pike

package
v0.3.88 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2026 License: Apache-2.0 Imports: 54 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ManifestSnapshotFilename = "modules.json"
)
View Source 
const Version = "9.9.9"

Version controls the applications version

Variables

View Source 
var AWSAcmCertificate []byte

Functions

func AZUREPolicy 

func AZUREPolicy(permissions []string, policyName string) (string, error)

AZUREPolicy creates an Azure role definition. permissions: slice of Azure permission strings in format "action:resource" Returns the policy definition as a string or an error if generation fails.

func AlmostEqual added in v0.2.96 

func AlmostEqual(a, b float64) bool

func Apply 

func Apply(target string, region string) error

Apply executes tf using a prepared role.

func AwsDataLookup added in v0.2.113 

func AwsDataLookup(find string) interface{}

AwsDataLookup is a map to connect resource name to an object map.

func AwsLookup added in v0.2.94 

func AwsLookup(name string) interface{}

func AzureDataLookup added in v0.2.94 

func AzureDataLookup(name string) interface{}

func AzureLookup added in v0.2.94 

func AzureLookup(name string) interface{}

func Compare 

func Compare(directory string, arn string, init bool) (bool, error)

Compare IAC codebase to AWS policy.

func Contains added in v0.2.76 

func Contains(s []string, e string) bool

Contains looks if slice contains string.

func EncryptPlaintext added in v0.2.76 

func EncryptPlaintext(plaintext string, publicKeyB64 string) ([]byte, error)

EncryptPlaintext standard encryption.

func FileExists added in v0.2.76 

func FileExists(filename string) bool

FileExists looks for a file.

func GCPDataLookup added in v0.2.94 

func GCPDataLookup(result string) interface{}

func GCPLookup added in v0.2.94 

func GCPLookup(result string) interface{}

func GCPPolicy 

func GCPPolicy(permissions []string, policyName string) (string, error)

GCPPolicy create an IAM policy.

func GetAWSDataPermissions 

func GetAWSDataPermissions(result ResourceV2) ([]string, error)

GetAWSDataPermissions gets permissions required for datasource's.

func GetAWSPermissions 

func GetAWSPermissions(result ResourceV2) ([]string, error)

GetAWSPermissions for AWS resources.

func GetAWSResourcePermissions 

func GetAWSResourcePermissions(result ResourceV2) ([]string, error)

GetAWSResourcePermissions looks up permissions required for resources

func GetAZUREDataPermissions 

func GetAZUREDataPermissions(result ResourceV2) ([]string, error)

GetAZUREDataPermissions gets permissions required for datasources.

func GetAZUREPermissions 

func GetAZUREPermissions(result ResourceV2) ([]string, error)

GetAZUREPermissions for GCP resources.

func GetAZUREResourcePermissions 

func GetAZUREResourcePermissions(result ResourceV2) ([]string, error)

GetAZUREResourcePermissions looks up permissions required for resources.

func GetBlockAttributes 

func GetBlockAttributes(attributes []string, block *hclsyntax.Block) []string

GetBlockAttributes walks through a blocks getting all blocks and attributes.

func GetEnv added in v0.3.55 

func GetEnv(key string) (*string, error)

func GetGCPDataPermissions 

func GetGCPDataPermissions(result ResourceV2) ([]string, error)

GetGCPDataPermissions gets permissions required for datasources.

func GetGithubClient added in v0.2.76 

func GetGithubClient() (context.Context, *github.Client)

GetGithubClient instantiate and return a client object for GitHub.

func GetHCLType 

func GetHCLType(resourceName string) string

GetHCLType gets the resource Name.

func GetModulePath 

func GetModulePath(block *hclsyntax.Block) string

GetModulePath extracts the source location from a module.

func GetPermissionMap 

func GetPermissionMap(raw []byte, attributes []string, resource string) ([]string, error)

GetPermissionMap Anonymous parsing.

func GetPublicKeyDetails added in v0.2.76 

func GetPublicKeyDetails(owner string, repository string) (string, string, error)

GetPublicKeyDetails obtains the public key of the owner.

func GetResourceBlocks 

func GetResourceBlocks(file string) (*hclsyntax.Body, error)

GetResourceBlocks breaks down a file into resources.

func GetRuntimePermissions added in v0.3.86 

func GetRuntimePermissions(raw []byte, attributes []string, resource string) ([]string, error)

