feat: implement the account ID masking function

ShahradR · ShahradR · commit 70fdf90ea117 · 2020-09-27T07:54:43.000-04:00
Implement the maskAccountId function, which is responsible for replacing instances of the AWS account ID found in the taskcat_output logs with "***", masking them before publishing the artifacts. This commit also introduces unit tests covering the new function. Associated issue: #2
diff --git a/__tests__/post-entrypoint.test.ts b/__tests__/post-entrypoint.test.ts
@@ -0,0 +1,73 @@
+import { TaskcatArtifactManager } from "../src/post-entrypoint";
+import { readFileSync, writeFileSync } from "fs";
+import { sync } from "glob";
+
+jest.mock("fs");
+jest.mock("glob");
+
+describe("the maskAccountId() function", () => {
+  const taskcatArtifactManager: TaskcatArtifactManager = new TaskcatArtifactManager();
+
+  const mockedReadFileSync = (readFileSync as unknown) as jest.MockedFunction<
+    typeof readFileSync
+  >;
+  const mockedWriteFileSync = (writeFileSync as unknown) as jest.MockedFunction<
+    typeof writeFileSync
+  >;
+  const mockedGlobSync = (sync as unknown) as jest.MockedFunction<typeof sync>;
+
+  it("should not modify the `tasckat_output/` files if the AWS account ID has not been printed in the logs", () => {
+    expect.assertions(1);
+    jest.clearAllMocks();
+
+    const filePath = "taskcat_outputs/";
+    const fileContents = "abcd1234";
+    const awsAccountId = "1234567890";
+
+    mockedGlobSync.mockReturnValue(["taskcat_outputs/test.txt"]);
+    mockedReadFileSync.mockReturnValue(fileContents);
+
+    taskcatArtifactManager.maskAccountId(awsAccountId, filePath);
+
+    expect(mockedWriteFileSync).not.toHaveBeenCalled();
+  });
+
+  it("should throw an exception if the AWS account ID has been passed as an empty string", () => {
+    expect.assertions(2);
+    jest.clearAllMocks();
+
+    const filePath = "taskcat_outputs/test.txt";
+    const awsAccountId = "";
+
+    expect(() => {
+      taskcatArtifactManager.maskAccountId(awsAccountId, filePath);
+    }).toThrow(Error);
+
+    expect(mockedWriteFileSync).not.toHaveBeenCalled();
+  });
+
+  it("should mask the AWS account ID from the `taskcat_outputs/` files if any references are found in the logs", () => {
+    expect.assertions(1);
+    jest.clearAllMocks();
+
+    const filePath = "taskcat_outputs/test.txt";
+    const fileContents = "abcd1234 1234567890";
+    const awsAccountId = "1234567890";
+
+    mockedGlobSync.mockReturnValue(["taskcat_outputs/test.txt"]);
+    mockedReadFileSync.mockImplementation(path => {
+      switch (path) {
+        case filePath:
+          return fileContents;
+      }
+    });
+
+    taskcatArtifactManager.maskAccountId(awsAccountId, "taskcat_outputs/");
+
+    expect(mockedWriteFileSync).toHaveBeenCalledWith(
+      filePath,
+      "abcd1234 ***",
+      "utf-8"
+    );
+  });
+});
diff --git a/src/post-entrypoint.ts b/src/post-entrypoint.ts
@@ -0,0 +1,30 @@
+import { ReplaceInFileConfig, sync } from "replace-in-file";
+
+/**
+ * Manages the artifacts generated by the taskcat GitHub Action.
+ */
+class TaskcatArtifactManager {
+  /**
+   * Masks the AWS account ID from the taskcat_output logs.
+   *
+   * @throws {@link Error} Thrown if the AWS account ID is an empty string.
+   *
+   * @param awsAccountId - the AWS account ID to mask in the logs.
+   * @param filePath - the file path to the `taskcat_outputs` directory.
+   */
+  public maskAccountId(awsAccountId: string, filePath: string): void {
+    if (awsAccountId === "") {
+      throw new Error();
+    }
+
+    const replaceOptions: ReplaceInFileConfig = {
+      files: filePath,
+      from: awsAccountId,
+      to: "***"
+    };
+
+    sync(replaceOptions);
+  }
+}
+
+export { TaskcatArtifactManager };
