Documentation
¶
Index ¶
- Variables
- func ApplyFilters(records []types.Event, filters ...Filter) ([]types.Event, error)
- func Filters(f WriteEventFilters, alllookupEvents []types.Event) []types.Event
- func GetEvents(cloudtailClient *cloudtrail.Client, startTime time.Time, endTime time.Time, ...) ([]types.Event, error)
- func IsIgnoredEvent(event types.Event, mergedRegex string) (bool, error)
- func NewCloudtrailCmd() *cobra.Command
- func ParseDurationAfter(input string, startTime time.Time) (time.Time, error)
- func ParseDurationBefore(input string, startTime time.Time) (time.Time, error)
- func ParseStartEndTime(start, end, duration string) (time.Time, time.Time, error)
- func ParseTimeAndValidate(timeStr string) (time.Time, error)
- func PrintEvents(filterEvents []types.Event, printUrl bool, printRaw bool)
- func PrintFormat(filterEvents []types.Event, printUrl bool, printRaw bool, table []string)
- func ValidateFilters(filters []string) error
- func ValidateFormat(table []string) error
- func Whoami(stsClient sts.Client) (accountArn string, accountId string, err error)
- type Filter
- type QueryOptions
- type RawEventDetails
- type WriteEventFilters
Constants ¶
This section is empty.
Variables ¶
var DefaultRegion = "us-east-1"
Functions ¶
func ApplyFilters ¶ added in v0.47.0
ApplyFilters takes the filteredEvents slice and applies an additional filter function. The filter function here is an inline function that calls isIgnoredEvent(event, mergedRegex). Only events for which isIgnoredEvent returns true (i.e., not ignored by the regex) are returned.
func Filters ¶ added in v0.47.0
func Filters(f WriteEventFilters, alllookupEvents []types.Event) []types.Event
Filters applies inclusion and exclusion filters to all Cloudtrail Events applies inclusion filters then exclusion filters.
func GetEvents ¶ added in v0.47.0
func GetEvents(cloudtailClient *cloudtrail.Client, startTime time.Time, endTime time.Time, writeOnly bool) ([]types.Event, error)
GetEvents etrieve CloudTrail events using the provided client and time range. It paginates through all available events, and returns all.
func IsIgnoredEvent ¶ added in v0.47.0
isIgnoredEvent filters out events based on the specified ignore list, which contains regular expression patterns. It returns true if the event should be kept, and false if it should be filtered out.
func NewCloudtrailCmd ¶
NewCloudtrailCmd represents the newCmdWriteEvents command
func ParseDurationAfter ¶ added in v0.47.0
parseDurationAfter parses the given startTime string as a duration and adds it from the current UTC time. It returns the resulting time and any parsing error encountered.
func ParseDurationBefore ¶ added in v0.47.0
parseDurationBefore parses the given startTime string as a duration and subtracts it from the current UTC time. It returns the resulting time and any parsing error encountered.
func ParseStartEndTime ¶ added in v0.47.0
ParseStartEndTime parses start time, end time, and duration parameters to calculate the actual time range for CloudTrail event queries.
Parameters:
- start: Start time in "YYYY-MM-DD,HH:MM:SS" format (--after flag)
- end: End time in "YYYY-MM-DD,HH:MM:SS" format (--until flag)
- duration: Duration string like "2h", "30m", "1d" (--since flag)
Time calculation logic:
- If both start and end are provided: Use exact time range
- If only start is provided: start + duration (forward in time)
- If only end is provided: end - duration (backward in time)
- If both start and end are no provided: Use time.Now().UTC() - duration (default 1h)
Returns:
- startTime: Calculated start time in UTC
- endTime: Calculated end time in UTC
- error: Any parsing or validation error
func ParseTimeAndValidate ¶ added in v0.47.0
parseTimeAndValidate takes YY-MM-DD,hh:mm:ss format, splits the year and time and convert it to current UTC time. It returns the parsed time and any parsing error encountered.
func PrintEvents ¶ added in v0.47.0
PrintEvents prints the filtered CloudTrail events in a human-readable format. Allows to print cloudtrail event url link or its raw JSON format. Allows to print cloutrail event resource name & type.
func PrintFormat ¶ added in v0.47.0
PrintFormat allows the user to specify which fields to print. Allows to print cloudtrail event url link
func ValidateFilters ¶ added in v0.47.0
ValidateFilters checks that all filters are in the correct "key=value" format Returns an error immediately if a filter is invalid.
func ValidateFormat ¶ added in v0.47.0
ValidateTable checks for the string list given and returns error if it does not match.
Types ¶
type Filter ¶ added in v0.47.0
Filter is a function type that takes a CloudTrail event and returns a boolean indicating whether the event passes the filter, and an error if the filter evaluation fails.
type QueryOptions ¶ added in v0.47.0
QueryOptions defines the start time for querying CloudTrail events.
type RawEventDetails ¶
type RawEventDetails struct {
EventVersion string `json:"eventVersion"`
UserIdentity struct {
AccountId string `json:"accountId"`
SessionContext struct {
SessionIssuer struct {
Type string `json:"type"`
UserName string `json:"userName"`
Arn string `json:"arn"`
} `json:"sessionIssuer"`
} `json:"sessionContext"`
} `json:"userIdentity"`
EventRegion string `json:"awsRegion"`
EventId string `json:"eventID"`
ErrorCode string `json:"errorCode"`
}
RawEventDetails represents the structure of relevant fields extracted from a CloudTrail event JSON.
func ExtractUserDetails ¶ added in v0.47.0
func ExtractUserDetails(cloudTrailEvent *string) (*RawEventDetails, error)
ExtractUserDetails parses a CloudTrail event JSON string and extracts user identity details.
type WriteEventFilters ¶ added in v0.47.0
WriteEventFilters defines the structure for filters used in write-events.go
Source Files