Documentation ¶
Index ¶
- Constants
- type ActionType
- type Alert
- type AlertMeta
- type Configuration
- type DBClient
- func (db *DBClient) Close() error
- func (db *DBClient) DeleteAlert(ctx context.Context, alert *Alert) error
- func (db *DBClient) DeleteWhitelistedObject(ctx context.Context, whitelistedObject *WhitelistedObject) error
- func (db *DBClient) GetAlert(ctx context.Context, alertId string) (*Alert, error)
- func (db *DBClient) GetAllAlerts(ctx context.Context) ([]*Alert, error)
- func (db *DBClient) GetAllWhitelistedObjects(ctx context.Context) ([]*WhitelistedObject, error)
- func (db *DBClient) RemoveAlertsOlderThan(ctx context.Context, timeAgo time.Duration) error
- func (db *DBClient) RemoveExpiredWhitelistedObjects(ctx context.Context) error
- func (db *DBClient) SaveAlert(ctx context.Context, alert *Alert) error
- func (db *DBClient) SaveWhitelistedObject(ctx context.Context, whitelistedObject *WhitelistedObject) error
- type EscalationMailer
- type InteractionData
- type IprepdInstance
- type KMSClient
- type SESClient
- type SlashCommandData
- type StateField
- type TriggerData
- type WhitelistedObject
Constants ¶
View Source
const ( ALERT_NEW = "NEW" ALERT_ACKNOWLEDGED = "ACKNOWLEDGED" ALERT_ESCALATED = "ESCALATED" ESCALATE_TO = "escalate_to" )
View Source
const ( ALERT_NAMESPACE = "alerts" ALERT_KIND = ALERT_NAMESPACE WHITELISTED_OBJ_NAMESPACE = "whitelisted_object" )
View Source
const ( IP_TYPE = "ip" EMAIL_TYPE = "email" )
View Source
const (
EMAIL_CHAR_SET = "UTF-8"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActionType ¶
type ActionType string
const ( SlashCommand ActionType = "slash_command" Interaction ActionType = "interaction" ScheduledTask ActionType = "scheduled_task" )
type Alert ¶
type Alert struct { Id string `json:"id"` Severity string `json:"severity"` Category string `json:"category"` Summary string `json:"summary"` Payload string `json:"payload"` Metadata []*AlertMeta `json:"metadata"` Timestamp time.Time `json:"timestamp"` }
func StateToAlert ¶
func StateToAlert(sf *StateField) (*Alert, error)
func (*Alert) GetMetadata ¶
func (*Alert) PrettyPrint ¶
func (*Alert) SetMetadata ¶
type Configuration ¶
type Configuration struct { AwsAccessKeyId string `yaml:"aws_access_key_id"` AwsSecretAccessKey string `yaml:"aws_secret_access_key"` AwsRegion string `yaml:"aws_region"` SesSenderEmail string `yaml:"ses_sender_email"` DefaultEscalationEmail string `yaml:"default_escalation_email"` AlertEscalationTTL time.Duration `yaml:"alert_escalation_ttl"` SlackAuthToken string `yaml:"slack_auth_token"` SlackChannelId string `yaml:"slack_channel_id"` PersonsClientId string `yaml:"persons_client_id"` PersonsClientSecret string `yaml:"persons_client_secret"` PersonsBaseURL string `yaml:"persons_base_url"` PersonsAuth0URL string `yaml:"persons_auth0_url"` AllowedLDAPGroups []string `yaml:"allowed_ldap_groups"` IprepdInstances []IprepdInstance `yaml:"iprepd_instances"` Auth0Domain string `yaml:"auth0_domain"` Auth0ClientId string `yaml:"auth0_client_id"` Auth0ClientSecret string `yaml:"auth0_client_secret"` }
Configuration is a generic config structure for lambda functions and cloudfunctions. The LoadFrom function will load a yaml file in from either a local file or from GCS. If it is encrypted with sops, it will decrypt it.
func (*Configuration) LoadFrom ¶
func (c *Configuration) LoadFrom(path string) error
type DBClient ¶
type DBClient struct {
// contains filtered or unexported fields
}
func (*DBClient) DeleteAlert ¶
func (*DBClient) DeleteWhitelistedObject ¶
func (db *DBClient) DeleteWhitelistedObject(ctx context.Context, whitelistedObject *WhitelistedObject) error
func (*DBClient) GetAllAlerts ¶
func (*DBClient) GetAllWhitelistedObjects ¶
func (db *DBClient) GetAllWhitelistedObjects(ctx context.Context) ([]*WhitelistedObject, error)
func (*DBClient) RemoveAlertsOlderThan ¶
func (*DBClient) RemoveExpiredWhitelistedObjects ¶
func (*DBClient) SaveWhitelistedObject ¶
func (db *DBClient) SaveWhitelistedObject(ctx context.Context, whitelistedObject *WhitelistedObject) error
type EscalationMailer ¶
type EscalationMailer interface { SendEscalationEmail(alert *Alert) error Send911Email(caller string, msg string) error DefaultEscalationEmail() string }
EscalationMailer formats and sends necessary emails for notifications
type InteractionData ¶
type IprepdInstance ¶
type KMSClient ¶
type KMSClient struct {
// contains filtered or unexported fields
}
func NewKMSClient ¶
func (*KMSClient) DecryptEnvVar ¶
type SESClient ¶
type SESClient struct {
// contains filtered or unexported fields
}
func NewSESClient ¶
func NewSESClientFromConfig ¶
func NewSESClientFromConfig(config *Configuration) (*SESClient, error)
func (*SESClient) DefaultEscalationEmail ¶
DefaultEscalationEmail returns the default value to which emails are sent
func (*SESClient) Send911Email ¶
Send911Email sends an email notification to the default escalation email with a message from the slack slash command invocation
func (*SESClient) SendEscalationEmail ¶
SendEscalationEmail sends an email notification with an alert that needs to be escalated
type SlashCommandData ¶
type StateField ¶
type StateField struct {
State string `datastore:"state,noindex" json:"state"`
}
func AlertToState ¶
func AlertToState(a *Alert) (*StateField, error)
func WhitelistedObjectToState ¶
func WhitelistedObjectToState(wobj *WhitelistedObject) (*StateField, error)
type TriggerData ¶
type TriggerData struct { Action ActionType `json:"action_type"` SlashCommand SlashCommandData `json:"slash_command,omitempty"` Interaction InteractionData `json:"interaction,omitempty"` }
func PubSubMessageToTriggerData ¶
func PubSubMessageToTriggerData(psmsg pubsub.Message) (*TriggerData, error)
func (*TriggerData) ToPubSubMessage ¶
func (td *TriggerData) ToPubSubMessage() (*pubsub.Message, error)
type WhitelistedObject ¶
type WhitelistedObject struct { Object string `json:"object"` Type string `json:"type"` ExpiresAt time.Time `json:"expires_at"` CreatedBy string `json:"created_by"` }
func NewWhitelistedObject ¶
func StateToWhitelistedObject ¶
func StateToWhitelistedObject(sf *StateField) (*WhitelistedObject, error)
func (*WhitelistedObject) IsExpired ¶
func (wo *WhitelistedObject) IsExpired() bool
Source Files ¶
Click to show internal directories.
Click to hide internal directories.