#!/usr/bin/env bash

# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy
# of the License at http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.

# Generate Credential Report
genCredReport() {
  textTitle "" "Generating AWS IAM Credential Report..."
  for i in $(seq 1 60); do
    GENERATECREDENTIALREPORTOUTPUT=$($AWSCLI iam generate-credential-report --output text --query 'State' $PROFILE_OPT --region $REGION 2>&1)
    if [[ $(echo "$GENERATECREDENTIALREPORTOUTPUT" | grep AccessDenied) ]]; then
      textFail "Access Denied trying to generate credential report"
      exit 1
    fi
    if [[ "$GENERATECREDENTIALREPORTOUTPUT" == "COMPLETE" ]]; then
      return
    fi
    sleep 1
  done
  textFail "Generate credential report unsuccessful"
  exit 1
}

# Save report to a file, decode it, deletion at finish and after every single check
saveReport(){
  $AWSCLI iam get-credential-report --query 'Content' --output text $PROFILE_OPT --region $REGION | decode_report > $TEMP_REPORT_FILE
  if [[ $KEEPCREDREPORT -eq 1 ]]; then
    textTitle "0.2" "Saving IAM Credential Report ..." "NOT_SCORED" "SUPPORT"
    textInfo "IAM Credential Report saved in $TEMP_REPORT_FILE"
  fi
}

# Delete temporary report file
cleanTemp(){
  if [[ $KEEPCREDREPORT -ne 1 ]]; then
    rm -fr $TEMP_REPORT_FILE
  fi
}

# Delete the temporary report file if we get interrupted/terminated
trap cleanTemp EXIT