-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathciem-AdministratorAccess-report.sh
65 lines (50 loc) · 2.62 KB
/
ciem-AdministratorAccess-report.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/bash
#Tenant Info
PC_APIURL="https://apix.prismacloud.io"
PC_ACCESSKEY=""
PC_SECRETKEY=""
AUTH_PAYLOAD=$(cat <<EOF
{"username": "$PC_ACCESSKEY", "password": "$PC_SECRETKEY"}
EOF
)
PC_JWT_RESPONSE=$(curl -s --request POST \
--url "$PC_APIURL/login" \
--header 'Accept: application/json; charset=UTF-8' \
--header 'Content-Type: application/json; charset=UTF-8' \
--data "${AUTH_PAYLOAD}")
PC_JWT=$(printf %s "$PC_JWT_RESPONSE" | jq -r '.token' )
REPORT_DATE=$(date +%m_%d_%y)
REPORT_LOCATION="$HOME/reports/AdministratorAccess_policy_Usage_$REPORT_DATE.csv"
mkdir -p $HOME/reports
echo "Resource ID, Resource Cloud Account, Granted By Entity, Entity Cloud Account, Granted By Policy, Policy Cloud Account, Policy Type" > $REPORT_LOCATION
rql_request_body=$(cat <<EOF
{
"query": "config from iam where source.cloud.type = 'AWS' and grantedby.cloud.policy.name = 'AdministratorAccess'",
"groupByFields":["source","sourceCloudAccount","grantedByEntity","entityCloudAccount","grantedByPolicy","policyCloudAccount"]
}
EOF
)
curl -L -X POST "$PC_APIURL/iam/api/v4/search/permission" \
--header "accept: application/json; charset=UTF-8" \
--header "content-type: application/json" \
--header "x-redlock-auth: $PC_JWT" \
--data-raw "$rql_request_body" > temp.json
next_page_token=$(jq -r '.data.nextPageToken' temp.json)
cat temp.json | jq ' .data.items[]' | jq -r '[.sourceResourceId, .sourceCloudAccount, .grantedByCloudEntityId, .grantedByCloudEntityAccount, .grantedByCloudPolicyName, .grantedByCloudPolicyAccount, .grantedByCloudPolicyType ] | @csv' >> $REPORT_LOCATION
if [ -z "$next_page_token" ]; then
echo "nextPageToken is not found"
else
rql_request_body=$(cat <<EOF
{
"query": "config from iam where source.cloud.type = 'AWS' and grantedby.cloud.policy.name = 'AdministratorAccess'",
"groupByFields":["source","sourceCloudAccount","grantedByEntity","entityCloudAccount","grantedByPolicy","policyCloudAccount"],
"nextPageToken": "$next_page_token"
}
EOF
)
curl -L -X POST "$PC_APIURL/iam/api/v4/search/permission" \
--header "accept: application/json; charset=UTF-8" \
--header "content-type: application/json" \
--header "x-redlock-auth: $PC_JWT" \
--data-raw "$rql_request_body" | jq ' .data.items[]' | jq -r '[.sourceResourceId, .sourceCloudAccount, .grantedByCloudEntityId, .grantedByCloudEntityAccount, .grantedByCloudPolicyName, .grantedByCloudPolicyAccount, .grantedByCloudPolicyType ] | @csv' >> $REPORT_LOCATION
fi