Package AWS :

- User : Add/update policy managment (list, walk, attach, detach) - Group : Add/update policy managment (list, walk, attach, detach) - Role : Add/update policy managment (list, walk, attach, detach) - Policy : add capability to not list default verison policy
nabbar · Oct 28, 2022 · 5187e7e · 5187e7e
1 parent cdc829a
commit 5187e7e
Show file tree

Hide file tree

Showing 9 changed files with 302 additions and 86 deletions.
diff --git a/aws/group/interface.go b/aws/group/interface.go
@@ -28,36 +28,41 @@ package group
 import (
 	"context"
 
-	"github.com/aws/aws-sdk-go-v2/service/iam"
-	"github.com/aws/aws-sdk-go-v2/service/s3"
-	"github.com/nabbar/golib/aws/helper"
-	"github.com/nabbar/golib/errors"
+	sdkiam "github.com/aws/aws-sdk-go-v2/service/iam"
+	sdktps "github.com/aws/aws-sdk-go-v2/service/iam/types"
+	sdksss "github.com/aws/aws-sdk-go-v2/service/s3"
+	awshlp "github.com/nabbar/golib/aws/helper"
+	liberr "github.com/nabbar/golib/errors"
 )
 
 type client struct {
-	helper.Helper
-	iam *iam.Client
-	s3  *s3.Client
+	awshlp.Helper
+	iam *sdkiam.Client
+	s3  *sdksss.Client
 }
 
+type PoliciesWalkFunc func(err liberr.Error, pol sdktps.AttachedPolicy) liberr.Error
+
 type Group interface {
-	UserList(username string) ([]string, errors.Error)
-	UserCheck(username, groupName string) (errors.Error, bool)
-	UserAdd(username, groupName string) errors.Error
-	UserRemove(username, groupName string) errors.Error
+	UserList(username string) ([]string, liberr.Error)
+	UserCheck(username, groupName string) (liberr.Error, bool)
+	UserAdd(username, groupName string) liberr.Error
+	UserRemove(username, groupName string) liberr.Error
 
-	List() (map[string]string, errors.Error)
-	Add(groupName string) errors.Error
-	Remove(groupName string) errors.Error
+	List() (map[string]string, liberr.Error)
+	Add(groupName string) liberr.Error
+	Remove(groupName string) liberr.Error
 
-	PolicyList(groupName string) (map[string]string, errors.Error)
-	PolicyAttach(groupName, polArn string) errors.Error
-	PolicyDetach(groupName, polArn string) errors.Error
+	PolicyList(groupName string) (map[string]string, liberr.Error)
+	PolicyAttach(groupName, polArn string) liberr.Error
+	PolicyDetach(groupName, polArn string) liberr.Error
+	PolicyAttachedList(groupName, marker string) ([]sdktps.AttachedPolicy, string, liberr.Error)
+	PolicyAttachedWalk(groupName string, fct PoliciesWalkFunc) liberr.Error
 }
 
-func New(ctx context.Context, bucket, region string, iam *iam.Client, s3 *s3.Client) Group {
+func New(ctx context.Context, bucket, region string, iam *sdkiam.Client, s3 *sdksss.Client) Group {
 	return &client{
-		Helper: helper.New(ctx, bucket, region),
+		Helper: awshlp.New(ctx, bucket, region),
 		iam:    iam,
 		s3:     s3,
 	}

diff --git a/aws/group/policy.go b/aws/group/policy.go
@@ -26,43 +26,105 @@
 package group
 
 import (
-	"github.com/aws/aws-sdk-go-v2/aws"
-	"github.com/aws/aws-sdk-go-v2/service/iam"
-	"github.com/nabbar/golib/errors"
+	sdkaws "github.com/aws/aws-sdk-go-v2/aws"
+	sdkiam "github.com/aws/aws-sdk-go-v2/service/iam"
+	sdktps "github.com/aws/aws-sdk-go-v2/service/iam/types"
+	liberr "github.com/nabbar/golib/errors"
 )
 
-func (cli *client) PolicyList(groupName string) (map[string]string, errors.Error) {
-	out, err := cli.iam.ListAttachedGroupPolicies(cli.GetContext(), &iam.ListAttachedGroupPoliciesInput{
-		GroupName: aws.String(groupName),
-	})
+func (cli *client) PolicyList(groupName string) (map[string]string, liberr.Error) {
+	out, _, err := cli.PolicyAttachedList(groupName, "")
 
 	if err != nil {
-		return nil, cli.GetError(err)
+		return nil, err
 	} else {
 		var res = make(map[string]string)
 
-		for _, p := range out.AttachedPolicies {
+		for _, p := range out {
 			res[*p.PolicyName] = *p.PolicyArn
 		}
 
 		return res, nil
 	}
 }
 
-func (cli *client) PolicyAttach(groupName, polArn string) errors.Error {
-	_, err := cli.iam.AttachGroupPolicy(cli.GetContext(), &iam.AttachGroupPolicyInput{
-		GroupName: aws.String(groupName),
-		PolicyArn: aws.String(polArn),
+func (cli *client) PolicyAttach(groupName, polArn string) liberr.Error {
+	_, err := cli.iam.AttachGroupPolicy(cli.GetContext(), &sdkiam.AttachGroupPolicyInput{
+		GroupName: sdkaws.String(groupName),
+		PolicyArn: sdkaws.String(polArn),
 	})
 
 	return cli.GetError(err)
 }
 
-func (cli *client) PolicyDetach(groupName, polArn string) errors.Error {
-	_, err := cli.iam.DetachGroupPolicy(cli.GetContext(), &iam.DetachGroupPolicyInput{
-		GroupName: aws.String(groupName),
-		PolicyArn: aws.String(polArn),
+func (cli *client) PolicyDetach(groupName, polArn string) liberr.Error {
+	_, err := cli.iam.DetachGroupPolicy(cli.GetContext(), &sdkiam.DetachGroupPolicyInput{
+		GroupName: sdkaws.String(groupName),
+		PolicyArn: sdkaws.String(polArn),
 	})
 
 	return cli.GetError(err)
 }
+
+func (cli *client) PolicyAttachedList(groupName, marker string) ([]sdktps.AttachedPolicy, string, liberr.Error) {
+	in := &sdkiam.ListAttachedGroupPoliciesInput{
+		GroupName: sdkaws.String(groupName),
+		MaxItems:  sdkaws.Int32(1000),
+	}
+
+	if marker != "" {
+		in.Marker = sdkaws.String(marker)
+	}
+
+	lst, err := cli.iam.ListAttachedGroupPolicies(cli.GetContext(), in)
+
+	if err != nil {
+		return nil, "", cli.GetError(err)
+	} else if lst == nil || lst.AttachedPolicies == nil {
+		return nil, "", nil
+	} else if lst.IsTruncated && lst.Marker != nil {
+		return lst.AttachedPolicies, *lst.Marker, nil
+	} else {
+		return lst.AttachedPolicies, "", nil
+	}
+}
+
+func (cli *client) PolicyAttachedWalk(groupName string, fct PoliciesWalkFunc) liberr.Error {
+	var m *string
+
+	in := &sdkiam.ListAttachedGroupPoliciesInput{
+		GroupName: sdkaws.String(groupName),
+		MaxItems:  sdkaws.Int32(1000),
+	}
+
+	for {
+		if m != nil {
+			in.Marker = m
+		} else {
+			in.Marker = nil
+		}
+
+		lst, err := cli.iam.ListAttachedGroupPolicies(cli.GetContext(), in)
+
+		if err != nil {
+			return cli.GetError(err)
+		} else if lst == nil || lst.AttachedPolicies == nil {
+			return nil
+		}
+
+		var e liberr.Error
+		for _, p := range lst.AttachedPolicies {
+			e = fct(e, p)
+		}
+
+		if e != nil {
+			return e
+		}
+
+		if lst.IsTruncated && lst.Marker != nil {
+			m = lst.Marker
+		} else {
+			return nil
+		}
+	}
+}
diff --git a/aws/policy/interface.go b/aws/policy/interface.go
@@ -49,7 +49,7 @@ type Policy interface {
 	Update(polArn, polContents string) liberr.Error
 	Delete(polArn string) liberr.Error
 
