diff --git a/lib/alks-api.js b/lib/alks-api.js index 09aad3e..d55dfdc 100644 --- a/lib/alks-api.js +++ b/lib/alks-api.js @@ -1,52 +1,37 @@ /*jslint node: true */ 'use strict'; -var _ = require('underscore'), +let _ = require('underscore'), request = require('request'), moment = require('moment'), Buffer = require('buffer').Buffer; -var exports = module.exports = {}; - // process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0; // for testing self-signed endpoints -var ALKS_MAX_DURATION = 18, // reducing due to EB not honoring long sessions: , 24, 36 ], +let ALKS_MAX_DURATION = 18, // reducing due to EB not honoring long sessions: , 24, 36 ], AWS_SIGNIN_URL = 'https://signin.aws.amazon.com/federation', AWS_CONSOLE_URL = 'https://console.aws.amazon.com/', SANITIZE_FIELDS = [ 'password', 'refreshToken', 'accessToken', 'accessKey', 'secretKey', 'sessionToken' ], DEFAULT_UA = 'alks-node', STATUS_SUCCESS = 'success'; -var getMessageFromBadResponse = function(results){ - if(results.body){ - if(results.body.statusMessage){ - return results.body.statusMessage; - } - else if(results.body.errorMessage){ - return results.body.errorMessage; - } - } - - return 'Bad response received, please check API URL.'; -}; - -var getMessageFromRefreshToAccess = function(results) { +let getMessageFromBadResponse = function(results){ if (results.body) { if (results.body.errors) { return results.body.errors; } } return 'Bad response received, please check API URL.'; -} +}; -var log = function(section, msg, options){ +let log = function(section, msg, options){ if(options.debug){ console.error([ '[', section, ']: ', msg ].join('')); } }; -var sanitizeData = function(data){ - var cleansed = {}; +let sanitizeData = function(data){ + let cleansed = {}; _.each(data, function(val, field){ cleansed[field] = _.contains(SANITIZE_FIELDS, field) ? '********' : val; }); @@ -54,7 +39,7 @@ var sanitizeData = function(data){ return cleansed; }; -var injectAuth = function(payload, headers, auth, options, callback){ +let injectAuth = function(payload, headers, auth, options, callback){ payload = payload || {}; headers = headers || {}; @@ -72,7 +57,7 @@ var injectAuth = function(payload, headers, auth, options, callback){ }); } else{ - var base64BasicCredentials = Buffer.from(payload.userid + ':' + auth.password).toString('base64'); + let base64BasicCredentials = Buffer.from(payload.userid + ':' + auth.password).toString('base64'); headers.Authorization = 'Basic ' + base64BasicCredentials; delete payload.token; delete payload.password; @@ -83,16 +68,16 @@ var injectAuth = function(payload, headers, auth, options, callback){ }; exports.getDurations = function(account, auth, opts, callback){ - if (arguments.length == 0) return [1]; // for legacy support + if (arguments.length === 0) return [1]; // for legacy support - var options = _.extend({ + let options = _.extend({ debug: false, ua: DEFAULT_UA }, opts); - var headers = { 'User-Agent': options.ua }; - var accountId = account.alksAccount.substring(0,12); - var endpoint = account.server + '/loginRoles/id/' + accountId + '/' + account.alksRole; - var payload = _.extend({ + let headers = { 'User-Agent': options.ua }; + let accountId = account.alksAccount.substring(0,12); + let endpoint = account.server + '/loginRoles/id/' + accountId + '/' + account.alksRole; + let payload = _.extend({ account: account.alksAccount, role: account.alksRole }, account); @@ -114,22 +99,22 @@ exports.getDurations = function(account, auth, opts, callback){ return callback(new Error(getMessageFromBadResponse(results))); } - var body = JSON.parse(results.body); + let body = JSON.parse(results.body); if(body.statusMessage.toLowerCase() !== STATUS_SUCCESS){ return callback(new Error(results.body.statusMessage)); } - var maxKeyDuration = Math.min(ALKS_MAX_DURATION, body.loginRole.maxKeyDuration); - var durations = []; - for(var i=1; i<=maxKeyDuration; i++) durations.push(i); + let maxKeyDuration = Math.min(ALKS_MAX_DURATION, body.loginRole.maxKeyDuration); + let durations = []; + for(let i=1; i<=maxKeyDuration; i++) durations.push(i); callback(null, durations); }); }); }; exports.createKey = function(account, auth, duration, opts, callback){ - var payload = _.extend({ + let payload = _.extend({ sessionTime: duration, account: account.alksAccount, role: account.alksRole @@ -183,7 +168,7 @@ exports.createIamKey = function(account, auth, duration, opts, callback){ opts = duration; duration = 1; } - var payload = _.extend({ + let payload = _.extend({ sessionTime: duration, account: account.alksAccount, role: account.alksRole @@ -231,7 +216,7 @@ exports.createIamKey = function(account, auth, duration, opts, callback){ }; exports.createLongTermKey = function(account, auth, iamUserName, opts, callback){ - var payload = _.extend({ + let payload = _.extend({ account: account.alksAccount, role: account.alksRole, iamUserName: iamUserName @@ -280,7 +265,7 @@ exports.createLongTermKey = function(account, auth, iamUserName, opts, callback) }; exports.createIamRole = function(account, auth, roleName, roleType, includeDefaultPolicies, enableAlksAccess, opts, callback){ - var payload = _.extend({ + let payload = _.extend({ account: account.alksAccount, role: account.alksRole, roleName: roleName, @@ -330,7 +315,7 @@ exports.createIamRole = function(account, auth, roleName, roleType, includeDefau }; exports.createIamTrustRole = function(account, auth, roleName, roleType, trustArn, enableAlksAccess, opts, callback){ - var payload = _.extend({ + let payload = _.extend({ account: account.alksAccount, role: account.alksRole, roleName: roleName, @@ -380,7 +365,7 @@ exports.createIamTrustRole = function(account, auth, roleName, roleType, trustAr }; exports.getAccounts = function(server, userid, auth, opts, callback){ - var payload = { userid: userid, server: server }, + let payload = { userid: userid, server: server }, options = _.extend({ debug: false, ua: DEFAULT_UA @@ -407,28 +392,15 @@ exports.getAccounts = function(server, userid, auth, opts, callback){ return callback(new Error(getMessageFromBadResponse(results))); } - var accounts = []; + let accounts = []; - // new API style to support IAM - if(results.body.accountListRole){ - _.each(results.body.accountListRole, function(role, acct){ - accounts.push({ - account: acct, - role: role[0].role, - iam: role[0].iamKeyActive - }); - }); - } - // v1 API style without IAM - else{ - _.each(results.body.accountRoles, function(role, acct){ - accounts.push({ - account: acct, - role: role[0], - iam: false - }); + _.each(results.body.accountListRole, function(role, acct){ + accounts.push({ + account: acct, + role: role[0].role, + iam: role[0].iamKeyActive }); - } + }); accounts = _.sortBy(accounts, function(account){ return account.account; }); @@ -438,7 +410,7 @@ exports.getAccounts = function(server, userid, auth, opts, callback){ }; exports.getIamRoleTypes = function(server, userid, auth, opts, callback){ - var payload = { userid: userid, server: server }, + let payload = { userid: userid, server: server }, options = _.extend({ debug: false, ua: DEFAULT_UA @@ -471,7 +443,7 @@ exports.getIamRoleTypes = function(server, userid, auth, opts, callback){ }; exports.generateConsoleUrl = function(key, opts, callback){ - var payload = { + let payload = { sessionId: key.accessKey, sessionKey: key.secretKey, sessionToken: key.sessionToken @@ -481,7 +453,7 @@ exports.generateConsoleUrl = function(key, opts, callback){ ua: DEFAULT_UA }, opts); - var urlParms = '?Action=getSigninToken&SessionType=json&Session=' + encodeURIComponent(JSON.stringify(payload)), + let urlParms = '?Action=getSigninToken&SessionType=json&Session=' + encodeURIComponent(JSON.stringify(payload)), endpoint = AWS_SIGNIN_URL + urlParms; log('api:generateConsoleUrl', 'generating console url at endpoint: ' + endpoint, options); @@ -501,10 +473,10 @@ exports.generateConsoleUrl = function(key, opts, callback){ return callback(new Error(results.body)); } else{ - var returnedData = JSON.parse(results.body); + let returnedData = JSON.parse(results.body); if(!_.isEmpty(returnedData.SigninToken)){ - var consoleUrl = [ + let consoleUrl = [ AWS_SIGNIN_URL, '?Action=login', '&Destination=', @@ -524,7 +496,7 @@ exports.generateConsoleUrl = function(key, opts, callback){ }; exports.deleteIamRole = function(account, auth, roleName, opts, callback){ - var payload = _.extend({ + let payload = _.extend({ account: account.alksAccount, role: account.alksRole, roleName: roleName @@ -566,7 +538,7 @@ exports.deleteIamRole = function(account, auth, roleName, opts, callback){ }; exports.deleteLongTermKey = function(account, auth, iamUserName, opts, callback){ - var payload = _.extend({ + let payload = _.extend({ account: account.alksAccount, role: account.alksRole, iamUserName: iamUserName @@ -594,7 +566,7 @@ exports.deleteLongTermKey = function(account, auth, iamUserName, opts, callback) return callback(err); } else if(results.statusCode !== 200){ - log('api:deleteLongTermKey', 'receieved bad response: ' + endpoint, results.body); + log('api:deleteLongTermKey', 'received bad response: ' + endpoint, results.body); if(results.body.errors && results.body.errors.length){ return callback(new Error(results.body.errors[0]), null); @@ -610,7 +582,7 @@ exports.deleteLongTermKey = function(account, auth, iamUserName, opts, callback) }; exports.refreshTokenToAccessToken = function(account, token, opts, callback){ - var payload = _.extend({ + let payload = _.extend({ account: account.alksAccount, refreshToken: token }, account), @@ -635,7 +607,7 @@ exports.refreshTokenToAccessToken = function(account, token, opts, callback){ return callback(err); } else if(results.statusCode !== 200){ - return callback(new Error(getMessageFromRefreshToAccess(results))); + return callback(new Error(getMessageFromBadResponse(results))); } if(results.body.errors && results.body.errors.length){