schema

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: MIT Imports: 3 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AssetHost     = "host"
	AssetStorage  = "storage"
	AssetUser     = "user"
	AssetDatabase = "database"
	AssetDomain   = "domain"
	AssetLog      = "log"
)

Asset type constants. Providers and payloads should reference these rather than raw strings to keep the grouping key canonical.

Variables

This section is empty.

Functions

func AppendAssets added in v0.2.0 

func AppendAssets[T Asset](r *Resources, items []T)

AppendAssets copies a typed slice into r.Assets as Asset values. Provider implementations use this to flow a []Host / []Storage / ... into the open asset list without writing the boxing loop inline.

Types

type Asset added in v0.2.0 

type Asset interface {
	AssetType() string
}

Asset is any cloud resource that can be enumerated and rendered. New asset types (FaaS, K8s clusters, container registries, etc.) only need to implement AssetType() to flow through the existing asset-inventory pipeline.

type BucketACLEntry added in v0.3.1 

type BucketACLEntry struct {
	Account   string
	Container string
	Level     string
}

type BucketACLManager added in v0.3.1 

type BucketACLManager interface {
	Provider
	BucketACL(ctx context.Context, action, container, level string) (BucketACLResult, error)
}

BucketACLManager powers the bucket-acl-check payload. It exposes operations to audit and toggle public access on object-storage containers. `level` is only used for `expose` and is provider-specific (e.g. Azure "Blob"|"Container").

type BucketACLResult added in v0.3.1 

type BucketACLResult struct {
	Action     string
	Container  string
	Level      string
	Containers []BucketACLEntry
	Message    string
}

type BucketManager added in v0.2.0 

type BucketManager interface {
	Provider
	BucketDump(ctx context.Context, action, bucketName string) ([]BucketResult, error)
}

BucketManager powers the bucket-check payload.

type BucketObject added in v0.3.0 

type BucketObject struct {
	BucketName   string
	Key          string
	Size         int64
	LastModified string
	StorageClass string
}

type BucketResult added in v0.3.0 

type BucketResult struct {
	Action      string
	BucketName  string
	ObjectCount int64
	Objects     []BucketObject
	Message     string
}

func AggregateBucketResults added in v0.3.0 

func AggregateBucketResults(action, bucketName string, results []BucketResult) BucketResult

type CommandResult added in v0.3.1 

type CommandResult struct {
	Output string
}

type DBManager added in v0.2.0 

type DBManager interface {
	Provider
	DBManagement(context.Context, string, string) (DatabaseActionResult, error)
}

DBManager powers the rds-account-check payload.

type Database 

type Database struct {
	InstanceId    string `table:"ID"`
	Engine        string `table:"Engine"`
	EngineVersion string `table:"Version"`
	Region        string `table:"Region"`
	Address       string `table:"Address"`
	NetworkType   string `table:"NetworkType"`
	DBNames       string `table:"DBName"`
}

func (Database) AssetType added in v0.2.0 

func (Database) AssetType() string

type DatabaseActionResult added in v0.3.1 

type DatabaseActionResult struct {
	Action    string
	Username  string
	Password  string
	Privilege string
	Message   string
}

type Domain added in v0.0.9 

type Domain struct {
	DomainName string
	Records    []Record
}

func (Domain) AssetType added in v0.2.0 

func (Domain) AssetType() string

type Enumerator added in v0.2.0 

type Enumerator interface {
	Provider
	Resources(ctx context.Context) (Resources, error)
}

Enumerator powers the asset-inventory (`cloudlist`) payload.

type ErrNoSuchKey 

type ErrNoSuchKey struct {
	Name string
}

ErrNoSuchKey means no such key exists in metadata.

func (*ErrNoSuchKey) Error 

func (e *ErrNoSuchKey) Error() string

Error returns the value of the metadata key

type Event added in v0.0.9 

type Event struct {
	Id        string
	Name      string
	Affected  string
	API       string
	Status    string
	SourceIp  string `table:"Source IP"`
	AccessKey string
	Time      string
}

type EventActionResult added in v0.3.1 

type EventActionResult struct {
	Action  string
	Scope   string
	Events  []Event
	TaskID  int64
	Message string
}

type EventReader added in v0.2.0 

type EventReader interface {
	Provider
	EventDump(context.Context, string, string) (EventActionResult, error)
}

EventReader powers the event-check payload.

type Host 

type Host struct {
	HostName    string `table:"HostName"`
	ID          string `table:"Instance ID"`
	State       string `table:"State"`
	PublicIPv4  string `table:"Public IP"`
	PrivateIpv4 string `table:"Private IP"`
	OSType      string `table:"OS Type"`
	DNSName     string `table:"DNS Name"`
	Public      bool   `table:"Public"`
	Region      string `table:"Region"`
}

func (Host) AssetType added in v0.2.0 

func (Host) AssetType() string

type IAMCredential added in v0.3.1 

type IAMCredential struct {
	CredentialID   string
	CredentialType string
	ValidAfter     string
	ValidBefore    string
}

type IAMCredentialManager added in v0.3.1 

type IAMCredentialManager interface {
	Provider
	IAMCredential(ctx context.Context, action, principal, credentialID string) (IAMCredentialResult, error)
}

