From f1d9d800bf83e90818266449fd6467b0215b7f77 Mon Sep 17 00:00:00 2001
From: Qu Xuan <qu_xuan@icloud.com>
Date: Thu, 5 Sep 2024 18:34:28 +0800
Subject: [PATCH] fix(aws): policy sync

---
 pkg/multicloud/aws/aws.go                |  9 ---------
 pkg/multicloud/aws/iam_group.go          | 24 ++++++++++++++++++++++--
 pkg/multicloud/aws/iam_policy.go         |  8 ++++----
 pkg/multicloud/aws/iam_role.go           |  6 +++---
 pkg/multicloud/aws/iam_user.go           |  4 ++--
 pkg/multicloud/qcloud/shell/cam_group.go | 15 +++++++++++++++
 6 files changed, 46 insertions(+), 20 deletions(-)

diff --git a/pkg/multicloud/aws/aws.go b/pkg/multicloud/aws/aws.go
index 341dba92a..f29c6a7b9 100644
--- a/pkg/multicloud/aws/aws.go
+++ b/pkg/multicloud/aws/aws.go
@@ -133,15 +133,6 @@ func (cli *SAwsClient) getIamArn(arn string) string {
 	}
 }
 
-func (cli *SAwsClient) getIamCommonArn(arn string) string {
-	switch cli.GetAccessEnv() {
-	case api.CLOUD_ACCESS_ENV_AWS_GLOBAL:
-		return strings.TrimPrefix(arn, AWS_GLOBAL_ARN_PREFIX)
-	default:
-		return strings.TrimPrefix(arn, AWS_CHINA_ARN_PREFIX)
-	}
-}
-
 func GetDefaultRegionId(accessUrl string) string {
 	defaultRegion := AWS_INTERNATIONAL_DEFAULT_REGION
 	switch accessUrl {
diff --git a/pkg/multicloud/aws/iam_group.go b/pkg/multicloud/aws/iam_group.go
index d3217079e..0a46a9ebe 100644
--- a/pkg/multicloud/aws/iam_group.go
+++ b/pkg/multicloud/aws/iam_group.go
@@ -74,11 +74,11 @@ func (self *SGroup) GetICloudusers() ([]cloudprovider.IClouduser, error) {
 }
 
 func (self *SGroup) AttachPolicy(policyId string, policyType api.TPolicyType) error {
-	return self.client.AttachGroupPolicy(self.GroupName, self.client.getIamArn(policyId))
+	return self.client.AttachGroupPolicy(self.GroupName, policyId)
 }
 
 func (self *SGroup) DetachPolicy(policyId string, policyType api.TPolicyType) error {
-	return self.client.DetachGroupPolicy(self.GroupName, self.client.getIamArn(policyId))
+	return self.client.DetachGroupPolicy(self.GroupName, policyId)
 }
 
 func (self *SGroup) Delete() error {
@@ -109,6 +109,26 @@ func (self *SGroup) ListPolicies() ([]SAttachedPolicy, error) {
 	return policies, nil
 }
 
+func (self *SGroup) ListGroupPolicies() ([]SPolicy, error) {
+	policies := []SPolicy{}
+	offset := ""
+	for {
+		part, err := self.client.ListGroupPolicies(self.GroupName, offset, 1000)
+		if err != nil {
+			return nil, errors.Wrapf(err, "ListGroupPolicies")
+		}
+		for i := range part.Policies {
+			part.Policies[i].client = self.client
+			policies = append(policies, part.Policies[i])
+		}
+		offset = part.Marker
+		if len(offset) == 0 || !part.IsTruncated {
+			break
+		}
+	}
+	return policies, nil
+}
+
 func (self *SGroup) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error) {
 	policies, err := self.ListPolicies()
 	if err != nil {
diff --git a/pkg/multicloud/aws/iam_policy.go b/pkg/multicloud/aws/iam_policy.go
index a92a00e3c..2da26941c 100644
--- a/pkg/multicloud/aws/iam_policy.go
+++ b/pkg/multicloud/aws/iam_policy.go
@@ -56,7 +56,7 @@ func (self *SPolicy) GetName() string {
 }
 
 func (self *SPolicy) GetGlobalId() string {
-	return self.client.getIamCommonArn(self.Arn)
+	return self.Arn
 }
 
 func (self *SPolicy) GetPolicyType() cloudid.TPolicyType {
@@ -127,7 +127,7 @@ func (self *SAwsClient) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error
 	ret := []cloudprovider.ICloudpolicy{}
 	marker := ""
 	for {
-		part, err := self.ListPolicies(marker, 1000, false, "", "PermissionsPolicy", "AWS")
+		part, err := self.ListPolicies(marker, 1000, false, "", "", "AWS")
 		if err != nil {
 			return nil, errors.Wrapf(err, "ListPolicies")
 		}
@@ -143,7 +143,7 @@ func (self *SAwsClient) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error
 	}
 
