"Fossies" - the Fresh Open Source Software Archive

Member "cli-1.1280.1/src/cli/commands/update-exclude-policy.ts" (20 Feb 2024, 2322 Bytes) of package /linux/misc/snyk-cli-1.1280.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) TypeScript source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 import { MethodArgs } from '../args';
    2 import { processCommandArgs } from './process-command-args';
    3 import * as legacyError from '../../lib/errors/legacy-errors';
    4 import * as fs from 'fs';
    5 import * as snykPolicyLib from 'snyk-policy';
    6 import { getIacOrgSettings } from './test/iac/local-execution/org-settings/get-iac-org-settings';
    7 import { UnsupportedEntitlementCommandError } from './test/iac/local-execution/assert-iac-options-flag';
    8 import config from '../../lib/config';
    9 import {
   10   parseDriftAnalysisResults,
   11   updateExcludeInPolicy,
   12 } from '../../lib/iac/drift';
   13 import { Policy } from '../../lib/policy/find-and-load-policy';
   14 import * as analytics from '../../lib/analytics';
   15 
   16 export default async (...args: MethodArgs): Promise<any> => {
   17   const { options } = processCommandArgs(...args);
   18 
   19   // Ensure that this update-exclude-policy command can only be runned when using `snyk iac update-exclude-policy`
   20   // Avoid `snyk update-exclude-policy` direct usage
   21   if (options.iac != true) {
   22     return legacyError('update-exclude-policy');
   23   }
   24 
   25   // Ensure that we are allowed to run that command
   26   // by checking the entitlement
   27   const orgPublicId = options.org ?? config.org;
   28   const iacOrgSettings = await getIacOrgSettings(orgPublicId);
   29   if (!iacOrgSettings.entitlements?.iacDrift) {
   30     throw new UnsupportedEntitlementCommandError(
   31       'update-exclude-policy',
   32       'iacDrift',
   33     );
   34   }
   35 
   36   try {
   37     // There's an open bug for this in Windows in the current version of node when called with no stdinput.
   38     // See https://github.com/nodejs/node/issues/19831
   39     // The actual error handling behavior is enough for now but may be improved if needed
   40     const analysis = parseDriftAnalysisResults(fs.readFileSync(0).toString());
   41 
   42     // Add analytics
   43     analytics.add('is-iac-drift', true);
   44 
   45     let policy: Policy;
   46     try {
   47       policy = await snykPolicyLib.load();
   48     } catch (error) {
   49       if (error.code === 'ENOENT') {
   50         // policy file does not exist - create it
   51         policy = await snykPolicyLib.create();
   52       } else {
   53         throw error;
   54       }
   55     }
   56     await updateExcludeInPolicy(policy, analysis, options);
   57     await snykPolicyLib.save(policy);
   58   } catch (e) {
   59     const err = new Error('Error running `iac update-exclude-policy` ' + e);
   60     return Promise.reject(err);
   61   }
   62 };