From 34b835dc52febd7b68477c343ff3da73e104dfb4 Mon Sep 17 00:00:00 2001 From: Nikita Melkozerov Date: Wed, 11 Sep 2024 11:15:33 +0000 Subject: [PATCH] Add IamPrincipal base resource --- fixlib/fixlib/baseresources.py | 10 +++++++++- plugins/aws/fix_plugin_aws/resource/base.py | 3 ++- plugins/aws/fix_plugin_aws/resource/iam.py | 7 ++++--- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/fixlib/fixlib/baseresources.py b/fixlib/fixlib/baseresources.py index a1900ffb36..71b8c45d5f 100644 --- a/fixlib/fixlib/baseresources.py +++ b/fixlib/fixlib/baseresources.py @@ -1236,6 +1236,15 @@ class BaseNetworkInterface(BaseResource): description: Optional[str] = None +@define(eq=False, slots=False) +class BaseIamPrincipal(BaseResource): + kind: ClassVar[str] = "iam_principal" + kind_display: ClassVar[str] = "IAM Principal" + kind_description: ClassVar[str] = "An IAM principal." + metadata: ClassVar[Dict[str, Any]] = {"icon": "iam_principal", "group": "access_control"} + _categories: ClassVar[List[Category]] = [Category.iam] + + @define(eq=False, slots=False) class BaseUser(BaseResource): kind: ClassVar[str] = "user" @@ -1546,5 +1555,4 @@ class UnknownLocation(BaseResource): def delete(self, graph: Any) -> bool: return False - resolve_types(BaseResource) # noqa diff --git a/plugins/aws/fix_plugin_aws/resource/base.py b/plugins/aws/fix_plugin_aws/resource/base.py index a3935e3868..1203beb6dc 100644 --- a/plugins/aws/fix_plugin_aws/resource/base.py +++ b/plugins/aws/fix_plugin_aws/resource/base.py @@ -22,6 +22,7 @@ from fixlib.utils import utc from fixlib.baseresources import ( BaseAccount, + BaseIamPrincipal, BaseRegion, BaseResource, BaseVolumeType, @@ -265,7 +266,7 @@ def __str__(self) -> str: # derived from https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html @define(eq=False) -class AwsAccount(BaseAccount, AwsResource): +class AwsAccount(BaseAccount, AwsResource, BaseIamPrincipal): kind: ClassVar[str] = "aws_account" kind_display: ClassVar[str] = "AWS Account" kind_description: ClassVar[str] = ( diff --git a/plugins/aws/fix_plugin_aws/resource/iam.py b/plugins/aws/fix_plugin_aws/resource/iam.py index 6fe9a0fa90..7c16ce9baa 100644 --- a/plugins/aws/fix_plugin_aws/resource/iam.py +++ b/plugins/aws/fix_plugin_aws/resource/iam.py @@ -10,6 +10,7 @@ from fix_plugin_aws.utils import ToDict from fixlib.baseresources import ( BaseCertificate, + BaseIamPrincipal, BasePolicy, BaseGroup, BaseAccessKey, @@ -104,7 +105,7 @@ class AwsIamRoleLastUsed: @define(eq=False, slots=False) -class AwsIamRole(AwsResource, BaseRole): +class AwsIamRole(AwsResource, BaseRole, BaseIamPrincipal): # Note: this resource is collected via AwsIamUser.collect. kind: ClassVar[str] = "aws_iam_role" aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/iam/home?region={region}#/roles/details/{RoleName}", "arn_tpl": "arn:{partition}:iam:{region}:{account}:role/{name}"} # fmt: skip @@ -619,7 +620,7 @@ class AwsIamVirtualMfaDevice: @define(eq=False, slots=False) -class AwsRootUser(AwsResource, BaseUser): +class AwsRootUser(AwsResource, BaseUser, BaseIamPrincipal): kind: ClassVar[str] = "aws_root_user" kind_display: ClassVar[str] = "AWS Root User" aws_metadata: ClassVar[Dict[str, Any]] = {"arn_tpl": "arn:{partition}:None:{region}:{account}:resource/{id}"} # fmt: skip @@ -639,7 +640,7 @@ class AwsRootUser(AwsResource, BaseUser): @define(eq=False, slots=False) -class AwsIamUser(AwsResource, BaseUser): +class AwsIamUser(AwsResource, BaseUser, BaseIamPrincipal): kind: ClassVar[str] = "aws_iam_user" kind_display: ClassVar[str] = "AWS IAM User" aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/iam/home?region={region}#/users/details/{name}", "arn_tpl": "arn:{partition}:iam::{account}:user/{name}"} # fmt: skip