From 93ca808160abf7a6fe056cf980711a54ea34ebae Mon Sep 17 00:00:00 2001 From: Matt Daue Date: Wed, 29 Mar 2023 11:31:10 -0700 Subject: [PATCH] Standardize resource_type with pydantic models Signed-off-by: Matt Daue --- iambic/plugins/v0_1_0/aws/iam/group/utils.py | 10 +++---- iambic/plugins/v0_1_0/aws/iam/policy/utils.py | 6 ++--- iambic/plugins/v0_1_0/aws/iam/role/utils.py | 26 +++++++++---------- iambic/plugins/v0_1_0/aws/iam/user/utils.py | 26 +++++++++---------- .../identity_center/permission_set/utils.py | 24 ++++++++--------- 5 files changed, 46 insertions(+), 46 deletions(-) diff --git a/iambic/plugins/v0_1_0/aws/iam/group/utils.py b/iambic/plugins/v0_1_0/aws/iam/group/utils.py index 0dfeaa685..6f41b53cd 100644 --- a/iambic/plugins/v0_1_0/aws/iam/group/utils.py +++ b/iambic/plugins/v0_1_0/aws/iam/group/utils.py @@ -139,7 +139,7 @@ async def apply_group_managed_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -167,7 +167,7 @@ async def apply_group_managed_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -214,7 +214,7 @@ async def apply_group_inline_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DELETE, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_name, attribute="inline_policies", ) @@ -257,7 +257,7 @@ async def apply_group_inline_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.UPDATE, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_name, attribute="inline_policies", change_summary=policy_drift, @@ -271,7 +271,7 @@ async def apply_group_inline_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.CREATE, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_name, attribute="inline_policies", new_value=policy_document, diff --git a/iambic/plugins/v0_1_0/aws/iam/policy/utils.py b/iambic/plugins/v0_1_0/aws/iam/policy/utils.py index 65cb9d332..e365fa4f2 100644 --- a/iambic/plugins/v0_1_0/aws/iam/policy/utils.py +++ b/iambic/plugins/v0_1_0/aws/iam/policy/utils.py @@ -167,7 +167,7 @@ async def apply_update_managed_policy( change_type=ProposedChangeType.UPDATE, attribute="policy_document", change_summary=policy_drift, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, current_value=existing_policy_document, new_value=template_policy_document, @@ -238,7 +238,7 @@ async def apply_managed_policy_tags( ProposedChange( change_type=ProposedChangeType.DETACH, attribute="tags", - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, change_summary={"TagKeys": tags_to_remove}, ) @@ -260,7 +260,7 @@ async def apply_managed_policy_tags( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="tags", new_value=tag, diff --git a/iambic/plugins/v0_1_0/aws/iam/role/utils.py b/iambic/plugins/v0_1_0/aws/iam/role/utils.py index e01faef3b..2989ec8eb 100644 --- a/iambic/plugins/v0_1_0/aws/iam/role/utils.py +++ b/iambic/plugins/v0_1_0/aws/iam/role/utils.py @@ -182,7 +182,7 @@ async def untag_role(): ProposedChange( change_type=ProposedChangeType.DETACH, attribute="tags", - resource_type="arn:aws:iam::aws:role", + resource_type="aws:iam:role", resource_id=role_name, change_summary={"TagKeys": tags_to_remove}, exceptions_seen=exceptions, @@ -195,7 +195,7 @@ async def untag_role(): ProposedChange( change_type=ProposedChangeType.DETACH, attribute="tags", - resource_type="arn:aws:iam::aws:role", + resource_type="aws:iam:role", resource_id=role_name, change_summary={"TagKeys": tags_to_remove}, ) @@ -223,7 +223,7 @@ async def tag_role(): ProposedChange( change_type=ProposedChangeType.ATTACH, attribute="tags", - resource_type="arn:aws:iam::aws:role", + resource_type="aws:iam:role", resource_id=role_name, new_value=tag, exceptions_seen=exceptions, @@ -238,7 +238,7 @@ async def tag_role(): ProposedChange( change_type=ProposedChangeType.ATTACH, attribute="tags", - resource_type="arn:aws:iam::aws:role", + resource_type="aws:iam:role", resource_id=role_name, new_value=tag, ) @@ -289,7 +289,7 @@ async def update_assume_role_policy( ProposedChange( change_type=ProposedChangeType.UPDATE, attribute="assume_role_policy_document", - resource_type="arn:aws:iam::aws:role", + resource_type="aws:iam:role", resource_id=role_name, change_summary=policy_drift, current_value=existing_policy_document, @@ -301,7 +301,7 @@ async def update_assume_role_policy( ProposedChange( change_type=ProposedChangeType.CREATE, attribute="assume_role_policy_document", - resource_type="arn:aws:iam::aws:role", + resource_type="aws:iam:role", resource_id=role_name, new_value=template_policy_document, ) @@ -344,7 +344,7 @@ async def apply_role_managed_policies( response.append( ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -373,7 +373,7 @@ async def apply_role_managed_policies( response.append( ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -423,7 +423,7 @@ async def apply_role_permission_boundary( ProposedChange( change_type=ProposedChangeType.ATTACH, resource_id=template_boundary_policy_arn, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", attribute="permission_boundary", ) ] @@ -456,7 +456,7 @@ async def apply_role_permission_boundary( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=existing_boundary_policy_arn, attribute="permission_boundary", ) @@ -513,7 +513,7 @@ async def apply_role_inline_policies( response.append( ProposedChange( change_type=ProposedChangeType.DELETE, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_name, attribute="inline_policies", ) @@ -554,7 +554,7 @@ async def apply_role_inline_policies( response.append( ProposedChange( change_type=ProposedChangeType.UPDATE, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_name, attribute="inline_policies", change_summary=policy_drift, @@ -568,7 +568,7 @@ async def apply_role_inline_policies( response.append( ProposedChange( change_type=ProposedChangeType.CREATE, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_name, attribute="inline_policies", new_value=policy_document, diff --git a/iambic/plugins/v0_1_0/aws/iam/user/utils.py b/iambic/plugins/v0_1_0/aws/iam/user/utils.py index 72bdeed4e..b3fd46c16 100644 --- a/iambic/plugins/v0_1_0/aws/iam/user/utils.py +++ b/iambic/plugins/v0_1_0/aws/iam/user/utils.py @@ -155,7 +155,7 @@ async def apply_user_tags( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:user", + resource_type="aws:iam:user", resource_id=user_name, attribute="tags", change_summary={"TagKeys": tags_to_remove}, @@ -182,7 +182,7 @@ async def apply_user_tags( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:user", + resource_type="aws:iam:user", resource_id=user_name, attribute="tags", new_value=tag, @@ -230,7 +230,7 @@ async def apply_user_permission_boundary( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=template_boundary_policy_arn, attribute="permission_boundary", ) @@ -264,7 +264,7 @@ async def apply_user_permission_boundary( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=existing_boundary_policy_arn, attribute="permission_boundary", ) @@ -321,7 +321,7 @@ async def apply_user_managed_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -342,7 +342,7 @@ async def apply_user_managed_policies( [ ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -365,7 +365,7 @@ async def apply_user_managed_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -387,7 +387,7 @@ async def apply_user_managed_policies( [ ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -431,7 +431,7 @@ async def apply_user_inline_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DELETE, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_name, attribute="inline_policies", ) @@ -475,7 +475,7 @@ async def apply_user_inline_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.UPDATE, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_name, attribute="inline_policies", change_summary=policy_drift, @@ -489,7 +489,7 @@ async def apply_user_inline_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.CREATE, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_name, attribute="inline_policies", new_value=policy_document, @@ -537,7 +537,7 @@ async def apply_user_groups( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.CREATE, - resource_type="arn:aws:iam::aws:group", + resource_type="aws:iam:group", resource_id=group, attribute="groups", ) @@ -562,7 +562,7 @@ async def apply_user_groups( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DELETE, - resource_type="arn:aws:iam::aws:group", + resource_type="aws:iam:group", resource_id=group, attribute="groups", ) diff --git a/iambic/plugins/v0_1_0/aws/identity_center/permission_set/utils.py b/iambic/plugins/v0_1_0/aws/identity_center/permission_set/utils.py index 31bc6356c..daae6cd45 100644 --- a/iambic/plugins/v0_1_0/aws/identity_center/permission_set/utils.py +++ b/iambic/plugins/v0_1_0/aws/identity_center/permission_set/utils.py @@ -218,7 +218,7 @@ async def apply_permission_set_aws_managed_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -247,7 +247,7 @@ async def apply_permission_set_aws_managed_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=policy_arn, attribute="managed_policies", ) @@ -321,7 +321,7 @@ async def apply_permission_set_customer_managed_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=f"{policy['Path']}{policy['Name']}", attribute="customer_managed_policies", ) @@ -354,7 +354,7 @@ async def apply_permission_set_customer_managed_policies( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:policy", + resource_type="aws:policy_document", resource_id=f"{policy['Path']}{policy['Name']}", attribute="customer_managed_policies", ) @@ -609,7 +609,7 @@ async def apply_permission_set_inline_policy( change_type=ProposedChangeType.UPDATE, attribute="inline_policy_document", resource_id=permission_set_arn, - resource_type="arn:aws:iam::aws:permission-set", + resource_type="aws:identity_center:permission_set", change_summary=policy_drift, current_value=existing_inline_policy, new_value=template_inline_policy, @@ -619,7 +619,7 @@ async def apply_permission_set_inline_policy( response.append( ProposedChange( change_type=ProposedChangeType.CREATE, - resource_type="arn:aws:iam::aws:permission-set", + resource_type="aws:identity_center:permission_set", resource_id=permission_set_arn, attribute="inline_policy_document", new_value=template_inline_policy, @@ -642,7 +642,7 @@ async def apply_permission_set_inline_policy( ProposedChange( change_type=ProposedChangeType.DELETE, attribute="inline_policy", - resource_type="arn:aws:iam::aws:permission-set", + resource_type="aws:identity_center:permission_set", resource_id=permission_set_arn, current_value=existing_inline_policy, ) @@ -688,7 +688,7 @@ async def apply_permission_set_permission_boundary( ProposedChange( change_type=ProposedChangeType.UPDATE, attribute="permissions_boundary", - resource_type="arn:aws:iam::aws:permission-set", + resource_type="aws:identity_center:permission_set", resource_id=permission_set_arn, change_summary=policy_drift, current_value=existing_permission_boundary, @@ -699,7 +699,7 @@ async def apply_permission_set_permission_boundary( response.append( ProposedChange( change_type=ProposedChangeType.CREATE, - resource_type="arn:aws:iam::aws:permission-set", + resource_type="aws:identity_center:permission_set", resource_id=permission_set_arn, attribute="permissions_boundary", new_value=template_permission_boundary, @@ -721,7 +721,7 @@ async def apply_permission_set_permission_boundary( response.append( ProposedChange( change_type=ProposedChangeType.DELETE, - resource_type="arn:aws:iam::aws:permission-set", + resource_type="aws:identity_center:permission_set", resource_id=permission_set_arn, attribute="permissions_boundary", current_value=existing_permission_boundary, @@ -765,7 +765,7 @@ async def apply_permission_set_tags( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.DETACH, - resource_type="arn:aws:iam::aws:permission-set", + resource_type="aws:identity_center:permission_set", resource_id=permission_set_arn, attribute="tags", change_summary={"TagKeys": tags_to_remove}, @@ -788,7 +788,7 @@ async def apply_permission_set_tags( proposed_changes = [ ProposedChange( change_type=ProposedChangeType.ATTACH, - resource_type="arn:aws:iam::aws:permission-set", + resource_type="aws:identity_center:permission_set", resource_id=permission_set_arn, attribute="tags", new_value=tag,