feat(aws): support missing iam services

m-pizarro · m-pizarro · commit d576b40d8368 · 2023-05-31T17:50:47.000-03:00
diff --git a/src/services/iamGroup/format.ts b/src/services/iamGroup/format.ts
@@ -18,6 +18,7 @@ export default ({
     Arn: arn = '',
     Path: path = '',
     Policies: inlinePolicies = [],
+    ManagedPolicies: managedPolicies = [],
   } = rawData
 
   const record = {
@@ -27,6 +28,10 @@ export default ({
     path,
     name,
     inlinePolicies,
+    managedPolicies: managedPolicies.map(({ PolicyArn, PolicyName }) => ({
+      policyArn: PolicyArn,
+      policyName: PolicyName,
+    })),
   }
   return record
 }
diff --git a/src/services/iamGroup/schema.graphql b/src/services/iamGroup/schema.graphql
@@ -1,7 +1,18 @@
+type awsIamGroupAttachedPolicy
+  @generate(
+    query: { get: false, query: false, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  policyArn: String! @id @search(by: [hash, regexp])
+  policyName: String @search(by: [hash, regexp])
+}
+
 type awsIamGroup implements awsBaseService @key(fields: "id") {
   path: String @search(by: [hash, regexp])
   name: String @search(by: [hash, regexp])
   inlinePolicies: [String]
+  managedPolicies: [awsIamGroupAttachedPolicy]
   iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamGroups)
   iamUsers: [awsIamUser] @hasInverse(field: iamGroups)
 }
diff --git a/src/services/iamRole/format.ts b/src/services/iamRole/format.ts
@@ -26,6 +26,7 @@ export default ({
     AssumeRolePolicyDocument: assumeRolePolicy = '',
     MaxSessionDuration: maxSessionDuration = 0,
     InlinePolicies: inlinePolicies = [],
+    ManagedPolicies: managedPolicies = [],
     Tags: tags = {},
   } = rawData
 
@@ -55,6 +56,10 @@ export default ({
           document: formatIamJsonPolicy(inlinePolicyDocument),
         })
       ) ?? [],
+    managedPolicies: managedPolicies.map(({ PolicyArn, PolicyName }) => ({
+      policyArn: PolicyArn,
+      policyName: PolicyName,
+    })),
     tags: roleTags,
   }
   return role
diff --git a/src/services/iamRole/schema.graphql b/src/services/iamRole/schema.graphql
@@ -1,3 +1,13 @@
+type awsIamRoleAttachedPolicy
+  @generate(
+    query: { get: false, query: false, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  policyArn: String! @id @search(by: [hash, regexp])
+  policyName: String @search(by: [hash, regexp])
+}
+
 type awsIamRoleInlinePolicy
   @generate(
     query: { get: false, query: true, aggregate: false }
@@ -20,6 +30,7 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
   maxSessionDuration: Int @search
   tags: [awsRawTag]
   inlinePolicies: [awsIamRoleInlinePolicy]
+  managedPolicies: [awsIamRoleAttachedPolicy]
   cloudFormationStack: [awsCloudFormationStack] @hasInverse(field: iamRole)
   codebuilds: [awsCodebuild] @hasInverse(field: iamRoles)
   configurationRecorder: [awsConfigurationRecorder] @hasInverse(field: iamRole)
diff --git a/src/services/iamUser/data.ts b/src/services/iamUser/data.ts
@@ -131,7 +131,7 @@ const groupsByUsername = async (
         if (!isEmpty(data)) {
           const { Groups = [] } = data
 
-          const userGroups = Groups.map(({ GroupId }) => GroupId)
+          const userGroups = Groups.map(({ GroupName }) => GroupName)
 
           resolve({ UserName, Groups: userGroups })
         }
diff --git a/src/services/iamUser/format.ts b/src/services/iamUser/format.ts
@@ -27,6 +27,7 @@ export default ({
     VirtualMFADevices: virtualMfaDevices = [],
     Groups: groups = [],
     Policies: inlinePolicies = [],
+    ManagedPolicies: managedPolicies = [],
     ReportData: {
       AccessKey1LastRotated: accessKey1LastRotated,
       AccessKey2LastRotated: accessKey2LastRotated,
@@ -130,6 +131,10 @@ export default ({
     mfaActive: mfaActive === 'true',
     groups,
     inlinePolicies,
+    managedPolicies: managedPolicies.map(({ PolicyArn, PolicyName }) => ({
+      policyArn: PolicyArn,
+      policyName: PolicyName,
+    })),
     tags: userTags,
   }
   return user
diff --git a/src/services/iamUser/schema.graphql b/src/services/iamUser/schema.graphql
@@ -14,6 +14,7 @@ type awsIamUser implements awsOptionalService @key(fields: "id") {
   groups: [String]
   tags: [awsRawTag]
   inlinePolicies: [String]
+  managedPolicies: [awsIamAttachedPolicy]
   iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamUsers)
   iamGroups: [awsIamGroup] @hasInverse(field: iamUsers)
 }
@@ -42,3 +43,13 @@ type awsIamMfaDevice
   serialNumber: String! @id @search(by: [hash, regexp])
   enableDate: String @search(by: [hash, regexp])
 }
+
+type awsIamAttachedPolicy
+  @generate(
+    query: { get: false, query: false, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  policyArn: String! @id @search(by: [hash, regexp])
+  policyName: String @search(by: [hash, regexp])
+}
diff --git a/src/types/generated.ts b/src/types/generated.ts
@@ -3175,14 +3175,25 @@ export type AwsIamAccessKey = {
   status?: Maybe<Scalars['String']>;
 };
 
+export type AwsIamAttachedPolicy = {
+  policyArn: Scalars['String'];
+  policyName?: Maybe<Scalars['String']>;
+};
+
 export type AwsIamGroup = AwsBaseService & {
   iamAttachedPolicies?: Maybe<Array<Maybe<AwsIamPolicy>>>;
   iamUsers?: Maybe<Array<Maybe<AwsIamUser>>>;
   inlinePolicies?: Maybe<Array<Maybe<Scalars['String']>>>;
+  managedPolicies?: Maybe<Array<Maybe<AwsIamGroupAttachedPolicy>>>;
   name?: Maybe<Scalars['String']>;
   path?: Maybe<Scalars['String']>;
 };
 
+export type AwsIamGroupAttachedPolicy = {
+  policyArn: Scalars['String'];
+  policyName?: Maybe<Scalars['String']>;
+};
+
 export type AwsIamInstanceProfile = AwsBaseService & {
   createDate?: Maybe<Scalars['DateTime']>;
   ec2Instances?: Maybe<Array<Maybe<AwsEc2>>>;
@@ -3299,6 +3310,7 @@ export type AwsIamRole = AwsBaseService & {
   lambda?: Maybe<Array<Maybe<AwsLambda>>>;
   lastUsedDate?: Maybe<Scalars['DateTime']>;
   managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
+  managedPolicies?: Maybe<Array<Maybe<AwsIamRoleAttachedPolicy>>>;
   maxSessionDuration?: Maybe<Scalars['Int']>;
   name?: Maybe<Scalars['String']>;
   path?: Maybe<Scalars['String']>;
@@ -3311,6 +3323,11 @@ export type AwsIamRole = AwsBaseService & {
   tags?: Maybe<Array<Maybe<AwsRawTag>>>;
 };
 
+export type AwsIamRoleAttachedPolicy = {
+  policyArn: Scalars['String'];
+  policyName?: Maybe<Scalars['String']>;
+};
+
 export type AwsIamRoleInlinePolicy = {
   document?: Maybe<AwsIamJsonPolicy>;
   id: Scalars['String'];
@@ -3339,6 +3356,7 @@ export type AwsIamUser = AwsOptionalService & {
   iamAttachedPolicies?: Maybe<Array<Maybe<AwsIamPolicy>>>;
   iamGroups?: Maybe<Array<Maybe<AwsIamGroup>>>;
   inlinePolicies?: Maybe<Array<Maybe<Scalars['String']>>>;
+  managedPolicies?: Maybe<Array<Maybe<AwsIamAttachedPolicy>>>;
   mfaActive?: Maybe<Scalars['Boolean']>;
   mfaDevices?: Maybe<Array<Maybe<AwsIamMfaDevice>>>;
   name?: Maybe<Scalars['String']>;

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ const groupsByUsername = async (`
`131`	`131`	`if (!isEmpty(data)) {`
`132`	`132`	`const { Groups = [] } = data`
`133`	`133`
`134`		`- const userGroups = Groups.map(({ GroupId }) => GroupId)`
	`134`	`+ const userGroups = Groups.map(({ GroupName }) => GroupName)`
`135`	`135`
`136`	`136`	`resolve({ UserName, Groups: userGroups })`
`137`	`137`	`}`