feat: add aditional note about X-Ray configuration when generated pol…

…icy is empty

src/lib/xray-trace-fetcher.ts

@@ -221,7 +221,12 @@ export function createIAMPolicyDoc(map: ResourceActionMap, functionArn: string)
       Resource: val.resources,
     };
     doc.Statement!.push(stm);  
-  }  
+  }
+  if(_.isEmpty(doc.Statement)) {
+    //append more details in the description
+    // tslint:disable-next-line:max-line-length
+    doc.Description += ". Note: No access to AWS resources were found for this function. It may be that X-Ray wasn't configured correctly. See: https://github.com/functionalone/aws-least-privilege#x-ray-setup on how to setup X-Ray.";
+  }
   return doc;
 }
 

src/test/xray-trace-fetcher.test.ts

@@ -85,10 +85,13 @@ describe('xray fetch tests', function() {
 
   it('createIAMPolicyDoc creates proper policy action', function() {
     const map = new ResourceActionMap();
+    //empty should add a "Note" to the description
+    let doc = createIAMPolicyDoc(map, "arn:aws:lambda:us-east-1:11223344:function:test");
+    assert.isTrue(doc.Description!.indexOf("Note: ") > 0);
     map.set("arn:aws:s3:::test-bucket/*", new Set(['PutObjectTagging', 'GetObject', 'DeleteObject', 'PutObject']));
     map.set("arn:aws:s3:::test-again/*", new Set(['PutObjectTagging', 'GetObject', 'DeleteObject', 'PutObject']));
     map.set("arn:aws:dynamodb:us-east-1:*:table/test-it", new Set(['DeleteItem', 'PutItem', 'Scan', 'GetItem']));
-    const doc = createIAMPolicyDoc(map, "arn:aws:lambda:us-east-1:11223344:function:test");
+    doc = createIAMPolicyDoc(map, "arn:aws:lambda:us-east-1:11223344:function:test");
     assert.isNotEmpty(doc.Statement);
     assert.equal(doc.Statement!.length, 2);
     assert.isNotEmpty(doc.Statement![0].Action);