From 378b0e1bcb7d4fcee46aefe362aaca2a5a6340ad Mon Sep 17 00:00:00 2001 From: Stan Girard Date: Thu, 8 Sep 2022 19:03:24 +0200 Subject: [PATCH] feat(plugin): first iteration plugin manager (#71) * feat(plugin): first iteration plugin manager --- go.mod | 44 +--- go.sum | 132 +++++------ internal/cli/cli.go | 44 +--- internal/yatas/progress.go | 41 ++-- internal/yatas/yatas.go | 38 ++-- plugins/aws/acm/acm.go | 35 --- plugins/aws/acm/acmExpiry.go | 30 --- plugins/aws/acm/acmExpiry_test.go | 82 ------- plugins/aws/acm/acmInUse.go | 27 --- plugins/aws/acm/acmInUse_test.go | 69 ------ plugins/aws/acm/acmIsValid.go | 27 --- plugins/aws/acm/acmIsValid_test.go | 67 ------ plugins/aws/acm/getter.go | 52 ----- plugins/aws/acm/getter_test.go | 63 ------ .../aws/apigateway/apiStagesCloudwatchLogs.go | 29 --- .../apiStagesCloudwatchLogs_test.go | 106 --------- .../aws/apigateway/apiStagesProtectedAcl.go | 29 --- .../apigateway/apiStagesProtectedAcl_test.go | 104 --------- plugins/aws/apigateway/apigateway.go | 38 ---- plugins/aws/apigateway/apigatewayTracing.go | 29 --- .../aws/apigateway/apigatewayTracing_test.go | 56 ----- plugins/aws/apigateway/getter.go | 78 ------- plugins/aws/apigateway/getter_test.go | 175 -------------- plugins/aws/auth.go | 102 --------- plugins/aws/autoscaling/autoscaling.go | 37 --- .../autoscaling/autoscalingAvailibityZones.go | 27 --- .../autoscalingAvailibityZones_test.go | 91 -------- .../autoscalingdesiredmaxcapacity.go | 27 --- .../autoscalingdesiredmaxcapacity_test.go | 131 ----------- plugins/aws/autoscaling/getter.go | 34 --- plugins/aws/autoscaling/getter_test.go | 67 ------ plugins/aws/aws.go | 105 --------- plugins/aws/cloudfront/cloudfront.go | 41 ---- plugins/aws/cloudfront/cloudfrontACLUsed.go | 27 --- .../aws/cloudfront/cloudfrontACLUsed_test.go | 106 --------- .../aws/cloudfront/cloudfrontCookieLogging.go | 26 --- .../cloudfrontCookieLogging_test.go | 125 ---------- plugins/aws/cloudfront/cloudfrontHttps.go | 28 --- .../aws/cloudfront/cloudfrontHttps_test.go | 119 ---------- .../cloudfront/cloudfrontStandardLogging.go | 27 --- .../cloudfrontStandardLogging_test.go | 121 ---------- plugins/aws/cloudfront/cloudfrontTLS12.go | 28 --- .../aws/cloudfront/cloudfrontTLS12_test.go | 153 ------------- plugins/aws/cloudfront/getter.go | 42 ---- plugins/aws/cloudfront/getter_test.go | 108 --------- plugins/aws/cloudtrail/cloudtrail.go | 37 --- plugins/aws/cloudtrail/cloudtrailEncrypted.go | 28 --- .../cloudtrail/cloudtrailEncrypted_test.go | 93 -------- .../aws/cloudtrail/cloudtrailMultiRegion.go | 27 --- .../cloudtrail/cloudtrailMultiRegion_test.go | 96 -------- .../aws/cloudtrail/cloudtrailglobalservice.go | 27 --- .../cloudtrailglobalservice_test.go | 94 -------- plugins/aws/cloudtrail/getter.go | 21 -- plugins/aws/dynamodb/dynamodb.go | 37 --- plugins/aws/dynamodb/dynamodbBackup.go | 26 --- plugins/aws/dynamodb/dynamodbBackup_test.go | 96 -------- plugins/aws/dynamodb/dynamodbEncrypted.go | 28 --- .../aws/dynamodb/dynamodbEncrypted_test.go | 104 --------- plugins/aws/dynamodb/getter.go | 57 ----- plugins/aws/ec2/ec2.go | 38 ---- plugins/aws/ec2/ec2Monitoring.go | 27 --- plugins/aws/ec2/ec2Monitoring_test.go | 104 --------- plugins/aws/ec2/ec2PublicIp.go | 27 --- plugins/aws/ec2/ec2PublicIp_test.go | 95 -------- plugins/aws/ec2/getter.go | 39 ---- plugins/aws/ec2/getter_test.go | 69 ------ plugins/aws/ecr/ecr.go | 35 --- plugins/aws/ecr/ecrEncrypted.go | 27 --- plugins/aws/ecr/ecrEncrypted_test.go | 45 ---- plugins/aws/ecr/ecrImageScanning.go | 27 --- plugins/aws/ecr/ecrImageScanning_test.go | 100 -------- plugins/aws/ecr/ecrImageTagMutability.go | 27 --- plugins/aws/ecr/ecrImageTagMutability_test.go | 50 ---- plugins/aws/ecr/getter.go | 36 --- plugins/aws/eks/eks.go | 33 --- plugins/aws/eks/eksLogging.go | 27 --- plugins/aws/eks/eksLogging_test.go | 63 ------ plugins/aws/eks/eksPrivateEndpoint.go | 40 ---- plugins/aws/eks/eksPrivateEndpoint_test.go | 104 --------- plugins/aws/eks/getter.go | 53 ----- plugins/aws/eks/getter_test.go | 57 ----- plugins/aws/guardduty/getter.go | 18 -- plugins/aws/guardduty/guardduty.go | 33 --- plugins/aws/guardduty/guarddutyEnabled.go | 25 -- .../aws/guardduty/guarddutyEnabled_test.go | 86 ------- plugins/aws/iam/getter.go | 214 ------------------ plugins/aws/iam/helpers.go | 26 --- plugins/aws/iam/helpers_test.go | 77 ------- plugins/aws/iam/iam.go | 41 ---- plugins/aws/iam/iamAccessKeyAge.go | 31 --- plugins/aws/iam/iamAccessKeyAge_test.go | 109 --------- plugins/aws/iam/iamElevateRights.go | 82 ------- plugins/aws/iam/iamElevateRights_test.go | 98 -------- plugins/aws/iam/iamMFA.go | 26 --- plugins/aws/iam/iamMFA_test.go | 58 ----- plugins/aws/iam/iamUserInactive.go | 34 --- plugins/aws/iam/iamUserInactive_test.go | 91 -------- plugins/aws/iam/struct.go | 26 --- plugins/aws/iam/unmarshal_policy.go | 197 ---------------- plugins/aws/iam/unmarshal_policy_test.go | 144 ------------ plugins/aws/iam/userElevationConst.go | 33 --- plugins/aws/lambda/getter.go | 35 --- plugins/aws/lambda/lambda.go | 36 --- plugins/aws/lambda/lambdaNoErrors.go | 27 --- plugins/aws/lambda/lambdaNoErrors_test.go | 69 ------ plugins/aws/lambda/lambdaPrivate.go | 27 --- plugins/aws/lambda/lambdaPrivate_test.go | 101 --------- plugins/aws/lambda/lambdaSecurityGroup.go | 27 --- .../aws/lambda/lambdaSecurityGroup_test.go | 105 --------- .../aws/loadbalancers/elasticLBAccessLogs.go | 33 --- .../loadbalancers/elasticLBAccessLogs_test.go | 115 ---------- .../aws/loadbalancers/elasticloadbalancers.go | 34 --- plugins/aws/loadbalancers/getter.go | 61 ----- plugins/aws/rds/getter.go | 69 ------ plugins/aws/rds/getter_test.go | 50 ---- plugins/aws/rds/rds.go | 50 ---- plugins/aws/rds/rdsAutoUpgrade.go | 27 --- plugins/aws/rds/rdsAutoUpgrade_test.go | 101 --------- plugins/aws/rds/rdsBackup.go | 27 --- plugins/aws/rds/rdsBackup_test.go | 100 -------- plugins/aws/rds/rdsClusterAutoUpgrade.go | 27 --- plugins/aws/rds/rdsClusterAutoUpgrade_test.go | 101 --------- plugins/aws/rds/rdsClusterBackup.go | 27 --- plugins/aws/rds/rdsClusterBackup_test.go | 100 -------- plugins/aws/rds/rdsClusterDeleteProtected.go | 27 --- .../aws/rds/rdsClusterDeleteProtected_test.go | 100 -------- plugins/aws/rds/rdsClusterEncryption.go | 27 --- plugins/aws/rds/rdsClusterEncryption_test.go | 98 -------- plugins/aws/rds/rdsClusterLogging.go | 42 ---- plugins/aws/rds/rdsClusterLogging_test.go | 102 --------- plugins/aws/rds/rdsClusterPrivate.go | 30 --- plugins/aws/rds/rdsClusterPrivate_test.go | 102 --------- plugins/aws/rds/rdsDeleteProtected.go | 27 --- plugins/aws/rds/rdsDeleteProtected_test.go | 100 -------- plugins/aws/rds/rdsEncryption.go | 27 --- plugins/aws/rds/rdsEncryption_test.go | 98 -------- plugins/aws/rds/rdsLogging.go | 42 ---- plugins/aws/rds/rdsLogging_test.go | 102 --------- plugins/aws/rds/rdsPrivate.go | 27 --- plugins/aws/rds/rdsPrivate_test.go | 102 --------- plugins/aws/s3/getter.go | 151 ------------ plugins/aws/s3/helper.go | 20 -- plugins/aws/s3/s3.go | 83 ------- plugins/aws/s3/s3Encrypted.go | 27 --- plugins/aws/s3/s3Encrypted_test.go | 94 -------- plugins/aws/s3/s3ObjectLock.go | 27 --- plugins/aws/s3/s3ObjectLock_test.go | 94 -------- plugins/aws/s3/s3OneRegion.go | 32 --- plugins/aws/s3/s3OneRegion_test.go | 110 --------- plugins/aws/s3/s3PublicAccess.go | 26 --- plugins/aws/s3/s3PublicAccess_test.go | 94 -------- plugins/aws/s3/s3Versioning.go | 27 --- plugins/aws/s3/s3Versioning_test.go | 94 -------- plugins/aws/volumes/getter.go | 67 ------ plugins/aws/volumes/volumes.go | 46 ---- plugins/aws/volumes/volumesEncrypted.go | 27 --- plugins/aws/volumes/volumesEncrypted_test.go | 95 -------- plugins/aws/volumes/volumesGP3.go | 27 --- plugins/aws/volumes/volumesGP3_test.go | 98 -------- plugins/aws/volumes/volumesHasSnapshot.go | 32 --- .../aws/volumes/volumesHasSnapshot_test.go | 112 --------- plugins/aws/volumes/volumesSnapshots24h.go | 37 --- .../aws/volumes/volumesSnapshots24h_test.go | 115 ---------- .../aws/volumes/volumesSnapshotsEncrypted.go | 27 --- .../volumes/volumesSnapshotsEncrypted_test.go | 97 -------- plugins/aws/volumes/volumesUnused.go | 29 --- plugins/aws/volumes/volumesUnused_test.go | 100 -------- plugins/aws/vpc/getter.go | 161 ------------- plugins/aws/vpc/vpc.go | 42 ---- plugins/aws/vpc/vpc2SubnetsMin.go | 27 --- plugins/aws/vpc/vpc2SubnetsMin_test.go | 103 --------- plugins/aws/vpc/vpcCIDR20.go | 32 --- plugins/aws/vpc/vpcCIDR20_test.go | 94 -------- plugins/aws/vpc/vpcFlowLogs.go | 27 --- plugins/aws/vpc/vpcFlowLogs_test.go | 114 ---------- plugins/aws/vpc/vpcOneGateway.go | 26 --- plugins/aws/vpc/vpcOneGateway_test.go | 109 --------- plugins/aws/vpc/vpcOnlyOne.go | 28 --- plugins/aws/vpc/vpcOnlyOne_test.go | 98 -------- plugins/aws/vpc/vpcSubnetsDiffZone.go | 30 --- plugins/aws/vpc/vpcSubnetsDiffZone_test.go | 110 --------- plugins/commons/commons.go | 63 ++++++ plugins/manager/manager.go | 63 ++++++ plugins/plugins.go | 71 ------ plugins/plugins_test.go | 49 ---- 185 files changed, 228 insertions(+), 11519 deletions(-) delete mode 100644 plugins/aws/acm/acm.go delete mode 100644 plugins/aws/acm/acmExpiry.go delete mode 100644 plugins/aws/acm/acmExpiry_test.go delete mode 100644 plugins/aws/acm/acmInUse.go delete mode 100644 plugins/aws/acm/acmInUse_test.go delete mode 100644 plugins/aws/acm/acmIsValid.go delete mode 100644 plugins/aws/acm/acmIsValid_test.go delete mode 100644 plugins/aws/acm/getter.go delete mode 100644 plugins/aws/acm/getter_test.go delete mode 100644 plugins/aws/apigateway/apiStagesCloudwatchLogs.go delete mode 100644 plugins/aws/apigateway/apiStagesCloudwatchLogs_test.go delete mode 100644 plugins/aws/apigateway/apiStagesProtectedAcl.go delete mode 100644 plugins/aws/apigateway/apiStagesProtectedAcl_test.go delete mode 100644 plugins/aws/apigateway/apigateway.go delete mode 100644 plugins/aws/apigateway/apigatewayTracing.go delete mode 100644 plugins/aws/apigateway/apigatewayTracing_test.go delete mode 100644 plugins/aws/apigateway/getter.go delete mode 100644 plugins/aws/apigateway/getter_test.go delete mode 100644 plugins/aws/auth.go delete mode 100644 plugins/aws/autoscaling/autoscaling.go delete mode 100644 plugins/aws/autoscaling/autoscalingAvailibityZones.go delete mode 100644 plugins/aws/autoscaling/autoscalingAvailibityZones_test.go delete mode 100644 plugins/aws/autoscaling/autoscalingdesiredmaxcapacity.go delete mode 100644 plugins/aws/autoscaling/autoscalingdesiredmaxcapacity_test.go delete mode 100644 plugins/aws/autoscaling/getter.go delete mode 100644 plugins/aws/autoscaling/getter_test.go delete mode 100644 plugins/aws/aws.go delete mode 100644 plugins/aws/cloudfront/cloudfront.go delete mode 100644 plugins/aws/cloudfront/cloudfrontACLUsed.go delete mode 100644 plugins/aws/cloudfront/cloudfrontACLUsed_test.go delete mode 100644 plugins/aws/cloudfront/cloudfrontCookieLogging.go delete mode 100644 plugins/aws/cloudfront/cloudfrontCookieLogging_test.go delete mode 100644 plugins/aws/cloudfront/cloudfrontHttps.go delete mode 100644 plugins/aws/cloudfront/cloudfrontHttps_test.go delete mode 100644 plugins/aws/cloudfront/cloudfrontStandardLogging.go delete mode 100644 plugins/aws/cloudfront/cloudfrontStandardLogging_test.go delete mode 100644 plugins/aws/cloudfront/cloudfrontTLS12.go delete mode 100644 plugins/aws/cloudfront/cloudfrontTLS12_test.go delete mode 100644 plugins/aws/cloudfront/getter.go delete mode 100644 plugins/aws/cloudfront/getter_test.go delete mode 100644 plugins/aws/cloudtrail/cloudtrail.go delete mode 100644 plugins/aws/cloudtrail/cloudtrailEncrypted.go delete mode 100644 plugins/aws/cloudtrail/cloudtrailEncrypted_test.go delete mode 100644 plugins/aws/cloudtrail/cloudtrailMultiRegion.go delete mode 100644 plugins/aws/cloudtrail/cloudtrailMultiRegion_test.go delete mode 100644 plugins/aws/cloudtrail/cloudtrailglobalservice.go delete mode 100644 plugins/aws/cloudtrail/cloudtrailglobalservice_test.go delete mode 100644 plugins/aws/cloudtrail/getter.go delete mode 100644 plugins/aws/dynamodb/dynamodb.go delete mode 100644 plugins/aws/dynamodb/dynamodbBackup.go delete mode 100644 plugins/aws/dynamodb/dynamodbBackup_test.go delete mode 100644 plugins/aws/dynamodb/dynamodbEncrypted.go delete mode 100644 plugins/aws/dynamodb/dynamodbEncrypted_test.go delete mode 100644 plugins/aws/dynamodb/getter.go delete mode 100644 plugins/aws/ec2/ec2.go delete mode 100644 plugins/aws/ec2/ec2Monitoring.go delete mode 100644 plugins/aws/ec2/ec2Monitoring_test.go delete mode 100644 plugins/aws/ec2/ec2PublicIp.go delete mode 100644 plugins/aws/ec2/ec2PublicIp_test.go delete mode 100644 plugins/aws/ec2/getter.go delete mode 100644 plugins/aws/ec2/getter_test.go delete mode 100644 plugins/aws/ecr/ecr.go delete mode 100644 plugins/aws/ecr/ecrEncrypted.go delete mode 100644 plugins/aws/ecr/ecrEncrypted_test.go delete mode 100644 plugins/aws/ecr/ecrImageScanning.go delete mode 100644 plugins/aws/ecr/ecrImageScanning_test.go delete mode 100644 plugins/aws/ecr/ecrImageTagMutability.go delete mode 100644 plugins/aws/ecr/ecrImageTagMutability_test.go delete mode 100644 plugins/aws/ecr/getter.go delete mode 100644 plugins/aws/eks/eks.go delete mode 100644 plugins/aws/eks/eksLogging.go delete mode 100644 plugins/aws/eks/eksLogging_test.go delete mode 100644 plugins/aws/eks/eksPrivateEndpoint.go delete mode 100644 plugins/aws/eks/eksPrivateEndpoint_test.go delete mode 100644 plugins/aws/eks/getter.go delete mode 100644 plugins/aws/eks/getter_test.go delete mode 100644 plugins/aws/guardduty/getter.go delete mode 100644 plugins/aws/guardduty/guardduty.go delete mode 100644 plugins/aws/guardduty/guarddutyEnabled.go delete mode 100644 plugins/aws/guardduty/guarddutyEnabled_test.go delete mode 100644 plugins/aws/iam/getter.go delete mode 100644 plugins/aws/iam/helpers.go delete mode 100644 plugins/aws/iam/helpers_test.go delete mode 100644 plugins/aws/iam/iam.go delete mode 100644 plugins/aws/iam/iamAccessKeyAge.go delete mode 100644 plugins/aws/iam/iamAccessKeyAge_test.go delete mode 100644 plugins/aws/iam/iamElevateRights.go delete mode 100644 plugins/aws/iam/iamElevateRights_test.go delete mode 100644 plugins/aws/iam/iamMFA.go delete mode 100644 plugins/aws/iam/iamMFA_test.go delete mode 100644 plugins/aws/iam/iamUserInactive.go delete mode 100644 plugins/aws/iam/iamUserInactive_test.go delete mode 100644 plugins/aws/iam/struct.go delete mode 100644 plugins/aws/iam/unmarshal_policy.go delete mode 100644 plugins/aws/iam/unmarshal_policy_test.go delete mode 100644 plugins/aws/iam/userElevationConst.go delete mode 100644 plugins/aws/lambda/getter.go delete mode 100644 plugins/aws/lambda/lambda.go delete mode 100644 plugins/aws/lambda/lambdaNoErrors.go delete mode 100644 plugins/aws/lambda/lambdaNoErrors_test.go delete mode 100644 plugins/aws/lambda/lambdaPrivate.go delete mode 100644 plugins/aws/lambda/lambdaPrivate_test.go delete mode 100644 plugins/aws/lambda/lambdaSecurityGroup.go delete mode 100644 plugins/aws/lambda/lambdaSecurityGroup_test.go delete mode 100644 plugins/aws/loadbalancers/elasticLBAccessLogs.go delete mode 100644 plugins/aws/loadbalancers/elasticLBAccessLogs_test.go delete mode 100644 plugins/aws/loadbalancers/elasticloadbalancers.go delete mode 100644 plugins/aws/loadbalancers/getter.go delete mode 100644 plugins/aws/rds/getter.go delete mode 100644 plugins/aws/rds/getter_test.go delete mode 100644 plugins/aws/rds/rds.go delete mode 100644 plugins/aws/rds/rdsAutoUpgrade.go delete mode 100644 plugins/aws/rds/rdsAutoUpgrade_test.go delete mode 100644 plugins/aws/rds/rdsBackup.go delete mode 100644 plugins/aws/rds/rdsBackup_test.go delete mode 100644 plugins/aws/rds/rdsClusterAutoUpgrade.go delete mode 100644 plugins/aws/rds/rdsClusterAutoUpgrade_test.go delete mode 100644 plugins/aws/rds/rdsClusterBackup.go delete mode 100644 plugins/aws/rds/rdsClusterBackup_test.go delete mode 100644 plugins/aws/rds/rdsClusterDeleteProtected.go delete mode 100644 plugins/aws/rds/rdsClusterDeleteProtected_test.go delete mode 100644 plugins/aws/rds/rdsClusterEncryption.go delete mode 100644 plugins/aws/rds/rdsClusterEncryption_test.go delete mode 100644 plugins/aws/rds/rdsClusterLogging.go delete mode 100644 plugins/aws/rds/rdsClusterLogging_test.go delete mode 100644 plugins/aws/rds/rdsClusterPrivate.go delete mode 100644 plugins/aws/rds/rdsClusterPrivate_test.go delete mode 100644 plugins/aws/rds/rdsDeleteProtected.go delete mode 100644 plugins/aws/rds/rdsDeleteProtected_test.go delete mode 100644 plugins/aws/rds/rdsEncryption.go delete mode 100644 plugins/aws/rds/rdsEncryption_test.go delete mode 100644 plugins/aws/rds/rdsLogging.go delete mode 100644 plugins/aws/rds/rdsLogging_test.go delete mode 100644 plugins/aws/rds/rdsPrivate.go delete mode 100644 plugins/aws/rds/rdsPrivate_test.go delete mode 100644 plugins/aws/s3/getter.go delete mode 100644 plugins/aws/s3/helper.go delete mode 100644 plugins/aws/s3/s3.go delete mode 100644 plugins/aws/s3/s3Encrypted.go delete mode 100644 plugins/aws/s3/s3Encrypted_test.go delete mode 100644 plugins/aws/s3/s3ObjectLock.go delete mode 100644 plugins/aws/s3/s3ObjectLock_test.go delete mode 100644 plugins/aws/s3/s3OneRegion.go delete mode 100644 plugins/aws/s3/s3OneRegion_test.go delete mode 100644 plugins/aws/s3/s3PublicAccess.go delete mode 100644 plugins/aws/s3/s3PublicAccess_test.go delete mode 100644 plugins/aws/s3/s3Versioning.go delete mode 100644 plugins/aws/s3/s3Versioning_test.go delete mode 100644 plugins/aws/volumes/getter.go delete mode 100644 plugins/aws/volumes/volumes.go delete mode 100644 plugins/aws/volumes/volumesEncrypted.go delete mode 100644 plugins/aws/volumes/volumesEncrypted_test.go delete mode 100644 plugins/aws/volumes/volumesGP3.go delete mode 100644 plugins/aws/volumes/volumesGP3_test.go delete mode 100644 plugins/aws/volumes/volumesHasSnapshot.go delete mode 100644 plugins/aws/volumes/volumesHasSnapshot_test.go delete mode 100644 plugins/aws/volumes/volumesSnapshots24h.go delete mode 100644 plugins/aws/volumes/volumesSnapshots24h_test.go delete mode 100644 plugins/aws/volumes/volumesSnapshotsEncrypted.go delete mode 100644 plugins/aws/volumes/volumesSnapshotsEncrypted_test.go delete mode 100644 plugins/aws/volumes/volumesUnused.go delete mode 100644 plugins/aws/volumes/volumesUnused_test.go delete mode 100644 plugins/aws/vpc/getter.go delete mode 100644 plugins/aws/vpc/vpc.go delete mode 100644 plugins/aws/vpc/vpc2SubnetsMin.go delete mode 100644 plugins/aws/vpc/vpc2SubnetsMin_test.go delete mode 100644 plugins/aws/vpc/vpcCIDR20.go delete mode 100644 plugins/aws/vpc/vpcCIDR20_test.go delete mode 100644 plugins/aws/vpc/vpcFlowLogs.go delete mode 100644 plugins/aws/vpc/vpcFlowLogs_test.go delete mode 100644 plugins/aws/vpc/vpcOneGateway.go delete mode 100644 plugins/aws/vpc/vpcOneGateway_test.go delete mode 100644 plugins/aws/vpc/vpcOnlyOne.go delete mode 100644 plugins/aws/vpc/vpcOnlyOne_test.go delete mode 100644 plugins/aws/vpc/vpcSubnetsDiffZone.go delete mode 100644 plugins/aws/vpc/vpcSubnetsDiffZone_test.go create mode 100644 plugins/commons/commons.go create mode 100644 plugins/manager/manager.go delete mode 100644 plugins/plugins.go delete mode 100644 plugins/plugins_test.go diff --git a/go.mod b/go.mod index 01a4533..36a9746 100644 --- a/go.mod +++ b/go.mod @@ -4,54 +4,28 @@ go 1.19 require ( github.com/aws/aws-sdk-go-v2 v1.16.14 - github.com/aws/aws-sdk-go-v2/config v1.17.5 - github.com/aws/aws-sdk-go-v2/service/acm v1.14.16 - github.com/aws/aws-sdk-go-v2/service/apigateway v1.15.18 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.23.14 - github.com/aws/aws-sdk-go-v2/service/cloudfront v1.20.3 - github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.16.12 - github.com/aws/aws-sdk-go-v2/service/dynamodb v1.16.4 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.54.4 - github.com/aws/aws-sdk-go-v2/service/ecr v1.17.16 - github.com/aws/aws-sdk-go-v2/service/eks v1.21.11 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.18.17 - github.com/aws/aws-sdk-go-v2/service/guardduty v1.15.7 - github.com/aws/aws-sdk-go-v2/service/iam v1.18.17 - github.com/aws/aws-sdk-go-v2/service/lambda v1.24.4 - github.com/aws/aws-sdk-go-v2/service/rds v1.25.5 - github.com/aws/aws-sdk-go-v2/service/s3 v1.27.9 github.com/fatih/color v1.13.0 github.com/hashicorp/go-hclog v1.3.0 - github.com/mitchellh/mapstructure v1.5.0 - github.com/rs/zerolog v1.28.0 + github.com/hashicorp/go-plugin v1.4.5 github.com/vbauerster/mpb/v7 v7.5.2 - golang.org/x/exp v0.0.0-20220906200021-fcb1a314c389 gopkg.in/yaml.v3 v3.0.1 ) require ( github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.7 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.12.18 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.15 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.15 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.22 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.12 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.8 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.16 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.15 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.15 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.15 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.11.21 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.3 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.16.17 // indirect github.com/aws/smithy-go v1.13.2 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/golang/protobuf v1.3.4 // indirect + github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.14 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect + github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 // indirect + github.com/oklog/run v1.0.0 // indirect github.com/rivo/uniseg v0.3.4 // indirect + golang.org/x/net v0.0.0-20190311183353-d8887717615a // indirect golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab // indirect + golang.org/x/text v0.3.0 // indirect + google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 // indirect + google.golang.org/grpc v1.27.1 // indirect ) diff --git a/go.sum b/go.sum index 93dc255..e629866 100644 --- a/go.sum +++ b/go.sum @@ -1,87 +1,40 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= github.com/aws/aws-sdk-go-v2 v1.16.14 h1:db6GvO4Z2UqHt5gvT0lr6J5x5P+oQ7bdRzczVaRekMU= github.com/aws/aws-sdk-go-v2 v1.16.14/go.mod h1:s/G+UV29dECbF5rf+RNj1xhlmvoNurGSr+McVSRj59w= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.7 h1:/kxQjtZc7j67TMW/aFJfpsrlvFhsq3lNbX41qN5Tro4= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.7/go.mod h1:KvHyNlxCjo9Y1Fsz+6Ex9OaN2jKijvMxzROxpW5Vctc= -github.com/aws/aws-sdk-go-v2/config v1.17.5 h1:+NS1BWvprx7nHcIk5o32LrZgifs/7Pm1V2nWjQgZ2H0= -github.com/aws/aws-sdk-go-v2/config v1.17.5/go.mod h1:H0cvPNDO3uExWts/9PDhD/0ne2esu1uaIulwn1vkwxM= -github.com/aws/aws-sdk-go-v2/credentials v1.12.18 h1:HF62tbhARhgLfvmfwUbL9qZ+dkbZYzbFdxBb3l5gr7Q= -github.com/aws/aws-sdk-go-v2/credentials v1.12.18/go.mod h1:O7n/CPagQ33rfG6h7vR/W02ammuc5CrsSM22cNZp9so= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.15 h1:nkQ+aI0OCeYfzrBipL6ja/6VEbUnHQoZHBHtoK+Nzxw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.15/go.mod h1:Oz2/qWINxIgSmoZT9adpxJy2UhpcOAI3TIyWgYMVSz0= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.21 h1:gRIXnmAVNyoRQywdNtpAkgY+f30QNzgF53Q5OobNZZs= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.21/go.mod h1:XsmHMV9c512xgsW01q7H0ut+UQQQpWX8QsFbdLHDwaU= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.15 h1:noAhOo2mMDyYhTx99aYPvQw16T3fQ/DiKAv9fzpIKH8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.15/go.mod h1:kjJ4CyD9M3Wq88GYg3IPfj67Rs0Uvz8aXK7MJ8BvE4I= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.22 h1:nF+E8HfYpOMw6M5oA9efB602VC00IHNQnB5CmFvZPvA= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.22/go.mod h1:tltHVGy977LrSOgRR5aV9+miyno/Gul/uJNPKS7FzP4= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.12 h1:i0Tig01XGhXo/ki1BZUbRMhusGVCScEvaWdlFRWxAKk= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.12/go.mod h1:QPoxYMISvteeDH4A89gGWWlCA/Bz6oUDF7hGdPdOPuE= -github.com/aws/aws-sdk-go-v2/service/acm v1.14.16 h1:3wqtTwOBQh0qpriJ46gkpCvkd6dxvcXtEm3942sml4E= -github.com/aws/aws-sdk-go-v2/service/acm v1.14.16/go.mod h1:AihKt+UPpI2ThSmParS7Bi7Tzlxl+pJdmyAmOtXHihU= -github.com/aws/aws-sdk-go-v2/service/apigateway v1.15.18 h1:R3JedWH++HbzxStVWPjyFFXENgYgK5kNkfZ01EsHNcI= -github.com/aws/aws-sdk-go-v2/service/apigateway v1.15.18/go.mod h1:v20fC1FwiUJWmrtC6h3vZmWyf3PhCE/xlxIXFF42/Xk= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.23.14 h1:0Dcxd1lGWAzWCGuVl82UFGMm1tM1fOioQg/Or9qYSV4= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.23.14/go.mod h1:TdlJCYadv3Jxv00VGfsM6tH4nXdb9rXnNnOoPKu1Gi8= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.20.3 h1:eFvjjXyZqBmdZHjf33tOBdSRQKPTPNLpJN3TWTCcTt8= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.20.3/go.mod h1:O591dMiqcCVgiLrSwcKwFthC9DdlmvgS3P+jyFUY2+U= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.16.12 h1:kEB8f463sCGRd0HnSNEi9nxXJNVIEAE6Eh7FS2qxqs0= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.16.12/go.mod h1:R+DQ8kXSHr/8SVLU5cQ2bmWyqcVg1VQX/eA+wBfr5sA= -github.com/aws/aws-sdk-go-v2/service/dynamodb v1.16.4 h1:mAZdz3kvGBWC0feqQcpUF9trQ0d1qmJVNrcUv6eneIo= -github.com/aws/aws-sdk-go-v2/service/dynamodb v1.16.4/go.mod h1:xDs8FfL3lHGCYWb0ytqxjIKT5AYLY/Oi9Mh8BV0nkLg= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.54.4 h1:YzVHUh2n817PJsTyE64ZXrO7tHiLz7rCN6P/hIIWEo0= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.54.4/go.mod h1:p5AOIjPAhnxZwHRkI+kiG7X5uSXz3sPWbIjsRjsVJ/U= -github.com/aws/aws-sdk-go-v2/service/ecr v1.17.16 h1:Fl+PSDkwzeNnI42wHAfRvreL6r7I2yAVYSCpXan9go4= -github.com/aws/aws-sdk-go-v2/service/ecr v1.17.16/go.mod h1:PKNfdxgouO2lS7Hl3p3LlEOsGS9ZHMu+P6E2ZfrdVxM= -github.com/aws/aws-sdk-go-v2/service/eks v1.21.11 h1:i3tEE+cLmu/MR5VPjPtNZucFJKjklxxMstJveGwxwpU= -github.com/aws/aws-sdk-go-v2/service/eks v1.21.11/go.mod h1:uQKobwLPAvlksViYM6CGnpmfhjca+LjHAhtfSdHrKVg= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.18.17 h1:aGtbr5HNb9E1xzDAuWK5kAECH2BtwzFdoQx8lKnKuDc= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.18.17/go.mod h1:n+QeyxC6AvbThk1qqU0pBOBDbZewYcHgR59pRDNTQjw= -github.com/aws/aws-sdk-go-v2/service/guardduty v1.15.7 h1:l6jFBvEzcGC+rO7IXZyLKUG9S3aS5EBZ00Q9e+OVlIY= -github.com/aws/aws-sdk-go-v2/service/guardduty v1.15.7/go.mod h1:QTzmWjg5A57eNvNLb/9YIWe2O4+ZMrRjPDLtF2hDfAE= -github.com/aws/aws-sdk-go-v2/service/iam v1.18.17 h1:2sbycB3YvoTTT6bqT8GmTRRkNnpTh42OeFv5IEBCPkk= -github.com/aws/aws-sdk-go-v2/service/iam v1.18.17/go.mod h1:P78+32N8FUruwcMQz0YET9NnD991g6Ud2Z9ldLX3OxM= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.8 h1:NpixDFjwr1BZg2459mX07NZnVYGGp62Lb6AtVGOLNlo= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.8/go.mod h1:MJUgrBPfGB4yk2uWoImVqd9cklry1hATyJV/7gJ6JTk= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.16 h1:kHc3TqW5kJ9Vfd9YEwywrNrL87DItpvAohlP+OuzABY= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.16/go.mod h1:U/9ZCgIx6x6NTdFRt60qO3gxUxBx4gRi+S/Yc/n+7vc= -github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.15 h1:cglph/vzXji9hnXhlWq2bVkPU0qofeOCV/Jv7AWGEh4= -github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.15/go.mod h1:NNBwPIB0wjkpeeQztU3FRD8O8T77MCrObyC1RiHf6G8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.15 h1:xlf0J6DUgAj/ocvKQxCmad8Bu1lJuRbt5Wu+4G1xw1g= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.15/go.mod h1:ZVJ7ejRl4+tkWMuCwjXoy0jd8fF5u3RCyWjSVjUIvQE= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.15 h1:v9f7NY7D19ssE2EM+m9yT1m5zdWHuRAsZaFh24GAkOk= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.15/go.mod h1:gXfPo3nMoCbJKTZKDxv3rUhcYJjYT/K++jEqcWHjD/Q= -github.com/aws/aws-sdk-go-v2/service/lambda v1.24.4 h1:TjBzpwWQwR0YXdtFITw0a54hFfpcKVODU06H+nN5Ek4= -github.com/aws/aws-sdk-go-v2/service/lambda v1.24.4/go.mod h1:7nxxfr4DEkcWIT0VqoqBqSNCz3PGEJ9clXvS87SA9ig= -github.com/aws/aws-sdk-go-v2/service/rds v1.25.5 h1:MCEH1CnQZzXzUgr4qAzo1KJobVU+8p1mlNsU5pgM4nc= -github.com/aws/aws-sdk-go-v2/service/rds v1.25.5/go.mod h1:vxlyLxFwlDDp8Nsqn2dBVeFQmD9zBn+C1hKxcM+n21k= -github.com/aws/aws-sdk-go-v2/service/s3 v1.27.9 h1:imVonvre+AHMcDc3B9bPHHy5ZgjIkkYc/jyDBK8FHFw= -github.com/aws/aws-sdk-go-v2/service/s3 v1.27.9/go.mod h1:0Gfmg8gjPhVPy/IXkLAmyKZbAue+2s11BWKH+oXggmg= -github.com/aws/aws-sdk-go-v2/service/sso v1.11.21 h1:7jUFr+7F4MzIjCZzy7ygRtXFQcQ0kAbT0gUvtUeAdyU= -github.com/aws/aws-sdk-go-v2/service/sso v1.11.21/go.mod h1:q8nYq51W3gpZempYsAD83fPRlrOTMCwN+Ahg4BKFTXQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.3 h1:UTTPNP3/WzZa7hoHP3Szb/Yl0bM3NoBrf5ABy1OArUM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.3/go.mod h1:+IF75RMJh0+zqTGXGshyEGRsU2ImqWv6UuHGkHl6kEo= -github.com/aws/aws-sdk-go-v2/service/sts v1.16.17 h1:LVM2jzEQ8mhb2dhrFl4PJ3sa5+KcKT01dsMk2Ma9/FU= -github.com/aws/aws-sdk-go-v2/service/sts v1.16.17/go.mod h1:bQujK1n0V1D1Gz5uII1jaB1WDvhj4/T3tElsJnVXCR0= github.com/aws/smithy-go v1.13.2 h1:TBLKyeJfXTrTXRHmsv4qWt9IQGYyWThLYaJWSahTOGE= github.com/aws/smithy-go v1.13.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/hashicorp/go-hclog v1.3.0 h1:G0ACM8Z2WilWgPv3Vdzwm3V0BQu/kSmrkVtpe1fy9do= github.com/hashicorp/go-hclog v1.3.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo= +github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS4/qyk21ZsHyb6Mxv/jykxvNTkU4M= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= @@ -91,24 +44,37 @@ github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 h1:7GoSOOW2jpsfkntVKaS2rAr1TJqfcxotyaUcuxoZSzg= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.3.4 h1:3Z3Eu6FGHZWSfNKJTOUiPatWwfc7DzJRU04jFUqJODw= github.com/rivo/uniseg v0.3.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= -github.com/rs/zerolog v1.28.0 h1:MirSo27VyNi7RJYP3078AA1+Cyzd2GB66qy3aUHvsWY= -github.com/rs/zerolog v1.28.0/go.mod h1:NILgTygv/Uej1ra5XxGf82ZFSLk58MFGAUS2o6usyD0= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/vbauerster/mpb/v7 v7.5.2 h1:Ph3JvpBcoIwzIG1QwbUq97KQifrTRbKcMXN9rN5BYAs= github.com/vbauerster/mpb/v7 v7.5.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA= -golang.org/x/exp v0.0.0-20220906200021-fcb1a314c389 h1:bCIWVlNKY/35kVE0iPeoZ9i/ar1ba/5vyfxUtcXN4iM= -golang.org/x/exp v0.0.0-20220906200021-fcb1a314c389/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -117,9 +83,25 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab h1:2QkjZIsXupsJbJIdSjjUOgWK3aEtzyuh2mPt3l/CkeU= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/cli/cli.go b/internal/cli/cli.go index 64397a1..ad24cff 100644 --- a/internal/cli/cli.go +++ b/internal/cli/cli.go @@ -4,19 +4,15 @@ import ( "flag" "os" "sort" - "time" "github.com/stangirard/yatas/internal/report" "github.com/stangirard/yatas/internal/yatas" - "github.com/stangirard/yatas/plugins" - "github.com/vbauerster/mpb/v7" - "github.com/vbauerster/mpb/v7/decor" + "github.com/stangirard/yatas/plugins/manager" ) var ( - compare = flag.Bool("compare", false, "compare with previous report") - progressflag = flag.Bool("no-progress", false, "don't show the progress bar") - ci = flag.Bool("ci", false, "run in CI with exit code") + compare = flag.Bool("compare", false, "compare with previous report") + ci = flag.Bool("ci", false, "run in CI with exit code") ) func Execute() error { @@ -24,40 +20,8 @@ func Execute() error { if err != nil { return err } + checks := manager.RunPlugin("aws", config) - if !*progressflag { - config.Progress = mpb.New(mpb.WithWidth(64)) - bar := config.Progress.AddBar(0, mpb.PrependDecorators( - decor.Name("Categories : "), - decor.CountersNoUnit(" %d / %d")), - mpb.AppendDecorators( - - decor.Percentage(), - ), - ) - bar.SetPriority(10) - config.ServiceProgress.Bar = bar - - bar2 := config.Progress.AddBar(0, - - mpb.PrependDecorators( - decor.Name("Checks : "), - decor.CountersNoUnit("%d / %d")), - mpb.AppendDecorators( - decor.Percentage(), - ), - ) - bar2.SetPriority(11) - - config.CheckProgress.Bar = bar2 - - } - checks, err := plugins.Execute(config) - if config.Progress != nil { - config.ServiceProgress.Bar.SetTotal(config.ServiceProgress.Bar.Current(), true) - time.Sleep(time.Millisecond * 100) - - } if err != nil { return err } diff --git a/internal/yatas/progress.go b/internal/yatas/progress.go index c2fde49..a82ad62 100644 --- a/internal/yatas/progress.go +++ b/internal/yatas/progress.go @@ -1,26 +1,21 @@ package yatas -import ( - "github.com/vbauerster/mpb/v7" - "github.com/vbauerster/mpb/v7/decor" -) +// func (c *Config) AddBar(description, id string, value, priority int, p *mpb.Progress) { +// if c.PluginsProgress == nil { +// c.PluginsProgress = make(map[string]Progress) +// } +// c.PluginsProgress[id] = Progress{ +// Bar: p.AddBar(int64(value), +// mpb.PrependDecorators( +// decor.Name(description), +// decor.CountersNoUnit(" %d / %d"), +// ), +// mpb.AppendDecorators( +// decor.Percentage(), +// ), +// ), +// Value: value, +// } +// c.PluginsProgress[id].Bar.SetPriority(priority) -func (c *Config) AddBar(description, id string, value, priority int, p *mpb.Progress) { - if c.PluginsProgress == nil { - c.PluginsProgress = make(map[string]Progress) - } - c.PluginsProgress[id] = Progress{ - Bar: p.AddBar(int64(value), - mpb.PrependDecorators( - decor.Name(description), - decor.CountersNoUnit(" %d / %d"), - ), - mpb.AppendDecorators( - decor.Percentage(), - ), - ), - Value: value, - } - c.PluginsProgress[id].Bar.SetPriority(priority) - -} +// } diff --git a/internal/yatas/yatas.go b/internal/yatas/yatas.go index 8f42a36..de67a32 100644 --- a/internal/yatas/yatas.go +++ b/internal/yatas/yatas.go @@ -3,7 +3,6 @@ package yatas import ( "strings" "sync" - "time" "github.com/aws/aws-sdk-go-v2/aws" "github.com/stangirard/yatas/internal/helpers" @@ -41,15 +40,9 @@ type Progress struct { } type Config struct { - sync.Mutex - - Plugins []Plugin `yaml:"plugins"` - AWS []AWS_Account `yaml:"aws"` - Ignore []Ignore `yaml:"ignore"` - Progress *mpb.Progress - ServiceProgress Progress - CheckProgress Progress - PluginsProgress map[string]Progress + Plugins []Plugin `yaml:"plugins"` + AWS []AWS_Account `yaml:"aws"` + Ignore []Ignore `yaml:"ignore"` } func (c *Config) CheckExclude(id string) bool { @@ -113,14 +106,13 @@ func unmarshalYAML(data []byte, config *Config) error { func CheckTest[A, B, C any](wg *sync.WaitGroup, config *Config, id string, test func(A, B, C)) func(A, B, C) { if !config.CheckExclude(id) && config.CheckInclude(id) { wg.Add(1) - if config.CheckProgress.Bar != nil { - config.Lock() - config.CheckProgress.Value++ - config.CheckProgress.Bar.SetTotal(int64(config.CheckProgress.Value), false) - config.Unlock() - time.Sleep(time.Millisecond * 10) + // if config.CheckProgress.Bar != nil { - } + // config.CheckProgress.Value++ + // config.CheckProgress.Bar.SetTotal(int64(config.CheckProgress.Value), false) + // time.Sleep(time.Millisecond * 10) + + // } return test } else { return func(A, B, C) {} @@ -133,14 +125,12 @@ func CheckTest[A, B, C any](wg *sync.WaitGroup, config *Config, id string, test func CheckMacroTest[A, B, C, D any](wg *sync.WaitGroup, config *Config, test func(A, B, C, D)) func(A, B, C, D) { wg.Add(1) // TODO check - if config.ServiceProgress.Bar != nil { - config.Lock() - config.ServiceProgress.Value++ - config.ServiceProgress.Bar.SetTotal(int64(config.ServiceProgress.Value), false) - config.Unlock() - time.Sleep(time.Millisecond * 10) + // if config.ServiceProgress.Bar != nil { + // config.ServiceProgress.Value++ + // config.ServiceProgress.Bar.SetTotal(int64(config.ServiceProgress.Value), false) + // time.Sleep(time.Millisecond * 10) - } + // } return test } diff --git a/plugins/aws/acm/acm.go b/plugins/aws/acm/acm.go deleted file mode 100644 index 9f47496..0000000 --- a/plugins/aws/acm/acm.go +++ /dev/null @@ -1,35 +0,0 @@ -package acm - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/acm" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - svc := acm.NewFromConfig(s) - certificates := GetCertificates(svc) - go yatas.CheckTest(checkConfig.Wg, c, "AWS_ACM_001", CheckIfACMValid)(checkConfig, certificates, "AWS_ACM_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_ACM_002", CheckIfCertificateExpiresIn90Days)(checkConfig, certificates, "AWS_ACM_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_ACM_003", CheckIfACMInUse)(checkConfig, certificates, "AWS_ACM_003") - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - checkConfig.Wg.Wait() - queue <- checks -} diff --git a/plugins/aws/acm/acmExpiry.go b/plugins/aws/acm/acmExpiry.go deleted file mode 100644 index c0a7c7f..0000000 --- a/plugins/aws/acm/acmExpiry.go +++ /dev/null @@ -1,30 +0,0 @@ -package acm - -import ( - "fmt" - "time" - - "github.com/aws/aws-sdk-go-v2/service/acm/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfCertificateExpiresIn90Days(checkConfig yatas.CheckConfig, certificates []types.CertificateDetail, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ACM certificate expires in more than 90 days", "Check if certificate expires in 90 days", testName) - for _, certificate := range certificates { - if certificate.Status == types.CertificateStatusIssued || certificate.Status == types.CertificateStatusInactive { - if time.Until(*certificate.NotAfter).Hours() > 24*90 { - Message := "Certificate " + *certificate.CertificateArn + " does not expire in 90 days" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *certificate.CertificateArn} - check.AddResult(result) - } else { - Message := "Certificate " + *certificate.CertificateArn + " expires in 90 days or less" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *certificate.CertificateArn} - check.AddResult(result) - } - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/acm/acmExpiry_test.go b/plugins/aws/acm/acmExpiry_test.go deleted file mode 100644 index ab67945..0000000 --- a/plugins/aws/acm/acmExpiry_test.go +++ /dev/null @@ -1,82 +0,0 @@ -package acm - -import ( - "sync" - "testing" - "time" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/acm/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfCertificateExpiresIn90Days(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - certificates []types.CertificateDetail - testName string - } - tests := []struct { - name string - args args - want string - }{ - { - name: "Check if certificate expires in 90 days", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - certificates: []types.CertificateDetail{ - { - CertificateArn: aws.String("arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"), - DomainName: aws.String("example.com"), - Status: types.CertificateStatusIssued, - NotAfter: aws.Time(time.Now().Add(time.Hour * 24 * 91)), - }, - }, - testName: "Check if certificate expires in 90 days", - }, - want: "OK", - }, - { - name: "Check if certificate expires in 90 days", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - certificates: []types.CertificateDetail{ - { - CertificateArn: aws.String("arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"), - DomainName: aws.String("example.com"), - Status: types.CertificateStatusIssued, - NotAfter: aws.Time(time.Now().Add(time.Hour * 24 * 89)), - }, - }, - testName: "Check if certificate expires in 90 days", - }, - want: "FAIL", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Logf("%s", tt.args.testName) - CheckIfCertificateExpiresIn90Days(tt.args.checkConfig, tt.args.certificates, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - t.Logf("%v", tt.args.checkConfig.Queue) - for check := range tt.args.checkConfig.Queue { - t.Logf("%v", check) - if check.Status != tt.want { - t.Errorf("CheckIfCertificateExpiresIn90Days() = %v, want %v", check.Results[0].Status, tt.want) - } - tt.args.checkConfig.Wg.Done() - } - - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/acm/acmInUse.go b/plugins/aws/acm/acmInUse.go deleted file mode 100644 index 9db2ccd..0000000 --- a/plugins/aws/acm/acmInUse.go +++ /dev/null @@ -1,27 +0,0 @@ -package acm - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/acm/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfACMInUse(checkConfig yatas.CheckConfig, certificates []types.CertificateDetail, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ACM certificates are used", "Check if certificate is in use", testName) - for _, certificate := range certificates { - if len(certificate.InUseBy) > 0 { - Message := "Certificate " + *certificate.CertificateArn + " is in use" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *certificate.CertificateArn} - check.AddResult(result) - } else { - Message := "Certificate " + *certificate.CertificateArn + " is not in use" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *certificate.CertificateArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/acm/acmInUse_test.go b/plugins/aws/acm/acmInUse_test.go deleted file mode 100644 index e393b5c..0000000 --- a/plugins/aws/acm/acmInUse_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package acm - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/acm/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfACMInUse(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - certificates []types.CertificateDetail - testName string - } - tests := []struct { - name string - args args - want string - }{ - { - name: "Check if all ACM certificates are in use", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - certificates: []types.CertificateDetail{ - { - CertificateArn: aws.String("arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"), - Status: types.CertificateStatusIssued, - InUseBy: []string{"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"}, - }, - }, - testName: "Check if all ACM certificates are in use", - }, - want: "OK", - }, - { - name: "Check if all ACM certificates are in use", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - certificates: []types.CertificateDetail{ - { - CertificateArn: aws.String("arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"), - Status: types.CertificateStatusIssued, - InUseBy: nil, - }, - }, - testName: "Check if all ACM certificates are in use", - }, - want: "FAIL", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfACMInUse(tt.args.checkConfig, tt.args.certificates, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != tt.want { - t.Errorf("CheckIfACMInUse() = %v, want %v", check.Status, tt.want) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/acm/acmIsValid.go b/plugins/aws/acm/acmIsValid.go deleted file mode 100644 index 77cb3ad..0000000 --- a/plugins/aws/acm/acmIsValid.go +++ /dev/null @@ -1,27 +0,0 @@ -package acm - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/acm/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfACMValid(checkConfig yatas.CheckConfig, certificates []types.CertificateDetail, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ACM certificates are valid", "Check if certificate is valid", testName) - for _, certificate := range certificates { - if certificate.Status == types.CertificateStatusIssued || certificate.Status == types.CertificateStatusInactive { - Message := "Certificate " + *certificate.CertificateArn + " is valid" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *certificate.CertificateArn} - check.AddResult(result) - } else { - Message := "Certificate " + *certificate.CertificateArn + " is not valid" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *certificate.CertificateArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/acm/acmIsValid_test.go b/plugins/aws/acm/acmIsValid_test.go deleted file mode 100644 index 6c1ea11..0000000 --- a/plugins/aws/acm/acmIsValid_test.go +++ /dev/null @@ -1,67 +0,0 @@ -package acm - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/acm/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfACMValid(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - certificates []types.CertificateDetail - testName string - } - tests := []struct { - name string - args args - want string - }{ - { - name: "Check if all ACM certificates are valid", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - certificates: []types.CertificateDetail{ - { - CertificateArn: aws.String("arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"), - Status: types.CertificateStatusIssued, - }, - }, - testName: "Check if all ACM certificates are valid", - }, - want: "OK", - }, - { - name: "Check if all ACM certificates are not valid", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - certificates: []types.CertificateDetail{ - { - CertificateArn: aws.String("arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"), - Status: types.CertificateStatusPendingValidation, - }, - }, - testName: "Check if all ACM certificates are not valid", - }, - want: "FAIL", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfACMValid(tt.args.checkConfig, tt.args.certificates, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != tt.want { - t.Errorf("CheckIfACMValid() = %v, want %v", check.Status, tt.want) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/acm/getter.go b/plugins/aws/acm/getter.go deleted file mode 100644 index 255f611..0000000 --- a/plugins/aws/acm/getter.go +++ /dev/null @@ -1,52 +0,0 @@ -package acm - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/service/acm" - "github.com/aws/aws-sdk-go-v2/service/acm/types" -) - -type ACMGetObjectAPI interface { - ListCertificates(ctx context.Context, params *acm.ListCertificatesInput, optFns ...func(*acm.Options)) (*acm.ListCertificatesOutput, error) - DescribeCertificate(ctx context.Context, params *acm.DescribeCertificateInput, optFns ...func(*acm.Options)) (*acm.DescribeCertificateOutput, error) -} - -func GetCertificates(svc ACMGetObjectAPI) []types.CertificateDetail { - input := &acm.ListCertificatesInput{} - result, err := svc.ListCertificates(context.TODO(), input) - if err != nil { - panic(err) - } - var certificatesArn []*string - var certificates []types.CertificateDetail - for _, r := range result.CertificateSummaryList { - certificatesArn = append(certificatesArn, r.CertificateArn) - } - for { - if result.NextToken == nil { - break - } - input.NextToken = result.NextToken - result, err = svc.ListCertificates(context.TODO(), input) - if err != nil { - panic(err) - } - for _, r := range result.CertificateSummaryList { - certificatesArn = append(certificatesArn, r.CertificateArn) - } - } - - for _, c := range certificatesArn { - input := &acm.DescribeCertificateInput{ - CertificateArn: c, - } - result, err := svc.DescribeCertificate(context.TODO(), input) - if err != nil { - panic(err) - } - certificates = append(certificates, *result.Certificate) - } - return certificates - -} diff --git a/plugins/aws/acm/getter_test.go b/plugins/aws/acm/getter_test.go deleted file mode 100644 index e42deb4..0000000 --- a/plugins/aws/acm/getter_test.go +++ /dev/null @@ -1,63 +0,0 @@ -package acm - -import ( - "context" - "reflect" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/acm" - "github.com/aws/aws-sdk-go-v2/service/acm/types" -) - -type mockACMApi func() - -func (a mockACMApi) ListCertificates(ctx context.Context, params *acm.ListCertificatesInput, optFns ...func(*acm.Options)) (*acm.ListCertificatesOutput, error) { - return &acm.ListCertificatesOutput{ - CertificateSummaryList: []types.CertificateSummary{ - { - CertificateArn: aws.String("arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"), - }, - }, - }, nil - -} -func (a mockACMApi) DescribeCertificate(ctx context.Context, params *acm.DescribeCertificateInput, optFns ...func(*acm.Options)) (*acm.DescribeCertificateOutput, error) { - return &acm.DescribeCertificateOutput{ - Certificate: &types.CertificateDetail{ - CertificateArn: aws.String("arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"), - Status: types.CertificateStatusExpired, - }, - }, nil -} - -func TestGetCertificates(t *testing.T) { - type args struct { - svc ACMGetObjectAPI - } - tests := []struct { - name string - args args - want []types.CertificateDetail - }{ - { - name: "test", - args: args{ - svc: mockACMApi(func() {}), - }, - want: []types.CertificateDetail{ - { - CertificateArn: aws.String("arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"), - Status: types.CertificateStatusExpired, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetCertificates(tt.args.svc); !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetCertificates() = %v, want %v", got, tt.want) - } - }) - } -} diff --git a/plugins/aws/apigateway/apiStagesCloudwatchLogs.go b/plugins/aws/apigateway/apiStagesCloudwatchLogs.go deleted file mode 100644 index a01d6fd..0000000 --- a/plugins/aws/apigateway/apiStagesCloudwatchLogs.go +++ /dev/null @@ -1,29 +0,0 @@ -package apigateway - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/apigateway/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfStagesCloudwatchLogsExist(checkConfig yatas.CheckConfig, stages map[string][]types.Stage, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ApiGateways logs are sent to Cloudwatch", "Check if all cloudwatch logs are enabled for all stages", testName) - for apigateway, id := range stages { - for _, stage := range id { - if stage.AccessLogSettings != nil && stage.AccessLogSettings.DestinationArn != nil { - Message := "Cloudwatch logs are enabled on stage " + *stage.StageName + " of ApiGateway " + apigateway - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *stage.StageName} - check.AddResult(result) - } else { - Message := "Cloudwatch logs are not enabled on " + *stage.StageName + " of ApiGateway " + apigateway - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *stage.StageName} - check.AddResult(result) - } - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/apigateway/apiStagesCloudwatchLogs_test.go b/plugins/aws/apigateway/apiStagesCloudwatchLogs_test.go deleted file mode 100644 index 8599507..0000000 --- a/plugins/aws/apigateway/apiStagesCloudwatchLogs_test.go +++ /dev/null @@ -1,106 +0,0 @@ -package apigateway - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/apigateway/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfStagesCloudwatchLogsExist(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - stages map[string][]types.Stage - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test if stages are have cloudwatch logs enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - stages: map[string][]types.Stage{ - "test-api": { - { - AccessLogSettings: &types.AccessLogSettings{ - DestinationArn: aws.String("arn:aws:logs:us-east-1:123456789012:log-group:apigateway-access-logs:log-stream:test-api-stages-cloudwatch-logs"), - }, - StageName: aws.String("test-stage"), - }, - }, - }, - testName: "test-name", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfStagesCloudwatchLogsExist(tt.args.checkConfig, tt.args.stages, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Id != tt.args.testName { - t.Errorf("Check name is not equal to test name") - } - if check.Status != "OK" { - t.Errorf("Check status is not equal to OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfStagesCloudwatchLogsExistFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - stages map[string][]types.Stage - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test if stages are have cloudwatch logs enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - stages: map[string][]types.Stage{ - "test-api": { - { - StageName: aws.String("test-stage"), - }, - }, - }, - testName: "test-name", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfStagesCloudwatchLogsExist(tt.args.checkConfig, tt.args.stages, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("Check status is not equal to FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/apigateway/apiStagesProtectedAcl.go b/plugins/aws/apigateway/apiStagesProtectedAcl.go deleted file mode 100644 index ee205c5..0000000 --- a/plugins/aws/apigateway/apiStagesProtectedAcl.go +++ /dev/null @@ -1,29 +0,0 @@ -package apigateway - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/apigateway/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfStagesProtectedByAcl(checkConfig yatas.CheckConfig, stages map[string][]types.Stage, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ApiGateways are protected by an ACL", "Check if all stages are protected by ACL", testName) - for apigateway, id := range stages { - for _, stage := range id { - if stage.WebAclArn != nil && *stage.WebAclArn != "" { - Message := "Stage " + *stage.StageName + " is protected by ACL" + " of ApiGateway " + apigateway - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *stage.StageName} - check.AddResult(result) - } else { - Message := "Stage " + *stage.StageName + " is not protected by ACL" + " of ApiGateway " + apigateway - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *stage.StageName} - check.AddResult(result) - } - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/apigateway/apiStagesProtectedAcl_test.go b/plugins/aws/apigateway/apiStagesProtectedAcl_test.go deleted file mode 100644 index e9d3cea..0000000 --- a/plugins/aws/apigateway/apiStagesProtectedAcl_test.go +++ /dev/null @@ -1,104 +0,0 @@ -package apigateway - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/apigateway/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfStagesProtectedByAcl(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - stages map[string][]types.Stage - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test if stages are have protected by ACL", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - stages: map[string][]types.Stage{ - "test-api": {{ - StageName: aws.String("test-stage"), - WebAclArn: aws.String("arn:aws:execute-api:us-east-1:123456789012:test-api/test-stage/GET/test-path"), - }}, - }, - testName: "test-name", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfStagesProtectedByAcl(tt.args.checkConfig, tt.args.stages, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Id != tt.args.testName { - t.Errorf("Check name is not equal to test name") - } - if check.Status != "OK" { - t.Errorf("Check status is not equal to OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfStagesProtectedByAclFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - stages map[string][]types.Stage - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test if stages are have protected by ACL", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - stages: map[string][]types.Stage{ - "test-api": {{ - AccessLogSettings: &types.AccessLogSettings{ - DestinationArn: aws.String("arn:aws:logs:us-east-1:123456789012:log-group:apigateway-access-logs:log-stream:test-api-stages-cloudwatch-logs"), - }, - StageName: aws.String("test-stage"), - }, - }, - }, - testName: "test-name", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfStagesProtectedByAcl(tt.args.checkConfig, tt.args.stages, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("Check status is not equal to FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/apigateway/apigateway.go b/plugins/aws/apigateway/apigateway.go deleted file mode 100644 index 878e385..0000000 --- a/plugins/aws/apigateway/apigateway.go +++ /dev/null @@ -1,38 +0,0 @@ -package apigateway - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/apigateway" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - svc := apigateway.NewFromConfig(s) - apis := GetApiGateways(svc) - stages := GetAllStagesApiGateway(svc, apis) - go yatas.CheckTest(checkConfig.Wg, c, "AWS_APG_001", CheckIfStagesCloudwatchLogsExist)(checkConfig, stages, "AWS_APG_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_APG_002", CheckIfStagesProtectedByAcl)(checkConfig, stages, "AWS_APG_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_APG_003", CheckIfTracingEnabled)(checkConfig, stages, "AWS_APG_003") - - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/apigateway/apigatewayTracing.go b/plugins/aws/apigateway/apigatewayTracing.go deleted file mode 100644 index 89b5a62..0000000 --- a/plugins/aws/apigateway/apigatewayTracing.go +++ /dev/null @@ -1,29 +0,0 @@ -package apigateway - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/apigateway/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfTracingEnabled(checkConfig yatas.CheckConfig, stages map[string][]types.Stage, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ApiGateways have tracing enabled", "Check if all stages are enabled for tracing", testName) - for apigateway, id := range stages { - for _, stage := range id { - if stage.TracingEnabled { - Message := "Tracing is enabled on stage" + *stage.StageName + " of ApiGateway " + apigateway - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *stage.StageName} - check.AddResult(result) - } else { - Message := "Tracing is not enabled on " + *stage.StageName + " of ApiGateway " + apigateway - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *stage.StageName} - check.AddResult(result) - } - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/apigateway/apigatewayTracing_test.go b/plugins/aws/apigateway/apigatewayTracing_test.go deleted file mode 100644 index 9cc4837..0000000 --- a/plugins/aws/apigateway/apigatewayTracing_test.go +++ /dev/null @@ -1,56 +0,0 @@ -package apigateway - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/apigateway/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfTracingEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - stages map[string][]types.Stage - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if all stages are tracing enabled", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - stages: map[string][]types.Stage{ - "test-api": { - { - TracingEnabled: true, - StageName: aws.String("test"), - }, - }, - }, - testName: "CheckIfTracingEnabled", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfTracingEnabled(tt.args.checkConfig, tt.args.stages, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if len(check.Results) != len(tt.args.stages) { - t.Errorf("CheckIfTracingEnabled() = %v, want %v", len(check.Results), len(tt.args.stages)) - } - if check.Status != "OK" { - t.Errorf("CheckIfTracingEnabled() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/apigateway/getter.go b/plugins/aws/apigateway/getter.go deleted file mode 100644 index 042f2a1..0000000 --- a/plugins/aws/apigateway/getter.go +++ /dev/null @@ -1,78 +0,0 @@ -package apigateway - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/service/apigateway" - "github.com/aws/aws-sdk-go-v2/service/apigateway/types" -) - -type APIGatewayGetObjectAPI interface { - GetRestApis(ctx context.Context, params *apigateway.GetRestApisInput, optFns ...func(*apigateway.Options)) (*apigateway.GetRestApisOutput, error) - GetResources(ctx context.Context, params *apigateway.GetResourcesInput, optFns ...func(*apigateway.Options)) (*apigateway.GetResourcesOutput, error) - GetStages(ctx context.Context, params *apigateway.GetStagesInput, optFns ...func(*apigateway.Options)) (*apigateway.GetStagesOutput, error) -} - -func GetApiGateways(svc APIGatewayGetObjectAPI) []types.RestApi { - input := &apigateway.GetRestApisInput{} - var apis []types.RestApi - result, err := svc.GetRestApis(context.TODO(), input) - apis = append(apis, result.Items...) - if err != nil { - return nil - } - for { - if result.Position == nil { - break - } - input.Position = result.Position - result, err = svc.GetRestApis(context.TODO(), input) - if err != nil { - return nil - } - apis = append(apis, result.Items...) - } - - return apis -} - -func GetAllResourcesApiGateway(svc APIGatewayGetObjectAPI, apiId string) []types.Resource { - input := &apigateway.GetResourcesInput{ - RestApiId: &apiId, - } - var resources []types.Resource - result, err := svc.GetResources(context.TODO(), input) - resources = append(resources, result.Items...) - if err != nil { - return nil - } - - for { - if result.Position == nil { - break - } - input.Position = result.Position - result, err = svc.GetResources(context.TODO(), input) - if err != nil { - return nil - } - resources = append(resources, result.Items...) - } - return resources -} - -func GetAllStagesApiGateway(svc APIGatewayGetObjectAPI, apis []types.RestApi) map[string][]types.Stage { - stages := make(map[string][]types.Stage) - for _, api := range apis { - input := &apigateway.GetStagesInput{ - RestApiId: api.Id, - } - result, err := svc.GetStages(context.TODO(), input) - if err != nil { - return nil - } - stages[*api.Id] = result.Item - - } - return stages -} diff --git a/plugins/aws/apigateway/getter_test.go b/plugins/aws/apigateway/getter_test.go deleted file mode 100644 index 2f9b72b..0000000 --- a/plugins/aws/apigateway/getter_test.go +++ /dev/null @@ -1,175 +0,0 @@ -package apigateway - -import ( - "context" - "reflect" - "testing" - "time" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/apigateway" - "github.com/aws/aws-sdk-go-v2/service/apigateway/types" -) - -type mockGetApiGateways func() - -func (m mockGetApiGateways) GetRestApis(ctx context.Context, input *apigateway.GetRestApisInput, optFns ...func(*apigateway.Options)) (*apigateway.GetRestApisOutput, error) { - // Return an empty list of API Gateway instances - timeTest, _ := time.Parse("2006-01-02T15:04:05Z", "2019-01-01T00:00:00Z") - return &apigateway.GetRestApisOutput{ - Items: []types.RestApi{ - { - Id: aws.String("id"), - CreatedDate: aws.Time(timeTest), - Name: aws.String("name"), - MinimumCompressionSize: aws.Int32(0), - Version: aws.String("version"), - }, - }, - }, nil -} - -func (m mockGetApiGateways) GetResources(ctx context.Context, input *apigateway.GetResourcesInput, optFns ...func(*apigateway.Options)) (*apigateway.GetResourcesOutput, error) { - // Return an empty list of API Gateway resources - return &apigateway.GetResourcesOutput{ - Items: []types.Resource{ - { - Path: aws.String("path"), - Id: aws.String("id"), - ParentId: aws.String("parentId"), - }, - }, - }, nil -} - -func (m mockGetApiGateways) GetStages(ctx context.Context, input *apigateway.GetStagesInput, optFns ...func(*apigateway.Options)) (*apigateway.GetStagesOutput, error) { - // Return an empty list of API Gateway stages - return &apigateway.GetStagesOutput{ - Item: []types.Stage{ - { - DeploymentId: aws.String("deploymentId"), - AccessLogSettings: &types.AccessLogSettings{ - DestinationArn: aws.String("destinationArn"), - Format: aws.String("format"), - }, - TracingEnabled: true, - WebAclArn: aws.String("webAclArn"), - }, - }, - }, nil -} - -func TestGetApiGateways(t *testing.T) { - type args struct { - svc APIGatewayGetObjectAPI - } - - timeTest, _ := time.Parse("2006-01-02T15:04:05Z", "2019-01-01T00:00:00Z") - tests := []struct { - name string - args args - want []types.RestApi - }{ - { - name: "Empty list of API Gateway instances", - args: args{ - svc: mockGetApiGateways(nil), - }, - want: []types.RestApi{ - { - Id: aws.String("id"), - CreatedDate: aws.Time(timeTest), - Name: aws.String("name"), - MinimumCompressionSize: aws.Int32(0), - Version: aws.String("version"), - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetApiGateways(tt.args.svc); !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetApiGateways() = %v, want %v", got, tt.want) - } - }) - } -} - -func TestGetAllResourcesApiGateway(t *testing.T) { - type args struct { - svc APIGatewayGetObjectAPI - apiId string - } - tests := []struct { - name string - args args - want []types.Resource - }{ - { - name: "Empty list of API Gateway resources", - args: args{ - svc: mockGetApiGateways(nil), - apiId: "", - }, - want: []types.Resource{ - { - Path: aws.String("path"), - Id: aws.String("id"), - ParentId: aws.String("parentId"), - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetAllResourcesApiGateway(tt.args.svc, tt.args.apiId); !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetAllResourcesApiGateway() = %v, want %v", got, tt.want) - } - }) - } -} - -func TestGetAllStagesApiGateway(t *testing.T) { - type args struct { - svc APIGatewayGetObjectAPI - apis []types.RestApi - } - tests := []struct { - name string - args args - want map[string][]types.Stage - }{ - { - name: "Empty list of API Gateway stages", - args: args{ - svc: mockGetApiGateways(nil), - apis: []types.RestApi{ - { - Id: aws.String("test"), - }, - }, - }, - want: map[string][]types.Stage{ - "test": { - - { - DeploymentId: aws.String("deploymentId"), - AccessLogSettings: &types.AccessLogSettings{ - DestinationArn: aws.String("destinationArn"), - Format: aws.String("format"), - }, - TracingEnabled: true, - WebAclArn: aws.String("webAclArn"), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetAllStagesApiGateway(tt.args.svc, tt.args.apis); !