GetRuntimePermissions extracts runtime permissions needed by service accounts from mapping files.

func GetTF 

func GetTF(dirName string) ([]string, error)

GetTF return tf files in a directory.

func GetTFFiles added in v0.2.76 

func GetTFFiles(dirName string) ([]string, error)

GetTFFiles get tf files in directory.

func Init 

func Init(dirName string) (*string, []string, error)

func InvokeGithubDispatchEvent 

func InvokeGithubDispatchEvent(repository string, workflowFileName string, branch string) error

InvokeGithubDispatchEvent uses your GitHub api key (if sufficiently enabled) to invoke a GitHub action workflow.

func IsTypeOK added in v0.3.29 

func IsTypeOK(mappings interface{}) (map[string]interface{}, error)

func LocateTerraform 

func LocateTerraform() (string, error)

LocateTerraform finds the Terraform executable or installs it.

func Make 

func Make(directory string) (*string, error)

Make creates the required role.

func Minify added in v0.3.71 

func Minify(JSONOut string) string

func RandSeq added in v0.2.76 

func RandSeq(n int) string

RandSeq generate a random sequence.

func Readme 

func Readme(dirName string, output string, init bool, autoAppend bool) error

Readme Updates a README.md file.

func Remote 

func Remote(target string, repository string, region string) error

Remote updates a repo with AWS credentials.

func ReplaceSection 

func ReplaceSection(source string, middle string, autoadd bool) error

ReplaceSection find a section in a readme and replaces the section.

func Repository added in v0.2.108 

func Repository(repository, destination, directory, output string, init, write, enableResources bool) error

func ReturnLocalAddrFromSource added in v0.3.59 

func ReturnLocalAddrFromSource(source string, listModules ModuleJson) string

func Runtime added in v0.3.86 

func Runtime(dirName string, outputType string, file *string, init bool, provider string) error

Runtime detects runtime IAM permissions needed by service accounts.

func Scan 

func Scan(dirName string, outputType string, file *string, init bool, write bool, enableResources bool, provider string, outFile string, policyName string) error

Scan looks for resources in a given directory.

func SetRepoSecret 

func SetRepoSecret(repository string, keyText string, keyName string) (*github.Response, error)

SetRepoSecret sets an encrypted GitHub action secret.

func SplitHub added in v0.2.76 

func SplitHub(repository string) (string, string, error)

SplitHub return details from url.

func StringInSlice added in v0.2.76 

func StringInSlice(a string, list []string) bool

StringInSlice looks for item in slice.

func Unique added in v0.2.76 

func Unique(s []string) []string

Unique make slice unique.

func Watch 

func Watch(arn string, wait int) error

Watch looks at IAM policy for new revisions.

func WriteOutput 

func WriteOutput(outPolicy OutputPolicy, outputType string, scanPath string, outFile string) error

WriteOutput writes out the policy as JSON or Terraform.

Types

type AwsOutput 

type AwsOutput struct {
	JSONOut   string
	Terraform string
}

AwsOutput structure.

func AWSPolicy 

func AWSPolicy(permissions []string, resources bool, policyName string) (AwsOutput, error)

AWSPolicy create an IAM policy.

type EnvVariableNotSetError added in v0.3.55 

type EnvVariableNotSetError struct {
	Key string
}

func (*EnvVariableNotSetError) Error added in v0.3.55 

func (e *EnvVariableNotSetError) Error() string

type IAMBinding added in v0.3.86 

type IAMBinding struct {
	ResourceType string // e.g., "google_project_iam_member"
	ResourceName string // e.g., "app_secrets"
	Role         string // e.g., "roles/secretmanager.secretAccessor"
	Member       string // e.g., "serviceAccount:app@project.iam" or reference like "${google_service_account.app.email}"
}

IAMBinding represents an IAM binding found in Terraform.

func ExtractIAMBindings added in v0.3.86 

func ExtractIAMBindings(body *hclsyntax.Body) []IAMBinding

ExtractIAMBindings extracts IAM binding resources from parsed HCL blocks.

type ModuleJson added in v0.3.59 

type ModuleJson map[string]Record

func GetModuleJson added in v0.3.59 

func GetModuleJson(dir string) (ModuleJson, error)

func ReadModuleJson added in v0.3.59 

func ReadModuleJson(r io.Reader) (ModuleJson, error)

func ReadModuleJsonForDir added in v0.3.59 

func ReadModuleJsonForDir(dir string) (ModuleJson, error)

type OutputPolicy 

type OutputPolicy struct {
	AWS        AwsOutput
	GCP        string
	AZURE      string
	RuntimeGCP string
}

OutputPolicy is the main output type.

func GetPolicy 

func GetPolicy(actions Sorted, resources bool, policyName string) (OutputPolicy, error)

GetPolicy creates new iam polices from a list of Permissions.

func MakePolicy 

func MakePolicy(dirName string, file *string, init bool, enableResources bool, provider string, policyName string) (OutputPolicy, error)

MakePolicy does the guts of determining a policy from code.

func (OutputPolicy) AsString 

func (out OutputPolicy) AsString(format string) string

AsString converts an object into string.

type Policy 

type Policy struct {
	Version    string      `json:"Version"`
	Statements []Statement `json:"Statement"`
}

Policy represents and creates IAM policy structure.

func NewAWSPolicy 

func NewAWSPolicy(actions []string, resources bool) (Policy, error)

NewAWSPolicy constructor.

type PolicyDiff added in v0.3.18 

type PolicyDiff struct {
	Over  []string
	Under []string
}

func Inspect added in v0.3.18 

func Inspect(directory string, init bool) (PolicyDiff, error)

type Record added in v0.3.59 

type Record struct {
	Key        string           `json:"Key"`
	SourceAddr string           `json:"Source"`
	Version    *version.Version `json:"-"`
	VersionStr string           `json:"Version,omitempty"`
	Dir        string           `json:"Dir"`
}

Record represents some metadata about an installed module, as part of a module JSON.

type ResourceV2 

type ResourceV2 struct {
	TypeName       string
	Name           string
	ResourceName   string
	Provider       string
	Attributes     []string
	ServiceAccount string // The service account this resource uses (if any)
}

ResourceV2 is what resources get parsed into.

func DetectBackend added in v0.2.65 

func DetectBackend(resource ResourceV2, block *hclsyntax.Block, resources []ResourceV2) ([]ResourceV2, error)

DetectBackend handles permissions for backend blocks.

func GetLocalModules added in v0.2.76 

func GetLocalModules(block *hclsyntax.Block, dirName string, listModulesJson ModuleJson) ([]ResourceV2, error)

GetLocalModules return resource from a path.

func GetResources 

func GetResources(file string, dirName string) ([]ResourceV2, error)

GetResources retrieves all the resources in a tf file.

type RuntimePermission added in v0.3.86 

type RuntimePermission struct {
	ResourceType   string   // e.g., "google_cloud_run_v2_service"
	ResourceName   string   // e.g., "app" (from resource "type" "name")
	ServiceAccount string   // e.g., "my-sa@project.iam" or "default"
	Permissions    []string // e.g., ["secretmanager.versions.access"]
}

RuntimePermission tracks which resource needs which runtime permissions.

type Sorted 

type Sorted struct {
	AWS   []string
	GCP   []string
	AZURE []string
	// Runtime permissions needed by service accounts
	RuntimeGCP   []RuntimePermission
	RuntimeAWS   []RuntimePermission
	RuntimeAZURE []RuntimePermission
	// Existing IAM bindings from Terraform code
	IAMBindings []IAMBinding
}

Sorted is to help split out permission to the relevant auth.

func GetPermission 

func GetPermission(result ResourceV2) (Sorted, error)

GetPermission determines the IAM permissions required and returns a list of permission.

func GetPermissionBag added in v0.3.52 

func GetPermissionBag(resources []ResourceV2, provider string) Sorted

type Statement 

type Statement struct {
	Sid      string   `json:"Sid"`
	Effect   string   `json:"Effect"`
	Action   []string `json:"Action"`
	Resource []string `json:"Resource"`
}

Statement is the core of an IAM policy.

func NewStatement 

func NewStatement(sid string, effect string, action []string, resource []string) Statement

NewStatement constructor.

type ValidationResult added in v0.3.86 

type ValidationResult struct {
	ResourceType   string
	ResourceName   string
	ServiceAccount string
	Role           string
	Permissions    []string
	Status         string // "configured", "missing", "partial"
	ExistingMember string // If configured, what member string is used
}

ValidationResult tracks the status of an IAM binding requirement.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.