Documentation ¶
Index ¶
- Constants
- Variables
- func AnalyzeAccount(o io.Writer, cfg aws.Config, apiHost, customerID, account string) error
- func List(o io.Writer, cfg aws.Config, bucket, customerID, account string) error
- func LoadReport(in io.Reader, c Collector) error
- func Sync(stdout, stderr io.Writer, remote DB, downloader *manager.Downloader, ...) error
- type Account
- type AggregateError
- type Collector
- type Customer
- type DB
- func (db *DB) AllPaths() []string
- func (db *DB) AllPathsByCustomerAccount(customerID, accountID string) []string
- func (db *DB) Dump(o io.Writer, isSummary bool)
- func (db *DB) GetPathForCustomerAccountTimeKind(customerID, accountID string, ts *time.Time, kind string) *string
- func (db *DB) Size() (total int)
- func (db *DB) Sizes() (total int, accounts int, customers int)
- type IllegalArgumentError
- type LocalReport
- type MonthKey
- type PrincipalAccessSummaryReport
- type PrincipalAccessSummaryReportItem
- type PrincipalsReport
- type PrincipalsReportItem
- func (i PrincipalsReportItem) AddedDiff() PrincipalsReportItemDifference
- func (i PrincipalsReportItem) DeletedDiff() PrincipalsReportItemDifference
- func (i PrincipalsReportItem) Diff(original PrincipalsReportItem) PrincipalsReportItemDifference
- func (i PrincipalsReportItem) Equivalent(t PrincipalsReportItem) bool
- type PrincipalsReportItemDifference
- type Report
- type ReportSet
- type ReportSetIndex
- type ReportTypeSelector
- type ResourceAccessSummaryReport
- type ResourceAccessSummaryReportItem
- type ResourcesReport
- type ResourcesReportItem
- func (i ResourcesReportItem) AddedDiff() ResourcesReportItemDifference
- func (i ResourcesReportItem) DeletedDiff() ResourcesReportItemDifference
- func (i ResourcesReportItem) Diff(original ResourcesReportItem) ResourcesReportItemDifference
- func (i ResourcesReportItem) Equivalent(t ResourcesReportItem) bool
- type ResourcesReportItemDifference
- type WriterAtCloser
Constants ¶
const ( DB_INDEX_POSITION_CUSTOMERID = 1 DB_INDEX_POSITION_ACCOUNT = 4 DB_INDEX_POSITION_YEAR = 5 DB_INDEX_POSITION_MONTH = 6 DB_INDEX_POSITION_FILE = 7 )
const ( ACCESS_CAPABILITY_RESOURCE_ADMIN = `administer-resource` ACCESS_CAPABILITY_DELETE_DATA = `delete-data` ACCESS_CAPABILITY_READ_CONFIG = `read-config` ACCESS_CAPABILITY_READ_DATA = `read-data` ACCESS_CAPABILITY_WRITE_DATA = `write-data` )
const ( DIFF_DELETED = `deleted` DIFF_ADDED = `added` DIFF_CHANGED = `changed` )
const ( EXT_CSV = `csv` EXT_XLSX = `xlsx` )
const ( REPORT_TYPE_PREFIX_PRINCIPALS = `principals` REPORT_TYPE_PREFIX_RESOURCES = `resources` REPORT_TYPE_PREFIX_PRINCIPAL_ACCESS_SUMMARIES = `principal-access-summaries` REPORT_TYPE_PREFIX_RESOURCE_ACCESS_SUMMARIES = `resource-access-summaries` )
report file name prefixes
const ( FILENAME_POSITION_CID FILENAME_POSITION_ACCOUNT FILENAME_POSITION_YEAR FILENAME_POSITION_MONTH FILENAME_POSITION_FILE )
const ( FILENAME_TIMESTAMP_ANALYSIS_DATE_LAYOUT = `2006-01-02` FILENAME_TIMESTAMP_LAYOUT = "2006-01-02-1504" MONTH_TIMESTAMP_LAYOUT = "01" LATEST = "latest" )
const FIRST_YEAR = 2021
Variables ¶
var ( REPORT_LOCATION_PREFIX = `customers/` REPORT_LOCATION_DELIMITER = `/` REPORT_LOCATION_CSV_FQ_PATTERN = `customers/%s/reports/aws/%s/%s/%s/%s.%s.csv` REPORT_LOCATION_XLSX_FQ_PATTERN = `customers/%s/reports/aws/%s/%s/%s/%s.%s.xlsx` REPORT_LOCATION_CUSTOMER_PATTERN = `customers/%s/reports/aws/` REPORT_LOCATION_ACCOUNT_PATTERN = `customers/%s/reports/aws/%s/` REPORT_LOCATION_MONTH_PATTERN = `customers/%s/reports/aws/%s/%s/%s` )
var TimeLatest time.Time
Functions ¶
func AnalyzeAccount ¶ added in v0.4.0
func LoadReport ¶ added in v0.2.0
LoadReport reads all records from the provided Reader as CSV and aggregates those records using the provided Collector.
