Merge pull request #82 from M1kep/feat/last-used-date-iam-roles

tyler-dunkel · web-flow · commit 4f93a3a3927c · 2022-06-09T12:08:56.000-05:00
feat(iamRole): Add lastUsedDate
diff --git a/src/services/iamPolicy/data.ts b/src/services/iamPolicy/data.ts
@@ -47,7 +47,7 @@ const tagsByPolicyArn = async (
   iam: IAM,
   { Arn }: Policy
 ): Promise<{ Arn: string; Tags: TagMap }> =>
-  new Promise(resolveUserPolicies => {
+  new Promise(resolve => {
     iam.listPolicyTags(
       { PolicyArn: Arn },
       (err: AWSError, data: ListPolicyTagsResponse) => {
@@ -60,13 +60,13 @@ const tagsByPolicyArn = async (
 
         if (!isEmpty(data)) {
           const { Tags: tags = [] } = data
-          resolveUserPolicies({
+          resolve({
             Arn,
             Tags: convertAwsTagsToTagMap(tags),
           })
         }
 
-        resolveUserPolicies(null)
+        resolve(null)
       }
     )
   })
@@ -75,7 +75,7 @@ const policyVersionByPolicyArn = async (
   iam: IAM,
   { Arn, DefaultVersionId }: Policy
 ): Promise<{ Arn: string; Content: string }> =>
-  new Promise(resolveUserPolicies => {
+  new Promise(resolve => {
     iam.getPolicyVersion(
       { PolicyArn: Arn, VersionId: DefaultVersionId },
       (err: AWSError, data: GetPolicyVersionResponse) => {
@@ -88,13 +88,13 @@ const policyVersionByPolicyArn = async (
 
         if (!isEmpty(data)) {
           const { PolicyVersion = { Document: '' } } = data
-          resolveUserPolicies({
+          resolve({
             Arn,
             Content: decodeURIComponent(PolicyVersion.Document),
           })
         }
 
-        resolveUserPolicies(null)
+        resolve(null)
       }
     )
   })
diff --git a/src/services/iamRole/data.ts b/src/services/iamRole/data.ts
@@ -5,7 +5,7 @@ import isEmpty from 'lodash/isEmpty'
 import { AWSError } from 'aws-sdk/lib/error'
 
 import IAM, {
-  AttachedPolicy,
+  AttachedPolicy, GetRoleResponse,
   ListAttachedRolePoliciesResponse,
   ListRolePoliciesResponse,
   ListRolesResponse,
@@ -43,11 +43,40 @@ export interface RawAwsIamRole extends Omit<Role, 'Tags'> {
   Tags?: TagMap
 }
 
+const roleByRoleName = async (
+    iam: IAM,
+    { RoleName }: Role
+): Promise<{RoleName: string; Role: Role}> =>
+    new Promise(resolve => {
+        iam.getRole(
+            { RoleName },
+            (err: AWSError, data: GetRoleResponse) => {
+                if (err) {
+                    errorLog.generateAwsErrorLog({
+                        err,
+                        functionName: 'iam:getRole',
+                    })
+                }
+
+                if (!isEmpty(data)) {
+                    const {Role} = data
+
+                    resolve({
+                        RoleName,
+                        Role,
+                    })
+                }
+
+                resolve(null)
+            }
+        )
+    })
+
 const tagsByRoleName = async (
   iam: IAM,
   { RoleName }: Role
 ): Promise<{ RoleName: string; Tags: TagMap }> =>
-  new Promise(resolveUserPolicies => {
+  new Promise(resolve => {
     iam.listRoleTags(
       { RoleName },
       (err: AWSError, data: ListRoleTagsResponse) => {
@@ -61,13 +90,13 @@ const tagsByRoleName = async (
         if (!isEmpty(data)) {
           const { Tags: tags = [] } = data
 
-          resolveUserPolicies({
+          resolve({
             RoleName,
             Tags: convertAwsTagsToTagMap(tags),
           })
         }
 