 	for {
-		part, err := self.ListPolicies(marker, 1000, false, "", "PermissionsPolicy", "Local")
+		part, err := self.ListPolicies(marker, 1000, false, "", "", "Local")
 		if err != nil {
 			return nil, errors.Wrapf(err, "ListPolicies")
 		}
@@ -230,7 +230,7 @@ type SAttachedPolicy struct {
 }
 
 func (self *SAttachedPolicy) GetGlobalId() string {
-	return self.client.getIamCommonArn(self.PolicyArn)
+	return self.PolicyArn
 }
 
 func (self *SAttachedPolicy) GetName() string {
diff --git a/pkg/multicloud/aws/iam_role.go b/pkg/multicloud/aws/iam_role.go
index 6e38dcaa8..3befeac7d 100644
--- a/pkg/multicloud/aws/iam_role.go
+++ b/pkg/multicloud/aws/iam_role.go
@@ -70,7 +70,7 @@ func (self *SRole) GetDocument() *jsonutils.JSONDict {
 	return document.(*jsonutils.JSONDict)
 }
 
-//[{"Action":"sts:AssumeRoleWithSAML","Condition":{"StringEquals":{"SAML:aud":"https://signin.aws.amazon.com/saml"}},"Effect":"Allow","Principal":{"Federated":"arn:aws:iam::879324515906:saml-provider/quxuan"}}]
+// [{"Action":"sts:AssumeRoleWithSAML","Condition":{"StringEquals":{"SAML:aud":"https://signin.aws.amazon.com/saml"}},"Effect":"Allow","Principal":{"Federated":"arn:aws:iam::879324515906:saml-provider/quxuan"}}]
 func (self *SRole) GetSAMLProvider() string {
 	document := self.GetDocument()
 	if document != nil {
@@ -90,11 +90,11 @@ func (self *SRole) GetSAMLProvider() string {
 }
 
 func (self *SRole) AttachPolicy(id string, policyType cloudid.TPolicyType) error {
-	return self.client.AttachRolePolicy(self.RoleName, self.client.getIamArn(id))
+	return self.client.AttachRolePolicy(self.RoleName, id)
 }
 
 func (self *SRole) DetachPolicy(id string, polityType cloudid.TPolicyType) error {
-	return self.client.DetachRolePolicy(self.RoleName, self.client.getIamArn(id))
+	return self.client.DetachRolePolicy(self.RoleName, id)
 }
 
 func (self *SRole) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error) {
diff --git a/pkg/multicloud/aws/iam_user.go b/pkg/multicloud/aws/iam_user.go
index 84c128d65..7f56c2c3b 100644
--- a/pkg/multicloud/aws/iam_user.go
+++ b/pkg/multicloud/aws/iam_user.go
@@ -53,11 +53,11 @@ func (user *SUser) GetInviteUrl() string {
 }
 
 func (user *SUser) AttachPolicy(policyArn string, policyType api.TPolicyType) error {
-	return user.client.AttachUserPolicy(user.UserName, user.client.getIamArn(policyArn))
+	return user.client.AttachUserPolicy(user.UserName, policyArn)
 }
 
 func (user *SUser) DetachPolicy(policyArn string, policyType api.TPolicyType) error {
-	return user.client.DetachUserPolicy(user.UserName, user.client.getIamArn(policyArn))
+	return user.client.DetachUserPolicy(user.UserName, policyArn)
 }
 
 func (user *SUser) GetGlobalId() string {
diff --git a/pkg/multicloud/qcloud/shell/cam_group.go b/pkg/multicloud/qcloud/shell/cam_group.go
index d6ddecfb0..d40b2135f 100644
--- a/pkg/multicloud/qcloud/shell/cam_group.go
+++ b/pkg/multicloud/qcloud/shell/cam_group.go
@@ -43,6 +43,21 @@ func init() {
 		return cli.GetClient().DeleteGroup(args.ID)
 	})
 
+	type CloudgroupPolicyListOptions struct {
+		ID     int
+		Limit  int
+		Offset int
+	}
+
+	shellutils.R(&CloudgroupPolicyListOptions{}, "cloud-group-policy-list", "List cloudgroup policy", func(cli *qcloud.SRegion, args *CloudgroupPolicyListOptions) error {
+		ret, _, err := cli.GetClient().ListAttachedGroupPolicies(args.ID, args.Offset, args.Limit)
+		if err != nil {
+			return err
+		}
+		printList(ret, 0, 0, 0, nil)
+		return nil
+	})
+
 	shellutils.R(&CloudgroupIdOptions{}, "cloud-group-show", "Show cloudgroup", func(cli *qcloud.SRegion, args *CloudgroupIdOptions) error {
 		group, err := cli.GetClient().GetGroup(args.ID)
 		if err != nil {