Types ¶
type Account ¶
type Account struct { AccountID string Reports map[time.Time]LocalReport }
func (*Account) Latest ¶
func (a *Account) Latest() LocalReport
type AggregateError ¶
type AggregateError struct {
// contains filtered or unexported fields
}
func (*AggregateError) Error ¶
func (e *AggregateError) Error() string
func (AggregateError) Errors ¶
func (e AggregateError) Errors() []error
func (AggregateError) IsPartial ¶
func (e AggregateError) IsPartial() bool
type Collector ¶ added in v0.2.0
Collector describes record-aggregating recievers. A Collector implementation should collect a specific type of record. For example a ResourceAccessSummaryReport is a Collector that will attempt to parse a ResourceAccessSummaryReportItem from the provided string slice and append that record to the report's internal aggregation.
type DB ¶
func LoadLocalDB ¶
func LoadS3DB ¶
func LoadS3DB(client s3.ListObjectsV2APIClient, bucket string, selector ReportTypeSelector) (DB, error)
LoadS3DB enumerates and pulls metadata for all customers, accounts, and reports in the specified S3 bucket. It does however, skip unknown report types.
func (*DB) AllPathsByCustomerAccount ¶
func (*DB) GetPathForCustomerAccountTimeKind ¶
type IllegalArgumentError ¶
type IllegalArgumentError struct {
// contains filtered or unexported fields
}
func (IllegalArgumentError) Arg ¶
func (e IllegalArgumentError) Arg() string
func (IllegalArgumentError) Error ¶
func (e IllegalArgumentError) Error() string
type LocalReport ¶
type MonthKey ¶
type MonthKey struct {
Year, Month string
}
MonthKey is a small structed used to structure the keyspace for ReportSetIndexes.
type PrincipalAccessSummaryReport ¶ added in v0.2.0
type PrincipalAccessSummaryReport struct {
Items []PrincipalAccessSummaryReportItem
}
PrincipalAccessSummaryReport is a PrincipalAccessSummaryReportItem collector.
func (*PrincipalAccessSummaryReport) Collect ¶ added in v0.2.0
func (r *PrincipalAccessSummaryReport) Collect(in []string) error
Collect will attempt to parse a PrincipalAccessSummaryReportItem and append it to the PrincipalAccessSummaryReport internal aggregation.
type PrincipalAccessSummaryReportItem ¶
type PrincipalAccessSummaryReportItem struct { AnalysisTime time.Time `csv:"analysis_time" json:"analysis_time"` PrincipalName string `csv:"principal_name" json:"principal_name"` PrincipalARN string `csv:"principal_arn" json:"principal_arn"` PrincipalType string `csv:"principal_type" json:"principal_type"` PrincipalTags string `csv:"principal_tags" json:"principal_tags"` ServiceName string `csv:"service_name" json:"service_name"` AccessCapability string `csv:"access_capability" json:"access_capability"` ResourceARN string `csv:"resource_arn" json:"resource_arn"` }
func UnmarshalPrincipalAccessSummaryReportItem ¶ added in v0.2.0
func UnmarshalPrincipalAccessSummaryReportItem(in []string) (o PrincipalAccessSummaryReportItem, err error)
func (PrincipalAccessSummaryReportItem) Equivalent ¶ added in v0.2.0
func (i PrincipalAccessSummaryReportItem) Equivalent(t PrincipalAccessSummaryReportItem) bool
type PrincipalsReport ¶ added in v0.2.0
type PrincipalsReport struct {
Items []PrincipalsReportItem
}
PrincipalReport is a PrincipalReportItem collector.
