Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetGroupNames ¶
GetGroupNames gets group name list from groups.
func GetResourceAndAction ¶
func GetResourceAndAction(list []ResourceAction) []string
GetResourceAndAction returns resource and action of policy.
Types ¶
type AwsPolicy ¶
type AwsPolicy struct { ARN string PolicyName string Policy iam.PolicyDocument PolicyActions []string PolicyResourceActions []ResourceAction AttachedUsers []string AttachedGroups []Group AttachedGroupUsers []string AttachedAllUsers []string AttachedRoles []string }
AwsPolicy contains aws policy data.
func (AwsPolicy) GetEntityAndType ¶ added in v0.0.2
func (*AwsPolicy) SetEntityList ¶
func (p *AwsPolicy) SetEntityList(list []iam.PolicyEntity)
SetEntityList sets policy entities.
func (*AwsPolicy) SetPolicy ¶
func (p *AwsPolicy) SetPolicy(pd iam.PolicyDocument)
SetPolicy sets resources and actions from PolicyDcoument.
type Config ¶
type Config struct { OutputFile string TargetResource string // space separated TargetAction string // space separated TargetActionService string // space separated ShowAllPolicy bool // contains filtered or unexported fields }
Config contains settings.
func (Config) GetOutputFile ¶
GetOutputFile gets output file name.
func (*Config) GetTargetActionServices ¶ added in v0.0.2
func (c *Config) GetTargetActionServices() *TargetService
GetTargetActionServices gets filter rule for services in policy action.
func (*Config) GetTargetActions ¶ added in v0.0.2
GetTargetActions gets filter rule for policy action.
func (*Config) GetTargetResources ¶ added in v0.0.2
GetTargetResources gets filter rule for policy resource.
type FileHandler ¶
type FileHandler struct {
// contains filtered or unexported fields
}
FileHandler handles CSV file.
func NewFileHandler ¶
func NewFileHandler(file string) (*FileHandler, error)
NewFileHandler returns initialized *FileHandler
type PolicyChecker ¶ added in v0.0.2
type PolicyChecker struct {
// contains filtered or unexported fields
}
PolicyChecker is struct for checking IAM policies.
func NewWithConfig ¶ added in v0.0.2
func NewWithConfig(conf Config) (*PolicyChecker, error)
NewWithConfig create *PolicyChecker from config.Config.
func (*PolicyChecker) CheckInlinePolicies ¶ added in v0.0.2
func (c *PolicyChecker) CheckInlinePolicies() error
CheckInlinePolicies fetches inline policy list.
func (*PolicyChecker) CheckPolicies ¶ added in v0.0.2
func (c *PolicyChecker) CheckPolicies() error
CheckPolicies fetches policy list and check the permissions.
type ResourceAction ¶
type ResourceAction struct { Actions []string `json:"actions"` Resources []string `json:"resources"` }
ResourceAction contains Action and Resource list.
type TargetService ¶
type TargetService struct {
Map map[string]interface{}
}
TargetService checks the action cotains target service.
func (TargetService) HasTargetInActions ¶
func (s TargetService) HasTargetInActions(actions []string) bool
HasTargetInActions checks if given actions contains target service.