Merge pull request #74 from DevopsArtFactory/feat/iam-user-browser

feat: add IAM user browser

Author: nathanhuh

PLAN.md

@@ -145,9 +145,9 @@ unic/
 - List hosted zones → drill into DNS records → record detail view
 - Filter support on zone list and record list
 
-**M3.9 — IAM Users**
-- List IAM users with metadata (creation date, last activity, MFA status)
-- View user details (attached policies, groups, access keys)
+**M3.9 — IAM Users** ✅
+- List IAM users with metadata (creation date, last activity, MFA status) ✅
+- View user details (attached policies, groups, access keys) ✅
 
 **M3.7 — CloudWatch Logs**
 - List log groups → log streams
@@ -267,7 +267,7 @@ Note: M5.2 (textinput) provides the foundation for M6 (enhanced search) — they
 - M1 is complete; M2 is deferred (relying on AWS SDK default credential chain)
 - M2.1 (Context-based auth with SSO, credential, assume-role) is complete
 - M3 services are independent of each other, build in any order
-- M3.1 (VPC), M3.2 (RDS), M3.3 (IAM Credentials), M3.4 (SSM Sessions), M3.5 (Security Groups), M3.6.1 (Route53 phase 1), and M3.9 (Secrets Manager) are complete
+- M3.1 (VPC), M3.2 (RDS), M3.3 (IAM Credentials), M3.4 (SSM Sessions), M3.5 (Security Groups), M3.6.1 (Route53 phase 1), IAM Users, and Secrets Manager are complete
 - M4.3 (Distribution) is partially done (GoReleaser + GitHub Actions)
 - M5.1 (File Extraction) is complete — app.go split into per-screen files
 - M5 and M6 can begin independently of remaining M3/M4 work

README.md

@@ -125,6 +125,7 @@ contexts:
 | Route53 | DNS Browser (Hosted Zones → Records → Record Detail, create/edit/delete A/CNAME, change status polling) | ✅ Implemented |
 | CloudWatch Logs | Log Browser (Log Groups → Streams → Events, live tail with 2s poll, time range presets, filter patterns, log level highlighting) | ✅ Implemented |
 | Secrets Manager | Secrets Browser (list secrets, view key-value pairs or raw values) | ✅ Implemented |
+| IAM | IAM User Browser (lightweight username pages, background filter expansion, detail drill-down) | ✅ Implemented |
 | IAM | Access Key Browser (list keys with status, age, last used) | ✅ Implemented |
 | IAM | Access Key Rotation (create → verify/apply → deactivate → delete) | ✅ Implemented |
 
@@ -171,6 +172,14 @@ contexts:
 | `f` | Failover database | Multi-AZ standalone or Aurora cluster |
 | `r` | Refresh status | Always |
 
+### IAM Users
+
+| Key | Action | Screen |
+|-----|--------|--------|
+| `/` | Filter IAM users and continue loading remaining usernames in background | List |
+| `n` | Load next page of IAM users | List |
+| `Enter` | View groups, policies, and access keys | List |
+
 ### IAM Access Key Rotation
 
 | Key | Action | Screen |
@@ -204,17 +213,7 @@ contexts:
 
 ### Filtering
 
-Available on: EC2 instances, VPC/Subnets, RDS instances, Route53 zones/records, CloudWatch Log Groups/Streams, Secrets Manager, Context Switcher. Press `/` to enter filter mode, type to search, `Esc` or `Enter` to exit filter mode.
-
-### IAM Access Key Rotation
-
-| Key | Action | Screen |
-|-----|--------|--------|
-| `r` | Rotate access key | Key detail |
-| `c` | Copy new key as export commands | Rotation result |
-| `a` | Apply new key to ~/.aws/credentials | Rotation result |
-| `d` | Deactivate old key | Rotation result |
-| `x` | Delete old inactive key | Rotation result |
+Available on: EC2 instances, IAM users, VPC/Subnets, RDS instances, Route53 zones/records, CloudWatch Log Groups/Streams, Secrets Manager, Context Switcher. Press `/` to enter filter mode, type to search, `Esc` or `Enter` to exit filter mode.
 
 ## Documentation
 

internal/app/app.go

@@ -39,6 +39,8 @@ const (
 	screenSecurityGroupDetail
 	screenSecurityGroupAddRule
 	screenSecurityGroupDeleteConfirm
+	screenIAMUserList
+	screenIAMUserDetail
 	screenIAMKeyList
 	screenIAMKeyDetail
 	screenIAMKeyRotateConfirm
@@ -117,17 +119,26 @@ type Model struct {
 	selectedRoute53Record     *awsservice.DNSRecord
 
 	// Route53 mutation state
-	route53Action       string            // "create", "edit", "delete"
-	route53ConfirmInput string            // type-to-confirm for delete
-	route53EditField    int               // current form field index
-	route53EditValues   map[string]string // accumulated form values
-	route53EditInput    string            // current field text input
-	route53EditSelectIdx int              // index for select-type fields (record type)
-	route53ChangeID     string            // for status polling
-	route53ChangeStatus string            // "PENDING" / "INSYNC"
-	route53Polling      bool              // polling active
+	route53Action        string            // "create", "edit", "delete"
+	route53ConfirmInput  string            // type-to-confirm for delete
+	route53EditField     int               // current form field index
+	route53EditValues    map[string]string // accumulated form values
+	route53EditInput     string            // current field text input
+	route53EditSelectIdx int               // index for select-type fields (record type)
+	route53ChangeID      string            // for status polling
+	route53ChangeStatus  string            // "PENDING" / "INSYNC"
+	route53Polling       bool              // polling active
 
