validation

package

v0.0.0-...-3bfe646 Latest Latest Go to latest Published: Jun 28, 2023 License: Apache-2.0 Imports: 17 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gravitational/gravity

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Action
- func ParseAction(action string) (*Action, error)
- func (r Action) MarshalJSON() ([]byte, error)
- func (r *Action) UnmarshalJSON(data []byte) (err error)
type Actions
- func Validate(ctx context.Context, accessKey, secretKey, sessionToken, regionName string, ...) (actions Actions, err error)
- func ValidateWithCreds(ctx context.Context, creds *credentials.Credentials, regionName string, ...) (actions Actions, err error)
- func (r Actions) AsPolicy(policyVersion string) (string, error)
type Context
type Probes
type ResourceProbe

Constants ¶

This section is empty.

Variables ¶

View Source

var ActionDependencies = map[Action][]Action{

	{IAM, "AddRoleToInstanceProfile"}: {{IAM, "PassRole"}},
}

ActionDependencies assigns an action a set of dependent action permissions.

For instance, as a permission, `iam:PassRole` cannot be verified with API - instead, if the `iam:AddRoleToInstanceProfile` action is used, the PassRole permission is implicitly required.

View Source

var EC2Probes = []ResourceProbe{
	{Action{EC2, "DescribeRegions"}, validateDescribeRegions},
	{Action{EC2, "CreateVpc"}, validateCreateVPC},
	{Action{EC2, "DeleteVpc"}, validateDeleteVPC},
	{Action{EC2, "DescribeNetworkAcls"}, validateDescribeNetworkACLs},
	{Action{EC2, "DescribeVpcAttribute"}, validateDescribeVPCAttribute},
	{Action{EC2, "DescribeVpcs"}, validateDescribeVPCs},
	{Action{EC2, "DescribeVpcClassicLink"}, validateDescribeVPCClassicLink},
	{Action{EC2, "ModifyVpcAttribute"}, validateModifyVPCAttribute},
	{Action{EC2, "CreateTags"}, validateCreateTags},
	{Action{EC2, "DescribeInstances"}, validateDescribeInstances},
	{Action{EC2, "DescribeImages"}, validateDescribeImages},
	{Action{EC2, "DescribeAvailabilityZones"}, validateDescribeAvailabilityZones},
	{Action{EC2, "RunInstances"}, validateRunInstances},
	{Action{EC2, "TerminateInstances"}, validateTerminateInstances},
	{Action{EC2, "StopInstances"}, validateStopInstances},
	{Action{EC2, "StartInstances"}, validateStartInstances},
	{Action{EC2, "ModifyInstanceAttribute"}, validateModifyInstanceAttribute},
	{Action{EC2, "DescribeVolumes"}, validateDescribeVolumes},
	{Action{EC2, "CreateSecurityGroup"}, validateCreateSecurityGroup},
	{Action{EC2, "DeleteSecurityGroup"}, validateDeleteSecurityGroup},
	{Action{EC2, "DescribeSecurityGroups"}, validateDescribeSecurityGroups},
	{Action{EC2, "RevokeSecurityGroupEgress"}, validateRevokeSecurityGroupEgress},
	{Action{EC2, "RevokeSecurityGroupIngress"}, validateRevokeSecurityGroupIngress},
	{Action{EC2, "AuthorizeSecurityGroupEgress"}, validateAuthorizeSecurityGroupEgress},
	{Action{EC2, "AuthorizeSecurityGroupIngress"}, validateAuthorizeSecurityGroupIngress},
	{Action{EC2, "AttachInternetGateway"}, validateAttachInternetGateway},
	{Action{EC2, "CreateInternetGateway"}, validateCreateInternetGateway},
	{Action{EC2, "DeleteInternetGateway"}, validateDeleteInternetGateway},
	{Action{EC2, "DescribeInternetGateways"}, validateDescribeInternetGateways},
	{Action{EC2, "CreateSubnet"}, validateCreateSubnet},
	{Action{EC2, "DeleteSubnet"}, validateDeleteSubnet},
	{Action{EC2, "DescribeSubnets"}, validateDescribeSubnets},
	{Action{EC2, "ModifySubnetAttribute"}, validateModifySubnetAttribute},
	{Action{EC2, "DescribeRouteTables"}, validateDescribeRouteTables},
	{Action{EC2, "CreateRoute"}, validateCreateRoute},
	{Action{EC2, "CreateRouteTable"}, validateCreateRouteTable},
	{Action{EC2, "DeleteRoute"}, validateDeleteRoute},
	{Action{EC2, "DeleteRouteTable"}, validateDeleteRouteTable},
	{Action{EC2, "AssociateRouteTable"}, validateAssociateRouteTable},
	{Action{EC2, "DisassociateRouteTable"}, validateDisassociateRouteTable},
	{Action{EC2, "ReplaceRouteTableAssociation"}, validateReplaceRouteTableAssociation},
	{Action{EC2, "DescribeKeyPairs"}, validateDescribeKeyPairs},
	{Action{EC2, "DetachInternetGateway"}, validateDetachInternetGateway},
}

EC2Probes lists all currently supported EC2 resource probes

View Source

var IAMProbes = []ResourceProbe{
	{Action{IAM, "AddRoleToInstanceProfile"}, validateAddRoleToInstanceProfile},
	{Action{IAM, "CreateInstanceProfile"}, validateCreateInstanceProfile},
	{Action{IAM, "GetInstanceProfile"}, validateGetInstanceProfile},
	{Action{IAM, "CreateRole"}, validateCreateRole},
	{Action{IAM, "GetRole"}, validateGetRole},
	{Action{IAM, "DeleteRole"}, validateDeleteRole},
	{Action{IAM, "PutRolePolicy"}, validatePutRolePolicy},
	{Action{IAM, "GetRolePolicy"}, validateGetRolePolicy},
	{Action{IAM, "DeleteRolePolicy"}, validateDeleteRolePolicy},
	{Action{IAM, "ListRoles"}, validateListRoles},
	{Action{IAM, "ListInstanceProfiles"}, validateListInstanceProfiles},
	{Action{IAM, "ListInstanceProfilesForRole"}, validateListInstanceProfilesForRole},
	{Action{IAM, "RemoveRoleFromInstanceProfile"}, validateRemoveRoleFromInstanceProfile},
	{Action{IAM, "DeleteInstanceProfile"}, validateDeleteInstanceProfile},
}

IAMProbes lists all currently supported IAM resource probes

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action struct {
	Context Context
	Name    string
}

Action defines a single AWS context resource action Contexts are, for instance, EC2 or IAM

func ParseAction ¶

func ParseAction(action string) (*Action, error)

ParseAction parses the provided string of format "ec2:PermissionsName" into an Action object

func (Action) MarshalJSON ¶

func (r Action) MarshalJSON() ([]byte, error)

MarshalJSON formats this Action value as JSON

func (*Action) UnmarshalJSON ¶

func (r *Action) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON reads an Action value from JSON

type Actions ¶

type Actions []Action

Actions is a list of resource actions

func Validate ¶

func Validate(ctx context.Context, accessKey, secretKey, sessionToken, regionName string, probes Probes) (actions Actions, err error)

Validate validates the specified AWS API key has access to the specified set of resources. Returns the list of actions this account does not have access to.

func ValidateWithCreds ¶

func ValidateWithCreds(ctx context.Context, creds *credentials.Credentials, regionName string, probes Probes) (actions Actions, err error)

ValidateWithCreds is an overload of Validate accepting specified credentials object.

func (Actions) AsPolicy ¶

func (r Actions) AsPolicy(policyVersion string) (string, error)

AsPolicy formats the specified set of actions as a AWS policy file

type Context ¶

type Context byte

Context defines an action context (EC2, IAM etc)

const (
	// EC2 action context
	EC2 Context = 0
	// IAM action context
	IAM = 1
)

func (Context) MarshalText ¶

func (r Context) MarshalText() ([]byte, error)

MarshalText formats a Context value as text

func (Context) String ¶

func (r Context) String() string

String returns a string representation of a Context

func (*Context) UnmarshalText ¶

func (r *Context) UnmarshalText(data []byte) error

UnmarshalText reads a Context value from text

type Probes ¶

type Probes []ResourceProbe

var AllProbes Probes

AllProbes lists all validation probes

type ResourceProbe ¶

type ResourceProbe struct {
	Action
	// contains filtered or unexported fields
}

ResourceProbe defines an AWS resource probe context

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL