forked from opensearch-project/security
-
Notifications
You must be signed in to change notification settings - Fork 0
/
check-permissions-order.js
86 lines (74 loc) · 2.81 KB
/
check-permissions-order.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
const fs = require('fs')
const yaml = require('yaml')
function checkPermissionsOrder(file, fix = false) {
const contents = fs.readFileSync(file, 'utf8')
const doc = yaml.parseDocument(contents, { keepCstNodes: true })
const roles = doc.contents.items
let requiresChanges = false
roles.forEach(role => {
const itemsFromRole = role?.value?.items;
const clusterPermissions = itemsFromRole?.filter(item => item.key && item.key.value === 'cluster_permissions');
requiresChanges |= checkPermissionsOrdering(clusterPermissions);
const indexPermissionsArray = itemsFromRole?.filter(item => item.key && item.key.value === 'index_permissions');
const indexPermissionObj = indexPermissionsArray?.[0]?.value;
const indexPermissionItems = indexPermissionObj?.items[0]?.items;
const allowedIndexActions = indexPermissionItems?.filter(item => item.key && item.key.value === 'allowed_actions');
requiresChanges |= checkPermissionsOrdering(allowedIndexActions);
})
if (fix && requiresChanges) {
const newContents = doc.toString()
fs.writeFileSync(file, newContents, 'utf8')
}
return requiresChanges
}
/*
Checks the permissions ordering
returns false if they are already stored
returns true if the permissions were not sored, note the permissions object are sorted as a side effect of this function
*/
function checkPermissionsOrdering(permissions) {
let requiresChanges = false;
if (!permissions) {
return requiresChanges;
}
permissions.forEach(permission => {
const items = permission.value.items;
const originalItems = JSON.stringify(items);
items.sort();
const sortedItems = JSON.stringify(items);
// If the original items and sorted items are not the same, then changes are required
if (originalItems !== sortedItems) {
requiresChanges = true;
}
});
return requiresChanges;
}
// Example usage
const args = process.argv.slice(2)
if (args.length === 0) {
console.error('Usage: node check-permissions-order.js <file> [--fix] [--silent]')
process.exit(1)
}
const filePath = args[0]
const fix = args.includes('--fix')
const slient = args.includes('--slient')
if (checkPermissionsOrder(filePath, fix)) {
if (fix) {
if (!slient) { console.log(`${filePath} has been updated.`) }
} else {
if (!slient) { console.error(`Error: ${filePath} requires changes.`) }
process.exit(1)
}
} else {
if (!slient) { console.log(`${filePath} is up-to-date.`) }
}