This repository has been archived by the owner on Aug 16, 2022. It is now read-only.
/
groups.go
105 lines (101 loc) · 3.78 KB
/
groups.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package iam
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/iam"
"github.com/aws/aws-sdk-go-v2/service/iam/types"
"github.com/cloudquery/cq-provider-aws/client"
"github.com/cloudquery/cq-provider-sdk/provider/diag"
"github.com/cloudquery/cq-provider-sdk/provider/schema"
)
func IamGroups() *schema.Table {
return &schema.Table{
Name: "aws_iam_groups",
Description: "Contains information about an IAM group entity.",
Resolver: fetchIamGroups,
Multiplex: client.AccountMultiplex,
IgnoreError: client.IgnoreCommonErrors,
DeleteFilter: client.DeleteAccountFilter,
Options: schema.TableCreationOptions{PrimaryKeys: []string{"account_id", "id"}},
IgnoreInTests: true,
Columns: []schema.Column{
{
Name: "account_id",
Description: "The AWS Account ID of the resource.",
Type: schema.TypeString,
Resolver: client.ResolveAWSAccount,
},
{
Name: "policies",
Description: "List of policies attached to group.",
Type: schema.TypeJSON,
Resolver: resolveIamGroupPolicies,
},
{
Name: "arn",
Description: "The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide.",
Type: schema.TypeString,
},
{
Name: "create_date",
Description: "The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the group was created.",
Type: schema.TypeTimestamp,
},
{
Name: "id",
Description: "The stable and unique string identifying the group. For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide.",
Type: schema.TypeString,
Resolver: schema.PathResolver("GroupId"),
},
{
Name: "name",
Description: "The friendly name that identifies the group.",
Type: schema.TypeString,
Resolver: schema.PathResolver("GroupName"),
},
{
Name: "path",
Description: "The path to the group. For more information about paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide.",
Type: schema.TypeString,
},
},
Relations: []*schema.Table{
IamGroupPolicies(),
},
}
}
// ====================================================================================================================
// Table Resolver Functions
// ====================================================================================================================
func fetchIamGroups(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error {
var config iam.ListGroupsInput
svc := meta.(*client.Client).Services().IAM
for {
response, err := svc.ListGroups(ctx, &config)
if err != nil {
return diag.WrapError(err)
}
res <- response.Groups
if aws.ToString(response.Marker) == "" {
break
}
config.Marker = response.Marker
}
return nil
}
func resolveIamGroupPolicies(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error {
r := resource.Item.(types.Group)
svc := meta.(*client.Client).Services().IAM
config := iam.ListAttachedGroupPoliciesInput{
GroupName: r.GroupName,
}
response, err := svc.ListAttachedGroupPolicies(ctx, &config)
if err != nil {
return diag.WrapError(err)
}
policyMap := map[string]*string{}
for _, p := range response.AttachedPolicies {
policyMap[*p.PolicyArn] = p.PolicyName
}
return diag.WrapError(resource.Set(c.Name, policyMap))
}