-
Notifications
You must be signed in to change notification settings - Fork 0
/
iam.go
115 lines (98 loc) · 3.25 KB
/
iam.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package services
import (
"fmt"
"github.com/aws/aws-sdk-go/service/iam"
)
type IamClientInterface interface {
GetAccountSummary(input *iam.GetAccountSummaryInput) (*iam.GetAccountSummaryOutput, error)
}
func NewIamChecker() Svcquota {
serviceCode := "iam"
supportedQuotas := map[string]func(ServiceChecker) (ret []AWSQuotaInfo){
"Roles per Account": ServiceChecker.getIamRolesUsage,
"Users per Account": ServiceChecker.getIamUsersUsage,
"Groups per Account": ServiceChecker.getIamGroupsUsage,
"Instance profiles per Account": ServiceChecker.getIamInstanceProfilesUsage,
"Policies per Account": ServiceChecker.getIamPoliciesUsage,
"Server Certificates per Account": ServiceChecker.getIamServerCertificatesUsage,
}
requiredPermissions := []string{"iam:GetAccountSummary"}
return NewServiceChecker(serviceCode, supportedQuotas, requiredPermissions)
}
var iamAccountQuota map[string]*int64 = map[string]*int64{}
func getIamAccountQuotas() (ret map[string]*int64, err error) {
ret = iamAccountQuota
if len(iamAccountQuota) != 0 {
return
}
result, err := conf.Iam.GetAccountSummary(nil)
if err != nil {
fmt.Printf("Unable to retrieve iam account summary, %v", err)
return
}
for quotaName, value := range result.SummaryMap {
iamAccountQuota[quotaName] = value
}
return
}
func IamSummaryToAWSQuotaInfo(summaryName string, quotaName string) (ret AWSQuotaInfo, err error) {
ret = AWSQuotaInfo{}
quotas, err := getIamAccountQuotas()
if len(quotas) == 0 || err != nil {
return ret, err
}
ret = AWSQuotaInfo{
Service: "iam",
QuotaName: quotaName,
Global: true,
}
if val, ok := quotas[summaryName+"Quota"]; ok {
ret.QuotaValue = float64(*val)
}
if val, ok := quotas[summaryName]; ok {
ret.UsageValue = float64(*val)
}
return
}
func (c ServiceChecker) getIamRolesUsage() (ret []AWSQuotaInfo) {
if quotaInfo, err := IamSummaryToAWSQuotaInfo("Roles", "Roles per Account"); err != nil {
return []AWSQuotaInfo{}
} else {
return []AWSQuotaInfo{quotaInfo}
}
}
func (c ServiceChecker) getIamUsersUsage() (ret []AWSQuotaInfo) {
if quotaInfo, err := IamSummaryToAWSQuotaInfo("Users", "Users per Account"); err != nil {
return []AWSQuotaInfo{}
} else {
return []AWSQuotaInfo{quotaInfo}
}
}
func (c ServiceChecker) getIamGroupsUsage() (ret []AWSQuotaInfo) {
if quotaInfo, err := IamSummaryToAWSQuotaInfo("Groups", "Groups per Account"); err != nil {
return []AWSQuotaInfo{}
} else {
return []AWSQuotaInfo{quotaInfo}
}
}
func (c ServiceChecker) getIamInstanceProfilesUsage() (ret []AWSQuotaInfo) {
if quotaInfo, err := IamSummaryToAWSQuotaInfo("InstanceProfiles", "Instance profiles per Account"); err != nil {
return []AWSQuotaInfo{}
} else {
return []AWSQuotaInfo{quotaInfo}
}
}
func (c ServiceChecker) getIamPoliciesUsage() (ret []AWSQuotaInfo) {
if quotaInfo, err := IamSummaryToAWSQuotaInfo("Policies", "Policies per Account"); err != nil {
return []AWSQuotaInfo{}
} else {
return []AWSQuotaInfo{quotaInfo}
}
}
func (c ServiceChecker) getIamServerCertificatesUsage() (ret []AWSQuotaInfo) {
if quotaInfo, err := IamSummaryToAWSQuotaInfo("ServerCertificates", "Server Certificates per Account"); err != nil {
return []AWSQuotaInfo{}
} else {
return []AWSQuotaInfo{quotaInfo}
}
}