 	// IAM credentials state
+	iamUsers            []awsservice.IAMUser
+	filteredIAMUsers    []awsservice.IAMUser
+	iamUserIdx          int
+	iamUserFilter       string
+	iamUserFilterActive bool
+	iamUserLoadingMore  bool
+	iamUserHasMore      bool
+	iamUserNextMarker   string
+	selectedIAMUser     *awsservice.IAMUserDetail
 	iamKeys             []awsservice.AccessKey
 	iamKeyIdx           int
 	selectedIAMKey      *awsservice.AccessKey
@@ -161,31 +172,31 @@ type Model struct {
 	sgDeleteConfirm        string // type-to-confirm input for rule deletion
 	sgDeleteRule           *awsservice.SecurityGroupRule
 	sgAddField             int               // current field in add form (0=direction, 1=protocol, 2=fromPort, 3=toPort, 4=source, 5=description)
-	sgAddValues            map[string]string  // accumulated form values
-	sgAddInput             string             // current field text input
-	sgAddSelectIdx         int                // index for select-type fields (direction, protocol)
+	sgAddValues            map[string]string // accumulated form values
+	sgAddInput             string            // current field text input
+	sgAddSelectIdx         int               // index for select-type fields (direction, protocol)
 
 	// CloudWatch Logs browser state
-	cwLogGroups            []awsservice.LogGroup
-	filteredCWLogGroups    []awsservice.LogGroup
-	cwLogGroupIdx          int
-	cwLogGroupFilter       string
-	cwLogGroupFilterActive bool
-	selectedCWLogGroup     *awsservice.LogGroup
+	cwLogGroups             []awsservice.LogGroup
+	filteredCWLogGroups     []awsservice.LogGroup
+	cwLogGroupIdx           int
+	cwLogGroupFilter        string
+	cwLogGroupFilterActive  bool
+	selectedCWLogGroup      *awsservice.LogGroup
 	cwLogStreams            []awsservice.LogStream
 	filteredCWLogStreams    []awsservice.LogStream
 	cwLogStreamIdx          int
 	cwLogStreamFilter       string
 	cwLogStreamFilterActive bool
 	selectedCWLogStream     *awsservice.LogStream
-	cwLogEvents            []awsservice.LogEvent
-	cwLogScrollOffset      int
-	cwLogNextToken         *string
-	cwLogTimeRange         int    // index into preset time ranges
-	cwLogFilterPattern     string
-	cwLogFilterActive      bool   // filter pattern input active
-	cwLogTailing           bool   // live tail active
-	cwLogTailToken         *string
+	cwLogEvents             []awsservice.LogEvent
+	cwLogScrollOffset       int
+	cwLogNextToken          *string
+	cwLogTimeRange          int // index into preset time ranges
+	cwLogFilterPattern      string
+	cwLogFilterActive       bool // filter pattern input active
+	cwLogTailing            bool // live tail active
+	cwLogTailToken          *string
 
 	// Context picker
 	configPath         string
@@ -210,7 +221,7 @@ type Model struct {
 
 	// Update check
 	currentVersion  string
-	updateAvailable string             // non-empty = new version available
+	updateAvailable string // non-empty = new version available
 	installMethod   update.InstallMethod
 
 	// Error display
@@ -375,6 +386,10 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 			return m.updateSecurityGroupAddRule(msg)
 		case screenSecurityGroupDeleteConfirm:
 			return m.updateSecurityGroupDeleteConfirm(msg)
+		case screenIAMUserList:
+			return m.updateIAMUserList(msg)
+		case screenIAMUserDetail:
+			return m.updateIAMUserDetail(msg)
 		case screenIAMKeyList:
 			return m.updateIAMKeyList(msg)
 		case screenIAMKeyDetail:
@@ -475,6 +490,9 @@ func (m Model) updateFeatureList(msg tea.KeyMsg) (tea.Model, tea.Cmd) {
 			case domain.FeatureSecurityGroupBrowser:
 				m.screen = screenLoading
 				return m, m.loadSecurityGroups()
+			case domain.FeatureIAMUsersBrowser:
+				m.screen = screenLoading
+				return m, m.loadIAMUsers()
 			case domain.FeatureListAccessKeys:
 				m.iamRotationEnabled = false
 				m.screen = screenLoading
@@ -556,6 +574,10 @@ func (m Model) View() string {
 		v = m.viewSecurityGroupAddRule()
 	case screenSecurityGroupDeleteConfirm:
 		v = m.viewSecurityGroupDeleteConfirm()
+	case screenIAMUserList:
+		v = m.viewIAMUserList()
+	case screenIAMUserDetail:
+		v = m.viewIAMUserDetail()
 	case screenIAMKeyList:
 		v = m.viewIAMKeyList()
 	case screenIAMKeyDetail:
@@ -760,7 +782,6 @@ func (m Model) updateSecretDetail(msg tea.KeyMsg) (tea.Model, tea.Cmd) {
 	return m, nil
 }
 
-
 func (m Model) viewSecretList() string {
 	var b strings.Builder
 	b.WriteString(m.renderStatusBar())