Skip to content

Commit

Permalink
✨ aws.iam.loginProfile added for IAM users (#3016)
Browse files Browse the repository at this point in the history
* ✨ aws.iam.loginProfile added for IAM users
* 🧹 rename createDate => createdAt to harmonize
* 🧹 rename platform name

---------

Signed-off-by: Dominik Richter <[email protected]>
Co-authored-by: Christoph Hartmann <[email protected]>
Co-authored-by: Tim Smith <[email protected]>
  • Loading branch information
3 people authored Jan 14, 2024
1 parent 79272a0 commit 66df730
Show file tree
Hide file tree
Showing 4 changed files with 147 additions and 0 deletions.
8 changes: 8 additions & 0 deletions providers/aws/resources/aws.lr
Original file line number Diff line number Diff line change
Expand Up @@ -777,6 +777,14 @@ private aws.iam.user @defaults("arn name") {
groups() []string
// List of access keys metadata associated with the user
accessKeys() []dict
// Login profile for the user
loginProfile() aws.iam.loginProfile
}

// AWS IAM login profile for a user
private aws.iam.loginProfile @defaults("createdAt") {
// Time when the login profile was created
createdAt time
}

// AWS IAM policy
Expand Down
83 changes: 83 additions & 0 deletions providers/aws/resources/aws.lr.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions providers/aws/resources/aws.lr.manifest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1703,6 +1703,14 @@ resources:
platform:
name:
- aws
aws.iam.loginProfile:
fields:
createdAt: {}
is_private: true
min_mondoo_version: 10.0
platform:
name:
- aws
aws.iam.policy:
docs:
desc: |
Expand Down Expand Up @@ -1769,6 +1777,8 @@ resources:
createDate: {}
groups: {}
id: {}
loginProfile:
min_mondoo_version: 10.0
name: {}
passwordLastUsed: {}
policies: {}
Expand Down
46 changes: 46 additions & 0 deletions providers/aws/resources/aws_iam.go
Original file line number Diff line number Diff line change
Expand Up @@ -1310,3 +1310,49 @@ func (a *mqlAwsIamUser) groups() ([]interface{}, error) {

return res, nil
}

func (a *mqlAwsIamUser) loginProfile() (*mqlAwsIamLoginProfile, error) {
conn := a.MqlRuntime.Connection.(*connection.AwsConnection)

svc := conn.Iam("")
ctx := context.Background()
name := a.Name.Data

profile, err := svc.GetLoginProfile(ctx, &iam.GetLoginProfileInput{
UserName: &name,
})

var ae smithy.APIError
if errors.As(err, &ae) {
if ae.ErrorCode() == "NoSuchEntity" {
a.LoginProfile.State = plugin.StateIsSet | plugin.StateIsNull
return nil, nil
}
}
if err != nil {
return nil, err
}

date := profile.LoginProfile.CreateDate
if date == nil {
return nil, errors.New("login profile doesn't have a createDate")
}

o, err := CreateResource(a.MqlRuntime, "aws.iam.loginProfile", map[string]*llx.RawData{
"createdAt": llx.TimeData(*date),
})
if err != nil {
return nil, err
}
return o.(*mqlAwsIamLoginProfile), nil
}

func (a *mqlAwsIamLoginProfile) init() (string, error) {
date := a.CreatedAt.Data
if date == nil {
return "", nil
}
// Note: the precision of AWS logins is in seconds. Current AWS docs don't
// specify a precision. Using seconds is reasonable.
return strconv.FormatInt(date.Unix(), 10), nil
}

0 comments on commit 66df730

Please sign in to comment.