Modernizing the Codebase and Tooling

.github/dependabot.yml

@@ -0,0 +1,7 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/test.yml

@@ -0,0 +1,16 @@
+---
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: checkout the code
+        uses: actions/checkout@v3
+      - name: install go
+        uses: actions/setup-go@v2
+      - name: run unit tests
+        run: make test
+      - name: build a local artifact
+        run: make build

constants.go

@@ -7,13 +7,13 @@ const (
 
 	EVENT_ADD_USER    string = "AddUserToGroup"
 	EVENT_REMOVE_USER string = "RemoveUserFromGroup"
-	GROUP_BASE_URL  string = "https://console.aws.amazon.com/iam/home?region=us-east-1#/groups/"
-	ROLE_BASE_URL   string = "https://console.aws.amazon.com/iam/home?region=us-east-1#/roles/"
-	USER_BASE_URL   string = "https://console.aws.amazon.com/iam/home?region=us-east-1#/users/"
+	GROUP_BASE_URL    string = "https://console.aws.amazon.com/iam/home?region=us-east-1#/groups/"
+	ROLE_BASE_URL     string = "https://console.aws.amazon.com/iam/home?region=us-east-1#/roles/"
+	USER_BASE_URL     string = "https://console.aws.amazon.com/iam/home?region=us-east-1#/users/"
 
 	ADD_USER_SLACK_MSG    string = ":red-light: User %s was added to group %s (*Arn:* %s *IP:* %s)"
 	REMOVE_USER_SLACK_MSG string = ":green-light: User %s was removed from group %s (*Arn:* %s *IP:* %s)"
-	ERROR_SLACK_MSG string = ":x: IAM update failure: %s (*IP:* %s)"
+	ERROR_SLACK_MSG       string = ":x: IAM update failure: %s (*IP:* %s)"
 
 	DEFAULT_EMOJI    string = ":aws:"
 	DEFAULT_USERNAME string = "Escalated Privileges Watcher"

event_test.go

@@ -9,9 +9,9 @@ func TestProcessEventDetail(t *testing.T) {
 	t.Parallel()
 
 	cases := []struct {
-		Name        string
-		Payload     string
-		Expected    EventDetail
+		Name     string
+		Payload  string
+		Expected EventDetail
 	}{
 		{
 			"case1",
@@ -58,13 +58,13 @@ func TestProcessEventDetail(t *testing.T) {
 						SessionIssuer: SessionIssuer{
 							UserName: "johndoe",
 						},
-				 	},
+					},
 					Arn: "arn:aws:sts::0123456789012:assumed-role/johndoe/john.doe",
 				},
 				EventName: "AddUserToGroup",
 				RequestParameters: RequestParameters{
 					GroupName: "administrators",
-					UserName: "alice",
+					UserName:  "alice",
 				},
 				SourceIPAddress: "1.2.3.4",
 			},
@@ -106,19 +106,19 @@ func TestProcessEventDetail(t *testing.T) {
 			}`,
 			EventDetail{
 				ErrorMessage: "User: arn:aws:iam::002682819933:user/warren.wegner is not authorized to perform: iam:RemoveUserFromGroup on resource: group iam-group-content-tribe-Group-VCVVSEI39MNZ",
-				ErrorCode: "AccessDenied",
+				ErrorCode:    "AccessDenied",
 				UserIdentity: UserIdentity{
 					SessionContext: SessionContext{
 						SessionIssuer: SessionIssuer{
 							UserName: "",
 						},
-				 	},
+					},
 					Arn: "arn:aws:iam::002682819933:user/warren.wegner",
 				},
 				EventName: "RemoveUserFromGroup",
 				RequestParameters: RequestParameters{
 					GroupName: "",
-					UserName: "",
+					UserName:  "",
 				},
 				SourceIPAddress: "1.2.3.4",
 			},

go.mod

@@ -0,0 +1,7 @@
+module github.com/unbounce/paw
+
+go 1.19
+
+require github.com/aws/aws-lambda-go v1.40.0
+
+require github.com/stretchr/testify v1.8.0 // indirect

go.sum

@@ -0,0 +1,16 @@
+github.com/aws/aws-lambda-go v1.40.0 h1:6dKcDpXsTpapfCFF6Debng6CiV/Z3sNHekM6bwhI2J0=
+github.com/aws/aws-lambda-go v1.40.0/go.mod h1:jwFe2KmMsHmffA1X2R09hH6lFzJQxzI8qK17ewzbQMM=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -44,7 +44,7 @@ func Handler(ctx context.Context, event events.CloudWatchEvent) {
 
 	var msg SlackMessage
 
-	if (detail.ErrorMessage != "") {
+	if detail.ErrorMessage != "" {
 		msg = createErrorMessage(detail)
 	} else {
 		msg = createNotifyMessage(detail)
@@ -62,7 +62,6 @@ func main() {
 	lambda.Start(Handler)
 }
 
-
 func createErrorMessage(detail EventDetail) SlackMessage {
 	msg := SlackMessage{
 		Message:   fmt.Sprintf(ERROR_SLACK_MSG, detail.ErrorMessage, detail.SourceIPAddress),
@@ -85,7 +84,7 @@ func createNotifyMessage(detail EventDetail) SlackMessage {
 	}
 
 	msg := SlackMessage{
-		Message:   fmt.Sprintf(
+		Message: fmt.Sprintf(
 			fmtString,
 			convertToLink(detail.RequestParameters.UserName, USER_BASE_URL),
 			convertToLink(detail.RequestParameters.GroupName, GROUP_BASE_URL),
@@ -104,4 +103,4 @@ func convertToLink(iamResource string, linkType string) string {
 	link = fmt.Sprintf("<%s%s|%s>", linkType, iamResource, iamResource)
 
 	return link
-}
+}

main_test.go

@@ -1,8 +1,8 @@
 package main
 
 import (
-	"testing"
 	"fmt"
+	"testing"
 )
 
 func TestParseSlackChannels(t *testing.T) {
@@ -62,32 +62,32 @@ func stringSliceEq(a, b []string) bool {
 func TestCreateErrorMessage(t *testing.T) {
 	detail := EventDetail{
 		ErrorMessage: "User: arn:aws:iam::002682819933:user/warren.wegner is not authorized to perform: iam:RemoveUserFromGroup on resource: group iam-group-content-tribe-Group-VCVVSEI39MNZ",
-		ErrorCode: "AccessDenied",
+		ErrorCode:    "AccessDenied",
 		UserIdentity: UserIdentity{
 			SessionContext: SessionContext{
 				SessionIssuer: SessionIssuer{
 					UserName: "",
 				},
-				},
+			},
 			Arn: "arn:aws:iam::002682819933:user/warren.wegner",
 		},
 		EventName: "RemoveUserFromGroup",
 		RequestParameters: RequestParameters{
 			GroupName: "",
-			UserName: "",
+			UserName:  "",
 		},
 		SourceIPAddress: "1.2.3.4",
 	}
 
 	actual := createErrorMessage(detail)
 
 	expected := SlackMessage{
-		Message: fmt.Sprintf(ERROR_SLACK_MSG, "User: arn:aws:iam::002682819933:user/warren.wegner is not authorized to perform: iam:RemoveUserFromGroup on resource: group iam-group-content-tribe-Group-VCVVSEI39MNZ", "1.2.3.4"),
-		UserName: DEFAULT_USERNAME,
+		Message:   fmt.Sprintf(ERROR_SLACK_MSG, "User: arn:aws:iam::002682819933:user/warren.wegner is not authorized to perform: iam:RemoveUserFromGroup on resource: group iam-group-content-tribe-Group-VCVVSEI39MNZ", "1.2.3.4"),
+		UserName:  DEFAULT_USERNAME,
 		IconEmoji: DEFAULT_EMOJI,
 	}
 
-	if (actual != expected) {
+	if actual != expected {
 		t.Errorf("[CreateErrorMessage] Expected %v but go t%v", expected, actual)
 	}
 
@@ -100,26 +100,26 @@ func TestCreateNotifyMessage(t *testing.T) {
 				SessionIssuer: SessionIssuer{
 					UserName: "johndoe",
 				},
-			 },
+			},
 			Arn: "arn:aws:sts::0123456789012:assumed-role/johndoe/john.doe",
 		},
 		EventName: "AddUserToGroup",
 		RequestParameters: RequestParameters{
 			GroupName: "administrators",
-			UserName: "alice",
+			UserName:  "alice",
 		},
 		SourceIPAddress: "1.2.3.4",
 	}
 
 	actual := createNotifyMessage(detail)
 
 	expected := SlackMessage{
-		Message: fmt.Sprintf(ADD_USER_SLACK_MSG, "<https://console.aws.amazon.com/iam/home?region=us-east-1#/users/alice|alice>", "<https://console.aws.amazon.com/iam/home?region=us-east-1#/groups/administrators|administrators>", "arn:aws:sts::0123456789012:assumed-role/johndoe/john.doe", "1.2.3.4"),
-		UserName: DEFAULT_USERNAME,
+		Message:   fmt.Sprintf(ADD_USER_SLACK_MSG, "<https://console.aws.amazon.com/iam/home?region=us-east-1#/users/alice|alice>", "<https://console.aws.amazon.com/iam/home?region=us-east-1#/groups/administrators|administrators>", "arn:aws:sts::0123456789012:assumed-role/johndoe/john.doe", "1.2.3.4"),
+		UserName:  DEFAULT_USERNAME,
 		IconEmoji: DEFAULT_EMOJI,
 	}
 
-	if (actual != expected) {
+	if actual != expected {
 		t.Errorf("[CreateNotifyMessage] Expected %v but go t%v", expected, actual)
 	}
-}
+}