Skip to content

Commit d01c205

Browse files
404tk404tk
committed
feat(policies):support listPoliciesForUser for aliyun, qcloud, aws
1 parent 7521493 commit d01c205

File tree

10 files changed

+135
-7
lines changed

10 files changed

+135
-7
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ module github.com/404tk/cloudtoolkit
33
go 1.18
44

55
require (
6-
github.com/404tk/table v0.0.1
6+
github.com/404tk/table v0.0.3
77
github.com/Azure/azure-sdk-for-go v67.1.0+incompatible
88
github.com/Azure/go-autorest/autorest v0.11.28
99
github.com/Azure/go-autorest/autorest/azure/auth v0.5.11

pkg/providers/alibaba/ram/policies.go

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
package ram
2+
3+
import (
4+
"fmt"
5+
"strings"
6+
7+
"github.com/404tk/cloudtoolkit/utils/logger"
8+
"github.com/aliyun/alibaba-cloud-sdk-go/services/ram"
9+
)
10+
11+
var policy_infos map[string]string
12+
13+
func listPoliciesForUser(client *ram.Client, name string) string {
14+
req_perm := ram.CreateListPoliciesForUserRequest()
15+
req_perm.Scheme = "https"
16+
req_perm.UserName = name
17+
resp, err := client.ListPoliciesForUser(req_perm)
18+
if err != nil {
19+
return ""
20+
}
21+
policies := []string{}
22+
for _, p := range resp.Policies.Policy {
23+
policies = append(policies, p.PolicyName)
24+
if p.PolicyType == "Custom" {
25+
if _, ok := policy_infos[p.PolicyName]; !ok {
26+
details := getPolicy(client, p.PolicyName)
27+
policy_infos[p.PolicyName] = details
28+
msg := fmt.Sprintf("Found Custom Policy %s: %s", p.PolicyName, details)
29+
logger.Warning(msg)
30+
}
31+
}
32+
}
33+
return strings.Join(policies, "\n")
34+
}
35+
36+
func getPolicy(client *ram.Client, name string) string {
37+
request := ram.CreateGetPolicyRequest()
38+
request.Scheme = "https"
39+
request.PolicyName = name
40+
request.PolicyType = "Custom"
41+
response, err := client.GetPolicy(request)
42+
if err != nil {
43+
return err.Error()
44+
}
45+
return response.DefaultPolicyVersion.PolicyDocument
46+
}

pkg/providers/alibaba/ram/users.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ func (d *Driver) GetRamUser(ctx context.Context) ([]schema.User, error) {
4141
}
4242
client := d.NewClient()
4343
marker := ""
44+
policy_infos = make(map[string]string)
4445
for {
4546
listUsersRequest := ram.CreateListUsersRequest()
4647
listUsersRequest.Scheme = "https"
@@ -72,8 +73,14 @@ func (d *Driver) GetRamUser(ctx context.Context) ([]schema.User, error) {
7273
lastLoginDate, _ := time.Parse(time.RFC3339, getUserResponse.User.LastLoginDate)
7374
_user.LastLogin = lastLoginDate.String()
7475
}
76+
if err == nil && getUserResponse.User.CreateDate != "" {
77+
date, _ := time.Parse(time.RFC3339, getUserResponse.User.CreateDate)
78+
_user.CreateTime = date.String()
79+
}
7580
}
7681

82+
_user.Policies = listPoliciesForUser(client, _user.UserName)
83+
7784
list = append(list, _user)
7885
select {
7986
case <-ctx.Done():

pkg/providers/aws/aws.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ func New(options schema.Options) (*Provider, error) {
6969
userName = u[1]
7070
}
7171
}
72-
logger.Warning(fmt.Sprintf("Current user: %s\n", userName))
72+
logger.Warning(fmt.Sprintf("Current user: %s", userName))
7373
cache.Cfg.CredInsert(userName, options)
7474