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetAllStagesApiGateway() = %+v, want %+v", got, tt.want) - } - }) - } -} diff --git a/plugins/aws/auth.go b/plugins/aws/auth.go deleted file mode 100644 index 9020d79..0000000 --- a/plugins/aws/auth.go +++ /dev/null @@ -1,102 +0,0 @@ -package aws - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/aws/retry" - "github.com/aws/aws-sdk-go-v2/config" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -// Create a new session that the SDK will use to load -// credentials from. With either SSO or credentials -func initAuth(a yatas.AWS_Account) aws.Config { - - s := initSession(a) - return s - -} - -// Create a new session that the SDK will use to load -// credentials from credentials -func createSessionWithCredentials(c yatas.AWS_Account) aws.Config { - - if c.Profile == "" { - s, err := config.LoadDefaultConfig(context.TODO(), - config.WithRegion(c.Region), - config.WithRetryer(func() aws.Retryer { - return retry.AddWithMaxAttempts(retry.NewStandard(), 10) - }), - config.WithRetryMode(aws.RetryMode(aws.RetryModeAdaptive)), - ) - if err != nil { - panic(err) - } - return s - } else { - s, err := config.LoadDefaultConfig(context.TODO(), - config.WithRegion(c.Region), - config.WithSharedConfigProfile(c.Profile), - config.WithRetryer(func() aws.Retryer { - return retry.AddWithMaxAttempts(retry.NewStandard(), 10) - }), - config.WithRetryMode(aws.RetryMode(aws.RetryModeAdaptive)), - ) - if err != nil { - panic(err) - } - return s - } - -} - -// Create a new session that the SDK will use to load -// credentials from the shared credentials file. -// Usefull for SSO -func createSessionWithSSO(c yatas.AWS_Account) aws.Config { - - if c.Profile == "" { - s, err := config.LoadDefaultConfig(context.Background(), - config.WithRegion(c.Region), - config.WithRetryer(func() aws.Retryer { - return retry.AddWithMaxAttempts(retry.NewStandard(), 10) - }), - config.WithRetryMode(aws.RetryMode(aws.RetryModeAdaptive)), - ) - if err != nil { - panic(err) - } - return s - } else { - s, err := config.LoadDefaultConfig(context.Background(), - config.WithRegion(c.Region), - config.WithSharedConfigProfile(c.Profile), - config.WithRetryer(func() aws.Retryer { - return retry.AddWithMaxAttempts(retry.NewStandard(), 10) - }), - config.WithRetryMode(aws.RetryMode(aws.RetryModeAdaptive)), - ) - if err != nil { - panic(err) - } - return s - - } - -} - -// Create a new session that the SDK will use to load -// credentials from. With either SSO or credentials -func initSession(c yatas.AWS_Account) aws.Config { - - if c.SSO { - logger.Debug("Using AWS SSO") - return createSessionWithSSO(c) - } else { - logger.Debug("Using AWS credentials") - return createSessionWithCredentials(c) - } -} diff --git a/plugins/aws/autoscaling/autoscaling.go b/plugins/aws/autoscaling/autoscaling.go deleted file mode 100644 index ea11dd6..0000000 --- a/plugins/aws/autoscaling/autoscaling.go +++ /dev/null @@ -1,37 +0,0 @@ -package autoscaling - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/autoscaling" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - svc := autoscaling.NewFromConfig(s) - groups := GetAutoscalingGroups(svc) - - go yatas.CheckTest(checkConfig.Wg, c, "AWS_ASG_001", CheckIfDesiredCapacityMaxCapacityBelow80percent)(checkConfig, groups, "AWS_ASG_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_ASG_002", CheckIfInTwoAvailibilityZones)(checkConfig, groups, "AWS_ASG_002") - - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/autoscaling/autoscalingAvailibityZones.go b/plugins/aws/autoscaling/autoscalingAvailibityZones.go deleted file mode 100644 index 980ada1..0000000 --- a/plugins/aws/autoscaling/autoscalingAvailibityZones.go +++ /dev/null @@ -1,27 +0,0 @@ -package autoscaling - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/autoscaling/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfInTwoAvailibilityZones(checkConfig yatas.CheckConfig, groups []types.AutoScalingGroup, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Autoscaling group are in two availability zones", "Check if all autoscaling groups have at least two availability zones", testName) - for _, group := range groups { - if len(group.AvailabilityZones) < 2 { - Message := "Autoscaling group " + *group.AutoScalingGroupName + " has less than two availability zones" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *group.AutoScalingGroupName} - check.AddResult(result) - } else { - Message := "Autoscaling group " + *group.AutoScalingGroupName + " has two availability zones" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *group.AutoScalingGroupName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/autoscaling/autoscalingAvailibityZones_test.go b/plugins/aws/autoscaling/autoscalingAvailibityZones_test.go deleted file mode 100644 index 7857fd3..0000000 --- a/plugins/aws/autoscaling/autoscalingAvailibityZones_test.go +++ /dev/null @@ -1,91 +0,0 @@ -package autoscaling - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/autoscaling/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfInTwoAvailibilityZones(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - groups []types.AutoScalingGroup - testName string - } - tests := []struct { - name string - args args - want string - }{ - { - name: "TestCheckIfInTwoAvailibilityZones", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - groups: []types.AutoScalingGroup{}, - testName: "AWS_ASG_001", - }, - want: "OK", - }, - { - name: "TestCheckIfInTwoAvailibilityZones", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - groups: []types.AutoScalingGroup{ - { - AvailabilityZones: []string{"us-east-1a", "us-east-1b"}, - AutoScalingGroupName: aws.String("test"), - }, - }, - testName: "AWS_ASG_001", - }, - want: "OK", - }, - { - name: "TestCheckIfInTwoAvailibilityZones", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - groups: []types.AutoScalingGroup{ - { - AvailabilityZones: []string{"us-east-1b"}, - AutoScalingGroupName: aws.String("test"), - }, - }, - testName: "AWS_ASG_001", - }, - want: "FAIL", - }, - { - name: "TestCheckIfInTwoAvailibilityZones", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - groups: []types.AutoScalingGroup{ - { - AvailabilityZones: []string{"us-east-1a", "us-east-1b", "us-east-1c"}, - AutoScalingGroupName: aws.String("test"), - }, - }, - testName: "AWS_ASG_001", - }, - want: "OK", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfInTwoAvailibilityZones(tt.args.checkConfig, tt.args.groups, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - t.Logf("%+v", check) - if check.Status != tt.want { - t.Errorf("CheckIfInTwoAvailibilityZones() = %v, want %v", check.Status, tt.want) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/autoscaling/autoscalingdesiredmaxcapacity.go b/plugins/aws/autoscaling/autoscalingdesiredmaxcapacity.go deleted file mode 100644 index 1aa0375..0000000 --- a/plugins/aws/autoscaling/autoscalingdesiredmaxcapacity.go +++ /dev/null @@ -1,27 +0,0 @@ -package autoscaling - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/autoscaling/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfDesiredCapacityMaxCapacityBelow80percent(checkConfig yatas.CheckConfig, groups []types.AutoScalingGroup, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Autoscaling maximum capacity is below 80%", "Check if all autoscaling groups have a desired capacity below 80%", testName) - for _, group := range groups { - if group.DesiredCapacity != nil && group.MaxSize != nil && float64(*group.DesiredCapacity) > float64(*group.MaxSize)*0.8 { - Message := "Autoscaling group " + *group.AutoScalingGroupName + " has a desired capacity above 80%" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *group.AutoScalingGroupName} - check.AddResult(result) - } else { - Message := "Autoscaling group " + *group.AutoScalingGroupName + " has a desired capacity below 80%" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *group.AutoScalingGroupName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/autoscaling/autoscalingdesiredmaxcapacity_test.go b/plugins/aws/autoscaling/autoscalingdesiredmaxcapacity_test.go deleted file mode 100644 index 8be43f8..0000000 --- a/plugins/aws/autoscaling/autoscalingdesiredmaxcapacity_test.go +++ /dev/null @@ -1,131 +0,0 @@ -package autoscaling - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/autoscaling/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfDesiredCapacityMaxCapacityBelow80percent(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - groups []types.AutoScalingGroup - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfDesiredCapacityMaxCapacityBelow80percent", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - groups: []types.AutoScalingGroup{ - { - DesiredCapacity: aws.Int32(1), - MaxSize: aws.Int32(2), - AutoScalingGroupName: aws.String("test"), - }, - }, - testName: "AWS_ASG_001", - }, - }, - { - name: "TestCheckIfDesiredCapacityMaxCapacityBelow80percent", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - groups: []types.AutoScalingGroup{ - { - DesiredCapacity: aws.Int32(8), - MaxSize: aws.Int32(12), - AutoScalingGroupName: aws.String("test"), - }, - }, - testName: "AWS_ASG_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfDesiredCapacityMaxCapacityBelow80percent(tt.args.checkConfig, tt.args.groups, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfDesiredCapacityMaxCapacityBelow80percent() = %v", t) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfDesiredCapacityMaxCapacityBelow80percentFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - groups []types.AutoScalingGroup - testName string - } - mockAutoScaling := mockAutoScaling(nil) - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfDesiredCapacityMaxCapacityBelow80percent", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - groups: []types.AutoScalingGroup{ - { - DesiredCapacity: aws.Int32(2), - MaxSize: aws.Int32(2), - AutoScalingGroupName: aws.String("test"), - }, - }, - testName: "AWS_ASG_001", - }, - }, - { - name: "TestCheckIfDesiredCapacityMaxCapacityBelow80percent", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - groups: []types.AutoScalingGroup{ - { - DesiredCapacity: aws.Int32(10), - MaxSize: aws.Int32(12), - AutoScalingGroupName: aws.String("test"), - }, - }, - testName: "AWS_ASG_001", - }, - }, - { - name: "TestCheckIfDesiredCapacityMaxCapacityBelow80percent", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - groups: GetAutoscalingGroups(mockAutoScaling), - testName: "AWS_ASG_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfDesiredCapacityMaxCapacityBelow80percent(tt.args.checkConfig, tt.args.groups, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfDesiredCapacityMaxCapacityBelow80percent() = %v", t) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/autoscaling/getter.go b/plugins/aws/autoscaling/getter.go deleted file mode 100644 index df00be8..0000000 --- a/plugins/aws/autoscaling/getter.go +++ /dev/null @@ -1,34 +0,0 @@ -package autoscaling - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/service/autoscaling" - "github.com/aws/aws-sdk-go-v2/service/autoscaling/types" -) - -type AutoscalingGroupApi interface { - DescribeAutoScalingGroups(ctx context.Context, params *autoscaling.DescribeAutoScalingGroupsInput, optFns ...func(*autoscaling.Options)) (*autoscaling.DescribeAutoScalingGroupsOutput, error) -} - -func GetAutoscalingGroups(svc AutoscalingGroupApi) []types.AutoScalingGroup { - input := &autoscaling.DescribeAutoScalingGroupsInput{} - var groups []types.AutoScalingGroup - result, err := svc.DescribeAutoScalingGroups(context.TODO(), input) - groups = append(groups, result.AutoScalingGroups...) - if err != nil { - return nil - } - for { - if result.NextToken == nil { - break - } - input.NextToken = result.NextToken - result, err = svc.DescribeAutoScalingGroups(context.TODO(), input) - if err != nil { - return nil - } - groups = append(groups, result.AutoScalingGroups...) - } - return groups -} diff --git a/plugins/aws/autoscaling/getter_test.go b/plugins/aws/autoscaling/getter_test.go deleted file mode 100644 index 96c1079..0000000 --- a/plugins/aws/autoscaling/getter_test.go +++ /dev/null @@ -1,67 +0,0 @@ -package autoscaling - -import ( - "context" - "reflect" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/autoscaling" - "github.com/aws/aws-sdk-go-v2/service/autoscaling/types" -) - -type mockAutoScaling func() - -func (m mockAutoScaling) DescribeAutoScalingGroups(ctx context.Context, params *autoscaling.DescribeAutoScalingGroupsInput, optFns ...func(*autoscaling.Options)) (*autoscaling.DescribeAutoScalingGroupsOutput, error) { - return &autoscaling.DescribeAutoScalingGroupsOutput{ - AutoScalingGroups: []types.AutoScalingGroup{ - { - AutoScalingGroupName: aws.String("123"), - DefaultCooldown: aws.Int32(123), - DesiredCapacity: aws.Int32(123), - HealthCheckType: aws.String("123"), - LaunchConfigurationName: aws.String("123"), - MaxSize: aws.Int32(123), - MinSize: aws.Int32(123), - VPCZoneIdentifier: aws.String("123"), - }, - }, - }, nil -} - -func TestGetAutoscalingGroups(t *testing.T) { - type args struct { - svc AutoscalingGroupApi - } - tests := []struct { - name string - args args - want []types.AutoScalingGroup - }{ - { - name: "One autoscaling group", - args: args{ - svc: mockAutoScaling(nil), - }, - want: []types.AutoScalingGroup{ - { - AutoScalingGroupName: aws.String("123"), - DefaultCooldown: aws.Int32(123), - DesiredCapacity: aws.Int32(123), - HealthCheckType: aws.String("123"), - LaunchConfigurationName: aws.String("123"), - MaxSize: aws.Int32(123), - MinSize: aws.Int32(123), - VPCZoneIdentifier: aws.String("123"), - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetAutoscalingGroups(tt.args.svc); !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetAutoscalingGroups() = %v, want %v", got, tt.want) - } - }) - } -} diff --git a/plugins/aws/aws.go b/plugins/aws/aws.go deleted file mode 100644 index 39f2725..0000000 --- a/plugins/aws/aws.go +++ /dev/null @@ -1,105 +0,0 @@ -package aws - -import ( - "sync" - "time" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" - "github.com/stangirard/yatas/plugins/aws/acm" - "github.com/stangirard/yatas/plugins/aws/apigateway" - "github.com/stangirard/yatas/plugins/aws/autoscaling" - "github.com/stangirard/yatas/plugins/aws/cloudfront" - "github.com/stangirard/yatas/plugins/aws/cloudtrail" - "github.com/stangirard/yatas/plugins/aws/dynamodb" - "github.com/stangirard/yatas/plugins/aws/ec2" - "github.com/stangirard/yatas/plugins/aws/ecr" - "github.com/stangirard/yatas/plugins/aws/eks" - "github.com/stangirard/yatas/plugins/aws/guardduty" - "github.com/stangirard/yatas/plugins/aws/iam" - "github.com/stangirard/yatas/plugins/aws/lambda" - "github.com/stangirard/yatas/plugins/aws/loadbalancers" - "github.com/stangirard/yatas/plugins/aws/rds" - "github.com/stangirard/yatas/plugins/aws/s3" - "github.com/stangirard/yatas/plugins/aws/volumes" - "github.com/stangirard/yatas/plugins/aws/vpc" -) - -// Public Functin used to run the AWS tests -func Run(c *yatas.Config) ([]yatas.Tests, error) { - logger.Info("Launching AWS checks") - if c.Progress != nil { - c.AddBar("AWS Accounts : ", "AWS", len(c.AWS), 2, c.Progress) - } - var wg sync.WaitGroup - var queue = make(chan yatas.Tests, 10) - var checks []yatas.Tests - wg.Add(len(c.AWS)) - for _, account := range c.AWS { - go runTestsForAccount(account, c, queue) - } - go func() { - for t := range queue { - checks = append(checks, t) - if c.Progress != nil { - c.PluginsProgress["AWS"].Bar.Increment() - } - wg.Done() - } - }() - wg.Wait() - - return checks, nil -} - -// For each account we run the tests. We use a queue to store the results and a waitgroup to wait for all the tests to be done. This allows to run all tests asynchronously. -func runTestsForAccount(account yatas.AWS_Account, c *yatas.Config, queue chan yatas.Tests) { - s := initAuth(account) - checks := initTest(s, c, account) - queue <- checks -} - -// Main function that launched all the test for a given account. If a new category is added, it needs to be added here. -func initTest(s aws.Config, c *yatas.Config, a yatas.AWS_Account) yatas.Tests { - - var checks yatas.Tests - checks.Account = a.Name - var wg sync.WaitGroup - queue := make(chan []yatas.Check, 100) - go yatas.CheckMacroTest(&wg, c, acm.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, s3.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, volumes.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, rds.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, vpc.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, cloudtrail.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, ecr.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, lambda.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, dynamodb.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, ec2.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, cloudfront.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, apigateway.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, autoscaling.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, loadbalancers.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, guardduty.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, iam.RunChecks)(&wg, s, c, queue) - go yatas.CheckMacroTest(&wg, c, eks.RunChecks)(&wg, s, c, queue) - - go func() { - for t := range queue { - - checks.Checks = append(checks.Checks, t...) - if c.ServiceProgress.Bar != nil { - c.ServiceProgress.Bar.Increment() - time.Sleep(time.Millisecond * 10) - } - wg.Done() - - } - }() - wg.Wait() - - logger.Info("AWS checks completed ✅") - - return checks -} diff --git a/plugins/aws/cloudfront/cloudfront.go b/plugins/aws/cloudfront/cloudfront.go deleted file mode 100644 index 3d95684..0000000 --- a/plugins/aws/cloudfront/cloudfront.go +++ /dev/null @@ -1,41 +0,0 @@ -package cloudfront - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudfront" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - svc := cloudfront.NewFromConfig(s) - d := GetAllCloudfront(svc) - s2c := GetAllDistributionConfig(svc, d) - go yatas.CheckTest(checkConfig.Wg, c, "AWS_CFT_001", CheckIfCloudfrontTLS1_2Minimum)(checkConfig, d, "AWS_CFT_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_CFT_002", CheckIfHTTPSOnly)(checkConfig, d, "AWS_CFT_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_CFT_003", CheckIfStandardLogginEnabled)(checkConfig, s2c, "AWS_CFT_003") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_CFT_004", CheckIfCookieLogginEnabled)(checkConfig, s2c, "AWS_CFT_004") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_CFT_005", CheckIfACLUsed)(checkConfig, s2c, "AWS_CFT_005") - - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/cloudfront/cloudfrontACLUsed.go b/plugins/aws/cloudfront/cloudfrontACLUsed.go deleted file mode 100644 index cf32cdb..0000000 --- a/plugins/aws/cloudfront/cloudfrontACLUsed.go +++ /dev/null @@ -1,27 +0,0 @@ -package cloudfront - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfACLUsed(checkConfig yatas.CheckConfig, d []SummaryToConfig, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Cloudfronts are protected by an ACL", "Check if all cloudfront distributions have an ACL used", testName) - for _, cc := range d { - - if cc.config.WebACLId != nil && *cc.config.WebACLId != "" { - Message := "ACL is used on " + *cc.summary.Id - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cc.summary.Id} - check.AddResult(result) - } else { - Message := "ACL is not used on " + *cc.summary.Id - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cc.summary.Id} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/cloudfront/cloudfrontACLUsed_test.go b/plugins/aws/cloudfront/cloudfrontACLUsed_test.go deleted file mode 100644 index 7f45b45..0000000 --- a/plugins/aws/cloudfront/cloudfrontACLUsed_test.go +++ /dev/null @@ -1,106 +0,0 @@ -package cloudfront - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfACLUsed(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []SummaryToConfig - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCookieLogginEnabled", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []SummaryToConfig{ - { - summary: types.DistributionSummary{ - Id: aws.String("test"), - }, - config: types.DistributionConfig{ - Logging: &types.LoggingConfig{ - Enabled: aws.Bool(true), - IncludeCookies: aws.Bool(true), - }, - WebACLId: aws.String("test"), - }, - }, - }, - testName: "TestCheckIfCookieLogginEnabled", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfACLUsed(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfCookieLogginEnabled() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfACLUsedFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []SummaryToConfig - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfACLUsed", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []SummaryToConfig{ - { - summary: types.DistributionSummary{ - Id: aws.String("test"), - }, - config: types.DistributionConfig{ - Logging: &types.LoggingConfig{ - Enabled: aws.Bool(true), - }, - }, - }, - }, - testName: "TestCheckIfACLUsed", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfACLUsed(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfACLUsed() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/cloudfront/cloudfrontCookieLogging.go b/plugins/aws/cloudfront/cloudfrontCookieLogging.go deleted file mode 100644 index 133cc73..0000000 --- a/plugins/aws/cloudfront/cloudfrontCookieLogging.go +++ /dev/null @@ -1,26 +0,0 @@ -package cloudfront - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfCookieLogginEnabled(checkConfig yatas.CheckConfig, d []SummaryToConfig, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Cloudfronts are logging Cookies", "Check if all cloudfront distributions have cookies logging enabled", testName) - for _, cc := range d { - if cc.config.Logging != nil && *cc.config.Logging.Enabled && cc.config.Logging.IncludeCookies != nil && *cc.config.Logging.IncludeCookies { - Message := "Cookie logging is enabled on " + *cc.summary.Id - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cc.summary.Id} - check.AddResult(result) - } else { - Message := "Cookie logging is not enabled on " + *cc.summary.Id - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cc.summary.Id} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/cloudfront/cloudfrontCookieLogging_test.go b/plugins/aws/cloudfront/cloudfrontCookieLogging_test.go deleted file mode 100644 index b937337..0000000 --- a/plugins/aws/cloudfront/cloudfrontCookieLogging_test.go +++ /dev/null @@ -1,125 +0,0 @@ -package cloudfront - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfCookieLogginEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []SummaryToConfig - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCookieLogginEnabled", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []SummaryToConfig{ - { - summary: types.DistributionSummary{ - Id: aws.String("test"), - }, - config: types.DistributionConfig{ - Logging: &types.LoggingConfig{ - Enabled: aws.Bool(true), - IncludeCookies: aws.Bool(true), - }, - }, - }, - }, - testName: "TestCheckIfCookieLogginEnabled", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCookieLogginEnabled(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfCookieLogginEnabled() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfCookieLogginEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []SummaryToConfig - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCookieLogginEnabled", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []SummaryToConfig{ - { - summary: types.DistributionSummary{ - Id: aws.String("test"), - }, - config: types.DistributionConfig{ - Logging: &types.LoggingConfig{ - Enabled: aws.Bool(true), - }, - }, - }, - }, - testName: "TestCheckIfCookieLogginEnabled", - }, - }, - { - name: "TestCheckIfCookieLogginEnabled", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []SummaryToConfig{ - { - summary: types.DistributionSummary{ - Id: aws.String("test"), - }, - config: types.DistributionConfig{ - Logging: &types.LoggingConfig{ - Enabled: aws.Bool(true), - IncludeCookies: aws.Bool(false), - }, - }, - }, - }, - testName: "TestCheckIfCookieLogginEnabled", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCookieLogginEnabled(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfCookieLogginEnabled() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/cloudfront/cloudfrontHttps.go b/plugins/aws/cloudfront/cloudfrontHttps.go deleted file mode 100644 index 1a066c7..0000000 --- a/plugins/aws/cloudfront/cloudfrontHttps.go +++ /dev/null @@ -1,28 +0,0 @@ -package cloudfront - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfHTTPSOnly(checkConfig yatas.CheckConfig, d []types.DistributionSummary, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Cloudfronts only allow HTTPS or redirect to HTTPS", "Check if all cloudfront distributions are HTTPS only", testName) - for _, cloudfront := range d { - if cloudfront.DefaultCacheBehavior != nil && (cloudfront.DefaultCacheBehavior.ViewerProtocolPolicy == "https-only" || cloudfront.DefaultCacheBehavior.ViewerProtocolPolicy == "redirect-to-https") { - Message := "Cloudfront distribution is HTTPS only on " + *cloudfront.Id - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cloudfront.Id} - check.AddResult(result) - } else { - Message := "Cloudfront distribution is not HTTPS only on " + *cloudfront.Id - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cloudfront.Id} - check.AddResult(result) - } - } - - checkConfig.Queue <- check -} diff --git a/plugins/aws/cloudfront/cloudfrontHttps_test.go b/plugins/aws/cloudfront/cloudfrontHttps_test.go deleted file mode 100644 index 46ac9ed..0000000 --- a/plugins/aws/cloudfront/cloudfrontHttps_test.go +++ /dev/null @@ -1,119 +0,0 @@ -package cloudfront - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfHTTPSOnly(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []types.DistributionSummary - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfHTTPSOnly", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []types.DistributionSummary{ - { - ViewerCertificate: &types.ViewerCertificate{ - MinimumProtocolVersion: types.MinimumProtocolVersionTLSv122021, - }, - Id: aws.String("test"), - DefaultCacheBehavior: &types.DefaultCacheBehavior{ - ViewerProtocolPolicy: types.ViewerProtocolPolicyHttpsOnly, - }, - }, - }, - testName: "AWS_CF_001", - }, - }, - { - name: "TestCheckIfHTTPSOnly", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []types.DistributionSummary{ - { - ViewerCertificate: &types.ViewerCertificate{ - MinimumProtocolVersion: types.MinimumProtocolVersionTLSv122021, - }, - Id: aws.String("test"), - DefaultCacheBehavior: &types.DefaultCacheBehavior{ - ViewerProtocolPolicy: types.ViewerProtocolPolicyRedirectToHttps, - }, - }, - }, - testName: "AWS_CF_001", - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfHTTPSOnly(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for r := range tt.args.checkConfig.Queue { - if r.Status != "OK" { - t.Errorf("CheckIfHTTPSOnly() = %v, want %v", r.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfHTTPSOnlyFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []types.DistributionSummary - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfHTTPSOnly", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []types.DistributionSummary{ - { - ViewerCertificate: &types.ViewerCertificate{ - MinimumProtocolVersion: types.MinimumProtocolVersionTLSv122021, - }, - Id: aws.String("test"), - }, - }, - testName: "AWS_CF_001", - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfHTTPSOnly(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for r := range tt.args.checkConfig.Queue { - if r.Status != "FAIL" { - t.Errorf("CheckIfHTTPSOnly() = %v, want %v", r.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/cloudfront/cloudfrontStandardLogging.go b/plugins/aws/cloudfront/cloudfrontStandardLogging.go deleted file mode 100644 index 32b1fd6..0000000 --- a/plugins/aws/cloudfront/cloudfrontStandardLogging.go +++ /dev/null @@ -1,27 +0,0 @@ -package cloudfront - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfStandardLogginEnabled(checkConfig yatas.CheckConfig, d []SummaryToConfig, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Cloudfronts queries are logged", "Check if all cloudfront distributions have standard logging enabled", testName) - for _, cc := range d { - - if cc.config.Logging != nil && cc.config.Logging.Enabled != nil && *cc.config.Logging.Enabled { - Message := "Standard logging is enabled on " + *cc.summary.Id - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cc.summary.Id} - check.AddResult(result) - } else { - Message := "Standard logging is not enabled on " + *cc.summary.Id - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cc.summary.Id} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/cloudfront/cloudfrontStandardLogging_test.go b/plugins/aws/cloudfront/cloudfrontStandardLogging_test.go deleted file mode 100644 index b6cb4af..0000000 --- a/plugins/aws/cloudfront/cloudfrontStandardLogging_test.go +++ /dev/null @@ -1,121 +0,0 @@ -package cloudfront - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfStandardLogginEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []SummaryToConfig - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfStandardLogginEnabled", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []SummaryToConfig{ - { - summary: types.DistributionSummary{ - Id: aws.String("test"), - }, - config: types.DistributionConfig{ - Logging: &types.LoggingConfig{ - Enabled: aws.Bool(true), - }, - }, - }, - }, - testName: "TestCheckIfStandardLogginEnabled", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfStandardLogginEnabled(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfStandardLogginEnabled() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfStandardLogginEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []SummaryToConfig - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfStandardLogginEnabled", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []SummaryToConfig{ - { - summary: types.DistributionSummary{ - Id: aws.String("test"), - }, - config: types.DistributionConfig{ - Logging: &types.LoggingConfig{}, - }, - }, - }, - testName: "TestCheckIfStandardLogginEnabled", - }, - }, - { - name: "TestCheckIfStandardLogginEnabled", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []SummaryToConfig{ - { - summary: types.DistributionSummary{ - Id: aws.String("test"), - }, - config: types.DistributionConfig{ - Logging: &types.LoggingConfig{ - Enabled: aws.Bool(false), - }, - }, - }, - }, - testName: "TestCheckIfStandardLogginEnabled", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfStandardLogginEnabled(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfStandardLogginEnabled() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/cloudfront/cloudfrontTLS12.go b/plugins/aws/cloudfront/cloudfrontTLS12.go deleted file mode 100644 index 74a38ff..0000000 --- a/plugins/aws/cloudfront/cloudfrontTLS12.go +++ /dev/null @@ -1,28 +0,0 @@ -package cloudfront - -import ( - "fmt" - "strings" - - "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfCloudfrontTLS1_2Minimum(checkConfig yatas.CheckConfig, d []types.DistributionSummary, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Cloudfronts enforce TLS 1.2 at least", "Check if all cloudfront distributions have TLS 1.2 minimum", testName) - for _, cloudfront := range d { - if cloudfront.ViewerCertificate != nil && strings.Contains(string(cloudfront.ViewerCertificate.MinimumProtocolVersion), "TLSv1.2") { - Message := "TLS 1.2 minimum is set on " + *cloudfront.Id - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cloudfront.Id} - check.AddResult(result) - } else { - Message := "TLS 1.2 minimum is not set on " + *cloudfront.Id - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cloudfront.Id} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/cloudfront/cloudfrontTLS12_test.go b/plugins/aws/cloudfront/cloudfrontTLS12_test.go deleted file mode 100644 index 90a197f..0000000 --- a/plugins/aws/cloudfront/cloudfrontTLS12_test.go +++ /dev/null @@ -1,153 +0,0 @@ -package cloudfront - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfCloudfrontTLS1_2Minimum(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []types.DistributionSummary - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCloudfrontTLS1_2Minimum", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []types.DistributionSummary{ - { - ViewerCertificate: &types.ViewerCertificate{ - MinimumProtocolVersion: types.MinimumProtocolVersionTLSv122021, - }, - Id: aws.String("test"), - }, - }, - testName: "AWS_CF_001", - }, - }, - { - name: "TestCheckIfCloudfrontTLS1_2Minimum", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []types.DistributionSummary{ - { - ViewerCertificate: &types.ViewerCertificate{ - MinimumProtocolVersion: types.MinimumProtocolVersionTLSv122019, - }, - Id: aws.String("test"), - }, - }, - testName: "AWS_CF_001", - }, - }, - { - name: "TestCheckIfCloudfrontTLS1_2Minimum", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []types.DistributionSummary{ - { - ViewerCertificate: &types.ViewerCertificate{ - MinimumProtocolVersion: types.MinimumProtocolVersionTLSv122018, - }, - Id: aws.String("test"), - }, - }, - testName: "AWS_CF_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCloudfrontTLS1_2Minimum(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfCloudfrontTLS1_2Minimum() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfCloudfrontTLS1_2MinimumFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - d []types.DistributionSummary - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCloudfrontTLS1_2Minimum", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []types.DistributionSummary{ - { - ViewerCertificate: &types.ViewerCertificate{ - MinimumProtocolVersion: types.MinimumProtocolVersionTLSv1, - }, - Id: aws.String("test"), - }, - }, - testName: "AWS_CF_001", - }, - }, - { - name: "TestCheckIfCloudfrontTLS1_2Minimum", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []types.DistributionSummary{ - { - Id: aws.String("test"), - }, - }, - testName: "AWS_CF_001", - }, - }, - { - name: "TestCheckIfCloudfrontTLS1_2Minimum", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - d: []types.DistributionSummary{ - { - ViewerCertificate: &types.ViewerCertificate{ - MinimumProtocolVersion: types.MinimumProtocolVersionTLSv12016, - }, - Id: aws.String("test"), - }, - }, - testName: "AWS_CF_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCloudfrontTLS1_2Minimum(tt.args.checkConfig, tt.args.d, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfCloudfrontTLS1_2Minimum() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/cloudfront/getter.go b/plugins/aws/cloudfront/getter.go deleted file mode 100644 index bc826a6..0000000 --- a/plugins/aws/cloudfront/getter.go +++ /dev/null @@ -1,42 +0,0 @@ -package cloudfront - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/service/cloudfront" - "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" -) - -type SummaryToConfig struct { - summary types.DistributionSummary - config types.DistributionConfig -} - -type CloudfrontGetObjectApi interface { - GetDistributionConfig(ctx context.Context, params *cloudfront.GetDistributionConfigInput, optFns ...func(*cloudfront.Options)) (*cloudfront.GetDistributionConfigOutput, error) - ListDistributions(ctx context.Context, params *cloudfront.ListDistributionsInput, optFns ...func(*cloudfront.Options)) (*cloudfront.ListDistributionsOutput, error) -} - -func GetAllCloudfront(svc CloudfrontGetObjectApi) []types.DistributionSummary { - input := &cloudfront.ListDistributionsInput{} - result, err := svc.ListDistributions(context.TODO(), input) - if err != nil { - panic(err) - } - return result.DistributionList.Items -} - -func GetAllDistributionConfig(svc CloudfrontGetObjectApi, ds []types.DistributionSummary) []SummaryToConfig { - var d []SummaryToConfig - for _, cc := range ds { - input := &cloudfront.GetDistributionConfigInput{ - Id: cc.Id, - } - result, err := svc.GetDistributionConfig(context.TODO(), input) - if err != nil { - panic(err) - } - d = append(d, SummaryToConfig{summary: cc, config: *result.DistributionConfig}) - } - return d -} diff --git a/plugins/aws/cloudfront/getter_test.go b/plugins/aws/cloudfront/getter_test.go deleted file mode 100644 index 68fb7ac..0000000 --- a/plugins/aws/cloudfront/getter_test.go +++ /dev/null @@ -1,108 +0,0 @@ -package cloudfront - -import ( - "context" - "reflect" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudfront" - "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" -) - -type mockGetCloudfront func() - -func (m mockGetCloudfront) GetDistributionConfig(ctx context.Context, params *cloudfront.GetDistributionConfigInput, optFns ...func(*cloudfront.Options)) (*cloudfront.GetDistributionConfigOutput, error) { - return &cloudfront.GetDistributionConfigOutput{ - DistributionConfig: &types.DistributionConfig{ - DefaultCacheBehavior: &types.DefaultCacheBehavior{ - ForwardedValues: &types.ForwardedValues{ - QueryString: aws.Bool(true), - }, - }, - Enabled: aws.Bool(true), - Logging: &types.LoggingConfig{ - Enabled: aws.Bool(true), - }, - }, - }, nil -} - -func (m mockGetCloudfront) ListDistributions(ctx context.Context, params *cloudfront.ListDistributionsInput, optFns ...func(*cloudfront.Options)) (*cloudfront.ListDistributionsOutput, error) { - return &cloudfront.ListDistributionsOutput{ - DistributionList: &types.DistributionList{ - Items: []types.DistributionSummary{ - { - Id: aws.String("123"), - DefaultCacheBehavior: &types.DefaultCacheBehavior{ - TargetOriginId: aws.String("123"), - }, - IsIPV6Enabled: aws.Bool(true), - }, - }, - }, - }, nil -} - -func TestGetAllCloudfront(t *testing.T) { - type args struct { - svc CloudfrontGetObjectApi - } - tests := []struct { - name string - args args - want []types.DistributionSummary - }{ - { - name: "Empty list of Cloudfront distributions", - args: args{ - svc: mockGetCloudfront(nil), - }, - want: []types.DistributionSummary{ - { - Id: aws.String("123"), - DefaultCacheBehavior: &types.DefaultCacheBehavior{ - TargetOriginId: aws.String("123"), - }, - IsIPV6Enabled: aws.Bool(true), - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetAllCloudfront(tt.args.svc); !