async ruleGroupOperations()

in source/networkFirewallAutomation/lib/network-firewall-manager.ts [233:331]

• 93 lines of code
• 14 McCabe index (conditional complexity)

  async ruleGroupOperations(policyObject: NetworkFirewall.CreateFirewallPolicyRequest): Promise<NetworkFirewall.CreateFirewallPolicyRequest> {
    Logger.log(LOG_LEVEL.INFO, `Checking rule groups found in the firewall policy`)
    let statelessRuleGroupsForRollback = []
    let statefulRuleGroupsForRollback = []
    this.ruleGroupArnsInFirewall = await this.service.listRuleGroupsForPolicy(policyObject.FirewallPolicyName);

    try {

      if (policyObject.FirewallPolicy.StatelessRuleGroupReferences) {
        for (let statelessRuleGroupReference of policyObject.FirewallPolicy.StatelessRuleGroupReferences) {
          let statelessRuleGroupObject: NetworkFirewall.CreateRuleGroupRequest = await this.fileHandler.convertFileToObject(statelessRuleGroupReference.ResourceArn)
          Logger.log(LOG_LEVEL.INFO, `Checking if stateless rule group exists: ${statelessRuleGroupObject.RuleGroupName}`)
          let describeRuleGroupResponse = await this.service.describeRuleGroup(
            statelessRuleGroupObject.RuleGroupName,
            RuleGroupType.Stateless
          )
          Logger.log(LOG_LEVEL.INFO, `Describe Rule group response`, describeRuleGroupResponse)
          if (describeRuleGroupResponse) {
            statelessRuleGroupsForRollback.push(describeRuleGroupResponse)
            Logger.log(LOG_LEVEL.INFO, `Found existing stateless rule group, trying to update it.`)
            await this.service.updateRuleGroup({
              UpdateToken: describeRuleGroupResponse.UpdateToken,
              Description: statelessRuleGroupObject.Description,
              RuleGroup: statelessRuleGroupObject.RuleGroup,
              RuleGroupArn: describeRuleGroupResponse.RuleGroupResponse.RuleGroupArn,
              Type: statelessRuleGroupObject.Type
            })
            statelessRuleGroupReference.ResourceArn = describeRuleGroupResponse.RuleGroupResponse.RuleGroupArn
          } else {
            Logger.log(LOG_LEVEL.INFO, `Creating rule group: ${statelessRuleGroupObject.RuleGroupName}`)
            let createRuleGroupResponse = await this.service.createRuleGroup(statelessRuleGroupObject)
            statelessRuleGroupReference.ResourceArn = createRuleGroupResponse.RuleGroupResponse.RuleGroupArn
            Logger.log(LOG_LEVEL.INFO, statelessRuleGroupReference)
            Logger.log(LOG_LEVEL.INFO, `Create Rule group response`, createRuleGroupResponse)
          }
        }
      }
      if (policyObject.FirewallPolicy.StatefulRuleGroupReferences) {
        for (let statefulRuleGroupReference of policyObject.FirewallPolicy.StatefulRuleGroupReferences) {
          let statefulRuleGroupObject: NetworkFirewall.CreateRuleGroupRequest = this.fileHandler.convertFileToObject(statefulRuleGroupReference.ResourceArn)
          if (statefulRuleGroupObject.Rules) {
            statefulRuleGroupObject.Rules = this.fileHandler.copyFileContentToString(statefulRuleGroupObject.Rules)
          }
          Logger.log(LOG_LEVEL.INFO, `Checking if stateful rule group exists: ${statefulRuleGroupObject.RuleGroupName}`)
          let describeRuleGroupResponse = await this.service.describeRuleGroup(
            statefulRuleGroupObject.RuleGroupName,
            RuleGroupType.Stateful
          )
          Logger.log(LOG_LEVEL.INFO, `Describe Rule group response`, describeRuleGroupResponse)
          if (describeRuleGroupResponse) {
            statefulRuleGroupsForRollback.push(describeRuleGroupResponse)
            //if its a suricata rule group just update the statefulRuleGroupObject.Rules
            if (statefulRuleGroupObject.Rules) {
              await this.service.updateRuleGroup({
                UpdateToken: describeRuleGroupResponse.UpdateToken,
                Description: statefulRuleGroupObject.Description,
                RuleGroupArn: describeRuleGroupResponse.RuleGroupResponse.RuleGroupArn,
                Rules: statefulRuleGroupObject.Rules,
                Type: statefulRuleGroupObject.Type
              })
            } else {
              await this.service.updateRuleGroup({
                UpdateToken: describeRuleGroupResponse.UpdateToken,
                Description: statefulRuleGroupObject.Description,
                RuleGroup: statefulRuleGroupObject.RuleGroup,
                RuleGroupArn: describeRuleGroupResponse.RuleGroupResponse.RuleGroupArn,
                Type: statefulRuleGroupObject.Type
              })
            }

            statefulRuleGroupReference.ResourceArn = describeRuleGroupResponse.RuleGroupResponse.RuleGroupArn
            Logger.log(LOG_LEVEL.INFO, `Found existing stateful rule group, trying to update it.`)
          } else {
            Logger.log(LOG_LEVEL.INFO, `Creating rule group`)
            let createRuleGroupResponse = await this.service.createRuleGroup(statefulRuleGroupObject)
            statefulRuleGroupReference.ResourceArn = createRuleGroupResponse.RuleGroupResponse.RuleGroupArn
            Logger.log(LOG_LEVEL.INFO, statefulRuleGroupReference)
            Logger.log(LOG_LEVEL.INFO, `Create Rule group response`, createRuleGroupResponse)
          }
        }
      }

    } catch (error) {
      Logger.log(LOG_LEVEL.ERROR, error)
      for (let statelessRuleGroup of statelessRuleGroupsForRollback) {
        Logger.log(LOG_LEVEL.WARN, `Rolling back stateless rule group`, statelessRuleGroup)
        await this.service.updateRuleGroup(statelessRuleGroup)
      }
      Logger.log(LOG_LEVEL.WARN, `Rolling back stateful rule groups`, statefulRuleGroupsForRollback)
      for (let statefulRuleGroup of statefulRuleGroupsForRollback) {
        Logger.log(LOG_LEVEL.WARN, `Rolling back stateful rule group`, statefulRuleGroup)
        await this.service.updateRuleGroup(statefulRuleGroup)
      }
      Logger.log(LOG_LEVEL.ERROR, error)
      throw Error(error)
    }

    return policyObject;
  }