Skip to content

Commit

Permalink
Merge pull request #1054 from ioito/hotfix/qx-aws-policy-sync
Browse files Browse the repository at this point in the history 
fix(aws): policy sync
  • Loading branch information
@ioito
ioito authored Sep 5, 2024
2 parents 1fbc71e + f1d9d80 commit 1dda5a4
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 20 deletions.
9 changes: 0 additions & 9 deletions pkg/multicloud/aws/aws.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,15 +133,6 @@ func (cli *SAwsClient) getIamArn(arn string) string {
}
}

func (cli *SAwsClient) getIamCommonArn(arn string) string {
switch cli.GetAccessEnv() {
case api.CLOUD_ACCESS_ENV_AWS_GLOBAL:
return strings.TrimPrefix(arn, AWS_GLOBAL_ARN_PREFIX)
default:
return strings.TrimPrefix(arn, AWS_CHINA_ARN_PREFIX)
}
}

func GetDefaultRegionId(accessUrl string) string {
defaultRegion := AWS_INTERNATIONAL_DEFAULT_REGION
switch accessUrl {
Expand Down
24 changes: 22 additions & 2 deletions pkg/multicloud/aws/iam_group.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,11 +74,11 @@ func (self *SGroup) GetICloudusers() ([]cloudprovider.IClouduser, error) {
}

func (self *SGroup) AttachPolicy(policyId string, policyType api.TPolicyType) error {
return self.client.AttachGroupPolicy(self.GroupName, self.client.getIamArn(policyId))
return self.client.AttachGroupPolicy(self.GroupName, policyId)
}

func (self *SGroup) DetachPolicy(policyId string, policyType api.TPolicyType) error {
return self.client.DetachGroupPolicy(self.GroupName, self.client.getIamArn(policyId))
return self.client.DetachGroupPolicy(self.GroupName, policyId)
}

func (self *SGroup) Delete() error {
Expand Down Expand Up @@ -109,6 +109,26 @@ func (self *SGroup) ListPolicies() ([]SAttachedPolicy, error) {
return policies, nil
}

func (self *SGroup) ListGroupPolicies() ([]SPolicy, error) {
policies := []SPolicy{}
offset := ""
for {
part, err := self.client.ListGroupPolicies(self.GroupName, offset, 1000)
if err != nil {
return nil, errors.Wrapf(err, "ListGroupPolicies")
}
for i := range part.Policies {
part.Policies[i].client = self.client
policies = append(policies, part.Policies[i])
}
offset = part.Marker
if len(offset) == 0 || !part.IsTruncated {
break
}
}
return policies, nil
}

func (self *SGroup) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error) {
policies, err := self.ListPolicies()
if err != nil {
Expand Down
8 changes: 4 additions & 4 deletions pkg/multicloud/aws/iam_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ func (self *SPolicy) GetName() string {
}

func (self *SPolicy) GetGlobalId() string {
return self.client.getIamCommonArn(self.Arn)
return self.Arn
}

func (self *SPolicy) GetPolicyType() cloudid.TPolicyType {
Expand Down Expand Up @@ -127,7 +127,7 @@ func (self *SAwsClient) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error
ret := []cloudprovider.ICloudpolicy{}
marker := ""
for {
part, err := self.ListPolicies(marker, 1000, false, "", "PermissionsPolicy", "AWS")
part, err := self.ListPolicies(marker, 1000, false, "", "", "AWS")
if err != nil {
return nil, errors.Wrapf(err, "ListPolicies")
}
Expand All @@ -143,7 +143,7 @@ func (self *SAwsClient) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error
}

for {
part, err := self.ListPolicies(marker, 1000, false, "", "PermissionsPolicy", "Local")
part, err := self.ListPolicies(marker, 1000, false, "", "", "Local")
if err != nil {
return nil, errors.Wrapf(err, "ListPolicies")
}
Expand Down Expand Up @@ -230,7 +230,7 @@ type SAttachedPolicy struct {
}

func (self *SAttachedPolicy) GetGlobalId() string {
return self.client.getIamCommonArn(self.PolicyArn)
return self.PolicyArn
}

func (self *SAttachedPolicy) GetName() string {
Expand Down
6 changes: 3 additions & 3 deletions pkg/multicloud/aws/iam_role.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ func (self *SRole) GetDocument() *jsonutils.JSONDict {
return document.(*jsonutils.JSONDict)
}

//[{"Action":"sts:AssumeRoleWithSAML","Condition":{"StringEquals":{"SAML:aud":"https://signin.aws.amazon.com/saml"}},"Effect":"Allow","Principal":{"Federated":"arn:aws:iam::879324515906:saml-provider/quxuan"}}]
// [{"Action":"sts:AssumeRoleWithSAML","Condition":{"StringEquals":{"SAML:aud":"https://signin.aws.amazon.com/saml"}},"Effect":"Allow","Principal":{"Federated":"arn:aws:iam::879324515906:saml-provider/quxuan"}}]
func (self *SRole) GetSAMLProvider() string {
document := self.GetDocument()
if document != nil {
Expand All @@ -90,11 +90,11 @@ func (self *SRole) GetSAMLProvider() string {
}

func (self *SRole) AttachPolicy(id string, policyType cloudid.TPolicyType) error {
return self.client.AttachRolePolicy(self.RoleName, self.client.getIamArn(id))
return self.client.AttachRolePolicy(self.RoleName, id)
}

func (self *SRole) DetachPolicy(id string, polityType cloudid.TPolicyType) error {
return self.client.DetachRolePolicy(self.RoleName, self.client.getIamArn(id))
return self.client.DetachRolePolicy(self.RoleName, id)
}

func (self *SRole) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error) {
Expand Down
4 changes: 2 additions & 2 deletions pkg/multicloud/aws/iam_user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,11 @@ func (user *SUser) GetInviteUrl() string {
}

func (user *SUser) AttachPolicy(policyArn string, policyType api.TPolicyType) error {
return user.client.AttachUserPolicy(user.UserName, user.client.getIamArn(policyArn))
return user.client.AttachUserPolicy(user.UserName, policyArn)
}

func (user *SUser) DetachPolicy(policyArn string, policyType api.TPolicyType) error {
return user.client.DetachUserPolicy(user.UserName, user.client.getIamArn(policyArn))
return user.client.DetachUserPolicy(user.UserName, policyArn)
}

func (user *SUser) GetGlobalId() string {
Expand Down
15 changes: 15 additions & 0 deletions pkg/multicloud/qcloud/shell/cam_group.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,21 @@ func init() {
return cli.GetClient().DeleteGroup(args.ID)
})

type CloudgroupPolicyListOptions struct {
ID int
Limit int
Offset int
}

shellutils.R(&CloudgroupPolicyListOptions{}, "cloud-group-policy-list", "List cloudgroup policy", func(cli *qcloud.SRegion, args *CloudgroupPolicyListOptions) error {
ret, _, err := cli.GetClient().ListAttachedGroupPolicies(args.ID, args.Offset, args.Limit)
if err != nil {
return err
}
printList(ret, 0, 0, 0, nil)
return nil
})

shellutils.R(&CloudgroupIdOptions{}, "cloud-group-show", "Show cloudgroup", func(cli *qcloud.SRegion, args *CloudgroupIdOptions) error {
group, err := cli.GetClient().GetGroup(args.ID)
if err != nil {
Expand Down

0 comments on commit 1dda5a4

Please sign in to comment.