7575
return &Provider{

pkg/providers/aws/iam/policies.go

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
package iam
2+
3+
import (
4+
"strings"
5+
6+
"github.com/aws/aws-sdk-go/service/iam"
7+
)
8+
9+
func listAttachedUserPolicies(client *iam.IAM, name string) string {
10+
input := &iam.ListAttachedUserPoliciesInput{UserName: &name}
11+
resp, err := client.ListAttachedUserPolicies(input)
12+
if err != nil {
13+
return ""
14+
}
15+
policies := []string{}
16+
for _, p := range resp.AttachedPolicies {
17+
policies = append(policies, *p.PolicyName)
18+
}
19+
return strings.Join(policies, "\n")
20+
}

pkg/providers/aws/iam/users.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@ func (d *Driver) GetIAMUser(ctx context.Context) ([]schema.User, error) {
4646
_user.EnableLogin = true
4747
}
4848
}
49+
_user.Policies = listAttachedUserPolicies(client, _user.UserName)
4950
list = append(list, _user)
5051
}
5152

pkg/providers/tencent/cam/policies.go

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
package cam
2+
3+
import (
4+
"fmt"
5+
"strconv"
6+
"strings"
7+
8+
"github.com/404tk/cloudtoolkit/utils/logger"
9+
cam "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam/v20190116"
10+
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
11+
)
12+
13+
var policy_infos map[string]string
14+
15+
func listAttachedUserAllPolicies(client *cam.Client, uin *uint64) string {
16+
request := cam.NewListAttachedUserAllPoliciesRequest()
17+
request.TargetUin = uin
18+
request.Rp = common.Uint64Ptr(20)
19+
request.Page = common.Uint64Ptr(1)
20+
request.AttachType = common.Uint64Ptr(0)
21+
22+
resp, err := client.ListAttachedUserAllPolicies(request)
23+
if err != nil {
24+
return ""
25+
}
26+
policies := []string{}
27+
for _, p := range resp.Response.PolicyList {
28+
policies = append(policies, *p.PolicyName)
29+
if *p.StrategyType == "1" {
30+
if _, ok := policy_infos[*p.PolicyName]; !ok {
31+
details := getPolicy(client, *p.PolicyId)
32+
policy_infos[*p.PolicyName] = details
33+
msg := fmt.Sprintf("Found Custom Policy %s: %s", *p.PolicyName, details)
34+
logger.Warning(msg)
35+
}
36+
}
37+
}
38+
return strings.Join(policies, "\n")
39+
}
40+
41+
func getPolicy(client *cam.Client, pid string) string {
42+
request := cam.NewGetPolicyRequest()
43+
pid_int, _ := strconv.Atoi(pid)
44+
request.PolicyId = common.Uint64Ptr(uint64(pid_int))
45+
46+
response, err := client.GetPolicy(request)
47+
if err != nil {
48+
return err.Error()
49+
}
50+
return *response.Response.PolicyDocument
51+
}

pkg/providers/tencent/cam/users.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ package cam
22

33
import (
44
"context"
5-
"strconv"
5+
"fmt"
66

77
"github.com/404tk/cloudtoolkit/pkg/schema"
88
"github.com/404tk/cloudtoolkit/utils/logger"
@@ -36,15 +36,17 @@ func (d *Driver) GetCamUser(ctx context.Context) ([]schema.User, error) {
3636
logger.Error("Enumerate CAM failed.")
3737
return list, err
3838
}
39+
policy_infos = make(map[string]string)
3940
for _, user := range listUsersResponse.Response.Data {
4041
_user := schema.User{
41-
UserName: *user.Name,
42-
UserId: strconv.FormatUint(*user.Uid, 10),
42+
UserName: *user.Name,
43+
UserId: fmt.Sprintf("%v", *user.Uin),
44+
CreateTime: *user.CreateTime,
4345
}
4446
if *user.ConsoleLogin == 1 {
4547
_user.EnableLogin = true
46-
_user.CreateTime = *user.CreateTime
4748
}
49+
_user.Policies = listAttachedUserAllPolicies(client, user.Uin)
4850

4951
list = append(list, _user)
5052
}

pkg/schema/schema.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@ type Storage struct {
5858
type User struct {
5959
UserName string `table:"User"`
6060
UserId string `table:"ID"`
61+
Policies string `table:"Policies"`
6162
EnableLogin bool `table:"Enable Login"`
6263
LastLogin string `table:"Last Login"`
6364
CreateTime string `table:"Creat Time"`

runner/init.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ func InitConfig() {
2020
viper.SetConfigFile(filename)
2121
err = viper.ReadInConfig()
2222
if err != nil {
23-
logger.Fatalf("Read config failed: %v", err)
23+
logger.Fatalf("Read config failed: %v\n", err)
2424
}
2525

2626
utils.DoSave = viper.GetBool("common.log_enable")

0 commit comments

Comments
 (0)