checker

package

v0.0.2 Latest Latest Go to latest Published: Mar 19, 2019 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/evalphobia/cloud-iam-policy-checker

Links

Open Source Insights

Documentation ¶

Index ¶

func GetGroupNames(list []Group) []string
func GetResourceAndAction(list []ResourceAction) []string
type AwsPolicy
type Config
type FileHandler
- func NewFileHandler(file string) (*FileHandler, error)
- func (f *FileHandler) WriteAll(header []string, lines [][]string) error
type Group
- func (g Group) String() string
type PolicyChecker
- func New() (*PolicyChecker, error)
- func NewWithConfig(conf Config) (*PolicyChecker, error)
- func (c *PolicyChecker) CheckInlinePolicies() error
- func (c *PolicyChecker) CheckPolicies() error
type ResourceAction
type TargetService
- func (s TargetService) HasTargetInActions(actions []string) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetGroupNames ¶

func GetGroupNames(list []Group) []string

GetGroupNames gets group name list from groups.

func GetResourceAndAction ¶

func GetResourceAndAction(list []ResourceAction) []string

GetResourceAndAction returns resource and action of policy.

Types ¶

type AwsPolicy ¶

type AwsPolicy struct {
	ARN                   string
	PolicyName            string
	Policy                iam.PolicyDocument
	PolicyActions         []string
	PolicyResourceActions []ResourceAction

	AttachedUsers      []string
	AttachedGroups     []Group
	AttachedGroupUsers []string
	AttachedAllUsers   []string
	AttachedRoles      []string
}

AwsPolicy contains aws policy data.

func (AwsPolicy) GetEntityAndType ¶ added in v0.0.2

func (p AwsPolicy) GetEntityAndType() (typ string, entities []string)

func (*AwsPolicy) SetEntityList ¶

func (p *AwsPolicy) SetEntityList(list []iam.PolicyEntity)

SetEntityList sets policy entities.

func (*AwsPolicy) SetPolicy ¶

func (p *AwsPolicy) SetPolicy(pd iam.PolicyDocument)

SetPolicy sets resources and actions from PolicyDcoument.

type Config ¶

type Config struct {
	OutputFile          string
	TargetResource      string // space separated
	TargetAction        string // space separated
	TargetActionService string // space separated
	ShowAllPolicy       bool
	// contains filtered or unexported fields
}

Config contains settings.

func (Config) GetOutputFile ¶

func (c Config) GetOutputFile() string

GetOutputFile gets output file name.

func (*Config) GetTargetActionServices ¶ added in v0.0.2

func (c *Config) GetTargetActionServices() *TargetService

GetTargetActionServices gets filter rule for services in policy action.

func (*Config) GetTargetActions ¶ added in v0.0.2

func (c *Config) GetTargetActions() []string

GetTargetActions gets filter rule for policy action.

func (*Config) GetTargetResources ¶ added in v0.0.2

func (c *Config) GetTargetResources() []string

GetTargetResources gets filter rule for policy resource.

func (Config) Validate ¶ added in v0.0.2

func (c Config) Validate() error

Validate validates config has valid rules or not.

type FileHandler ¶

type FileHandler struct {
	// contains filtered or unexported fields
}

FileHandler handles CSV file.

func NewFileHandler ¶

func NewFileHandler(file string) (*FileHandler, error)

NewFileHandler returns initialized *FileHandler

func (*FileHandler) WriteAll ¶

func (f *FileHandler) WriteAll(header []string, lines [][]string) error

WriteAll writes lines into file

type Group ¶

type Group struct {
	Name  string
	Users []string
}

Group contains group name and users.

func (Group) String ¶

func (g Group) String() string

type PolicyChecker ¶ added in v0.0.2

type PolicyChecker struct {
	// contains filtered or unexported fields
}

PolicyChecker is struct for checking IAM policies.

func New ¶

func New() (*PolicyChecker, error)

New create *PolicyChecker from empty config.

func NewWithConfig ¶ added in v0.0.2

func NewWithConfig(conf Config) (*PolicyChecker, error)

NewWithConfig create *PolicyChecker from config.Config.

func (*PolicyChecker) CheckInlinePolicies ¶ added in v0.0.2

func (c *PolicyChecker) CheckInlinePolicies() error

CheckInlinePolicies fetches inline policy list.

func (*PolicyChecker) CheckPolicies ¶ added in v0.0.2

func (c *PolicyChecker) CheckPolicies() error

CheckPolicies fetches policy list and check the permissions.

type ResourceAction ¶

type ResourceAction struct {
	Actions   []string `json:"actions"`
	Resources []string `json:"resources"`
}

ResourceAction contains Action and Resource list.

type TargetService ¶

type TargetService struct {
	Map map[string]interface{}
}

TargetService checks the action cotains target service.

func (TargetService) HasTargetInActions ¶

func (s TargetService) HasTargetInActions(actions []string) bool

HasTargetInActions checks if given actions contains target service.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL