input

package
v0.24.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source 
var Any = &Type{
	Name: "any",
	Children: Types{
		Arm,
		CloudFormation,
		Kubernetes,
		Terraform,
	},
}

Any is an aggregate type that contains all known input types.

View Source 
var Arm = &Type{
	Name: "arm",
}

Arm represents Azure Resource Manager template inputs.

View Source 
var Auto = &Type{
	Name: "auto",
	Children: Types{
		Arm,
		CloudFormation,
		Kubernetes,
		TerraformHCL,
		TerraformPlan,
		TerraformState,
	},
}

Auto is an aggregate type that contains all of the IaC input types that this package supports.

View Source 
var CloudFormation = &Type{
	Name:    "cfn",
	Aliases: []string{"cloudformation"},
}

CloudFormation represents CloudFormation template inputs.

View Source 
var CloudScan = &Type{
	Name:    "cloud_scan",
	Aliases: []string{"cloud-scan"},
	Children: Types{
		TerraformState,
	},
}

CloudScan represents inputs from a W3Security Cloud Scan.

View Source 
var ErrFailedToFetchCloudState = errors.New("failed to fetch cloud state")
View Source 
var FailedToParseInput = errors.New("Failed to parse input")

FailedToParseInput indicates that a detector failed to parse a specific input.

View Source 
var InvalidInput = errors.New("Invalid input for input type")

InvalidInput indicates that an input does not match the expected format.

View Source 
var Kubernetes = &Type{
	Name:    "k8s",
	Aliases: []string{"kubernetes"},
}

Kubernetes represents Kubernetes manifest inputs.

View Source 
var SupportedInputTypes = Types{
	Auto,
	Arm,
	CloudFormation,
	Kubernetes,
	TerraformHCL,
	TerraformPlan,
	TerraformState,
}

SupportedInputTypes contains all of the input types that this package has detectors for.

View Source 
var Terraform = &Type{
	Name:    "tf",
	Aliases: []string{"terraform"},
	Children: Types{
		TerraformHCL,
		TerraformPlan,
		CloudScan,
	},
}

Terraform is an aggregate input type that encompasses all input types that contain Terraform resource types.

View Source 
var TerraformHCL = &Type{
	Name:    "tf_hcl",
	Aliases: []string{"tf-hcl"},
}

TerraformHCL represents Terraform HCL source code inputs.

View Source 
var TerraformPlan = &Type{
	Name:    "tf_plan",
	Aliases: []string{"tf-plan"},
}

TerraformPlan represents Terraform Plan JSON inputs.

View Source 
var TerraformState = &Type{
	Name:    "tf_state",
	Aliases: []string{"tf-state"},
}

TerraformState represents Terraform State JSON inputs.

View Source 
var UnableToReadDir = errors.New("Unable to read directory")

UnableToReadDir indicates that a file could not be read.

View Source 
var UnableToReadFile = errors.New("Unable to read file")

UnableToReadFile indicates that a file could not be read.

View Source 
var UnableToResolveLocation = errors.New("Unable to resolve location")

UnableToResolveLocation indicates that a detector could not resolve the location of the given resource / attribute path.

View Source 
var UnrecognizedFileExtension = errors.New("Unrecognized file extension")

UnrecognizedFileExtension indicates that a detector was invoked on a file which does not have a recognized file extension.

View Source 
var UnsupportedInputType = errors.New("Unsupported input type")

UnsupportedInputType indicates that a particular InputType is not supported by this package.

Functions

This section is empty.

Types

type ArmDetector 

type ArmDetector struct{}

func (*ArmDetector) DetectDirectory 

func (c *ArmDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*ArmDetector) DetectFile 

func (c *ArmDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type CfnDetector 

type CfnDetector struct{}

func (*CfnDetector) DetectDirectory 

func (c *CfnDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*CfnDetector) DetectFile 

func (c *CfnDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type CloudClient 

type CloudClient interface {
	Resources(ctx context.Context, orgID string, params cloudapi.ResourcesParameters) ([]cloudapi.ResourceObject, error)
}

type CloudLoader 

type CloudLoader struct {
	Client CloudClient
}

func (*CloudLoader) GetState 

func (l *CloudLoader) GetState(ctx context.Context, orgID string, params cloudapi.ResourcesParameters) (*models.State, error)

type DetectOptions 

type DetectOptions struct {
	// IgnoreExt instructs the detector to ignore file extensions.
	IgnoreExt bool
	// VarFiles contains paths to variable files that should be included in the
	// configurations that the detector parses.
	VarFiles []string
}

DetectOptions are options passed to the configuration detectors.

type Detectable 

type Detectable interface {
	DetectType(d Detector, opts DetectOptions) (IACConfiguration, error)
	GetPath() string
}

Detectable is a generic interface to represent inputs for a ConfigurationDetector.

