private static List<String> getRoleNames(
GetInstanceProfileResponseType getInstanceProfileResponseType) {
List<String> returnValue = Lists.newArrayList();
if (getInstanceProfileResponseType != null
&& getInstanceProfileResponseType.getGetInstanceProfileResult() != null
&& getInstanceProfileResponseType.getGetInstanceProfileResult().getInstanceProfile() != null
&& getInstanceProfileResponseType
.getGetInstanceProfileResult()
.getInstanceProfile()
.getRoles()
!= null
&& getInstanceProfileResponseType
.getGetInstanceProfileResult()
.getInstanceProfile()
.getRoles()
.getMember()
!= null) {
for (RoleType roleType :
getInstanceProfileResponseType
.getGetInstanceProfileResult()
.getInstanceProfile()
.getRoles()
.getMember()) {
if (roleType != null && roleType.getRoleName() != null)
returnValue.add(roleType.getRoleName());
}
}
return returnValue;
}
@Override
public ResourceAction perform(ResourceAction resourceAction) throws Exception {
AWSIAMPolicyResourceAction action = (AWSIAMPolicyResourceAction) resourceAction;
ServiceConfiguration configuration = Topology.lookup(Euare.class);
if (action.info.getPhysicalResourceId() == null) return action;
// find all roles that still exist from the list and remove the policy
if (action.properties.getRoles() != null && action.properties.getRoles().size() > 0) {
List<String> realRolesToRemovePolicyFrom = Lists.newArrayList();
Set<String> passedInRoles =
action.properties.getRoles() == null
? new HashSet<String>()
: Sets.newHashSet(action.properties.getRoles());
boolean seenAllRoles = false;
String roleMarker = null;
while (!seenAllRoles) {
ListRolesType listRolesType =
MessageHelper.createMessage(ListRolesType.class, action.info.getEffectiveUserId());
if (roleMarker != null) {
listRolesType.setMarker(roleMarker);
}
ListRolesResponseType listRolesResponseType =
AsyncRequests.<ListRolesType, ListRolesResponseType>sendSync(
configuration, listRolesType);
if (listRolesResponseType.getListRolesResult().getIsTruncated() == Boolean.TRUE) {
roleMarker = listRolesResponseType.getListRolesResult().getMarker();
} else {
seenAllRoles = true;
}
if (listRolesResponseType.getListRolesResult().getRoles() != null
&& listRolesResponseType.getListRolesResult().getRoles().getMember() != null) {
for (RoleType roleType :
listRolesResponseType.getListRolesResult().getRoles().getMember()) {
if (passedInRoles.contains(roleType.getRoleName())) {
realRolesToRemovePolicyFrom.add(roleType.getRoleName());
}
}
}
}
for (String role : realRolesToRemovePolicyFrom) {
DeleteRolePolicyType deleteRolePolicyType =
MessageHelper.createMessage(
DeleteRolePolicyType.class, action.info.getEffectiveUserId());
deleteRolePolicyType.setRoleName(role);
deleteRolePolicyType.setPolicyName(action.properties.getPolicyName());
AsyncRequests.<DeleteRolePolicyType, DeleteRolePolicyResponseType>sendSync(
configuration, deleteRolePolicyType);
}
}
// find all users that still exist from the list and remove the policy
if (action.properties.getUsers() != null && action.properties.getUsers().size() > 0) {
List<String> realUsersToRemovePolicyFrom = Lists.newArrayList();
Set<String> passedInUsers =
action.properties.getUsers() == null
? new HashSet<String>()
: Sets.newHashSet(action.properties.getUsers());
boolean seenAllUsers = false;
String userMarker = null;
while (!seenAllUsers) {
ListUsersType listUsersType =
MessageHelper.createMessage(ListUsersType.class, action.info.getEffectiveUserId());
;
if (userMarker != null) {
listUsersType.setMarker(userMarker);
}
ListUsersResponseType listUsersResponseType =
AsyncRequests.<ListUsersType, ListUsersResponseType>sendSync(
configuration, listUsersType);
if (listUsersResponseType.getListUsersResult().getIsTruncated() == Boolean.TRUE) {
userMarker = listUsersResponseType.getListUsersResult().getMarker();
} else {
seenAllUsers = true;
}
if (listUsersResponseType.getListUsersResult().getUsers() != null
&& listUsersResponseType.getListUsersResult().getUsers().getMemberList() != null) {
for (UserType userType :
listUsersResponseType.getListUsersResult().getUsers().getMemberList()) {
if (passedInUsers.contains(userType.getUserName())) {
realUsersToRemovePolicyFrom.add(userType.getUserName());
}
}
}
}
for (String user : realUsersToRemovePolicyFrom) {
DeleteUserPolicyType deleteUserPolicyType =
MessageHelper.createMessage(
DeleteUserPolicyType.class, action.info.getEffectiveUserId());
deleteUserPolicyType.setUserName(user);
deleteUserPolicyType.setPolicyName(action.properties.getPolicyName());
AsyncRequests.<DeleteUserPolicyType, DeleteUserPolicyResponseType>sendSync(
configuration, deleteUserPolicyType);
}
}
// find all groups that still exist from the list and remove the policy
if (action.properties.getGroups() != null && action.properties.getGroups().size() > 0) {
List<String> realGroupsToRemovePolicyFrom = Lists.newArrayList();
Set<String> passedInGroups =
action.properties.getGroups() == null
? new HashSet<String>()
: Sets.newHashSet(action.properties.getGroups());
boolean seenAllGroups = false;
String groupMarker = null;
while (!seenAllGroups) {
ListGroupsType listGroupsType =
MessageHelper.createMessage(ListGroupsType.class, action.info.getEffectiveUserId());
if (groupMarker != null) {
listGroupsType.setMarker(groupMarker);
}
ListGroupsResponseType listGroupsResponseType =
AsyncRequests.<ListGroupsType, ListGroupsResponseType>sendSync(
configuration, listGroupsType);
if (listGroupsResponseType.getListGroupsResult().getIsTruncated() == Boolean.TRUE) {
groupMarker = listGroupsResponseType.getListGroupsResult().getMarker();
} else {
seenAllGroups = true;
}
if (listGroupsResponseType.getListGroupsResult().getGroups() != null
&& listGroupsResponseType.getListGroupsResult().getGroups().getMemberList()
!= null) {
for (GroupType groupType :
listGroupsResponseType.getListGroupsResult().getGroups().getMemberList()) {
if (passedInGroups.contains(groupType.getGroupName())) {
realGroupsToRemovePolicyFrom.add(groupType.getGroupName());
}
}
}
}
for (String group : realGroupsToRemovePolicyFrom) {
DeleteGroupPolicyType deleteGroupPolicyType =
MessageHelper.createMessage(
DeleteGroupPolicyType.class, action.info.getEffectiveUserId());
deleteGroupPolicyType.setGroupName(group);
deleteGroupPolicyType.setPolicyName(action.properties.getPolicyName());
AsyncRequests.<DeleteGroupPolicyType, DeleteGroupPolicyResponseType>sendSync(
configuration, deleteGroupPolicyType);
}
}
return action;
}