feat(iam_password_policy): add password policy class. (#1330)

Co-authored-by: sergargar <sergio@verica.io>
2026-02-10 06:45:08 +00:00 · 2022-08-09 11:08:00 -05:00
parent b229c01450
commit 92024e2b0e
1 changed files with 72 additions and 0 deletions
--- a/providers/aws/services/iam/iam_service.py
+++ b/providers/aws/services/iam/iam_service.py
@@ -24,6 +24,7 @@ class IAM:
        self.__get_group_users__()
        self.__list_attached_group_policies__()
        self.__list_mfa_devices__()
+        self.password_policy = self.__get_password_policy__()

    def __get_client__(self):
        return self.client
@@ -110,6 +111,39 @@ class IAM:

            return account_summary

+    def __get_password_policy__(self):
+        try:
+            password_policy = self.client.get_account_password_policy()[
+                "PasswordPolicy"
+            ]
+            # Check if optional keys exist or not
+            max_age = None
+            reuse_prevention = None
+            hard_expiry = None
+            if "MaxPasswordAge" in password_policy:
+                max_age = password_policy["MaxPasswordAge"]
+            if "PasswordReusePrevention" in password_policy:
+                reuse_prevention = password_policy["PasswordReusePrevention"]
+            if "HardExpiry" in password_policy:
+                hard_expiry = password_policy["HardExpiry"]
+        except Exception as error:
+            logger.error(f"{self.region} -- {error.__class__.__name__}: {error}")
+            # Password policy does not exist
+            password_policy = None
+        else:
+            return PasswordPolicy(
+                password_policy["MinimumPasswordLength"],
+                password_policy["RequireSymbols"],
+                password_policy["RequireNumbers"],
+                password_policy["RequireUppercaseCharacters"],
+                password_policy["RequireLowercaseCharacters"],
+                password_policy["AllowUsersToChangePassword"],
+                password_policy["ExpirePasswords"],
+                max_age,
+                reuse_prevention,
+                hard_expiry,
+            )
+
    def __get_users__(self):
        try:
            get_users_paginator = self.client.get_paginator("list_users")
@@ -242,4 +276,42 @@ class Group:
        self.users = []


+@dataclass
+class PasswordPolicy:
+    length: int
+    symbols: bool
+    numbers: bool
+    uppercase: bool
+    lowercase: bool
+    allow_change: bool
+    expiration: bool
+    max_age: int
+    reuse_prevention: int
+    hard_expiry: bool
+
+    def __init__(
+        self,
+        length,
+        symbols,
+        numbers,
+        uppercase,
+        lowercase,
+        allow_change,
+        expiration,
+        max_age,
+        reuse_prevention,
+        hard_expiry,
+    ):
+        self.length = length
+        self.symbols = symbols
+        self.numbers = numbers
+        self.uppercase = uppercase
+        self.lowercase = lowercase
+        self.allow_change = allow_change
+        self.expiration = expiration
+        self.max_age = max_age
+        self.reuse_prevention = reuse_prevention
+        self.hard_expiry = hard_expiry
+
+
 iam_client = IAM(current_audit_info)