Merge pull request #700 from overmindtech/make-iam-global

Make iam global
overmindtech · Dec 9, 2024 · 4601fe1 · 4601fe1
2 parents 7e32209 + 859bf3f
commit 4601fe1
Show file tree

Hide file tree

Showing 9 changed files with 21 additions and 27 deletions.
diff --git a/adapters/iam-group.go b/adapters/iam-group.go
@@ -40,13 +40,12 @@ func groupItemMapper(_ *string, scope string, awsItem *types.Group) (*sdp.Item,
 	return &item, nil
 }
 
-func NewIAMGroupAdapter(client *iam.Client, accountID string, region string) *adapterhelpers.GetListAdapterV2[*iam.ListGroupsInput, *iam.ListGroupsOutput, *types.Group, *iam.Client, *iam.Options] {
+func NewIAMGroupAdapter(client *iam.Client, accountID string) *adapterhelpers.GetListAdapterV2[*iam.ListGroupsInput, *iam.ListGroupsOutput, *types.Group, *iam.Client, *iam.Options] {
 	return &adapterhelpers.GetListAdapterV2[*iam.ListGroupsInput, *iam.ListGroupsOutput, *types.Group, *iam.Client, *iam.Options]{
 		ItemType:        "iam-group",
 		Client:          client,
 		CacheDuration:   3 * time.Hour, // IAM has very low rate limits, we need to cache for a long time
 		AccountID:       accountID,
-		Region:          region,
 		AdapterMetadata: iamGroupAdapterMetadata,
 		GetFunc: func(ctx context.Context, client *iam.Client, scope, query string) (*types.Group, error) {
 			return groupGetFunc(ctx, client, scope, query)

diff --git a/adapters/iam-group_test.go b/adapters/iam-group_test.go
@@ -32,13 +32,13 @@ func TestGroupItemMapper(t *testing.T) {
 }
 
 func TestNewIAMGroupAdapter(t *testing.T) {
-	config, account, region := adapterhelpers.GetAutoConfig(t)
+	config, account, _ := adapterhelpers.GetAutoConfig(t)
 	client := iam.NewFromConfig(config, func(o *iam.Options) {
 		o.RetryMode = aws.RetryModeAdaptive
 		o.RetryMaxAttempts = 10
 	})
 
-	adapter := NewIAMGroupAdapter(client, account, region)
+	adapter := NewIAMGroupAdapter(client, account)
 
 	test := adapterhelpers.E2ETest{
 		Adapter: adapter,

diff --git a/adapters/iam-instance-profile.go b/adapters/iam-instance-profile.go
@@ -102,13 +102,12 @@ func instanceProfileListTagsFunc(ctx context.Context, ip *types.InstanceProfile,
 	return tags
 }
 
-func NewIAMInstanceProfileAdapter(client *iam.Client, accountID string, region string) *adapterhelpers.GetListAdapterV2[*iam.ListInstanceProfilesInput, *iam.ListInstanceProfilesOutput, *types.InstanceProfile, *iam.Client, *iam.Options] {
+func NewIAMInstanceProfileAdapter(client *iam.Client, accountID string) *adapterhelpers.GetListAdapterV2[*iam.ListInstanceProfilesInput, *iam.ListInstanceProfilesOutput, *types.InstanceProfile, *iam.Client, *iam.Options] {
 	return &adapterhelpers.GetListAdapterV2[*iam.ListInstanceProfilesInput, *iam.ListInstanceProfilesOutput, *types.InstanceProfile, *iam.Client, *iam.Options]{
 		ItemType:        "iam-instance-profile",
 		Client:          client,
 		CacheDuration:   3 * time.Hour, // IAM has very low rate limits, we need to cache for a long time
 		AccountID:       accountID,
-		Region:          region,
 		AdapterMetadata: instanceProfileAdapterMetadata,
 		GetFunc: func(ctx context.Context, client *iam.Client, scope, query string) (*types.InstanceProfile, error) {
 			return instanceProfileGetFunc(ctx, client, scope, query)

diff --git a/adapters/iam-instance-profile_test.go b/adapters/iam-instance-profile_test.go
@@ -52,13 +52,13 @@ func TestInstanceProfileItemMapper(t *testing.T) {
 }
 
 func TestNewIAMInstanceProfileAdapter(t *testing.T) {
-	config, account, region := adapterhelpers.GetAutoConfig(t)
+	config, account, _ := adapterhelpers.GetAutoConfig(t)
 	client := iam.NewFromConfig(config, func(o *iam.Options) {
 		o.RetryMode = aws.RetryModeAdaptive
 		o.RetryMaxAttempts = 10
 	})
 