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetAllCloudfront() = %+v, want %+v", got, tt.want) - } - }) - } -} - -func TestGetAllDistributionConfig(t *testing.T) { - type args struct { - svc CloudfrontGetObjectApi - ds []types.DistributionSummary - } - tests := []struct { - name string - args args - want []SummaryToConfig - }{ - { - name: "Empty list of Cloudfront distributions", - args: args{ - svc: mockGetCloudfront(nil), - ds: []types.DistributionSummary{}, - }, - want: []SummaryToConfig{}, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetAllDistributionConfig(tt.args.svc, tt.args.ds); len(got) != len(tt.want) { - t.Errorf("GetAllDistributionConfig() = %+v, want %+v", got, tt.want) - } - }) - } -} diff --git a/plugins/aws/cloudtrail/cloudtrail.go b/plugins/aws/cloudtrail/cloudtrail.go deleted file mode 100644 index d2468f9..0000000 --- a/plugins/aws/cloudtrail/cloudtrail.go +++ /dev/null @@ -1,37 +0,0 @@ -package cloudtrail - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - cloudtrails := GetCloudtrails(s) - - go yatas.CheckTest(checkConfig.Wg, c, "AWS_CLD_001", CheckIfCloudtrailsEncrypted)(checkConfig, cloudtrails, "AWS_CLD_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_CLD_002", CheckIfCloudtrailsGlobalServiceEventsEnabled)(checkConfig, cloudtrails, "AWS_CLD_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_CLD_003", CheckIfCloudtrailsMultiRegion)(checkConfig, cloudtrails, "AWS_CLD_003") - - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks - -} diff --git a/plugins/aws/cloudtrail/cloudtrailEncrypted.go b/plugins/aws/cloudtrail/cloudtrailEncrypted.go deleted file mode 100644 index 4694798..0000000 --- a/plugins/aws/cloudtrail/cloudtrailEncrypted.go +++ /dev/null @@ -1,28 +0,0 @@ -package cloudtrail - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/cloudtrail/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfCloudtrailsEncrypted(checkConfig yatas.CheckConfig, cloudtrails []types.Trail, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - - var check yatas.Check - check.InitCheck("Cloudtrails are encrypted", "check if all cloudtrails are encrypted", testName) - for _, cloudtrail := range cloudtrails { - if cloudtrail.KmsKeyId == nil || *cloudtrail.KmsKeyId == "" { - Message := "Cloudtrail " + *cloudtrail.Name + " is not encrypted" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cloudtrail.TrailARN} - check.AddResult(result) - } else { - Message := "Cloudtrail " + *cloudtrail.Name + " is encrypted" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cloudtrail.TrailARN} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/cloudtrail/cloudtrailEncrypted_test.go b/plugins/aws/cloudtrail/cloudtrailEncrypted_test.go deleted file mode 100644 index e8b5669..0000000 --- a/plugins/aws/cloudtrail/cloudtrailEncrypted_test.go +++ /dev/null @@ -1,93 +0,0 @@ -package cloudtrail - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudtrail/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfCloudtrailsEncrypted(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - cloudtrails []types.Trail - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCloudtrailsEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - cloudtrails: []types.Trail{ - { - Name: aws.String("test"), - KmsKeyId: aws.String("test"), - TrailARN: aws.String("test"), - }, - }, - testName: "TestCheckIfCloudtrailsEncrypted", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCloudtrailsEncrypted(tt.args.checkConfig, tt.args.cloudtrails, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfCloudtrailsEncrypted() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfCloudtrailsEncryptedFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - cloudtrails []types.Trail - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCloudtrailsEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - cloudtrails: []types.Trail{ - { - Name: aws.String("test"), - TrailARN: aws.String("test"), - }, - }, - testName: "TestCheckIfCloudtrailsEncrypted", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCloudtrailsEncrypted(tt.args.checkConfig, tt.args.cloudtrails, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfCloudtrailsEncrypted() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/cloudtrail/cloudtrailMultiRegion.go b/plugins/aws/cloudtrail/cloudtrailMultiRegion.go deleted file mode 100644 index 739011b..0000000 --- a/plugins/aws/cloudtrail/cloudtrailMultiRegion.go +++ /dev/null @@ -1,27 +0,0 @@ -package cloudtrail - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/cloudtrail/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfCloudtrailsMultiRegion(checkConfig yatas.CheckConfig, cloudtrails []types.Trail, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Cloudtrails are in multiple regions", "check if all cloudtrails are multi region", testName) - for _, cloudtrail := range cloudtrails { - if !*cloudtrail.IsMultiRegionTrail { - Message := "Cloudtrail " + *cloudtrail.Name + " is not multi region" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cloudtrail.TrailARN} - check.AddResult(result) - } else { - Message := "Cloudtrail " + *cloudtrail.Name + " is multi region" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cloudtrail.TrailARN} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/cloudtrail/cloudtrailMultiRegion_test.go b/plugins/aws/cloudtrail/cloudtrailMultiRegion_test.go deleted file mode 100644 index 9200059..0000000 --- a/plugins/aws/cloudtrail/cloudtrailMultiRegion_test.go +++ /dev/null @@ -1,96 +0,0 @@ -package cloudtrail - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudtrail/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfCloudtrailsMultiRegion(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - cloudtrails []types.Trail - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCloudtrailsMultiRegion", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - cloudtrails: []types.Trail{ - { - Name: aws.String("test"), - TrailARN: aws.String("test"), - IncludeGlobalServiceEvents: aws.Bool(false), - IsMultiRegionTrail: aws.Bool(true), - }, - }, - testName: "TestCheckIfCloudtrailsMultiRegion", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCloudtrailsMultiRegion(tt.args.checkConfig, tt.args.cloudtrails, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfCloudtrailsMultiRegion() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfCloudtrailsMultiRegionFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - cloudtrails []types.Trail - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCloudtrailsMultiRegion", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - cloudtrails: []types.Trail{ - { - Name: aws.String("test"), - TrailARN: aws.String("test"), - IncludeGlobalServiceEvents: aws.Bool(false), - IsMultiRegionTrail: aws.Bool(false), - }, - }, - testName: "TestCheckIfCloudtrailsMultiRegion", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCloudtrailsMultiRegion(tt.args.checkConfig, tt.args.cloudtrails, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfCloudtrailsMultiRegion() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/cloudtrail/cloudtrailglobalservice.go b/plugins/aws/cloudtrail/cloudtrailglobalservice.go deleted file mode 100644 index cba05c2..0000000 --- a/plugins/aws/cloudtrail/cloudtrailglobalservice.go +++ /dev/null @@ -1,27 +0,0 @@ -package cloudtrail - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/cloudtrail/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfCloudtrailsGlobalServiceEventsEnabled(checkConfig yatas.CheckConfig, cloudtrails []types.Trail, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Cloudtrails have Global Service Events Activated", "check if all cloudtrails have global service events enabled", testName) - for _, cloudtrail := range cloudtrails { - if !*cloudtrail.IncludeGlobalServiceEvents { - Message := "Cloudtrail " + *cloudtrail.Name + " has global service events disabled" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cloudtrail.TrailARN} - check.AddResult(result) - } else { - Message := "Cloudtrail " + *cloudtrail.Name + " has global service events enabled" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cloudtrail.TrailARN} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/cloudtrail/cloudtrailglobalservice_test.go b/plugins/aws/cloudtrail/cloudtrailglobalservice_test.go deleted file mode 100644 index b7a402f..0000000 --- a/plugins/aws/cloudtrail/cloudtrailglobalservice_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package cloudtrail - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudtrail/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfCloudtrailsGlobalServiceEventsEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - cloudtrails []types.Trail - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCloudtrailsEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - cloudtrails: []types.Trail{ - { - Name: aws.String("test"), - TrailARN: aws.String("test"), - IncludeGlobalServiceEvents: aws.Bool(true), - }, - }, - testName: "TestCheckIfCloudtrailsEncrypted", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCloudtrailsGlobalServiceEventsEnabled(tt.args.checkConfig, tt.args.cloudtrails, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfCloudtrailsEncrypted() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfCloudtrailsGlobalServiceEventsEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - cloudtrails []types.Trail - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfCloudtrailsEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - cloudtrails: []types.Trail{ - { - Name: aws.String("test"), - TrailARN: aws.String("test"), - IncludeGlobalServiceEvents: aws.Bool(false), - }, - }, - testName: "TestCheckIfCloudtrailsEncrypted", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfCloudtrailsGlobalServiceEventsEnabled(tt.args.checkConfig, tt.args.cloudtrails, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfCloudtrailsEncrypted() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/cloudtrail/getter.go b/plugins/aws/cloudtrail/getter.go deleted file mode 100644 index 3217a53..0000000 --- a/plugins/aws/cloudtrail/getter.go +++ /dev/null @@ -1,21 +0,0 @@ -package cloudtrail - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/cloudtrail" - "github.com/aws/aws-sdk-go-v2/service/cloudtrail/types" -) - -func GetCloudtrails(s aws.Config) []types.Trail { - svc := cloudtrail.NewFromConfig(s) - input := &cloudtrail.DescribeTrailsInput{ - IncludeShadowTrails: aws.Bool(true), - } - result, err := svc.DescribeTrails(context.TODO(), input) - if err != nil { - panic(err) - } - return result.TrailList -} diff --git a/plugins/aws/dynamodb/dynamodb.go b/plugins/aws/dynamodb/dynamodb.go deleted file mode 100644 index 4f475c1..0000000 --- a/plugins/aws/dynamodb/dynamodb.go +++ /dev/null @@ -1,37 +0,0 @@ -package dynamodb - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - dynamodbs := GetDynamodbs(s) - gt := GetTables(s, dynamodbs) - gb := GetContinuousBackups(s, dynamodbs) - go yatas.CheckTest(checkConfig.Wg, c, "AWS_DYN_001", CheckIfDynamodbEncrypted)(checkConfig, gt, "AWS_DYN_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_DYN_002", CheckIfDynamodbContinuousBackupsEnabled)(checkConfig, gb, "AWS_DYN_002") - - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/dynamodb/dynamodbBackup.go b/plugins/aws/dynamodb/dynamodbBackup.go deleted file mode 100644 index 1b46ad5..0000000 --- a/plugins/aws/dynamodb/dynamodbBackup.go +++ /dev/null @@ -1,26 +0,0 @@ -package dynamodb - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfDynamodbContinuousBackupsEnabled(checkConfig yatas.CheckConfig, dynamodbs []TableBackups, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Dynamodb have continuous backup enabled with PITR", "Check if DynamoDB continuous backups are enabled", testName) - for _, d := range dynamodbs { - if d.Backups.ContinuousBackupsStatus != "ENABLED" { - Message := "Dynamodb continuous backups are not enabled on " + d.TableName - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: d.TableName} - check.AddResult(result) - } else { - Message := "Dynamodb continuous backups are enabled on " + d.TableName - result := yatas.Result{Status: "OK", Message: Message, ResourceID: d.TableName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/dynamodb/dynamodbBackup_test.go b/plugins/aws/dynamodb/dynamodbBackup_test.go deleted file mode 100644 index d4397cf..0000000 --- a/plugins/aws/dynamodb/dynamodbBackup_test.go +++ /dev/null @@ -1,96 +0,0 @@ -package dynamodb - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfDynamodbContinuousBackupsEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - dynamodbs []TableBackups - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfDynamodbEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - dynamodbs: []TableBackups{ - { - TableName: "DynamoDB-XXX", - Backups: types.ContinuousBackupsDescription{ - ContinuousBackupsStatus: types.ContinuousBackupsStatusEnabled, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfDynamodbContinuousBackupsEnabled(tt.args.checkConfig, tt.args.dynamodbs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckifDynamodbEncrypted() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfDynamodbContinuousBackupsEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - dynamodbs []TableBackups - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfDynamodbEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - dynamodbs: []TableBackups{ - { - TableName: "DynamoDB-XXX", - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfDynamodbContinuousBackupsEnabled(tt.args.checkConfig, tt.args.dynamodbs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckifDynamodbEncrypted() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/dynamodb/dynamodbEncrypted.go b/plugins/aws/dynamodb/dynamodbEncrypted.go deleted file mode 100644 index 56a6c31..0000000 --- a/plugins/aws/dynamodb/dynamodbEncrypted.go +++ /dev/null @@ -1,28 +0,0 @@ -package dynamodb - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/dynamodb" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfDynamodbEncrypted(checkConfig yatas.CheckConfig, dynamodbs []*dynamodb.DescribeTableOutput, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Dynamodbs are encrypted", "Check if DynamoDB encryption is enabled", testName) - for _, d := range dynamodbs { - if d.Table != nil && d.Table.SSEDescription != nil && d.Table.SSEDescription.Status == "ENABLED" { - Message := "Dynamodb encryption is enabled on " + *d.Table.TableName - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *d.Table.TableArn} - check.AddResult(result) - - } else { - Message := "Dynamodb encryption is not enabled on " + *d.Table.TableName - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *d.Table.TableArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/dynamodb/dynamodbEncrypted_test.go b/plugins/aws/dynamodb/dynamodbEncrypted_test.go deleted file mode 100644 index 4294339..0000000 --- a/plugins/aws/dynamodb/dynamodbEncrypted_test.go +++ /dev/null @@ -1,104 +0,0 @@ -package dynamodb - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/dynamodb" - "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfDynamodbEncrypted(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - dynamodbs []*dynamodb.DescribeTableOutput - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfDynamodbEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - dynamodbs: []*dynamodb.DescribeTableOutput{ - { - Table: &types.TableDescription{ - TableArn: aws.String("arn:aws:dynamodb:us-east-1:123456789012:table/DynamoDB-XXX"), - SSEDescription: &types.SSEDescription{ - Status: types.SSEStatusEnabled, - }, - TableName: aws.String("DynamoDB-XXX"), - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfDynamodbEncrypted(tt.args.checkConfig, tt.args.dynamodbs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckifDynamodbEncrypted() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfDynamodbEncryptedFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - dynamodbs []*dynamodb.DescribeTableOutput - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfDynamodbEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - dynamodbs: []*dynamodb.DescribeTableOutput{ - { - Table: &types.TableDescription{ - TableArn: aws.String("arn:aws:dynamodb:us-east-1:123456789012:table/DynamoDB-XXX"), - TableName: aws.String("DynamoDB-XXX"), - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfDynamodbEncrypted(tt.args.checkConfig, tt.args.dynamodbs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckifDynamodbEncrypted() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/dynamodb/getter.go b/plugins/aws/dynamodb/getter.go deleted file mode 100644 index 87b26f0..0000000 --- a/plugins/aws/dynamodb/getter.go +++ /dev/null @@ -1,57 +0,0 @@ -package dynamodb - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/dynamodb" - "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" -) - -func GetDynamodbs(s aws.Config) []string { - svc := dynamodb.NewFromConfig(s) - dynamodbInput := &dynamodb.ListTablesInput{} - result, err := svc.ListTables(context.TODO(), dynamodbInput) - if err != nil { - panic(err) - } - return result.TableNames -} - -func GetTables(s aws.Config, dynamodbs []string) []*dynamodb.DescribeTableOutput { - svc := dynamodb.NewFromConfig(s) - var tables []*dynamodb.DescribeTableOutput - for _, d := range dynamodbs { - params := &dynamodb.DescribeTableInput{ - TableName: &d, - } - resp, err := svc.DescribeTable(context.TODO(), params) - if err != nil { - panic(err) - } - tables = append(tables, resp) - - } - return tables -} - -type TableBackups struct { - TableName string - Backups types.ContinuousBackupsDescription -} - -func GetContinuousBackups(s aws.Config, tables []string) []TableBackups { - svc := dynamodb.NewFromConfig(s) - var continuousBackups []TableBackups - for _, d := range tables { - params := &dynamodb.DescribeContinuousBackupsInput{ - TableName: &d, - } - resp, err := svc.DescribeContinuousBackups(context.TODO(), params) - if err != nil { - panic(err) - } - continuousBackups = append(continuousBackups, TableBackups{d, *resp.ContinuousBackupsDescription}) - } - return continuousBackups -} diff --git a/plugins/aws/ec2/ec2.go b/plugins/aws/ec2/ec2.go deleted file mode 100644 index da8c8c0..0000000 --- a/plugins/aws/ec2/ec2.go +++ /dev/null @@ -1,38 +0,0 @@ -package ec2 - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - - svc := ec2.NewFromConfig(s) - instances := GetEC2s(svc) - go yatas.CheckTest(checkConfig.Wg, c, "AWS_EC2_001", CheckIfEC2PublicIP)(checkConfig, instances, "AWS_EC2_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_EC2_002", CheckIfMonitoringEnabled)(checkConfig, instances, "AWS_EC2_002") - - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/ec2/ec2Monitoring.go b/plugins/aws/ec2/ec2Monitoring.go deleted file mode 100644 index e5dfb53..0000000 --- a/plugins/aws/ec2/ec2Monitoring.go +++ /dev/null @@ -1,27 +0,0 @@ -package ec2 - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfMonitoringEnabled(checkConfig yatas.CheckConfig, instances []types.Instance, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EC2s have the monitoring option enabled", "Check if all instances have monitoring enabled", testName) - for _, instance := range instances { - if instance.Monitoring.State != types.MonitoringStateEnabled { - Message := "EC2 instance " + *instance.InstanceId + " has no monitoring enabled" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.InstanceId} - check.AddResult(result) - } else { - Message := "EC2 instance " + *instance.InstanceId + " has monitoring enabled" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.InstanceId} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/ec2/ec2Monitoring_test.go b/plugins/aws/ec2/ec2Monitoring_test.go deleted file mode 100644 index feda3d3..0000000 --- a/plugins/aws/ec2/ec2Monitoring_test.go +++ /dev/null @@ -1,104 +0,0 @@ -package ec2 - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfMonitoringEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.Instance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfMonitoringEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.Instance{ - { - InstanceId: aws.String("i-12345678"), - PublicIpAddress: aws.String("192828282828"), - Monitoring: &types.Monitoring{ - State: types.MonitoringStateEnabled, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfMonitoringEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckifEC2MonitoringEnabled() = %v, want %v", check.Status, "PASS") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - - } -} - -func TestCheckIfMonitoringEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.Instance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfMonitoringEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.Instance{ - { - InstanceId: aws.String("i-12345678"), - PublicIpAddress: aws.String("192828282828"), - Monitoring: &types.Monitoring{ - State: types.MonitoringStateDisabled, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfMonitoringEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckifEC2MonitoringEnabled() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - - } -} diff --git a/plugins/aws/ec2/ec2PublicIp.go b/plugins/aws/ec2/ec2PublicIp.go deleted file mode 100644 index 72853fe..0000000 --- a/plugins/aws/ec2/ec2PublicIp.go +++ /dev/null @@ -1,27 +0,0 @@ -package ec2 - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfEC2PublicIP(checkConfig yatas.CheckConfig, instances []types.Instance, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EC2s don't have a public IP", "Check if all instances have a public IP", testName) - for _, instance := range instances { - if instance.PublicIpAddress != nil { - Message := "EC2 instance " + *instance.InstanceId + " has a public IP" + *instance.PublicIpAddress - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.InstanceId} - check.AddResult(result) - } else { - Message := "EC2 instance " + *instance.InstanceId + " has no public IP " - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.InstanceId} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/ec2/ec2PublicIp_test.go b/plugins/aws/ec2/ec2PublicIp_test.go deleted file mode 100644 index 7eff7cc..0000000 --- a/plugins/aws/ec2/ec2PublicIp_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package ec2 - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfEC2PublicIPFAIL(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.Instance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfEC2PublicIP", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.Instance{ - { - InstanceId: aws.String("i-12345678"), - PublicIpAddress: aws.String("192828282828"), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfEC2PublicIP(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckifEC2PublicIP() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfEC2PublicIP(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.Instance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfEC2PublicIP", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.Instance{ - { - InstanceId: aws.String("i-12345678"), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfEC2PublicIP(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckifEC2PublicIP() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/ec2/getter.go b/plugins/aws/ec2/getter.go deleted file mode 100644 index 100f178..0000000 --- a/plugins/aws/ec2/getter.go +++ /dev/null @@ -1,39 +0,0 @@ -package ec2 - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/service/ec2" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" -) - -type EC2GetObjectAPI interface { - DescribeInstances(ctx context.Context, params *ec2.DescribeInstancesInput, optFns ...func(*ec2.Options)) (*ec2.DescribeInstancesOutput, error) -} - -func GetEC2s(svc EC2GetObjectAPI) []types.Instance { - input := &ec2.DescribeInstancesInput{} - result, err := svc.DescribeInstances(context.TODO(), input) - if err != nil { - panic(err) - } - var instances []types.Instance - for _, r := range result.Reservations { - instances = append(instances, r.Instances...) - } - for { - if result.NextToken == nil { - break - } - input.NextToken = result.NextToken - result, err = svc.DescribeInstances(context.TODO(), input) - if err != nil { - panic(err) - } - for _, r := range result.Reservations { - instances = append(instances, r.Instances...) - } - } - - return instances -} diff --git a/plugins/aws/ec2/getter_test.go b/plugins/aws/ec2/getter_test.go deleted file mode 100644 index a85ac79..0000000 --- a/plugins/aws/ec2/getter_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package ec2 - -import ( - "context" - "reflect" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" -) - -type MockSVCEC2 func() - -func (m MockSVCEC2) DescribeInstances(ctx context.Context, params *ec2.DescribeInstancesInput, optFns ...func(*ec2.Options)) (*ec2.DescribeInstancesOutput, error) { - token := aws.String("ididididid") - if params.NextToken != nil { - token = nil - } - - return &ec2.DescribeInstancesOutput{ - Reservations: []types.Reservation{ - { - Instances: []types.Instance{ - { - InstanceId: aws.String("instanceId"), - InstanceType: types.InstanceTypeA12xlarge, - }, - }, - }, - }, - NextToken: token, - }, nil -} - -func TestGetEC2s(t *testing.T) { - type args struct { - svc EC2GetObjectAPI - } - tests := []struct { - name string - args args - want []types.Instance - }{ - { - name: "TestGetEC2s", - args: args{ - svc: MockSVCEC2(nil), - }, - want: []types.Instance{ - { - InstanceId: aws.String("instanceId"), - InstanceType: types.InstanceTypeA12xlarge, - }, - { - InstanceId: aws.String("instanceId"), - InstanceType: types.InstanceTypeA12xlarge, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetEC2s(tt.args.svc); !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetEC2s() = %+v, want %+v", got, tt.want) - } - }) - } -} diff --git a/plugins/aws/ecr/ecr.go b/plugins/aws/ecr/ecr.go deleted file mode 100644 index 17140b3..0000000 --- a/plugins/aws/ecr/ecr.go +++ /dev/null @@ -1,35 +0,0 @@ -package ecr - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - ecr := GetECRs(s) - go yatas.CheckTest(checkConfig.Wg, c, "AWS_ECR_001", CheckIfImageScanningEnabled)(checkConfig, ecr, "AWS_ECR_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_ECR_002", CheckIfEncrypted)(checkConfig, ecr, "AWS_ECR_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_ECR_003", CheckIfTagImmutable)(checkConfig, ecr, "AWS_ECR_003") - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/ecr/ecrEncrypted.go b/plugins/aws/ecr/ecrEncrypted.go deleted file mode 100644 index 62f9a98..0000000 --- a/plugins/aws/ecr/ecrEncrypted.go +++ /dev/null @@ -1,27 +0,0 @@ -package ecr - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ecr/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfEncrypted(checkConfig yatas.CheckConfig, ecr []types.Repository, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ECRs are encrypted", "Check if all ECRs are encrypted", testName) - for _, ecr := range ecr { - if ecr.EncryptionConfiguration == nil { - Message := "ECR " + *ecr.RepositoryName + " is not encrypted" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *ecr.RepositoryName} - check.AddResult(result) - } else { - Message := "ECR " + *ecr.RepositoryName + " is encrypted" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *ecr.RepositoryName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/ecr/ecrEncrypted_test.go b/plugins/aws/ecr/ecrEncrypted_test.go deleted file mode 100644 index 146f7b8..0000000 --- a/plugins/aws/ecr/ecrEncrypted_test.go +++ /dev/null @@ -1,45 +0,0 @@ -package ecr - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/service/ecr/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfEncrypted(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - ecr []types.Repository - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if all ECRs are encrypted", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - ecr: []types.Repository{}, - testName: "CheckIfEncrypted", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfEncrypted(tt.args.checkConfig, tt.args.ecr, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if len(check.Results) != len(tt.args.ecr) { - t.Errorf("CheckIfEncrypted() = %v, want %v", len(check.Results), len(tt.args.ecr)) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/ecr/ecrImageScanning.go b/plugins/aws/ecr/ecrImageScanning.go deleted file mode 100644 index 625c010..0000000 --- a/plugins/aws/ecr/ecrImageScanning.go +++ /dev/null @@ -1,27 +0,0 @@ -package ecr - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ecr/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfImageScanningEnabled(checkConfig yatas.CheckConfig, ecr []types.Repository, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ECRs image are scanned on push", "Check if all ECRs have image scanning enabled", testName) - for _, ecr := range ecr { - if !ecr.ImageScanningConfiguration.ScanOnPush { - Message := "ECR " + *ecr.RepositoryName + " has image scanning disabled" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *ecr.RepositoryName} - check.AddResult(result) - } else { - Message := "ECR " + *ecr.RepositoryName + " has image scanning enabled" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *ecr.RepositoryName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/ecr/ecrImageScanning_test.go b/plugins/aws/ecr/ecrImageScanning_test.go deleted file mode 100644 index 29fca6e..0000000 --- a/plugins/aws/ecr/ecrImageScanning_test.go +++ /dev/null @@ -1,100 +0,0 @@ -package ecr - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ecr/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfImageScanningEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - ecr []types.Repository - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfImageScanningEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - ecr: []types.Repository{ - { - RepositoryName: aws.String("test"), - ImageScanningConfiguration: &types.ImageScanningConfiguration{ - ScanOnPush: true, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfImageScanningEnabled(tt.args.checkConfig, tt.args.ecr, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckifImageScanningEnabled() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfImageScanningEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - ecr []types.Repository - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfImageScanningEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - ecr: []types.Repository{ - { - RepositoryName: aws.String("test"), - ImageScanningConfiguration: &types.ImageScanningConfiguration{ - ScanOnPush: false, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfImageScanningEnabled(tt.args.checkConfig, tt.args.ecr, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckifImageScanningEnabled() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/ecr/ecrImageTagMutability.go b/plugins/aws/ecr/ecrImageTagMutability.go deleted file mode 100644 index 81d6ab1..0000000 --- a/plugins/aws/ecr/ecrImageTagMutability.go +++ /dev/null @@ -1,27 +0,0 @@ -package ecr - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ecr/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfTagImmutable(checkConfig yatas.CheckConfig, ecr []types.Repository, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ECRs tags are immutable", "Check if all ECRs are tag immutable", testName) - for _, ecr := range ecr { - if ecr.ImageTagMutability == types.ImageTagMutabilityMutable { - Message := "ECR " + *ecr.RepositoryName + " is not tag immutable" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *ecr.RepositoryName} - check.AddResult(result) - } else { - Message := "ECR " + *ecr.RepositoryName + " is tag immutable" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *ecr.RepositoryName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/ecr/ecrImageTagMutability_test.go b/plugins/aws/ecr/ecrImageTagMutability_test.go deleted file mode 100644 index 8d9c38a..0000000 --- a/plugins/aws/ecr/ecrImageTagMutability_test.go +++ /dev/null @@ -1,50 +0,0 @@ -package ecr - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ecr/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfTagImmutable(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - ecr []types.Repository - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if all ECRs are tag immutable", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - ecr: []types.Repository{ - { - ImageTagMutability: types.ImageTagMutabilityImmutable, - RepositoryName: aws.String("test"), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfTagImmutable(tt.args.checkConfig, tt.args.ecr, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfTagImmutable() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/ecr/getter.go b/plugins/aws/ecr/getter.go deleted file mode 100644 index 0cb5d94..0000000 --- a/plugins/aws/ecr/getter.go +++ /dev/null @@ -1,36 +0,0 @@ -package ecr - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ecr" - "github.com/aws/aws-sdk-go-v2/service/ecr/types" -) - -func GetECRs(s aws.Config) []types.Repository { - svc := ecr.NewFromConfig(s) - var ecrRepositories []types.Repository - input := &ecr.DescribeRepositoriesInput{ - MaxResults: aws.Int32(100), - } - result, err := svc.DescribeRepositories(context.TODO(), input) - ecrRepositories = append(ecrRepositories, result.Repositories...) - if err != nil { - panic(err) - } - for { - if result.NextToken != nil { - input.NextToken = result.NextToken - result, err = svc.DescribeRepositories(context.TODO(), input) - ecrRepositories = append(ecrRepositories, result.Repositories...) - if err != nil { - panic(err) - } - } else { - break - } - } - - return ecrRepositories -} diff --git a/plugins/aws/eks/eks.go b/plugins/aws/eks/eks.go deleted file mode 100644 index 7a483a7..0000000 --- a/plugins/aws/eks/eks.go +++ /dev/null @@ -1,33 +0,0 @@ -package eks - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/eks" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - svc := eks.NewFromConfig(s) - clusters := GetClusters(svc) - go yatas.CheckTest(checkConfig.Wg, c, "AWS_EKS_001", CheckIfLoggingIsEnabled)(checkConfig, clusters, "AWS_EKS_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_EKS_002", CheckIfEksEndpointPrivate)(checkConfig, clusters, "AWS_EKS_002") - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - checkConfig.Wg.Wait() - queue <- checks -} diff --git a/plugins/aws/eks/eksLogging.go b/plugins/aws/eks/eksLogging.go deleted file mode 100644 index 0ea7717..0000000 --- a/plugins/aws/eks/eksLogging.go +++ /dev/null @@ -1,27 +0,0 @@ -package eks - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/eks/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfLoggingIsEnabled(checkConfig yatas.CheckConfig, clusters []types.Cluster, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EKS clusters have logging enabled", "Check if logging is enabled", testName) - for _, cluster := range clusters { - if cluster.Logging != nil && len(cluster.Logging.ClusterLogging) > 0 { - Message := "Logging is enabled for cluster " + *cluster.Name - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cluster.Name} - check.AddResult(result) - } else { - Message := "Logging is not enabled for cluster " + *cluster.Name - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cluster.Name} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/eks/eksLogging_test.go b/plugins/aws/eks/eksLogging_test.go deleted file mode 100644 index 58d588c..0000000 --- a/plugins/aws/eks/eksLogging_test.go +++ /dev/null @@ -1,63 +0,0 @@ -package eks - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/eks/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfLoggingIsEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - clusters []types.Cluster - testName string - want string - } - tests := []struct { - name string - args args - }{ - { - name: "test", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - clusters: []types.Cluster{ - { - Name: aws.String("test"), - Logging: &types.Logging{ - ClusterLogging: []types.LogSetup{ - { - Enabled: aws.Bool(true), - Types: []types.LogType{"api", "audit"}, - }, - }, - }, - }, - }, - testName: "CheckIfLoggingIsEnabled", - want: "OK", - }, - }, - { - name: "test", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - clusters: []types.Cluster{ - { - Name: aws.String("test"), - }, - }, - testName: "CheckIfLoggingIsEnabled", - want: "FAIL", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfLoggingIsEnabled(tt.args.checkConfig, tt.args.clusters, tt.args.testName) - }) - } -} diff --git a/plugins/aws/eks/eksPrivateEndpoint.go b/plugins/aws/eks/eksPrivateEndpoint.go deleted file mode 100644 index 9cc3471..0000000 --- a/plugins/aws/eks/eksPrivateEndpoint.go +++ /dev/null @@ -1,40 +0,0 @@ -package eks - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/eks/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" - "golang.org/x/exp/slices" -) - -func CheckIfEksEndpointPrivate(checkConfig yatas.CheckConfig, clusters []types.Cluster, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EKS clusters have private endpoint or strict public access", "Check if EKS clusters have private endpoint", testName) - for _, cluster := range clusters { - if cluster.ResourcesVpcConfig != nil { - if cluster.ResourcesVpcConfig.EndpointPublicAccess { - if ok := slices.Contains(cluster.ResourcesVpcConfig.PublicAccessCidrs, "0.0.0.0/0"); !ok { - Message := "EKS cluster " + *cluster.Name + " has private endpoint" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cluster.Name} - check.AddResult(result) - } else { - Message := "EKS cluster " + *cluster.Name + " has public endpoint" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cluster.Name} - check.AddResult(result) - } - } else { - Message := "EKS cluster " + *cluster.Name + " has private endpoint" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *cluster.Name} - check.AddResult(result) - } - } else { - Message := "Private endpoint is not enabled for cluster " + *cluster.Name - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *cluster.Name} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/eks/eksPrivateEndpoint_test.go b/plugins/aws/eks/eksPrivateEndpoint_test.go deleted file mode 100644 index ec4b84d..0000000 --- a/plugins/aws/eks/eksPrivateEndpoint_test.go +++ /dev/null @@ -1,104 +0,0 @@ -package eks - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/eks/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfEksEndpointPrivate(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - clusters []types.Cluster - testName string - } - tests := []struct { - name string - args args - want string - }{ - { - name: "test", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - clusters: []types.Cluster{ - { - Name: aws.String("test"), - Endpoint: aws.String("https://test.eks.amazonaws.com"), - ResourcesVpcConfig: &types.VpcConfigResponse{ - EndpointPrivateAccess: true, - }, - }, - }, - }, - want: "OK", - }, - { - name: "test", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - clusters: []types.Cluster{ - { - Name: aws.String("test"), - Endpoint: aws.String("https://test.eks.amazonaws.com"), - ResourcesVpcConfig: &types.VpcConfigResponse{ - EndpointPrivateAccess: true, - EndpointPublicAccess: true, - PublicAccessCidrs: []string{"0.0.0.0/0"}, - }, - }, - }, - }, - want: "FAIL", - }, - { - name: "test", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - clusters: []types.Cluster{ - { - Name: aws.String("test"), - Endpoint: aws.String("https://test.eks.amazonaws.com"), - ResourcesVpcConfig: &types.VpcConfigResponse{ - EndpointPrivateAccess: true, - EndpointPublicAccess: true, - PublicAccessCidrs: []string{"0.0.0.0/8"}, - }, - }, - }, - }, - want: "OK", - }, - { - name: "test", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - clusters: []types.Cluster{ - { - Name: aws.String("test"), - Endpoint: aws.String("https://test.eks.amazonaws.com"), - }, - }, - }, - want: "FAIL", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfEksEndpointPrivate(tt.args.checkConfig, tt.args.clusters, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != tt.want { - t.Errorf("CheckIfEksEndpointPrivate() = %v, want %v", check.Status, tt.want) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/eks/getter.go b/plugins/aws/eks/getter.go deleted file mode 100644 index 08ac52d..0000000 --- a/plugins/aws/eks/getter.go +++ /dev/null @@ -1,53 +0,0 @@ -package eks - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/eks" - "github.com/aws/aws-sdk-go-v2/service/eks/types" -) - -type EKSGetObjectAPI interface { - ListClusters(ctx context.Context, params *eks.ListClustersInput, optFns ...func(*eks.Options)) (*eks.ListClustersOutput, error) - DescribeCluster(ctx context.Context, params *eks.DescribeClusterInput, optFns ...func(*eks.Options)) (*eks.DescribeClusterOutput, error) -} - -func GetClusters(svc EKSGetObjectAPI) []types.Cluster { - input := &eks.ListClustersInput{} - result, err := svc.ListClusters(context.TODO(), input) - if err != nil { - panic(err) - } - var clusters []string - var clustersDetails []types.Cluster - for _, r := range result.Clusters { - clusters = append(clusters, r) - } - for { - if result.NextToken == nil { - break - } - input.NextToken = result.NextToken - result, err = svc.ListClusters(context.TODO(), input) - if err != nil { - panic(err) - } - for _, r := range result.Clusters { - clusters = append(clusters, r) - } - } - - for _, c := range clusters { - input := &eks.DescribeClusterInput{ - Name: aws.String(c), - } - result, err := svc.DescribeCluster(context.TODO(), input) - if err != nil { - panic(err) - } - clustersDetails = append(clustersDetails, *result.Cluster) - } - return clustersDetails - -} diff --git a/plugins/aws/eks/getter_test.go b/plugins/aws/eks/getter_test.go deleted file mode 100644 index 9e6f1f0..0000000 --- a/plugins/aws/eks/getter_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package eks - -import ( - "context" - "reflect" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/eks" - "github.com/aws/aws-sdk-go-v2/service/eks/types" -) - -type mocksvc func() - -func (m mocksvc) ListClusters(ctx context.Context, params *eks.ListClustersInput, optFns ...func(*eks.Options)) (*eks.ListClustersOutput, error) { - return &eks.ListClustersOutput{ - Clusters: []string{"test"}, - }, nil -} - -func (m mocksvc) DescribeCluster(ctx context.Context, params *eks.DescribeClusterInput, optFns ...func(*eks.Options)) (*eks.DescribeClusterOutput, error) { - return &eks.DescribeClusterOutput{ - Cluster: &types.Cluster{ - Name: aws.String("test"), - }, - }, nil -} - -func TestGetClusters(t *testing.T) { - type args struct { - svc EKSGetObjectAPI - } - tests := []struct { - name string - args args - want []types.Cluster - }{ - { - name: "test", - args: args{ - svc: mocksvc(nil), - }, - want: []types.Cluster{ - { - Name: aws.String("test"), - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetClusters(tt.args.svc); !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetClusters() = %+v, want %+v", got, tt.want) - } - }) - } -} diff --git a/plugins/aws/guardduty/getter.go b/plugins/aws/guardduty/getter.go deleted file mode 100644 index fb627ae..0000000 --- a/plugins/aws/guardduty/getter.go +++ /dev/null @@ -1,18 +0,0 @@ -package guardduty - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/guardduty" -) - -func GetDetectors(s aws.Config) []string { - svc := guardduty.NewFromConfig(s) - input := &guardduty.ListDetectorsInput{} - result, err := svc.ListDetectors(context.TODO(), input) - if err != nil { - panic(err) - } - return result.DetectorIds -} diff --git a/plugins/aws/guardduty/guardduty.go b/plugins/aws/guardduty/guardduty.go deleted file mode 100644 index 9d82d4a..0000000 --- a/plugins/aws/guardduty/guardduty.go +++ /dev/null @@ -1,33 +0,0 @@ -package guardduty - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - guardyDetectors := GetDetectors(checkConfig.ConfigAWS) - go yatas.CheckTest(checkConfig.Wg, c, "AWS_GDT_001", CheckIfGuarddutyEnabled)(checkConfig, "AWS_GDT_001", guardyDetectors) - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/guardduty/guarddutyEnabled.go b/plugins/aws/guardduty/guarddutyEnabled.go deleted file mode 100644 index 1261817..0000000 --- a/plugins/aws/guardduty/guarddutyEnabled.go +++ /dev/null @@ -1,25 +0,0 @@ -package guardduty - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfGuarddutyEnabled(checkConfig yatas.CheckConfig, testName string, detectors []string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("GuardDuty is enabled in the account", "Check if GuardDuty is enabled", testName) - - if len(detectors) == 0 { - Message := "GuardDuty is not enabled" - result := yatas.Result{Status: "FAIL", Message: Message} - check.AddResult(result) - } else { - Message := "GuardDuty is enabled" - result := yatas.Result{Status: "OK", Message: Message} - check.AddResult(result) - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/guardduty/guarddutyEnabled_test.go b/plugins/aws/guardduty/guarddutyEnabled_test.go deleted file mode 100644 index 348ea71..0000000 --- a/plugins/aws/guardduty/guarddutyEnabled_test.go +++ /dev/null @@ -1,86 +0,0 @@ -package guardduty - -import ( - "sync" - "testing" - - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfGuarddutyEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - testName string - detectors []string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfGuarddutyEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - testName: "TestCheckIfGuarddutyEnabled", - detectors: []string{"detector1", "detector2"}, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfGuarddutyEnabled(tt.args.checkConfig, tt.args.testName, tt.args.detectors) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckifGuarddutyEnabled() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfGuarddutyEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - testName string - detectors []string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfGuarddutyEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - testName: "TestCheckIfGuarddutyEnabled", - detectors: []string{}, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfGuarddutyEnabled(tt.args.checkConfig, tt.args.testName, tt.args.detectors) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckifGuarddutyEnabled() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/iam/getter.go b/plugins/aws/iam/getter.go deleted file mode 100644 index 829473c..0000000 --- a/plugins/aws/iam/getter.go +++ /dev/null @@ -1,214 +0,0 @@ -package iam - -import ( - "context" - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/iam" - "github.com/aws/aws-sdk-go-v2/service/iam/types" -) - -func GetAllUsers(s aws.Config) []types.User { - svc := iam.NewFromConfig(s) - var users []types.User - input := &iam.ListUsersInput{} - result, err := svc.ListUsers(context.TODO(), input) - users = append(users, result.Users...) - if err != nil { - panic(err) - } - for { - if result.IsTruncated { - input.Marker = result.Marker - result, err = svc.ListUsers(context.TODO(), input) - users = append(users, result.Users...) - if err != nil { - panic(err) - } - } else { - break - } - } - return users -} - -type MFAForUser struct { - UserName string - MFAs []types.MFADevice -} - -func GetMfaForUsers(s aws.Config, u []types.User) []MFAForUser { - svc := iam.NewFromConfig(s) - - var mfaForUsers []MFAForUser - for _, user := range u { - input := &iam.ListMFADevicesInput{ - UserName: user.UserName, - } - result, err := svc.ListMFADevices(context.TODO(), input) - if err != nil { - panic(err) - } - mfaForUsers = append(mfaForUsers, MFAForUser{ - UserName: *user.UserName, - MFAs: result.MFADevices, - }) - for { - if result.IsTruncated { - input.Marker = result.Marker - result, err = svc.ListMFADevices(context.TODO(), input) - mfaForUsers = append(mfaForUsers, MFAForUser{ - UserName: *user.UserName, - MFAs: result.MFADevices, - }) - if err != nil { - panic(err) - } - } else { - break - } - } - } - return mfaForUsers -} - -type AccessKeysForUser struct { - UserName string - AccessKeys []types.AccessKeyMetadata -} - -func GetAccessKeysForUsers(s aws.Config, u []types.User) []AccessKeysForUser { - svc := iam.NewFromConfig(s) - - var accessKeysForUsers []AccessKeysForUser - for _, user := range u { - input := &iam.ListAccessKeysInput{ - UserName: user.UserName, - } - result, err := svc.ListAccessKeys(context.TODO(), input) - if err != nil { - panic(err) - } - accessKeysForUsers = append(accessKeysForUsers, AccessKeysForUser{ - UserName: *user.UserName, - AccessKeys: result.AccessKeyMetadata, - }) - for { - if result.IsTruncated { - input.Marker = result.Marker - result, err = svc.ListAccessKeys(context.TODO(), input) - accessKeysForUsers = append(accessKeysForUsers, AccessKeysForUser{ - UserName: *user.UserName, - AccessKeys: result.AccessKeyMetadata, - }) - if err != nil { - panic(err) - } - } else { - break - } - } - } - return accessKeysForUsers -} - -func GetUserPolicies(users []types.User, s aws.Config) []UserPolicies { - var wgPolicyForUser sync.WaitGroup - wgPolicyForUser.Add(len(users)) - queue := make(chan UserPolicies, 10) - for _, user := range users { - go GetAllPolicyForUser(&wgPolicyForUser, queue, s, user) - } - var userPolicies []UserPolicies - go func() { - for user := range queue { - userPolicies = append(userPolicies, user) - wgPolicyForUser.Done() - } - - }() - wgPolicyForUser.Wait() - return userPolicies -} - -type UserToPoliciesElevate struct { - UserName string - Policies [][]string -} - -func GetUserToPoliciesElevate(userPolicies []UserPolicies) []UserToPoliciesElevate { - var usersElevatedPolicies []UserToPoliciesElevate - for _, user := range userPolicies { - elevation := CheckPolicyForAllowInRequiredPermission(user.Policies, requiredPermissions) - if elevation != nil { - usersElevatedPolicies = append(usersElevatedPolicies, UserToPoliciesElevate{ - UserName: user.UserName, - Policies: elevation, - }) - } - - } - - return usersElevatedPolicies -} - -func GetAllPolicyForUser(wg *sync.WaitGroup, queueCheck chan UserPolicies, s aws.Config, user types.User) { - var policyList []Policy - var wgpolicy sync.WaitGroup - queue := make(chan *string, 100) - policies := GetPolicyAttachedToUser(s, user) - wgpolicy.Add(len(policies)) - for _, policy := range policies { - go GetPolicyDocument(&wgpolicy, queue, s, policy.PolicyArn) - - } - go func() { - for t := range queue { - policyList = append(policyList, JsonDecodePolicyDocument(t)) - wgpolicy.Done() - } - }() - wgpolicy.Wait() - queueCheck <- UserPolicies{*user.UserName, policyList} -} - -func GetPolicyDocument(wg *sync.WaitGroup, queue chan *string, s aws.Config, policyArn *string) { - policyVersions := GetAllPolicyVersions(s, policyArn) - SortPolicyVersions(policyVersions) - input := &iam.GetPolicyVersionInput{ - PolicyArn: policyArn, - VersionId: policyVersions[0].VersionId, - } - svc := iam.NewFromConfig(s) - result, err := svc.GetPolicyVersion(context.TODO(), input) - if err != nil { - panic(err) - } - queue <- result.PolicyVersion.Document -} - -func GetPolicyAttachedToUser(s aws.Config, user types.User) []types.AttachedPolicy { - svc := iam.NewFromConfig(s) - input := &iam.ListAttachedUserPoliciesInput{ - UserName: user.UserName, - } - result, err := svc.ListAttachedUserPolicies(context.TODO(), input) - if err != nil { - panic(err) - } - return result.AttachedPolicies -} - -func GetAllPolicyVersions(s aws.Config, policyArn *string) []types.PolicyVersion { - svc := iam.NewFromConfig(s) - input := &iam.ListPolicyVersionsInput{ - PolicyArn: policyArn, - } - result, err := svc.ListPolicyVersions(context.TODO(), input) - if err != nil { - panic(err) - } - - return result.Versions -} diff --git a/plugins/aws/iam/helpers.go b/plugins/aws/iam/helpers.go deleted file mode 100644 index 29d44d9..0000000 --- a/plugins/aws/iam/helpers.go +++ /dev/null @@ -1,26 +0,0 @@ -package iam - -import ( - "net/url" - - "github.com/aws/aws-sdk-go-v2/service/iam/types" -) - -func SortPolicyVersions(policyVersions []types.PolicyVersion) { - for i := 0; i < len(policyVersions); i++ { - for j := i + 1; j < len(policyVersions); j++ { - if policyVersions[i].CreateDate.After(*policyVersions[j].CreateDate) { - policyVersions[i], policyVersions[j] = policyVersions[j], policyVersions[i] - } - } - } -} - -func JsonDecodePolicyDocument(policyDocumentJson *string) Policy { - // URL Decode the policy document - var policyDocument Policy - decodedValue, _ := url.QueryUnescape(*policyDocumentJson) - policyDocument.UnmarshalJSON([]byte(decodedValue)) - return policyDocument - -} diff --git a/plugins/aws/iam/helpers_test.go b/plugins/aws/iam/helpers_test.go deleted file mode 100644 index b327d84..0000000 --- a/plugins/aws/iam/helpers_test.go +++ /dev/null @@ -1,77 +0,0 @@ -package iam - -import ( - "reflect" - "testing" - "time" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/iam/types" -) - -func TestSortPolicyVersions(t *testing.T) { - type args struct { - policyVersions []types.PolicyVersion - } - tests := []struct { - name string - args args - }{ - { - name: "SortPolicyVersions", - args: args{ - policyVersions: []types.PolicyVersion{ - { - CreateDate: &time.Time{}, - }, - { - CreateDate: &time.Time{}, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - SortPolicyVersions(tt.args.policyVersions) - if tt.args.policyVersions[0].CreateDate.After(*tt.args.policyVersions[1].CreateDate) { - t.Errorf("SortPolicyVersions() = %v", tt.args.policyVersions) - } - }) - } -} - -func TestJsonDecodePolicyDocument(t *testing.T) { - type args struct { - policyDocumentJson *string - } - tests := []struct { - name string - args args - want Policy - }{ - { - name: "JsonDecodePolicyDocument", - args: args{ - policyDocumentJson: aws.String("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}]}"), - }, - want: Policy{ - Version: "2012-10-17", - Statements: []Statement{ - { - Effect: "Allow", - Action: []string{"*"}, - Resource: []string{"*"}, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := JsonDecodePolicyDocument(tt.args.policyDocumentJson); !reflect.DeepEqual(got, tt.want) { - t.Errorf("JsonDecodePolicyDocument() = %v, want %v", got, tt.want) - } - }) - } -} diff --git a/plugins/aws/iam/iam.go b/plugins/aws/iam/iam.go deleted file mode 100644 index 7ae8da6..0000000 --- a/plugins/aws/iam/iam.go +++ /dev/null @@ -1,41 +0,0 @@ -package iam - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - users := GetAllUsers(s) - mfaForUsers := GetMfaForUsers(s, users) - accessKeysForUsers := GetAccessKeysForUsers(s, users) - UserToPolicies := GetUserPolicies(users, s) - UserToPoliciesElevated := GetUserToPoliciesElevate(UserToPolicies) - - go yatas.CheckTest(checkConfig.Wg, c, "AWS_IAM_001", CheckIf2FAActivated)(checkConfig, mfaForUsers, "AWS_IAM_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_IAM_002", CheckAgeAccessKeyLessThan90Days)(checkConfig, accessKeysForUsers, "AWS_IAM_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_IAM_003", CheckIfUserCanElevateRights)(checkConfig, UserToPoliciesElevated, "AWS_IAM_003") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_IAM_004", CheckIfUserLastPasswordUse120Days)(checkConfig, users, "AWS_IAM_004") - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/iam/iamAccessKeyAge.go b/plugins/aws/iam/iamAccessKeyAge.go deleted file mode 100644 index 6f9e0d1..0000000 --- a/plugins/aws/iam/iamAccessKeyAge.go +++ /dev/null @@ -1,31 +0,0 @@ -package iam - -import ( - "fmt" - "time" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckAgeAccessKeyLessThan90Days(checkConfig yatas.CheckConfig, accessKeysForUsers []AccessKeysForUser, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("IAM access key younger than 90 days", "Check if all users have access key less than 90 days", testName) - for _, accesskeyforuser := range accessKeysForUsers { - now := time.Now() - for _, accessKey := range accesskeyforuser.AccessKeys { - if now.Sub(*accessKey.CreateDate).Hours() > 2160 { - Message := "Access key " + *accessKey.AccessKeyId + " is older than 90 days on " + accesskeyforuser.UserName - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: accesskeyforuser.UserName} - check.AddResult(result) - - } else { - Message := "Access key " + *accessKey.AccessKeyId + " is younger than 90 days on " + accesskeyforuser.UserName - result := yatas.Result{Status: "OK", Message: Message, ResourceID: accesskeyforuser.UserName} - check.AddResult(result) - } - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/iam/iamAccessKeyAge_test.go b/plugins/aws/iam/iamAccessKeyAge_test.go deleted file mode 100644 index bf80738..0000000 --- a/plugins/aws/iam/iamAccessKeyAge_test.go +++ /dev/null @@ -1,109 +0,0 @@ -package iam - -import ( - "sync" - "testing" - "time" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/iam/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckAgeAccessKeyLessThan90Days(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - accessKeysForUsers []AccessKeysForUser - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if all users have access key less than 90 days", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - accessKeysForUsers: []AccessKeysForUser{ - { - UserName: "test", - AccessKeys: []types.AccessKeyMetadata{ - { - AccessKeyId: aws.String("test"), - CreateDate: aws.Time(time.Now()), - }, - }, - }, - }, - testName: "Check if all users have access key less than 90 days", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckAgeAccessKeyLessThan90Days(tt.args.checkConfig, tt.args.accessKeysForUsers, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckAgeAccessKeyLessThan90Days() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckAgeAccessKeyLessThan90DaysFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - accessKeysForUsers []AccessKeysForUser - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if all users have access key less than 90 days", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - accessKeysForUsers: []AccessKeysForUser{ - { - UserName: "test", - AccessKeys: []types.AccessKeyMetadata{ - { - AccessKeyId: aws.String("test"), - CreateDate: aws.Time(time.Now().Add(-time.Hour * 24 * 91)), - }, - }, - }, - }, - testName: "Check if all users have access key less than 90 days", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckAgeAccessKeyLessThan90Days(tt.args.checkConfig, tt.args.accessKeysForUsers, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckAgeAccessKeyLessThan90Days() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/iam/iamElevateRights.go b/plugins/aws/iam/iamElevateRights.go deleted file mode 100644 index a6ddafc..0000000 --- a/plugins/aws/iam/iamElevateRights.go +++ /dev/null @@ -1,82 +0,0 @@ -package iam - -import ( - "fmt" - "regexp" - "strings" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfUserCanElevateRights(checkConfig yatas.CheckConfig, userToPolociesElevated []UserToPoliciesElevate, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("IAM User can't elevate rights", "Check if users can elevate rights", testName) - for _, userPol := range userToPolociesElevated { - if len(userPol.Policies) > 0 { - var Message string - if len(userPol.Policies) > 3 { - Message = "User " + userPol.UserName + " can elevate rights with " + fmt.Sprint(userPol.Policies[len(userPol.Policies)-3:]) + " only last 3 policies" - } else { - Message = "User " + userPol.UserName + " can elevate rights with " + fmt.Sprint(userPol.Policies) - } - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: userPol.UserName} - check.AddResult(result) - - } else { - Message := "User " + userPol.UserName + " cannot elevate rights" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: userPol.UserName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} - -func CheckPolicyForAllowInRequiredPermission(policies []Policy, requiredPermission [][]string) [][]string { - // Extract all allow statements from policy - allowStatements := make([]Statement, 0) - for _, policy := range policies { - for _, statement := range policy.Statements { - if statement.Effect == "Allow" { - allowStatements = append(allowStatements, statement) - } - } - } - var permissionElevationPossible = [][]string{} - // Check if any statement is in requiredPermissions - for _, permissions := range requiredPermissions { - // Create a map of permissions and false - permissionMap := make(map[string]bool) - for _, permission := range permissions { - permissionMap[permission] = false - } - for _, permission := range permissions { - for _, statement := range allowStatements { - for _, actions := range statement.Action { - actions = strings.ReplaceAll(actions, "*", ".*") - // If regex actions matches permission actions, return true - found, err := regexp.MatchString(actions, permission) - if err != nil { - panic(err) - } - if found { - permissionMap[permission] = true - } - } - } - } - // If all permissions are true, return true - permissionsBool := true - for _, permission := range permissionMap { - if !permission { - permissionsBool = false - } - } - if permissionsBool { - permissionElevationPossible = append(permissionElevationPossible, permissions) - } - } - - return permissionElevationPossible -} diff --git a/plugins/aws/iam/iamElevateRights_test.go b/plugins/aws/iam/iamElevateRights_test.go deleted file mode 100644 index 868f0b2..0000000 --- a/plugins/aws/iam/iamElevateRights_test.go +++ /dev/null @@ -1,98 +0,0 @@ -package iam - -import ( - "sync" - "testing" - - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfUserCanElevateRights(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - userToPolociesElevated []UserToPoliciesElevate - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if users can elevate rights", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - userToPolociesElevated: []UserToPoliciesElevate{ - { - UserName: "test", - Policies: [][]string{}, - }, - }, - testName: "AWS_IAM_003", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfUserCanElevateRights(tt.args.checkConfig, tt.args.userToPolociesElevated, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfUserCanElevateRights() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfUserCanElevateRightsFAIL(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - userToPolociesElevated []UserToPoliciesElevate - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if users can elevate rights", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - userToPolociesElevated: []UserToPoliciesElevate{ - { - UserName: "test", - Policies: [][]string{ - {"test"}, - }, - }, - }, - testName: "AWS_IAM_003", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfUserCanElevateRights(tt.args.checkConfig, tt.args.userToPolociesElevated, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfUserCanElevateRights() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/iam/iamMFA.go b/plugins/aws/iam/iamMFA.go deleted file mode 100644 index d075df6..0000000 --- a/plugins/aws/iam/iamMFA.go +++ /dev/null @@ -1,26 +0,0 @@ -package iam - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIf2FAActivated(checkConfig yatas.CheckConfig, mfaForUsers []MFAForUser, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("IAM Users have 2FA activated", "Check if all users have 2FA activated", testName) - for _, mfaForUser := range mfaForUsers { - if len(mfaForUser.MFAs) == 0 { - Message := "2FA is not activated on " + mfaForUser.UserName - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: mfaForUser.UserName} - check.AddResult(result) - } else { - Message := "2FA is activated on " + mfaForUser.UserName - result := yatas.Result{Status: "OK", Message: Message, ResourceID: mfaForUser.UserName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/iam/iamMFA_test.go b/plugins/aws/iam/iamMFA_test.go deleted file mode 100644 index b5e7a06..0000000 --- a/plugins/aws/iam/iamMFA_test.go +++ /dev/null @@ -1,58 +0,0 @@ -package iam - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/iam/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIf2FAActivated(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - mfaForUsers []MFAForUser - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if all users have 2FA activated", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - mfaForUsers: []MFAForUser{ - { - UserName: "test", - MFAs: []types.MFADevice{ - { - SerialNumber: aws.String("test"), - }, - }, - }, - }, - testName: "Check if all users have 2FA activated", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIf2FAActivated(tt.args.checkConfig, tt.args.mfaForUsers, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIf2FAActivated() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/iam/iamUserInactive.go b/plugins/aws/iam/iamUserInactive.go deleted file mode 100644 index ab7fbcb..0000000 --- a/plugins/aws/iam/iamUserInactive.go +++ /dev/null @@ -1,34 +0,0 @@ -package iam - -import ( - "fmt" - "time" - - "github.com/aws/aws-sdk-go-v2/service/iam/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfUserLastPasswordUse120Days(checkConfig yatas.CheckConfig, users []types.User, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("IAM Users have not used their password for 120 days", "Check if all users have not used their password for 120 days", testName) - for _, user := range users { - if user.PasswordLastUsed != nil { - if time.Since(*user.PasswordLastUsed).Hours() > 120*24 { - Message := "Password has not been used for more than 120 days on " + *user.UserName - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *user.UserName} - check.AddResult(result) - } else { - Message := "Password has been used in the last 120 days on " + *user.UserName - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *user.UserName} - check.AddResult(result) - } - } else { - Message := "Password has never been used on " + *user.UserName - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *user.UserName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/iam/iamUserInactive_test.go b/plugins/aws/iam/iamUserInactive_test.go deleted file mode 100644 index 706e1ed..0000000 --- a/plugins/aws/iam/iamUserInactive_test.go +++ /dev/null @@ -1,91 +0,0 @@ -package iam - -import ( - "sync" - "testing" - "time" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/iam/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfUserLastPasswordUse120Days(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - users []types.User - testName string - } - tests := []struct { - name string - args args - want string - }{ - { - name: "TestCheckIfUserLastPasswordUse120Days", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - users: []types.User{}, - testName: "AWS_IAM_001", - }, - want: "OK", - }, - { - name: "TestCheckIfUserLastPasswordUse120Days", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - users: []types.User{ - { - PasswordLastUsed: nil, - UserName: aws.String("test"), - }, - }, - testName: "AWS_IAM_001", - }, - want: "FAIL", - }, - { - name: "TestCheckIfUserLastPasswordUse120Days", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - users: []types.User{ - { - PasswordLastUsed: aws.Time(time.Now().Add(-121 * 24 * time.Hour)), - UserName: aws.String("test"), - }, - }, - testName: "AWS_IAM_001", - }, - want: "FAIL", - }, - { - name: "TestCheckIfUserLastPasswordUse120Days", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - users: []types.User{ - { - PasswordLastUsed: aws.Time(time.Now().Add(-20 * 24 * time.Hour)), - UserName: aws.String("test"), - }, - }, - testName: "AWS_IAM_001", - }, - want: "OK", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfUserLastPasswordUse120Days(tt.args.checkConfig, tt.args.users, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != tt.want { - t.Errorf("CheckIfUserLastPasswordUse120Days() = %v, want %v", check.Status, tt.want) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/iam/struct.go b/plugins/aws/iam/struct.go deleted file mode 100644 index 4dfa52a..0000000 --- a/plugins/aws/iam/struct.go +++ /dev/null @@ -1,26 +0,0 @@ -package iam - -// Policy represents an AWS IAM policy document -type Policy struct { - Version string `json:"Version"` - ID string `json:"ID,omitempty"` - Statements []Statement `json:"Statement"` -} - -// Statement represents the body of an AWS IAM policy document -type Statement struct { - StatementID string `json:"StatementID,omitempty"` // Statement ID, service specific - Effect string `json:"Effect"` // Allow or Deny - Principal map[string][]string `json:"Principal,omitempty"` // principal that is allowed or denied - NotPrincipal map[string][]string `json:"NotPrincipal,omitempty"` // exception to a list of principals - Action []string `json:"Action"` // allowed or denied action - NotAction []string `json:"NotAction,omitempty"` // matches everything except - Resource []string `json:"Resource,omitempty"` // object or objects that the statement covers - NotResource []string `json:"NotResource,omitempty"` // matches everything except - Condition []string `json:"Condition,omitempty"` // conditions for when a policy is in effect -} - -type UserPolicies struct { - UserName string - Policies []Policy -} diff --git a/plugins/aws/iam/unmarshal_policy.go b/plugins/aws/iam/unmarshal_policy.go deleted file mode 100644 index d83c834..0000000 --- a/plugins/aws/iam/unmarshal_policy.go +++ /dev/null @@ -1,197 +0,0 @@ -// Package policy provides a custom function to unmarshal AWS policies. -package iam - -import ( - "encoding/json" - "fmt" - - "github.com/mitchellh/mapstructure" - "github.com/rs/zerolog/log" -) - -// UnmarshalJSON decodifies input JSON info to awsPolicy type -func (policyJSON *Policy) UnmarshalJSON(policy []byte) error { - - var raw interface{} - var err error - var statementList []Statement - - err = json.Unmarshal(policy, &raw) - if err != nil { - return err - } - // Parsing content of JSON element as empty interface - switch object := raw.(type) { - // All elelements - case map[string]interface{}: - for key, value := range object { - switch key { - case "Version": - policyJSON.Version = value.(string) - case "ID": - policyJSON.ID = value.