Documentation
¶
Index ¶
- Constants
- type ResourceInstance
- type Terraform
- type TerraformParser
- func (p *TerraformParser) ProcessStates(ctx context.Context, gcsUris []string) ([]*assetinventory.AssetIAM, error)
- func (p *TerraformParser) SetAssets(gcpFolders map[string]*assetinventory.HierarchyNode, ...)
- func (p *TerraformParser) StateFileURIs(ctx context.Context, gcsBuckets []string) ([]string, error)
- func (p *TerraformParser) StateWithoutResources(ctx context.Context, uri string) (bool, error)
- type TerraformState
Constants ¶
View Source
const ( // UnknownParentID is used when we are unable to find a match for the asset parent (e.g. project, folder, org) // This shouldn't happen but it is theoretically possible especially if there is a race condition between // fetching the projects & folders and querying for terraform state. UnknownParentID = "UNKNOWN_PARENT_ID" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ResourceInstance ¶
type ResourceInstance struct {
Attributes struct {
ID string `json:"id"`
Members []string `json:"members,omitempty"`
Member string `json:"member,omitempty"`
Folder string `json:"folder,omitempty"`
Project string `json:"project,omitempty"`
Role string `json:"role,omitempty"`
}
}
ResourceInstances represents the JSON terraform state IAM instance.
type Terraform ¶
type Terraform interface {
// SetAssets sets the assets to use for GCP asset lookup.
SetAssets(gcpFolders, gcpProjects map[string]*assetinventory.HierarchyNode)
// StateFileURIs returns the URIs of terraform state files located in the given GCS buckets.
StateFileURIs(ctx context.Context, gcsBuckets []string) ([]string, error)
// ProcessStates returns the IAM permissions stored in the given state files.
ProcessStates(ctx context.Context, gcsUris []string) ([]*assetinventory.AssetIAM, error)
// StateWithoutResources determines if the given statefile at the uri contains any resources or not.
StateWithoutResources(ctx context.Context, uri string) (bool, error)
}
Terraform defines the common terraform functionality.
type TerraformParser ¶
type TerraformParser struct {
GCS storage.Storage
OrganizationID string
// contains filtered or unexported fields
}
func NewTerraformParser ¶
func NewTerraformParser(ctx context.Context, organizationID string) (*TerraformParser, error)
NewTerraformParser creates a new terraform parser.
func (*TerraformParser) ProcessStates ¶
func (p *TerraformParser) ProcessStates(ctx context.Context, gcsUris []string) ([]*assetinventory.AssetIAM, error)
ProcessStates finds all IAM in memberships, bindings, or policies in the given terraform state files.
func (*TerraformParser) SetAssets ¶
func (p *TerraformParser) SetAssets( gcpFolders map[string]*assetinventory.HierarchyNode, gcpProjects map[string]*assetinventory.HierarchyNode, )
SetAssets sets up the assets to use when looking up IAM asset bindings.
func (*TerraformParser) StateFileURIs ¶
StateFileURIs finds all terraform state files in the given buckets.
func (*TerraformParser) StateWithoutResources ¶
StateWithoutResources determines if the given statefile at the uri contains any resources or not.
type TerraformState ¶
type TerraformState struct {
Resources []struct {
Type string `json:"type"`
Instances []ResourceInstance `json:"instances"`
} `json:"resources"`
}
TerraformState represents the JSON terraform state.
Source Files
Click to show internal directories.
Click to hide internal directories.