helpers

package
v0.0.0-...-a6cbac7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 23, 2023 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	IAMRoleTypeSSOManaged  = "SSO Managed Role"
	IAMRoleTypeServiceRole = "Service Role"
	IAMRoleTypeUserDefined = "User defined Role"
)

IAM Role type

View Source 
const (
	IAMPolicyTypeAttached   = "Attached Policy"
	IAMPolicyTypeInline     = "Inline Policy"
	IAMPolicyTypeAssumeRole = "Assume Role Policy"
)

IAM Policy Type

View Source 
const (
	IAMObjectTypeGroup = "Group"
	IAMObjectTypeUser  = "User"
)

IAM Object Type

Variables

This section is empty.

Functions

func FlattenStringMaps 

func FlattenStringMaps(stringmaps []map[string]string) map[string]string

FlattenStringMaps combines multiple stringmaps into a single one. Later values will override earlier if duplicates are present

func GetAccountAlias 

func GetAccountAlias(svc *iam.Client, stsSvc *sts.Client) map[string]string

GetAccountAlias returns the account alias in a map of [accountid]accountalias If no alias is present, it will return the account ID instead

func GetAccountID 

func GetAccountID(svc *sts.Client) string

GetAccountID returns the ID of the account the command is run from

func GetAccountSummary 

func GetAccountSummary(svc *iam.Client) (map[string]int32, error)

GetAccountSummary retrieves the account summary map which contains high level information about the root account

func GetAllBuckets 

func GetAllBuckets(svc *s3.Client) ([]types.Bucket, string)

GetAllBuckets returns an overview of all buckets

func GetAllEC2ResourceNames 

func GetAllEC2ResourceNames(svc *ec2.Client) map[string]string

GetAllEC2ResourceNames retrieves the names of EC2 related objects

func GetAllEc2Instances 

func GetAllEc2Instances(svc *ec2.Client) []types.Reservation

GetAllEc2Instances retrieves all EC2 instances

func GetAllRdsResourceNames 

func GetAllRdsResourceNames(svc *rds.Client) map[string]string

GetAllRdsResourceNames gets a list of all names for RDS objects TODO: clusters, subnet groups, parameter groups, option groups

func GetAllSecurityGroups 

func GetAllSecurityGroups(svc *ec2.Client) []types.SecurityGroup

GetAllSecurityGroups returns a list of all securitygroups in the region

func GetAllUnservicedAppMeshNodes 

func GetAllUnservicedAppMeshNodes(meshname *string, svc *appmesh.Client) []string

GetAllUnservicedAppMeshNodes returns a slice of nodes that don't serve as the backend for any service

func GetAttachedPoliciesMapForGroup 

func GetAttachedPoliciesMapForGroup(groupname *string, svc *iam.Client) map[string]string

GetAttachedPoliciesMapForGroup retrieves a map of attached policies for the provided IAM groupname where the key is the name of the policy and the value is the actual json policy document

func GetAttachedPoliciesMapForGroups 

func GetAttachedPoliciesMapForGroups(groups []string, svc *iam.Client) map[string]string

GetAttachedPoliciesMapForGroups retrieves a map of attached policies for the slice of IAM groupnames where the key is the name of the policy and the value is the actual json policy document

func GetAttachedPoliciesMapForUser 

func GetAttachedPoliciesMapForUser(username *string, svc *iam.Client) map[string]string

GetAttachedPoliciesMapForUser retrieves a map of attached policies for the provided IAM username where the key is the name of the policy and the value is the actual json policy document

func GetEc2BySecurityGroup 

func GetEc2BySecurityGroup(securitygroupID *string, svc *ec2.Client) []types.Reservation

GetEc2BySecurityGroup retrieves all instances attached to a securitygroup

func GetEc2Name 

func GetEc2Name(ec2name string, svc *ec2.Client) string

GetEc2Name returns the name of the provided EC2 Resource

func GetGroupNameSliceForUser 

func GetGroupNameSliceForUser(username *string, svc *iam.Client) []string

GetGroupNameSliceForUser retrieves a slice of all the groups the provided IAM username belongs to

func GetGroupPoliciesMapForGroup 

func GetGroupPoliciesMapForGroup(groupname *string, svc *iam.Client) map[string]string