func (*PrincipalsReport) Collect ¶ added in v0.2.0
func (r *PrincipalsReport) Collect(in []string) error
Collect will attempt to parse a PrincipalReportItem and append it to the PrincipalReport internal aggregation.
type PrincipalsReportItem ¶
type PrincipalsReportItem struct { AnalysisTime time.Time `csv:"analysis_time" json:"analysis_time"` PrincipalName string `csv:"principal_name" json:"principal_name"` PrincipalARN string `csv:"principal_arn" json:"principal_arn"` PrincipalType string `csv:"principal_type" json:"principal_type"` PrincipalIsIAMAdmin bool `csv:"principal_is_iam_admin" json:"principal_is_iam_admin"` PrincipalLastUsed string `csv:"principal_last_used" json:"principal_last_used"` PrincipalTagBusinessUnit string `csv:"principal_tag_business_unit" json:"principal_tag_business_unit"` PrincipalTagEnvironment string `csv:"principal_tag_environment" json:"principal_tag_environment"` PrincipalTagUsedBy string `csv:"principal_tag_used_by" json:"principal_tag_used_by"` PrincipalTags string `csv:"principal_tags" json:"principal_tags"` PasswordLastUsed string `csv:"password_last_used" json:"password_last_used"` PasswordLastRotated string `csv:"password_last_rotated" json:"password_last_rotated"` PasswordState string `csv:"password_state" json:"password_state"` AccessKey1LastUsed string `csv:"access_key_1_last_used" json:"access_key_1_last_used"` AccessKey1LastRotated string `csv:"access_key_1_last_rotated" json:"access_key_1_last_rotated"` AccessKey1State string `csv:"access_key_1_state" json:"access_key_1_state"` AccessKey2LastUsed string `csv:"access_key_2_last_used" json:"access_key_2_last_used"` AccessKey2LastRotated string `csv:"access_key_2_last_rotated" json:"access_key_2_last_rotated"` AccessKey2State string `csv:"access_key_2_state" json:"access_key_2_state"` }
func UnmarshalPrincipalsReportItem ¶ added in v0.2.0
func UnmarshalPrincipalsReportItem(in []string) (o PrincipalsReportItem, err error)
func (PrincipalsReportItem) AddedDiff ¶
func (i PrincipalsReportItem) AddedDiff() PrincipalsReportItemDifference
AddedDiff produces a new PrincipalsReportItemDifference with fields set from the receiver PrincipalsReportItem in the "after" columns, and the type set to DIFF_ADDED.
func (PrincipalsReportItem) DeletedDiff ¶
func (i PrincipalsReportItem) DeletedDiff() PrincipalsReportItemDifference
DeletedDiff produces a new PrincipalsReportItemDifference with fields set from the receiver PrincipalsReportItem in the "before" columns, and the type set to DIFF_DELETED.
