ice-client
Advanced tools
Comparing version 0.6.4 to 0.6.5
41
index.js
@@ -43,8 +43,35 @@ "use strict"; | ||
exports.checkACL = function(cb) { | ||
var acl = { | ||
access: false, | ||
audit: false, | ||
} | ||
exports.CWL().filterLogEvents({limit: 1}, function(err, data) { | ||
if (!err) { | ||
acl.access = true; | ||
acl.audit = true; | ||
} | ||
switch(err && err.code) { | ||
case "UnrecognizedClientException": | ||
break; | ||
case "AccessDeniedException": | ||
acl.access = true; | ||
break; | ||
} | ||
cb(acl); | ||
}) | ||
} | ||
exports.KMS = function () { | ||
var c = {}; | ||
var context = exports.Config.context; | ||
var c = {}; | ||
var parts = context.split("="); | ||
if (parts.length === 2) { | ||
c[parts[0]] = parts[1]; | ||
if (context) { | ||
var parts = context.split("="); | ||
if (parts.length === 2) { | ||
c[parts[0]] = parts[1]; | ||
} | ||
} | ||
@@ -62,2 +89,4 @@ | ||
exports.CWL = function () { | ||
var key = exports.Config.key || "/undefined"; | ||
return new AWS.CloudWatchLogs({ | ||
@@ -69,5 +98,5 @@ accessKeyId: exports.Config.accessKeyId, | ||
params: { | ||
filterPattern: '"' + exports.Config.context.split("=")[1] + '"', | ||
filterPattern: '"' + exports.Config.context + '"', | ||
interleaved: true, | ||
logGroupName: exports.Config.key.split("/")[1], | ||
logGroupName: key.split("/")[1], | ||
} | ||
@@ -74,0 +103,0 @@ }) |
{ | ||
"name": "ice-client", | ||
"version": "0.6.4", | ||
"version": "0.6.5", | ||
"description": "Encrypt sensitive data at rest", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -78,2 +78,40 @@ "use strict"; | ||
describe("ACL", function() { | ||
it("should report no access on bad config", function(done) { | ||
ICE.configure(process.env["ICE_AWS_ACCESS_KEY_ID"], "bad", undefined, undefined, undefined) | ||
ICE.checkACL(function(acl) { | ||
assert.deepEqual({ | ||
access: false, | ||
audit: false, | ||
}, | ||
acl); | ||
done(); | ||
}); | ||
}) | ||
it("should report access on good access key but bad kms key", function(done) { | ||
ICE.configure(process.env["ICE_AWS_ACCESS_KEY_ID"], process.env["ICE_AWS_SECRET_ACCESS_KEY"], undefined, "arn:aws:kms:us-east-1:178540880712:key/e7eb068d-9b14-4b77-97c5-8cb38e71e210-BAD", undefined) | ||
ICE.checkACL(function(acl) { | ||
assert.deepEqual({ | ||
access: true, | ||
audit: false, | ||
}, | ||
acl); | ||
done(); | ||
}); | ||
}) | ||
it("should report audit access on good access key and kms key", function(done) { | ||
ICE.configureFromEnv() | ||
ICE.checkACL(function(acl) { | ||
assert.deepEqual({ | ||
access: true, | ||
audit: true, | ||
}, | ||
acl); | ||
done(); | ||
}) | ||
}) | ||
}) | ||
describe("Encrypt/Decrypt", function() { | ||
@@ -124,3 +162,3 @@ it("should encrypt an plaintext string", function(done) { | ||
assert.equal(logs[0].key, "arn:aws:kms:us-east-1:178540880712:key/e7eb068d-9b14-4b77-97c5-8cb38e71e210") | ||
assert.equal(logs[0].Contexts[0], "c=cyber-chip-2533") | ||
assert.equal(logs[0].contexts[0], "c=cyber-chip-2533") | ||
@@ -127,0 +165,0 @@ done(); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
12536
283
16