GetGroupPoliciesMapForGroup retrieves a map of policies for the provided IAM groupname where the key is the name of the policy and the value is the actual json policy document

func GetGroupPoliciesMapForGroups 

func GetGroupPoliciesMapForGroups(groups []string, svc *iam.Client) map[string]string

GetGroupPoliciesMapForGroups retrieves all of the policies for the provided slice of groups, where the key is the name of the policy and the value is the json policy document

func GetNestedCloudFormationResources 

func GetNestedCloudFormationResources(stackname *string, svc *cloudformation.Client) []types.StackResource

GetNestedCloudFormationResources retrieves a slice of the Stack Resources that are in the provided stack or in one of its children

func GetPoliciesMap 

func GetPoliciesMap(svc *iam.Client) map[string]types.Policy

GetPoliciesMap retrieves a map of policies with the policy name as the key and the actual policy object as the value

func GetRDSName 

func GetRDSName(rdsname *string, svc *rds.Client) string

GetRDSName returns the name of the provided RDS Resource

func GetResourcesByStackName 

func GetResourcesByStackName(stackname *string, svc *cloudformation.Client) []types.StackResource

GetResourcesByStackName returns a slice of the Stack Resources in the provided stack

func GetRouteTablesForTransitGateway 

func GetRouteTablesForTransitGateway(tgwID string, svc *ec2.Client) map[string]TransitGatewayRouteTable

GetRouteTablesForTransitGateway returns all route tables attached to a Transit Gateway

func GetStringMapFromJSONFile 

func GetStringMapFromJSONFile(filename string) map[string]string

GetStringMapFromJSONFile parses a JSON file and returns it as a string map

func GetUserPoliciesMapForUser 

func GetUserPoliciesMapForUser(username *string, svc *iam.Client) map[string]string

GetUserPoliciesMapForUser retrieves a map of policies for the provided IAM username where the key is the name of the policy and the value is the actual json policy document

func IsLatestInstanceFamily 

func IsLatestInstanceFamily(instanceFamily string) bool

IsLatestInstanceFamily checks if an instance is part of the la test family is running in the latest instance family. TODO: Automate this to work properly

func TypeByResourceID 

func TypeByResourceID(resourceID string) string

TypeByResourceID identifies the type of resource based on its unique ID

Types

type AppMeshVirtualNode 

type AppMeshVirtualNode struct {
	VirtualNodeName string
	BackendServices []string
	BackendNodes    []string
}

AppMeshVirtualNode contains information about an App Mesh Virtual Node

func GetAllAppMeshNodeConnections 

func GetAllAppMeshNodeConnections(meshname *string, svc *appmesh.Client) []AppMeshVirtualNode

GetAllAppMeshNodeConnections retrieves all nodes and which services/nodes they connect to

type AppMeshVirtualService 

type AppMeshVirtualService struct {
	VirtualServiceName   string
	VirtualServiceRoutes []AppMeshVirtualServiceRoute
	VirtualServicePaths  []AppMeshVirtualServicePath
}

AppMeshVirtualService contains information about an App Mesh Virtual Service

func GetAllAppMeshPaths 

func GetAllAppMeshPaths(meshName *string, svc *appmesh.Client) []AppMeshVirtualService

GetAllAppMeshPaths retrieves all the connections in the mesh

func (*AppMeshVirtualService) AddPath 

func (service *AppMeshVirtualService) AddPath(path AppMeshVirtualServicePath)

AddPath adds a path to an AppMeshVirtualService

type AppMeshVirtualServicePath 

type AppMeshVirtualServicePath struct {
	VirtualNode string
	ServiceName string
}

AppMeshVirtualServicePath shows virtual nodes and their backend that a service might be connected to

type AppMeshVirtualServiceRoute 

type AppMeshVirtualServiceRoute struct {
	Router          string
	Path            string
	DestinationNode string
	Weight          int32
}

AppMeshVirtualServiceRoute contains information about an App Mesh route

type AttachedIAMPolicy 

type AttachedIAMPolicy struct {
	Name   string
	Users  []string
	Groups []string
}

AttachedIAMPolicy is used to connect usernames, groups, and policy names

func (*AttachedIAMPolicy) AddObject 

func (policy *AttachedIAMPolicy) AddObject(object IAMObject)

AddObject adds an IAMObject (user or group) to the AttachedIAMPolicy

type IAMGroup 

type IAMGroup struct {
	Name             string
	ID               string
	Users            []string
	AttachedPolicies map[string]string
	InlinePolicies   map[string]string
	Group            *types.Group
}

