github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/modules/aws/iam.go

github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/modules/aws/iam.go (about)

     1  package aws
     2  
     3  import (
     4  	"time"
     5  
     6  	"github.com/aws/aws-sdk-go/aws"
     7  	"github.com/aws/aws-sdk-go/service/iam"
     8  	"github.com/gruntwork-io/terratest/modules/logger"
     9  	"github.com/gruntwork-io/terratest/modules/testing"
    10  )
    11  
    12  // GetIamCurrentUserName gets the username for the current IAM user.
    13  func GetIamCurrentUserName(t testing.TestingT) string {
    14  	out, err := GetIamCurrentUserNameE(t)
    15  	if err != nil {
    16  		t.Fatal(err)
    17  	}
    18  	return out
    19  }
    20  
    21  // GetIamCurrentUserNameE gets the username for the current IAM user.
    22  func GetIamCurrentUserNameE(t testing.TestingT) (string, error) {
    23  	iamClient, err := NewIamClientE(t, defaultRegion)
    24  	if err != nil {
    25  		return "", err
    26  	}
    27  
    28  	resp, err := iamClient.GetUser(&iam.GetUserInput{})
    29  	if err != nil {
    30  		return "", err
    31  	}
    32  
    33  	return *resp.User.UserName, nil
    34  }
    35  
    36  // GetIamCurrentUserArn gets the ARN for the current IAM user.
    37  func GetIamCurrentUserArn(t testing.TestingT) string {
    38  	out, err := GetIamCurrentUserArnE(t)
    39  	if err != nil {
    40  		t.Fatal(err)
    41  	}
    42  	return out
    43  }
    44  
    45  // GetIamCurrentUserArnE gets the ARN for the current IAM user.
    46  func GetIamCurrentUserArnE(t testing.TestingT) (string, error) {
    47  	iamClient, err := NewIamClientE(t, defaultRegion)
    48  	if err != nil {
    49  		return "", err
    50  	}
    51  
    52  	resp, err := iamClient.GetUser(&iam.GetUserInput{})
    53  	if err != nil {
    54  		return "", err
    55  	}
    56  
    57  	return *resp.User.Arn, nil
    58  }
    59  
    60  // CreateMfaDevice creates an MFA device using the given IAM client.
    61  func CreateMfaDevice(t testing.TestingT, iamClient *iam.IAM, deviceName string) *iam.VirtualMFADevice {
    62  	mfaDevice, err := CreateMfaDeviceE(t, iamClient, deviceName)
    63  	if err != nil {
    64  		t.Fatal(err)
    65  	}
    66  	return mfaDevice
    67  }
    68  
    69  // CreateMfaDeviceE creates an MFA device using the given IAM client.
    70  func CreateMfaDeviceE(t testing.TestingT, iamClient *iam.IAM, deviceName string) (*iam.VirtualMFADevice, error) {
    71  	logger.Logf(t, "Creating an MFA device called %s", deviceName)
    72  
    73  	output, err := iamClient.CreateVirtualMFADevice(&iam.CreateVirtualMFADeviceInput{
    74  		VirtualMFADeviceName: aws.String(deviceName),
    75  	})
    76  	if err != nil {
    77  		return nil, err
    78  	}
    79  
    80  	if err := EnableMfaDeviceE(t, iamClient, output.VirtualMFADevice); err != nil {
    81  		return nil, err
    82  	}
    83  
    84  	return output.VirtualMFADevice, nil
    85  }
    86  
    87  // EnableMfaDevice enables a newly created MFA Device by supplying the first two one-time passwords, so that it can be used for future
    88  // logins by the given IAM User.
    89  func EnableMfaDevice(t testing.TestingT, iamClient *iam.IAM, mfaDevice *iam.VirtualMFADevice) {
    90  	err := EnableMfaDeviceE(t, iamClient, mfaDevice)
    91  	if err != nil {
    92  		t.Fatal(err)
    93  	}
    94  }
    95  
    96  // EnableMfaDeviceE enables a newly created MFA Device by supplying the first two one-time passwords, so that it can be used for future
    97  // logins by the given IAM User.
    98  func EnableMfaDeviceE(t testing.TestingT, iamClient *iam.IAM, mfaDevice *iam.VirtualMFADevice) error {
    99  	logger.Logf(t, "Enabling MFA device %s", aws.StringValue(mfaDevice.SerialNumber))
   100  
   101  	iamUserName, err := GetIamCurrentUserArnE(t)
   102  	if err != nil {
   103  		return err
   104  	}
   105  
   106  	authCode1, err := GetTimeBasedOneTimePassword(mfaDevice)
   107  	if err != nil {
   108  		return err
   109  	}
   110  
   111  	logger.Logf(t, "Waiting 30 seconds for a new MFA Token to be generated...")
   112  	time.Sleep(30 * time.Second)
   113  
   114  	authCode2, err := GetTimeBasedOneTimePassword(mfaDevice)
   115  	if err != nil {
   116  		return err
   117  	}
   118  
   119  	_, err = iamClient.EnableMFADevice(&iam.EnableMFADeviceInput{
   120  		AuthenticationCode1: aws.String(authCode1),
   121  		AuthenticationCode2: aws.String(authCode2),
   122  		SerialNumber:        mfaDevice.SerialNumber,
   123  		UserName:            aws.String(iamUserName),
   124  	})
   125  
   126  	if err != nil {
   127  		return err
   128  	}
   129  
   130  	logger.Log(t, "Waiting for MFA Device enablement to propagate.")
   131  	time.Sleep(10 * time.Second)
   132  
   133  	return nil
   134  }
   135  
   136  // NewIamClient creates a new IAM client.
   137  func NewIamClient(t testing.TestingT, region string) *iam.IAM {
   138  	client, err := NewIamClientE(t, region)
   139  	if err != nil {
   140  		t.Fatal(err)
   141  	}
   142  	return client
   143  }
   144  
   145  // NewIamClientE creates a new IAM client.
   146  func NewIamClientE(t testing.TestingT, region string) (*iam.IAM, error) {
   147  	sess, err := NewAuthenticatedSession(region)
   148  	if err != nil {
   149  		return nil, err
   150  	}
   151  	return iam.New(sess), nil
   152  }