Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var OpenSearchCalls = []types.AWSService{ { Name: "opensearch:ListDomains", Call: func(ctx context.Context, sess *session.Session) (interface{}, error) { regionResults, err := describeDomainsByRegion(ctx, sess, "opensearch:ListDomains") if err != nil { return nil, err } var allDomains []osDomain for _, rd := range regionResults { for _, ds := range rd.DomainStatusList { name := "" if ds.DomainName != nil { name = *ds.DomainName } arn := "" if ds.ARN != nil { arn = *ds.ARN } endpoint := "" if ds.Endpoint != nil { endpoint = *ds.Endpoint } else if ds.Endpoints != nil { if vpcEndpoint, ok := ds.Endpoints["vpc"]; ok && vpcEndpoint != nil { endpoint = *vpcEndpoint } } engineVersion := "" if ds.EngineVersion != nil { engineVersion = *ds.EngineVersion } allDomains = append(allDomains, osDomain{ Name: name, ARN: arn, Endpoint: endpoint, EngineVersion: engineVersion, Region: rd.Region, }) } } return allDomains, nil }, Process: func(output interface{}, err error, debug bool) []types.ScanResult { var results []types.ScanResult if err != nil { utils.HandleAWSError(debug, "opensearch:ListDomains", err) return []types.ScanResult{ { ServiceName: "OpenSearch", MethodName: "opensearch:ListDomains", Error: err, Timestamp: time.Now(), }, } } domains, ok := output.([]osDomain) if !ok { utils.HandleAWSError(debug, "opensearch:ListDomains", fmt.Errorf("unexpected output type %T", output)) return results } for _, domain := range domains { results = append(results, types.ScanResult{ ServiceName: "OpenSearch", MethodName: "opensearch:ListDomains", ResourceType: "domain", ResourceName: domain.Name, Details: map[string]interface{}{ "Name": domain.Name, "ARN": domain.ARN, "Endpoint": domain.Endpoint, "EngineVersion": domain.EngineVersion, "Region": domain.Region, }, Timestamp: time.Now(), }) utils.PrintResult(debug, "", "opensearch:ListDomains", fmt.Sprintf("OpenSearch Domain: %s (Endpoint: %s, Engine: %s, Region: %s)", utils.ColorizeItem(domain.Name), domain.Endpoint, domain.EngineVersion, domain.Region), nil) } return results }, ModuleName: types.DefaultModuleName, }, { Name: "opensearch:DescribeDomainAccessPolicies", Call: func(ctx context.Context, sess *session.Session) (interface{}, error) { regionResults, err := describeDomainsByRegion(ctx, sess, "opensearch:DescribeDomainAccessPolicies") if err != nil { return nil, err } var allPolicies []osDomainPolicy for _, rd := range regionResults { for _, ds := range rd.DomainStatusList { if ds.AccessPolicies == nil || *ds.AccessPolicies == "" { continue } domainName := "" if ds.DomainName != nil { domainName = *ds.DomainName } allPolicies = append(allPolicies, osDomainPolicy{ DomainName: domainName, AccessPolicy: *ds.AccessPolicies, Region: rd.Region, }) } } return allPolicies, nil }, Process: func(output interface{}, err error, debug bool) []types.ScanResult { var results []types.ScanResult if err != nil { utils.HandleAWSError(debug, "opensearch:DescribeDomainAccessPolicies", err) return []types.ScanResult{ { ServiceName: "OpenSearch", MethodName: "opensearch:DescribeDomainAccessPolicies", Error: err, Timestamp: time.Now(), }, } } policies, ok := output.([]osDomainPolicy) if !ok { utils.HandleAWSError(debug, "opensearch:DescribeDomainAccessPolicies", fmt.Errorf("unexpected output type %T", output)) return results } for _, policy := range policies { results = append(results, types.ScanResult{ ServiceName: "OpenSearch", MethodName: "opensearch:DescribeDomainAccessPolicies", ResourceType: "access-policy", ResourceName: policy.DomainName, Details: map[string]interface{}{ "DomainName": policy.DomainName, "AccessPolicy": policy.AccessPolicy, "Region": policy.Region, }, Timestamp: time.Now(), }) utils.PrintResult(debug, "", "opensearch:DescribeDomainAccessPolicies", fmt.Sprintf("OpenSearch Access Policy: %s (Region: %s)", utils.ColorizeItem(policy.DomainName), policy.Region), nil) } return results }, ModuleName: types.DefaultModuleName, }, { Name: "opensearch:DescribeDomainEncryption", Call: func(ctx context.Context, sess *session.Session) (interface{}, error) { regionResults, err := describeDomainsByRegion(ctx, sess, "opensearch:DescribeDomainEncryption") if err != nil { return nil, err } var allEncryption []osDomainEncryption for _, rd := range regionResults { for _, ds := range rd.DomainStatusList { domainName := "" if ds.DomainName != nil { domainName = *ds.DomainName } encAtRest := false kmsKeyId := "" if ds.EncryptionAtRestOptions != nil { if ds.EncryptionAtRestOptions.Enabled != nil { encAtRest = *ds.EncryptionAtRestOptions.Enabled } if ds.EncryptionAtRestOptions.KmsKeyId != nil { kmsKeyId = *ds.EncryptionAtRestOptions.KmsKeyId } } nodeToNode := false if ds.NodeToNodeEncryptionOptions != nil { if ds.NodeToNodeEncryptionOptions.Enabled != nil { nodeToNode = *ds.NodeToNodeEncryptionOptions.Enabled } } allEncryption = append(allEncryption, osDomainEncryption{ DomainName: domainName, EncryptionAtRestEnabled: encAtRest, KmsKeyId: kmsKeyId, NodeToNodeEncryptionEnabled: nodeToNode, Region: rd.Region, }) } } return allEncryption, nil }, Process: func(output interface{}, err error, debug bool) []types.ScanResult { var results []types.ScanResult if err != nil { utils.HandleAWSError(debug, "opensearch:DescribeDomainEncryption", err) return []types.ScanResult{ { ServiceName: "OpenSearch", MethodName: "opensearch:DescribeDomainEncryption", Error: err, Timestamp: time.Now(), }, } } encryptions, ok := output.([]osDomainEncryption) if !ok { utils.HandleAWSError(debug, "opensearch:DescribeDomainEncryption", fmt.Errorf("unexpected output type %T", output)) return results } for _, enc := range encryptions { results = append(results, types.ScanResult{ ServiceName: "OpenSearch", MethodName: "opensearch:DescribeDomainEncryption", ResourceType: "encryption-config", ResourceName: enc.DomainName, Details: map[string]interface{}{ "DomainName": enc.DomainName, "EncryptionAtRestEnabled": enc.EncryptionAtRestEnabled, "KmsKeyId": enc.KmsKeyId, "NodeToNodeEncryptionEnabled": enc.NodeToNodeEncryptionEnabled, "Region": enc.Region, }, Timestamp: time.Now(), }) utils.PrintResult(debug, "", "opensearch:DescribeDomainEncryption", fmt.Sprintf("OpenSearch Encryption: %s (AtRest: %t, NodeToNode: %t, Region: %s)", utils.ColorizeItem(enc.DomainName), enc.EncryptionAtRestEnabled, enc.NodeToNodeEncryptionEnabled, enc.Region), nil) } return results }, ModuleName: types.DefaultModuleName, }, }
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.