diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr index 834cc2f6f9..2e9d7925f4 100644 --- a/providers/aws/resources/aws.lr +++ b/providers/aws/resources/aws.lr @@ -813,6 +813,8 @@ private aws.iam.policy @defaults("arn name") { versions() []aws.iam.policyversion // Default version of the policy defaultVersion() aws.iam.policyversion + // Policy attached to an AWS IAM role + assumeRolePolicyDocument() string // List of users attached to the policy attachedUsers() []aws.iam.user diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go index f874315059..f8878f90de 100644 --- a/providers/aws/resources/aws.lr.go +++ b/providers/aws/resources/aws.lr.go @@ -1591,6 +1591,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "aws.iam.policy.defaultVersion": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsIamPolicy).GetDefaultVersion()).ToDataRes(types.Resource("aws.iam.policyversion")) }, + "aws.iam.policy.assumeRolePolicyDocument": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAwsIamPolicy).GetAssumeRolePolicyDocument()).ToDataRes(types.String) + }, "aws.iam.policy.attachedUsers": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAwsIamPolicy).GetAttachedUsers()).ToDataRes(types.Array(types.Resource("aws.iam.user"))) }, @@ -5032,6 +5035,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAwsIamPolicy).DefaultVersion, ok = plugin.RawToTValue[*mqlAwsIamPolicyversion](v.Value, v.Error) return }, + "aws.iam.policy.assumeRolePolicyDocument": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAwsIamPolicy).AssumeRolePolicyDocument, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "aws.iam.policy.attachedUsers": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAwsIamPolicy).AttachedUsers, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return @@ -12228,6 +12235,7 @@ type mqlAwsIamPolicy struct { Scope plugin.TValue[string] Versions plugin.TValue[[]interface{}] DefaultVersion plugin.TValue[*mqlAwsIamPolicyversion] + AssumeRolePolicyDocument plugin.TValue[string] AttachedUsers plugin.TValue[[]interface{}] AttachedRoles plugin.TValue[[]interface{}] AttachedGroups plugin.TValue[[]interface{}] @@ -12352,6 +12360,12 @@ func (c *mqlAwsIamPolicy) GetDefaultVersion() *plugin.TValue[*mqlAwsIamPolicyver }) } +func (c *mqlAwsIamPolicy) GetAssumeRolePolicyDocument() *plugin.TValue[string] { + return plugin.GetOrCompute[string](&c.AssumeRolePolicyDocument, func() (string, error) { + return c.assumeRolePolicyDocument() + }) +} + func (c *mqlAwsIamPolicy) GetAttachedUsers() *plugin.TValue[[]interface{}] { return plugin.GetOrCompute[[]interface{}](&c.AttachedUsers, func() ([]interface{}, error) { if c.MqlRuntime.HasRecording { diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml index 1c22519735..8dd844aed6 100755 --- a/providers/aws/resources/aws.lr.manifest.yaml +++ b/providers/aws/resources/aws.lr.manifest.yaml @@ -1730,6 +1730,7 @@ resources: The `aws.iam.policy` provides fields for assessing the configuration of individual IAM Policies. For usage, read the `aws.iam` resource documentation. fields: arn: {} + assumeRolePolicyDocument: {} attachedGroups: {} attachedRoles: {} attachedUsers: {} diff --git a/providers/aws/resources/aws_iam.go b/providers/aws/resources/aws_iam.go index 1a32b3fa68..73aacd607e 100644 --- a/providers/aws/resources/aws_iam.go +++ b/providers/aws/resources/aws_iam.go @@ -440,12 +440,13 @@ func (a *mqlAwsIam) roles() ([]interface{}, error) { mqlAwsIamRole, err := CreateResource(a.MqlRuntime, "aws.iam.role", map[string]*llx.RawData{ - "arn": llx.StringDataPtr(role.Arn), - "id": llx.StringDataPtr(role.RoleId), - "name": llx.StringDataPtr(role.RoleName), - "description": llx.StringDataPtr(role.Description), - "tags": llx.MapData(iamTagsToMap(role.Tags), types.String), - "createDate": llx.TimeDataPtr(role.CreateDate), + "arn": llx.StringDataPtr(role.Arn), + "id": llx.StringDataPtr(role.RoleId), + "name": llx.StringDataPtr(role.RoleName), + "description": llx.StringDataPtr(role.Description), + "tags": llx.MapData(iamTagsToMap(role.Tags), types.String), + "createDate": llx.TimeDataPtr(role.CreateDate), + "assumeRolePolicyDocument": llx.StringDataPtr(role.AssumeRolePolicyDocument), }) if err != nil { return nil, err