Documentation ¶
Index ¶
- Constants
- type ResourceInstance
- type Terraform
- type TerraformParser
- func (p *TerraformParser) ProcessStates(ctx context.Context, gcsUris []string) ([]*assetinventory.AssetIAM, error)
- func (p *TerraformParser) SetAssets(gcpFolders map[string]*assetinventory.HierarchyNode, ...)
- func (p *TerraformParser) StateFileURIs(ctx context.Context, gcsBuckets []string) ([]string, error)
- func (p *TerraformParser) StateWithoutResources(ctx context.Context, uri string) (bool, error)
- type TerraformState
Constants ¶
View Source
const ( // UnknownParentID is used when we are unable to find a match for the asset parent (e.g. project, folder, org) // This shouldn't happen but it is theoretically possible especially if there is a race condition between // fetching the projects & folders and querying for terraform state. UnknownParentID = "UNKNOWN_PARENT_ID" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ResourceInstance ¶
type ResourceInstance struct { Attributes struct { ID string `json:"id"` Members []string `json:"members,omitempty"` Member string `json:"member,omitempty"` Folder string `json:"folder,omitempty"` Project string `json:"project,omitempty"` Role string `json:"role,omitempty"` } }
ResourceInstances represents the JSON terraform state IAM instance.
type Terraform ¶
type Terraform interface { // SetAssets sets the assets to use for GCP asset lookup. SetAssets(gcpFolders, gcpProjects map[string]*assetinventory.HierarchyNode) // StateFileURIs returns the URIs of terraform state files located in the given GCS buckets. StateFileURIs(ctx context.Context, gcsBuckets []string) ([]string, error) // ProcessStates returns the IAM permissions stored in the given state files. ProcessStates(ctx context.Context, gcsUris []string) ([]*assetinventory.AssetIAM, error) // StateWithoutResources determines if the given statefile at the uri contains any resources or not. StateWithoutResources(ctx context.Context, uri string) (bool, error) }
Terraform defines the common terraform functionality.
type TerraformParser ¶
type TerraformParser struct { GCS storage.Storage OrganizationID string // contains filtered or unexported fields }
func NewTerraformParser ¶
func NewTerraformParser(ctx context.Context, organizationID string) (*TerraformParser, error)
NewTerraformParser creates a new terraform parser.
func (*TerraformParser) ProcessStates ¶
func (p *TerraformParser) ProcessStates(ctx context.Context, gcsUris []string) ([]*assetinventory.AssetIAM, error)
ProcessStates finds all IAM in memberships, bindings, or policies in the given terraform state files.
func (*TerraformParser) SetAssets ¶
func (p *TerraformParser) SetAssets( gcpFolders map[string]*assetinventory.HierarchyNode, gcpProjects map[string]*assetinventory.HierarchyNode, )
SetAssets sets up the assets to use when looking up IAM asset bindings.
func (*TerraformParser) StateFileURIs ¶
StateFileURIs finds all terraform state files in the given buckets.
func (*TerraformParser) StateWithoutResources ¶
StateWithoutResources determines if the given statefile at the uri contains any resources or not.
type TerraformState ¶
type TerraformState struct { Resources []struct { Type string `json:"type"` Instances []ResourceInstance `json:"instances"` } `json:"resources"` }
TerraformState represents the JSON terraform state.
Click to show internal directories.
Click to hide internal directories.