-	VersionList(arn string, maxItem int32) (map[string]string, liberr.Error)
+	VersionList(arn string, maxItem int32, noDefaultVersion bool) (map[string]string, liberr.Error)
 	VersionGet(arn string, vers string) (*types.PolicyVersion, liberr.Error)
 	VersionAdd(arn string, doc string) liberr.Error
 	VersionDel(arn string, vers string) liberr.Error

diff --git a/aws/policy/policies.go b/aws/policy/policies.go
@@ -86,7 +86,7 @@ func (cli *client) Update(polArn, polContents string) liberr.Error {
 
 	if pol, err = cli.Get(polArn); err != nil {
 		return err
-	} else if lst, err = cli.VersionList(polArn, 0); err != nil {
+	} else if lst, err = cli.VersionList(polArn, 0, false); err != nil {
 		return err
 	} else if len(lst) > 0 {
 		for v := range lst {

diff --git a/aws/policy/versions.go b/aws/policy/versions.go
@@ -40,7 +40,7 @@ import (
 
 const maxItemList int32 = 1000
 
-func (cli *client) VersionList(arn string, maxItem int32) (map[string]string, liberr.Error) {
+func (cli *client) VersionList(arn string, maxItem int32, noDefaultVersion bool) (map[string]string, liberr.Error) {
 	if arn == "" {
 		//nolint #goerr113
 		return nil, libhlp.ErrorParamsEmpty.ErrorParent(fmt.Errorf("arn is empty"))
@@ -80,6 +80,10 @@ func (cli *client) VersionList(arn string, maxItem int32) (map[string]string, li
 				return nil, nil
 			}
 
+			if noDefaultVersion && v.IsDefaultVersion {
+				continue
+			}
+
 			if v.VersionId == nil || len(*v.VersionId) < 1 {
 				continue
 			}

diff --git a/aws/role/interface.go b/aws/role/interface.go
@@ -28,34 +28,37 @@ package role
 import (
 	"context"
 
-	"github.com/aws/aws-sdk-go-v2/service/iam"
-	"github.com/aws/aws-sdk-go-v2/service/iam/types"
-	"github.com/aws/aws-sdk-go-v2/service/s3"
-	"github.com/nabbar/golib/aws/helper"
-	"github.com/nabbar/golib/errors"
+	sdkiam "github.com/aws/aws-sdk-go-v2/service/iam"
+	sdktps "github.com/aws/aws-sdk-go-v2/service/iam/types"
+	sdksss "github.com/aws/aws-sdk-go-v2/service/s3"
+	libhlp "github.com/nabbar/golib/aws/helper"
+	liberr "github.com/nabbar/golib/errors"
 )
 
 type client struct {
-	helper.Helper
-	iam *iam.Client
-	s3  *s3.Client
+	libhlp.Helper
+	iam *sdkiam.Client
+	s3  *sdksss.Client
 }
 
-type Role interface {
-	List() ([]types.Role, errors.Error)
-	Check(name string) (string, errors.Error)
-	Add(name, role string) (string, errors.Error)
-	Delete(roleName string) errors.Error
+type PoliciesWalkFunc func(err liberr.Error, pol sdktps.AttachedPolicy) liberr.Error
 
-	PolicyAttach(policyARN, roleName string) errors.Error
-	PolicyDetach(policyARN, roleName string) errors.Error
+type Role interface {
+	List() ([]sdktps.Role, liberr.Error)
+	Check(name string) (string, liberr.Error)
+	Add(name, role string) (string, liberr.Error)
+	Delete(roleName string) liberr.Error
 
-	PolicyListAttached(roleName string) ([]types.AttachedPolicy, errors.Error)
+	PolicyAttach(policyARN, roleName string) liberr.Error
+	PolicyDetach(policyARN, roleName string) liberr.Error
+	PolicyListAttached(roleName string) ([]sdktps.AttachedPolicy, liberr.Error)
+	PolicyAttachedList(roleName, marker string) ([]sdktps.AttachedPolicy, string, liberr.Error)
+	PolicyAttachedWalk(roleName string, fct PoliciesWalkFunc) liberr.Error
 }
 
-func New(ctx context.Context, bucket, region string, iam *iam.Client, s3 *s3.Client) Role {
+func New(ctx context.Context, bucket, region string, iam *sdkiam.Client, s3 *sdksss.Client) Role {
 	return &client{
-		Helper: helper.New(ctx, bucket, region),
+		Helper: libhlp.New(ctx, bucket, region),
 		iam:    iam,
 		s3:     s3,
 	}

diff --git a/aws/role/policy.go b/aws/role/policy.go
@@ -26,38 +26,102 @@
 package role
 
 import (
-	"github.com/aws/aws-sdk-go-v2/aws"
-	"github.com/aws/aws-sdk-go-v2/service/iam"
-	"github.com/aws/aws-sdk-go-v2/service/iam/types"
-	"github.com/nabbar/golib/errors"
+	sdkaws "github.com/aws/aws-sdk-go-v2/aws"
+	sdkiam "github.com/aws/aws-sdk-go-v2/service/iam"
+	sdktps "github.com/aws/aws-sdk-go-v2/service/iam/types"
+	liberr "github.com/nabbar/golib/errors"
 )
 
-func (cli *client) PolicyListAttached(roleName string) ([]types.AttachedPolicy, errors.Error) {
-	out, err := cli.iam.ListAttachedRolePolicies(cli.GetContext(), &iam.ListAttachedRolePoliciesInput{
-		RoleName: aws.String(roleName),
-	})
+/*
+@DEPRECATED: PolicyAttachedList
+*/
+func (cli *client) PolicyListAttached(roleName string) ([]sdktps.AttachedPolicy, liberr.Error) {
+	out, _, err := cli.PolicyAttachedList(roleName, "")
 
 	if err != nil {
 		return nil, cli.GetError(err)
 	} else {
-		return out.AttachedPolicies, nil
+		return out, nil
 	}
 }
 
-func (cli *client) PolicyAttach(policyARN, roleName string) errors.Error {
-	_, err := cli.iam.AttachRolePolicy(cli.GetContext(), &iam.AttachRolePolicyInput{
-		PolicyArn: aws.String(policyARN),
-		RoleName:  aws.String(roleName),
+func (cli *client) PolicyAttach(policyARN, roleName string) liberr.Error {
+	_, err := cli.iam.AttachRolePolicy(cli.GetContext(), &sdkiam.AttachRolePolicyInput{
+		PolicyArn: sdkaws.String(policyARN),
+		RoleName:  sdkaws.String(roleName),
 	})
 
 	return cli.GetError(err)
 }
 
-func (cli *client) PolicyDetach(policyARN, roleName string) errors.Error {
-	_, err := cli.iam.DetachRolePolicy(cli.GetContext(), &iam.DetachRolePolicyInput{
-		PolicyArn: aws.String(policyARN),
-		RoleName:  aws.String(roleName),
+func (cli *client) PolicyDetach(policyARN, roleName string) liberr.Error {
+	_, err := cli.iam.DetachRolePolicy(cli.GetContext(), &sdkiam.DetachRolePolicyInput{
+		PolicyArn: sdkaws.String(policyARN),
+		RoleName:  sdkaws.String(roleName),
 	})
 
 	return cli.GetError(err)
 }
+
+func (cli *client) PolicyAttachedList(roleName, marker string) ([]sdktps.AttachedPolicy, string, liberr.Error) {
+	in := &sdkiam.ListAttachedRolePoliciesInput{
+		RoleName: sdkaws.String(roleName),
+		MaxItems: sdkaws.Int32(1000),
+	}
+
+	if marker != "" {
+		in.Marker = sdkaws.String(marker)
+	}
+
+	lst, err := cli.iam.ListAttachedRolePolicies(cli.GetContext(), in)
+
+	if err != nil {
+		return nil, "", cli.GetError(err)
+	} else if lst == nil || lst.AttachedPolicies == nil {
+		return nil, "", nil
+	} else if lst.IsTruncated && lst.Marker != nil {
+		return lst.AttachedPolicies, *lst.Marker, nil
+	} else {
+		return lst.AttachedPolicies, "", nil
+	}
+}
+
+func (cli *client) PolicyAttachedWalk(roleName string, fct PoliciesWalkFunc) liberr.Error {
+	var m *string
+
+	in := &sdkiam.ListAttachedRolePoliciesInput{
+		RoleName: sdkaws.String(roleName),
+		MaxItems: sdkaws.Int32(1000),
+	}
+
+	for {
+		if m != nil {
+			in.Marker = m
+		} else {
+			in.Marker = nil
+		}
+
+		lst, err := cli.iam.ListAttachedRolePolicies(cli.GetContext(), in)
+
+		if err != nil {
+			return cli.GetError(err)
+		} else if lst == nil || lst.AttachedPolicies == nil {
+			return nil
+		}
+
+		var e liberr.Error
+		for _, p := range lst.AttachedPolicies {
+			e = fct(e, p)
+		}
+
+		if e != nil {
+			return e
+		}
+
+		if lst.IsTruncated && lst.Marker != nil {
+			m = lst.Marker
+		} else {
+			return nil
+		}
+	}
+}