Merge pull request #68 from janiko71/dev

Dev
janiko71 · Nov 25, 2024 · 7b06e42 · 7b06e42
2 parents f20d921 + 4034312
commit 7b06e42
Show file tree

Hide file tree

Showing 12 changed files with 811 additions and 40 deletions.
diff --git a/new_inventory_api.py b/new_inventory_api.py
@@ -390,17 +390,18 @@ def inventory_handling(category, region_name, resource, boto_resource_name, node
                     empty_items = False
                     break
 
+            object_type = list(inventory.keys())[0] if inventory else 'Unknown'
+            if category not in results:
+                results[category] = {}
+            if resource not in results[category]:
+                results[category][resource] = {}
+            if object_type not in results[category][resource]:
+                results[category][resource][object_type] = {}
+
             if not empty_items or with_empty:
 
 				# --- Here: not empty, or we want to list the empty values too (arg 'with_empty')# --- Here: not empty, or we want to list the empty values too (arg 'with_empty')# --- Here: not empty, or we want to list the empty values too (arg 'with_empty')# --- Here: not empty, or we want to list the empty values too (arg 'with_empty')# --- Here: not empty, or we want to list the empty values too (arg 'with_empty')# --- Here: not empty, or we want to list the empty values too (arg 'with_empty')# --- Here: not empty, or we want to list the empty values too (arg 'with_empty')# --- Here: not empty, or we want to list the empty values too (arg 'with_empty')
 
-                object_type = list(inventory.keys())[0] if inventory else 'Unknown'
-                if category not in results:
-                    results[category] = {}
-                if resource not in results[category]:
-                    results[category][resource] = {}
-                if object_type not in results[category][resource]:
-                    results[category][resource][object_type] = {}
                 if region_name not in results[category][resource][object_type]:
                     results[category][resource][object_type][region_name] = {}
 
@@ -467,7 +468,7 @@ def resource_inventory(progress_callback, thread_list, category, resource, boto_
         thread = InventoryThread(category, region_name, resource, boto_resource_name, node_details, f"{resource} in {region_name}", progress_callback)
         print('.', end='')
         thread_list.append(thread)
-    pass
+
 
 # ------------------------------------------------------------------------------
 

diff --git a/readme.md b/readme.md
@@ -17,7 +17,7 @@ This project is *[donateware](https://github.com/sponsors/janiko71)*. If you lik
 
 - **Multithreading**: Concurrently performs inventory operations to speed up data collection.
 - **Service Coverage**: Supports a wide range of AWS services, including EC2, S3, RDS, Lambda, and more.
-- **Extendability**: All ressources and details inventory services are in JSON files. No need to write code to add new ressources!
+- **Extendability**: All resources and details inventory services are in JSON files. No need to write code to add new ressources!
 - **Policy Management**: Reads and merges IAM policy files to determine the necessary permissions for inventory operations directly from JSON files used in the project.
 - **Logging**: Detailed logging of operations and errors for troubleshooting and auditing purposes. Ensures the existence of log and output directories, and creates a timestamped log file.
 - **Inventory Processes**:

diff --git a/resources/inventory_local_IAM_security.yaml b/resources/inventory_local_IAM_security.yaml
@@ -24,30 +24,44 @@
 # - detail_param: the parameter to use to call the detailed inventory functions.
 
 kms:
-  boto_resource_name: kms
-  category: IAM and Security
-  inventory_nodes:
-    list_aliases:
-      detail_param: ''
-      item_key: ''
-      item_search_id: ''
-      permissions: ListAliases
-      result_key: ''
-    list_keys:
-      detail_param: ''
-      item_key: ''
-      item_search_id: ''
-      permissions: ListKeys
-      result_key: ''
-  region_type: local
+    boto_resource_name: kms
+    category: IAM and Security
+    inventory_nodes:
+        keys:
+            permissions: ListKeys
+            function: list_keys
+            key_policies:
+                permissions: GetKeyPolicy
+                function: get_key_policy
+                detail_functions:
+                    KeyPolicy:
+                        permissions: GetKeyPolicy
+                        item_search_id: KeyId
+                        detail_function: get_key_policy
+                        detail_param: KeyId
+
 secretsmanager:
-  boto_resource_name: secretsmanager
-  category: IAM and Security
-  inventory_nodes:
-    list_secrets:
-      detail_param: ''
-      item_key: ''
-      item_search_id: ''
-      permissions: ListSecrets
-      result_key: ''
-  region_type: local
+    boto_resource_name: secretsmanager
+    category: IAM and Security 
+    inventory_nodes:
+        secrets:
+            permissions: ListSecrets
+            function: list_secrets
+        secret_values:
+            permissions: GetSecretValue
+            function: get_secret_value
+            detail_functions:
+                SecretValue:
+                    permissions: GetSecretValue
+                    item_search_id: ARN
+                    detail_function: get_secret_value
+                    detail_param: SecretId
+
+cloudHSM:
+    boto_resource_name: cloudhsmv2
+    category: IAM and Security
+    inventory_nodes:
+        clusters:
+            permissions: DescribeClusters
+            function: describe_clusters
+