Add force wildcard resource flag #22

iann0036 · Mar 12, 2021 · b154fd2 · b154fd2
1 parent 7c18d2f
commit b154fd2
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -46,6 +46,8 @@ You can optionally also include the following arguments to the `iamlive` command
 
 **--background:** when set, the process will return the current PID and run in the background without output (_default: false_)
 
+**--force-wildcard-resource:** when set, the Resource will always be a wildcard (_default: false_)
+
 **--mode:** _[experimental]_ the listening mode (`csm`,`proxy`) (_default: csm_)
 
 **--bind-addr:** _[experimental]_ the bind address for proxy mode (_default: 127.0.0.1:10080_)
@@ -77,7 +79,7 @@ iamlive --set-ini --profile myprofile --fails-only --output-file policy.json --r
 _Comprehensive Example (Proxy Mode)_
 
 ```
-iamlive --set-ini --mode proxy --profile myprofile --output-file policy.json --refresh-rate 1 --sort-alphabetical --bind-addr 127.0.0.1:10080 --ca-bundle ~/.iamlive/ca.pem --ca-key ~/.iamlive/ca.key --account-id 123456789012 --background
+iamlive --set-ini --mode proxy --profile myprofile --output-file policy.json --refresh-rate 1 --sort-alphabetical --bind-addr 127.0.0.1:10080 --ca-bundle ~/.iamlive/ca.pem --ca-key ~/.iamlive/ca.key --account-id 123456789012 --background --force-wildcard-resource
 ```
 
 The arguments may also be specified in an INI file located at `~/.iamlive/config`.

diff --git a/logger.go b/logger.go
@@ -111,6 +111,12 @@ func getPolicyDocument() []byte {
 			policy.Statement = append(policy.Statement, getStatementsForProxyCall(entry)...)
 		}
 
+		if *forceWildcardResourceFlag {
+			for i, _ := range policy.Statement {
+				policy.Statement[i].Resource = []string{"*"}
+			}
+		}
+
 		policy = aggregatePolicy(policy)
 
 		for i := 0; i < len(policy.Statement); i++ { // make any single wildcard resource a non-array

diff --git a/main.go b/main.go
@@ -27,6 +27,7 @@ var caBundleFlag *string
 var caKeyFlag *string
 var accountIDFlag *string
 var backgroundFlag *bool
+var forceWildcardResourceFlag *bool
 var cpuProfileFlag = flag.String("cpu-profile", "", "[experimental] write a CPU profile to this file (for performance testing purposes)")
 
 func parseConfig() {
@@ -43,6 +44,7 @@ func parseConfig() {
 	caKey := "~/.iamlive/ca.key"
 	accountID := "123456789012"
 	background := false
+	forceWildcardResource := false
 
 	cfgfile, err := homedir.Expand("~/.iamlive/config")
 	if err == nil {
@@ -87,6 +89,9 @@ func parseConfig() {
 			if cfg.Section("").HasKey("background") {
 				background, _ = cfg.Section("").Key("background").Bool()
 			}
+			if cfg.Section("").HasKey("force-wildcard-resource") {
+				forceWildcardResource, _ = cfg.Section("").Key("force-wildcard-resource").Bool()
+			}
 		}
 	}
 
@@ -103,6 +108,7 @@ func parseConfig() {
 	caKeyFlag = flag.String("ca-key", caKey, "[experimental] the CA certificate key to use for proxy mode")
 	accountIDFlag = flag.String("account-id", accountID, "[experimental] the AWS account ID to use in policy outputs within proxy mode")
 	backgroundFlag = flag.Bool("background", background, "when set, the process will return the current PID and run in the background without output")
+	forceWildcardResourceFlag = flag.Bool("force-wildcard-resource", forceWildcardResource, "when set, the Resource will always be a wildcard")
 }
 
 func main() {