-	adapter := NewIAMInstanceProfileAdapter(client, account, region)
+	adapter := NewIAMInstanceProfileAdapter(client, account)
 
 	test := adapterhelpers.E2ETest{
 		Adapter: adapter,

diff --git a/adapters/iam-role.go b/adapters/iam-role.go
@@ -245,13 +245,12 @@ func roleListTagsFunc(ctx context.Context, r *RoleDetails, client IAMClient) (ma
 	return tags, nil
 }
 
-func NewIAMRoleAdapter(client IAMClient, accountID string, region string) *adapterhelpers.GetListAdapterV2[*iam.ListRolesInput, *iam.ListRolesOutput, *RoleDetails, IAMClient, *iam.Options] {
+func NewIAMRoleAdapter(client IAMClient, accountID string) *adapterhelpers.GetListAdapterV2[*iam.ListRolesInput, *iam.ListRolesOutput, *RoleDetails, IAMClient, *iam.Options] {
 	return &adapterhelpers.GetListAdapterV2[*iam.ListRolesInput, *iam.ListRolesOutput, *RoleDetails, IAMClient, *iam.Options]{
 		ItemType:      "iam-role",
 		Client:        client,
 		CacheDuration: 3 * time.Hour, // IAM has very low rate limits, we need to cache for a long time
 		AccountID:     accountID,
-		Region:        region,
 		GetFunc: func(ctx context.Context, client IAMClient, scope, query string) (*RoleDetails, error) {
 			return roleGetFunc(ctx, client, scope, query)
 		},

diff --git a/adapters/iam-role_test.go b/adapters/iam-role_test.go
@@ -143,7 +143,7 @@ func TestRoleGetFunc(t *testing.T) {
 }
 
 func TestRoleListFunc(t *testing.T) {
-	adapter := NewIAMRoleAdapter(&TestIAMClient{}, "foo", "bar")
+	adapter := NewIAMRoleAdapter(&TestIAMClient{}, "foo")
 
 	items := make([]*sdp.Item, 0)
 	errs := make([]error, 0)
@@ -156,7 +156,7 @@ func TestRoleListFunc(t *testing.T) {
 		},
 	)
 
-	adapter.ListStream(context.Background(), "foo.bar", false, stream)
+	adapter.ListStream(context.Background(), "foo", false, stream)
 	stream.Close()
 
 	if len(errs) > 0 {
@@ -261,13 +261,13 @@ func TestRoleItemMapper(t *testing.T) {
 }
 
 func TestNewIAMRoleAdapter(t *testing.T) {
-	config, account, region := adapterhelpers.GetAutoConfig(t)
+	config, account, _ := adapterhelpers.GetAutoConfig(t)
 	client := iam.NewFromConfig(config, func(o *iam.Options) {
 		o.RetryMode = aws.RetryModeAdaptive
 		o.RetryMaxAttempts = 10
 	})
 
-	adapter := NewIAMRoleAdapter(client, account, region)
+	adapter := NewIAMRoleAdapter(client, account)
 
 	test := adapterhelpers.E2ETest{
 		Adapter: adapter,

diff --git a/adapters/iam-user.go b/adapters/iam-user.go
@@ -135,13 +135,12 @@ func userListTagsFunc(ctx context.Context, u *UserDetails, client IAMClient) (ma
 	return tags, nil
 }
 