func NewDetectable 

func NewDetectable(fs afero.Fs, path string) (Detectable, error)

NewDetectable is a helper to produce one of the concrete Detectable implementations from the given path.

type Detector 

type Detector interface {
	// DetectDirectory attempts to detect an IaC configuration in the given directory.
	// If no configuration is detected and no errors occurred, this method is expected
	// to return nil, nil.
	DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)
	// DetectDirectory attempts to detect an IaC configuration in the given file. If
	// no configuration is detected and no errors occurred, this method is expected to
	// return nil, nil.
	DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)
}

Detector implements the visitor part of the visitor pattern for the concrete Detectable implementations. A Detector implementation must contain functions to visit both directories and files. An empty implementation must return nil, nil to indicate that the InputPath has been ignored.

func DetectorByInputTypes 

func DetectorByInputTypes(inputTypes Types) (Detector, error)

DetectorByInputTypes returns a concrete detector implementation for the given input types.

type Directory 

type Directory struct {
	Path string
	Fs   afero.Fs
	// contains filtered or unexported fields
}

Directory is a Detectable implementation that represents a directory.

func (*Directory) Children 

func (d *Directory) Children() ([]Detectable, error)

Children returns the contents of this directory.

func (*Directory) DetectType 

func (d *Directory) DetectType(c Detector, opts DetectOptions) (IACConfiguration, error)

DetectType will invoke the given detector on this directory.

func (*Directory) GetPath 

func (d *Directory) GetPath() string

GetPath returns this directory's path.

func (*Directory) Walk 

func (d *Directory) Walk(w WalkFunc) error

Walk will recursively traverse the contents of this directory and invoke the given WalkFunc on each entry.

type File 

type File struct {
	Path string
	Fs   afero.Fs
	// contains filtered or unexported fields
}

File is a Detectable implementation that represents a file.

func (*File) Contents 

func (f *File) Contents() ([]byte, error)

Contents returns the contents of this file

func (*File) DetectType 

func (f *File) DetectType(d Detector, opts DetectOptions) (IACConfiguration, error)

DetectType will invoke the given detector on this file.

func (*File) Ext 

func (f *File) Ext() string

Ext returns this file's extension.

func (*File) GetPath 

func (f *File) GetPath() string

GetPath returns this file's path.

type HclConfiguration 

type HclConfiguration struct {
	// contains filtered or unexported fields
}

func (*HclConfiguration) Errors 

func (c *HclConfiguration) Errors() []error

func (*HclConfiguration) LoadedFiles 

func (c *HclConfiguration) LoadedFiles() []string

func (*HclConfiguration) Location 

func (c *HclConfiguration) Location(path []interface{}) (LocationStack, error)

func (*HclConfiguration) ToState 

func (c *HclConfiguration) ToState() models.State

func (*HclConfiguration) Type 

func (l *HclConfiguration) Type() *Type

type IACConfiguration 

type IACConfiguration interface {
	// ToState() returns the input for the rule engine.
	ToState() models.State
	// LoadedFiles are all of the files contained within this configuration.
	LoadedFiles() []string
	// Location resolves an attribute path to to a file, line and column.
	// If we are working with a resource-based input, the first three elements
	// of the attributePath are: resource namespace, type, and ID.
	Location(attributePath []interface{}) (LocationStack, error)
	// Some files may load but still have errors in them.  You can retrieve
	// them here.
	Errors() []error
	// Type returns the *input.Type of this configuration
	Type() *Type
}

IACConfiguration is a loaded IaC Configuration.

type KubernetesDetector 

type KubernetesDetector struct{}

func (*KubernetesDetector) DetectDirectory 

func (c *KubernetesDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*KubernetesDetector) DetectFile 

func (c *KubernetesDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type Loader 

type Loader struct {
	// contains filtered or unexported fields
}

Loader loads and collects IaC configurations using a given Detector. It provides methods to load and transform configurations into the format expected by the engine package.

func NewLoader 

func NewLoader(detector Detector) Loader

NewLoader constructs a Loader using the given Detector.

func (*Loader) Count 

func (l *Loader) Count() int

Count returns the number of configurations contained in this Loader.

func (*Loader) Errors 

func (l *Loader) Errors() map[string][]error

Errors returns the non-fatal errors associated with each IACConfiguration.

func (*Loader) Load 

func (l *Loader) Load(detectable Detectable, detectOpts DetectOptions) (bool, error)

Load invokes this Loader's detector on an input and stores any resulting configuration. This method will return true if a configuration is detected and loaded and false otherwise.

