/
kms.go
86 lines (67 loc) · 1.78 KB
/
kms.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package resources
import (
"strings"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/fatih/structs"
)
var (
KMSService = Service{
Name: "kms",
Reports: map[string]Report{
"keys": KMSListKeys,
"aliases": KMSListAliases,
},
}
)
func KMSListKeys(session *Session) *ReportResult {
client := kms.New(session.Session, session.Config)
result := &ReportResult{}
result.Error = client.ListKeysPages(&kms.ListKeysInput{},
func(page *kms.ListKeysOutput, lastPage bool) bool {
for _, key := range page.Keys {
resource, err := NewResource(*key.KeyArn, key)
if err != nil {
result.Error = err
return false
}
describeResult, err := client.DescribeKey(&kms.DescribeKeyInput{KeyId: key.KeyId})
if err != nil {
result.Error = err
return false
}
metadata := describeResult.KeyMetadata
// Ignore default KMS keys
if *metadata.KeyManager == kms.KeyManagerTypeAws {
continue
}
// ignore deleted keys
if *metadata.KeyState == kms.KeyStatePendingDeletion {
continue
}
resource.Metadata = structs.Map(metadata)
result.Resources = append(result.Resources, *resource)
}
return true
})
return result
}
func KMSListAliases(session *Session) *ReportResult {
client := kms.New(session.Session, session.Config)
result := &ReportResult{}
result.Error = client.ListAliasesPages(&kms.ListAliasesInput{},
func(page *kms.ListAliasesOutput, lastPage bool) bool {
for _, alias := range page.Aliases {
if strings.HasPrefix(*alias.AliasName, "alias/aws/") {
continue
}
resource, err := NewResource(*alias.AliasArn, alias)
if err != nil {
result.Error = err
return false
}
result.Resources = append(result.Resources, *resource)
}
return true
})
return result
}