From b9bb5fd92182fabdf16d518530f3af3d0dad5311 Mon Sep 17 00:00:00 2001 From: Andrew Burchill Date: Thu, 8 Feb 2024 16:36:00 +1100 Subject: [PATCH 1/2] feat(IAMRolesAnywhere): add support for IAM RolesAnywhere TrustAnchors, Profiles, and CRLs --- resources/iam-rolesanywhere-crls.go | 64 ++++++++++++++++++++ resources/iam-rolesanywhere-profiles.go | 64 ++++++++++++++++++++ resources/iam-rolesanywhere-trust-anchors.go | 64 ++++++++++++++++++++ 3 files changed, 192 insertions(+) create mode 100644 resources/iam-rolesanywhere-crls.go create mode 100644 resources/iam-rolesanywhere-profiles.go create mode 100644 resources/iam-rolesanywhere-trust-anchors.go diff --git a/resources/iam-rolesanywhere-crls.go b/resources/iam-rolesanywhere-crls.go new file mode 100644 index 00000000..d4e4a09c --- /dev/null +++ b/resources/iam-rolesanywhere-crls.go @@ -0,0 +1,64 @@ +package resources + +import ( + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/rolesanywhere" + "github.com/rebuy-de/aws-nuke/v2/pkg/types" +) + +type Crl struct { + svc *rolesanywhere.RolesAnywhere + CrlId string +} + +func init() { + register("IAMRolesAnywhereCrls", ListCRLs) +} + +func ListCRLs(sess *session.Session) ([]Resource, error) { + svc := rolesanywhere.New(sess) + + params := &rolesanywhere.ListCrlsInput{} + resources := make([]Resource, 0) + + for { + resp, err := svc.ListCrls(params) + if err != nil { + return nil, err + } + for _, crl := range resp.Crls { + resources = append(resources, &Crl{ + svc: svc, + CrlId: *crl.CrlId, + }) + } + + if resp.NextToken == nil { + break + } + + params.NextToken = resp.NextToken + } + + return resources, nil +} + +func (e *Crl) Remove() error { + _, err := e.svc.DeleteCrl(&rolesanywhere.DeleteCrlInput{ + CrlId: &e.CrlId, + }) + if err != nil { + return err + } + + return nil +} + +func (e *Crl) String() string { + return e.CrlId +} + +func (e *Crl) Properties() types.Properties { + return types.NewProperties(). + Set("CrlId", e.CrlId) +} diff --git a/resources/iam-rolesanywhere-profiles.go b/resources/iam-rolesanywhere-profiles.go new file mode 100644 index 00000000..37e6e434 --- /dev/null +++ b/resources/iam-rolesanywhere-profiles.go @@ -0,0 +1,64 @@ +package resources + +import ( + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/rolesanywhere" + "github.com/rebuy-de/aws-nuke/v2/pkg/types" +) + +type Profile struct { + svc *rolesanywhere.RolesAnywhere + ProfileId string +} + +func init() { + register("IAMRolesAnywhereProfiles", ListProfiles) +} + +func ListProfiles(sess *session.Session) ([]Resource, error) { + svc := rolesanywhere.New(sess) + + params := &rolesanywhere.ListProfilesInput{} + resources := make([]Resource, 0) + + for { + resp, err := svc.ListProfiles(params) + if err != nil { + return nil, err + } + for _, profile := range resp.Profiles { + resources = append(resources, &Profile{ + svc: svc, + ProfileId: *profile.ProfileId, + }) + } + + if resp.NextToken == nil { + break + } + + params.NextToken = resp.NextToken + } + + return resources, nil +} + +func (e *Profile) Remove() error { + _, err := e.svc.DeleteProfile(&rolesanywhere.DeleteProfileInput{ + ProfileId: &e.ProfileId, + }) + if err != nil { + return err + } + + return nil +} + +func (e *Profile) String() string { + return e.ProfileId +} + +func (e *Profile) Properties() types.Properties { + return types.NewProperties(). + Set("ProfileId", e.ProfileId) +} diff --git a/resources/iam-rolesanywhere-trust-anchors.go b/resources/iam-rolesanywhere-trust-anchors.go new file mode 100644 index 00000000..c9f82300 --- /dev/null +++ b/resources/iam-rolesanywhere-trust-anchors.go @@ -0,0 +1,64 @@ +package resources + +import ( + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/rolesanywhere" + "github.com/rebuy-de/aws-nuke/v2/pkg/types" +) + +type TrustAnchor struct { + svc *rolesanywhere.RolesAnywhere + TrustAnchorId string +} + +func init() { + register("IAMRolesAnywhereTrustAnchors", ListTrustAnchors) +} + +func ListTrustAnchors(sess *session.Session) ([]Resource, error) { + svc := rolesanywhere.New(sess) + + params := &rolesanywhere.ListTrustAnchorsInput{} + resources := make([]Resource, 0) + + for { + resp, err := svc.ListTrustAnchors(params) + if err != nil { + return nil, err + } + for _, trustAnchor := range resp.TrustAnchors { + resources = append(resources, &TrustAnchor{ + svc: svc, + TrustAnchorId: *trustAnchor.TrustAnchorId, + }) + } + + if resp.NextToken == nil { + break + } + + params.NextToken = resp.NextToken + } + + return resources, nil +} + +func (e *TrustAnchor) Remove() error { + _, err := e.svc.DeleteTrustAnchor(&rolesanywhere.DeleteTrustAnchorInput{ + TrustAnchorId: &e.TrustAnchorId, + }) + if err != nil { + return err + } + + return nil +} + +func (e *TrustAnchor) String() string { + return e.TrustAnchorId +} + +func (e *TrustAnchor) Properties() types.Properties { + return types.NewProperties(). + Set("TrustAnchorId", e.TrustAnchorId) +} From 693d2d2a7626729b256d204992bfe6bbb1c858e9 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Fri, 23 Feb 2024 17:06:26 -0700 Subject: [PATCH 2/2] chore: refactor to libnuke resource format --- resources/iam-rolesanywhere-crls.go | 52 +++++++++++++------- resources/iam-rolesanywhere-profiles.go | 52 +++++++++++++------- resources/iam-rolesanywhere-trust-anchors.go | 52 +++++++++++++------- 3 files changed, 102 insertions(+), 54 deletions(-) diff --git a/resources/iam-rolesanywhere-crls.go b/resources/iam-rolesanywhere-crls.go index d4e4a09c..16ebda3c 100644 --- a/resources/iam-rolesanywhere-crls.go +++ b/resources/iam-rolesanywhere-crls.go @@ -1,25 +1,41 @@ package resources import ( - "github.com/aws/aws-sdk-go/aws/session" + "context" + + "github.com/ekristen/libnuke/pkg/registry" + "github.com/ekristen/libnuke/pkg/resource" + "github.com/ekristen/libnuke/pkg/types" + + "github.com/ekristen/aws-nuke/pkg/nuke" + "github.com/aws/aws-sdk-go/service/rolesanywhere" - "github.com/rebuy-de/aws-nuke/v2/pkg/types" ) -type Crl struct { - svc *rolesanywhere.RolesAnywhere - CrlId string +type IAMRolesAnywhereCRL struct { + svc *rolesanywhere.RolesAnywhere + CrlID string } +const IAMRolesAnywhereCRLResource = "IAMRolesAnywhereCRL" + func init() { - register("IAMRolesAnywhereCrls", ListCRLs) + registry.Register(®istry.Registration{ + Name: IAMRolesAnywhereCRLResource, + Scope: nuke.Account, + Lister: &IAMRolesAnywhereCRLLister{}, + }) } -func ListCRLs(sess *session.Session) ([]Resource, error) { - svc := rolesanywhere.New(sess) +type IAMRolesAnywhereCRLLister struct{} + +func (l *IAMRolesAnywhereCRLLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) { + opts := o.