-
Notifications
You must be signed in to change notification settings - Fork 0
/
service.go
185 lines (149 loc) · 5.83 KB
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
package internal
import (
"fmt"
"strings"
"time"
"github.com/slack-go/slack"
"github.com/sirupsen/logrus"
"github.com/perkbox/cloud-access-bot/internal/utils"
)
type Cloud interface {
ResourceFinder(service string, accountName string) ([]string, bool)
ValidateResourcesFormat(resources []string) []string
}
type Messenger interface {
PostSimpleMessage(channelId string, msgText string, requestId string) error
PostBlockMessage(channelId string, msgContents []slack.Block, requestId string) (string, string, error)
GetUserIdsFromGroup(groups []string) ([]string, error)
UpdateMessageFromMessageObj(requestId string, approvalMsgObj []ApprovalMsgObj, msgContents []slack.Block) error
GenerateModal(modalType string, Accounts, LoginRoles []string, hasResourceFinder bool, privateMetadata string, selectedService string) (slack.ModalViewRequest, error)
}
type Repo interface {
QueryAuditObjs(UserID string) ([]AuditObject, error)
GetAuditObj(UserID, RequestId string) (AuditObject, error)
SetAuditObj(requestObj AuditObject) error
UpdateApprovingUser(UserID, RequestId, approvingUser string) error
}
type IdentityData interface {
GetResourceTmplDetails(service string) (string, string)
GetActionsForService(serviceName string) map[string]string
FindActionsById(ids []string) []string
GetIamServices() []string
}
type CloudIdentityManager interface {
IsPolicyExpired(policy string) (bool, error)
GeneratePolicyFromAuditObj(curTime time.Time, object AuditObject, tmpls, tmplFieldNmaes map[string]string) ([]byte, error)
GetCloudUserId(accountName string, roleName string) (string, error)
PutPolicy(accountName, roleName, policyName, policy string) error
FindPolicysForRole(accountName, roleName string) (map[string]string, error)
DeletePolicys(accountName, roleName string, policysNames []string) error
}
type Service struct {
Cloud Cloud
Messenger Messenger
Repo Repo
CloudIdentityManager CloudIdentityManager
IdentityData IdentityData
}
func NewService(cloud Cloud, repo Repo, cim CloudIdentityManager, identitydata IdentityData, messenger Messenger) *Service {
return &Service{
cloud,
messenger,
repo,
cim,
identitydata,
}
}
// GetServicesWithFilter Gets Services with a filter and returns them as a list. Will return an empty []string if nothing is found.
func (s *Service) GetServicesWithFilter(filter string) []string {
services := []string{}
servicesList := s.IdentityData.GetIamServices()
for _, ser := range servicesList {
if strings.Contains(ser, filter) {
services = append(services, ser)
}
}
return services
}
// GetActionsWithFilter Gets Actions for a selected service with a filter. Returns a map[string]string the key is the service name while the value
// is a unique id for each action. Will return an empty map[string]string if there is nothing found.
func (s *Service) GetActionsWithFilter(service string, filter string) map[string]string {
actions := make(map[string]string)
actionsMap := s.IdentityData.GetActionsForService(service)
for k, v := range actionsMap {
if strings.Contains(strings.ToLower(k), strings.ToLower(filter)) {
actions[k] = v
}
}
return actions
}
// GetAuditObj Gets the Audit & Message data in the repository based on the inputted UserId and RequestId
func (s *Service) GetAuditObj(UserId, RequestID string) (AuditObject, error) {
return s.Repo.GetAuditObj(UserId, RequestID)
}
// SetAuditObj Sets the Audit & Message data in the repository
func (s *Service) SetAuditObj(object AuditObject) error {
return s.Repo.SetAuditObj(object)
}
func (s *Service) GetCloudUserId(accountName string, roleName string) (string, error) {
return s.CloudIdentityManager.GetCloudUserId(accountName, roleName)
}
// GetCloudResourcesForService Overwrite account used by client in the individuals clients to keep the functions
// ordered and as simple as possible in the service interface
func (s *Service) GetCloudResourcesForService(filter, service, accountname string) (map[string]string, bool) {
resources, hasFinder := s.Cloud.ResourceFinder(service, accountname)
resourcesNoDups := utils.RemoveDuplicateStr(resources)
hashMap := make(map[string]string)
for _, table := range resourcesNoDups {
if strings.Contains(strings.ToLower(table), strings.ToLower(filter)) {
hashMap[table] = utils.HashString(table, 6)
}
}
return hashMap, hasFinder
}
func (s *Service) FindSelectedCloudResoucesNames(service, accountname string, selected []string) []string {
var resoruceNames []string
resources, _ := s.GetCloudResourcesForService("", service, accountname)
for _, selRes := range selected {
for resource, hash := range resources {
if hash == selRes {
resoruceNames = append(resoruceNames, resource)
}
}
}
return resoruceNames
}
func (s *Service) FindExpiredPermissions(accountName, role string, delete bool) {
var expiredPols []string
forRole, err := s.CloudIdentityManager.FindPolicysForRole(accountName, role)
if err != nil {
fmt.Println(err.Error())
}
for name, pol := range forRole {
isExpired, err := s.CloudIdentityManager.IsPolicyExpired(pol)
if err != nil {
fmt.Println(err.Error())
}
if isExpired {
expiredPols = append(expiredPols, name)
}
}
if delete {
err = s.CloudIdentityManager.DeletePolicys(accountName, role, expiredPols)
if err != nil {
logrus.Errorf("Error Deleting Policy Err: %s", err.Error())
}
}
}
func (s *Service) GeneratePolicyFromAuditObj(object AuditObject) ([]byte, error) {
arnTemplates := make(map[string]string)
arnTmplFieldNames := make(map[string]string)
for _, service := range object.Services {
tmpl, tmplfield := s.IdentityData.GetResourceTmplDetails(service)
if tmpl != "" && tmplfield != "" {
arnTemplates[service] = tmpl
arnTmplFieldNames[service] = tmplfield
}
}
return s.CloudIdentityManager.GeneratePolicyFromAuditObj(object.RequestTime, object, arnTemplates, arnTmplFieldNames)
}