api

package
v1.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2021 License: AGPL-3.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TemplateBucket = "panther-public-cloudformation-templates"

	LogAnalysisStackNameTemplate = "panther-log-analysis-setup-%s"
	CloudSecStackName            = "panther-cloudsec-setup"
)
View Source 
const (
	LambdaName = "panther-source-api"
)

Variables

This section is empty.

Functions

func ManageBucketNotifications added in v1.16.0 

func ManageBucketNotifications(dbClient *ddb.DDB, panther pantherDeployment, source *models.SourceIntegration) error

Creates the necessary AWS resources (topic, subscription to Panther queue) and configures the bucket notifications for the source's bucket. For every different (and non overlapping) s3 prefix, there should be a bucket notification. Note: There may be multiple sources with the same bucket in the db. The s3 prefixes from all of them are taken into account, so that the resulting bucket configuration satisfies them all.

This function can be run either for creating or updating bucket notifications and is idempotent.

func RemoveBucketNotifications added in v1.16.0 

func RemoveBucketNotifications(dbClient *ddb.DDB, panther pantherDeployment, source models.SourceIntegration) error

RemoveBucketNotifications removes the bucket notifications that are required to match the s3 prefixes of source.

Types

type API 

type API struct {
	AwsSession              *session.Session
	DdbClient               *ddb.DDB
	SqsClient               sqsiface.SQSAPI
	TemplateS3Client        s3iface.S3API
	LambdaClient            lambdaiface.LambdaAPI
	Config                  Config
	EvaluateIntegrationFunc func(integration *models.CheckIntegrationInput) (string, bool, error)
}

API provides receiver methods for each route handler.

func Setup added in v1.2.0 

func Setup() *API

Setup parses the environment and constructs AWS and http clients on a cold Lambda start. All required environment variables must be present or this function will panic.

func (*API) AddSourceAsLambdaTrigger added in v1.16.0 

func (api *API) AddSourceAsLambdaTrigger(integrationID string) error

func (*API) AllowExternalSnsTopicSubscription added in v1.16.0 

func (api *API) AllowExternalSnsTopicSubscription(accountID string) error

AllowExternalSnsTopicSubscription modifies the SQS Queue policy of the Log Processor to allow SNS topic from new account to subscribe to it

func (*API) AllowInputDataBucketSubscription added in v1.16.0 

func (api *API) AllowInputDataBucketSubscription() error

Some of the integrations send data to an S3 bucket managed by Panther. This bucket is a staging bucket where data are stored temporarily until Log Processor picks them up. This function updates the log processor SQS queue permissions to allow it to receive event notifications from that bucket.

func (*API) CheckIntegration 

func (api *API) CheckIntegration(input *models.CheckIntegrationInput) (*models.SourceIntegrationHealth, error)

CheckIntegration adds a set of new integrations in a batch.

func (*API) CreateSourceSqsQueue added in v1.16.0 

func (api *API) CreateSourceSqsQueue(integrationID string, allowedPrincipalArns []string, allowedSourceArns []string) error

Creates a source SQS queue The new queue will allow the provided AWS principals and Source ARNs to send data to it

func (*API) DeleteIntegration 

func (api *API) DeleteIntegration(input *models.DeleteIntegrationInput) error

DeleteIntegration deletes a specific integration.

func (*API) DeleteSourceSqsQueue added in v1.16.0 

func (api *API) DeleteSourceSqsQueue(integrationID string) error

Deletes a source SQS queue

func (*API) DisableExternalSnsTopicSubscription added in v1.16.0 

func (api *API) DisableExternalSnsTopicSubscription(accountID string) error

DisableExternalSnsTopicSubscription modifies the SQS Queue policy of the Log Processor so that SNS topics from that account cannot subscribe to the queue

func (*API) FullScan added in v1.2.1 

func (api *API) FullScan(input *models.FullScanInput) error

FullScan schedules scans for each Resource type for each integration.

Each Resource type is sent within its own SQS message.

func (*API) GetIntegrationTemplate 

func (api *API) GetIntegrationTemplate(input *models.GetIntegrationTemplateInput) (*models.SourceIntegrationTemplate, error)

GetIntegrationTemplate generates a new satellite account CloudFormation template based on the given parameters.

func (*API) ListIntegrations 

func (api *API) ListIntegrations(
	input *models.ListIntegrationsInput) ([]*models.SourceIntegration, error)

ListIntegrations returns all enabled integrations.

func (*API) ListLogTypes added in v1.12.0 

func (api *API) ListLogTypes(_ *models.ListLogTypesInput) (*models.ListLogTypesOutput, error)

ListLogTypes gets the current set of logTypes in use

func (*API) PutIntegration 

func (api *API) PutIntegration(input *models.PutIntegrationInput) (newIntegration *models.SourceIntegration, err error)

PutIntegration adds a set of new integrations in a batch.

func (*API) RemoveSourceFromLambdaTrigger added in v1.16.0 

func (api *API) RemoveSourceFromLambdaTrigger(integrationID string) error

func (*API) SourceSqsQueueArn added in v1.16.0 

func (api *API) SourceSqsQueueArn(integrationID string) string

Returns the URL of an SQS queue source

func (*API) SourceSqsQueueURL added in v1.16.0 

func (api *API) SourceSqsQueueURL(integrationID string) string

Returns the URL of an SQS queue source

func (*API) UpdateIntegrationLastScanEnd 

func (api *API) UpdateIntegrationLastScanEnd(input *models.UpdateIntegrationLastScanEndInput) error

UpdateIntegrationLastScanEnd updates an integration when a scan ends.

func (*API) UpdateIntegrationLastScanStart 

func (api *API) UpdateIntegrationLastScanStart(input *models.UpdateIntegrationLastScanStartInput) error

UpdateIntegrationLastScanStart updates an integration when a new scan is started.

func (*API) UpdateIntegrationSettings 

func (api *API) UpdateIntegrationSettings(input *models.UpdateIntegrationSettingsInput) (*models.SourceIntegration, error)

UpdateIntegrationSettings makes an update to an integration from the UI.

This endpoint updates attributes such as the behavior of the integration, or display information.

func (*API) UpdateSourceSqsQueue added in v1.16.0 

func (api *API) UpdateSourceSqsQueue(integrationID string, allowedPrincipalArns []string, allowedSourceArns []string) error

Updates Source SQS queue with new permissions

func (*API) UpdateStatus added in v1.5.1 

func (api *API) UpdateStatus(input *models.UpdateStatusInput) error

It updates the status of an integration

type Config added in v1.16.0 

type Config struct {
	AccountID                  string `required:"true" split_words:"true"`
	AWSPartition               string `required:"true" envconfig:"aws_partition"`
	DataCatalogUpdaterQueueURL string `required:"true" split_words:"true"`
	Debug                      bool   `required:"false"`
	LogProcessorQueueURL       string `required:"true" split_words:"true"`
	LogProcessorQueueArn       string `required:"true" split_words:"true"`
	InputDataRoleArn           string `required:"true" split_words:"true"`
	InputDataBucketName        string `required:"true" split_words:"true"`
	InputDataTopicArn          string `required:"true" split_words:"true"`
	SnapshotPollersQueueURL    string `required:"true" split_words:"true"`
	TableName                  string `required:"true" split_words:"true"`
	Version                    string `required:"true" split_words:"true"`
	// this is not populated by Env variables
	Region string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.