Modernize code

src/devops-app/access.mjs

@@ -0,0 +1,70 @@
+/** @typedef {import('@aws-sdk/client-organizations').ListAccountsResponse} ListAccountsResponse */
+/** @typedef {import('@aws-sdk/client-sts').AssumeRoleResponse} AssumeRoleResponse */
+
+import { STSClient, AssumeRoleCommand } from "@aws-sdk/client-sts";
+import {
+  OrganizationsClient,
+  ListAccountsCommand,
+} from "@aws-sdk/client-organizations";
+
+const sts = new STSClient({ apiVersion: "2011-06-15" });
+
+export function regions() {
+  return ["us-east-1", "us-east-2", "us-west-2"];
+}
+
+/**
+ * Returns an assumed DevOps role from the given account
+ * @param {string} awsAccountId
+ * @returns {Promise<AssumeRoleResponse>}
+ */
+export async function devopsRole(awsAccountId) {
+  const roleArn = `arn:aws:iam::${awsAccountId}:role/${process.env.DEVOPS_CROSS_ACCOUNT_ACCESS_ROLE_NAME}`;
+
+  return sts.send(
+    new AssumeRoleCommand({
+      RoleArn: roleArn,
+      RoleSessionName: "devops_slack_app",
+    }),
+  );
+}
+
+/**
+ * Returns an assumed Organization data sharing role from the given account
+ * @returns {Promise<AssumeRoleResponse>}
+ */
+export async function orgSharingRole() {
+  return sts.send(
+    new AssumeRoleCommand({
+      RoleArn: process.env.AWS_ORGANIZATION_CROSS_ACCOUNT_SHARING_ROLE_ARN,
+      RoleSessionName: "devops_slack_app",
+    }),
+  );
+}
+
+/**
+ * Returns a list of all AWS accounts that exist in an organization
+ * @returns {Promise<ListAccountsResponse>}
+ */
+export async function orgAccounts() {
+  // Assume a role within the Organization's management account that has
+  // permission to `listAccounts`
+  // This is NOT the DevOps shared access account, which exists in each account.
+  // It's a different role that only exists in the management account.
+  const role = await orgSharingRole();
+
+  // The organizations endpoint only exists in us-east-1
+  const organizations = new OrganizationsClient({
+    apiVersion: "2016-11-28",
+    region: "us-east-1",
+    credentials: {
+      accessKeyId: role.Credentials.AccessKeyId,
+      secretAccessKey: role.Credentials.SecretAccessKey,
+      sessionToken: role.Credentials.SessionToken,
+    },
+  });
+
+  const accounts = await organizations.send(new ListAccountsCommand({}));
+
+  return accounts;
+}

src/devops-app/app-home.js → src/devops-app/app-home.mjs

@@ -1,4 +1,4 @@
-const { WebClient } = require("@slack/web-api");
+import { WebClient } from "@slack/web-api";
 
 async function publishOpsView(userId, hash) {
   const web = new WebClient(process.env.SLACK_ACCESS_TOKEN);
@@ -110,30 +110,28 @@ async function publishDefaultView(userId, hash) {
   });
 }
 
-module.exports = {
-  handler: async function handler(payload) {
-    const userId = payload.event.user;
-    const { tab } = payload.event;
+export async function handler(payload) {
+  const userId = payload.event.user;
+  const { tab } = payload.event;
 
-    console.log("App Home opened");
+  console.log("App Home opened");
 
-    // No-op on messages
-    if (tab === "messages") {
-      console.log("Ignore messages tab");
-      return;
-    }
+  // No-op on messages
+  if (tab === "messages") {
+    console.log("Ignore messages tab");
+    return;
+  }
 
-    if (tab === "home") {
-      let hash;
-      if (payload.event.view && payload.event.view.hash) {
-        hash = payload.event.view.hash;
-      }
+  if (tab === "home") {
+    let hash;
+    if (payload.event.view && payload.event.view.hash) {
+      hash = payload.event.view.hash;
+    }
 
-      if (process.env.DEVOPS_SLACK_USER_IDS.split(",").includes(userId)) {
-        await publishOpsView(userId, hash);
-      } else {
-        await publishDefaultView(userId, hash);
-      }
+    if (process.env.DEVOPS_SLACK_USER_IDS.split(",").includes(userId)) {
+      await publishOpsView(userId, hash);
+    } else {
+      await publishDefaultView(userId, hash);
     }
-  },
-};
+  }
+}

src/devops-app/events.mjs

@@ -0,0 +1,37 @@
+import { handler as appHomeHandler } from "./app-home.mjs";
+
+const SLACK_PAYLOAD_TYPE_EVENT_CALLBACK = "event_callback";
+const SLACK_PAYLOAD_TYPE_URL_VERIFICATION = "url_verification";
+
+// Handles API payloads coming from the Slack Events API for any events
+// the Botzee app has subscribed to. Must return an HTTP response object.
+// https://api.slack.com/events-api#event_types
+// https://api.slack.com/events
+// https://api.slack.com/events-api#receiving_events
+export async function handler(event, body) {
+  const payload = JSON.parse(body);
+
+  if (payload.type === SLACK_PAYLOAD_TYPE_URL_VERIFICATION) {
+    console.log("Responding to event URL challenge");
+    return {
+      statusCode: 200,
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ challenge: payload.challenge }),
+    };
+  }
+
+  if (payload.type === SLACK_PAYLOAD_TYPE_EVENT_CALLBACK) {
+    // This should handle all event types that the app is subscribed
+    // to. Some discrete subscriptions share a type, e.g., message.im
+    // and message.mpim both have a `message` type.
+    switch (payload.event.type) {
+      case "app_home_opened":
+        appHomeHandler(payload);
+        break;
+      default:
+        console.log("Unhandled Event API event type");
+    }
+  }
+
+  return { statusCode: 200, headers: {}, body: "" };
+}

src/devops-app/index.mjs

@@ -0,0 +1,5 @@
+import { handler as reqHandler } from "./slack_request.mjs";
+
+export const handler = async (event) => {
+  return reqHandler(event);
+};