forked from wallix/awless
/
iam_helper.go
77 lines (70 loc) · 2.52 KB
/
iam_helper.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package awsfetch
import (
"context"
"fmt"
awssdk "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/iam/iamiface"
"github.com/wallix/awless/fetch"
)
type AccountAuthorizationDetails struct {
Groups []*iam.GroupDetail
Policies []*iam.ManagedPolicyDetail
Roles []*iam.RoleDetail
Users []*iam.UserDetail
}
func getAccountAuthorizationDetails(ctx context.Context, cache fetch.Cache, api iamiface.IAMAPI) (*AccountAuthorizationDetails, error) {
var entities []*string
var cacheKey string
resourceType, ok := fetch.IsFetchingByType(ctx)
if ok {
switch resourceType {
case "user":
cacheKey = "usersDetails"
entities = append(entities, awssdk.String(iam.EntityTypeUser))
case "group":
cacheKey = "groupsDetails"
entities = append(entities, awssdk.String(iam.EntityTypeGroup))
case "role":
cacheKey = "rolesDetails"
entities = append(entities, awssdk.String(iam.EntityTypeRole))
case "policy":
cacheKey = "policiesDetails"
entities = append(entities, awssdk.String(iam.EntityTypeLocalManagedPolicy), awssdk.String(iam.EntityTypeAwsmanagedPolicy))
}
} else {
cacheKey = "accountDetails"
entities = append(entities, awssdk.String(iam.EntityTypeUser), awssdk.String(iam.EntityTypeGroup), awssdk.String(iam.EntityTypeRole))
entities = append(entities, awssdk.String(iam.EntityTypeLocalManagedPolicy), awssdk.String(iam.EntityTypeAwsmanagedPolicy))
}
if val, err := cache.Get(cacheKey, func() (interface{}, error) {
return fetchAccountAuthorizationDetails(entities, api)
}); err != nil {
return nil, err
} else if v, ok := val.(*AccountAuthorizationDetails); ok {
return v, nil
} else {
return nil, fmt.Errorf("cannot get account details (val of type %T)", val)
}
}
func fetchAccountAuthorizationDetails(entities []*string, api iamiface.IAMAPI) (*AccountAuthorizationDetails, error) {
details := new(AccountAuthorizationDetails)
err := api.GetAccountAuthorizationDetailsPages(&iam.GetAccountAuthorizationDetailsInput{
Filter: entities,
}, func(out *iam.GetAccountAuthorizationDetailsOutput, lastPage bool) (shouldContinue bool) {
for _, u := range out.UserDetailList {
details.Users = append(details.Users, u)
}
for _, g := range out.GroupDetailList {
details.Groups = append(details.Groups, g)
}
for _, r := range out.RoleDetailList {
details.Roles = append(details.Roles, r)
}
for _, p := range out.Policies {
details.Policies = append(details.Policies, p)
}
return out.Marker != nil
})
return details, err
}