Documentation ¶
Index ¶
- Variables
- type ArmDetector
- type CfnDetector
- type DetectOptions
- type Detectable
- type Detector
- type Directory
- type File
- type HclConfiguration
- type IACConfiguration
- type KubernetesDetector
- type Loader
- type Location
- type LocationStack
- type MultiDetector
- type SourceInfoNode
- type TfDetector
- type TfPlanDetector
- type TfStateDetector
- type Type
- type Types
- type WalkFunc
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var Any = &Type{ Name: "any", Children: Types{ Arm, CloudFormation, Kubernetes, Terraform, }, }
Any is an aggregate type that contains all known input types.
var Arm = &Type{
Name: "arm",
}
Arm represents Azure Resource Manager template inputs.
var Auto = &Type{ Name: "auto", Children: Types{ Arm, CloudFormation, Kubernetes, TerraformHCL, TerraformPlan, TerraformState, }, }
Auto is an aggregate type that contains all of the IaC input types that this package supports.
var CloudFormation = &Type{ Name: "cfn", Aliases: []string{"cloudformation"}, }
CloudFormation represents CloudFormation template inputs.
var CloudScan = &Type{ Name: "cloud_scan", Aliases: []string{"cloud-scan"}, Children: Types{ TerraformState, }, }
CloudScan represents inputs from a Snyk Cloud Scan.
var FailedToParseInput = errors.New("Failed to parse input")
FailedToParseInput indicates that a detector failed to parse a specific input.
var InvalidInput = errors.New("Invalid input for input type")
InvalidInput indicates that an input does not match the expected format.
var Kubernetes = &Type{ Name: "k8s", Aliases: []string{"kubernetes"}, }
Kubernetes represents Kubernetes manifest inputs.
var SupportedInputTypes = Types{ Auto, Arm, CloudFormation, Kubernetes, TerraformHCL, TerraformPlan, TerraformState, }
SupportedInputTypes contains all of the input types that this package has detectors for.
var Terraform = &Type{ Name: "tf", Aliases: []string{"terraform"}, Children: Types{ TerraformHCL, TerraformPlan, CloudScan, }, }
Terraform is an aggregate input type that encompasses all input types that contain Terraform resource types.
var TerraformHCL = &Type{ Name: "tf_hcl", Aliases: []string{"tf-hcl"}, }
TerraformHCL represents Terraform HCL source code inputs.
var TerraformPlan = &Type{ Name: "tf_plan", Aliases: []string{"tf-plan"}, }
TerraformPlan represents Terraform Plan JSON inputs.
var TerraformState = &Type{ Name: "tf_state", Aliases: []string{"tf-state"}, }
TerraformState represents Terraform State JSON inputs.
var UnableToReadDir = errors.New("Unable to read directory")
UnableToReadDir indicates that a file could not be read.
var UnableToReadFile = errors.New("Unable to read file")
UnableToReadFile indicates that a file could not be read.
var UnableToResolveLocation = errors.New("Unable to resolve location")
UnableToResolveLocation indicates that a detector could not resolve the location of the given resource / attribute path.
var UnrecognizedFileExtension = errors.New("Unrecognized file extension")
UnrecognizedFileExtension indicates that a detector was invoked on a file which does not have a recognized file extension.
var UnsupportedInputType = errors.New("Unsupported input type")
UnsupportedInputType indicates that a particular InputType is not supported by this package.
Functions ¶
This section is empty.
