npm - @izara_project/izara-market-library-service-schemas - Versions diffs - 1.0.19 → 1.0.21 - Mend

@izara_project/izara-market-library-service-schemas 1.0.19 → 1.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/src/TemplateManager/src/Role/createSharedResource.js ADDED Viewed

@@ -0,0 +1,269 @@
+/*
+Copyright (C) 2020 Sven Mason <http://izara.io>
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+'use strict';
+const { SOURCE_GENERATE_IAM_ROLE, SOURCE_PATH, SAVE_FILE_NAME } = require('../libs/Consts');
+const { firstLetterUpperCase: upperCase } = require("../../../MainLibs/src/Utils")
+const path = require('path');
+/**
+ * Process additional resource permissions for an object type
+ * @param {Array} resourcePermissions - Array of resource permissions to process
+ * @param {Object} targetResources - Resources object to update
+ */
+const processResourcePermissions = (resourcePermissions, targetResources) => {
+  if (!Array.isArray(resourcePermissions)) return;
+  resourcePermissions.forEach(resourcePermission => {
+    if (!resourcePermission.action) return;
+    const [key, value] = Object.entries(resourcePermission.action)[0];
+    if (!targetResources[key]) {
+      targetResources[key] = [];
+    }
+    const actionsList = Array.isArray(value) ? value : [value];
+    const resourcesList = Array.isArray(resourcePermission.resource)
+      ? resourcePermission.resource
+      : [resourcePermission.resource];
+    // Check if entry with same actions exists
+    const existingEntry = targetResources[key].find(entry =>
+      JSON.stringify(entry.actions) === JSON.stringify(actionsList)
+    );
+    if (existingEntry) {
+      // Merge resources without duplicates
+      existingEntry.resource = [
+        ...new Set([...existingEntry.resource, ...resourcesList])
+      ];
+    } else {
+      // Add new entry
+      targetResources[key].push({
+        actions: actionsList,
+        resource: resourcesList
+      });
+    }
+  });
+};
+/**
+ * Check if an item should be skipped based on templateData content
+ * @param {Object} templateData - Template data to check
+ * @returns {Boolean} True if item should be skipped
+ */
+const shouldSkipItem = (templateData) => {
+  return !templateData ||
+    Object.keys(templateData).length === 0 ||
+    !templateData.additionalResourcePermission;
+};
+/**
+ * Initialize object type structure if it doesn't exist
+ * @param {Object} groupedByObjectType - The grouped object
+ * @param {String} objectType - Object type to initialize
+ * @param {Array} objectTypeList - List to track object types
+ */
+const initializeObjectType = (groupedByObjectType, objectType, objectTypeList) => {
+  if (!groupedByObjectType[objectType]) {
+    groupedByObjectType[objectType] = {
+      functionNames: [],
+      actions: [],
+      resources: {},
+      actionHandler: []
+    };
+    objectTypeList.push(objectType);
+  }
+};
+module.exports.createSharedResource = (_izContext, createSourceParams, srcPath) => {
+  // Initialize data structure
+  const groupedByObjectType = {
+    [SOURCE_GENERATE_IAM_ROLE.ProcessFindDataRole]: {
+      handlerType: [],
+      resources: {}
+    },
+    [SOURCE_GENERATE_IAM_ROLE.ObjectCompleteRole]: {
+      functionNames: [],
+      handlerType: [],
+      resources: {}
+    },
+    [SOURCE_GENERATE_IAM_ROLE.RelationshipRole]: {
+      handlerType: [],
+      resources: {}
+    },
+    [SOURCE_GENERATE_IAM_ROLE.RelationshipCompleteRole]: {
+      handlerType: [],
+      resources: []
+    },
+    Other: []
+  };
+  const objectTypeList = [];
+  // Ensure data is defined - assuming it comes from createSourceParams
+  const data = createSourceParams || [];
+  // Process each item in data
+  data.map((item) => {
+    const templateData = item.templateData;
+    if (shouldSkipItem(templateData)) return;
+    if (templateData.objectType) {
+      // Handle items with objectType
+      initializeObjectType(groupedByObjectType, templateData.objectType, objectTypeList);
+      // Add function name if it doesn't exist
+      if (templateData.functionName &&
+        !groupedByObjectType[templateData.objectType].functionNames?.includes(templateData.functionName)) {
+        groupedByObjectType[templateData.objectType].functionNames.push(templateData.functionName);
+      }
+      // Add action if it doesn't exist
+      if (templateData.action !== null &&
+        !groupedByObjectType[templateData.objectType].actions.includes(templateData.action)) {
+        groupedByObjectType[templateData.objectType].actions.push(templateData.action);
+      }
+      // Process additionalResourcePermission
+      processResourcePermissions(
+        templateData.additionalResourcePermission,
+        groupedByObjectType[templateData.objectType].resources
+      );
+    }
+    else if (templateData.functionName &&
+      (templateData.functionName.includes('ObjectComplete') ||
+        templateData.functionName.includes('NodeComplete'))) {
+      // Handle ObjectComplete items
+      groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.ObjectCompleteRole].functionNames.push(templateData.functionName);
+      groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.ObjectCompleteRole].handlerType.push(templateData.handlerType);
+      processResourcePermissions(
+        templateData.additionalResourcePermission,
+        groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.ObjectCompleteRole].resources
+      );
+    }
+    else if (templateData.functionName && templateData.functionName.includes([SOURCE_GENERATE_IAM_ROLE.RelationshipRole])) {
+      if (templateData.functionName.includes([SOURCE_GENERATE_IAM_ROLE.RelationshipCompleteRole])) {
+        // Handle RelationshipComplete items
+        if (templateData.handlerType &&
+          !groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.RelationshipCompleteRole].handlerType.includes(templateData.handlerType)) {
+          groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.RelationshipCompleteRole].handlerType.push(templateData.handlerType);
+        }
+        processResourcePermissions(
+          templateData.additionalResourcePermission,
+          groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.RelationshipCompleteRole].resources
+        );
+      } else {
+        // Handle regular Relationship items
+        if (templateData.handlerType &&
+          !groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.RelationshipRole].handlerType.includes(templateData.handlerType)) {
+          groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.RelationshipRole].handlerType.push(templateData.handlerType);
+        }
+        processResourcePermissions(
+          templateData.additionalResourcePermission,
+          groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.RelationshipRole].resources
+        );
+      }
+    }
+    else if (templateData.functionName &&
+      (templateData.functionName.includes('PaginateProcessLogical') ||
+        templateData.functionName.includes('FindData') ||
+        templateData.functionName.includes('ProcessLogical'))) {
+      // Handle ProcessFindData items
+      groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.ProcessFindDataRole].handlerType.push(templateData.handlerType);
+      processResourcePermissions(
+        templateData.additionalResourcePermission,
+        groupedByObjectType[SOURCE_GENERATE_IAM_ROLE.ProcessFindDataRole].resources
+      );
+    }
+    else {
+      // Handle other items
+      groupedByObjectType.Other.push(item);
+    }
+    return item;
+  });
+  // Process "Other" items that might belong to existing object types
+  groupedByObjectType.Other = groupedByObjectType.Other.filter(item => {
+    const templateData = item.templateData;
+    if (!templateData.functionName) return true;
+    // Find matching objectType
+    const matchedObjectType = objectTypeList.find(objectType =>
+      templateData.functionName.toLowerCase().includes(objectType.toLowerCase()) ||
+      templateData.functionName.includes(objectType.charAt(0).toUpperCase() + objectType.slice(1))
+    );
+    if (matchedObjectType) {
+      // Move the item to the matched object type
+      groupedByObjectType[matchedObjectType].actionHandler.push(templateData.handlerType);
+      groupedByObjectType[matchedObjectType].resources = {
+        ...groupedByObjectType[matchedObjectType].resources,
+        ...templateData.additionalResourcePermission
+      };
+      return false; // Remove from Other
+    }
+    return true; // Keep in Other
+  });
+  // Prepare results
+  // Process and prepare data for role definitions and extract any resources
+  // that might be related to object types but weren't categorized properly
+  const roles = [];
+  const otherResources = []
+  Object.entries(groupedByObjectType).forEach(([objectType, data]) => {
+    if (objectType === 'Other' || !data.resources) return;
+    // สร้าง policy statements จาก resources
+    const rolePolicyStatement = [];
+    Object.entries(data.resources).forEach(([effect, permissionList]) => {
+      if (!Array.isArray(permissionList)) {
+        // permissionList might be in a different format
+        if (typeof permissionList === 'object' && !Array.isArray(permissionList)) {
+          // Handle non-standard format
+          const actions = [];
+          if (permissionList.action) {
+            const actionObj = permissionList.action;
+            Object.entries(actionObj).forEach(([service, actionList]) => {
+              const actionArray = Array.isArray(actionList) ? actionList : [actionList];
+              actionArray.forEach(action => actions.push(`${service}:${action}`));
+            });
+          }
+          rolePolicyStatement.push({
+            Effect: permissionList.effect || 'Allow',
+            Action: actions,
+            Resource: permissionList.resource
+          });
+          return;
+        }
+        rolePolicyStatement.push({
+          Effect: permissionList.effect,
+          Action: actions,
+          Resource: permission.resource
+        });
+        return;
+      };
+      permissionList.forEach(permission => {
+        const actions = permission.actions.map(action => `${effect}:${action}`);
+        rolePolicyStatement.push({
+          Effect: 'Allow',
+          Action: actions,
+          Resource: permission.resource
+        });
+      });
+    });
+    if (rolePolicyStatement.length > 0) {
+      roles.push({
+        roleName: upperCase(objectType),
+        rolePolicyStatement
+      });
+    }
+  });
+  const reformattedData = {
+    roles,
+  };
+  const sharedResourceTemplatePath = path.join(__dirname, './sharedResourceTemplate.ejs')
+  return {
+    templatePath: sharedResourceTemplatePath,
+    templateData: reformattedData,
+    setting: {
+      initialData: 'Resources:\n',
+      savePath: path.join(srcPath, SOURCE_PATH.appYaml),
+      saveFileName: SAVE_FILE_NAME.sharedResourceYaml,
+      fileExtension: '.yml',
+      isAppend: true
+    }
+  }
+};

package/src/TemplateManager/src/Role/sharedResourceTemplate.ejs ADDED Viewed

@@ -0,0 +1,58 @@
+#IAM Role for Upload Schema functionality
+  UploadSchemaRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: ${self:custom.iz_resourcePrefix}UploadSchemaRole
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: "lambda.amazonaws.com"
+            Action: sts:AssumeRole
+      # this is the managed policy for lambda basic execution ex. logging to cloudwatch
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+        - arn:aws:iam::${self:custom.iz_accountId}:policy/UploadSchemaSharedPolicy
+      Policies:
+        - PolicyName: ${self:custom.iz_resourcePrefix}UploadSchemaPolicy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - s3:PutObject
+                  - s3:GetObject
+                  - s3:ListBucket
+                Resource:
+                  - arn:aws:s3:::object-schema/*
+                  - arn:aws:s3:::object-schema/perServiceSchemas/${self:custom.iz_serviceTag}/*
+<% if (roles && roles.length > 0) { -%>
+<% roles.forEach(function(role) { %>
+  <%= role.roleName %>Role:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: ${self:custom.iz_resourcePrefix}<%= role.roleName %>Role
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: "lambda.amazonaws.com"
+            Action: sts:AssumeRole
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+      Policies:
+        - PolicyName: ${self:custom.iz_resourcePrefix}<%= role.roleName %>Policy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:<% role.rolePolicyStatement.forEach(function(statement) { %>
+              - Effect: <%= statement.Effect %><%_ if (Array.isArray(statement.Action)) { %>
+                Action:<% statement.Action.forEach(function(action) { %>
+                  - <%= action %><% }); %><% } else { %>Action: <%= statement.Action %><% } -%>
+                <% if (Array.isArray(statement.Resource)) { %>
+                Resource:<% statement.Resource.forEach(function(resource) { %>
+                  - <%= resource -%><% }); %><% } else { %>
+                Resource: <%= statement.Resource %><% } %><% }); %>
+  <% }); %>
+<% } %>

package/src/TemplateManager/src/TranslateIdReq/TranslateIds/functionYaml/HdrDsq/data.js CHANGED Viewed

@@ -50,7 +50,7 @@ function createTranslateIdFunctionYamlHdrDsq(srcPath) {
         ],
         [RESOURCE_CLASSES.sns]:
           [
-            SNS_RESOURCE.publish, SNS_RESOURCE.subscription
+            SNS_RESOURCE.publish, SNS_RESOURCE.subscribe
           ]
       },
       [

package/src/TemplateManager/src/TranslateIdReq/TranslateIds/functionYaml/HdrSqs/data.js CHANGED Viewed

@@ -50,7 +50,7 @@ function createTranslateIdFunctionYmlHdrSqs(srcPath) {
         ],
         [RESOURCE_CLASSES.sns]:
           [
-            SNS_RESOURCE.publish, SNS_RESOURCE.subscription
+            SNS_RESOURCE.publish, SNS_RESOURCE.subscribe
           ]
       },
       [

package/src/TemplateManager/src/externalService/FunctionNameConfig/data.js CHANGED Viewed

@@ -23,61 +23,137 @@ const { firstLetterLowerCase: lowerCase, firstLetterUpperCase: upperCase } = req
 const { SOURCE_PATH } = require('../../libs/Consts');
 const templateYamlPath = path.join(__dirname, "./templateYaml.ejs");
 const templatePathIntTestPath = path.join(__dirname, "./templateIntTesting.ejs");
+const { SOURCE_GENERATE_IAM_ROLE } = require("../../libs/Consts");
 function data(_izContext, createSourceParams, srcPath) {
-  // console.log("createSourceParams in Data", createSourceParams);
-  const functionNameConfigs = new Set();
-  let createFunctionNameConfig = []
-  for (let { templatePath, templateData, setting } of createSourceParams) {
-    if (templateData?.functionNameConfig !== undefined) {
-      functionNameConfigs.add(templateData.functionNameConfig)
+  // ! old code
+  // function createFunctionNameConfigFileYaml(functionNameConfigs, srcPath) {
+  //   let createFunctionNameConfigYaml = []
+  //   createFunctionNameConfigYaml.push(
+  //     {
+  //       templatePath: templateYamlPath,
+  //       templateData: {
+  //         functionNameConfigs: functionNameConfigs
+  //       },
+  //       setting: {
+  //         savePath: path.join(srcPath, SOURCE_PATH.appYaml),
+  //         saveFileName: "FunctionNameConfig",
+  //         fileExtension: ".yml",
+  //         isAppend: true
+  //       }
+  //     }
+  //   )
+  //   return createFunctionNameConfigYaml
+  // }
+  // Extract role names from object types in createSourceParams
+  const roleNameConfigs = new Set();
+  const roleNameConcatConfigs = new Set();
+  // Add default IAM roles from configuration
+  Object.entries(SOURCE_GENERATE_IAM_ROLE)
+    .filter(([_, enabled]) => enabled)
+    .forEach(([_, value]) => {
+      roleNameConfigs.add(`${upperCase(value)}Role`);
+      roleNameConcatConfigs.add(`${upperCase(value)}`);
+    });
+  for (const { templateData } of createSourceParams) {
+    if (templateData?.objectType) {
+      roleNameConfigs.add(`${upperCase(templateData.objectType)}Role`);
+      roleNameConcatConfigs.add(`${upperCase(templateData.objectType)}`);
     }
   }
-  let createFunctionNameConfigYaml = createFunctionNameConfigFileYaml(functionNameConfigs, srcPath);
-  let createFunctionNameConfigJs = createFunctionNameConfigFileJs(functionNameConfigs, srcPath);
-  createFunctionNameConfig.push(...createFunctionNameConfigYaml, ...createFunctionNameConfigJs)
-  return createFunctionNameConfig
+  // Generate YAML and JS configurations
+  const roleConfigYaml = createRoleNameConfigFileYaml(roleNameConfigs, srcPath);
+  const roleConfigJs = createRoleNameConfigFileJs(roleNameConcatConfigs, srcPath);
+  // Combine and return all configurations
+  return [...roleConfigYaml, ...roleConfigJs];
 }
-function createFunctionNameConfigFileYaml(functionNameConfigs, srcPath) {
-  let createFunctionNameConfigYaml = []
-  createFunctionNameConfigYaml.push(
+// ! old code
+// function createFunctionNameConfigFileYaml(functionNameConfigs, srcPath) {
+//   let createFunctionNameConfigYaml = []
+//   createFunctionNameConfigYaml.push(
+//     {
+//       templatePath: templateYamlPath,
+//       templateData: {
+//         functionNameConfigs: functionNameConfigs
+//       },
+//       setting: {
+//         savePath: path.join(srcPath, SOURCE_PATH.appYaml),
+//         saveFileName: "FunctionNameConfig",
+//         fileExtension: ".yml",
+//         isAppend: true
+//       }
+//     }
+//   )
+//   return createFunctionNameConfigYaml
+// }
+// ! old code
+// function createFunctionNameConfigFileJs(functionNameConfigs, srcPath) {
+//   let createFunctionNameConfigJs = []
+//   createFunctionNameConfigJs.push(
+//     {
+//       templatePath: templatePathIntTestPath,
+//       templateData: {
+//         functionNameConfigs: functionNameConfigs
+//       },
+//       setting: {
+//         savePath: path.join(srcPath, SOURCE_PATH.externalService),
+//         saveFileName: "FunctionNameConfig",
+//         fileExtension: ".js",
+//         isAppend: true
+//       }
+//     }
+//   )
+//   return createFunctionNameConfigJs
+// }
+function createRoleNameConfigFileYaml(roleNameConfigs, srcPath) {
+  let createRoleNameConfigYaml = []
+  createRoleNameConfigYaml.push(
     {
       templatePath: templateYamlPath,
       templateData: {
-        functionNameConfigs: functionNameConfigs
+        roleNameConfigs: roleNameConfigs
       },
       setting: {
         savePath: path.join(srcPath, SOURCE_PATH.appYaml),
-        saveFileName: "FunctionNameConfig",
+        saveFileName: "RoleNameConfig",
         fileExtension: ".yml",
         isAppend: true
       }
     }
   )
-  return createFunctionNameConfigYaml
+  return createRoleNameConfigYaml
 }
-function createFunctionNameConfigFileJs(functionNameConfigs, srcPath) {
-  let createFunctionNameConfigJs = []
-  createFunctionNameConfigJs.push(
+function createRoleNameConfigFileJs(roleNameConfigs, srcPath) {
+  let createRoleNameConfigJs = []
+  createRoleNameConfigJs.push(
     {
       templatePath: templatePathIntTestPath,
       templateData: {
-        functionNameConfigs: functionNameConfigs
+        roleNameConfigs: roleNameConfigs
       },
       setting: {
         savePath: path.join(srcPath, SOURCE_PATH.externalService),
-        saveFileName: "FunctionNameConfig",
+        saveFileName: "RoleNameConfig",
         fileExtension: ".js",
         isAppend: true
       }
     }
   )
-  return createFunctionNameConfigJs
+  return createRoleNameConfigJs
 }
 module.exports = data;

package/src/TemplateManager/src/externalService/FunctionNameConfig/templateIntTesting.ejs CHANGED Viewed

@@ -17,13 +17,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 'use strict';
-module.exports.generatedIntTestFunctionNameConfig = () => {
-let functionNameConfigIntTest = [
-  <% functionNameConfigs.forEach(functionNameConfig => { _%>
-    "<%- firstLetterUpperCase(functionNameConfig) %>",
+module.exports.generatedIntTestRoleNameConfig = () => {
+let roleNameConfigIntTest = [
+    <% roleNameConfigs.forEach(roleNameConfig => { _%>
+    "<%- firstLetterUpperCase(roleNameConfig) %>",
     <% }) _%>
     ]
-    return functionNameConfigIntTest
+    return roleNameConfigIntTest
   }
 <%_function firstLetterUpperCase(text) {

package/src/TemplateManager/src/externalService/FunctionNameConfig/templateYaml.ejs CHANGED Viewed

@@ -1,7 +1,7 @@
 # for createIamRole
-<% functionNameConfigs.forEach(functionNameConfig => { _%>
-- ${self:custom.iz_prefixIamRole}<%- firstLetterUpperCase(functionNameConfig) %>${self:custom.iz_suffixIamRole}
+<% roleNameConfigs.forEach(roleNameConfig => { _%>
+- arn:aws:iam::${self:custom.iz_accountId}:role/${self:custom.iz_resourcePrefix}<%- firstLetterUpperCase(roleNameConfig) %>
 <% }) _%>