RoleResolver.java

/*
 * Copyright (c) 2016 ingenieux Labs
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

package br.com.ingenieux.mojo.aws.util;

import com.amazonaws.services.identitymanagement.AmazonIdentityManagement;
import com.amazonaws.services.identitymanagement.model.ListRolesRequest;
import com.amazonaws.services.identitymanagement.model.ListRolesResult;
import com.amazonaws.services.identitymanagement.model.Role;

import java.util.LinkedHashSet;
import java.util.Set;
import java.util.TreeSet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 * Created by aldrin on 08/04/16.
 */
public class RoleResolver {
  public static final Pattern PATTERN_IAM_ROLE = Pattern.compile("arn:aws:iam:[\\w\\-]*:(\\d+):(.*)");

  private final AmazonIdentityManagement iam;

  private final String accountId;

  Set<String> roles = new LinkedHashSet<String>();

  public RoleResolver(AmazonIdentityManagement iam) {
    this.iam = iam;
    this.roles = loadRoles();

    final String firstRole = roles.iterator().next();

    final Matcher m = PATTERN_IAM_ROLE.matcher(firstRole);

    if (!m.find()) throw new IllegalStateException("Unable to find account id!");

    this.accountId = m.group(1);
  }

  public String getAccountId() {
    return accountId;
  }

  private Set<String> loadRoles() {
    Set<String> result = new TreeSet<String>();

    boolean done = false;
    String marker = null;
    do {
      final ListRolesRequest listRolesRequest = new ListRolesRequest();

      listRolesRequest.setMarker(marker);

      final ListRolesResult listRolesResult = iam.listRoles(listRolesRequest);

      for (Role r : listRolesResult.getRoles()) {
        result.add(r.getArn());
      }

      done = (!listRolesResult.isTruncated());

      marker = listRolesResult.getMarker();
    } while (!done);

    return result;
  }

  public String lookupRoleGlob(String role) {
    if (GlobUtil.hasWildcards(role)) {
      //getLog().info(format("Looking up IAM Role '%s'", role));

      Pattern p = GlobUtil.globify(role);

      for (String s : roles) {
        final Matcher matcher = p.matcher(s);

        if (matcher.matches() || matcher.find()) {
          //getLog().info(format("Found Role: '%s'", s));

          return s;
        }
      }

      throw new IllegalStateException("Unable to lookup role '" + role + "': Not found");
    } else {
      //getLog().info(format("Using Role as is: '%s'", role));

      return role;
    }
  }
}