Types ¶
type ArmDetector ¶
type ArmDetector struct{}
func (*ArmDetector) DetectDirectory ¶
func (c *ArmDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)
func (*ArmDetector) DetectFile ¶
func (c *ArmDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)
type CfnDetector ¶
type CfnDetector struct{}
func (*CfnDetector) DetectDirectory ¶
func (c *CfnDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)
func (*CfnDetector) DetectFile ¶
func (c *CfnDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)
type DetectOptions ¶
type DetectOptions struct { // IgnoreExt instructs the detector to ignore file extensions. IgnoreExt bool // VarFiles contains paths to variable files that should be included in the // configurations that the detector parses. VarFiles []string }
DetectOptions are options passed to the configuration detectors.
type Detectable ¶
type Detectable interface { DetectType(d Detector, opts DetectOptions) (IACConfiguration, error) GetPath() string }
Detectable is a generic interface to represent inputs for a ConfigurationDetector.
func NewDetectable ¶
func NewDetectable(fs afero.Fs, path string) (Detectable, error)
NewDetectable is a helper to produce one of the concrete Detectable implementations from the given path.
type Detector ¶
type Detector interface { // DetectDirectory attempts to detect an IaC configuration in the given directory. // If no configuration is detected and no errors occurred, this method is expected // to return nil, nil. DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error) // DetectDirectory attempts to detect an IaC configuration in the given file. If // no configuration is detected and no errors occurred, this method is expected to // return nil, nil. DetectFile(i *File, opts DetectOptions) (IACConfiguration, error) }
Detector implements the visitor part of the visitor pattern for the concrete Detectable implementations. A Detector implementation must contain functions to visit both directories and files. An empty implementation must return nil, nil to indicate that the InputPath has been ignored.
func DetectorByInputTypes ¶
DetectorByInputTypes returns a concrete detector implementation for the given input types.
type Directory ¶
Directory is a Detectable implementation that represents a directory.
func (*Directory) Children ¶
func (d *Directory) Children() ([]Detectable, error)
Children returns the contents of this directory.
func (*Directory) DetectType ¶
func (d *Directory) DetectType(c Detector, opts DetectOptions) (IACConfiguration, error)
DetectType will invoke the given detector on this directory.
type File ¶
File is a Detectable implementation that represents a file.
func (*File) DetectType ¶
func (f *File) DetectType(d Detector, opts DetectOptions) (IACConfiguration, error)
DetectType will invoke the given detector on this file.
type HclConfiguration ¶
type HclConfiguration struct {
// contains filtered or unexported fields
}
func (*HclConfiguration) Errors ¶
func (c *HclConfiguration) Errors() []error
func (*HclConfiguration) LoadedFiles ¶
func (c *HclConfiguration) LoadedFiles() []string
func (*HclConfiguration) Location ¶
func (c *HclConfiguration) Location(path []interface{}) (LocationStack, error)
func (*HclConfiguration) ToState ¶
func (c *HclConfiguration) ToState() models.State
func (*HclConfiguration) Type ¶
func (l *HclConfiguration) Type() *Type
type IACConfiguration ¶
type IACConfiguration interface { // ToState() returns the input for the rule engine. ToState() models.State // LoadedFiles are all of the files contained within this configuration. LoadedFiles() []string // Location resolves an attribute path to to a file, line and column. // If we are working with a resource-based input, the first three elements // of the attributePath are: resource namespace, type, and ID. Location(attributePath []interface{}) (LocationStack, error) // Some files may load but still have errors in them. You can retrieve // them here. Errors() []error // Type returns the *input.Type of this configuration Type() *Type }
IACConfiguration is a loaded IaC Configuration.
type KubernetesDetector ¶
type KubernetesDetector struct{}
func (*KubernetesDetector) DetectDirectory ¶
func (c *KubernetesDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)
func (*KubernetesDetector) DetectFile ¶
func (c *KubernetesDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)
type Loader ¶
type Loader struct {
// contains filtered or unexported fields
}
Loader loads and collects IaC configurations using a given Detector. It provides methods to load and transform configurations into the format expected by the engine package.
func (*Loader) Load ¶
func (l *Loader) Load(detectable Detectable, detectOpts DetectOptions) (bool, error)
Load invokes this Loader's detector on an input and stores any resulting configuration. This method will return true if a configuration is detected and loaded and false otherwise.
Example ¶
package main import ( "fmt" "github.com/snyk/policy-engine/pkg/input" "github.com/spf13/afero" ) func main() { detector, err := input.DetectorByInputTypes(input.Types{input.Auto}) if err != nil { // ... } loader := input.NewLoader(detector) testInputs := input.Directory{ Fs: afero.OsFs{}, Path: "test_inputs/data", } walkFunc := func(d input.Detectable, depth int) (skip bool, err error) { return loader.Load(d, input.DetectOptions{}) } testInputs.Walk(walkFunc) fmt.Println(loader.Count()) }
Output: 7
type LocationStack ¶
type LocationStack = []Location
LocationStack represents a stack of Locations. It is conceptually similar to a call stack. An example of when we would have more than one location for a resource or attribute:
attribute "foo" at line 4... included in "rds" module at line 8... included in "main" module at line 3...
These are stored as a call stack, with the most specific location in the first position, and the "root of the call stack" at the last position.
type MultiDetector ¶
type MultiDetector struct {
// contains filtered or unexported fields
}
func NewMultiDetector ¶
func NewMultiDetector(detectors ...Detector) *MultiDetector
func (*MultiDetector) DetectDirectory ¶
func (a *MultiDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)
func (*MultiDetector) DetectFile ¶
func (a *MultiDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)
type SourceInfoNode ¶
type SourceInfoNode struct {
// contains filtered or unexported fields
}
func LoadMultiSourceInfoNode ¶
func LoadMultiSourceInfoNode(contents []byte) ([]SourceInfoNode, error)
LoadMultiSourceInfoNode parses YAML documents with multiple entries, or normal single YAML/JSON documents.
func LoadSourceInfoNode ¶
func LoadSourceInfoNode(contents []byte) (*SourceInfoNode, error)
func (*SourceInfoNode) GetIndex ¶
func (node *SourceInfoNode) GetIndex(index int) (*SourceInfoNode, error)
func (*SourceInfoNode) GetKey ¶
func (node *SourceInfoNode) GetKey(key string) (*SourceInfoNode, error)
func (*SourceInfoNode) GetPath ¶
func (node *SourceInfoNode) GetPath(path []interface{}) (*SourceInfoNode, error)
GetPath tries to retrieve a path as far as possible.
func (*SourceInfoNode) Location ¶
func (node *SourceInfoNode) Location() (int, int)
type TfDetector ¶
type TfDetector struct{}
This is the loader that supports reading files and directories of HCL (.tf) files. The implementation is in the `./pkg/hcl_interpreter/` package in this repository: this file just wraps that. That directory also contains a README explaining how everything fits together.
func (*TfDetector) DetectDirectory ¶
func (t *TfDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)
func (*TfDetector) DetectFile ¶
func (t *TfDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)
type TfPlanDetector ¶
type TfPlanDetector struct{}
func (*TfPlanDetector) DetectDirectory ¶
func (t *TfPlanDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)
func (*TfPlanDetector) DetectFile ¶
func (t *TfPlanDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)
type TfStateDetector ¶
type TfStateDetector struct{}
func (*TfStateDetector) DetectDirectory ¶
func (t *TfStateDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)
func (*TfStateDetector) DetectFile ¶
func (t *TfStateDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)
type Type ¶
type Type struct { // Name is the primary name for this input type. This is the field to use when input // types need to be serialized to a string. Name string // Aliases are alternate, case-insensitive names for this input type. Aliases []string // Children are input types encompassed by this input type. This field can be used // to define aggregate input types. Children Types }
Type represents one or more types of inputs.
type Types ¶
type Types []*Type
Types is a slice of Type struct.
type WalkFunc ¶
type WalkFunc func(d Detectable, depth int) (skip bool, err error)
WalkFunc is a callback that's invoked on each descendent of an Directory. It returns a boolean that, when true, indicates that the caller should not call d.Walk() on this detectable. The depth argument is a 0-based representation of how many directories have been traversed since the original Walk call.