IACP,UAAU;IACV,gBAAgB;IAChB,0BAA0B;IAC1B,UAAU;IACV,aAAa;IACb,YAAY;IACZ,WAAW;IACX,gBAAgB;CACjB,CAAA;AAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoD,CAAA;AAE3E,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAA;IAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;YACnB,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,EAAE;SACX,CAAC,CAAA;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;IACnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB;IAC1D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,OAAmB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,QAAQ,CAAA;AACvB,CAAC"}
|
|
1
|
+
{"version":3,"file":"syncMap.js","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAA;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA;AAClE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAA;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAGnD,MAAM,QAAQ,GAAG;IACf,gBAAgB;IAChB,wBAAwB;IACxB,iBAAiB;IACjB,GAAG,QAAQ;IACX,GAAG,qBAAqB;IACxB,OAAO;IACP,UAAU;IACV,gBAAgB;IAChB,0BAA0B;IAC1B,UAAU;IACV,aAAa;IACb,YAAY;IACZ,WAAW;IACX,gBAAgB;CACjB,CAAA;AAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoD,CAAA;AAE3E,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAA;IAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;YACnB,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,EAAE;SACX,CAAC,CAAA;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;IACnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB;IAC1D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,OAAmB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,QAAQ,CAAA;AACvB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cloud-copilot/iam-collect",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.35",
|
|
4
4
|
"description": "Collect IAM information from AWS Accounts",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -111,6 +111,7 @@
|
|
|
111
111
|
"@aws-sdk/client-account": "^3.758.0",
|
|
112
112
|
"@aws-sdk/client-dynamodb": "^3.788.0",
|
|
113
113
|
"@aws-sdk/client-ec2": "^3.798.0",
|
|
114
|
+
"@aws-sdk/client-ecr": "^3.798.0",
|
|
114
115
|
"@aws-sdk/client-iam": "^3.777.0",
|
|
115
116
|
"@aws-sdk/client-kms": "^3.782.0",
|
|
116
117
|
"@aws-sdk/client-lambda": "^3.782.0",
|