-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathaws-iam-expand-user-policies
executable file
·106 lines (88 loc) · 3.08 KB
/
aws-iam-expand-user-policies
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/usr/bin/env node
let _ = require('lodash-firecloud');
let aws = require('aws-sdk');
Promise.longStackTraces();
let iam = new aws.IAM();
(async function() {
let result = _.pick(await iam.listUsers({}).promise(), [
'Users'
]);
// if (filterUsername) {
// let filterUsernamesRE = new RegExp(`^${filterUsername}$`);
// result.Users = _.reject(result.Users, function({UserName}) {
// let keep = filterUsernamesRE.test(UserName);
// return !keep;
// });
// }
let expandPolicies = async function(policies) {
return await Promise.all(_.map(policies, async function(policy) {
let {
PolicyArn
} = policy;
policy = (await iam.getPolicy({PolicyArn}).promise()).Policy;
_.merge(policy, _.pick(await iam.getPolicyVersion({
PolicyArn,
VersionId: policy.DefaultVersionId
}).promise(), [
'PolicyVersion'
]));
policy.PolicyVersion.Document = JSON.parse(unescape(policy.PolicyVersion.Document));
return policy;
}));
};
// eslint-disable-next-line require-atomic-updates
result.Users = await Promise.all(_.map(result.Users, async function(user) {
let {
UserName
} = user;
user.Policies = [];
let inlinePolicyNames = (await iam.listUserPolicies({UserName}).promise()).PolicyNames;
await Promise.all(_.map(inlinePolicyNames, async function(PolicyName) {
let policy = _.pick(await iam.getUserPolicy({
UserName,
PolicyName
}).promise(), [
'PolicyName',
'PolicyDocument'
]);
policy.PolicyDocument = JSON.parse(unescape(policy.PolicyDocument));
user.Policies.push(policy);
}));
_.merge(user, _.pick(await iam.listAttachedUserPolicies({UserName}).promise(), [
'AttachedPolicies'
]));
// eslint-disable-next-line require-atomic-updates
user.AttachedPolicies = await expandPolicies(user.AttachedPolicies);
_.merge(user, _.pick(await iam.listGroupsForUser({UserName}).promise(), [
'Groups'
]));
// eslint-disable-next-line require-atomic-updates
user.Groups = await Promise.all(_.map(user.Groups, async function(group) {
let {
GroupName
} = group;
group.Policies = [];
let inlinePolicyNames = (await iam.listGroupPolicies({GroupName}).promise()).PolicyNames;
await Promise.all(_.map(inlinePolicyNames, async function(PolicyName) {
let policy = _.pick(await iam.getGroupPolicy({
GroupName,
PolicyName
}).promise(), [
'PolicyName',
'PolicyDocument'
]);
policy.PolicyDocument = JSON.parse(unescape(policy.PolicyDocument));
group.Policies.push(policy);
}));
_.merge(group, _.pick(await iam.listAttachedGroupPolicies({GroupName}).promise(), [
'AttachedPolicies'
]));
// eslint-disable-next-line require-atomic-updates
group.AttachedPolicies = await expandPolicies(group.AttachedPolicies);
return group;
}));
return user;
}));
// eslint-disable-next-line no-null/no-null
console.log(JSON.stringify(result, null, 2));
})();