iam

package

v1.8.1 Latest Latest Go to latest Published: Apr 11, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/padok-team/yatas-aws

Links

Open Source Insights

Documentation ¶

Overview ¶

Package policy provides a custom function to unmarshal AWS policies.

Index ¶

func CheckAgeAccessKeyLessThan90Days(checkConfig commons.CheckConfig, accessKeysForUsers []AccessKeysForUser, ...)
func CheckIf2FAActivated(checkConfig commons.CheckConfig, mfaForUsers []MFAForUser, testName string)
func CheckIfRoleCanElevateRights(checkConfig commons.CheckConfig, ...)
func CheckIfUserCanElevateRights(checkConfig commons.CheckConfig, ...)
func CheckIfUserLastPasswordUse120Days(checkConfig commons.CheckConfig, users []types.User, testName string)
func CheckPolicyForAllowInRequiredPermission(policies []Policy, requiredPermission [][]string) [][]string
func GetAllPolicyForRole(wg *sync.WaitGroup, queueCheck chan RolePolicies, s aws.Config, ...)
func GetAllPolicyForUser(wg *sync.WaitGroup, queueCheck chan UserPolicies, s aws.Config, ...)
func GetAllPolicyVersions(s aws.Config, policyArn *string) []types.PolicyVersion
func GetAllRoles(s aws.Config) []types.Role
func GetAllUsers(s aws.Config) []types.User
func GetPolicyAttachedToRole(s aws.Config, role types.Role) []types.AttachedPolicy
func GetPolicyAttachedToUser(s aws.Config, user types.User) []types.AttachedPolicy
func GetPolicyDocument(wg *sync.WaitGroup, queue chan *string, s aws.Config, policyArn *string)
func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, ...)
func SortPolicyVersions(policyVersions []types.PolicyVersion)
type AccessKeysForUser
- func GetAccessKeysForUsers(s aws.Config, u []types.User) []AccessKeysForUser
type MFAForUser
- func GetMfaForUsers(s aws.Config, u []types.User) []MFAForUser
type Policy
- func JsonDecodePolicyDocument(policyDocumentJson *string) Policy
- func (policyJSON *Policy) UnmarshalJSON(policy []byte) error
type RolePolicies
- func GetRolePolicies(roles []types.Role, s aws.Config) []RolePolicies
type RoleToPoliciesElevate
- func GetRoleToPoliciesElevate(rolePolicies []RolePolicies) []RoleToPoliciesElevate
type Statement
- func (statementJSON *Statement) Parse(statement map[string]interface{})
type UserPolicies
- func GetUserPolicies(users []types.User, s aws.Config) []UserPolicies
type UserToPoliciesElevate
- func GetUserToPoliciesElevate(userPolicies []UserPolicies) []UserToPoliciesElevate

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckAgeAccessKeyLessThan90Days ¶

func CheckAgeAccessKeyLessThan90Days(checkConfig commons.CheckConfig, accessKeysForUsers []AccessKeysForUser, testName string)

func CheckIf2FAActivated ¶

func CheckIf2FAActivated(checkConfig commons.CheckConfig, mfaForUsers []MFAForUser, testName string)

func CheckIfRoleCanElevateRights ¶

func CheckIfRoleCanElevateRights(checkConfig commons.CheckConfig, roleToPoliciesElevated []RoleToPoliciesElevate, testName string)

func CheckIfUserCanElevateRights ¶

func CheckIfUserCanElevateRights(checkConfig commons.CheckConfig, userToPolociesElevated []UserToPoliciesElevate, testName string)

func CheckIfUserLastPasswordUse120Days ¶

func CheckIfUserLastPasswordUse120Days(checkConfig commons.CheckConfig, users []types.User, testName string)

func CheckPolicyForAllowInRequiredPermission ¶

func CheckPolicyForAllowInRequiredPermission(policies []Policy, requiredPermission [][]string) [][]string

func GetAllPolicyForRole ¶

func GetAllPolicyForRole(wg *sync.WaitGroup, queueCheck chan RolePolicies, s aws.Config, role types.Role)

