#!/usr/bin/python3
import boto3
import jmespath
import json

# dump user/group/role policies that are attached to at least 1 entity

client = boto3.client('iam')

print("** Users **")
entity = client.list_users()
for u in jmespath.search("Users[*].UserName", entity):
    print(u)
    policies = client.list_attached_user_policies(UserName=u)
    name_arn = jmespath.search('AttachedPolicies[*].{PolicyName: PolicyName, PolicyArn: PolicyArn}', policies)
    for i in name_arn:
        print("-", i["PolicyName"])
        with open("Policies/User/"+i["PolicyName"]+'.json', 'w', encoding='utf-8') as f:
            policy_version = client.get_policy(PolicyArn=i["PolicyArn"])
            policy_json = client.get_policy_version(PolicyArn=i["PolicyArn"], VersionId=policy_version["Policy"]["DefaultVersionId"])
            json.dump(policy_json["PolicyVersion"]["Document"], f, ensure_ascii=False, indent=4)
    inlines = client.list_user_policies(UserName=u)
    for ip in inlines["PolicyNames"]:
        print("- (inline)", ip)
        inline_policy = client.get_user_policy(UserName=u, PolicyName=ip)
        with open("Policies/User/"+u+"_"+ip+'.json', 'w', encoding='utf-8') as f:
            json.dump(inline_policy["PolicyDocument"], f, ensure_ascii=False, indent=4)

print("** Groups **")
entity = client.list_groups()
for g in jmespath.search("Groups[*].GroupName", entity):
    print(g)
    policies = client.list_attached_group_policies(GroupName=g)
    name_arn = jmespath.search('AttachedPolicies[*].{PolicyName: PolicyName, PolicyArn: PolicyArn}', policies)
    for i in name_arn:
        print("-", i["PolicyName"])
        with open("Policies/Group/"+i["PolicyName"]+'.json', 'w', encoding='utf-8') as f:
            policy_version = client.get_policy(PolicyArn=i["PolicyArn"])
            policy_json = client.get_policy_version(PolicyArn=i["PolicyArn"], VersionId=policy_version["Policy"]["DefaultVersionId"])
            json.dump(policy_json["PolicyVersion"]["Document"], f, ensure_ascii=False, indent=4)

print("** Roles **")
entity = client.list_roles()
for r in jmespath.search("Roles[*].RoleName", entity):
    print(r)
    policies = client.list_attached_role_policies(RoleName=r)
    name_arn = jmespath.search('AttachedPolicies[*].{PolicyName: PolicyName, PolicyArn: PolicyArn}', policies)
    for i in name_arn:
        print("-", i["PolicyName"])
        with open("Policies/Role/"+i["PolicyName"]+'.json', 'w', encoding='utf-8') as f:
            policy_version = client.get_policy(PolicyArn=i["PolicyArn"])
            policy_json = client.get_policy_version(PolicyArn=i["PolicyArn"], VersionId=policy_version["Policy"]["DefaultVersionId"])
            json.dump(policy_json["PolicyVersion"]["Document"], f, ensure_ascii=False, indent=4)
    inlines = client.list_role_policies(RoleName=r)
    for ip in inlines["PolicyNames"]:
        print("- (inline)", ip)
        inline_policy = client.get_role_policy(RoleName=r, PolicyName=ip)
        with open("Policies/Role/"+r+"_"+ip+'.json', 'w', encoding='utf-8') as f:
            json.dump(inline_policy["PolicyDocument"], f, ensure_ascii=False, indent=4)