Merge pull request #98 from ekristen/iam-rolesanywhere

feat: add IAM Roles Anywhere CRLs, Trust Anchors, and Profiles
ekristen · Feb 24, 2024 · de42561 · de42561
2 parents e51aaca + 693d2d2
commit de42561
Show file tree

Hide file tree

Showing 3 changed files with 240 additions and 0 deletions.
diff --git a/resources/iam-rolesanywhere-crls.go b/resources/iam-rolesanywhere-crls.go
@@ -0,0 +1,80 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/pkg/nuke"
+
+	"github.com/aws/aws-sdk-go/service/rolesanywhere"
+)
+
+type IAMRolesAnywhereCRL struct {
+	svc   *rolesanywhere.RolesAnywhere
+	CrlID string
+}
+
+const IAMRolesAnywhereCRLResource = "IAMRolesAnywhereCRL"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:   IAMRolesAnywhereCRLResource,
+		Scope:  nuke.Account,
+		Lister: &IAMRolesAnywhereCRLLister{},
+	})
+}
+
+type IAMRolesAnywhereCRLLister struct{}
+
+func (l *IAMRolesAnywhereCRLLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+
+	svc := rolesanywhere.New(opts.Session)
+
+	params := &rolesanywhere.ListCrlsInput{}
+	resources := make([]resource.Resource, 0)
+
+	for {
+		resp, err := svc.ListCrls(params)
+		if err != nil {
+			return nil, err
+		}
+		for _, crl := range resp.Crls {
+			resources = append(resources, &IAMRolesAnywhereCRL{
+				svc:   svc,
+				CrlID: *crl.CrlId,
+			})
+		}
+
+		if resp.NextToken == nil {
+			break
+		}
+
+		params.NextToken = resp.NextToken
+	}
+
+	return resources, nil
+}
+
+func (e *IAMRolesAnywhereCRL) Remove(_ context.Context) error {
+	_, err := e.svc.DeleteCrl(&rolesanywhere.DeleteCrlInput{
+		CrlId: &e.CrlID,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (e *IAMRolesAnywhereCRL) String() string {
+	return e.CrlID
+}
+
+func (e *IAMRolesAnywhereCRL) Properties() types.Properties {
+	return types.NewProperties().
+		Set("CrlId", e.CrlID)
+}
diff --git a/resources/iam-rolesanywhere-profiles.go b/resources/iam-rolesanywhere-profiles.go
@@ -0,0 +1,80 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/service/rolesanywhere"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/pkg/nuke"
+)
+
+type IAMRolesAnywhereProfile struct {
+	svc       *rolesanywhere.RolesAnywhere
+	ProfileID string
+}
+
+const IAMRolesAnywhereProfilesResource = "IAMRolesAnywhereProfile"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:   IAMRolesAnywhereProfilesResource,
+		Scope:  nuke.Account,
+		Lister: &IAMRolesAnywhereProfilesLister{},
+	})
+}
+
+type IAMRolesAnywhereProfilesLister struct{}
+
+func (l *IAMRolesAnywhereProfilesLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+
+	svc := rolesanywhere.New(opts.Session)
+
+	params := &rolesanywhere.ListProfilesInput{}
+	resources := make([]resource.Resource, 0)
+
+	for {
+		resp, err := svc.ListProfiles(params)
+		if err != nil {
+			return nil, err
+		}
+		for _, profile := range resp.Profiles {
+			resources = append(resources, &IAMRolesAnywhereProfile{
+				svc:       svc,
+				ProfileID: *profile.ProfileId,
+			})
+		}
+
+		if resp.NextToken == nil {
+			break
+		}
+
+		params.NextToken = resp.NextToken
+	}
+
+	return resources, nil
+}
+
+func (e *IAMRolesAnywhereProfile) Remove(_ context.Context) error {
+	_, err := e.svc.DeleteProfile(&rolesanywhere.DeleteProfileInput{
+		ProfileId: &e.ProfileID,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (e *IAMRolesAnywhereProfile) String() string {
+	return e.ProfileID
+}
+
+func (e *IAMRolesAnywhereProfile) Properties() types.Properties {
+	return types.NewProperties().
+		Set("ProfileId", e.ProfileID)
+}
diff --git a/resources/iam-rolesanywhere-trust-anchors.go b/resources/iam-rolesanywhere-trust-anchors.go
@@ -0,0 +1,80 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/service/rolesanywhere"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/pkg/nuke"
+)
+
+type IAMRolesAnywhereTrustAnchor struct {
+	svc           *rolesanywhere.RolesAnywhere
+	TrustAnchorID string
+}
+
+const IAMRolesAnywhereTrustAnchorResource = "IAMRolesAnywhereTrustAnchor"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:   IAMRolesAnywhereTrustAnchorResource,
+		Scope:  nuke.Account,
+		Lister: &IAMRolesAnywhereTrustAnchorLister{},
+	})
+}
+
+type IAMRolesAnywhereTrustAnchorLister struct{}
+
+func (l *IAMRolesAnywhereTrustAnchorLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+
+	svc := rolesanywhere.New(opts.Session)
+
+	params := &rolesanywhere.ListTrustAnchorsInput{}
+	resources := make([]resource.Resource, 0)
+
+	for {
+		resp, err := svc.ListTrustAnchors(params)
+		if err != nil {
+			return nil, err
+		}
+		for _, trustAnchor := range resp.TrustAnchors {
+			resources = append(resources, &IAMRolesAnywhereTrustAnchor{
+				svc:           svc,
+				TrustAnchorID: *trustAnchor.TrustAnchorId,
+			})
+		}
+
+		if resp.NextToken == nil {
+			break
+		}
+
+		params.NextToken = resp.NextToken
+	}
+
+	return resources, nil
+}
+
+func (e *IAMRolesAnywhereTrustAnchor) Remove(_ context.Context) error {
+	_, err := e.svc.DeleteTrustAnchor(&rolesanywhere.DeleteTrustAnchorInput{
+		TrustAnchorId: &e.TrustAnchorID,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (e *IAMRolesAnywhereTrustAnchor) String() string {
+	return e.TrustAnchorID
+}
+
+func (e *IAMRolesAnywhereTrustAnchor) Properties() types.Properties {
+	return types.NewProperties().
+		Set("TrustAnchorId", e.TrustAnchorID)
+}