-        resolveUserPolicies(null)
+        resolve(null)
       }
     )
   })
@@ -76,7 +105,7 @@ const policiesByRoleName = async (
   iam: IAM,
   { RoleName }: Role
 ): Promise<{ RoleName: string; Policies: string[] }> =>
-  new Promise(resolveUserPolicies => {
+  new Promise(resolve => {
     iam.listRolePolicies(
       { RoleName },
       (err: AWSError, data: ListRolePoliciesResponse) => {
@@ -90,10 +119,10 @@ const policiesByRoleName = async (
         if (!isEmpty(data)) {
           const { PolicyNames = [] } = data
 
-          resolveUserPolicies({ RoleName, Policies: PolicyNames })
+          resolve({ RoleName, Policies: PolicyNames })
         }
 
-        resolveUserPolicies(null)
+        resolve(null)
       }
     )
   })
@@ -102,7 +131,7 @@ const managedPoliciesByRoleName = async (
   iam: IAM,
   { RoleName }: Role
 ): Promise<{ RoleName: string; ManagedPolicies: AttachedPolicy[] }> =>
-  new Promise(resolveUserPolicies => {
+  new Promise(resolve => {
     iam.listAttachedRolePolicies(
       { RoleName },
       (err: AWSError, data: ListAttachedRolePoliciesResponse) => {
@@ -116,13 +145,13 @@ const managedPoliciesByRoleName = async (
         if (!isEmpty(data)) {
           const { AttachedPolicies = [] } = data
 
-          resolveUserPolicies({
+          resolve({
             RoleName,
             ManagedPolicies: AttachedPolicies,
           })
         }
 
-        resolveUserPolicies(null)
+        resolve(null)
       }
     )
   })
@@ -136,6 +165,7 @@ export const listIamRoles = async (
     const policiesByRoleNamePromises = []
     const tagsByRoleNamePromises = []
     const managedPoliciesByRoleNamePromises = []
+    const roleByRoleNamePromises: Promise<{RoleName: string; Role: Role}>[] = []
 
     iam.listRoles(
       { Marker: marker },
@@ -155,13 +185,15 @@ export const listIamRoles = async (
             managedPoliciesByRoleNamePromises.push(
               managedPoliciesByRoleName(iam, role)
             )
+            roleByRoleNamePromises.push(roleByRoleName(iam, role))
           })
 
           const tags = await Promise.all(tagsByRoleNamePromises)
           const policies = await Promise.all(policiesByRoleNamePromises)
           const managedPolicies = await Promise.all(
             managedPoliciesByRoleNamePromises
           )
+          const detailedRoles = await Promise.all(roleByRoleNamePromises)
 
           result.push(
             ...roles.map(
@@ -173,6 +205,7 @@ export const listIamRoles = async (
                   ),
                   ...role,
                   region: globalRegionName,
+                  RoleLastUsed: detailedRoles?.find(r => r.RoleName === RoleName)?.Role.RoleLastUsed,
                   Policies:
                     policies
                       ?.filter(p => p?.RoleName === RoleName)
diff --git a/src/services/iamRole/format.ts b/src/services/iamRole/format.ts
@@ -21,6 +21,7 @@ export default ({
     Path: path = '',
     CreateDate: createdAt,
     Description: description = '',
+    RoleLastUsed,
     AssumeRolePolicyDocument: assumeRolePolicy = '',
     MaxSessionDuration: maxSessionDuration = 0,
     Policies: inlinePolicies = [],
@@ -38,6 +39,7 @@ export default ({
     path,
     createdAt: createdAt?.toISOString() || '',
     description,
+    lastUsedDate: RoleLastUsed?.LastUsedDate?.toISOString() || null,
     rawPolicy: assumeRolePolicy,
     assumeRolePolicy: formatIamJsonPolicy(assumeRolePolicy),
     maxSessionDuration,
diff --git a/src/services/iamRole/schema.graphql b/src/services/iamRole/schema.graphql
@@ -5,6 +5,7 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
   assumeRolePolicy: awsIamJSONPolicy
   description: String @search(by: [hash, regexp])
   createdAt: String @search(by: [hash, regexp])
+  lastUsedDate: DateTime @search(by: [day])
   maxSessionDuration: Int @search
   tags: [awsRawTag]
   inlinePolicies: [String]
diff --git a/src/services/iamUser/data.ts b/src/services/iamUser/data.ts
@@ -91,7 +91,7 @@ const tagsByUsername = async (
   iam: IAM,
   { UserName }: User
 ): Promise<{ UserName: string; Tags: TagMap }> =>
-  new Promise(resolveUserPolicies => {
+  new Promise(resolve => {
     iam.listUserTags(
       { UserName },
       (err: AWSError, data: ListUserTagsResponse) => {
@@ -105,10 +105,10 @@ const tagsByUsername = async (
         if (!isEmpty(data)) {
           const { Tags: tags = [] } = data
 
