/
iam_oidc.go
89 lines (69 loc) · 2.88 KB
/
iam_oidc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package aws
import (
"github.com/Qovery/pleco/pkg/common"
"github.com/aws/aws-sdk-go/service/iam"
log "github.com/sirupsen/logrus"
)
type OpenIDConnectProvider struct {
common.CloudProviderResource
OpenIDConnectProviderName string
}
func getOpenIDConnectProviders(iamSession *iam.IAM, tagName string) []OpenIDConnectProvider {
var openIDConnectProviders []OpenIDConnectProvider
result, err := iamSession.ListOpenIDConnectProviders(&iam.ListOpenIDConnectProvidersInput{})
if err != nil {
log.Error(err)
}
for _, openIDConnectProvider := range result.OpenIDConnectProviderList {
tagsResult, tagsErr := iamSession.ListOpenIDConnectProviderTags(&iam.ListOpenIDConnectProviderTagsInput{
OpenIDConnectProviderArn: openIDConnectProvider.Arn,
})
if tagsErr != nil {
log.Error(tagsErr)
continue
}
essentialTags := common.GetEssentialTags(tagsResult.Tags, tagName)
openIDConnectProviders = append(openIDConnectProviders, OpenIDConnectProvider{
CloudProviderResource: common.CloudProviderResource{
Identifier: *openIDConnectProvider.Arn,
Description: "IAM OpenId Connect Provider: " + openIDConnectProvider.String(),
CreationDate: essentialTags.CreationDate.UTC(),
TTL: essentialTags.TTL,
Tag: essentialTags.Tag,
IsProtected: essentialTags.IsProtected,
},
OpenIDConnectProviderName: openIDConnectProvider.String(),
})
}
return openIDConnectProviders
}
func getExpiredOpenIDConnectProviders(iamSession *iam.IAM, options *AwsOptions) []OpenIDConnectProvider {
openIDConnectProviders := getOpenIDConnectProviders(iamSession, options.TagName)
var expiredOpenIDConnectProviders []OpenIDConnectProvider
for _, openIDConnectProvider := range openIDConnectProviders {
if openIDConnectProvider.IsResourceExpired(options.TagValue, options.DisableTTLCheck) {
expiredOpenIDConnectProviders = append(expiredOpenIDConnectProviders, openIDConnectProvider)
}
}
return expiredOpenIDConnectProviders
}
func DeleteExpiredOpenIDConnectProviders(sessions *AWSSessions, options *AwsOptions) {
expiredOpenIDConnectProviders := getExpiredOpenIDConnectProviders(sessions.IAM, options)
count, start := common.ElemToDeleteFormattedInfos("expired OpenId Connect provider", len(expiredOpenIDConnectProviders), "Global")
log.Info(count)
if options.DryRun || len(expiredOpenIDConnectProviders) == 0 {
return
}
log.Info(start)
for _, expiredOpenIDConnectProvider := range expiredOpenIDConnectProviders {
_, err := sessions.IAM.DeleteOpenIDConnectProvider(
&iam.DeleteOpenIDConnectProviderInput{
OpenIDConnectProviderArn: &expiredOpenIDConnectProvider.Identifier,
})
if err != nil {
log.Errorf("Can't delete OpenId Connect provider %s : %s", expiredOpenIDConnectProvider.OpenIDConnectProviderName, err.Error())
} else {
log.Debugf("OpenId Connect provider %s deleted.", expiredOpenIDConnectProvider.OpenIDConnectProviderName)
}
}
}