Add IamPrincipal base resource

fixlib/fixlib/baseresources.py

@@ -1236,6 +1236,15 @@ class BaseNetworkInterface(BaseResource):
     description: Optional[str] = None
 
 
+@define(eq=False, slots=False)
+class BaseIamPrincipal(BaseResource):
+    kind: ClassVar[str] = "iam_principal"
+    kind_display: ClassVar[str] = "IAM Principal"
+    kind_description: ClassVar[str] = "An IAM principal."
+    metadata: ClassVar[Dict[str, Any]] = {"icon": "iam_principal", "group": "access_control"}
+    _categories: ClassVar[List[Category]] = [Category.iam]
+
+
 @define(eq=False, slots=False)
 class BaseUser(BaseResource):
     kind: ClassVar[str] = "user"
@@ -1546,5 +1555,4 @@ class UnknownLocation(BaseResource):
     def delete(self, graph: Any) -> bool:
         return False
 
-
 resolve_types(BaseResource)  # noqa

plugins/aws/fix_plugin_aws/resource/base.py

@@ -22,6 +22,7 @@
 from fixlib.utils import utc
 from fixlib.baseresources import (
     BaseAccount,
+    BaseIamPrincipal,
     BaseRegion,
     BaseResource,
     BaseVolumeType,
@@ -265,7 +266,7 @@ def __str__(self) -> str:
 
 # derived from https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
 @define(eq=False)
-class AwsAccount(BaseAccount, AwsResource):
+class AwsAccount(BaseAccount, AwsResource, BaseIamPrincipal):
     kind: ClassVar[str] = "aws_account"
     kind_display: ClassVar[str] = "AWS Account"
     kind_description: ClassVar[str] = (

plugins/aws/fix_plugin_aws/resource/iam.py

@@ -10,6 +10,7 @@
 from fix_plugin_aws.utils import ToDict
 from fixlib.baseresources import (
     BaseCertificate,
+    BaseIamPrincipal,
     BasePolicy,
     BaseGroup,
     BaseAccessKey,
@@ -104,7 +105,7 @@ class AwsIamRoleLastUsed:
 
 
 @define(eq=False, slots=False)
-class AwsIamRole(AwsResource, BaseRole):
+class AwsIamRole(AwsResource, BaseRole, BaseIamPrincipal):
     # Note: this resource is collected via AwsIamUser.collect.
     kind: ClassVar[str] = "aws_iam_role"
     aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/iam/home?region={region}#/roles/details/{RoleName}", "arn_tpl": "arn:{partition}:iam:{region}:{account}:role/{name}"}  # fmt: skip
@@ -619,7 +620,7 @@ class AwsIamVirtualMfaDevice:
 
 
 @define(eq=False, slots=False)
-class AwsRootUser(AwsResource, BaseUser):
+class AwsRootUser(AwsResource, BaseUser, BaseIamPrincipal):
     kind: ClassVar[str] = "aws_root_user"
     kind_display: ClassVar[str] = "AWS Root User"
     aws_metadata: ClassVar[Dict[str, Any]] = {"arn_tpl": "arn:{partition}:None:{region}:{account}:resource/{id}"}  # fmt: skip
@@ -639,7 +640,7 @@ class AwsRootUser(AwsResource, BaseUser):
 
 
 @define(eq=False, slots=False)
-class AwsIamUser(AwsResource, BaseUser):
+class AwsIamUser(AwsResource, BaseUser, BaseIamPrincipal):
     kind: ClassVar[str] = "aws_iam_user"
     kind_display: ClassVar[str] = "AWS IAM User"
     aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/iam/home?region={region}#/users/details/{name}", "arn_tpl": "arn:{partition}:iam::{account}:user/{name}"}  # fmt: skip