-          resolveUserPolicies({ UserName, Tags: convertAwsTagsToTagMap(tags) })
+          resolve({ UserName, Tags: convertAwsTagsToTagMap(tags) })
         }
 
-        resolveUserPolicies(null)
+        resolve(null)
       }
     )
   })
@@ -117,7 +117,7 @@ const groupsByUsername = async (
   iam: IAM,
   { UserName }: User
 ): Promise<{ UserName: string; Groups: string[] }> =>
-  new Promise(resolveUserGroups => {
+  new Promise(resolve => {
     iam.listGroupsForUser(
       { UserName },
       (err: AWSError, data: ListGroupsForUserResponse) => {
@@ -133,10 +133,10 @@ const groupsByUsername = async (
 
           const userGroups = Groups.map(({ GroupId }) => GroupId)
 
-          resolveUserGroups({ UserName, Groups: userGroups })
+          resolve({ UserName, Groups: userGroups })
         }
 
-        resolveUserGroups(null)
+        resolve(null)
       }
     )
   })
@@ -145,7 +145,7 @@ const policiesByUsername = async (
   iam: IAM,
   { UserName }: User
 ): Promise<{ UserName: string; Policies: string[] }> =>
-  new Promise(resolveUserPolicies => {
+  new Promise(resolve => {
     iam.listUserPolicies(
       { UserName },
       (err: AWSError, data: ListUserPoliciesResponse) => {
@@ -159,10 +159,10 @@ const policiesByUsername = async (
         if (!isEmpty(data)) {
           const { PolicyNames = [] } = data
 
-          resolveUserPolicies({ UserName, Policies: PolicyNames })
+          resolve({ UserName, Policies: PolicyNames })
         }
 
-        resolveUserPolicies(null)
+        resolve(null)
       }
     )
   })
@@ -171,7 +171,7 @@ const managedPoliciesByUsername = async (
   iam: IAM,
   { UserName }: User
 ): Promise<{ UserName: string; ManagedPolicies: AttachedPolicy[] }> =>
-  new Promise(resolveUserPolicies => {
+  new Promise(resolve => {
     iam.listAttachedUserPolicies(
       { UserName },
       (err: AWSError, data: ListAttachedUserPoliciesResponse) => {
@@ -185,13 +185,13 @@ const managedPoliciesByUsername = async (
         if (!isEmpty(data)) {
           const { AttachedPolicies = [] } = data
 
-          resolveUserPolicies({
+          resolve({
             UserName,
             ManagedPolicies: AttachedPolicies,
           })
         }
 
-        resolveUserPolicies(null)
+        resolve(null)
       }
     )
   })
diff --git a/src/types/generated.ts b/src/types/generated.ts
@@ -3182,6 +3182,7 @@ export type AwsIamRole = AwsBaseService & {
   inlinePolicies?: Maybe<Array<Maybe<Scalars['String']>>>;
   kinesisFirehose?: Maybe<Array<Maybe<AwsKinesisFirehose>>>;
   lambda?: Maybe<Array<Maybe<AwsLambda>>>;
+  lastUsedDate?: Maybe<Scalars['DateTime']>;
   managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
   maxSessionDuration?: Maybe<Scalars['Int']>;
   name?: Maybe<Scalars['String']>;