-func NewIAMUserAdapter(client IAMClient, accountID string, region string) *adapterhelpers.GetListAdapterV2[*iam.ListUsersInput, *iam.ListUsersOutput, *UserDetails, IAMClient, *iam.Options] {
+func NewIAMUserAdapter(client IAMClient, accountID string) *adapterhelpers.GetListAdapterV2[*iam.ListUsersInput, *iam.ListUsersOutput, *UserDetails, IAMClient, *iam.Options] {
 	return &adapterhelpers.GetListAdapterV2[*iam.ListUsersInput, *iam.ListUsersOutput, *UserDetails, IAMClient, *iam.Options]{
 		ItemType:      "iam-user",
 		Client:        client,
 		CacheDuration: 3 * time.Hour, // IAM has very low rate limits, we need to cache for a long time
 		AccountID:     accountID,
-		Region:        region,
 		GetFunc: func(ctx context.Context, client IAMClient, scope, query string) (*UserDetails, error) {
 			return userGetFunc(ctx, client, scope, query)
 		},

diff --git a/adapters/iam-user_test.go b/adapters/iam-user_test.go
@@ -143,7 +143,7 @@ func TestUserGetFunc(t *testing.T) {
 }
 
 func TestUserListFunc(t *testing.T) {
-	adapter := NewIAMUserAdapter(&TestIAMClient{}, "foo", "bar")
+	adapter := NewIAMUserAdapter(&TestIAMClient{}, "foo")
 
 	items := make([]*sdp.Item, 0)
 	errs := make([]error, 0)
@@ -156,7 +156,7 @@ func TestUserListFunc(t *testing.T) {
 		},
 	)
 
-	adapter.ListStream(context.Background(), "foo.bar", false, stream)
+	adapter.ListStream(context.Background(), "foo", false, stream)
 	stream.Close()
 
 	if len(errs) > 0 {
@@ -236,13 +236,13 @@ func TestUserItemMapper(t *testing.T) {
 }
 
 func TestNewIAMUserAdapter(t *testing.T) {
-	config, account, region := adapterhelpers.GetAutoConfig(t)
+	config, account, _ := adapterhelpers.GetAutoConfig(t)
 	client := iam.NewFromConfig(config, func(o *iam.Options) {
 		o.RetryMode = aws.RetryModeAdaptive
 		o.RetryMaxAttempts = 10
 	})
 
-	adapter := NewIAMUserAdapter(client, account, region)
+	adapter := NewIAMUserAdapter(client, account)
 
 	test := adapterhelpers.E2ETest{
 		Adapter: adapter,

diff --git a/proc/proc.go b/proc/proc.go
@@ -384,12 +384,6 @@ func InitializeAwsSourceEngine(ctx context.Context, ec *discovery.EngineConfig,
 						// Cloudwatch
 						adapters.NewCloudwatchAlarmAdapter(cloudwatchClient, *callerID.Account, cfg.Region),
 
-						// IAM
-						adapters.NewIAMGroupAdapter(iamClient, *callerID.Account, cfg.Region),
-						adapters.NewIAMInstanceProfileAdapter(iamClient, *callerID.Account, cfg.Region),
-						adapters.NewIAMRoleAdapter(iamClient, *callerID.Account, cfg.Region),
-						adapters.NewIAMUserAdapter(iamClient, *callerID.Account, cfg.Region),
-
 						// Lambda
 						adapters.NewLambdaFunctionAdapter(lambdaClient, *callerID.Account, cfg.Region),
 						adapters.NewLambdaLayerAdapter(lambdaClient, *callerID.Account, cfg.Region),
@@ -524,8 +518,12 @@ func InitializeAwsSourceEngine(ctx context.Context, ec *discovery.EngineConfig,
 							adapters.NewNetworkManagerLinkAssociationAdapter(networkmanagerClient, *callerID.Account),
 							adapters.NewNetworkManagerConnectionAdapter(networkmanagerClient, *callerID.Account),
 
-							// IAM policies aren't tied to a region
+							// IAM
 							adapters.NewIAMPolicyAdapter(iamClient, *callerID.Account),
+							adapters.NewIAMGroupAdapter(iamClient, *callerID.Account),
+							adapters.NewIAMInstanceProfileAdapter(iamClient, *callerID.Account),
+							adapters.NewIAMRoleAdapter(iamClient, *callerID.Account),
+							adapters.NewIAMUserAdapter(iamClient, *callerID.Account),
 						)
 						if err != nil {
 							return err