Example 1 with GetRolePolicyRequest
use of com.amazonaws.services.identitymanagement.model.GetRolePolicyRequest in project cloudbreak by hortonworks.
the class AwsSetup method checkIamOrS3Statement.
private boolean checkIamOrS3Statement(String roleName, AmazonIdentityManagement client, String s) throws Exception {
GetRolePolicyRequest getRolePolicyRequest = new GetRolePolicyRequest();
getRolePolicyRequest.setRoleName(roleName);
getRolePolicyRequest.setPolicyName(s);
GetRolePolicyResult rolePolicy = client.getRolePolicy(getRolePolicyRequest);
String decode = URLDecoder.decode(rolePolicy.getPolicyDocument(), "UTF-8");
JsonNode object = JsonUtil.readTree(decode);
JsonNode statement = object.get("Statement");
for (int i = 0; i < statement.size(); i++) {
JsonNode action = statement.get(i).get("Action");
for (int j = 0; j < action.size(); j++) {
String actionEntry = action.get(j).textValue().replaceAll(" ", "").toLowerCase();
if ("iam:createrole".equals(actionEntry) || "iam:*".equals(actionEntry)) {
LOGGER.info("Role has able to operate on iam resources: {}.", action.get(j));
return true;
}
}
}
return false;
}
Also used :
GetRolePolicyResult(com.amazonaws.services.identitymanagement.model.GetRolePolicyResult)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
GetRolePolicyRequest(com.amazonaws.services.identitymanagement.model.GetRolePolicyRequest)
Aggregations
GetRolePolicyRequest (com.amazonaws.services.identitymanagement.model.GetRolePolicyRequest)1
GetRolePolicyResult (com.amazonaws.services.identitymanagement.model.GetRolePolicyResult)1
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
