policy

package

v0.0.1 Latest Latest Go to latest Published: Apr 23, 2019 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/chanzuckerberg/reaper

Links

Open Source Insights

Documentation ¶

Index ¶

type Account
type Notification
- func (n *Notification) GetMessage(v Violation) (string, error)
type Policy
- func New() *Policy
type Subject
type Violation
- func NewViolation(policy Policy, subject Subject, expired bool, account *Account) Violation

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Account ¶

type Account struct {
	Name  string
	ID    int64
	Role  string
	Owner string
}

Account is an aws account. It should probably be in pkg/aws, but then we end up with a cycle.

type Notification ¶

type Notification struct {
	MessageTemplate string
	Recipient       string
}

Notification is a notification

func (*Notification) GetMessage ¶

func (n *Notification) GetMessage(v Violation) (string, error)

GetMessage gets the notification message

type Policy ¶

type Policy struct {
	Name string
	// ResourceSelector selects on aws services
	ResourceSelector labels.Selector
	// TagSelector selects on aws object tags
	TagSelector labels.Selector
	// LabelSelector selects on custom generated object labels
	LabelSelector labels.Selector
	// MaxAge how old can this object be and still be selected by this policy
	MaxAge        *time.Duration
	Notifications []Notification
}

Policy is an enforcement policy

func New ¶

func New() *Policy

New returns a new policy

func (*Policy) AddLabelSelector ¶

func (p *Policy) AddLabelSelector(query string) (*Policy, error)

AddLabelSelector adds a label selector

func (*Policy) Expired ¶

func (p *Policy) Expired(s Subject) bool

Expired returns true if a resource is older than maxAge

func (*Policy) Match ¶

func (p *Policy) Match(s Subject) bool

Match matches a policy against a resource

func (*Policy) MatchResource ¶

func (p *Policy) MatchResource(resource labels.Set) bool

MatchResource determines if we match an aws resource such as s3 or cloudfront

func (*Policy) String ¶

func (p *Policy) String() string

String satisfies Stringer interface

func (*Policy) WithTagSelector ¶

func (p *Policy) WithTagSelector(query string) (*Policy, error)

WithTagSelector adds a tag selector

type Subject ¶

type Subject interface {
	Delete() error
	GetCreatedAt() *time.Time
	GetID() string
	GetLabels() labels.Set
	GetName() string
	GetOwner() string
	GetTags() labels.Set
	GetConsoleURL() string
	GetRegion() string
}

Subject is gets evaluated by a policy

type Violation ¶

type Violation struct {
	Policy      Policy
	Subject     Subject
	Expired     bool
	AccountID   int64
	AccountName string
	Account     *Account
}

Violation represents a specific resource's lack of compliance to a given policy.

func NewViolation ¶

func NewViolation(policy Policy, subject Subject, expired bool, account *Account) Violation

NewViolation creates a new Violation struct

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL