input

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 29, 2022 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source
var Any = &Type{
	Name: "any",
	Children: Types{
		Arm,
		CloudFormation,
		Kubernetes,
		Terraform,
	},
}

Any is an aggregate type that contains all known input types.

View Source
var Arm = &Type{
	Name: "arm",
}

Arm represents Azure Resource Manager template inputs.

View Source
var Auto = &Type{
	Name: "auto",
	Children: Types{
		Arm,
		CloudFormation,
		Kubernetes,
		TerraformHCL,
		TerraformPlan,
		TerraformState,
	},
}

Auto is an aggregate type that contains all of the IaC input types that this package supports.

View Source
var CloudFormation = &Type{
	Name:    "cfn",
	Aliases: []string{"cloudformation"},
}

CloudFormation represents CloudFormation template inputs.

View Source
var CloudScan = &Type{
	Name:    "cloud_scan",
	Aliases: []string{"cloud-scan"},
	Children: Types{
		TerraformState,
	},
}

CloudScan represents inputs from a Snyk Cloud Scan.

View Source
var FailedToParseInput = errors.New("Failed to parse input")

FailedToParseInput indicates that a detector failed to parse a specific input.

View Source
var InvalidInput = errors.New("Invalid input for input type")

InvalidInput indicates that an input does not match the expected format.

View Source
var Kubernetes = &Type{
	Name:    "k8s",
	Aliases: []string{"kubernetes"},
}

Kubernetes represents Kubernetes manifest inputs.

SupportedInputTypes contains all of the input types that this package has detectors for.

View Source
var Terraform = &Type{
	Name:    "tf",
	Aliases: []string{"terraform"},
	Children: Types{
		TerraformHCL,
		TerraformPlan,
		CloudScan,
	},
}

Terraform is an aggregate input type that encompasses all input types that contain Terraform resource types.

View Source
var TerraformHCL = &Type{
	Name:    "tf_hcl",
	Aliases: []string{"tf-hcl"},
}

TerraformHCL represents Terraform HCL source code inputs.

View Source
var TerraformPlan = &Type{
	Name:    "tf_plan",
	Aliases: []string{"tf-plan"},
}

TerraformPlan represents Terraform Plan JSON inputs.

View Source
var TerraformState = &Type{
	Name:    "tf_state",
	Aliases: []string{"tf-state"},
}

TerraformState represents Terraform State JSON inputs.

View Source
var UnableToReadDir = errors.New("Unable to read directory")

UnableToReadDir indicates that a file could not be read.

View Source
var UnableToReadFile = errors.New("Unable to read file")

UnableToReadFile indicates that a file could not be read.

View Source
var UnableToResolveLocation = errors.New("Unable to resolve location")

UnableToResolveLocation indicates that a detector could not resolve the location of the given resource / attribute path.

View Source
var UnrecognizedFileExtension = errors.New("Unrecognized file extension")

UnrecognizedFileExtension indicates that a detector was invoked on a file which does not have a recognized file extension.

View Source
var UnsupportedInputType = errors.New("Unsupported input type")

UnsupportedInputType indicates that a particular InputType is not supported by this package.

Functions

This section is empty.

Types

type ArmDetector

type ArmDetector struct{}

func (*ArmDetector) DetectDirectory

func (c *ArmDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*ArmDetector) DetectFile

func (c *ArmDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type CfnDetector

type CfnDetector struct{}

func (*CfnDetector) DetectDirectory

func (c *CfnDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*CfnDetector) DetectFile

func (c *CfnDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type DetectOptions

type DetectOptions struct {
	// IgnoreExt instructs the detector to ignore file extensions.
	IgnoreExt bool
	// VarFiles contains paths to variable files that should be included in the
	// configurations that the detector parses.
	VarFiles []string
}

DetectOptions are options passed to the configuration detectors.

type Detectable

type Detectable interface {
	DetectType(d Detector, opts DetectOptions) (IACConfiguration, error)
	GetPath() string
}

Detectable is a generic interface to represent inputs for a ConfigurationDetector.

func NewDetectable

func NewDetectable(fs afero.Fs, path string) (Detectable, error)

NewDetectable is a helper to produce one of the concrete Detectable implementations from the given path.

type Detector

type Detector interface {
	// DetectDirectory attempts to detect an IaC configuration in the given directory.
	// If no configuration is detected and no errors occurred, this method is expected
	// to return nil, nil.
	DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)
	// DetectDirectory attempts to detect an IaC configuration in the given file. If
	// no configuration is detected and no errors occurred, this method is expected to
	// return nil, nil.
	DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)
}