IAMGroup contains information about IAM Groups

func GetGroupDetails 

func GetGroupDetails(svc *iam.Client) []IAMGroup

GetGroupDetails collects detailed information about a group, consisting mostly of the users and policies it follows.

func (IAMGroup) GetDirectPolicies 

func (group IAMGroup) GetDirectPolicies() map[string]string

GetDirectPolicies retrieves all directly attached policies for the group

func (IAMGroup) GetGroups 

func (group IAMGroup) GetGroups() []string

GetGroups returns an empty string slice

func (IAMGroup) GetID 

func (group IAMGroup) GetID() string

GetID returns the ID of the object

func (IAMGroup) GetInheritedPolicies 

func (group IAMGroup) GetInheritedPolicies() map[string]string

GetInheritedPolicies retrieves all inherited policies for the group (none)

func (IAMGroup) GetName 

func (group IAMGroup) GetName() string

GetName returns the name of the group

func (IAMGroup) GetObjectType 

func (group IAMGroup) GetObjectType() string

GetObjectType returns the type of IAM object

func (IAMGroup) GetUsers 

func (group IAMGroup) GetUsers() []string

GetUsers returns the users attached to the Group

type IAMObject 

type IAMObject interface {
	GetName() string
	GetID() string
	GetUsers() []string
	GetGroups() []string
	GetObjectType() string
	GetDirectPolicies() map[string]string
	GetInheritedPolicies() map[string]string
}

IAMObject interface for IAM objects

type IAMPolicyDocument 

type IAMPolicyDocument struct {
	Name      string
	Version   string
	Type      string
	Statement []IAMPolicyDocumentStatement
	Roles     []*IAMRole
	Groups    []*IAMGroup
	Users     []*IAMUser
}

IAMPolicyDocument is an abstracted version of an IAM Policy Document

func (*IAMPolicyDocument) AddRole 

func (policy *IAMPolicyDocument) AddRole(role *IAMRole)

AddRole adds the role to the policy document

func (*IAMPolicyDocument) GetRoleNames 

func (policy *IAMPolicyDocument) GetRoleNames() []string

GetRoleNames returns the names of the roles the policy is attached to

type IAMPolicyDocumentStatement 

type IAMPolicyDocumentStatement struct {
	Effect    string
	Principal map[string]string
	Action    interface{}
	Condition interface{}
	Resource  interface{}
}

IAMPolicyDocumentStatement is an abstracted version of a Statement for a policy document

type IAMRole 

type IAMRole struct {
	Name             string
	ID               string
	Path             string
	AssumeRolePolicy IAMPolicyDocument
	InlinePolicies   map[string]*IAMPolicyDocument
	AttachedPolicies map[string]*IAMPolicyDocument
	Role             *types.Role
	Type             string
	Verbose          bool
}

IAMRole is an abstracted version of an IAM Role

func GetRoleDetails 

func GetRoleDetails(verbose bool, svc *iam.Client) []IAMRole

GetRoleDetails returns the list of roles in the account

func GetRolesAndPolicies 

func GetRolesAndPolicies(verbose bool, svc *iam.Client) ([]IAMRole, map[string]IAMPolicyDocument)

GetRolesAndPolicies returns all the roles and and their attached policies

func (*IAMRole) CanBeAssumedFrom 

func (role *IAMRole) CanBeAssumedFrom() []string

CanBeAssumedFrom returns information about the assumerole policy

func (IAMRole) GetPolicyNames 

func (role IAMRole) GetPolicyNames() []string

GetPolicyNames returns the names of the policies attached to the role

type IAMUser 

type IAMUser struct {
	Name                  string
	ID                    string
	AttachedPolicies      map[string]string
	InlinePolicies        map[string]string
	Groups                []string
	AttachedGroupPolicies map[string]string
	InlineGroupPolicies   map[string]string
	User                  *types.User
}

IAMUser contains information about IAM Users

func GetUserDetails 

func GetUserDetails(svc *iam.Client) []IAMUser

GetUserDetails collects detailed information about a user, consisting mostly of the groups and policies it follows.

func (IAMUser) GetAllPolicies 

func (user IAMUser) GetAllPolicies() map[string]string

GetAllPolicies retrieves a map of all the users policies

func (IAMUser) GetDirectPolicies 

func (user IAMUser) GetDirectPolicies() map[string]string

GetDirectPolicies retrieves all directly attached policies for the user

func (IAMUser) GetGroups 

func (user IAMUser) GetGroups() []string

GetGroups returns the list of groups the user has

func (IAMUser) GetID 

func (user IAMUser) GetID() string

GetID returns the ID of the object

func (IAMUser) GetInheritedPolicies 

func (user IAMUser) GetInheritedPolicies() map[string]string

GetInheritedPolicies retrieves all inherited policies for the user

func (IAMUser) GetLastAccessKeyDate 

func (user IAMUser) GetLastAccessKeyDate(svc *iam.Client) time.Time

GetLastAccessKeyDate returns the last date an access key was used

func (IAMUser) GetLastPasswordDate 

func (user IAMUser) GetLastPasswordDate() time.Time

GetLastPasswordDate returns the last date the user's password was used

func (IAMUser) GetName 

func (user IAMUser) GetName() string

GetName returns the name of the user

func (IAMUser) GetObjectType 

func (user IAMUser) GetObjectType() string

GetObjectType returns the type of IAM object

func (IAMUser) GetUsers 

func (user IAMUser) GetUsers() []string

GetUsers returns an empty string slice

func (IAMUser) HasAccessKeys 

func (user IAMUser) HasAccessKeys(svc *iam.Client) bool

HasAccessKeys checks if a user has access keys

func (IAMUser) HasUsedPassword 

func (user IAMUser) HasUsedPassword() bool

HasUsedPassword checks if the user has used their password

type OrganizationEntry 

type OrganizationEntry struct {
	ID       string
	Name     string
	Arn      string
	Type     string
	Children []OrganizationEntry
}

OrganizationEntry is a helper struct for Organization resources

func GetFullOrganization 

func GetFullOrganization(svc *organizations.Client) OrganizationEntry

GetFullOrganization returns the root entry of the organization with all children fleshed out

func (*OrganizationEntry) String 

func (entry *OrganizationEntry) String() string

type S3Bucket 

type S3Bucket struct {
	Account                        string
	ACLs                           []types.Grant
	EncryptionRules                []types.ServerSideEncryptionRule
	HasEncryption                  bool
	IsPublic                       bool
	LoggingBucket                  string
	LoggingEnabled                 bool
	Name                           string
	OpenACLs                       bool
	Owner                          string
	Policy                         string
	PublicAccessBlockConfiguration types.PublicAccessBlockConfiguration
	PublicPolicy                   bool
	Region                         string
	Replication                    types.ReplicationConfiguration
	Tags                           map[string]string
	Versioning                     bool
	VersioningMFAEnabled           bool
}

func GetBucketDetails 

func GetBucketDetails(svc *s3.Client) []S3Bucket

func (*S3Bucket) GetReplicationStrings 

func (bucket *S3Bucket) GetReplicationStrings() []string

type SSOAccount 

type SSOAccount struct {
	AccountID          string
	AccountAssignments []SSOAccountAssignment
}

SSOAccount represents an AWS account managed by AWS

func (*SSOAccount) GetPrincipalIdsForPermissionSet 

func (account *SSOAccount) GetPrincipalIdsForPermissionSet(permissionset SSOPermissionSet) []string

GetPrincipalIdsForPermissionSet returns the ids of the principals that have been assigned to the provided permission set

type SSOAccountAssignment 

type SSOAccountAssignment struct {
	PrincipalType string
	PrincipalID   string
	PermissionSet *SSOPermissionSet
}

SSOAccountAssignment represents which principals are tied to an account using which permission set

type SSOInstance 

type SSOInstance struct {
	IdentityStoreID string
	Arn             string
	//PermissionSets contains the permission sets the instance has
	PermissionSets []SSOPermissionSet
	//Accounts contains the accounts with permission sets, those permission sets, and who has access
	Accounts map[string]SSOAccount
}

SSOInstance is the top level representation of an SSO Instance

func GetSSOAccountInstance 

func GetSSOAccountInstance(svc *ssoadmin.Client) SSOInstance

GetSSOAccountInstance retrieves the SSO Account Instance and all its data

func (*SSOInstance) GetAccountList 

func (instance *SSOInstance) GetAccountList() []string

GetAccountList returns a list of the account numbers in the SSO Instance

func (*SSOInstance) GetPermissionSetList 

func (instance *SSOInstance) GetPermissionSetList() []string

GetPermissionSetList returns a list of the permission sets in the SSO Instance

type SSOPermissionSet 

type SSOPermissionSet struct {
	Arn             string
	Name            string
	Description     string
	CreatedAt       time.Time
	SessionDuration string
	Accounts        []SSOAccount
	ManagedPolicies []SSOPolicy
	InlinePolicy    string
	Instance        *SSOInstance
}

SSOPermissionSet is the representation of a permission set

func (*SSOPermissionSet) GetAssignmentIdsByAccount 

func (permissionset *SSOPermissionSet) GetAssignmentIdsByAccount(accountnr string) []string

GetAssignmentIdsByAccount returns the assigment's principal IDs

func (*SSOPermissionSet) GetManagedPolicyNames 

func (permissionset *SSOPermissionSet) GetManagedPolicyNames() []string

GetManagedPolicyNames returns a slice containing the names of the policies attached to the permission set

type SSOPolicy 

type SSOPolicy struct {
	Arn  string
	Name string
}

SSOPolicy represents a Managed Policy

type TransitGateway 

type TransitGateway struct {
	ID          string
	AccountID   string
	Name        string
	RouteTables map[string]TransitGatewayRouteTable
}

TransitGateway is a struct for managing TransitGateway objects

func GetAllTransitGateways 

func GetAllTransitGateways(svc *ec2.Client) []TransitGateway

GetAllTransitGateways returns an array of all Transit Gateways in the account

type TransitGatewayAttachment 

type TransitGatewayAttachment struct {
	ID           string
	ResourceType string
	ResourceID   string
}

TransitGatewayAttachment reflects a Transit Gateway Attachment

func GetSourceAttachmentsForTransitGatewayRouteTable 

func GetSourceAttachmentsForTransitGatewayRouteTable(routetableID string, svc *ec2.Client) []TransitGatewayAttachment

GetSourceAttachmentsForTransitGatewayRouteTable returns all the source attachments attached to a Transit Gateway route table

type TransitGatewayRoute 

type TransitGatewayRoute struct {
	State        string
	CIDR         string
	Attachment   TransitGatewayAttachment
	ResourceType string
	RouteType    string
}

TransitGatewayRoute reflects a Transit Gateway Route object

func GetActiveRoutesForTransitGatewayRouteTable 

func GetActiveRoutesForTransitGatewayRouteTable(routetableID string, svc *ec2.Client) []TransitGatewayRoute

GetActiveRoutesForTransitGatewayRouteTable returns all routes that are currently active for a Transit Gateway route table

func GetBlackholeRoutesForTransitGatewayRouteTable 

func GetBlackholeRoutesForTransitGatewayRouteTable(routetableID string, svc *ec2.Client) []TransitGatewayRoute

GetBlackholeRoutesForTransitGatewayRouteTable returns all routes that are currently active for a Transit Gateway route table

type TransitGatewayRouteTable 

type TransitGatewayRouteTable struct {
	ID                     string
	Name                   string
	Routes                 []TransitGatewayRoute
	SourceAttachments      []TransitGatewayAttachment
	DestinationAttachments []TransitGatewayAttachment
}

TransitGatewayRouteTable is a struct for managing Transit Gateway route table objects

type VPCHolder 

type VPCHolder struct {
	ID        string
	AccountID string
}

VPCHolder represents basic information about a VPC

type VPCRoute 

type VPCRoute struct {
	DestinationCIDR   string
	State             string
	DestinationTarget string
}

VPCRoute represents a Route object DestinationTarget shows the target, regardless of the type

type VPCRouteTable 

type VPCRouteTable struct {
	Vpc     VPCHolder
	ID      string
	Routes  []VPCRoute
	Subnets []string
	Default bool
}

VPCRouteTable contains the relevant information for a Route Table

func GetAllVPCRouteTables 

func GetAllVPCRouteTables(svc *ec2.Client) []VPCRouteTable

GetAllVPCRouteTables returns all the Routetables in the account and region

type VpcPeering 

type VpcPeering struct {
	RequesterVpc VPCHolder
	AccepterVpc  VPCHolder
	PeeringID    string
}

VpcPeering represents a VPC Peering object

func GetAllVpcPeers 

func GetAllVpcPeers(svc *ec2.Client) []VpcPeering

GetAllVpcPeers returns the peerings that are present in this region of this account

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.