Documentation ¶
Index ¶
- type ListOrString
- type Policy
- type PolicyStatement
- func (ps *PolicyStatement) GetAllActionsAsString() string
- func (ps *PolicyStatement) GetAllPrincipalsAsString() string
- func (ps *PolicyStatement) GetConditionsInEnglish(caller string) string
- func (ps *PolicyStatement) GetStatementSummaryInEnglish(caller string) string
- func (ps *PolicyStatement) IsAllow() bool
- func (ps *PolicyStatement) IsEmpty() bool
- type PolicyStatementCondition
- type PolicyStatementPrincipal
- type PolicyStatementPrincipalObject
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ListOrString ¶
type ListOrString []string
func (*ListOrString) UnmarshalJSON ¶
func (ls *ListOrString) UnmarshalJSON(b []byte) error
type Policy ¶
type Policy struct { Version string `json:"Version"` Id string `json:"Id"` Statement []PolicyStatement `json:"Statement"` }
func ParseJSONPolicy ¶
func (*Policy) IsConditionallyPublic ¶
true iff there is at least one statement with principal * with conditions that do not scope access down to AWS accounts or organizations
type PolicyStatement ¶
type PolicyStatement struct { Sid string `json:"Sid,omitempty"` Effect string `json:"Effect"` Principal PolicyStatementPrincipal `json:"Principal,omitempty"` Action ListOrString `json:"Action"` NotAction ListOrString `json:"NotAction,omitempty"` Resource ListOrString `json:"Resource,omitempty"` Condition PolicyStatementCondition `json:"Condition,omitempty"` }
func (*PolicyStatement) GetAllActionsAsString ¶
func (ps *PolicyStatement) GetAllActionsAsString() string
func (*PolicyStatement) GetAllPrincipalsAsString ¶
func (ps *PolicyStatement) GetAllPrincipalsAsString() string
func (*PolicyStatement) GetConditionsInEnglish ¶
func (ps *PolicyStatement) GetConditionsInEnglish(caller string) string
func (*PolicyStatement) GetStatementSummaryInEnglish ¶
func (ps *PolicyStatement) GetStatementSummaryInEnglish(caller string) string
func (*PolicyStatement) IsAllow ¶
func (ps *PolicyStatement) IsAllow() bool
func (*PolicyStatement) IsEmpty ¶
func (ps *PolicyStatement) IsEmpty() bool
type PolicyStatementCondition ¶
type PolicyStatementCondition map[string]map[string]ListOrString
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html Conditions have the folling general structure:
"Condition" : { "{condition-operator}" : { "{condition-key}" : "{condition-value}" }}
func (*PolicyStatementCondition) IsEmpty ¶
func (psc *PolicyStatementCondition) IsEmpty() bool
func (*PolicyStatementCondition) IsScopedOnAccountOrOrganization ¶
func (psc *PolicyStatementCondition) IsScopedOnAccountOrOrganization() bool
IsScopedOnAccountOrOrganization returns true if the policy condition ensures access only for specific AWS accounts or organizations. If may return false even if access is restricted in such a way. Such policies should be reported to the user and analyzed case by case to judge if conditions are sufficently restrictive.
type PolicyStatementPrincipal ¶
type PolicyStatementPrincipal struct { S string O PolicyStatementPrincipalObject }
func (*PolicyStatementPrincipal) IsEmpty ¶
func (psp *PolicyStatementPrincipal) IsEmpty() bool
func (*PolicyStatementPrincipal) IsPublic ¶
func (psp *PolicyStatementPrincipal) IsPublic() bool
func (*PolicyStatementPrincipal) MarshalJSON ¶
func (psp *PolicyStatementPrincipal) MarshalJSON() ([]byte, error)
func (*PolicyStatementPrincipal) UnmarshalJSON ¶
func (psp *PolicyStatementPrincipal) UnmarshalJSON(b []byte) error
type PolicyStatementPrincipalObject ¶
type PolicyStatementPrincipalObject struct { AWS ListOrString `json:"AWS,omitempty"` CanonicalUser ListOrString `json:"CanonicalUser,omitempty"` Federated ListOrString `json:"Federated,omitempty"` Service ListOrString `json:"Service,omitempty"` }
func (*PolicyStatementPrincipalObject) GetListOfPrincipals ¶
func (pspo *PolicyStatementPrincipalObject) GetListOfPrincipals() []string
func (*PolicyStatementPrincipalObject) IsEmpty ¶
func (pspo *PolicyStatementPrincipalObject) IsEmpty() bool
func (*PolicyStatementPrincipalObject) IsPublic ¶
func (pspo *PolicyStatementPrincipalObject) IsPublic() bool
Click to show internal directories.
Click to hide internal directories.