config

package
v0.0.0-...-c5563bb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 4, 2017 License: GPL-3.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Log = newLogger()
View Source 
var LogicalConditionsTypes = []string{"AND", "OR"}
View Source 
var ValidEmailFieldNames = []string{"State.Creator", "APIEvent.UserIdentity.ARN", "State.Owner", "State.Operator"}

Functions

func ContainsString 

func ContainsString(s []string, e string) bool

Types

type APICall 

type APICall struct {
	Name      string           `hcl:",key"`
	Tag       []TagResource    `hcl:"tag"`
	Compliant []CompliantCheck `hcl:"compliant"`
}

APICall can have the following values: 

CreateTags
DeleteTags
AuthorizeSecurityGroupEgress
AuthorizeSecurityGroupIngress
CreateSecurityGroup
DeleteSecurityGroup
RevokeSecurityGroupEgress
RevokeSecurityGroupIngress

func (APICall) CheckCompliance 

func (ac APICall) CheckCompliance(getResourceProperties func(string) []string, resourceId string, eventuser EventUserInfo) []CompliantCheckResult

CheckCompliance checks all compliance definitions

func (APICall) SetTag 

func (ac APICall) SetTag(getValueFromTemplate func(input string) (string, error),
	resourceTaggingFunction func(string, string) error,
	triggerResourceAction func(
		string, string))
SetTag applies resource tags

getValueFromTemplate func(input string) (string, error): 

Function pointer to parse input e.g. with the help of a templating library

resourceTaggingFunction func(string, string) error: 

Resource specific function to set the tags

triggerResourceAction func(string, string): 

Arguments: property, action
Function that provides the action functionality of the configuration

func (APICall) TagResource 

func (ac APICall) TagResource(resourceTagFunction func(string, string) error) error

type Account 

type Account struct {
	Name            string `hcl:",key"`
	AccountID       string `hcl:"account_id"`
	Region          string `hcl:"region"`
	ArebotRoleArn   string `hcl:"arebot_role_arn"`
	AllEventsQueue  string `hcl:"all_events_queue"`
	RoleSessionName string `hcl:"role_session_name"`
}

type Action 

type Action struct {
	Name      string              `hcl:",key"`
	Email     EmailNotification   `hcl:"email"`
	Condition []TimeCondition     `hcl:"condition"`
	Operation []ResourceOperation `hcl:"operation"`
}

The action to take in response to a non-compliant check

type ActionTrigger 

type ActionTrigger struct {
	Name     string   `hcl:",key"`
	Schedule string   `hcl:"schedule"`
	Action   []string `hcl:"action"`
}

type CompliancePolicy 

type CompliancePolicy struct {
	Name          string          `hcl:",key"`
	Account       string          `hcl:"account"`
	VpcID         string          `hcl:"vpc"` // default ".*"
	APICall       []APICall       `hcl:"api_call"`
	Action        []Action        `hcl:"action"`
	ActionTrigger []ActionTrigger `hcl:"action_trigger"`
}

type CompliantCheck 

type CompliantCheck struct {
	Name       string `hcl:",key"`
	PolicyName string `hcl:"policy_name"`
	StateOwner string `hcl:"state_owner"`
	// pattern to check
	Schema string `hcl:"schema"`
	// pattern negation trigger - negate regular extension defined in schema
	Negate      bool        `hcl:"negate"`
	Mandatory   bool        `hcl:"mandatory"`
	Description string      `hcl:"description"`
	Condition   []Condition `hcl:"condition"`
	Actions     []string    `hcl:"actions"`
}
CompliantCheck checks whether the resource property "Name" is compliant

with what defined in "Schema"

func (CompliantCheck) IsCompliant 

func (c CompliantCheck) IsCompliant(prop string, value string) (bool, error)

IsCompliant returns true, nil if the property is compliant, false, nil if it is not compliant false, error in case the compliance check is not matching the property

type CompliantCheckResult 

type CompliantCheckResult struct {
	IsCompliant          bool
	Check                CompliantCheck
	EventUser            EventUserInfo
	EventType            string
	Value, ResourceId    string
	DateAndTypeComposite string
	CreationDate         time.Time
}

func (CompliantCheckResult) IsIpPermissionsCheck 

func (ccres CompliantCheckResult) IsIpPermissionsCheck() bool

Return true if the compliant check associated with this result is related to an IpPermissions-type event; return false otherwise.

func (CompliantCheckResult) IsSameCheck 

func (ccres CompliantCheckResult) IsSameCheck(otherOne CompliantCheckResult) bool
Compare the values of two CompliantCheckResult objects, except from "IsCompliant" "Value"

and "Date". Return true if the values are the same; return false otherwise

func (CompliantCheckResult) IsSameCheckResult 

func (ccres CompliantCheckResult) IsSameCheckResult(otherOne CompliantCheckResult) bool
Compare the values of two CompliantCheckResult objects, except from "Date".

Return true if the values are are the same; return false otherwise

type Condition 

type Condition struct {
	//tag_key_not_exists/tag_value_not_exists vs. tag_key_exists/tag_value_exists
	//Type can be set to 'AND'/'OR' values and then
	Name      string      `hcl:",key"`
	Type      string      `hcl:"type"`
	Value     string      `hcl:"value"`
	Condition []Condition `hcl:"condition"`
}

type Config 

type Config struct {
	Region              string             `hcl:"region"`
	AccessKey           string             `hcl:"access_key"`
	SecretKey           string             `hcl:"secret_key"`
	SecurityGroupPolicy []CompliancePolicy `hcl:"security_group_policy"`
	EC2Policy           []CompliancePolicy `hcl:"ec2_policy"`
	S3Policy            []CompliancePolicy `hcl:"s3_policy"`
	AreBotUserSession   string             `hcl:"arebot_user_session_name"`
	Account             []Account          `hcl:"account"`
	LdapConfig          LdapConfig         `hcl:"ldap_config"`
	S3Config            S3Config           `hcl:"s3_config"`
	SesConfig           SesConfig          `hcl:"ses_config"`
	DynamoDBConfig      DynamoDBConfig     `hcl:"dynamodb_config"`
}

Config type

func ParseConfig 

func ParseConfig(hclText string) (*Config, error)

ParseConfig parse the given HCL string into a Config struct.

func (Config) GetAPICallConfigs 

func (cfg Config) GetAPICallConfigs(apiCall string, accountID string, vpc string, policyType string) ([]CompliancePolicy, []APICall)

GetAPICallConfigs returns all APICall configuration objects for a given apiCall

func (Config) GetAccount 

func (cfg Config) GetAccount(id string) *Account

GetAccount returns the Config object of account <number>

func (Config) GetAccountAssumedRoleArn 

func (cfg Config) GetAccountAssumedRoleArn(id string) string

GetAccountAssumedRoleArn transfers the role ARN into the user identity of the role of the account iam -> sts assume role

func (Config) GetAccountRoleArn 

func (cfg Config) GetAccountRoleArn(id string) string

GetAccountRoleArn returns the configured role ARN for the account given as ID and returns an empty string otherwise

func (Config) GetAccountRoleArnSession 

func (cfg Config) GetAccountRoleArnSession(id string) string

GetAccountRoleArnSession returns the session part of the role as it is configured. Returns an empty string otherwise.

func (Config) GetActionByIdAndPolicyName 

func (cfg Config) GetActionByIdAndPolicyName(id string, policyName string) *Action

func (Config) GetBucketAndFolder 

func (cfg Config) GetBucketAndFolder() (string, string)

func (Config) GetCompliancePolicy 

func (cfg Config) GetCompliancePolicy(id string) *CompliancePolicy

func (Config) GetEC2Policy 

func (cfg Config) GetEC2Policy(id string) *CompliancePolicy

func (Config) GetLdapConfig 

func (cfg Config) GetLdapConfig() LdapConfig

func (Config) GetS3Policy 

func (cfg Config) GetS3Policy(id string) *CompliancePolicy

func (Config) GetSecurityGroupPolicy 

func (cfg Config) GetSecurityGroupPolicy(id string) *CompliancePolicy

func (Config) ShouldStoreOnDynamoDB 

func (cfg Config) ShouldStoreOnDynamoDB() bool

type DynamoDBConfig 

type DynamoDBConfig struct {
	Region        string `hcl:"region"`
	ArebotRoleArn string `hcl:"arebot_role_arn"`
}

type EmailNotification 

type EmailNotification struct {
	Receiver []string
	Template string // the path to the template
}

type EventUserInfo 

type EventUserInfo struct {
	AccountId, Username, EmailAddress, Region string
}

type LdapConfig 

type LdapConfig struct {
	LdapHost     string `hcl:"ldap_host"`
	LdapPort     string `hcl:"ldap_port"`
	BindUsername string `hcl:"bind_username"`
	BindPassword string `hcl:"bind_password"`
	SearchBase   string `hcl:"search_base"`
}

type ResourceOperation 

type ResourceOperation struct {
}

type S3Config 

type S3Config struct {
	Region        string `hcl:"region"`
	Bucket        string `hcl:"bucket"`
	LocalFolder   string `hcl:"local_folder"`
	ArebotRoleArn string `hcl:"arebot_role_arn"`
}

type SesConfig 

type SesConfig struct {
	Region        string `hcl:"region"`
	ArebotRoleArn string `hcl:"arebot_role_arn"`
	SenderAddress string `hcl:"sender_address"`
	MessageTopic  string `hcl:"message_topic"`
	MessageBody   string `hcl:"message_body"`
}

type TagResource 

type TagResource struct {
	Name  string `hcl:",key"`
	Key   string `hcl:"key"`
	Value string `hcl:"value"`
}

TagResource will trigger a resource tagging with a fixed key, value pair

type TimeCondition 

type TimeCondition struct {
	Name          string `hcl:",key"`
	Type          string `hcl:"type"` //stop_after/start_after
	Value         string `hcl:"value"`
	ValueDuration time.Duration
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.