IAMCredentialManager powers the iam-credential-check payload. It validates detection coverage for long-lived IAM credential lifecycle: enumerating, minting, and revoking credentials such as GCP service-account keys, AWS access keys, or Azure client secrets. CredentialData on a `create` action carries the provider-specific secret material returned once at creation time.

type IAMCredentialResult added in v0.3.1 

type IAMCredentialResult struct {
	Action         string
	Principal      string
	CredentialID   string
	CredentialData string
	Credentials    []IAMCredential
	Message        string
}

type IAMManager added in v0.2.0 

type IAMManager interface {
	Provider
	UserManagement(action, username, password string) (IAMResult, error)
}

IAMManager powers the iam-user-check payload.

type IAMResult added in v0.3.0 

type IAMResult struct {
	Action    string
	Username  string
	Password  string
	LoginURL  string
	AccountID string
	Message   string
}

type Log added in v0.1.2 

type Log struct {
	ProjectName    string `table:"Project Name"`
	Region         string
	Description    string
	LastModifyTime string
}

func (Log) AssetType added in v0.2.0 

func (Log) AssetType() string

type Options 

type Options map[string]string

Options contains configuration options for a provider

func (Options) GetMetadata added in v0.0.6 

func (o Options) GetMetadata(key string) (string, bool)

GetMetadata returns the value for a key if it exists.

type Provider 

type Provider interface {
	Name() string
}

Provider is the minimum contract every cloud must satisfy. Capability interfaces below (Enumerator, IAMManager, etc.) extend it optionally; a payload type-asserts for the capability it needs and fails gracefully when the current provider does not implement it.

type Record added in v0.0.9 

type Record struct {
	RR     string
	Type   string
	Value  string
	Status string
}

type ResourceCollector added in v0.3.1 

type ResourceCollector struct {
	// contains filtered or unexported fields
}

func NewResourceCollector added in v0.3.1 

func NewResourceCollector(provider string) *ResourceCollector

func (*ResourceCollector) Collect added in v0.3.1 

func (c *ResourceCollector) Collect(ctx context.Context, names []string) (Resources, error)

func (*ResourceCollector) Register added in v0.3.1 

func (c *ResourceCollector) Register(name string, handler ResourceHandler) *ResourceCollector

type ResourceError added in v0.2.0 

type ResourceError struct {
	Scope   string
	Message string
}

type ResourceHandler added in v0.3.1 

type ResourceHandler func(context.Context, *Resources)

type Resources 

type Resources struct {
	Provider string
	Assets   []Asset
	Sms      Sms
	Errors   []ResourceError
}

func NewResources 

func NewResources() Resources

NewResources creates a new resources structure

func (*Resources) AddError added in v0.2.0 

func (r *Resources) AddError(scope string, err error)

func (Resources) Err added in v0.2.0 

func (r Resources) Err() error

func (*Resources) Grouped added in v0.2.0 

func (r *Resources) Grouped() map[string][]Asset

Grouped returns assets partitioned by AssetType() while preserving insertion order within each bucket. Used by the asset-inventory printer so each asset type renders as its own table.

type RoleBinding added in v0.3.1 

type RoleBinding struct {
	Principal    string
	Role         string
	Scope        string
	AssignmentID string
}

type RoleBindingManager added in v0.3.1 

type RoleBindingManager interface {
	Provider
	RoleBinding(ctx context.Context, action, principal, role, scope string) (RoleBindingResult, error)
}

RoleBindingManager powers the role-binding-check payload. It abstracts the "bind a principal to a role at a scope" operation that Azure RBAC and GCP IAM project bindings share, so a single payload can drive validation across providers. `scope` is provider-specific: an absolute Azure resource ID or a GCP project / resource path. An empty scope means "use the provider default scope" (subscription / current project).

type RoleBindingResult added in v0.3.1 

type RoleBindingResult struct {
	Action       string
	Principal    string
	Role         string
	Scope        string
	AssignmentID string
	Bindings     []RoleBinding
	Message      string
}

type Sms added in v0.0.6 

type Sms struct {
	Signs     []SmsSign
	Templates []SmsTemplate
	DailySize int64
}

type SmsSign added in v0.0.6 

type SmsSign struct {
	Name   string `table:"Name"`
	Type   string `table:"Type"`
	Status string `table:"Status"`
}

type SmsTemplate added in v0.0.6 

type SmsTemplate struct {
	Name    string `table:"Name"`
	Status  string `table:"Status"`
	Content string `table:"Content"`
}

type Storage 

type Storage struct {
	BucketName  string `table:"Bucket"`
	AccountName string `table:"Storage Account"`
	Region      string `table:"Region"`
}

func (Storage) AssetType added in v0.2.0 

func (Storage) AssetType() string

type User 

type User struct {
	UserName    string `table:"User"`
	UserId      string `table:"ID"`
	Policies    string `table:"Policies"`
	EnableLogin bool   `table:"EnableLogin"`
	LastLogin   string `table:"LastLogin"`
	CreateTime  string `table:"CreateTime"`
}

func (User) AssetType added in v0.2.0 

func (User) AssetType() string

type VMExecutor added in v0.2.0 

type VMExecutor interface {
	Provider
	ExecuteCloudVMCommand(context.Context, string, string) (CommandResult, error)
}

VMExecutor powers the instance-cmd-check / shell payloads.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.