pike

package
v0.3.31 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2025 License: Apache-2.0 Imports: 44 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultPolicyName = "terraform_pike"
	DefaultProject    = "pike"
	DefaultRoleID     = "terraform_pike"
)
View Source 
const Allow = "Allow"
View Source 
const PollIntervalSeconds int = 5
View Source 
const Version = "9.9.9"

Version controls the applications version

Variables

View Source 
var AWSAcmCertificate []byte
View Source 
var GoogleSpannerDatabase []byte
View Source 
var GoogleSpannerDatabaseIam []byte
View Source 
var GoogleSpannerInstance []byte
View Source 
var GoogleSpannerInstanceIam []byte

Functions

func AZUREPolicy 

func AZUREPolicy(permissions []string, policyName string) (string, error)

AZUREPolicy creates an Azure role definition. permissions: slice of Azure permission strings in format "action:resource" Returns the policy definition as a string or an error if generation fails.

func AlmostEqual added in v0.2.96 

func AlmostEqual(a, b float64) bool

func Apply 

func Apply(target string, region string) error

Apply executes tf using a prepared role.

func AwsDataLookup added in v0.2.113 

func AwsDataLookup(find string) interface{}

AwsDataLookup is a map to connect resource name to an object map

func AwsLookup added in v0.2.94 

func AwsLookup(name string) interface{}

func AzureDataLookup added in v0.2.94 

func AzureDataLookup(name string) interface{}

func AzureLookup added in v0.2.94 

func AzureLookup(name string) interface{}

func Compare 

func Compare(directory string, arn string, init bool) (bool, error)

Compare IAC codebase to AWS policy.

func CompareIAMPolicy 

func CompareIAMPolicy(policy string, oldPolicy string) (bool, error)

CompareIAMPolicy takes two IAM policies and compares.

func Contains added in v0.2.76 

func Contains(s []string, e string) bool

Contains looks if slice contains string.

func EncryptPlaintext added in v0.2.76 

func EncryptPlaintext(plaintext string, publicKeyB64 string) ([]byte, error)

EncryptPlaintext standard encryption.

func FileExists added in v0.2.76 

func FileExists(filename string) bool

FileExists looks for a file.

func GCPDataLookup added in v0.2.94 

func GCPDataLookup(result string) interface{}

func GCPLookup added in v0.2.94 

func GCPLookup(result string) interface{}

func GCPPolicy 

func GCPPolicy(permissions []string) (policy string, err error)

GCPPolicy create an IAM policy.

func GetAWSDataPermissions 

func GetAWSDataPermissions(result ResourceV2) ([]string, error)

GetAWSDataPermissions gets permissions required for datasource's.

func GetAWSPermissions 

func GetAWSPermissions(result ResourceV2) ([]string, error)

GetAWSPermissions for AWS resources.

func GetAWSResourcePermissions 

func GetAWSResourcePermissions(result ResourceV2) ([]string, error)

GetAWSResourcePermissions looks up permissions required for resources

func GetAZUREDataPermissions 

func GetAZUREDataPermissions(result ResourceV2) ([]string, error)

GetAZUREDataPermissions gets permissions required for datasources.

func GetAZUREPermissions 

func GetAZUREPermissions(result ResourceV2) ([]string, error)

GetAZUREPermissions for GCP resources.

func GetAZUREResourcePermissions 

func GetAZUREResourcePermissions(result ResourceV2) ([]string, error)

GetAZUREResourcePermissions looks up permissions required for resources.

func GetBlockAttributes 

func GetBlockAttributes(attributes []string, block *hclsyntax.Block) []string

GetBlockAttributes walks through a blocks getting all blocks and attributes.

func GetGCPDataPermissions 

func GetGCPDataPermissions(result ResourceV2) ([]string, error)

GetGCPDataPermissions gets permissions required for datasources.

func GetGithubClient added in v0.2.76 

func GetGithubClient() (context.Context, *github.Client)

GetGithubClient instantiate and return a client object for GitHub.

func GetHCLType 

func GetHCLType(resourceName string) string

GetHCLType gets the resource Name.

func GetModulePath 

func GetModulePath(block *hclsyntax.Block) string

GetModulePath extracts the source location from a module.

func GetPermissionMap 

func GetPermissionMap(raw []byte, attributes []string, resource string) ([]string, error)

GetPermissionMap Anonymous parsing.

func GetPolicyVersion 

func GetPolicyVersion(client *iam.Client, policyArn string, version string) (*string, error)

GetPolicyVersion Obtains the versioned IAM policy.

func GetPublicKeyDetails added in v0.2.76 

func GetPublicKeyDetails(owner string, repository string) (string, string, error)

GetPublicKeyDetails obtains the public key of the owner.

func GetResourceBlocks 

func GetResourceBlocks(file string) (*hclsyntax.Body, error)

GetResourceBlocks breaks down a file into resources.

func GetTF 

func GetTF(dirName string) ([]string, error)

GetTF return tf files in a directory.

func GetTFFiles added in v0.2.76 

func GetTFFiles(dirName string) ([]string, error)

GetTFFiles get tf files in directory.

func GetVersion 

func GetVersion(client *iam.Client, policyArn string) (*string, error)

GetVersion gets the version of the IAM policy.

func Init 

func Init(dirName string) (*string, []string, error)

Init can download and install terraform if required and then terraform init your specified directory.

func InvokeGithubDispatchEvent 

func InvokeGithubDispatchEvent(repository string, workflowFileName string, branch string) error

InvokeGithubDispatchEvent uses your GitHub api key (if sufficiently enabled) to invoke a GitHub action workflow.

func IsTypeOK added in v0.3.29 

func IsTypeOK(mappings interface{}) (map[string]interface{}, error)

func LocateTerraform 

func LocateTerraform() (string, error)

LocateTerraform finds the Terraform executable or installs it.

func Make 

func Make(directory string) (*string, error)

Make creates the required role.

func RandSeq added in v0.2.76 

func RandSeq(n int) string

RandSeq generate a random sequence.

func Readme 

func Readme(dirName string, output string, init bool, autoAppend bool) error

Readme Updates a README.md file.

func Remote 

func Remote(target string, repository string, region string) error

Remote updates a repo with AWS credentials.

func ReplaceSection 

func ReplaceSection(source string, middle string, autoadd bool) error

ReplaceSection find a section in a readme and replaces the section.

func Repository added in v0.2.108 

func Repository(repository, destination, directory, output string, init, write, enableResources bool) error

func Scan 

func Scan(dirName string, output string, file *string, init bool, write bool, enableResources bool) error

Scan looks for resources in a given directory.

func SetRepoSecret 

func SetRepoSecret(repository string, keyText string, keyName string) (*github.Response, error)

SetRepoSecret sets an encrypted GitHub action secret.

func ShowDifferences added in v0.3.29 

func ShowDifferences(policy string, compare diff.Diff) (bool, error)

func SortActions 

func SortActions(myPolicy string) (*string, error)

SortActions sorts the actions list of an IAM policy.

func SplitHub added in v0.2.76 

func SplitHub(repository string) (string, string, error)

SplitHub return details from url.

func StringInSlice added in v0.2.76 

func StringInSlice(a string, list []string) bool

StringInSlice looks for item in slice.

func Unique added in v0.2.76 

func Unique(s []string) []string

Unique make slice unique.

func VerifyBranch added in v0.2.48 

func VerifyBranch(client *github.Client, owner string, repo string, branch string) error

VerifyBranch checks that a branch exists in a repo.

func VerifyURL added in v0.2.48 

func VerifyURL(url string) error

VerifyURL tests a url.

func WaitForPolicyChange 

func WaitForPolicyChange(client *iam.Client, arn string, version string, wait, pollInterval int) (int, error)

WaitForPolicyChange looks at IAM policy change.

func Watch 

func Watch(arn string, wait int) error

Watch looks at IAM policy for new revisions.

func WriteOutput 

func WriteOutput(outPolicy OutputPolicy, output, location string) error

WriteOutput writes out the policy as json or terraform.

Types

type AwsOutput 

type AwsOutput struct {
	JSONOut   string
	Terraform string
}

AwsOutput structure.

func AWSPolicy 

func AWSPolicy(permissions []string, resources bool) (AwsOutput, error)

AWSPolicy create an IAM policy.

type OutputPolicy 

type OutputPolicy struct {
	AWS   AwsOutput
	GCP   string
	AZURE string
}

OutputPolicy is the main output type.

func GetPolicy 

func GetPolicy(actions Sorted, resources bool) (OutputPolicy, error)

GetPolicy creates new iam polices from a list of Permissions.

func MakePolicy 

func MakePolicy(dirName string, file *string, init bool, EnableResources bool) (OutputPolicy, error)

MakePolicy does the guts of determining a policy from code.

func (OutputPolicy) AsString 

func (out OutputPolicy) AsString(format string) string

AsString converts an object into string.

type Policy 

type Policy struct {
	Version    string      `json:"Version"`
	Statements []Statement `json:"Statement"`
}

Policy represents and creates IAM policy structure.

func NewAWSPolicy 

func NewAWSPolicy(actions []string, resources bool) (Policy, error)

NewAWSPolicy constructor.

type PolicyDiff added in v0.3.18 

type PolicyDiff struct {
	Over  []string
	Under []string
}

func CompareAllow added in v0.3.18 

func CompareAllow(identity Identity.IAM, policy Identity.Policy) (PolicyDiff, error)

func Inspect added in v0.3.18 

func Inspect(directory string, init bool) (PolicyDiff, error)

type ResourceV2 

type ResourceV2 struct {
	TypeName     string
	Name         string
	ResourceName string
	Provider     string
	Attributes   []string
}

ResourceV2 is what resources get parsed into.

func DetectBackend added in v0.2.65 

func DetectBackend(resource ResourceV2, block *hclsyntax.Block, resources []ResourceV2) ([]ResourceV2, error)

DetectBackend handles permissions for backend blocks.

func GetLocalModules added in v0.2.76 

func GetLocalModules(block *hclsyntax.Block, dirName string) ([]ResourceV2, error)

GetLocalModules return resource from a path.

func GetResources 

func GetResources(file string, dirName string) ([]ResourceV2, error)

GetResources retrieves all the resources in a tf file.

type Sorted 

type Sorted struct {
	AWS   []string
	GCP   []string
	AZURE []string
}

Sorted is to help split out permission to the relevant auth.

func GetPermission 

func GetPermission(result ResourceV2) (Sorted, error)

GetPermission determines the IAM permissions required and returns a list of permission.

type Statement 

type Statement struct {
	Sid      string   `json:"Sid"`
	Effect   string   `json:"Effect"`
	Action   []string `json:"Action"`
	Resource []string `json:"Resource"`
}

Statement is the core of an IAM policy.

func NewStatement 

func NewStatement(sid string, effect string, action []string, resource []string) Statement

NewStatement constructor.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.