ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
33c68015017ca16cddb6116fcc0ae63063497ea0
prowler/providers/aws/services/iam/iam_service.py
Nacho Rivera 33c6801501 feat(core): AWS Role Assumption support (#1199) 
* chore(assuming role): assume role logic and exceptions demo

* chore(exceptions): Exception handling

* fix(get_caller_identity): Deleted duplicate get_caller_identity and add info entries

* chore(creds renewal): Added support to credential renewal

* chore(assume options): Added condition for -I/-T options

* fix(typo/comments): Deleted f in logger config and comments

* chore(session_duration): limits for -T option

* fix(log messages): Changed -A/-R log messages

* fix(critical error): Errors in input options are critical

* fix(ClientError): IAM service ClientError exception support
2022-06-16 12:00:46 +02:00

121 lines
4.2 KiB
Python
Raw Blame History

from lib.logger import logger
from providers.aws.aws_provider import aws_session
################## IAM
class IAM:
def __init__(self, session):
self.service = "iam"
self.session = session
self.client = session.client(self.service)
self.users = self.__get_users__()
self.roles = self.__get_roles__()
self.customer_managed_policies = self.__get_customer_managed_policies__()
self.credential_report = self.__get_credential_report__()
self.groups = self.__get_groups__()
def __get_client__(self):
return self.client
def __get_session__(self):
return self.session
def __get_roles__(self):
try:
get_roles_paginator = self.client.get_paginator("list_roles")
except botocore.exceptions.ClientError as error:
logger.error(
f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
)
except Exception as error:
logger.critical(f"{error.__class__.__name__} -- {error}")
quit()
else:
roles = []
for page in get_roles_paginator.paginate():
for role in page["Roles"]:
roles.append(role)
return roles
def __get_credential_report__(self):
report_is_completed = False
while not report_is_completed:
try:
report_status = self.client.generate_credential_report()
except botocore.exceptions.ClientError as error:
logger.error(
f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
)
except Exception as error:
logger.critical(f"{error.__class__.__name__} -- {error}")
quit()
else:
if report_status["State"] == "COMPLETE":
report_is_completed = True
return self.client.get_credential_report()
def __get_groups__(self):
try:
get_groups_paginator = self.client.get_paginator("list_groups")
except botocore.exceptions.ClientError as error:
logger.error(
f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
)
except Exception as error:
logger.critical(f"{error.__class__.__name__} -- {error}")
quit()
else:
groups = []
for page in get_groups_paginator.paginate():
for group in page["Groups"]:
groups.append(group)
return groups
def __get_customer_managed_policies__(self):
try:
get_customer_managed_policies_paginator = self.client.get_paginator(
"list_policies"
)
except botocore.exceptions.ClientError as error:
logger.error(
f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
)
except Exception as error:
logger.critical(f"{error.__class__.__name__} -- {error}")
quit()
else:
customer_managed_policies = []
for page in get_customer_managed_policies_paginator.paginate(Scope="Local"):
for customer_managed_policy in page["Policies"]:
customer_managed_policies.append(customer_managed_policy)
return customer_managed_policies
def __get_users__(self):
try:
get_users_paginator = self.client.get_paginator("list_users")
except botocore.exceptions.ClientError as error:
logger.error(
f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
)
except Exception as error:
logger.critical(f"{error.__class__.__name__} -- {error}")
quit()
else:
users = []
for page in get_users_paginator.paginate():
for user in page["Users"]:
users.append(user)
return users
try:
iam_client = IAM(aws_session)
except Exception as error:
logger.critical(f"{error.__class__.__name__} -- {error}")
quit()
Reference in New Issue View Git Blame Copy Permalink