func GetAllPolicyForUser ¶

func GetAllPolicyForUser(wg *sync.WaitGroup, queueCheck chan UserPolicies, s aws.Config, user types.User)

func GetAllPolicyVersions ¶

func GetAllPolicyVersions(s aws.Config, policyArn *string) []types.PolicyVersion

func GetAllRoles ¶

func GetAllRoles(s aws.Config) []types.Role

func GetAllUsers ¶

func GetAllUsers(s aws.Config) []types.User

func GetPolicyAttachedToRole ¶

func GetPolicyAttachedToRole(s aws.Config, role types.Role) []types.AttachedPolicy

func GetPolicyAttachedToUser ¶

func GetPolicyAttachedToUser(s aws.Config, user types.User) []types.AttachedPolicy

func GetPolicyDocument ¶

func GetPolicyDocument(wg *sync.WaitGroup, queue chan *string, s aws.Config, policyArn *string)

func RunChecks ¶

func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check)

func SortPolicyVersions ¶

func SortPolicyVersions(policyVersions []types.PolicyVersion)

Types ¶

type AccessKeysForUser ¶

type AccessKeysForUser struct {
	UserName   string
	AccessKeys []types.AccessKeyMetadata
}

func GetAccessKeysForUsers ¶

func GetAccessKeysForUsers(s aws.Config, u []types.User) []AccessKeysForUser

type MFAForUser ¶

type MFAForUser struct {
	UserName string
	MFAs     []types.MFADevice
}

func GetMfaForUsers ¶

func GetMfaForUsers(s aws.Config, u []types.User) []MFAForUser

type Policy ¶

type Policy struct {
	Version    string      `json:"Version"`
	ID         string      `json:"ID,omitempty"`
	Statements []Statement `json:"Statement"`
}

Policy represents an AWS IAM policy document

func JsonDecodePolicyDocument ¶

func JsonDecodePolicyDocument(policyDocumentJson *string) Policy

func (*Policy) UnmarshalJSON ¶

func (policyJSON *Policy) UnmarshalJSON(policy []byte) error

UnmarshalJSON decodifies input JSON info to awsPolicy type

type RolePolicies ¶

type RolePolicies struct {
	RoleName string
	Policies []Policy
}

func GetRolePolicies ¶

func GetRolePolicies(roles []types.Role, s aws.Config) []RolePolicies

type RoleToPoliciesElevate ¶

type RoleToPoliciesElevate struct {
	RoleName string
	Policies [][]string
}

func GetRoleToPoliciesElevate ¶

func GetRoleToPoliciesElevate(rolePolicies []RolePolicies) []RoleToPoliciesElevate

type Statement ¶

type Statement struct {
	StatementID  string              `json:"StatementID,omitempty"`  // Statement ID, service specific
	Effect       string              `json:"Effect"`                 // Allow or Deny
	Principal    map[string][]string `json:"Principal,omitempty"`    // principal that is allowed or denied
	NotPrincipal map[string][]string `json:"NotPrincipal,omitempty"` // exception to a list of principals
	Action       []string            `json:"Action"`                 // allowed or denied action
	NotAction    []string            `json:"NotAction,omitempty"`    // matches everything except
	Resource     []string            `json:"Resource,omitempty"`     // object or objects that the statement covers
	NotResource  []string            `json:"NotResource,omitempty"`  // matches everything except
	Condition    []string            `json:"Condition,omitempty"`    // conditions for when a policy is in effect
}

Statement represents the body of an AWS IAM policy document

func (*Statement) Parse ¶

func (statementJSON *Statement) Parse(statement map[string]interface{})

Parse decodifies input JSON info into Statement type

type UserPolicies ¶

type UserPolicies struct {
	UserName string
	Policies []Policy
}

func GetUserPolicies ¶

func GetUserPolicies(users []types.User, s aws.Config) []UserPolicies

type UserToPoliciesElevate ¶

type UserToPoliciesElevate struct {
	UserName string
	Policies [][]string
}

func GetUserToPoliciesElevate ¶

func GetUserToPoliciesElevate(userPolicies []UserPolicies) []UserToPoliciesElevate

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL