-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathis_iam_enabled.go
114 lines (95 loc) · 2.44 KB
/
is_iam_enabled.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package alks
import (
"encoding/json"
"fmt"
"log"
"strings"
)
type IsIamEnabledRequest struct {
AccountDetails
RoleArn string `json:"roleArn,omitempty"`
}
// IsIamEnabledResponse is used to represent a role that's IAM active or not.
type IsIamEnabledResponse struct {
BaseResponse
AccountDetails
RoleArn string `json:"roleArn"`
IamEnabled bool `json:"iamEnabled"`
}
// IsIamEnabled will check if a MI, AccountDetails, or STS assumed role is IAM active or not.
func (c *Client) IsIamEnabled(roleArn string) (*IsIamEnabledResponse, *AlksError) {
if len(roleArn) > 1 {
log.Printf("[INFO] Is IAM enabled for MI: %s", roleArn)
} else {
log.Printf("[INFO] Is IAM enabled for: %s/%s", c.AccountDetails.Account, c.AccountDetails.Role)
}
iam := IsIamEnabledRequest{
c.AccountDetails,
roleArn,
}
body, err := json.Marshal(iam)
if err != nil {
return nil, &AlksError{
StatusCode: 0,
RequestId: "",
Err: fmt.Errorf("error encoding IAM create role JSON: %s", err),
}
}
req, err := c.NewRequest(body, "POST", "/isIamEnabled")
if err != nil {
return nil, &AlksError{
StatusCode: 0,
RequestId: "",
Err: err,
}
}
resp, err := c.http.Do(req)
if err != nil {
return nil, &AlksError{
StatusCode: resp.StatusCode,
RequestId: "",
Err: err,
}
}
reqID := GetRequestID(resp)
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
iamErr := new(AlksResponseError)
err = decodeBody(resp, &iamErr)
if err != nil {
return nil, &AlksError{
StatusCode: resp.StatusCode,
RequestId: reqID,
Err: fmt.Errorf(ParseError, err),
}
}
if iamErr.Errors != nil {
return nil, &AlksError{
StatusCode: resp.StatusCode,
RequestId: reqID,
Err: fmt.Errorf(AlksResponsErrorStrings, iamErr.Errors),
}
}
return nil, &AlksError{
StatusCode: resp.StatusCode,
RequestId: reqID,
Err: fmt.Errorf(GenericAlksError),
}
}
validate := new(IsIamEnabledResponse)
err = decodeBody(resp, validate)
if err != nil {
return nil, &AlksError{
StatusCode: resp.StatusCode,
RequestId: reqID,
Err: fmt.Errorf("error parsing isIamEnabled response: %s", err),
}
}
if validate.RequestFailed() {
return nil, &AlksError{
StatusCode: resp.StatusCode,
RequestId: validate.BaseResponse.RequestID,
Err: fmt.Errorf("error validating if IAM enabled: %s", strings.Join(validate.GetErrors(), ", ")),
}
}
return validate, nil
}