def list_user_mfa_devices(self):
if not any([
r in self.types
for r in ["AWS::Iam::MfaDevice", "AWS::Iam::VirtualMfaDevice"]
]):
return
for user in self.console.tasklist(
"Adding MfaDevices",
iterables=self.get("AWS::Iam::User").get("Resource"),
wait="Awaiting response to iam:ListMFADevices",
done="Added MFA devices",
):
for mfa_device in self.client.list_mfa_devices(
UserName=user.get("Name"))["MFADevices"]:
label = RESOURCES.label(mfa_device["SerialNumber"])
mfa_device["Arn"] = mfa_device["SerialNumber"]
mfa_device["Name"] = mfa_device["Arn"].split('/')[-1] if label == "AWS::Iam::MfaDevice" \
else "Virtual Device" if label == "AWS::Iam::VirtualMfaDevice" \
else "Device"
if label is None:
continue
del mfa_device["SerialNumber"]
resource = Resource(labels=[label], properties=mfa_device)
self.add(resource)
def __init__(self,
session,
console=None,
services=[],
db="default.db",
quick=False,
skip_actions=False,
only_types=[],
skip_types=[],
only_arns=[],
skip_arns=[]):
try:
if console is None:
from lib.util.console import console
self.console = console
identity = self.console.task(
"Awaiting response to sts:GetCallerIdentity",
session.client('sts').get_caller_identity,
done=lambda r: '\n'.join([
f"Identity: {r['Arn']}",
f"Services: {', '.join([s.__name__ for s in services])}",
f"Database: {db}",
f"Account: {r['Account']}",
f"Region: {session.region_name}",
]))
self.account = identity["Account"]
self.console.spacer()
except (ClientError, PartialCredentialsError, ProfileNotFound) as e:
self.console.error(str(e))
sys.exit(1)
if len(only_arns) > 0:
only_types = list(
set(only_types + [RESOURCES.label(arn) for arn in only_arns]))
for ingestor in services:
elements = ingestor(session=session,
console=self.console,
account=self.account,
quick=quick,
only_types=only_types,
skip_types=skip_types,
only_arns=only_arns,
skip_arns=skip_arns)
super().update(elements)
elements.destroy()
self.load_transitives()
if not skip_actions:
self.load_actions()
self.zip = self.save(db)
self.console.spacer()