Detector implements the visitor part of the visitor pattern for the concrete Detectable implementations. A Detector implementation must contain functions to visit both directories and files. An empty implementation must return nil, nil to indicate that the InputPath has been ignored.

func DetectorByInputTypes

func DetectorByInputTypes(inputTypes Types) (Detector, error)

DetectorByInputTypes returns a concrete detector implementation for the given input types.

type Directory

type Directory struct {
	Path string
	Fs   afero.Fs
	// contains filtered or unexported fields
}

Directory is a Detectable implementation that represents a directory.

func (*Directory) Children

func (d *Directory) Children() ([]Detectable, error)

Children returns the contents of this directory.

func (*Directory) DetectType

func (d *Directory) DetectType(c Detector, opts DetectOptions) (IACConfiguration, error)

DetectType will invoke the given detector on this directory.

func (*Directory) GetPath

func (d *Directory) GetPath() string

GetPath returns this directory's path.

func (*Directory) Walk

func (d *Directory) Walk(w WalkFunc) error

Walk will recursively traverse the contents of this directory and invoke the given WalkFunc on each entry.

type File

type File struct {
	Path string
	Fs   afero.Fs
	// contains filtered or unexported fields
}

File is a Detectable implementation that represents a file.

func (*File) Contents

func (f *File) Contents() ([]byte, error)

Contents returns the contents of this file

func (*File) DetectType

func (f *File) DetectType(d Detector, opts DetectOptions) (IACConfiguration, error)

DetectType will invoke the given detector on this file.

func (*File) Ext

func (f *File) Ext() string

Ext returns this file's extension.

func (*File) GetPath

func (f *File) GetPath() string

GetPath returns this file's path.

type HclConfiguration

type HclConfiguration struct {
	// contains filtered or unexported fields
}

func (*HclConfiguration) Errors

func (c *HclConfiguration) Errors() []error

func (*HclConfiguration) LoadedFiles

func (c *HclConfiguration) LoadedFiles() []string

func (*HclConfiguration) Location

func (c *HclConfiguration) Location(path []interface{}) (LocationStack, error)

func (*HclConfiguration) ToState

func (c *HclConfiguration) ToState() models.State

func (*HclConfiguration) Type

func (l *HclConfiguration) Type() *Type

type IACConfiguration

type IACConfiguration interface {
	// ToState() returns the input for the rule engine.
	ToState() models.State
	// LoadedFiles are all of the files contained within this configuration.
	LoadedFiles() []string
	// Location resolves an attribute path to to a file, line and column.
	// If we are working with a resource-based input, the first three elements
	// of the attributePath are: resource namespace, type, and ID.
	Location(attributePath []interface{}) (LocationStack, error)
	// Some files may load but still have errors in them.  You can retrieve
	// them here.
	Errors() []error
	// Type returns the *input.Type of this configuration
	Type() *Type
}

IACConfiguration is a loaded IaC Configuration.

type KubernetesDetector

type KubernetesDetector struct{}

func (*KubernetesDetector) DetectDirectory

func (c *KubernetesDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*KubernetesDetector) DetectFile

func (c *KubernetesDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type Loader

type Loader struct {
	// contains filtered or unexported fields
}

Loader loads and collects IaC configurations using a given Detector. It provides methods to load and transform configurations into the format expected by the engine package.

func NewLoader

func NewLoader(detector Detector) Loader

NewLoader constructs a Loader using the given Detector.

func (*Loader) Count

func (l *Loader) Count() int

Count returns the number of configurations contained in this Loader.

func (*Loader) Errors

func (l *Loader) Errors() map[string][]error

Errors returns the non-fatal errors associated with each IACConfiguration.

func (*Loader) Load

func (l *Loader) Load(detectable Detectable, detectOpts DetectOptions) (bool, error)

Load invokes this Loader's detector on an input and stores any resulting configuration. This method will return true if a configuration is detected and loaded and false otherwise.

