policy

package

v1.12.2 Latest Latest Go to latest Published: Sep 6, 2023 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/BishopFox/cloudfox

Links

Open Source Insights

Documentation ¶

Index ¶

type ListOrString
- func (ls *ListOrString) UnmarshalJSON(b []byte) error
type Policy
- func ParseJSONPolicy(data []byte) (Policy, error)
type PolicyStatement
type PolicyStatementCondition
- func (psc *PolicyStatementCondition) IsEmpty() bool
- func (psc *PolicyStatementCondition) IsScopedOnAccountOrOrganization() bool
type PolicyStatementPrincipal
type PolicyStatementPrincipalObject

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ListOrString ¶

type ListOrString []string

func (*ListOrString) UnmarshalJSON ¶

func (ls *ListOrString) UnmarshalJSON(b []byte) error

type Policy ¶

type Policy struct {
	Version   string            `json:"Version"`
	Id        string            `json:"Id"`
	Statement []PolicyStatement `json:"Statement"`
}

func ParseJSONPolicy ¶

func ParseJSONPolicy(data []byte) (Policy, error)

func (*Policy) IsConditionallyPublic ¶

func (p *Policy) IsConditionallyPublic() bool

true iff there is at least one statement with principal * with conditions that do not scope access down to AWS accounts or organizations

func (*Policy) IsEmpty ¶

func (p *Policy) IsEmpty() bool

IsNull returns true iff the Policy is empty you cannot do a comparison like this: `p == Policy{}' since we use custom types in the struct`

func (*Policy) IsPublic ¶

func (p *Policy) IsPublic() bool

true iff there is at least one statement with principal * and no conditions

type PolicyStatement ¶

type PolicyStatement struct {
	Sid       string                   `json:"Sid,omitempty"`
	Effect    string                   `json:"Effect"`
	Principal PolicyStatementPrincipal `json:"Principal,omitempty"`
	Action    ListOrString             `json:"Action"`
	NotAction ListOrString             `json:"NotAction,omitempty"`
	Resource  ListOrString             `json:"Resource,omitempty"`
	Condition PolicyStatementCondition `json:"Condition,omitempty"`
}

func (*PolicyStatement) GetAllActionsAsString ¶

func (ps *PolicyStatement) GetAllActionsAsString() string

func (*PolicyStatement) GetAllPrincipalsAsString ¶

func (ps *PolicyStatement) GetAllPrincipalsAsString() string

func (*PolicyStatement) GetConditionsInEnglish ¶

func (ps *PolicyStatement) GetConditionsInEnglish(caller string) string

func (*PolicyStatement) GetStatementSummaryInEnglish ¶

func (ps *PolicyStatement) GetStatementSummaryInEnglish(caller string) string

func (*PolicyStatement) IsAllow ¶

func (ps *PolicyStatement) IsAllow() bool

func (*PolicyStatement) IsEmpty ¶

func (ps *PolicyStatement) IsEmpty() bool

type PolicyStatementCondition ¶

type PolicyStatementCondition map[string]map[string]ListOrString

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html Conditions have the folling general structure:

"Condition" : { "{condition-operator}" : { "{condition-key}" : "{condition-value}" }}

func (*PolicyStatementCondition) IsEmpty ¶

func (psc *PolicyStatementCondition) IsEmpty() bool

func (*PolicyStatementCondition) IsScopedOnAccountOrOrganization ¶

func (psc *PolicyStatementCondition) IsScopedOnAccountOrOrganization() bool

IsScopedOnAccountOrOrganization returns true if the policy condition ensures access only for specific AWS accounts or organizations. If may return false even if access is restricted in such a way. Such policies should be reported to the user and analyzed case by case to judge if conditions are sufficently restrictive.

type PolicyStatementPrincipal ¶

type PolicyStatementPrincipal struct {
	S string
	O PolicyStatementPrincipalObject
}

func (*PolicyStatementPrincipal) IsEmpty ¶

func (psp *PolicyStatementPrincipal) IsEmpty() bool

func (*PolicyStatementPrincipal) IsPublic ¶

func (psp *PolicyStatementPrincipal) IsPublic() bool

func (*PolicyStatementPrincipal) MarshalJSON ¶

func (psp *PolicyStatementPrincipal) MarshalJSON() ([]byte, error)

func (*PolicyStatementPrincipal) UnmarshalJSON ¶

func (psp *PolicyStatementPrincipal) UnmarshalJSON(b []byte) error

type PolicyStatementPrincipalObject ¶

type PolicyStatementPrincipalObject struct {
	AWS           ListOrString `json:"AWS,omitempty"`
	CanonicalUser ListOrString `json:"CanonicalUser,omitempty"`
	Federated     ListOrString `json:"Federated,omitempty"`
	Service       ListOrString `json:"Service,omitempty"`
}

func (*PolicyStatementPrincipalObject) GetListOfPrincipals ¶

func (pspo *PolicyStatementPrincipalObject) GetListOfPrincipals() []string

func (*PolicyStatementPrincipalObject) IsEmpty ¶

func (pspo *PolicyStatementPrincipalObject) IsEmpty() bool

func (*PolicyStatementPrincipalObject) IsPublic ¶

func (pspo *PolicyStatementPrincipalObject) IsPublic() bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL