public async checkNoNewAccess()

in packages/core/src/awsService/accessanalyzer/vue/iamPolicyChecks.ts [335:430]

• 94 lines of code
• 7 McCabe index (conditional complexity)

    public async checkNoNewAccess(
        documentType: PolicyChecksDocumentType,
        policyType: PolicyChecksPolicyType,
        referenceDocument: string,
        cfnParameterPath?: string
    ) {
        const tempFolder = await makeTemporaryToolkitFolder()
        const tempFilePath = path.join(tempFolder, 'policyChecksDocument')

        const document = IamPolicyChecksWebview.editedDocumentFileName
        customPolicyCheckDiagnosticCollection.clear()
        if (referenceDocument !== '') {
            fs.writeFileSync(tempFilePath, referenceDocument)
        } else {
            this.onCustomPolicyCheckResponse.fire([
                IamPolicyChecksConstants.MissingReferenceDocError,
                getResultCssColor('Error'),
            ])
            return
        }

        switch (documentType) {
            case 'Terraform Plan': {
                if (isTerraformPlan(document)) {
                    const command = 'tf-policy-validator'
                    const args = [
                        'check-no-new-access',
                        '--template-path',
                        `${document}`,
                        '--region',
                        `${this.region}`,
                        '--config',
                        `${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`,
                        '--reference-policy',
                        `${tempFilePath}`,
                        '--reference-policy-type',
                        `${policyType}`,
                        '--profile',
                        `${getProfileName()}`,
                    ]
                    await this.executeCustomPolicyChecksCommand({
                        command,
                        args,
                        cfnParameterPathExists: !!cfnParameterPath,
                        documentType,
                        checkType: 'CheckNoNewAccess',
                        referencePolicyType: policyType,
                    })
                    return
                } else {
                    this.onCustomPolicyCheckResponse.fire([
                        IamPolicyChecksConstants.IncorrectFileExtension,
                        getResultCssColor('Error'),
                    ])
                    return
                }
            }
            case 'CloudFormation': {
                if (isCloudFormationTemplate(document)) {
                    const command = 'cfn-policy-validator'
                    const args = [
                        'check-no-new-access',
                        '--template-path',
                        `${document}`,
                        '--region',
                        `${this.region}`,
                        '--reference-policy',
                        `${tempFilePath}`,
                        '--reference-policy-type',
                        `${policyType}`,
                        '--profile',
                        `${getProfileName()}`,
                    ]
                    if (cfnParameterPath !== '') {
                        args.push('--template-configuration-file', `${cfnParameterPath}`)
                    }
                    await this.executeCustomPolicyChecksCommand({
                        command,
                        args,
                        cfnParameterPathExists: !!cfnParameterPath,
                        documentType,
                        checkType: 'CheckNoNewAccess',
                        referencePolicyType: policyType,
                    })
                    return
                } else {
                    this.onCustomPolicyCheckResponse.fire([
                        IamPolicyChecksConstants.IncorrectFileExtension,
                        getResultCssColor('Error'),
                    ])
                    return
                }
            }
        }
        await tryRemoveFolder(tempFolder)
    }