func (PrincipalsReportItem) Diff ¶
func (i PrincipalsReportItem) Diff(original PrincipalsReportItem) PrincipalsReportItemDifference
func (PrincipalsReportItem) Equivalent ¶ added in v0.0.3
func (i PrincipalsReportItem) Equivalent(t PrincipalsReportItem) bool
type PrincipalsReportItemDifference ¶
type PrincipalsReportItemDifference struct { Type string `csv:"type"` PrincipalARN string `csv:"principal_arn"` BeforePrincipalName string `csv:"before_principal_name"` BeforePrincipalType string `csv:"before_principal_type"` BeforePrincipalIsIAMAdmin bool `csv:"before_principal_is_iam_admin"` BeforePrincipalLastUsed string `csv:"before_principal_last_used"` BeforePrincipalTagBusinessUnit string `csv:"before_principal_tag_business_unit"` BeforePrincipalTagEnvironment string `csv:"before_principal_tag_environment"` BeforePrincipalTagUsedBy string `csv:"before_principal_tag_used_by"` BeforePrincipalTags string `csv:"before_principal_tags"` BeforePasswordLastUsed string `csv:"before_password_last_used"` BeforePasswordLastRotated string `csv:"before_password_last_rotated"` BeforePasswordState string `csv:"before_password_state"` BeforeAccessKey1LastUsed string `csv:"before_access_key_1_last_used"` BeforeAccessKey1LastRotated string `csv:"before_access_key_1_last_rotated"` BeforeAccessKey1State string `csv:"before_access_key_1_state"` BeforeAccessKey2LastUsed string `csv:"before_access_key_2_last_used"` BeforeAccessKey2LastRotated string `csv:"before_access_key_2_last_rotated"` BeforeAccessKey2State string `csv:"before_access_key_2_state"` AfterPrincipalName string `csv:"after_principal_name"` AfterPrincipalType string `csv:"after_principal_type"` AfterPrincipalIsIAMAdmin bool `csv:"after_principal_is_iam_admin"` AfterPrincipalLastUsed string `csv:"after_principal_last_used"` AfterPrincipalTagBusinessUnit string `csv:"after_principal_tag_business_unit"` AfterPrincipalTagEnvironment string `csv:"after_principal_tag_environment"` AfterPrincipalTagUsedBy string `csv:"after_principal_tag_used_by"` AfterPrincipalTags string `csv:"after_principal_tags"` AfterPasswordLastUsed string `csv:"after_password_last_used"` AfterPasswordLastRotated string `csv:"after_password_last_rotated"` AfterPasswordState string `csv:"after_password_state"` AfterAccessKey1LastUsed string `csv:"after_access_key_1_last_used"` AfterAccessKey1LastRotated string `csv:"after_access_key_1_last_rotated"` AfterAccessKey1State string `csv:"after_access_key_1_state"` AfterAccessKey2LastUsed string `csv:"after_access_key_2_last_used"` AfterAccessKey2LastRotated string `csv:"after_access_key_2_last_rotated"` AfterAccessKey2State string `csv:"after_access_key_2_state"` }
PrincipalsReportItemDifference represents the differences between two versions of the same PrincipalsReportItem (correlated by PrincipalARN).
type Report ¶
Reports represents a collection of reports generated for the same customer, account, and at the same reporting time. This design assumes that all reports related to the same run will have the same minute field in the file name.
func (Report) PrincipalAccessS3ObjectKey ¶
func (Report) PrincipalsS3ObjectKey ¶
func (Report) ResourceAccessAuditS3ObjectKey ¶ added in v0.2.0
func (Report) ResourceAccessS3ObjectKey ¶
func (Report) ResourcesS3ObjectKey ¶
type ReportSetIndex ¶
func BuildIndex ¶
func BuildIndex(set ReportSet) ReportSetIndex
type ReportTypeSelector ¶ added in v0.2.0
type ReportTypeSelector []string
type ResourceAccessSummaryReport ¶ added in v0.2.0
type ResourceAccessSummaryReport struct {
Items []ResourceAccessSummaryReportItem
}
ResourceAccessSummaryReport is a ResourceAccessSummaryReportItem collector.
func (*ResourceAccessSummaryReport) Collect ¶ added in v0.2.0
func (r *ResourceAccessSummaryReport) Collect(in []string) error
Collect will attempt to parse a ResourceAccessSummaryReportItem and append it to the ResourceAccessSummaryReport internal aggregation.
type ResourceAccessSummaryReportItem ¶
type ResourceAccessSummaryReportItem struct { AnalysisTime time.Time `csv:"analysis_time" json:"analysis_time"` ServiceName string `csv:"service_name" json:"service_name"` ResourceName string `csv:"resource_name" json:"resource_name"` ResourceARN string `csv:"resource_arn" json:"resource_arn"` AccessCapability string `csv:"access_capability" json:"access_capability"` PrincipalType string `csv:"principal_type" json:"principal_type"` PrincipalName string `csv:"principal_name" json:"principal_name"` PrincipalARN string `csv:"principal_arn" json:"principal_arn"` ResourceTagConfidentiality string `csv:"resource_tag_confidentiality" json:"resource_tag_confidentiality"` }
func UnmarshalResourceAccessSummaryReportItem ¶ added in v0.2.0
func UnmarshalResourceAccessSummaryReportItem(in []string) (o ResourceAccessSummaryReportItem, err error)
func (ResourceAccessSummaryReportItem) Equivalent ¶ added in v0.2.0
func (i ResourceAccessSummaryReportItem) Equivalent(t ResourceAccessSummaryReportItem) bool
type ResourcesReport ¶ added in v0.2.0
type ResourcesReport struct {
Items []ResourcesReportItem
}
ResourceReport is a ResourceReportItem collector.