Example
package main

import (
	"fmt"

	"github.com/snyk/policy-engine/pkg/input"
	"github.com/spf13/afero"
)

func main() {
	detector, err := input.DetectorByInputTypes(input.Types{input.Auto})
	if err != nil {
		// ...
	}
	loader := input.NewLoader(detector)
	testInputs := input.Directory{
		Fs:   afero.OsFs{},
		Path: "test_inputs/data",
	}
	walkFunc := func(d input.Detectable, depth int) (skip bool, err error) {
		return loader.Load(d, input.DetectOptions{})
	}
	testInputs.Walk(walkFunc)

	fmt.Println(loader.Count())
}
Output:

7

func (*Loader) Location

func (l *Loader) Location(path string, attributePath []interface{}) (LocationStack, error)

Location takes a file and attribute path and returns the location of the resource or attribute.

func (*Loader) ToStates

func (l *Loader) ToStates() []models.State

ToStates will convert the configurations in this Loader to State structs which can be used by the engine package.

type Location

type Location struct {
	Path string `json:"path"`
	Line int    `json:"line"`
	Col  int    `json:"column"`
}

Location is a filepath, line and column.

func (Location) String

func (l Location) String() string

String returns a string representation of this Location

type LocationStack

type LocationStack = []Location

LocationStack represents a stack of Locations. It is conceptually similar to a call stack. An example of when we would have more than one location for a resource or attribute:

attribute "foo" at line 4...
included in "rds" module at line 8...
included in "main" module at line 3...

These are stored as a call stack, with the most specific location in the first position, and the "root of the call stack" at the last position.

type MultiDetector

type MultiDetector struct {
	// contains filtered or unexported fields
}

func NewMultiDetector

func NewMultiDetector(detectors ...Detector) *MultiDetector

func (*MultiDetector) DetectDirectory

func (a *MultiDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*MultiDetector) DetectFile

func (a *MultiDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type SourceInfoNode

type SourceInfoNode struct {
	// contains filtered or unexported fields
}

func LoadMultiSourceInfoNode

func LoadMultiSourceInfoNode(contents []byte) ([]SourceInfoNode, error)

LoadMultiSourceInfoNode parses YAML documents with multiple entries, or normal single YAML/JSON documents.

func LoadSourceInfoNode

func LoadSourceInfoNode(contents []byte) (*SourceInfoNode, error)

func (*SourceInfoNode) GetIndex

func (node *SourceInfoNode) GetIndex(index int) (*SourceInfoNode, error)

func (*SourceInfoNode) GetKey

func (node *SourceInfoNode) GetKey(key string) (*SourceInfoNode, error)

func (*SourceInfoNode) GetPath

func (node *SourceInfoNode) GetPath(path []interface{}) (*SourceInfoNode, error)

GetPath tries to retrieve a path as far as possible.

func (*SourceInfoNode) Location

func (node *SourceInfoNode) Location() (int, int)

type TfDetector

type TfDetector struct{}

This is the loader that supports reading files and directories of HCL (.tf) files. The implementation is in the `./pkg/hcl_interpreter/` package in this repository: this file just wraps that. That directory also contains a README explaining how everything fits together.

func (*TfDetector) DetectDirectory

func (t *TfDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*TfDetector) DetectFile

func (t *TfDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type TfPlanDetector

type TfPlanDetector struct{}

func (*TfPlanDetector) DetectDirectory

func (t *TfPlanDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*TfPlanDetector) DetectFile

func (t *TfPlanDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type TfStateDetector

type TfStateDetector struct{}

func (*TfStateDetector) DetectDirectory

func (t *TfStateDetector) DetectDirectory(i *Directory, opts DetectOptions) (IACConfiguration, error)

func (*TfStateDetector) DetectFile

func (t *TfStateDetector) DetectFile(i *File, opts DetectOptions) (IACConfiguration, error)

type Type

type Type struct {
	// Name is the primary name for this input type. This is the field to use when input
	// types need to be serialized to a string.
	Name string
	// Aliases are alternate, case-insensitive names for this input type.
	Aliases []string
	// Children are input types encompassed by this input type. This field can be used
	// to define aggregate input types.
	Children Types
}

Type represents one or more types of inputs.

func (*Type) Equals

func (t *Type) Equals(other *Type) bool

Returns true if this Type instance is exactly equal to other

func (*Type) Matches

func (t *Type) Matches(inputType string) bool

Matches returns true if the name of this input type or any of its children exactly match the given input type string.

type Types

type Types []*Type

Types is a slice of Type struct.

func (Types) Equals

func (t Types) Equals(other Types) bool

Returns true if this Types instance is exactly equal to other

func (Types) FromString

func (t Types) FromString(inputType string) (*Type, error)

FromString returns the first InputType where either its name or aliases match the given input type string. This method is case-insensitive.

type WalkFunc

type WalkFunc func(d Detectable, depth int) (skip bool, err error)

WalkFunc is a callback that's invoked on each descendent of an Directory. It returns a boolean that, when true, indicates that the caller should not call d.Walk() on this detectable. The depth argument is a 0-based representation of how many directories have been traversed since the original Walk call.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL