pwa-kit/packages/template-mrt-reference-app/src/isolation-actions.js at e40448f79291700609b01624249e1fbf5350713f · SalesforceCommerceCloud/pwa-kit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
/*
 * Copyright (c) 2023, Salesforce, Inc.
 * All rights reserved.
 * SPDX-License-Identifier: BSD-3-Clause
 * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
 */
/* eslint-disable @typescript-eslint/no-var-requires */

const {LambdaClient, InvokeCommand} = require('@aws-sdk/client-lambda')
const {S3Client, GetObjectCommand} = require('@aws-sdk/client-s3')
const {CloudWatchLogsClient, PutLogEventsCommand} = require('@aws-sdk/client-cloudwatch-logs')

export const isolationOriginLambdaTest = async (input) => {
    const client = new LambdaClient()
    try {
        await client.send(new InvokeCommand(input))
    } catch (e) {
        if (e.name === 'AccessDeniedException') {
            return true
        }
        console.error(e)
    }
    console.error('Lambda isolation test failed!')
    return false
}

export const isolationS3Test = async (input) => {
    const client = new S3Client({region: 'us-east-1'})
    try {
        await client.send(new GetObjectCommand(input))
    } catch (e) {
        if (e.name === 'AccessDenied') {
            return true
        }
        console.error(e)
    }
    console.error('S3 isolation test failed!')
    return false
}

export const isolationLogsTest = async (input) => {
    const client = new CloudWatchLogsClient()
    try {
        const inputValues = {
            ...input,
            logEvents: [
                {
                    timestamp: Date.now(),
                    message: 'This is plastic'
                }
            ]
        }
        await client.send(new PutLogEventsCommand(inputValues))
    } catch (e) {
        if (e.name === 'AccessDeniedException') {
            return true
        }
        console.error(e)
    }
    console.error('Log group isolation test failed!')
    return false
}

export const executeIsolationTests = async (params) => {
    const tests = [
        {name: 'origin', keys: ['FunctionName'], fn: isolationOriginLambdaTest},
        {name: 'storage', keys: ['Bucket', 'Key'], fn: isolationS3Test},
        {name: 'logs', keys: ['logGroupName', 'logStreamName'], fn: isolationLogsTest}
    ]
    let results = {}
    for (const test of tests) {
        const {keys, fn, name} = test
        const input = Object.keys(params)
            .filter((key) => keys.includes(key))
            .reduce((obj, key) => {
                obj[key] = params[key]
                return obj
            }, {})
        results[name] = await fn(input)
    }
    return results
}

export const isolationTests = async (req, res) => {
    const results = await executeIsolationTests(req.query)
    res.header('Content-Type', 'application/json')
    res.send(JSON.stringify(results, null, 4))
}