-
Notifications
You must be signed in to change notification settings - Fork 0
/
table_ibm_iam_user_policy.go
89 lines (75 loc) · 3.82 KB
/
table_ibm_iam_user_policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package ibm
import (
"context"
"github.com/IBM-Cloud/bluemix-go/api/usermanagement/usermanagementv2"
"github.com/IBM/go-sdk-core/v4/core"
"github.com/IBM/platform-services-go-sdk/iampolicymanagementv1"
"github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto"
"github.com/turbot/steampipe-plugin-sdk/v5/plugin"
"github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform"
)
//// TABLE DEFINITION
func tableIbmIamUserPolicy(ctx context.Context) *plugin.Table {
return &plugin.Table{
Name: "ibm_iam_user_policy",
Description: "User access policies in the IBM Cloud account.",
List: &plugin.ListConfig{
Hydrate: listUserPolicy,
ParentHydrate: listIamUser,
},
Columns: []*plugin.Column{
{Name: "id", Type: proto.ColumnType_STRING, Description: "The ID of the IAM user policy."},
{Name: "iam_id", Type: proto.ColumnType_STRING, Description: "An alphanumeric value identifying the user's IAM ID."},
{Name: "type", Type: proto.ColumnType_STRING, Description: "The policy type."},
{Name: "created_at", Type: proto.ColumnType_TIMESTAMP, Description: "The time when the policy was created.", Transform: transform.FromField("CreatedAt").Transform(ensureTimestamp)},
{Name: "description", Type: proto.ColumnType_STRING, Description: "The description of the IAM access group."},
{Name: "created_by_id", Type: proto.ColumnType_STRING, Description: "The iam ID of the entity that created the policy.", Transform: transform.FromField("CreatedByID")},
{Name: "href", Type: proto.ColumnType_STRING, Description: "The href link back to the policy.", Transform: transform.FromField("Href")},
{Name: "last_modified_at", Type: proto.ColumnType_TIMESTAMP, Description: "The timestamp when the policy was last modified.", Transform: transform.FromField("LastModifiedAt").Transform(ensureTimestamp)},
{Name: "last_modified_by_id", Type: proto.ColumnType_STRING, Description: "The iam ID of the entity that last modified the policy.", Transform: transform.FromField("LastModifiedByID")},
{Name: "resources", Type: proto.ColumnType_JSON, Description: "The resources associated with a policy."},
{Name: "subjects", Type: proto.ColumnType_JSON, Description: "The subjects associated with a policy."},
{Name: "roles", Type: proto.ColumnType_JSON, Description: "A set of role cloud resource names (CRNs) granted by the policy."},
{Name: "account_id", Type: proto.ColumnType_STRING, Description: "ID of the account that this policy belongs to.", Hydrate: plugin.HydrateFunc(getAccountId).WithCache(), Transform: transform.FromValue()},
},
}
}
type userAccessPolicy struct {
iampolicymanagementv1.Policy
IamID string
}
//// LIST FUNCTION
func listUserPolicy(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) {
// Create service connection
conn, err := iamPolicyManagementService(ctx, d)
if err != nil {
plugin.Logger(ctx).Error("ibm_iam_user_policy.listUserPolicy", "connection_error", err)
return nil, err
}
// Get user details
userData := h.Item.(usermanagementv2.UserInfo)
// Get account details
getAccountIdCached := plugin.HydrateFunc(getAccountId).WithCache()
accountID, err := getAccountIdCached(ctx, d, h)
if err != nil {
return nil, err
}
opts := &iampolicymanagementv1.ListPoliciesOptions{
AccountID: core.StringPtr(accountID.(string)),
Type: core.StringPtr("access"),
IamID: core.StringPtr(userData.IamID),
}
result, resp, err := conn.ListPoliciesWithContext(ctx, opts)
if err != nil {
plugin.Logger(ctx).Error("ibm_iam_user_policy.listUserPolicy", "query_error", err, "resp", resp)
return nil, err
}
for _, i := range result.Policies {
d.StreamListItem(ctx, userAccessPolicy{i, userData.IamID})
// Context can be cancelled due to manual cancellation or the limit has been hit
if d.RowsRemaining(ctx) == 0 {
return nil, nil
}
}
return nil, nil
}