in packages/core/src/awsService/accessanalyzer/vue/iamPolicyChecks.ts [432:530]
public async checkAccessNotGranted(
documentType: PolicyChecksDocumentType,
actions: string,
resources: string,
cfnParameterPath?: string
) {
const document = IamPolicyChecksWebview.editedDocumentFileName
customPolicyCheckDiagnosticCollection.clear()
if (actions !== '') {
// Remove spaces, line breaks, carriage returns, and tabs
actions = actions.replace(/\s*|\t|\r|\n/gm, '')
}
if (resources !== '') {
// Remove spaces, line breaks, carriage returns, and tabs
resources = resources.replace(/\s*|\t|\r|\n/gm, '')
}
if (!(actions || resources)) {
this.onCustomPolicyCheckResponse.fire([
IamPolicyChecksConstants.MissingActionsOrResourcesError,
getResultCssColor('Error'),
])
return
}
switch (documentType) {
case 'Terraform Plan': {
if (isTerraformPlan(document)) {
const command = 'tf-policy-validator'
const args = [
'check-access-not-granted',
'--template-path',
`${document}`,
'--region',
`${this.region}`,
'--config',
`${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`,
'--profile',
`${getProfileName()}`,
]
if (actions !== '') {
args.push('--actions', `${actions}`)
}
if (resources !== '') {
args.push('--resources', `${resources}`)
}
await this.executeCustomPolicyChecksCommand({
command,
args,
cfnParameterPathExists: !!cfnParameterPath,
documentType,
checkType: 'CheckAccessNotGranted',
})
return
} else {
this.onCustomPolicyCheckResponse.fire([
IamPolicyChecksConstants.IncorrectFileExtension,
getResultCssColor('Error'),
])
return
}
}
case 'CloudFormation': {
if (isCloudFormationTemplate(document)) {
const command = 'cfn-policy-validator'
const args = [
'check-access-not-granted',
'--template-path',
`${document}`,
'--region',
`${this.region}`,
'--profile',
`${getProfileName()}`,
]
if (actions !== '') {
args.push('--actions', `${actions}`)
}
if (resources !== '') {
args.push('--resources', `${resources}`)
}
if (cfnParameterPath !== '') {
args.push('--template-configuration-file', `${cfnParameterPath}`)
}
await this.executeCustomPolicyChecksCommand({
command,
args,
cfnParameterPathExists: !!cfnParameterPath,
documentType,
checkType: 'CheckAccessNotGranted',
})
return
} else {
this.onCustomPolicyCheckResponse.fire([
IamPolicyChecksConstants.IncorrectFileExtension,
getResultCssColor('Error'),
])
return
}
}
}
}