Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ReconcileResults ¶
func ReconcileResults(old *Resources, new *Resources) (upsert, delete *accessgraphv1alpha.AWSResourceList)
ReconcileResults reconciles two Resources objects and returns the operations required to reconcile them into the new state. It returns two AWSResourceList objects, one for resources to upsert and one for resources to delete.
Types ¶
type AWSSync ¶
type AWSSync interface {
// Poll polls all AWS resources and returns the result.
Poll(ctx context.Context) (*Resources, error)
}
AWSSync is the interface for fetching AWS resources.
type AssumeRole ¶
type AssumeRole struct {
// RoleARN is the ARN of the role to assume.
RoleARN string
// ExternalID is the external ID to use when assuming the role.
ExternalID string
}
AssumeRole is the configuration for assuming an AWS role.
type Config ¶
type Config struct {
// CloudClients is the cloud clients to use when fetching AWS resources.
CloudClients cloud.Clients
// AccountID is the AWS account ID to use when fetching resources.
AccountID string
// Regions is the list of AWS regions to fetch resources from.
Regions []string
// AssumeRole is the configuration for assuming an AWS role.
AssumeRole *AssumeRole
// Integration is the name of the AWS integration to use when fetching resources.
Integration string
}
Config is the configuration for the AWS fetcher.
type Resources ¶
type Resources struct {
// Users is the list of AWS users.
Users []*accessgraphv1alpha.AWSUserV1
// UserInlinePolicies is the list of inline policies configured for AWS users.
UserInlinePolicies []*accessgraphv1alpha.AWSUserInlinePolicyV1
// UserAttachedPolicies is the list of attached policies configured for AWS users.
// This is a User ARN -> Policy ARN mapping and the policy document is included
// in Policies.
UserAttachedPolicies []*accessgraphv1alpha.AWSUserAttachedPolicies
// UserGroups is the list of groups that AWS users are members of.
UserGroups []*accessgraphv1alpha.AWSUserGroupsV1
// Groups is the list of AWS groups.
Groups []*accessgraphv1alpha.AWSGroupV1
// GroupInlinePolicies is the list of inline policies configured for AWS groups.
GroupInlinePolicies []*accessgraphv1alpha.AWSGroupInlinePolicyV1
// GroupAttachedPolicies is the list of attached policies configured for AWS groups.
// This is a Group ARN -> Policy ARN mapping and the policy document is included
GroupAttachedPolicies []*accessgraphv1alpha.AWSGroupAttachedPolicies
// Instances is the list of AWS EC2 instances.
Instances []*accessgraphv1alpha.AWSInstanceV1
// Policies is the list of AWS IAM policies and their policy documents.
Policies []*accessgraphv1alpha.AWSPolicyV1
// S3Buckets is the list of AWS S3 buckets.
S3Buckets []*accessgraphv1alpha.AWSS3BucketV1
// Roles is the list of AWS IAM roles.
Roles []*accessgraphv1alpha.AWSRoleV1
// RoleInlinePolicies is the list of inline policies configured for AWS roles.
RoleInlinePolicies []*accessgraphv1alpha.AWSRoleInlinePolicyV1
// RoleAttachedPolicies is the list of attached policies configured for AWS roles.
// This is a Role ARN -> Policy ARN mapping and the policy document is included
RoleAttachedPolicies []*accessgraphv1alpha.AWSRoleAttachedPolicies
// InstanceProfiles is the list of AWS IAM instance profiles.
InstanceProfiles []*accessgraphv1alpha.AWSInstanceProfileV1
}
Resources is a collection of polled AWS resources.
func MergeResources ¶
MergeResources merges multiple resources into a single Resources object. This is used to merge resources from multiple accounts and regions into a single object. It does not check for duplicates, so it is possible to have duplicates.
Source Files
Click to show internal directories.
Click to hide internal directories.