@jupiterone/integration-sdk-cli 6.17.0 → 6.21.0

package/src/questions/managedQuestionFileValidator.test.ts

@@ -0,0 +1,175 @@
+import {
+  createApiClient,
+  getApiBaseUrl,
+} from '@jupiterone/integration-sdk-runtime';
+import path from 'path';
+import { validateManagedQuestionFile } from './managedQuestionFileValidator';
+
+function getFixturePath(fixtureName: string) {
+  return path.join(
+    __dirname,
+    './__fixtures__/questions/',
+    `${fixtureName}.yaml`,
+  );
+}
+
+async function dryRunTest(fixtureName: string) {
+  await validateManagedQuestionFile({
+    filePath: getFixturePath(fixtureName),
+  });
+}
+
+describe('#validateManagedQuestionFile dryRun - Valid', () => {
+  test('should validate empty questions file', async () => {
+    await dryRunTest('empty-questions');
+  });
+
+  test('should validate basic question file', async () => {
+    await dryRunTest('basic');
+  });
+
+  test('should validate multiple queries in question', async () => {
+    await dryRunTest('multiple-queries');
+  });
+
+  test('should validate multiple questions', async () => {
+    await dryRunTest('multiple-questions');
+  });
+
+  test('should validate multiple questions', async () => {
+    await dryRunTest('multiple-questions');
+  });
+
+  test('should validate compliance question', async () => {
+    await dryRunTest('compliance');
+  });
+});
+
+describe('#validateManagedQuestionFile dryRun - Invalid', () => {
+  test('should throw if duplicate question id', async () => {
+    await expect(() =>
+      dryRunTest('non-unique-question-id'),
+    ).rejects.toThrowError(
+      `Non-unique question ID found in file (questionId=integration-question-google-cloud-disabled-project-services)`,
+    );
+  });
+
+  test('should throw if duplicate question title', async () => {
+    await expect(() =>
+      dryRunTest('non-unique-question-title'),
+    ).rejects.toThrowError(
+      `Non-unique question title found in file (questionId=integration-question-google-cloud-corporate-login-credentials, questionTitle=Which Google Cloud API services are disabled for my project?)`,
+    );
+  });
+
+  test('should throw if duplicate question tag', async () => {
+    await expect(() =>
+      dryRunTest('non-unique-question-tag'),
+    ).rejects.toThrowError(
+      `Non-unique question tag found (questionId=integration-question-google-cloud-disabled-project-services, tag=google-cloud)`,
+    );
+  });
+
+  test('should throw if duplicate query name in question', async () => {
+    await expect(() =>
+      dryRunTest('non-unique-question-name'),
+    ).rejects.toThrowError(
+      `Duplicate query name in question detected (questionId=integration-question-google-cloud-corporate-login-credentials, queryName=good)`,
+    );
+  });
+});
+
+describe('#validateManagedQuestionFile input validation', () => {
+  test('should throw if file does not exist', async () => {
+    await expect(() => dryRunTest('invalid-file-path')).rejects.toThrowError(
+      `Question file not found (filePath=${getFixturePath(
+        'invalid-file-path',
+      )})`,
+    );
+  });
+
+  test('should throw if file invalid YAML', async () => {
+    await expect(() => dryRunTest('invalid-yaml')).rejects.toThrowError(
+      `can not read a block mapping entry; a multiline key may not be an implicit key`,
+    );
+  });
+});
+
+describe('#validateManagedQuestionFile non-dryRun', () => {
+  test('should validate non-dry run', async () => {
+    const apiClient = createApiClient({
+      apiBaseUrl: getApiBaseUrl(),
+      account: 'test-account',
+    });
+
+    const postSpy = jest.spyOn(apiClient, 'post').mockResolvedValue({
+      data: [
+        {
+          query: 'find google_user with email $="@{{domain}}"',
+          valid: true,
+        },
+        {
+          query: 'find google_user with email !$="@{{domain}}"',
+          valid: true,
+        },
+      ],
+    });
+
+    await validateManagedQuestionFile({
+      apiClient,
+      filePath: getFixturePath('multiple-queries'),
+    });
+
+    expect(postSpy).toHaveBeenCalledTimes(1);
+    expect(postSpy).toHaveBeenCalledWith('/j1ql/validate', {
+      queries: [
+        'find google_user with email $="@{{domain}}"',
+        'find google_user with email !$="@{{domain}}"',
+      ],
+    });
+  });
+
+  test('should throw if invalid query provided', async () => {
+    const apiClient = createApiClient({
+      apiBaseUrl: getApiBaseUrl(),
+      account: 'test-account',
+    });
+
+    const invalidQueryResult = 'find google_user with email $="@{{domain}}"';
+
+    const postSpy = jest.spyOn(apiClient, 'post').mockResolvedValue({
+      data: [
+        {
+          query: invalidQueryResult,
+          // NOTE: Mock invalid query response!
+          valid: false,
+        },
+        {
+          query: 'find google_user with email !$="@{{domain}}"',
+          valid: true,
+        },
+      ],
+    });
+
+    await expect(() =>
+      validateManagedQuestionFile({
+        apiClient,
+        filePath: getFixturePath('multiple-queries'),
+      }),
+    ).rejects.toThrowError(
+      `Queries failed to validate (queries=${JSON.stringify(
+        [invalidQueryResult],
+        null,
+        2,
+      )})`,
+    );
+
+    expect(postSpy).toHaveBeenCalledTimes(1);
+    expect(postSpy).toHaveBeenCalledWith('/j1ql/validate', {
+      queries: [
+        'find google_user with email $="@{{domain}}"',
+        'find google_user with email !$="@{{domain}}"',
+      ],
+    });
+  });
+});

package/src/questions/managedQuestionFileValidator.ts

@@ -0,0 +1,180 @@
+import { ApiClient } from '@jupiterone/integration-sdk-runtime';
+import { promises as fs } from 'fs';
+import * as yaml from 'js-yaml';
+import * as Runtypes from 'runtypes';
+import * as queryLanguage from '../services/queryLanguage';
+
+export const ManagedQuestionQueryRecord = Runtypes.Record({
+  name: Runtypes.String.Or(Runtypes.Undefined),
+  query: Runtypes.String,
+});
+
+export const ManagedQuestionComplianceDetailsRecord = Runtypes.Record({
+  standard: Runtypes.String,
+  requirements: Runtypes.Array(Runtypes.String).Or(Runtypes.Undefined),
+  controls: Runtypes.Array(Runtypes.String).Or(Runtypes.Undefined),
+});
+
+export const ManagedQuestionRecord = Runtypes.Record({
+  id: Runtypes.String,
+  title: Runtypes.String,
+  description: Runtypes.String,
+  queries: Runtypes.Array(ManagedQuestionQueryRecord),
+  tags: Runtypes.Array(Runtypes.String),
+  compliance: Runtypes.Array(ManagedQuestionComplianceDetailsRecord).Or(
+    Runtypes.Undefined,
+  ),
+});
+
+export const QuestionUploadFileDataRecord = Runtypes.Record({
+  integrationDefinitionId: Runtypes.String,
+  sourceId: Runtypes.String,
+  questions: Runtypes.Array(ManagedQuestionRecord),
+});
+
+export type ManagedQuestion = Runtypes.Static<typeof ManagedQuestionRecord>;
+export type QuestionUploadFileData = Runtypes.Static<
+  typeof QuestionUploadFileDataRecord
+>;
+
+function validateQuestionIdUniqueness(questions: ManagedQuestion[]) {
+  const questionsIdSet = new Set<string>();
+
+  for (const question of questions) {
+    if (questionsIdSet.has(question.id)) {
+      throw new Error(
+        `Non-unique question ID found in file (questionId=${question.id})`,
+      );
+    }
+
+    questionsIdSet.add(question.id);
+  }
+}
+
+function validateQuestionTitleUniqueness(questions: ManagedQuestion[]) {
+  const questionTitleSet = new Set<string>();
+
+  for (const question of questions) {
+    if (questionTitleSet.has(question.title)) {
+      throw new Error(
+        `Non-unique question title found in file (questionId=${question.id}, questionTitle=${question.title})`,
+      );
+    }
+
+    questionTitleSet.add(question.title);
+  }
+}
+
+function validateQuestionQueryNameUniqueness(questions: ManagedQuestion[]) {
+  for (const question of questions) {
+    const questionQueryNameSet = new Set<string>();
+
+    for (const query of question.queries) {
+      if (query.name) {
+        if (questionQueryNameSet.has(query.name)) {
+          throw new Error(
+            `Duplicate query name in question detected (questionId=${question.id}, queryName=${query.name})`,
+          );
+        }
+
+        questionQueryNameSet.add(query.name);
+      }
+    }
+  }
+}
+
+async function validateQuestionQueries(
+  apiClient: ApiClient,
+  questions: ManagedQuestion[],
+) {
+  const queries: string[] = [];
+
+  for (const question of questions) {
+    for (const query of question.queries) {
+      queries.push(query.query);
+    }
+  }
+
+  const queryValidationResults = await queryLanguage.validateQueries(
+    apiClient,
+    queries,
+  );
+
+  const failedQueries = queryValidationResults
+    .filter((r) => r.valid === false)
+    .map((r) => r.query);
+
+  if (failedQueries.length) {
+    throw new Error(
+      `Queries failed to validate (queries=${JSON.stringify(
+        failedQueries,
+        null,
+        2,
+      )})`,
+    );
+  }
+}
+
+function validateQuestionTagUniqueness(questions: ManagedQuestion[]) {
+  for (const question of questions) {
+    const questionTagSet = new Set<string>();
+
+    for (const tag of question.tags) {
+      if (questionTagSet.has(tag)) {
+        throw new Error(
+          `Non-unique question tag found (questionId=${question.id}, tag=${tag})`,
+        );
+      }
+
+      questionTagSet.add(tag);
+    }
+  }
+}
+
+function validateQuestionFileData(questionFile: QuestionUploadFileData) {
+  QuestionUploadFileDataRecord.check(questionFile);
+
+  validateQuestionIdUniqueness(questionFile.questions);
+  validateQuestionTitleUniqueness(questionFile.questions);
+  validateQuestionTagUniqueness(questionFile.questions);
+  validateQuestionQueryNameUniqueness(questionFile.questions);
+}
+
+async function loadFile(filePath: string) {
+  try {
+    const file = await fs.readFile(filePath, {
+      encoding: 'utf-8',
+    });
+
+    return file;
+  } catch (err) {
+    if (err.code === 'ENOENT') {
+      throw new Error(`Question file not found (filePath=${filePath})`);
+    }
+
+    throw err;
+  }
+}
+
+async function loadQuestionFile(filePath: string) {
+  const rawQuestionFile = await loadFile(filePath);
+  return yaml.load(rawQuestionFile) as QuestionUploadFileData;
+}
+
+type ValidateManagedQuestionFileParams = {
+  filePath: string;
+  apiClient?: ApiClient;
+};
+
+export async function validateManagedQuestionFile(
+  params: ValidateManagedQuestionFileParams,
+) {
+  const { filePath, apiClient } = params;
+
+  const parsedQuestionFile = await loadQuestionFile(filePath);
+  validateQuestionFileData(parsedQuestionFile);
+
+  if (apiClient) {
+    await validateQuestionQueries(apiClient, parsedQuestionFile.questions);
+  }
+}

package/src/services/queryLanguage.ts

@@ -0,0 +1,46 @@
+import chunk from 'lodash/chunk';
+import { ApiClient } from '@jupiterone/integration-sdk-runtime';
+
+enum QueryLanguageErrorCode {
+  PARSER_ERROR = 'PARSER_ERROR',
+  VALIDATION_ERROR = 'VALIDATION_ERROR',
+  INTERNAL_SERVER_ERROR = 'INTERNAL_SERVER_ERROR',
+  FORBIDDEN_ERROR = 'FORBIDDEN_ERROR',
+}
+
+type ParseAndValidateRawQueriesResult = {
+  valid: boolean;
+  query: string;
+  error?: {
+    message: string;
+    code: QueryLanguageErrorCode;
+  };
+};
+
+type ParseAndValidateRawQueriesResults = ParseAndValidateRawQueriesResult[];
+
+/**
+ * Maximum number of queries that can be supplied to `/j1ql/validate` endpoint
+ */
+const MAX_QUERIES_TO_VALIDATE = 250;
+
+/**
+ * Sends queries to `/j1ql/validate` in batches to be validated
+ */
+export async function validateQueries(
+  apiClient: ApiClient,
+  queries: string[],
+): Promise<ParseAndValidateRawQueriesResults> {
+  const queryBatches = chunk(queries, MAX_QUERIES_TO_VALIDATE);
+  let overallResults: ParseAndValidateRawQueriesResults = [];
+
+  for (const queryBatch of queryBatches) {
+    const result = await apiClient.post('/j1ql/validate', {
+      queries: queryBatch,
+    });
+
+    overallResults = overallResults.concat(result.data);
+  }
+
+  return overallResults;
+}