refactor out shared piece

Author: Hweinstock

src/ecs/util.ts

@@ -18,6 +18,7 @@ import { TaskDefinition } from 'aws-sdk/clients/ecs'
 import { getLogger } from '../shared/logger'
 import { SSM } from 'aws-sdk'
 import { fromExtensionManifest } from '../shared/settings'
+import { getDeniedSsmActions } from '../shared/remoteSession'
 
 interface EcsTaskIdentifer {
     readonly task: string
@@ -41,15 +42,7 @@ export async function checkPermissionsForSsm(
         })
     }
 
-    const deniedActions = await client.getDeniedActions({
-        PolicySourceArn: task.taskRoleArn,
-        ActionNames: [
-            'ssmmessages:CreateControlChannel',
-            'ssmmessages:CreateDataChannel',
-            'ssmmessages:OpenControlChannel',
-            'ssmmessages:OpenDataChannel',
-        ],
-    })
+    const deniedActions = await getDeniedSsmActions(client, task.taskRoleArn)
 
     if (deniedActions.length !== 0) {
         const message = localize(

src/shared/remoteSession.ts

@@ -19,6 +19,8 @@ import { SystemUtilities } from './systemUtilities'
 import { getOrInstallCli } from './utilities/cliUtils'
 import { pushIf } from './utilities/collectionUtils'
 import { ChildProcess } from './utilities/childProcess'
+import { IamClient } from './clients/iamClient'
+import { IAM } from 'aws-sdk'
 
 export interface MissingTool {
     readonly name: 'code' | 'ssm' | 'ssh'
@@ -167,3 +169,17 @@ export async function handleMissingTool(tools: Err<MissingTool[]>) {
         })
     )
 }
+
+export async function getDeniedSsmActions(client: IamClient, roleArn: string): Promise<IAM.EvaluationResult[]> {
+    const deniedActions = await client.getDeniedActions({
+        PolicySourceArn: roleArn,
+        ActionNames: [
+            'ssmmessages:CreateControlChannel',
+            'ssmmessages:CreateDataChannel',
+            'ssmmessages:OpenControlChannel',
+            'ssmmessages:OpenDataChannel',
+        ],
+    })
+
+    return deniedActions
+}