-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
iam.go
120 lines (104 loc) · 2.48 KB
/
iam.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package iam
import (
"github.com/liamg/iamgo"
iacTypes "github.com/aquasecurity/trivy/pkg/iac/types"
)
type IAM struct {
PasswordPolicy PasswordPolicy
Policies []Policy
Groups []Group
Users []User
Roles []Role
ServerCertificates []ServerCertificate
}
type ServerCertificate struct {
Metadata iacTypes.Metadata
Expiration iacTypes.TimeValue
}
type Policy struct {
Metadata iacTypes.Metadata
Name iacTypes.StringValue
Document Document
Builtin iacTypes.BoolValue
}
type Document struct {
Metadata iacTypes.Metadata
Parsed iamgo.Document
IsOffset bool
HasRefs bool
}
func (d Document) ToRego() interface{} {
m := d.Metadata
doc, _ := d.Parsed.MarshalJSON()
input := map[string]interface{}{
"filepath": m.Range().GetFilename(),
"startline": m.Range().GetStartLine(),
"endline": m.Range().GetEndLine(),
"managed": m.IsManaged(),
"explicit": m.IsExplicit(),
"value": string(doc),
"sourceprefix": m.Range().GetSourcePrefix(),
"fskey": iacTypes.CreateFSKey(m.Range().GetFS()),
"resource": m.Reference(),
}
if m.Parent() != nil {
input["parent"] = m.Parent().ToRego()
}
return input
}
type Group struct {
Metadata iacTypes.Metadata
Name iacTypes.StringValue
Users []User
Policies []Policy
}
type User struct {
Metadata iacTypes.Metadata
Name iacTypes.StringValue
Groups []Group
Policies []Policy
AccessKeys []AccessKey
MFADevices []MFADevice
LastAccess iacTypes.TimeValue
}
func (u *User) HasLoggedIn() bool {
return u.LastAccess.GetMetadata().IsResolvable() && !u.LastAccess.IsNever()
}
type MFADevice struct {
Metadata iacTypes.Metadata
IsVirtual iacTypes.BoolValue
}
type AccessKey struct {
Metadata iacTypes.Metadata
AccessKeyId iacTypes.StringValue
Active iacTypes.BoolValue
CreationDate iacTypes.TimeValue
LastAccess iacTypes.TimeValue
}
type Role struct {
Metadata iacTypes.Metadata
Name iacTypes.StringValue
Policies []Policy
}
func (d Document) MetadataFromIamGo(r ...iamgo.Range) iacTypes.Metadata {
m := d.Metadata
if d.HasRefs {
return m
}
newRange := m.Range()
var start int
if !d.IsOffset {
start = newRange.GetStartLine()
}
for _, rng := range r {
newRange := iacTypes.NewRange(
newRange.GetLocalFilename(),
start+rng.StartLine,
start+rng.EndLine,
newRange.GetSourcePrefix(),
newRange.GetFS(),
)
m = iacTypes.NewMetadata(newRange, m.Reference()).WithParent(m)
}
return m
}