Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConditionOperator ¶ added in v0.14.0
type ConditionType ¶ added in v0.14.0
type ConditionType string
ConditionType represents all the possible comparison types for the Condition of a Policy Statement Inspired by github.com/gwkunze/goiam/policy
const ( ConditionStringEquals ConditionType = "StringEquals" ConditionStringNotEquals ConditionType = "StringNotEquals" ConditionStringEqualsIgnoreCase ConditionType = "StringEqualsIgnoreCase" ConditionStringNotEqualsIgnoreCase ConditionType = "StringNotEqualsIgnoreCase" ConditionStringLike ConditionType = "StringLike" ConditionStringNotLike ConditionType = "StringNotLike" ConditionNumericEquals ConditionType = "NumericEquals" ConditionNumericNotEquals ConditionType = "NumericNotEquals" ConditionNumericLessThan ConditionType = "NumericLessThan" ConditionNumericLessThanEquals ConditionType = "NumericLessThanEquals" ConditionNumericGreaterThan ConditionType = "NumericGreaterThan" ConditionNumericGreaterThanEquals ConditionType = "NumericGreaterThanEquals" ConditionDateEquals ConditionType = "DateEquals" ConditionDateNotEquals ConditionType = "DateNotEquals" ConditionDateLessThan ConditionType = "DateLessThan" ConditionDateLessThanEquals ConditionType = "DateLessThanEquals" ConditionDateGreaterThan ConditionType = "DateGreaterThan" ConditionDateGreaterThanEquals ConditionType = "DateGreaterThanEquals" ConditionBool ConditionType = "Bool" ConditionIpAddress ConditionType = "IpAddress" ConditionNotIpAddress ConditionType = "NotIpAddress" ConditionArnEquals ConditionType = "ArnEquals" ConditionArnNotEquals ConditionType = "ArnNotEquals" ConditionArnLike ConditionType = "ArnLike" ConditionArnNotLike ConditionType = "ArnNotLike" ConditionNull ConditionType = "Null" )
type ConditionVariable ¶ added in v0.14.0
type ConditionVariable string
ConditionVariable represent the available variables used in Conditions Inspired by github.com/gwkunze/goiam/policy
const ( VarCurrentTime ConditionVariable = "AWS:CurrentTime" VarEpochTime ConditionVariable = "AWS:EpochTime" VarMultiFactorAuthAge ConditionVariable = "AWS:MultiFactorAuthAge" VarPrincipalType ConditionVariable = "AWS:principaltype" VarSecureTransport ConditionVariable = "AWS:SecureTransport" VarSourceArn ConditionVariable = "AWS:SourceArn" VarSourceIp ConditionVariable = "AWS:SourceIp" VarUserAgent ConditionVariable = "AWS:UserAgent" VarUsedId ConditionVariable = "AWS:userid" VarUsername ConditionVariable = "AWS:username" )
type IAMSpec ¶
IAMSpec contains the AWS session
func (IAMSpec) PolicyAllows ¶
PolicyAllows returns true if the defined actions are allowed on the provided resources. Please note that the check will be performed on the default policy version.
func (IAMSpec) RoleHasPolicy ¶ added in v0.6.0
RoleHasPolicy checks that the provided policy ARN is attached to the specified IAM role
type OptSlice ¶
type OptSlice []string
OptSlice is an entity that could be either a JSON string or a slice As per https://stackoverflow.com/a/38757780/543423
func (*OptSlice) MarshalJSON ¶
MarshalJSON returns o as the JSON encoding of o
func (*OptSlice) UnmarshalJSON ¶
UnmarshalJSON sets *o to a copy of data
type PolicyDocument ¶
PolicyDocument represents an IAM policy document
type Statement ¶
type Statement struct { // TODO: // - Handle Principal, NotPrincipal, and Condition SID string Principal interface{} NotPrincipal interface{} Effect string Action *OptSlice NotAction *OptSlice Resource *OptSlice NotResource *OptSlice Condition map[ConditionType]map[ConditionVariable]OptSlice `json:",omitempty"` }
Statement represents an IAM statement