Example 
package main

import (
	"fmt"

	"github.com/spf13/afero"
	"github.com/w3security/policy-engine/pkg/input"
)

func main() {
	detector, err := input.DetectorByInputTypes(input.Types{input.Auto})
	if err != nil {
		// ...
	}
	loader := input.NewLoader(detector)
	testInputs := input.Directory{
		Fs:   afero.OsFs{},
		Path: "test_inputs/data",
	}
	walkFunc := func(d input.Detectable, depth int) (skip bool, err error) {
		return loader.Load(d, input.DetectOptions{})
	}
	testInputs.Walk(walkFunc)

	fmt.Println(loader.Count())
}

Output:

7

func (*Loader) Location 

func (l *Loader) Location(path string, attributePath []interface{}) (LocationStack, error)

Location takes a file and attribute path and returns the location of the resource or attribute.

func (*Loader) ToStates 

func (l *Loader) ToStates() []models.State

ToStates will convert the configurations in this Loader to State structs which can be used by the engine package.

type Location 

type Location struct {
	Path string `json:"path"`
	Line int    `json:"line"`
	Col  int    `json:"column"`
}

Location is a filepath, line and column.

func (Location) String 

func (l Location) String() string

String returns a string representation of this Location

type LocationStack 

type LocationStack = []Location

LocationStack represents a stack of Locations. It is conceptually similar to a call stack. An example of when we would have more than one location for a resource or attribute: 

attribute "foo" at line 4...
included in "rds" module at line 8...
included in "main" module at line 3...

These are stored as a call stack, with the most specific location in the first position, and the "root of the call stack" at the last position.

type MultiDetector 

type MultiDetector struct {
	// contains filtered or unexported fields
}

func NewMultiDetector 

func NewMultiDetector(detectors ...Detector) *MultiDetector

func (*MultiDetector) DetectDirectory 

func (a *MultiDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*MultiDetector) DetectFile 

func (a *MultiDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type SourceInfoNode 

type SourceInfoNode struct {
	// contains filtered or unexported fields
}

func LoadMultiSourceInfoNode 

func LoadMultiSourceInfoNode(contents []byte) ([]SourceInfoNode, error)

LoadMultiSourceInfoNode parses YAML documents with multiple entries, or normal single YAML/JSON documents.

func LoadSourceInfoNode 

func LoadSourceInfoNode(contents []byte) (*SourceInfoNode, error)

func (*SourceInfoNode) GetIndex 

func (node *SourceInfoNode) GetIndex(index int) (*SourceInfoNode, error)

func (*SourceInfoNode) GetKey 

func (node *SourceInfoNode) GetKey(key string) (*SourceInfoNode, error)

func (*SourceInfoNode) GetPath 

func (node *SourceInfoNode) GetPath(path []interface{}) (*SourceInfoNode, error)

GetPath tries to retrieve a path as far as possible.

func (*SourceInfoNode) Location 

func (node *SourceInfoNode) Location() (int, int)

type TfDetector 

type TfDetector struct{}

This is the loader that supports reading files and directories of HCL (.tf) files. The implementation is in the `./pkg/hcl_interpreter/` package in this repository: this file just wraps that. That directory also contains a README explaining how everything fits together.

func (*TfDetector) DetectDirectory 

func (t *TfDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*TfDetector) DetectFile 

func (t *TfDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type TfPlanDetector 

type TfPlanDetector struct{}

func (*TfPlanDetector) DetectDirectory 

func (t *TfPlanDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*TfPlanDetector) DetectFile 

func (t *TfPlanDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type TfStateDetector 

type TfStateDetector struct{}

func (*TfStateDetector) DetectDirectory 

func (t *TfStateDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*TfStateDetector) DetectFile 

func (t *TfStateDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type Type 

type Type struct {
	// Name is the primary name for this input type. This is the field to use when input
	// types need to be serialized to a string.
	Name string
	// Aliases are alternate, case-insensitive names for this input type.
	Aliases []string
	// Children are input types encompassed by this input type. This field can be used
	// to define aggregate input types.
	Children Types
}

Type represents one or more types of inputs.

func (*Type) Equals 

func (t *Type) Equals(other *Type) bool

Returns true if this Type instance is exactly equal to other

func (*Type) Matches 

func (t *Type) Matches(inputType string) bool

Matches returns true if the name of this input type or any of its children exactly match the given input type string.

type Types 

type Types []*Type

Types is a slice of Type struct.

func (Types) Equals 

func (t Types) Equals(other Types) bool

Returns true if this Types instance is exactly equal to other

func (Types) FromString 

func (t Types) FromString(inputType string) (*Type, error)

FromString returns the first InputType where either its name or aliases match the given input type string. This method is case-insensitive.

type WalkFunc 

type WalkFunc func(d Detectable, depth int) (skip bool, err error)

WalkFunc is a callback that's invoked on each descendent of an Directory. It returns a boolean that, when true, indicates that the caller should not call d.Walk() on this detectable. The depth argument is a 0-based representation of how many directories have been traversed since the original Walk call.

Source Files

View all Source files

Directories

Path Synopsis
cfn
tf

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.