/
rules.ts
112 lines (104 loc) · 3.2 KB
/
rules.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import {
createDirectRelationship,
createIntegrationEntity,
Entity,
IntegrationStep,
IntegrationStepExecutionContext,
parseTimePropertyValue,
RelationshipClass,
} from '@jupiterone/integration-sdk-core';
import { createAPIClient } from '../client';
import { IntegrationConfig } from '../config';
import { accountFlagged } from '../okta/createOktaClient';
import { StepAnnouncer } from '../util/runningTimer';
import {
DATA_ACCOUNT_ENTITY,
Entities,
IngestionSources,
Relationships,
Steps,
} from './constants';
export async function fetchRules({
instance,
jobState,
logger,
}: IntegrationStepExecutionContext<IntegrationConfig>) {
let stepAnnouncer;
if (accountFlagged) {
stepAnnouncer = new StepAnnouncer(Steps.RULES, logger);
}
const apiClient = createAPIClient(instance.config, logger);
const accountEntity = (await jobState.getData(DATA_ACCOUNT_ENTITY)) as Entity;
try {
await apiClient.iterateRules(async (rule) => {
if (!rule.id) {
return;
}
const ruleEntity = await jobState.addEntity(
createIntegrationEntity({
entityData: {
source: rule,
assign: {
_key: rule.id,
_type: Entities.RULE._type,
_class: Entities.RULE._class,
id: rule.id,
name: rule.name,
ruleType: rule.type, //example: 'group_rule', 'policy_rule'
status: rule.status?.toLowerCase(), //example: 'ACTIVE' or 'INACTIVE'
created: parseTimePropertyValue(rule.created)!,
createdOn: parseTimePropertyValue(rule.created)!,
lastUpdated: parseTimePropertyValue(rule.lastUpdated)!,
lastUpdatedOn: parseTimePropertyValue(rule.lastUpdated)!,
conditions: JSON.stringify(rule.conditions),
actions: JSON.stringify(rule.actions),
},
},
}),
);
await jobState.addRelationship(
createDirectRelationship({
_class: RelationshipClass.HAS,
from: accountEntity,
to: ruleEntity,
}),
);
for (const groupId of rule.actions?.assignUserToGroups?.groupIds || []) {
if (jobState.hasKey(groupId)) {
await jobState.addRelationship(
createDirectRelationship({
_class: RelationshipClass.MANAGES,
fromType: Entities.RULE._type,
fromKey: ruleEntity._key,
toType: Entities.USER_GROUP._type,
toKey: groupId,
}),
);
} else {
logger.warn(
`Rule points to non-existent group. Expected group with key to exist (key=${groupId})`,
);
}
}
});
} catch (err) {
logger.error({ err }, 'Failed to fetch rules');
}
if (accountFlagged) {
stepAnnouncer.finish();
}
}
export const ruleSteps: IntegrationStep<IntegrationConfig>[] = [
{
id: Steps.RULES,
ingestionSourceId: IngestionSources.RULES,
name: 'Fetch Rules',
entities: [Entities.RULE],
relationships: [
Relationships.ACCOUNT_HAS_RULE,
Relationships.RULE_MANAGES_USER_GROUP,
],
dependsOn: [Steps.USERS, Steps.GROUPS],
executionHandler: fetchRules,
},
];