(*nuke.ListerOpts) + + svc := rolesanywhere.New(opts.Session) params := &rolesanywhere.ListCrlsInput{} - resources := make([]Resource, 0) + resources := make([]resource.Resource, 0) for { resp, err := svc.ListCrls(params) @@ -27,9 +43,9 @@ func ListCRLs(sess *session.Session) ([]Resource, error) { return nil, err } for _, crl := range resp.Crls { - resources = append(resources, &Crl{ - svc: svc, - CrlId: *crl.CrlId, + resources = append(resources, &IAMRolesAnywhereCRL{ + svc: svc, + CrlID: *crl.CrlId, }) } @@ -43,9 +59,9 @@ func ListCRLs(sess *session.Session) ([]Resource, error) { return resources, nil } -func (e *Crl) Remove() error { +func (e *IAMRolesAnywhereCRL) Remove(_ context.Context) error { _, err := e.svc.DeleteCrl(&rolesanywhere.DeleteCrlInput{ - CrlId: &e.CrlId, + CrlId: &e.CrlID, }) if err != nil { return err @@ -54,11 +70,11 @@ func (e *Crl) Remove() error { return nil } -func (e *Crl) String() string { - return e.CrlId +func (e *IAMRolesAnywhereCRL) String() string { + return e.CrlID } -func (e *Crl) Properties() types.Properties { +func (e *IAMRolesAnywhereCRL) Properties() types.Properties { return types.NewProperties(). - Set("CrlId", e.CrlId) + Set("CrlId", e.CrlID) } diff --git a/resources/iam-rolesanywhere-profiles.go b/resources/iam-rolesanywhere-profiles.go index 37e6e434..042ab7a9 100644 --- a/resources/iam-rolesanywhere-profiles.go +++ b/resources/iam-rolesanywhere-profiles.go @@ -1,25 +1,41 @@ package resources import ( - "github.com/aws/aws-sdk-go/aws/session" + "context" + "github.com/aws/aws-sdk-go/service/rolesanywhere" - "github.com/rebuy-de/aws-nuke/v2/pkg/types" + + "github.com/ekristen/libnuke/pkg/registry" + "github.com/ekristen/libnuke/pkg/resource" + "github.com/ekristen/libnuke/pkg/types" + + "github.com/ekristen/aws-nuke/pkg/nuke" ) -type Profile struct { - svc *rolesanywhere.RolesAnywhere - ProfileId string +type IAMRolesAnywhereProfile struct { + svc *rolesanywhere.RolesAnywhere + ProfileID string } +const IAMRolesAnywhereProfilesResource = "IAMRolesAnywhereProfile" + func init() { - register("IAMRolesAnywhereProfiles", ListProfiles) + registry.Register(®istry.Registration{ + Name: IAMRolesAnywhereProfilesResource, + Scope: nuke.Account, + Lister: &IAMRolesAnywhereProfilesLister{}, + }) } -func ListProfiles(sess *session.Session) ([]Resource, error) { - svc := rolesanywhere.New(sess) +type IAMRolesAnywhereProfilesLister struct{} + +func (l *IAMRolesAnywhereProfilesLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) { + opts := o.(*nuke.ListerOpts) + + svc := rolesanywhere.New(opts.Session) params := &rolesanywhere.ListProfilesInput{} - resources := make([]Resource, 0) + resources := make([]resource.Resource, 0) for { resp, err := svc.ListProfiles(params) @@ -27,9 +43,9 @@ func ListProfiles(sess *session.Session) ([]Resource, error) { return nil, err } for _, profile := range resp.Profiles { - resources = append(resources, &Profile{ - svc: svc, - ProfileId: *profile.ProfileId, + resources = append(resources, &IAMRolesAnywhereProfile{ + svc: svc, + ProfileID: *profile.ProfileId, }) } @@ -43,9 +59,9 @@ func ListProfiles(sess *session.Session) ([]Resource, error) { return resources, nil } -func (e *Profile) Remove() error { +func (e *IAMRolesAnywhereProfile) Remove(_ context.Context) error { _, err := e.svc.DeleteProfile(&rolesanywhere.DeleteProfileInput{ - ProfileId: &e.ProfileId, + ProfileId: &e.ProfileID, }) if err != nil { return err @@ -54,11 +70,11 @@ func (e *Profile) Remove() error { return nil } -func (e *Profile) String() string { - return e.ProfileId +func (e *IAMRolesAnywhereProfile) String() string { + return e.ProfileID } -func (e *Profile) Properties() types.Properties { +func (e *IAMRolesAnywhereProfile) Properties() types.Properties { return types.NewProperties(). - Set("ProfileId", e.ProfileId) + Set("ProfileId", e.ProfileID) } diff --git a/resources/iam-rolesanywhere-trust-anchors.go b/resources/iam-rolesanywhere-trust-anchors.go index c9f82300..f31a56b1 100644 --- a/resources/iam-rolesanywhere-trust-anchors.go +++ b/resources/iam-rolesanywhere-trust-anchors.go @@ -1,25 +1,41 @@ package resources import ( - "github.com/aws/aws-sdk-go/aws/session" + "context" + "github.com/aws/aws-sdk-go/service/rolesanywhere" - "github.com/rebuy-de/aws-nuke/v2/pkg/types" + + "github.com/ekristen/libnuke/pkg/registry" + "github.com/ekristen/libnuke/pkg/resource" + "github.com/ekristen/libnuke/pkg/types" + + "github.com/ekristen/aws-nuke/pkg/nuke" ) -type TrustAnchor struct { - svc *rolesanywhere.RolesAnywhere - TrustAnchorId string +type IAMRolesAnywhereTrustAnchor struct { + svc *rolesanywhere.RolesAnywhere + TrustAnchorID string } +const IAMRolesAnywhereTrustAnchorResource = "IAMRolesAnywhereTrustAnchor" + func init() { - register("IAMRolesAnywhereTrustAnchors", ListTrustAnchors) + registry.Register(®istry.Registration{ + Name: IAMRolesAnywhereTrustAnchorResource, + Scope: nuke.Account, + Lister: &IAMRolesAnywhereTrustAnchorLister{}, + }) } -func ListTrustAnchors(sess *session.Session) ([]Resource, error) { - svc := rolesanywhere.New(sess) +type IAMRolesAnywhereTrustAnchorLister struct{} + +func (l *IAMRolesAnywhereTrustAnchorLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) { + opts := o.(*nuke.ListerOpts) + + svc := rolesanywhere.New(opts.Session) params := &rolesanywhere.ListTrustAnchorsInput{} - resources := make([]Resource, 0) + resources := make([]resource.Resource, 0) for { resp, err := svc.ListTrustAnchors(params) @@ -27,9 +43,9 @@ func ListTrustAnchors(sess *session.Session) ([]Resource, error) { return nil, err } for _, trustAnchor := range resp.TrustAnchors { - resources = append(resources, &TrustAnchor{ - svc: svc, - TrustAnchorId: *trustAnchor.TrustAnchorId, + resources = append(resources, &IAMRolesAnywhereTrustAnchor{ + svc: svc, + TrustAnchorID: *trustAnchor.TrustAnchorId, }) } @@ -43,9 +59,9 @@ func ListTrustAnchors(sess *session.Session) ([]Resource, error) { return resources, nil } -func (e *TrustAnchor) Remove() error { +func (e *IAMRolesAnywhereTrustAnchor) Remove(_ context.Context) error { _, err := e.svc.DeleteTrustAnchor(&rolesanywhere.DeleteTrustAnchorInput{ - TrustAnchorId: &e.TrustAnchorId, + TrustAnchorId: &e.TrustAnchorID, }) if err != nil { return err @@ -54,11 +70,11 @@ func (e *TrustAnchor) Remove() error { return nil } -func (e *TrustAnchor) String() string { - return e.TrustAnchorId +func (e *IAMRolesAnywhereTrustAnchor) String() string { + return e.TrustAnchorID } -func (e *TrustAnchor) Properties() types.Properties { +func (e *IAMRolesAnywhereTrustAnchor) Properties() types.Properties { return types.NewProperties(). - Set("TrustAnchorId", e.TrustAnchorId) + Set("TrustAnchorId", e.TrustAnchorID) }