func (*ResourcesReport) Collect ¶ added in v0.2.0
func (r *ResourcesReport) Collect(in []string) error
Collect will attempt to parse a ResourceReportItem and append it to the ResourceReport internal aggregation.
type ResourcesReportItem ¶
type ResourcesReportItem struct { AnalysisTime time.Time `csv:"analysis_time" json:"analysis_time"` ResourceName string `csv:"resource_name" json:"resource_name"` ResourceARN string `csv:"resource_arn" json:"resource_arn"` ResourceType string `csv:"resource_type" json:"resource_type"` ResourceTagBusinessUnit string `csv:"resource_tag_business_unit" json:"resource_tag_business_unit"` ResourceTagEnvironment string `csv:"resource_tag_environment" json:"resource_tag_environment"` ResourceTagOwner string `csv:"resource_tag_owner" json:"resource_tag_owner"` ResourceTagConfidentiality string `csv:"resource_tag_confidentiality" json:"resource_tag_confidentiality"` ResourceTagIntegrity string `csv:"resource_tag_integrity" json:"resource_tag_integrity"` ResourceTagAvailability string `csv:"resource_tag_availability" json:"resource_tag_availability"` ResourceTags string `csv:"resource_tags" json:"resource_tags"` }
func UnmarshalResourcesReportItem ¶ added in v0.2.0
func UnmarshalResourcesReportItem(in []string) (o ResourcesReportItem, err error)
func (ResourcesReportItem) AddedDiff ¶
func (i ResourcesReportItem) AddedDiff() ResourcesReportItemDifference
AddedDiff produces a new ResourceReportItemDifference with fields set from the receiver ResourcesReportItem in the "after" columns, and the type set to DIFF_ADDED.
func (ResourcesReportItem) DeletedDiff ¶
func (i ResourcesReportItem) DeletedDiff() ResourcesReportItemDifference
DeletedDiff produces a new ResourceReportItemDifference with fields set from the receiver ResourcesReportItem in the "before" columns, and the type set to DIFF_DELETED.
func (ResourcesReportItem) Diff ¶
func (i ResourcesReportItem) Diff(original ResourcesReportItem) ResourcesReportItemDifference
func (ResourcesReportItem) Equivalent ¶ added in v0.0.3
func (i ResourcesReportItem) Equivalent(t ResourcesReportItem) bool
type ResourcesReportItemDifference ¶
type ResourcesReportItemDifference struct { Type string `csv:"type"` ResourceARN string `csv:"resource_arn"` BeforeResourceName string `csv:"before_resource_name"` BeforeResourceType string `csv:"before_resource_type"` BeforeResourceTagBusinessUnit string `csv:"before_resource_tag_business_unit"` BeforeResourceTagEnvironment string `csv:"before_resource_tag_environment"` BeforeResourceTagOwner string `csv:"before_resource_tag_owner"` BeforeResourceTagConfidentiality string `csv:"before_resource_tag_confidentiality"` BeforeResourceTagIntegrity string `csv:"before_resource_tag_integrity"` BeforeResourceTagAvailability string `csv:"before_resource_tag_availability"` BeforeResourceTags string `csv:"before_resource_tags"` AfterResourceName string `csv:"after_resource_name"` AfterResourceType string `csv:"after_resource_type"` AfterResourceTagBusinessUnit string `csv:"after_resource_tag_business_unit"` AfterResourceTagEnvironment string `csv:"after_resource_tag_environment"` AfterResourceTagOwner string `csv:"after_resource_tag_owner"` AfterResourceTagConfidentiality string `csv:"after_resource_tag_confidentiality"` AfterResourceTagIntegrity string `csv:"after_resource_tag_integrity"` AfterResourceTagAvailability string `csv:"after_resource_tag_availability"` AfterResourceTags string `csv:"after_resource_tags"` }
ResourcesReportItemDifference represents the differences between two versions of the same ResourcesReportItem (correlated by ResourceARN).