awsspec

package

v0.21.0 Latest Latest Go to latest Published: Oct 19, 2020 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/9xb/awsspec

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ConditionOperator ¶ added in v0.14.0

type ConditionOperator interface {
	GetOperator() string
	GetVariable() string
	GetValue() interface{}
}

type ConditionType ¶ added in v0.14.0

type ConditionType string

ConditionType represents all the possible comparison types for the Condition of a Policy Statement Inspired by github.com/gwkunze/goiam/policy

const (
	ConditionStringEquals              ConditionType = "StringEquals"
	ConditionStringNotEquals           ConditionType = "StringNotEquals"
	ConditionStringEqualsIgnoreCase    ConditionType = "StringEqualsIgnoreCase"
	ConditionStringNotEqualsIgnoreCase ConditionType = "StringNotEqualsIgnoreCase"
	ConditionStringLike                ConditionType = "StringLike"
	ConditionStringNotLike             ConditionType = "StringNotLike"
	ConditionNumericEquals             ConditionType = "NumericEquals"
	ConditionNumericNotEquals          ConditionType = "NumericNotEquals"
	ConditionNumericLessThan           ConditionType = "NumericLessThan"
	ConditionNumericLessThanEquals     ConditionType = "NumericLessThanEquals"
	ConditionNumericGreaterThan        ConditionType = "NumericGreaterThan"
	ConditionNumericGreaterThanEquals  ConditionType = "NumericGreaterThanEquals"
	ConditionDateEquals                ConditionType = "DateEquals"
	ConditionDateNotEquals             ConditionType = "DateNotEquals"
	ConditionDateLessThan              ConditionType = "DateLessThan"
	ConditionDateLessThanEquals        ConditionType = "DateLessThanEquals"
	ConditionDateGreaterThan           ConditionType = "DateGreaterThan"
	ConditionDateGreaterThanEquals     ConditionType = "DateGreaterThanEquals"
	ConditionBool                      ConditionType = "Bool"
	ConditionIpAddress                 ConditionType = "IpAddress"
	ConditionNotIpAddress              ConditionType = "NotIpAddress"
	ConditionArnEquals                 ConditionType = "ArnEquals"
	ConditionArnNotEquals              ConditionType = "ArnNotEquals"
	ConditionArnLike                   ConditionType = "ArnLike"
	ConditionArnNotLike                ConditionType = "ArnNotLike"
	ConditionNull                      ConditionType = "Null"
)

type ConditionVariable ¶ added in v0.14.0

type ConditionVariable string

ConditionVariable represent the available variables used in Conditions Inspired by github.com/gwkunze/goiam/policy

const (
	VarCurrentTime        ConditionVariable = "AWS:CurrentTime"
	VarEpochTime          ConditionVariable = "AWS:EpochTime"
	VarMultiFactorAuthAge ConditionVariable = "AWS:MultiFactorAuthAge"
	VarPrincipalType      ConditionVariable = "AWS:principaltype"
	VarSecureTransport    ConditionVariable = "AWS:SecureTransport"
	VarSourceArn          ConditionVariable = "AWS:SourceArn"
	VarSourceIp           ConditionVariable = "AWS:SourceIp"
	VarUserAgent          ConditionVariable = "AWS:UserAgent"
	VarUsedId             ConditionVariable = "AWS:userid"
	VarUsername           ConditionVariable = "AWS:username"
)

type IAMSpec ¶

type IAMSpec struct {
	Session *session.Session
}

IAMSpec contains the AWS session

func New ¶

func New(s *session.Session) IAMSpec

New returns a new IAMSpec

func (IAMSpec) PolicyAllows ¶

func (i IAMSpec) PolicyAllows(arn string, actions, resources []string) (res bool, err error)

PolicyAllows returns true if the defined actions are allowed on the provided resources. Please note that the check will be performed on the default policy version.

func (IAMSpec) RoleHasPolicy ¶ added in v0.6.0

func (i IAMSpec) RoleHasPolicy(role, policyARN string) (res bool, err error)

RoleHasPolicy checks that the provided policy ARN is attached to the specified IAM role

func (IAMSpec) UserHasPolicy ¶ added in v0.4.0

func (i IAMSpec) UserHasPolicy(user, policyARN string) (res bool, err error)

UserHasPolicy checks that the provided policy ARN is attached to the specified IAM user

type OptSlice ¶

type OptSlice []string

OptSlice is an entity that could be either a JSON string or a slice As per https://stackoverflow.com/a/38757780/543423

func (OptSlice) Contains ¶

func (o OptSlice) Contains(items []string) (res bool)

Contains checks whether OptSlice contains the provided items slice

func (*OptSlice) MarshalJSON ¶

func (o *OptSlice) MarshalJSON() ([]byte, error)

MarshalJSON returns o as the JSON encoding of o

func (*OptSlice) UnmarshalJSON ¶

func (o *OptSlice) UnmarshalJSON(data []byte) error

UnmarshalJSON sets *o to a copy of data

type PolicyDocument ¶

type PolicyDocument struct {
	Version   string
	ID        string
	Statement []Statement
}

PolicyDocument represents an IAM policy document

type Statement ¶

type Statement struct {
	// TODO:
	// - Handle Principal, NotPrincipal, and Condition
	SID          string
	Principal    interface{}
	NotPrincipal interface{}
	Effect       string
	Action       *OptSlice
	NotAction    *OptSlice
	Resource     *OptSlice
	NotResource  *OptSlice
	Condition    map[ConditionType]map[ConditionVariable]OptSlice `json:",omitempty"`
}

Statement represents an IAM statement

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL