Add IamPrincipal base resource (#2187)

.github/workflows/basecheck.yml

@@ -35,7 +35,7 @@ jobs:
           python3 ./tools/basechecker.py html > basecheck.html
 
       - name: Archive base resource coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: basecheck
           path: ./basecheck.html

.github/workflows/check_pr_fixlib.yml

@@ -43,7 +43,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: fixlib-code-coverage-report
           path: fixlib/htmlcov/

.github/workflows/check_pr_fixmetrics.yml

@@ -45,7 +45,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: fixmetrics-code-coverage-report
           path: fixmetrics/htmlcov/

.github/workflows/check_pr_fixshell.yml

@@ -46,7 +46,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: fixshell-code-coverage-report
           path: fixshell/htmlcov/

.github/workflows/check_pr_fixworker.yml

@@ -45,7 +45,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: fixworker-code-coverage-report
           path: fixworker/htmlcov/

.github/workflows/check_pr_plugin_aws.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-aws-code-coverage-report
           path: ./plugins/aws/htmlcov/

.github/workflows/check_pr_plugin_azure.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-azure-code-coverage-report
           path: ./plugins/azure/htmlcov/

.github/workflows/check_pr_plugin_digitalocean.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-digitalocean-code-coverage-report
           path: ./plugins/digitalocean/htmlcov/

.github/workflows/check_pr_plugin_dockerhub.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-dockerhub-code-coverage-report
           path: ./plugins/dockerhub/htmlcov/

.github/workflows/check_pr_plugin_example_collector.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-example_collector-code-coverage-report
           path: ./plugins/example_collector/htmlcov/

.github/workflows/check_pr_plugin_gcp.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-gcp-code-coverage-report
           path: ./plugins/gcp/htmlcov/

.github/workflows/check_pr_plugin_github.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-github-code-coverage-report
           path: ./plugins/github/htmlcov/

.github/workflows/check_pr_plugin_k8s.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-k8s-code-coverage-report
           path: ./plugins/k8s/htmlcov/

.github/workflows/check_pr_plugin_onelogin.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-onelogin-code-coverage-report
           path: ./plugins/onelogin/htmlcov/

.github/workflows/check_pr_plugin_onprem.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-onprem-code-coverage-report
           path: ./plugins/onprem/htmlcov/

.github/workflows/check_pr_plugin_posthog.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-posthog-code-coverage-report
           path: ./plugins/posthog/htmlcov/

.github/workflows/check_pr_plugin_random.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-random-code-coverage-report
           path: ./plugins/random/htmlcov/

.github/workflows/check_pr_plugin_scarf.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-scarf-code-coverage-report
           path: ./plugins/scarf/htmlcov/

.github/workflows/check_pr_plugin_slack.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-slack-code-coverage-report
           path: ./plugins/slack/htmlcov/

.github/workflows/check_pr_plugin_vsphere.yml

@@ -48,7 +48,7 @@ jobs:
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-vsphere-code-coverage-report
           path: ./plugins/vsphere/htmlcov/

.github/workflows/create_plugin_workflows.py

@@ -94,7 +94,7 @@
         run: tox
 
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: plugin-@name@-code-coverage-report
           path: @directory@/htmlcov/

fixlib/fixlib/baseresources.py

@@ -1236,6 +1236,17 @@ class BaseNetworkInterface(BaseResource):
     description: Optional[str] = None
 
 
+@define(eq=False, slots=False)
+class BaseIamPrincipal(BaseResource):
+    kind: ClassVar[str] = "iam_principal"
+    kind_display: ClassVar[str] = "IAM Principal"
+    kind_description: ClassVar[str] = (
+        "An IAM principal is an entity that can be authenticated and authorized to access resources."
+    )
+    metadata: ClassVar[Dict[str, Any]] = {"icon": "iam_principal", "group": "access_control"}
+    _categories: ClassVar[List[Category]] = [Category.iam]
+
+
 @define(eq=False, slots=False)
 class BaseUser(BaseResource):
     kind: ClassVar[str] = "user"

plugins/aws/fix_plugin_aws/resource/base.py

@@ -22,6 +22,7 @@
 from fixlib.utils import utc
 from fixlib.baseresources import (
     BaseAccount,
+    BaseIamPrincipal,
     BaseRegion,
     BaseResource,
     BaseVolumeType,
@@ -265,7 +266,7 @@ def __str__(self) -> str:
 
 # derived from https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
 @define(eq=False)
-class AwsAccount(BaseAccount, AwsResource):
+class AwsAccount(BaseAccount, AwsResource, BaseIamPrincipal):
     kind: ClassVar[str] = "aws_account"
     kind_display: ClassVar[str] = "AWS Account"
     kind_description: ClassVar[str] = (

plugins/aws/fix_plugin_aws/resource/iam.py

@@ -10,6 +10,7 @@
 from fix_plugin_aws.utils import ToDict
 from fixlib.baseresources import (
     BaseCertificate,
+    BaseIamPrincipal,
     BasePolicy,
     BaseGroup,
     BaseAccessKey,
@@ -104,7 +105,7 @@ class AwsIamRoleLastUsed:
 
 
 @define(eq=False, slots=False)
-class AwsIamRole(AwsResource, BaseRole):
+class AwsIamRole(AwsResource, BaseRole, BaseIamPrincipal):
     # Note: this resource is collected via AwsIamUser.collect.
     kind: ClassVar[str] = "aws_iam_role"
     aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/iam/home?region={region}#/roles/details/{RoleName}", "arn_tpl": "arn:{partition}:iam:{region}:{account}:role/{name}"}  # fmt: skip
@@ -619,7 +620,7 @@ class AwsIamVirtualMfaDevice:
 
 
 @define(eq=False, slots=False)
-class AwsRootUser(AwsResource, BaseUser):
+class AwsRootUser(AwsResource, BaseUser, BaseIamPrincipal):
     kind: ClassVar[str] = "aws_root_user"
     kind_display: ClassVar[str] = "AWS Root User"
     aws_metadata: ClassVar[Dict[str, Any]] = {"arn_tpl": "arn:{partition}:None:{region}:{account}:resource/{id}"}  # fmt: skip
@@ -639,7 +640,7 @@ class AwsRootUser(AwsResource, BaseUser):
 
 
 @define(eq=False, slots=False)
-class AwsIamUser(AwsResource, BaseUser):
+class AwsIamUser(AwsResource, BaseUser, BaseIamPrincipal):
     kind: ClassVar[str] = "aws_iam_user"
     kind_display: ClassVar[str] = "AWS IAM User"
     aws_metadata: ClassVar[Dict[str, Any]] = {"provider_link_tpl": "https://{region_id}.console.aws.amazon.com/iam/home?region={region}#/users/details/{name}", "arn_tpl": "arn:{partition}:iam::{account}:user/{name}"}  # fmt: skip