(string) - case "Statement": - statementList = make([]Statement, 0) - // Statement level - slice -> []interface{} , single element -> map[string]interface - switch statement := value.(type) { - // Statement slice -> iterate over elements, parse and store into slice - case []interface{}: - // statement slice - // iterate over statements - for _, statementValue := range statement { - statement := Statement{} - // Type assertion to format info - statementMap := statementValue.(map[string]interface{}) - // Parse statement - statement.Parse(statementMap) - // Append statement to slice - statementList = append(statementList, statement) - } - // Single statement -> parse and store it into slice - case map[string]interface{}: - statementMap := Statement{} - // Parse statement - statementMap.Parse(statement) - statementList = append(statementList, statementMap) - } - // Assign statements slice to Policy - policyJSON.Statements = statementList - } - } - } - return err -} - -// Parse decodifies input JSON info into Statement type -func (statementJSON *Statement) Parse(statement map[string]interface{}) { - - // Definitions - var principal, notPrincipal, action, notAction, resource, notResource, condition []string - var err error - - /* Iterate over map elements, each key element (statementKey) is the statement element - identifer and each value element (statementValue) the statement element value */ - for statementKey, statementValue := range statement { - // Switch case over key type (identifying Statement elements) - switch statementKey { - case "StatementID": - // Type assertion to assign - statementJSON.StatementID = statementValue.(string) - case "Effect": - // Type assertion to assign - statementJSON.Effect = statementValue.(string) - case "Principal": - // principal(statementValue) can be map[string][]string/string -> needs processing - // Initialize map - statementJSON.Principal = make(map[string][]string) - // procesing map - mapStatement := statementValue.(map[string]interface{}) - // iterate over key principal (keyPrincipal) and value principal (valuePrincipal) - for keyPrincipal, valuePrincipal := range mapStatement { - // valuePrincipal can be string or []string - switch valuePrincipal := valuePrincipal.(type) { - case string: - // As map each element is identified with a key and has a value - principal = make([]string, 0) - statementJSON.Principal[keyPrincipal] = append(principal, valuePrincipal) - case []interface{}: - /* If value is an interface we know we have an []string -> knowing final type - we can use mapstructure (which uses reflect) to store as final type */ - err = mapstructure.Decode(statementValue, &statementJSON.Principal) - if err != nil { - log.Error().Str("Error parsing policies", "Error using mapstructure parsing Policy statement principal element").Err(err).Msg("") - } - } - } - case "NotPrincipal": - // Same case as principal - // notprincipal has to be statementValue = map[string][]string/string -> needs processing - // Same procedure as Principal - // Intialize map - statementJSON.NotPrincipal = make(map[string][]string) - // procesing map (statementValue) - mapStatement := statementValue.(map[string]interface{}) - for keyNotPrincipal, valueNotPrincipal := range mapStatement { - // valueNotPrincipal can be string or []string - switch vnp := valueNotPrincipal.(type) { - case string: - notPrincipal = make([]string, 0) - statementJSON.NotPrincipal[keyNotPrincipal] = append(notPrincipal, vnp) - case []interface{}: - err = mapstructure.Decode(statementValue, &statementJSON.NotPrincipal) - if err != nil { - log.Error().Str("Error parsing policies", "Error using mapstructure parsing Policy statement not principal element").Err(err).Msg("") - } - } - } - case "Action": - // We only have now string or []string, process with type assertion and mapstructure - // Action can be string or []string - switch statementValue := statementValue.(type) { - case string: - action = make([]string, 0) - statementJSON.Action = append(action, statementValue) - case []interface{}: - err = mapstructure.Decode(statementValue, &statementJSON.Action) - if err != nil { - log.Error().Str("Error parsing policies", "Error using mapstructure parsing Policy statement action element").Err(err).Msg("") - } - } - case "NotAction": - // Same as Action - // NotAction can be string or []string - switch statementValue := statementValue.(type) { - case string: - notAction = make([]string, 0) - statementJSON.NotAction = append(notAction, statementValue) - case []interface{}: - err = mapstructure.Decode(statementValue, &statementJSON.NotAction) - if err != nil { - log.Error().Str("Error parsing policies", "Error using mapstructure parsing Policy statement not action element").Err(err).Msg("") - } - } - case "Resource": - // Same as Action - // Resource can be string or []string - switch statementValue := statementValue.(type) { - case string: - resource = make([]string, 0) - statementJSON.Resource = append(resource, statementValue) - case []interface{}: - err = mapstructure.Decode(statementValue, &statementJSON.Resource) - if err != nil { - log.Error().Str("Error parsing policies", "Error using mapstructure parsing Policy statement resource element").Err(err).Msg("") - } - } - case "NotResource": - // Same as Action - // NotResource can be string or []string - switch statementValue := statementValue.(type) { - case string: - notResource = make([]string, 0) - statementJSON.NotResource = append(notResource, statementValue) - case []interface{}: - err = mapstructure.Decode(statementValue, &statementJSON.NotResource) - if err != nil { - log.Error().Str("Error parsing policies", "Error using mapstructure parsing Policy statement not resource element").Err(err).Msg("") - } - } - case "Condition": - // Condition can be string, []string or map(lot of options) - switch statementValue := statementValue.(type) { - case string: - condition = make([]string, 0) - statementJSON.Condition = append(condition, statementValue) - case []interface{}: - err = mapstructure.Decode(statementValue, &statementJSON.Condition) - if err != nil { - log.Error().Str("Error parsing policies", "Error using mapstructure parsing Policy statement condition element").Err(err).Msg("") - } - // If map format as raw text and store it as string - case map[string]interface{}: - condition = make([]string, 0) - statementJSON.Condition = append(condition, fmt.Sprintf("%v", statementValue)) - } - } - } -} diff --git a/plugins/aws/iam/unmarshal_policy_test.go b/plugins/aws/iam/unmarshal_policy_test.go deleted file mode 100644 index fe29fef..0000000 --- a/plugins/aws/iam/unmarshal_policy_test.go +++ /dev/null @@ -1,144 +0,0 @@ -// Package policy provides a custom function to unmarshal AWS policies. -package iam - -import "testing" - -func TestPolicy_UnmarshalJSON(t *testing.T) { - type fields struct { - Version string - ID string - Statements []Statement - } - type args struct { - policy []byte - } - tests := []struct { - name string - fields fields - args args - wantErr bool - }{ - { - name: "UnmarshalJSON", - fields: fields{ - Version: "", - ID: "", - Statements: nil, - }, - args: args{ - policy: []byte(`{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "", - "Effect": "Allow", - "Action": "*", - "Resource": "*", - "NotAction": "*", - "Condition": { - "IpAddress": { - "aws:SourceIp": "" - } - }, - "Principal": { - "AWS": "*" - } - } - ] - }`), - }, - wantErr: false, - }, - { - name: "UnmarshalJSON", - fields: fields{ - Version: "", - ID: "", - Statements: nil, - }, - args: args{ - policy: []byte(`{ - "Version": "2012-10-17", - "Statement": - { - "StatementID": "", - "Sid": "", - "Effect": "Allow", - "Action": "*", - "Resource": "*", - "NotPrincipal": { - "AWS": "*" - } - } - - }`), - }, - wantErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - policyJSON := &Policy{ - Version: tt.fields.Version, - ID: tt.fields.ID, - Statements: tt.fields.Statements, - } - if err := policyJSON.UnmarshalJSON(tt.args.policy); (err != nil) != tt.wantErr { - t.Errorf("Policy.UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr) - } - }) - } -} - -func TestPolicy_UnmarshalJSONFail(t *testing.T) { - type fields struct { - Version string - ID string - Statements []Statement - } - type args struct { - policy []byte - } - tests := []struct { - name string - fields fields - args args - wantErr bool - }{ - { - name: "UnmarshalJSON", - fields: fields{ - Version: "", - ID: "", - Statements: nil, - }, - args: args{ - policy: []byte(`{ - "Version": "2012-10-17", - "ID": "", - "Statements": [ - { - "Sid": "", - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - }`), - }, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - policyJSON := &Policy{ - Version: tt.fields.Version, - ID: tt.fields.ID, - Statements: tt.fields.Statements, - } - if err := policyJSON.UnmarshalJSON(tt.args.policy); (err == nil) != tt.wantErr { - t.Errorf("Policy.UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr) - } - }) - } -} diff --git a/plugins/aws/iam/userElevationConst.go b/plugins/aws/iam/userElevationConst.go deleted file mode 100644 index 065f213..0000000 --- a/plugins/aws/iam/userElevationConst.go +++ /dev/null @@ -1,33 +0,0 @@ -package iam - -// Extracts all the value below ### Required Permission(s) and ### Potential Impact and creates an array of objects with the values in golang format -var requiredPermissions = [][]string{ - {"iam:CreatePolicyVersion"}, - {"iam:SetDefaultPolicyVersion"}, - {"iam:PassRole", "ec2:RunInstances"}, - {"iam:CreateAccessKey"}, - {"iam:CreateLoginProfile"}, - {"iam:UpdateLoginProfile"}, - {"iam:AttachUserPolicy"}, - {"iam:AttachGroupPolicy"}, - {"iam:AttachRolePolicy"}, - {"iam:PutUserPolicy"}, - {"iam:PutGroupPolicy"}, - {"iam:PutRolePolicy"}, - {"iam:AddUserToGroup"}, - {"iam:UpdateAssumeRolePolicy", "sts:AssumeRole"}, - {"iam:PassRole", "lambda:CreateFunction", "lambda:InvokeFunction"}, - {"iam:PassRole", "lambda:CreateFunction", "lambda:AddPermission"}, - {"iam:PassRole", "lambda:CreateFunction", "lambda:CreateEventSource"}, - {"lambda:UpdateFunctionCode"}, - {"iam:PassRole", "glue:CreateDevEndpoint"}, - {"glue:UpdateDevEndpoint"}, - {"iam:PassRole", "cloudformation:CreateStack"}, - {"iam:PassRole", "datapipeline:CreatePipeline", "datapipeline:PutPipeline"}, - {"codestar:CreateProjectFromTemplate", "iam:PassRole"}, - {"codestar:CreateProject", "iam:PassRole"}, - {"codestar:CreateProject", "codeStar:AssociateTeamMember"}, - {"lambda:UpdateFunctionConfiguration"}, - {"sagemaker:CreateNotebookInstance", "sagemaker:CreatePresignedNotebookInstanceUrl", "iam:PassRole"}, - {"sagemaker:CreatePresignedNotebookInstanceUrl"}, -} diff --git a/plugins/aws/lambda/getter.go b/plugins/aws/lambda/getter.go deleted file mode 100644 index 9f31a38..0000000 --- a/plugins/aws/lambda/getter.go +++ /dev/null @@ -1,35 +0,0 @@ -package lambda - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/lambda" - "github.com/aws/aws-sdk-go-v2/service/lambda/types" -) - -func GetLambdas(s aws.Config) []types.FunctionConfiguration { - svc := lambda.NewFromConfig(s) - var lambdas []types.FunctionConfiguration - input := &lambda.ListFunctionsInput{ - MaxItems: aws.Int32(100), - } - result, err := svc.ListFunctions(context.TODO(), input) - lambdas = append(lambdas, result.Functions...) - if err != nil { - panic(err) - } - for { - if result.NextMarker != nil { - input.Marker = result.NextMarker - result, err = svc.ListFunctions(context.TODO(), input) - lambdas = append(lambdas, result.Functions...) - if err != nil { - panic(err) - } - } else { - break - } - } - return lambdas -} diff --git a/plugins/aws/lambda/lambda.go b/plugins/aws/lambda/lambda.go deleted file mode 100644 index cee31b5..0000000 --- a/plugins/aws/lambda/lambda.go +++ /dev/null @@ -1,36 +0,0 @@ -package lambda - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - lambdas := GetLambdas(s) - - go yatas.CheckTest(checkConfig.Wg, c, "AWS_LMD_001", CheckIfLambdaPrivate)(checkConfig, lambdas, "AWS_LMD_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_LMD_002", CheckIfLambdaInSecurityGroup)(checkConfig, lambdas, "AWS_LMD_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_LMD_003", CheckIfLambdaNoErrors)(checkConfig, lambdas, "AWS_LMD_003") - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/lambda/lambdaNoErrors.go b/plugins/aws/lambda/lambdaNoErrors.go deleted file mode 100644 index a058a94..0000000 --- a/plugins/aws/lambda/lambdaNoErrors.go +++ /dev/null @@ -1,27 +0,0 @@ -package lambda - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/lambda/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfLambdaNoErrors(checkConfig yatas.CheckConfig, lambdas []types.FunctionConfiguration, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Lambdas are not with errors", "Check if all Lambdas are running smoothly", testName) - for _, lambda := range lambdas { - if lambda.StateReasonCode != types.StateReasonCodeIdle && lambda.StateReasonCode != "" { - Message := "Lambda " + *lambda.FunctionName + " is in error with code : " + string(lambda.StateReasonCode) - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *lambda.FunctionArn} - check.AddResult(result) - } else { - Message := "Lambda " + *lambda.FunctionName + " is running smoothly" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *lambda.FunctionArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/lambda/lambdaNoErrors_test.go b/plugins/aws/lambda/lambdaNoErrors_test.go deleted file mode 100644 index f55acd5..0000000 --- a/plugins/aws/lambda/lambdaNoErrors_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package lambda - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/lambda/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfLambdaNoErrors(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - lambdas []types.FunctionConfiguration - testName string - } - tests := []struct { - name string - args args - want string - }{ - { - name: "TestCheckIfLambdaNoErrors", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - lambdas: []types.FunctionConfiguration{ - { - FunctionName: aws.String("test"), - FunctionArn: aws.String("arn:aws:lambda:eu-west-3:123456789012:function:test"), - StateReasonCode: types.StateReasonCodeIdle, - }, - }, - testName: "TestCheckIfLambdaNoErrors", - }, - want: "OK", - }, - { - name: "TestCheckIfLambdaNoErrors", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - lambdas: []types.FunctionConfiguration{ - { - FunctionName: aws.String("test"), - FunctionArn: aws.String("arn:aws:lambda:eu-west-3:123456789012:function:test"), - StateReasonCode: types.StateReasonCodeEniLimitExceeded, - }, - }, - testName: "TestCheckIfLambdaNoErrors", - }, - want: "FAIL", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfLambdaNoErrors(tt.args.checkConfig, tt.args.lambdas, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for result := range tt.args.checkConfig.Queue { - if result.Status != tt.want { - t.Errorf("CheckIfLambdaNoErrors() = %v, want %v", result.Status, tt.want) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/lambda/lambdaPrivate.go b/plugins/aws/lambda/lambdaPrivate.go deleted file mode 100644 index 4031b20..0000000 --- a/plugins/aws/lambda/lambdaPrivate.go +++ /dev/null @@ -1,27 +0,0 @@ -package lambda - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/lambda/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfLambdaPrivate(checkConfig yatas.CheckConfig, lambdas []types.FunctionConfiguration, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Lambdas are private", "Check if all Lambdas are private", testName) - for _, lambda := range lambdas { - if lambda.VpcConfig == nil { - Message := "Lambda " + *lambda.FunctionName + " is public" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *lambda.FunctionArn} - check.AddResult(result) - } else { - Message := "Lambda " + *lambda.FunctionName + " is private" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *lambda.FunctionArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/lambda/lambdaPrivate_test.go b/plugins/aws/lambda/lambdaPrivate_test.go deleted file mode 100644 index cdf79bf..0000000 --- a/plugins/aws/lambda/lambdaPrivate_test.go +++ /dev/null @@ -1,101 +0,0 @@ -package lambda - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/lambda/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfLambdaPrivate(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - lambdas []types.FunctionConfiguration - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfLambdaPrivate", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - lambdas: []types.FunctionConfiguration{ - { - FunctionName: aws.String("test"), - FunctionArn: aws.String("arn:aws:lambda:us-east-1:123456789012:function:test"), - VpcConfig: &types.VpcConfigResponse{ - VpcId: aws.String("vpc-123456789012"), - }, - }, - }, - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfLambdaPrivate(tt.args.checkConfig, tt.args.lambdas, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckifLambdaPrivate() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfLambdaPrivateFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - lambdas []types.FunctionConfiguration - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfLambdaPrivate", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - lambdas: []types.FunctionConfiguration{ - { - FunctionName: aws.String("test"), - FunctionArn: aws.String("arn:aws:lambda:us-east-1:123456789012:function:test"), - }, - }, - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfLambdaPrivate(tt.args.checkConfig, tt.args.lambdas, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckifLambdaPrivate() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/lambda/lambdaSecurityGroup.go b/plugins/aws/lambda/lambdaSecurityGroup.go deleted file mode 100644 index edee0d3..0000000 --- a/plugins/aws/lambda/lambdaSecurityGroup.go +++ /dev/null @@ -1,27 +0,0 @@ -package lambda - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/lambda/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfLambdaInSecurityGroup(checkConfig yatas.CheckConfig, lambdas []types.FunctionConfiguration, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Lambdas are in a security group", "Check if all Lambdas are in a security group", testName) - for _, lambda := range lambdas { - if lambda.VpcConfig == nil || lambda.VpcConfig.SecurityGroupIds == nil { - Message := "Lambda " + *lambda.FunctionName + " is not in a security group" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *lambda.FunctionArn} - check.AddResult(result) - } else { - Message := "Lambda " + *lambda.FunctionName + " is in a security group" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *lambda.FunctionArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/lambda/lambdaSecurityGroup_test.go b/plugins/aws/lambda/lambdaSecurityGroup_test.go deleted file mode 100644 index 05ac588..0000000 --- a/plugins/aws/lambda/lambdaSecurityGroup_test.go +++ /dev/null @@ -1,105 +0,0 @@ -package lambda - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/lambda/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfLambdaInSecurityGroup(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - lambdas []types.FunctionConfiguration - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckLambdaInSecurityGroup", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - lambdas: []types.FunctionConfiguration{ - { - FunctionName: aws.String("test"), - FunctionArn: aws.String("arn:aws:lambda:us-east-1:123456789012:function:test"), - VpcConfig: &types.VpcConfigResponse{ - VpcId: aws.String("vpc-123456789012"), - SecurityGroupIds: []string{ - "sg-123456789012", - }, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfLambdaInSecurityGroup(tt.args.checkConfig, tt.args.lambdas, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckifLambdaPrivate() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfLambdaInSecurityGroupFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - lambdas []types.FunctionConfiguration - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckLambdaInSecurityGroup", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - lambdas: []types.FunctionConfiguration{ - { - FunctionName: aws.String("test"), - FunctionArn: aws.String("arn:aws:lambda:us-east-1:123456789012:function:test"), - VpcConfig: &types.VpcConfigResponse{ - VpcId: aws.String("vpc-123456789012"), - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfLambdaInSecurityGroup(tt.args.checkConfig, tt.args.lambdas, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckifLambdaPrivate() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/loadbalancers/elasticLBAccessLogs.go b/plugins/aws/loadbalancers/elasticLBAccessLogs.go deleted file mode 100644 index 387ab18..0000000 --- a/plugins/aws/loadbalancers/elasticLBAccessLogs.go +++ /dev/null @@ -1,33 +0,0 @@ -package loadbalancers - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfAccessLogsEnabled(checkConfig yatas.CheckConfig, loadBalancers []LoadBalancerAttributes, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("ELB have access logs enabled", "Check if all load balancers have access logs enabled", testName) - for _, loadBalancer := range loadBalancers { - for _, attributes := range loadBalancer.Output.Attributes { - - if *attributes.Key == "access_logs.s3.enabled" && *attributes.Value == "true" { - Message := "Access logs are enabled on : " + loadBalancer.LoadBalancerName - result := yatas.Result{Status: "OK", Message: Message, ResourceID: loadBalancer.LoadBalancerArn} - check.AddResult(result) - } else if *attributes.Key == "access_logs.s3.enabled" && *attributes.Value == "false" { - Message := "Access logs are not enabled on : " + loadBalancer.LoadBalancerName - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: loadBalancer.LoadBalancerArn} - check.AddResult(result) - } else { - continue - } - } - - } - - checkConfig.Queue <- check -} diff --git a/plugins/aws/loadbalancers/elasticLBAccessLogs_test.go b/plugins/aws/loadbalancers/elasticLBAccessLogs_test.go deleted file mode 100644 index 98cd715..0000000 --- a/plugins/aws/loadbalancers/elasticLBAccessLogs_test.go +++ /dev/null @@ -1,115 +0,0 @@ -package loadbalancers - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2" - "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfAccessLogsEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - loadBalancers []LoadBalancerAttributes - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfAccessLogsEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - loadBalancers: []LoadBalancerAttributes{ - { - LoadBalancerName: "test", - LoadBalancerArn: "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/test/1a2b3c4d5e6f", - Output: &elasticloadbalancingv2.DescribeLoadBalancerAttributesOutput{ - Attributes: []types.LoadBalancerAttribute{ - { - Key: aws.String("access_logs.s3.enabled"), - Value: aws.String("true"), - }, - }, - }, - }, - }, - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfAccessLogsEnabled(tt.args.checkConfig, tt.args.loadBalancers, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckifAccessLogsEnabled() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfAccessLogsEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - loadBalancers []LoadBalancerAttributes - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfAccessLogsEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - loadBalancers: []LoadBalancerAttributes{ - { - LoadBalancerName: "test", - LoadBalancerArn: "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/test/1a2b3c4d5e6f", - Output: &elasticloadbalancingv2.DescribeLoadBalancerAttributesOutput{ - Attributes: []types.LoadBalancerAttribute{ - { - Key: aws.String("access_logs.s3.enabled"), - Value: aws.String("false"), - }, - }, - }, - }, - }, - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfAccessLogsEnabled(tt.args.checkConfig, tt.args.loadBalancers, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckifAccessLogsEnabled() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/loadbalancers/elasticloadbalancers.go b/plugins/aws/loadbalancers/elasticloadbalancers.go deleted file mode 100644 index 95a786c..0000000 --- a/plugins/aws/loadbalancers/elasticloadbalancers.go +++ /dev/null @@ -1,34 +0,0 @@ -package loadbalancers - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - loadBalancers := GetElasticLoadBalancers(s) - la := GetLoadBalancersAttributes(s, loadBalancers) - go yatas.CheckTest(checkConfig.Wg, c, "AWS_LB_001", CheckIfAccessLogsEnabled)(checkConfig, la, "AWS_ELB_001") - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/loadbalancers/getter.go b/plugins/aws/loadbalancers/getter.go deleted file mode 100644 index 79d4236..0000000 --- a/plugins/aws/loadbalancers/getter.go +++ /dev/null @@ -1,61 +0,0 @@ -package loadbalancers - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2" - "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types" -) - -type LoadBalancerAttributes struct { - LoadBalancerArn string - LoadBalancerName string - Output *elasticloadbalancingv2.DescribeLoadBalancerAttributesOutput -} - -func GetLoadBalancersAttributes(s aws.Config, loadbalancers []types.LoadBalancer) []LoadBalancerAttributes { - svc := elasticloadbalancingv2.NewFromConfig(s) - var loadBalancerAttributes []LoadBalancerAttributes - for _, loadbalancer := range loadbalancers { - input := &elasticloadbalancingv2.DescribeLoadBalancerAttributesInput{ - LoadBalancerArn: loadbalancer.LoadBalancerArn, - } - result, err := svc.DescribeLoadBalancerAttributes(context.TODO(), input) - if err != nil { - panic(err) - } - loadBalancerAttributes = append(loadBalancerAttributes, LoadBalancerAttributes{ - LoadBalancerArn: *loadbalancer.LoadBalancerArn, - LoadBalancerName: *loadbalancer.LoadBalancerName, - Output: result, - }) - } - return loadBalancerAttributes -} - -func GetElasticLoadBalancers(s aws.Config) []types.LoadBalancer { - svc := elasticloadbalancingv2.NewFromConfig(s) - var loadBalancers []types.LoadBalancer - input := &elasticloadbalancingv2.DescribeLoadBalancersInput{ - PageSize: aws.Int32(100), - } - result, err := svc.DescribeLoadBalancers(context.TODO(), input) - if err != nil { - panic(err) - } - loadBalancers = append(loadBalancers, result.LoadBalancers...) - for { - if result.NextMarker != nil { - input.Marker = result.NextMarker - result, err = svc.DescribeLoadBalancers(context.TODO(), input) - if err != nil { - panic(err) - } - loadBalancers = append(loadBalancers, result.LoadBalancers...) - } else { - break - } - } - return loadBalancers -} diff --git a/plugins/aws/rds/getter.go b/plugins/aws/rds/getter.go deleted file mode 100644 index 0d6d5df..0000000 --- a/plugins/aws/rds/getter.go +++ /dev/null @@ -1,69 +0,0 @@ -package rds - -import ( - "context" - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" -) - -type RDSGetObjectAPI interface { - DescribeDBInstances(ctx context.Context, input *rds.DescribeDBInstancesInput, optFns ...func(*rds.Options)) (*rds.DescribeDBInstancesOutput, error) - DescribeDBClusters(ctx context.Context, input *rds.DescribeDBClustersInput, optFns ...func(*rds.Options)) (*rds.DescribeDBClustersOutput, error) -} - -func GetListRDS(svc RDSGetObjectAPI) []types.DBInstance { - logger.Debug("Getting list of RDS instances") - - params := &rds.DescribeDBInstancesInput{} - var instances []types.DBInstance - resp, err := svc.DescribeDBInstances(context.TODO(), params) - instances = append(instances, resp.DBInstances...) - if err != nil { - panic(err) - } - for { - if resp.Marker != nil { - params.Marker = resp.Marker - resp, err = svc.DescribeDBInstances(context.TODO(), params) - instances = append(instances, resp.DBInstances...) - if err != nil { - panic(err) - } - } else { - break - } - } - - logger.Debug(fmt.Sprintf("%v", resp.DBInstances)) - return instances -} - -func GetListDBClusters(svc RDSGetObjectAPI) []types.DBCluster { - logger.Debug("Getting list of RDS clusters") - - params := &rds.DescribeDBClustersInput{} - var clusters []types.DBCluster - resp, err := svc.DescribeDBClusters(context.TODO(), params) - clusters = append(clusters, resp.DBClusters...) - if err != nil { - panic(err) - } - for { - if resp.Marker != nil { - params.Marker = resp.Marker - resp, err = svc.DescribeDBClusters(context.TODO(), params) - clusters = append(clusters, resp.DBClusters...) - if err != nil { - panic(err) - } - } else { - break - } - } - - logger.Debug(fmt.Sprintf("%v", resp.DBClusters)) - return clusters -} diff --git a/plugins/aws/rds/getter_test.go b/plugins/aws/rds/getter_test.go deleted file mode 100644 index 83ad3ab..0000000 --- a/plugins/aws/rds/getter_test.go +++ /dev/null @@ -1,50 +0,0 @@ -package rds - -import ( - "context" - "testing" - - "github.com/aws/aws-sdk-go-v2/service/rds" - "github.com/aws/aws-sdk-go-v2/service/rds/types" -) - -type mockGetRdsAPI func(ctx context.Context, input *rds.DescribeDBInstancesInput) (output *rds.DescribeDBInstancesOutput, err error) - -func (m mockGetRdsAPI) DescribeDBInstances(ctx context.Context, input *rds.DescribeDBInstancesInput, optFns ...func(*rds.Options)) (*rds.DescribeDBInstancesOutput, error) { - // Return an empty list of RDS instances - return &rds.DescribeDBInstancesOutput{ - DBInstances: []types.DBInstance{}, - }, nil - -} - -func (m mockGetRdsAPI) DescribeDBClusters(ctx context.Context, input *rds.DescribeDBClustersInput, optFns ...func(*rds.Options)) (*rds.DescribeDBClustersOutput, error) { - // Return an empty list of RDS clusters - return &rds.DescribeDBClustersOutput{ - DBClusters: []types.DBCluster{}, - }, nil - -} - -func TestGetListRDS(t *testing.T) { - tests := []struct { - name string - want []types.DBInstance - }{ - { - name: "Empty list of RDS instances", - want: []types.DBInstance{}, - }, - } - mockGetRdsAPI := mockGetRdsAPI(nil) - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := GetListRDS(mockGetRdsAPI); len(got) != 0 { - t.Errorf("GetListRDS() = %+v, want %+v", got, tt.want) - } - if got := GetListDBClusters(mockGetRdsAPI); len(got) != 0 { - t.Errorf("GetListDBClusters() = %+v, want %+v", got, tt.want) - } - }) - } -} diff --git a/plugins/aws/rds/rds.go b/plugins/aws/rds/rds.go deleted file mode 100644 index cf05fbe..0000000 --- a/plugins/aws/rds/rds.go +++ /dev/null @@ -1,50 +0,0 @@ -package rds - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - svc := rds.NewFromConfig(s) - - instances := GetListRDS(svc) - clusters := GetListDBClusters(svc) - - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_001", checkIfEncryptionEnabled)(checkConfig, instances, "AWS_RDS_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_002", checkIfBackupEnabled)(checkConfig, instances, "AWS_RDS_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_003", checkIfAutoUpgradeEnabled)(checkConfig, instances, "AWS_RDS_003") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_004", checkIfRDSPrivateEnabled)(checkConfig, instances, "AWS_RDS_004") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_005", CheckIfLoggingEnabled)(checkConfig, instances, "AWS_RDS_005") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_006", CheckIfDeleteProtectionEnabled)(checkConfig, instances, "AWS_RDS_006") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_007", checkIfClusterAutoUpgradeEnabled)(checkConfig, clusters, "AWS_RDS_007") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_008", checkIfClusterBackupEnabled)(checkConfig, clusters, "AWS_RDS_008") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_009", CheckIfClusterDeleteProtectionEnabled)(checkConfig, clusters, "AWS_RDS_009") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_010", checkIfClusterEncryptionEnabled)(checkConfig, clusters, "AWS_RDS_010") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_011", CheckIfClusterLoggingEnabled)(checkConfig, clusters, "AWS_RDS_011") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_RDS_012", checkIfClusterRDSPrivateEnabled)(checkConfig, clusters, "AWS_RDS_012") - - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/rds/rdsAutoUpgrade.go b/plugins/aws/rds/rdsAutoUpgrade.go deleted file mode 100644 index b3ffb19..0000000 --- a/plugins/aws/rds/rdsAutoUpgrade.go +++ /dev/null @@ -1,27 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfAutoUpgradeEnabled(checkConfig yatas.CheckConfig, instances []types.DBInstance, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("RDS have minor versions automatically updated", "Check if RDS minor auto upgrade is enabled", testName) - for _, instance := range instances { - if !instance.AutoMinorVersionUpgrade { - Message := "RDS auto upgrade is not enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } else { - Message := "RDS auto upgrade is enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsAutoUpgrade_test.go b/plugins/aws/rds/rdsAutoUpgrade_test.go deleted file mode 100644 index 8490a00..0000000 --- a/plugins/aws/rds/rdsAutoUpgrade_test.go +++ /dev/null @@ -1,101 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfAutoUpgradeEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfAutoUpgradeEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - AutoMinorVersionUpgrade: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfAutoUpgradeEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfAutoUpgrade() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfAutoUpgradeEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfAutoUpgradeEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - AutoMinorVersionUpgrade: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfAutoUpgradeEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - t.Logf("%v", check) - if check.Status != "FAIL" { - t.Errorf("CheckIfAutoUpgrade() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsBackup.go b/plugins/aws/rds/rdsBackup.go deleted file mode 100644 index 0249c6c..0000000 --- a/plugins/aws/rds/rdsBackup.go +++ /dev/null @@ -1,27 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfBackupEnabled(checkConfig yatas.CheckConfig, instances []types.DBInstance, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("RDS are backedup automatically with PITR", "Check if RDS backup is enabled", testName) - for _, instance := range instances { - if instance.BackupRetentionPeriod == 0 { - Message := "RDS backup is not enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } else { - Message := "RDS backup is enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsBackup_test.go b/plugins/aws/rds/rdsBackup_test.go deleted file mode 100644 index eb6a3b9..0000000 --- a/plugins/aws/rds/rdsBackup_test.go +++ /dev/null @@ -1,100 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfBackupEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfBackupEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - BackupRetentionPeriod: 7, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfBackupEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfBackup() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfBackupEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfBackupEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - BackupRetentionPeriod: 0, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfBackupEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfBackup() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsClusterAutoUpgrade.go b/plugins/aws/rds/rdsClusterAutoUpgrade.go deleted file mode 100644 index 3d61da1..0000000 --- a/plugins/aws/rds/rdsClusterAutoUpgrade.go +++ /dev/null @@ -1,27 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfClusterAutoUpgradeEnabled(checkConfig yatas.CheckConfig, instances []types.DBCluster, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Aurora Clusters have minor versions automatically updated", "Check if Aurora RDS minor auto upgrade is enabled", testName) - for _, instance := range instances { - if !instance.AutoMinorVersionUpgrade { - Message := "RDS auto upgrade is not enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - } else { - Message := "RDS auto upgrade is enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsClusterAutoUpgrade_test.go b/plugins/aws/rds/rdsClusterAutoUpgrade_test.go deleted file mode 100644 index 1d85deb..0000000 --- a/plugins/aws/rds/rdsClusterAutoUpgrade_test.go +++ /dev/null @@ -1,101 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfClusterAutoUpgradeEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - clusters []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfAutoUpgradeEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - clusters: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - AutoMinorVersionUpgrade: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfClusterAutoUpgradeEnabled(tt.args.checkConfig, tt.args.clusters, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfAutoUpgrade() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfClusterAutoUpgradeEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - clusters []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfAutoUpgradeEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - clusters: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - AutoMinorVersionUpgrade: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfClusterAutoUpgradeEnabled(tt.args.checkConfig, tt.args.clusters, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - t.Logf("%v", check) - if check.Status != "FAIL" { - t.Errorf("CheckIfAutoUpgrade() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsClusterBackup.go b/plugins/aws/rds/rdsClusterBackup.go deleted file mode 100644 index 3ebfa05..0000000 --- a/plugins/aws/rds/rdsClusterBackup.go +++ /dev/null @@ -1,27 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfClusterBackupEnabled(checkConfig yatas.CheckConfig, instances []types.DBCluster, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Aurora RDS are backedup automatically with PITR", "Check if Aurora RDS backup is enabled", testName) - for _, instance := range instances { - if instance.BackupRetentionPeriod == nil || *instance.BackupRetentionPeriod == 0 { - Message := "RDS backup is not enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - } else { - Message := "RDS backup is enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsClusterBackup_test.go b/plugins/aws/rds/rdsClusterBackup_test.go deleted file mode 100644 index 8ed73dc..0000000 --- a/plugins/aws/rds/rdsClusterBackup_test.go +++ /dev/null @@ -1,100 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfClusterBackupEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfBackupEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - BackupRetentionPeriod: aws.Int32(1), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfClusterBackupEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfBackup() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfClusterBackupEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfBackupEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - BackupRetentionPeriod: aws.Int32(0), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfClusterBackupEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfBackup() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsClusterDeleteProtected.go b/plugins/aws/rds/rdsClusterDeleteProtected.go deleted file mode 100644 index 675ba6f..0000000 --- a/plugins/aws/rds/rdsClusterDeleteProtected.go +++ /dev/null @@ -1,27 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfClusterDeleteProtectionEnabled(checkConfig yatas.CheckConfig, instances []types.DBCluster, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Aurora RDS have the deletion protection enabled", "Check if Aurora RDS delete protection is enabled", testName) - for _, instance := range instances { - if instance.DeletionProtection != nil && *instance.DeletionProtection { - Message := "RDS delete protection is enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - } else { - Message := "RDS delete protection is not enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsClusterDeleteProtected_test.go b/plugins/aws/rds/rdsClusterDeleteProtected_test.go deleted file mode 100644 index 7e62da2..0000000 --- a/plugins/aws/rds/rdsClusterDeleteProtected_test.go +++ /dev/null @@ -1,100 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfClusterDeleteProtectionEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfDeleteProtectionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - DeletionProtection: aws.Bool(true), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfClusterDeleteProtectionEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfDeleteProtected() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfClusterDeleteProtectionEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfDeleteProtectionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - DeletionProtection: aws.Bool(false), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfClusterDeleteProtectionEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfDeleteProtected() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsClusterEncryption.go b/plugins/aws/rds/rdsClusterEncryption.go deleted file mode 100644 index f19b1fc..0000000 --- a/plugins/aws/rds/rdsClusterEncryption.go +++ /dev/null @@ -1,27 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfClusterEncryptionEnabled(checkConfig yatas.CheckConfig, instances []types.DBCluster, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Aurora RDS are encrypted", "Check if Aurora RDS encryption is enabled", testName) - for _, instance := range instances { - if !instance.StorageEncrypted { - Message := "RDS encryption is not enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - } else { - Message := "RDS encryption is enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsClusterEncryption_test.go b/plugins/aws/rds/rdsClusterEncryption_test.go deleted file mode 100644 index dd5f0f1..0000000 --- a/plugins/aws/rds/rdsClusterEncryption_test.go +++ /dev/null @@ -1,98 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfClusterEncryptionEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfEncryptionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfClusterEncryptionEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfClusterEncryptionEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfEncryptionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfClusterEncryptionEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsClusterLogging.go b/plugins/aws/rds/rdsClusterLogging.go deleted file mode 100644 index a813f13..0000000 --- a/plugins/aws/rds/rdsClusterLogging.go +++ /dev/null @@ -1,42 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfClusterLoggingEnabled(checkConfig yatas.CheckConfig, instances []types.DBCluster, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Aurora RDS logs are exported to cloudwatch", "Check if Aurora RDS logging is enabled", testName) - for _, instance := range instances { - if instance.EnabledCloudwatchLogsExports != nil { - found := false - for _, export := range instance.EnabledCloudwatchLogsExports { - if export == "audit" { - Message := "RDS logging is enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - found = true - - break - - } - } - if !found { - Message := "RDS logging is not enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - continue - } - } else { - Message := "RDS logging is not enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsClusterLogging_test.go b/plugins/aws/rds/rdsClusterLogging_test.go deleted file mode 100644 index 2264b2b..0000000 --- a/plugins/aws/rds/rdsClusterLogging_test.go +++ /dev/null @@ -1,102 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfClusterLoggingEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfLoggingEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - EnabledCloudwatchLogsExports: []string{ - "audit", - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfClusterLoggingEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfClusterLoggingEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfLoggingEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - EnabledCloudwatchLogsExports: nil, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfClusterLoggingEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsClusterPrivate.go b/plugins/aws/rds/rdsClusterPrivate.go deleted file mode 100644 index 7d0c74b..0000000 --- a/plugins/aws/rds/rdsClusterPrivate.go +++ /dev/null @@ -1,30 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfClusterRDSPrivateEnabled(checkConfig yatas.CheckConfig, instances []types.DBCluster, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("Aurora RDS aren't publicly accessible", "Check if Aurora RDS private is enabled", testName) - for _, instance := range instances { - if instance.PubliclyAccessible != nil && *instance.PubliclyAccessible { - Message := "RDS private is not enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - - } else { - - Message := "RDS private is enabled on " + *instance.DBClusterIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBClusterArn} - check.AddResult(result) - - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsClusterPrivate_test.go b/plugins/aws/rds/rdsClusterPrivate_test.go deleted file mode 100644 index ef4fc0e..0000000 --- a/plugins/aws/rds/rdsClusterPrivate_test.go +++ /dev/null @@ -1,102 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfClusterRDSPrivateEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfRDSPrivateEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - PubliclyAccessible: aws.Bool(false), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfClusterRDSPrivateEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - - }) - } -} - -func Test_checkIfClusterRDSPrivateEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBCluster - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfRDSPrivateEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBCluster{ - { - DBClusterIdentifier: aws.String("test"), - DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - PubliclyAccessible: aws.Bool(true), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfClusterRDSPrivateEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - - }) - } -} diff --git a/plugins/aws/rds/rdsDeleteProtected.go b/plugins/aws/rds/rdsDeleteProtected.go deleted file mode 100644 index 61834b0..0000000 --- a/plugins/aws/rds/rdsDeleteProtected.go +++ /dev/null @@ -1,27 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfDeleteProtectionEnabled(checkConfig yatas.CheckConfig, instances []types.DBInstance, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("RDS have the deletion protection enabled", "Check if RDS delete protection is enabled", testName) - for _, instance := range instances { - if instance.DeletionProtection { - Message := "RDS delete protection is enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } else { - Message := "RDS delete protection is not enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsDeleteProtected_test.go b/plugins/aws/rds/rdsDeleteProtected_test.go deleted file mode 100644 index 0aa4b25..0000000 --- a/plugins/aws/rds/rdsDeleteProtected_test.go +++ /dev/null @@ -1,100 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfDeleteProtectionEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfDeleteProtectionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - DeletionProtection: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfDeleteProtectionEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfDeleteProtected() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfDeleteProtectionEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfDeleteProtectionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - DeletionProtection: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfDeleteProtectionEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfDeleteProtected() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsEncryption.go b/plugins/aws/rds/rdsEncryption.go deleted file mode 100644 index 683d1c2..0000000 --- a/plugins/aws/rds/rdsEncryption.go +++ /dev/null @@ -1,27 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfEncryptionEnabled(checkConfig yatas.CheckConfig, instances []types.DBInstance, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("RDS are encrypted", "Check if RDS encryption is enabled", testName) - for _, instance := range instances { - if !instance.StorageEncrypted { - Message := "RDS encryption is not enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } else { - Message := "RDS encryption is enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsEncryption_test.go b/plugins/aws/rds/rdsEncryption_test.go deleted file mode 100644 index c1dda9e..0000000 --- a/plugins/aws/rds/rdsEncryption_test.go +++ /dev/null @@ -1,98 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfEncryptionEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfEncryptionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfEncryptionEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfEncryptionEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfEncryptionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfEncryptionEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsLogging.go b/plugins/aws/rds/rdsLogging.go deleted file mode 100644 index 2c22336..0000000 --- a/plugins/aws/rds/rdsLogging.go +++ /dev/null @@ -1,42 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfLoggingEnabled(checkConfig yatas.CheckConfig, instances []types.DBInstance, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("RDS logs are exported to cloudwatch", "Check if RDS logging is enabled", testName) - for _, instance := range instances { - if instance.EnabledCloudwatchLogsExports != nil { - found := false - for _, export := range instance.EnabledCloudwatchLogsExports { - if export == "audit" { - Message := "RDS logging is enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - found = true - - break - - } - } - if !found { - Message := "RDS logging is not enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - continue - } - } else { - Message := "RDS logging is not enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsLogging_test.go b/plugins/aws/rds/rdsLogging_test.go deleted file mode 100644 index cbd3cdf..0000000 --- a/plugins/aws/rds/rdsLogging_test.go +++ /dev/null @@ -1,102 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfLoggingEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfLoggingEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - EnabledCloudwatchLogsExports: []string{ - "audit", - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfLoggingEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfLoggingEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfLoggingEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - EnabledCloudwatchLogsExports: nil, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfLoggingEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/rds/rdsPrivate.go b/plugins/aws/rds/rdsPrivate.go deleted file mode 100644 index b2441c4..0000000 --- a/plugins/aws/rds/rdsPrivate.go +++ /dev/null @@ -1,27 +0,0 @@ -package rds - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfRDSPrivateEnabled(checkConfig yatas.CheckConfig, instances []types.DBInstance, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("RDS aren't publicly accessible", "Check if RDS private is enabled", testName) - for _, instance := range instances { - if instance.PubliclyAccessible { - Message := "RDS private is not enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } else { - Message := "RDS private is enabled on " + *instance.DBInstanceIdentifier - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *instance.DBInstanceArn} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/rds/rdsPrivate_test.go b/plugins/aws/rds/rdsPrivate_test.go deleted file mode 100644 index 3469bab..0000000 --- a/plugins/aws/rds/rdsPrivate_test.go +++ /dev/null @@ -1,102 +0,0 @@ -package rds - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/rds/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfRDSPrivateEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfRDSPrivateEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - PubliclyAccessible: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfRDSPrivateEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - - }) - } -} - -func Test_checkIfRDSPrivateEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - instances []types.DBInstance - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfRDSPrivateEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - instances: []types.DBInstance{ - { - DBInstanceIdentifier: aws.String("test"), - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:test"), - StorageEncrypted: true, - PubliclyAccessible: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfRDSPrivateEnabled(tt.args.checkConfig, tt.args.instances, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfRDSPrivate() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - - }) - } -} diff --git a/plugins/aws/s3/getter.go b/plugins/aws/s3/getter.go deleted file mode 100644 index 97e22b9..0000000 --- a/plugins/aws/s3/getter.go +++ /dev/null @@ -1,151 +0,0 @@ -package s3 - -import ( - "context" - "fmt" - "strings" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/s3" - "github.com/aws/aws-sdk-go-v2/service/s3/types" - "github.com/stangirard/yatas/internal/logger" -) - -func GetListS3(s aws.Config) []types.Bucket { - logger.Debug("Getting list of S3 buckets") - svc := s3.NewFromConfig(s) - - params := &s3.ListBucketsInput{} - resp, err := svc.ListBuckets(context.TODO(), params) - if err != nil { - panic(err) - } - - logger.Debug(fmt.Sprintf("%v", resp.Buckets)) - return resp.Buckets -} - -func GetListS3NotInRegion(s aws.Config, region string) []types.Bucket { - logger.Debug("Getting list of S3 buckets not in region") - svc := s3.NewFromConfig(s) - - params := &s3.ListBucketsInput{} - resp, err := svc.ListBuckets(context.TODO(), params) - if err != nil { - panic(err) - } - - var buckets []types.Bucket - for _, bucket := range resp.Buckets { - if !CheckS3Location(s, *bucket.Name, region) { - buckets = append(buckets, bucket) - } - } - logger.Debug(fmt.Sprintf("%v", buckets)) - return buckets -} - -type S3toPublicBlockAccess struct { - BucketName string - Config bool -} - -func GetS3ToPublicBlockAccess(s aws.Config, b []types.Bucket) []S3toPublicBlockAccess { - logger.Debug("Getting list of S3 buckets not in region") - svc := s3.NewFromConfig(s) - - var s3toPublicBlockAccess []S3toPublicBlockAccess - for _, bucket := range b { - params := &s3.GetPublicAccessBlockInput{ - Bucket: aws.String(*bucket.Name), - } - resp, err := svc.GetPublicAccessBlock(context.TODO(), params) - if err != nil || (resp.PublicAccessBlockConfiguration != nil && resp.PublicAccessBlockConfiguration.BlockPublicAcls) { - s3toPublicBlockAccess = append(s3toPublicBlockAccess, S3toPublicBlockAccess{*bucket.Name, true}) - } else { - s3toPublicBlockAccess = append(s3toPublicBlockAccess, S3toPublicBlockAccess{*bucket.Name, false}) - } - } - logger.Debug(fmt.Sprintf("%v", s3toPublicBlockAccess)) - return s3toPublicBlockAccess -} - -type S3ToEncryption struct { - BucketName string - Encrypted bool -} - -func GetS3ToEncryption(s aws.Config, b []types.Bucket) []S3ToEncryption { - logger.Debug("Getting list of S3 buckets not in region") - svc := s3.NewFromConfig(s) - - var s3toEncryption []S3ToEncryption - for _, bucket := range b { - params := &s3.GetBucketEncryptionInput{ - Bucket: aws.String(*bucket.Name), - } - _, err := svc.GetBucketEncryption(context.TODO(), params) - if err != nil && !strings.Contains(err.Error(), "ServerSideEncryptionConfigurationNotFoundError") { - panic(err) - } else if err != nil { - s3toEncryption = append(s3toEncryption, S3ToEncryption{*bucket.Name, false}) - } else { - s3toEncryption = append(s3toEncryption, S3ToEncryption{*bucket.Name, true}) - } - } - logger.Debug(fmt.Sprintf("%v", s3toEncryption)) - return s3toEncryption -} - -type S3ToVersioning struct { - BucketName string - Versioning bool -} - -func GetS3ToVersioning(s aws.Config, b []types.Bucket) []S3ToVersioning { - logger.Debug("Getting list of S3 buckets not in region") - svc := s3.NewFromConfig(s) - - var s3toVersioning []S3ToVersioning - for _, bucket := range b { - params := &s3.GetBucketVersioningInput{ - Bucket: aws.String(*bucket.Name), - } - resp, err := svc.GetBucketVersioning(context.TODO(), params) - if err != nil { - panic(err) - } - if resp.Status != types.BucketVersioningStatusEnabled { - s3toVersioning = append(s3toVersioning, S3ToVersioning{*bucket.Name, false}) - } else { - s3toVersioning = append(s3toVersioning, S3ToVersioning{*bucket.Name, true}) - } - } - logger.Debug(fmt.Sprintf("%v", s3toVersioning)) - return s3toVersioning -} - -type S3ToObjectLock struct { - BucketName string - ObjectLock bool -} - -func GetS3ToObjectLock(s aws.Config, b []types.Bucket) []S3ToObjectLock { - logger.Debug("Getting list of S3 buckets not in region") - svc := s3.NewFromConfig(s) - - var s3toObjectLock []S3ToObjectLock - for _, bucket := range b { - params := &s3.GetObjectLockConfigurationInput{ - Bucket: aws.String(*bucket.Name), - } - resp, err := svc.GetObjectLockConfiguration(context.TODO(), params) - if err != nil || (resp.ObjectLockConfiguration != nil && resp.ObjectLockConfiguration.ObjectLockEnabled != "Enabled") { - s3toObjectLock = append(s3toObjectLock, S3ToObjectLock{*bucket.Name, false}) - } else { - s3toObjectLock = append(s3toObjectLock, S3ToObjectLock{*bucket.Name, true}) - } - } - logger.Debug(fmt.Sprintf("%v", s3toObjectLock)) - return s3toObjectLock -} diff --git a/plugins/aws/s3/helper.go b/plugins/aws/s3/helper.go deleted file mode 100644 index ca10c07..0000000 --- a/plugins/aws/s3/helper.go +++ /dev/null @@ -1,20 +0,0 @@ -package s3 - -import "github.com/aws/aws-sdk-go-v2/service/s3/types" - -func OnlyBucketInRegion(BucketAndNotInRegion BucketAndNotInRegion) []types.Bucket { - var buckets []types.Bucket - for _, bucket := range BucketAndNotInRegion.Buckets { - found := false - for _, bucketNotInRegion := range BucketAndNotInRegion.NotInRegion { - if *bucket.Name == *bucketNotInRegion.Name { - found = true - break - } - } - if !found { - buckets = append(buckets, bucket) - } - } - return buckets -} diff --git a/plugins/aws/s3/s3.go b/plugins/aws/s3/s3.go deleted file mode 100644 index 8e4860d..0000000 --- a/plugins/aws/s3/s3.go +++ /dev/null @@ -1,83 +0,0 @@ -package s3 - -import ( - "context" - "fmt" - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/s3" - "github.com/aws/aws-sdk-go-v2/service/s3/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckS3Location(s aws.Config, bucket, region string) bool { - logger.Debug("Getting S3 location") - svc := s3.NewFromConfig(s) - - params := &s3.GetBucketLocationInput{ - Bucket: aws.String(bucket), - } - resp, err := svc.GetBucketLocation(context.TODO(), params) - if err != nil { - logger.Error(fmt.Sprintf("%v", err)) - return false - } - logger.Debug(fmt.Sprintf("%v", resp)) - - if resp.LocationConstraint != "" { - if string(resp.LocationConstraint) == region { - return true - } else { - return false - } - - } else { - return false - } -} - -type BucketAndNotInRegion struct { - Buckets []types.Bucket - NotInRegion []types.Bucket -} - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - buckets := GetListS3(s) - bucketsNotInRegion := GetListS3NotInRegion(s, s.Region) - couple := BucketAndNotInRegion{buckets, bucketsNotInRegion} - OnlyBucketInRegion := OnlyBucketInRegion(couple) - S3ToEncryption := GetS3ToEncryption(s, OnlyBucketInRegion) - S3toPublicBlockAccess := GetS3ToPublicBlockAccess(s, OnlyBucketInRegion) - S3ToVersioning := GetS3ToVersioning(s, OnlyBucketInRegion) - S3ToObjectLock := GetS3ToObjectLock(s, OnlyBucketInRegion) - - go yatas.CheckTest(checkConfig.Wg, c, "AWS_S3_001", checkIfEncryptionEnabled)(checkConfig, S3ToEncryption, "AWS_S3_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_S3_002", CheckIfBucketInOneZone)(checkConfig, couple, "AWS_S3_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_S3_003", CheckIfBucketObjectVersioningEnabled)(checkConfig, S3ToVersioning, "AWS_S3_003") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_S3_004", CheckIfObjectLockConfigurationEnabled)(checkConfig, S3ToObjectLock, "AWS_S3_004") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_S3_005", CheckIfS3PublicAccessBlockEnabled)(checkConfig, S3toPublicBlockAccess, "AWS_S3_005") - // Wait for all the goroutines to finish - - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/s3/s3Encrypted.go b/plugins/aws/s3/s3Encrypted.go deleted file mode 100644 index e200c2e..0000000 --- a/plugins/aws/s3/s3Encrypted.go +++ /dev/null @@ -1,27 +0,0 @@ -package s3 - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfEncryptionEnabled(checkConfig yatas.CheckConfig, buckets []S3ToEncryption, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("S3 are encrypted", "Check if S3 encryption is enabled", testName) - for _, bucket := range buckets { - if !bucket.Encrypted { - Message := "S3 bucket " + bucket.BucketName + " is not using encryption" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: bucket.BucketName} - check.AddResult(result) - } else { - Message := "S3 bucket " + bucket.BucketName + " is using encryption" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: bucket.BucketName} - check.AddResult(result) - } - - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/s3/s3Encrypted_test.go b/plugins/aws/s3/s3Encrypted_test.go deleted file mode 100644 index a6789bc..0000000 --- a/plugins/aws/s3/s3Encrypted_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package s3 - -import ( - "sync" - "testing" - - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfEncryptionEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - buckets []S3ToEncryption - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "check if encryption enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - buckets: []S3ToEncryption{ - { - BucketName: "test", - Encrypted: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfEncryptionEnabled(tt.args.checkConfig, tt.args.buckets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfBucketObjectVersioningEnabled() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfEncryptionEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - buckets []S3ToEncryption - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "check if encryption enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - buckets: []S3ToEncryption{ - { - BucketName: "test", - Encrypted: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfEncryptionEnabled(tt.args.checkConfig, tt.args.buckets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfBucketObjectVersioningEnabled() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/s3/s3ObjectLock.go b/plugins/aws/s3/s3ObjectLock.go deleted file mode 100644 index 3bf1781..0000000 --- a/plugins/aws/s3/s3ObjectLock.go +++ /dev/null @@ -1,27 +0,0 @@ -package s3 - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfObjectLockConfigurationEnabled(checkConfig yatas.CheckConfig, buckets []S3ToObjectLock, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("S3 buckets have a retention policy", "Check if S3 buckets are using retention policy", testName) - for _, bucket := range buckets { - if !bucket.ObjectLock { - Message := "S3 bucket " + bucket.BucketName + " is not using retention policy" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: bucket.BucketName} - check.AddResult(result) - } else { - Message := "S3 bucket " + bucket.BucketName + " is using retention policy" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: bucket.BucketName} - check.AddResult(result) - } - - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/s3/s3ObjectLock_test.go b/plugins/aws/s3/s3ObjectLock_test.go deleted file mode 100644 index 592ef08..0000000 --- a/plugins/aws/s3/s3ObjectLock_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package s3 - -import ( - "sync" - "testing" - - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfObjectLockConfigurationEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - buckets []S3ToObjectLock - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "check if object lock configuration enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - buckets: []S3ToObjectLock{ - { - BucketName: "test", - ObjectLock: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfObjectLockConfigurationEnabled(tt.args.checkConfig, tt.args.buckets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfObjectLockConfigurationEnabled() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfObjectLockConfigurationEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - buckets []S3ToObjectLock - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "check if object lock configuration enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - buckets: []S3ToObjectLock{ - { - BucketName: "test", - ObjectLock: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfObjectLockConfigurationEnabled(tt.args.checkConfig, tt.args.buckets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfObjectLockConfigurationEnabled() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/s3/s3OneRegion.go b/plugins/aws/s3/s3OneRegion.go deleted file mode 100644 index 8f7643b..0000000 --- a/plugins/aws/s3/s3OneRegion.go +++ /dev/null @@ -1,32 +0,0 @@ -package s3 - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfBucketInOneZone(checkConfig yatas.CheckConfig, buckets BucketAndNotInRegion, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("S3 buckets are not global but in one zone", "Check if S3 buckets are in one zone", testName) - for _, bucket := range buckets.Buckets { - found := false - for _, region := range buckets.NotInRegion { - if *bucket.Name == *region.Name { - Message := "S3 bucket " + *bucket.Name + " is global but should be in " + checkConfig.ConfigAWS.Region - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *bucket.Name} - check.AddResult(result) - found = true - break - } - } - if !found { - Message := "S3 bucket " + *bucket.Name + " is in " + checkConfig.ConfigAWS.Region - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *bucket.Name} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/s3/s3OneRegion_test.go b/plugins/aws/s3/s3OneRegion_test.go deleted file mode 100644 index 04dc009..0000000 --- a/plugins/aws/s3/s3OneRegion_test.go +++ /dev/null @@ -1,110 +0,0 @@ -package s3 - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/s3/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfBucketInOneZone(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - buckets BucketAndNotInRegion - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if S3 buckets are in one zone", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - buckets: BucketAndNotInRegion{ - Buckets: []types.Bucket{ - { - Name: aws.String("test"), - }, - }, - NotInRegion: []types.Bucket{ - { - Name: aws.String("toto"), - }, - }, - }, - testName: "AWS_S3_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfBucketInOneZone(tt.args.checkConfig, tt.args.buckets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfBucketInOneZone() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfBucketInOneZoneFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - buckets BucketAndNotInRegion - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Check if S3 buckets are in one zone", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - buckets: BucketAndNotInRegion{ - Buckets: []types.Bucket{ - { - Name: aws.String("test"), - }, - }, - NotInRegion: []types.Bucket{ - { - Name: aws.String("test"), - }, - }, - }, - testName: "AWS_S3_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfBucketInOneZone(tt.args.checkConfig, tt.args.buckets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfBucketInOneZone() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/s3/s3PublicAccess.go b/plugins/aws/s3/s3PublicAccess.go deleted file mode 100644 index 51e90d9..0000000 --- a/plugins/aws/s3/s3PublicAccess.go +++ /dev/null @@ -1,26 +0,0 @@ -package s3 - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfS3PublicAccessBlockEnabled(checkConfig yatas.CheckConfig, s3toPublicBlockAccess []S3toPublicBlockAccess, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("S3 bucket have public access block enabled", "Check if S3 buckets are using Public Access Block", testName) - for _, bucket := range s3toPublicBlockAccess { - if !bucket.Config { - Message := "S3 bucket " + bucket.BucketName + " is not using Public Access Block" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: bucket.BucketName} - check.AddResult(result) - } else { - Message := "S3 bucket " + bucket.BucketName + " is using Public Access Block" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: bucket.BucketName} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/s3/s3PublicAccess_test.go b/plugins/aws/s3/s3PublicAccess_test.go deleted file mode 100644 index d3ad8bc..0000000 --- a/plugins/aws/s3/s3PublicAccess_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package s3 - -import ( - "sync" - "testing" - - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfS3PublicAccessBlockEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - s3toPublicBlockAccess []S3toPublicBlockAccess - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "check if s3 public access block enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - s3toPublicBlockAccess: []S3toPublicBlockAccess{ - { - BucketName: "test", - Config: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfS3PublicAccessBlockEnabled(tt.args.checkConfig, tt.args.s3toPublicBlockAccess, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfS3PublicAccessBlockEnabled() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfS3PublicAccessBlockEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - s3toPublicBlockAccess []S3toPublicBlockAccess - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "check if s3 public access block enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - s3toPublicBlockAccess: []S3toPublicBlockAccess{ - { - BucketName: "test", - Config: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfS3PublicAccessBlockEnabled(tt.args.checkConfig, tt.args.s3toPublicBlockAccess, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfS3PublicAccessBlockEnabled() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/s3/s3Versioning.go b/plugins/aws/s3/s3Versioning.go deleted file mode 100644 index cf04416..0000000 --- a/plugins/aws/s3/s3Versioning.go +++ /dev/null @@ -1,27 +0,0 @@ -package s3 - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfBucketObjectVersioningEnabled(checkConfig yatas.CheckConfig, buckets []S3ToVersioning, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("S3 buckets are versioned", "Check if S3 buckets are using object versioning", testName) - for _, bucket := range buckets { - if !bucket.Versioning { - Message := "S3 bucket " + bucket.BucketName + " is not using object versioning" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: bucket.BucketName} - check.AddResult(result) - } else { - Message := "S3 bucket " + bucket.BucketName + " is using object versioning" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: bucket.BucketName} - check.AddResult(result) - } - - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/s3/s3Versioning_test.go b/plugins/aws/s3/s3Versioning_test.go deleted file mode 100644 index 5791e72..0000000 --- a/plugins/aws/s3/s3Versioning_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package s3 - -import ( - "sync" - "testing" - - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfBucketObjectVersioningEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - buckets []S3ToVersioning - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "check if bucket object versioning enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - buckets: []S3ToVersioning{ - { - BucketName: "test", - Versioning: true, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfBucketObjectVersioningEnabled(tt.args.checkConfig, tt.args.buckets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfBucketObjectVersioningEnabled() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfBucketObjectVersioningEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - buckets []S3ToVersioning - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "check if bucket object versioning enabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - buckets: []S3ToVersioning{ - { - BucketName: "test", - Versioning: false, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfBucketObjectVersioningEnabled(tt.args.checkConfig, tt.args.buckets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfBucketObjectVersioningEnabled() = %v", check) - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/volumes/getter.go b/plugins/aws/volumes/getter.go deleted file mode 100644 index b551b05..0000000 --- a/plugins/aws/volumes/getter.go +++ /dev/null @@ -1,67 +0,0 @@ -package volumes - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" -) - -type couple struct { - Volume []types.Volume - Snapshot []types.Snapshot -} - -// GetSnapshots returns all snapshots for an aws config -func GetSnapshots(s aws.Config) []types.Snapshot { - svc := ec2.NewFromConfig(s) - var snapshots []types.Snapshot - input := &ec2.DescribeSnapshotsInput{ - OwnerIds: []string{*aws.String("self")}, - } - result, err := svc.DescribeSnapshots(context.TODO(), input) - if err != nil { - panic(err) - } - snapshots = append(snapshots, result.Snapshots...) - for { - if result.NextToken != nil { - input.NextToken = result.NextToken - result, err = svc.DescribeSnapshots(context.TODO(), input) - snapshots = append(snapshots, result.Snapshots...) - if err != nil { - panic(err) - } - } else { - break - } - } - return snapshots -} - -// GetVolumesAndSnapshots returns all volumes for an aws config -func GetVolumes(s aws.Config) []types.Volume { - svc := ec2.NewFromConfig(s) - var volumes []types.Volume - input := &ec2.DescribeVolumesInput{} - result, err := svc.DescribeVolumes(context.TODO(), input) - if err != nil { - panic(err) - } - volumes = append(volumes, result.Volumes...) - for { - if result.NextToken != nil { - input.NextToken = result.NextToken - result, err = svc.DescribeVolumes(context.TODO(), input) - volumes = append(volumes, result.Volumes...) - if err != nil { - panic(err) - } - } else { - break - } - - } - return volumes -} diff --git a/plugins/aws/volumes/volumes.go b/plugins/aws/volumes/volumes.go deleted file mode 100644 index 5d34621..0000000 --- a/plugins/aws/volumes/volumes.go +++ /dev/null @@ -1,46 +0,0 @@ -package volumes - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -// Main function that runs all the tests and returns the results -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - logger.Debug("Starting EC2 volumes tests") - volumes := GetVolumes(s) - snapshots := GetSnapshots(s) - couples := couple{volumes, snapshots} - - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VOL_001", checkIfEncryptionEnabled)(checkConfig, volumes, "AWS_VOL_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VOL_002", CheckIfVolumesTypeGP3)(checkConfig, volumes, "AWS_VOL_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VOL_003", CheckIfAllVolumesHaveSnapshots)(checkConfig, couples, "AWS_VOL_003") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VOL_004", CheckIfVolumeIsUsed)(checkConfig, volumes, "AWS_VOL_004") - - go yatas.CheckTest(checkConfig.Wg, c, "AWS_BAK_001", CheckIfAllSnapshotsEncrypted)(checkConfig, snapshots, "AWS_BAK_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_BAK_002", CheckIfSnapshotYoungerthan24h)(checkConfig, couples, "AWS_BAK_002") - - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/volumes/volumesEncrypted.go b/plugins/aws/volumes/volumesEncrypted.go deleted file mode 100644 index b4fd926..0000000 --- a/plugins/aws/volumes/volumesEncrypted.go +++ /dev/null @@ -1,27 +0,0 @@ -package volumes - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfEncryptionEnabled(checkConfig yatas.CheckConfig, volumes []types.Volume, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EC2's volumes are encrypted", "Check if EC2 encryption is enabled", testName) - for _, volume := range volumes { - if volume.Encrypted != nil && *volume.Encrypted { - Message := "EC2 encryption is enabled on " + *volume.VolumeId - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - } else { - Message := "EC2 encryption is not enabled on " + *volume.VolumeId - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/volumes/volumesEncrypted_test.go b/plugins/aws/volumes/volumesEncrypted_test.go deleted file mode 100644 index 6ec6463..0000000 --- a/plugins/aws/volumes/volumesEncrypted_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package volumes - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfEncryptionEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - volumes []types.Volume - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfEncryptionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - volumes: []types.Volume{ - { - VolumeId: aws.String("test"), - Encrypted: aws.Bool(true), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfEncryptionEnabled(tt.args.checkConfig, tt.args.volumes, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfVolumeEncrypted() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfEncryptionEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - volumes []types.Volume - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfEncryptionEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - volumes: []types.Volume{ - { - VolumeId: aws.String("test"), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfEncryptionEnabled(tt.args.checkConfig, tt.args.volumes, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfVolumeEncrypted() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/volumes/volumesGP3.go b/plugins/aws/volumes/volumesGP3.go deleted file mode 100644 index ae7b2ec..0000000 --- a/plugins/aws/volumes/volumesGP3.go +++ /dev/null @@ -1,27 +0,0 @@ -package volumes - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfVolumesTypeGP3(checkConfig yatas.CheckConfig, volumes []types.Volume, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EC2 are using GP3", "Check if all volumes are of type gp3", testName) - for _, volume := range volumes { - if volume.VolumeType != "gp3" { - Message := "Volume " + *volume.VolumeId + " is not of type gp3" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - } else { - Message := "Volume " + *volume.VolumeId + " is of type gp3" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/volumes/volumesGP3_test.go b/plugins/aws/volumes/volumesGP3_test.go deleted file mode 100644 index 163b3e1..0000000 --- a/plugins/aws/volumes/volumesGP3_test.go +++ /dev/null @@ -1,98 +0,0 @@ -package volumes - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfVolumesTypeGP3(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - volumes []types.Volume - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfVolumesTypeGP3", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - volumes: []types.Volume{ - { - VolumeId: aws.String("test"), - Encrypted: aws.Bool(true), - VolumeType: types.VolumeTypeGp3, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfVolumesTypeGP3(tt.args.checkConfig, tt.args.volumes, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfVolumesTypeGP3() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfVolumesTypeGP3Fail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - volumes []types.Volume - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfVolumesTypeGP3", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - volumes: []types.Volume{ - { - VolumeId: aws.String("test"), - Encrypted: aws.Bool(true), - VolumeType: types.VolumeTypeSt1, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfVolumesTypeGP3(tt.args.checkConfig, tt.args.volumes, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfVolumesTypeGP3() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/volumes/volumesHasSnapshot.go b/plugins/aws/volumes/volumesHasSnapshot.go deleted file mode 100644 index 11baa41..0000000 --- a/plugins/aws/volumes/volumesHasSnapshot.go +++ /dev/null @@ -1,32 +0,0 @@ -package volumes - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfAllVolumesHaveSnapshots(checkConfig yatas.CheckConfig, snapshot2Volumes couple, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EC2 have snapshots", "Check if all volumes have snapshots", testName) - for _, volume := range snapshot2Volumes.Volume { - ok := false - for _, snapshot := range snapshot2Volumes.Snapshot { - if *snapshot.VolumeId == *volume.VolumeId { - Message := "Volume " + *volume.VolumeId + " has snapshot " + *snapshot.SnapshotId - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - ok = true - break - } - } - if !ok { - Message := "Volume " + *volume.VolumeId + " has no snapshot" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/volumes/volumesHasSnapshot_test.go b/plugins/aws/volumes/volumesHasSnapshot_test.go deleted file mode 100644 index 006e515..0000000 --- a/plugins/aws/volumes/volumesHasSnapshot_test.go +++ /dev/null @@ -1,112 +0,0 @@ -package volumes - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfAllVolumesHaveSnapshots(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - snapshot2Volumes couple - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfAllVolumesHaveSnapshots", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - snapshot2Volumes: couple{ - Snapshot: []types.Snapshot{ - { - SnapshotId: aws.String("test"), - VolumeId: aws.String("test"), - }, - }, - Volume: []types.Volume{ - { - VolumeId: aws.String("test"), - Encrypted: aws.Bool(true), - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfAllVolumesHaveSnapshots(tt.args.checkConfig, tt.args.snapshot2Volumes, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfAllVolumesHaveSnapshots() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfAllVolumesHaveSnapshotsFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - snapshot2Volumes couple - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfAllVolumesHaveSnapshots", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - snapshot2Volumes: couple{ - Snapshot: []types.Snapshot{ - { - SnapshotId: aws.String("test"), - VolumeId: aws.String("toto"), - }, - }, - Volume: []types.Volume{ - { - VolumeId: aws.String("test"), - Encrypted: aws.Bool(true), - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfAllVolumesHaveSnapshots(tt.args.checkConfig, tt.args.snapshot2Volumes, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfAllVolumesHaveSnapshots() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/volumes/volumesSnapshots24h.go b/plugins/aws/volumes/volumesSnapshots24h.go deleted file mode 100644 index 085474e..0000000 --- a/plugins/aws/volumes/volumesSnapshots24h.go +++ /dev/null @@ -1,37 +0,0 @@ -package volumes - -import ( - "fmt" - "time" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfSnapshotYoungerthan24h(checkConfig yatas.CheckConfig, vs couple, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EC2's snapshots are younger than a day old", "Check if all snapshots are younger than 24h", testName) - for _, volume := range vs.Volume { - snapshotYoungerThan24h := false - for _, snapshot := range vs.Snapshot { - if *snapshot.VolumeId == *volume.VolumeId { - creationTime := *snapshot.StartTime - if creationTime.After(time.Now().Add(-24 * time.Hour)) { - snapshotYoungerThan24h = true - break - } - } - } - if !snapshotYoungerThan24h { - Message := "Volume " + *volume.VolumeId + " has no snapshot younger than 24h" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - } else { - Message := "Volume " + *volume.VolumeId + " has snapshot younger than 24h" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/volumes/volumesSnapshots24h_test.go b/plugins/aws/volumes/volumesSnapshots24h_test.go deleted file mode 100644 index f4d760e..0000000 --- a/plugins/aws/volumes/volumesSnapshots24h_test.go +++ /dev/null @@ -1,115 +0,0 @@ -package volumes - -import ( - "sync" - "testing" - "time" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfSnapshotYoungerthan24h(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vs couple - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfSnapshotYoungerthan24h", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - vs: couple{ - Snapshot: []types.Snapshot{ - { - SnapshotId: aws.String("test"), - VolumeId: aws.String("test"), - StartTime: aws.Time(time.Now().Add(-23 * time.Hour)), - }, - }, - Volume: []types.Volume{ - { - VolumeId: aws.String("test"), - Encrypted: aws.Bool(true), - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfSnapshotYoungerthan24h(tt.args.checkConfig, tt.args.vs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfSnapshotYoungerthan24h() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfSnapshotYoungerthan24hFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vs couple - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfSnapshotYoungerthan24h", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - vs: couple{ - Snapshot: []types.Snapshot{ - { - SnapshotId: aws.String("test"), - VolumeId: aws.String("test"), - StartTime: aws.Time(time.Now().Add(-25 * time.Hour)), - }, - }, - Volume: []types.Volume{ - { - VolumeId: aws.String("test"), - Encrypted: aws.Bool(true), - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfSnapshotYoungerthan24h(tt.args.checkConfig, tt.args.vs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfSnapshotYoungerthan24h() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/volumes/volumesSnapshotsEncrypted.go b/plugins/aws/volumes/volumesSnapshotsEncrypted.go deleted file mode 100644 index e4ca0cf..0000000 --- a/plugins/aws/volumes/volumesSnapshotsEncrypted.go +++ /dev/null @@ -1,27 +0,0 @@ -package volumes - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfAllSnapshotsEncrypted(checkConfig yatas.CheckConfig, snapshots []types.Snapshot, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EC2's Snapshots are encrypted", "Check if all snapshots are encrypted", testName) - for _, snapshot := range snapshots { - if snapshot.Encrypted == nil || !*snapshot.Encrypted { - Message := "Snapshot " + *snapshot.SnapshotId + " is not encrypted" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *snapshot.SnapshotId} - check.AddResult(result) - } else { - Message := "Snapshot " + *snapshot.SnapshotId + " is encrypted" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *snapshot.SnapshotId} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/volumes/volumesSnapshotsEncrypted_test.go b/plugins/aws/volumes/volumesSnapshotsEncrypted_test.go deleted file mode 100644 index 2f1640d..0000000 --- a/plugins/aws/volumes/volumesSnapshotsEncrypted_test.go +++ /dev/null @@ -1,97 +0,0 @@ -package volumes - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfAllSnapshotsEncrypted(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - snapshots []types.Snapshot - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfAllSnapshotsEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - snapshots: []types.Snapshot{ - { - SnapshotId: aws.String("test"), - VolumeId: aws.String("test"), - Encrypted: aws.Bool(true), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfAllSnapshotsEncrypted(tt.args.checkConfig, tt.args.snapshots, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfAllSnapshotsEncrypted() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfAllSnapshotsEncryptedFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - snapshots []types.Snapshot - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfAllSnapshotsEncrypted", - args: args{ - checkConfig: yatas.CheckConfig{ - Wg: &sync.WaitGroup{}, - Queue: make(chan yatas.Check, 1), - }, - snapshots: []types.Snapshot{ - { - SnapshotId: aws.String("test"), - VolumeId: aws.String("test"), - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfAllSnapshotsEncrypted(tt.args.checkConfig, tt.args.snapshots, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfAllSnapshotsEncrypted() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/volumes/volumesUnused.go b/plugins/aws/volumes/volumesUnused.go deleted file mode 100644 index f6a4df7..0000000 --- a/plugins/aws/volumes/volumesUnused.go +++ /dev/null @@ -1,29 +0,0 @@ -package volumes - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfVolumeIsUsed(checkConfig yatas.CheckConfig, volumes []types.Volume, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("EC2's volumes are unused", "Check if EC2 volumes are unused", testName) - for _, volume := range volumes { - if volume.State != types.VolumeStateInUse && volume.State != types.VolumeStateDeleted { - Message := "EC2 volume is unused " + *volume.VolumeId - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - } else if volume.State == types.VolumeStateDeleted { - continue - } else { - Message := "EC2 volume is in use " + *volume.VolumeId - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *volume.VolumeId} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/volumes/volumesUnused_test.go b/plugins/aws/volumes/volumesUnused_test.go deleted file mode 100644 index 26cfc19..0000000 --- a/plugins/aws/volumes/volumesUnused_test.go +++ /dev/null @@ -1,100 +0,0 @@ -package volumes - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfVolumeIsUsed(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - volumes []types.Volume - testName string - } - tests := []struct { - name string - args args - want string - }{ - { - name: "Check if EC2 volumes are unused", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - volumes: []types.Volume{ - { - VolumeId: aws.String("vol-0a0a0a0a"), - State: types.VolumeStateAvailable, - }, - }, - testName: "CheckIfVolumeIsUsed", - }, - want: "FAIL", - }, - { - name: "Check if EC2 volumes are unused", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - volumes: []types.Volume{ - { - VolumeId: aws.String("vol-0a0a0a0a"), - State: types.VolumeStateError, - }, - }, - testName: "CheckIfVolumeIsUsed", - }, - want: "FAIL", - }, - { - name: "Check if EC2 volumes are unused", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - volumes: []types.Volume{ - { - VolumeId: aws.String("vol-0a0a0a0a"), - State: types.VolumeStateDeleted, - }, - { - VolumeId: aws.String("vol-0a0a0a0a"), - State: types.VolumeStateDeleted, - }, - }, - testName: "CheckIfVolumeIsUsed", - }, - want: "OK", - }, - { - name: "Check if EC2 volumes are unused", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - volumes: []types.Volume{ - { - VolumeId: aws.String("vol-0a0a0a0a"), - State: types.VolumeStateInUse, - }, - }, - testName: "CheckIfVolumeIsUsed", - }, - want: "OK", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfVolumeIsUsed(tt.args.checkConfig, tt.args.volumes, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != tt.want { - t.Errorf("CheckIfVolumeIsUsed() = %v, want %v", check.Status, tt.want) - } - tt.args.checkConfig.Wg.Done() - - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/vpc/getter.go b/plugins/aws/vpc/getter.go deleted file mode 100644 index b81d31f..0000000 --- a/plugins/aws/vpc/getter.go +++ /dev/null @@ -1,161 +0,0 @@ -package vpc - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" -) - -func GetListVPC(s aws.Config) []types.Vpc { - svc := ec2.NewFromConfig(s) - var vpcs []types.Vpc - input := &ec2.DescribeVpcsInput{} - result, err := svc.DescribeVpcs(context.TODO(), input) - if err != nil { - panic(err) - } - vpcs = append(vpcs, result.Vpcs...) - for { - if result.NextToken == nil { - break - } - input.NextToken = result.NextToken - result, err = svc.DescribeVpcs(context.TODO(), input) - if err != nil { - panic(err) - } - vpcs = append(vpcs, result.Vpcs...) - } - return vpcs -} - -type VPCToSubnet struct { - VpcID string - Subnets []types.Subnet -} - -func GetSubnetForVPCS(s aws.Config, vpcs []types.Vpc) []VPCToSubnet { - svc := ec2.NewFromConfig(s) - var vpcSubnets []VPCToSubnet - for _, vpc := range vpcs { - input := &ec2.DescribeSubnetsInput{ - Filters: []types.Filter{ - { - Name: aws.String("vpc-id"), - Values: []string{*vpc.VpcId}, - }, - }, - } - result, err := svc.DescribeSubnets(context.TODO(), input) - if err != nil { - panic(err) - } - vpcSubnets = append(vpcSubnets, VPCToSubnet{ - VpcID: *vpc.VpcId, - Subnets: result.Subnets, - }) - for { - if result.NextToken == nil { - break - } - input.NextToken = result.NextToken - result, err = svc.DescribeSubnets(context.TODO(), input) - if err != nil { - panic(err) - } - vpcSubnets = append(vpcSubnets, VPCToSubnet{ - VpcID: *vpc.VpcId, - Subnets: result.Subnets, - }) - } - } - return vpcSubnets -} - -type VpcToInternetGateway struct { - VpcID string - InternetGateways []types.InternetGateway -} - -func GetInternetGatewaysForVpc(s aws.Config, vpcs []types.Vpc) []VpcToInternetGateway { - svc := ec2.NewFromConfig(s) - var vpcInternetGateways []VpcToInternetGateway - for _, vpc := range vpcs { - input := &ec2.DescribeInternetGatewaysInput{ - Filters: []types.Filter{ - { - Name: aws.String("attachment.vpc-id"), - Values: []string{*vpc.VpcId}, - }, - }, - } - result, err := svc.DescribeInternetGateways(context.TODO(), input) - if err != nil { - panic(err) - } - vpcInternetGateways = append(vpcInternetGateways, VpcToInternetGateway{ - VpcID: *vpc.VpcId, - InternetGateways: result.InternetGateways, - }) - for { - if result.NextToken == nil { - break - } - input.NextToken = result.NextToken - result, err = svc.DescribeInternetGateways(context.TODO(), input) - if err != nil { - panic(err) - } - vpcInternetGateways = append(vpcInternetGateways, VpcToInternetGateway{ - VpcID: *vpc.VpcId, - InternetGateways: result.InternetGateways, - }) - } - } - return vpcInternetGateways -} - -type VpcToFlowLogs struct { - VpcID string - FlowLogs []types.FlowLog -} - -func GetFlowLogsForVpc(s aws.Config, vpcs []types.Vpc) []VpcToFlowLogs { - svc := ec2.NewFromConfig(s) - var vpcFlowLogs []VpcToFlowLogs - for _, vpc := range vpcs { - input := &ec2.DescribeFlowLogsInput{ - Filter: []types.Filter{ - { - Name: aws.String("resource-id"), - Values: []string{*vpc.VpcId}, - }, - }, - } - result, err := svc.DescribeFlowLogs(context.TODO(), input) - if err != nil { - panic(err) - } - vpcFlowLogs = append(vpcFlowLogs, VpcToFlowLogs{ - VpcID: *vpc.VpcId, - FlowLogs: result.FlowLogs, - }) - for { - if result.NextToken == nil { - break - } - input.NextToken = result.NextToken - result, err = svc.DescribeFlowLogs(context.TODO(), input) - if err != nil { - panic(err) - } - vpcFlowLogs = append(vpcFlowLogs, VpcToFlowLogs{ - VpcID: *vpc.VpcId, - FlowLogs: result.FlowLogs, - }) - } - } - return vpcFlowLogs -} diff --git a/plugins/aws/vpc/vpc.go b/plugins/aws/vpc/vpc.go deleted file mode 100644 index 0d6904d..0000000 --- a/plugins/aws/vpc/vpc.go +++ /dev/null @@ -1,42 +0,0 @@ -package vpc - -import ( - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/stangirard/yatas/internal/yatas" -) - -func RunChecks(wa *sync.WaitGroup, s aws.Config, c *yatas.Config, queue chan []yatas.Check) { - - var checkConfig yatas.CheckConfig - checkConfig.Init(s, c) - var checks []yatas.Check - vpcs := GetListVPC(s) - subnetsforvpcs := GetSubnetForVPCS(s, vpcs) - internetGatewaysForVpc := GetInternetGatewaysForVpc(s, vpcs) - vpcFlowLogs := GetFlowLogsForVpc(s, vpcs) - - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VPC_001", checkCIDR20)(checkConfig, vpcs, "AWS_VPC_001") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VPC_002", checkIfOnlyOneVPC)(checkConfig, vpcs, "AWS_VPC_002") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VPC_003", checkIfOnlyOneGateway)(checkConfig, internetGatewaysForVpc, "AWS_VPC_003") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VPC_004", checkIfVPCFLowLogsEnabled)(checkConfig, vpcFlowLogs, "AWS_VPC_004") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VPC_005", CheckIfAtLeast2Subnets)(checkConfig, subnetsforvpcs, "AWS_VPC_005") - go yatas.CheckTest(checkConfig.Wg, c, "AWS_VPC_006", CheckIfSubnetInDifferentZone)(checkConfig, subnetsforvpcs, "AWS_VPC_006") - go func() { - for t := range checkConfig.Queue { - t.EndCheck() - checks = append(checks, t) - if c.CheckProgress.Bar != nil { - c.CheckProgress.Bar.Increment() - } - - checkConfig.Wg.Done() - - } - }() - - checkConfig.Wg.Wait() - - queue <- checks -} diff --git a/plugins/aws/vpc/vpc2SubnetsMin.go b/plugins/aws/vpc/vpc2SubnetsMin.go deleted file mode 100644 index c102bee..0000000 --- a/plugins/aws/vpc/vpc2SubnetsMin.go +++ /dev/null @@ -1,27 +0,0 @@ -package vpc - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfAtLeast2Subnets(checkConfig yatas.CheckConfig, vpcToSubnets []VPCToSubnet, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("VPC have at least 2 subnets", "Check if VPC has at least 2 subnets", testName) - for _, vpcToSubnet := range vpcToSubnets { - - if len(vpcToSubnet.Subnets) < 2 { - Message := "VPC " + vpcToSubnet.VpcID + " has less than 2 subnets" - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: vpcToSubnet.VpcID} - check.AddResult(result) - } else { - Message := "VPC " + vpcToSubnet.VpcID + " has at least 2 subnets" - result := yatas.Result{Status: "OK", Message: Message, ResourceID: vpcToSubnet.VpcID} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/vpc/vpc2SubnetsMin_test.go b/plugins/aws/vpc/vpc2SubnetsMin_test.go deleted file mode 100644 index b8a31da..0000000 --- a/plugins/aws/vpc/vpc2SubnetsMin_test.go +++ /dev/null @@ -1,103 +0,0 @@ -package vpc - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfAtLeast2Subnets(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcToSubnets []VPCToSubnet - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfAtLeast2Subnets", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - vpcToSubnets: []VPCToSubnet{ - { - VpcID: "test", - Subnets: []types.Subnet{ - { - SubnetId: aws.String("test"), - }, - { - SubnetId: aws.String("test"), - }, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfAtLeast2Subnets(tt.args.checkConfig, tt.args.vpcToSubnets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfAtLeast2Subnets() = %v", t) - } - tt.args.checkConfig.Wg.Done() - } - - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfAtLeast2SubnetsFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcToSubnets []VPCToSubnet - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfAtLeast2Subnets", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - vpcToSubnets: []VPCToSubnet{ - { - VpcID: "test", - Subnets: []types.Subnet{ - { - SubnetId: aws.String("test"), - }, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfAtLeast2Subnets(tt.args.checkConfig, tt.args.vpcToSubnets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfAtLeast2Subnets() = %v", t) - } - tt.args.checkConfig.Wg.Done() - } - - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/vpc/vpcCIDR20.go b/plugins/aws/vpc/vpcCIDR20.go deleted file mode 100644 index 29a0094..0000000 --- a/plugins/aws/vpc/vpcCIDR20.go +++ /dev/null @@ -1,32 +0,0 @@ -package vpc - -import ( - "fmt" - "strconv" - "strings" - - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkCIDR20(checkConfig yatas.CheckConfig, vpcs []types.Vpc, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("VPC CIDRs are bigger than /20", "Check if VPC CIDR is /20 or bigger", testName) - for _, vpc := range vpcs { - cidr := *vpc.CidrBlock - // split the cidr to / and get the last part as an int - cidrInt, _ := strconv.Atoi(strings.Split(cidr, "/")[1]) - if cidrInt > 20 { - Message := "VPC CIDR is not /20 or bigger on " + *vpc.VpcId - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *vpc.VpcId} - check.AddResult(result) - } else { - Message := "VPC CIDR is /20 or bigger on " + *vpc.VpcId - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *vpc.VpcId} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/vpc/vpcCIDR20_test.go b/plugins/aws/vpc/vpcCIDR20_test.go deleted file mode 100644 index 0f9a3f3..0000000 --- a/plugins/aws/vpc/vpcCIDR20_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package vpc - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkCIDR20(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcs []types.Vpc - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkCIDR20", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - vpcs: []types.Vpc{ - { - CidrBlock: aws.String("32.32.32.0/20"), - VpcId: aws.String("test"), - }, - }, - testName: "AWS_VPC_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkCIDR20(tt.args.checkConfig, tt.args.vpcs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("checkCIDR20() = %v", t) - } - tt.args.checkConfig.Wg.Done() - } - - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkCIDR21(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcs []types.Vpc - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkCIDR20", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - vpcs: []types.Vpc{ - { - CidrBlock: aws.String("32.32.32.0/21"), - VpcId: aws.String("test"), - }, - }, - testName: "AWS_VPC_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkCIDR20(tt.args.checkConfig, tt.args.vpcs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("checkCIDR21() = %v, expected : %s", t, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/vpc/vpcFlowLogs.go b/plugins/aws/vpc/vpcFlowLogs.go deleted file mode 100644 index 8ea97a8..0000000 --- a/plugins/aws/vpc/vpcFlowLogs.go +++ /dev/null @@ -1,27 +0,0 @@ -package vpc - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfVPCFLowLogsEnabled(checkConfig yatas.CheckConfig, VpcFlowLogs []VpcToFlowLogs, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("VPC Flow Logs are activated", "Check if VPC Flow Logs are enabled", testName) - for _, vpcFlowLog := range VpcFlowLogs { - - if len(vpcFlowLog.FlowLogs) == 0 { - Message := "VPC Flow Logs are not enabled on " + vpcFlowLog.VpcID - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: vpcFlowLog.VpcID} - check.AddResult(result) - } else { - Message := "VPC Flow Logs are enabled on " + vpcFlowLog.VpcID - result := yatas.Result{Status: "OK", Message: Message, ResourceID: vpcFlowLog.VpcID} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/vpc/vpcFlowLogs_test.go b/plugins/aws/vpc/vpcFlowLogs_test.go deleted file mode 100644 index c6d9650..0000000 --- a/plugins/aws/vpc/vpcFlowLogs_test.go +++ /dev/null @@ -1,114 +0,0 @@ -package vpc - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfVPCFLowLogsEnabled(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - VpcFlowLogs []VpcToFlowLogs - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfVPCFLowLogsEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - VpcFlowLogs: []VpcToFlowLogs{ - { - VpcID: "vpc-12345678", - FlowLogs: []types.FlowLog{ - { - FlowLogId: aws.String("fl-12345678"), - }, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfVPCFLowLogsEnabled(tt.args.checkConfig, tt.args.VpcFlowLogs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("checkIfVPCFLowLogsEnabled() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfVPCFLowLogsEnabledFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - VpcFlowLogs []VpcToFlowLogs - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfVPCFLowLogsEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - VpcFlowLogs: []VpcToFlowLogs{ - { - VpcID: "vpc-12345678", - }, - }, - }, - }, - { - name: "Test_checkIfVPCFLowLogsEnabled", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - VpcFlowLogs: []VpcToFlowLogs{ - { - VpcID: "vpc-12345678", - FlowLogs: []types.FlowLog{}, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfVPCFLowLogsEnabled(tt.args.checkConfig, tt.args.VpcFlowLogs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("checkIfVPCFLowLogsEnabled() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/vpc/vpcOneGateway.go b/plugins/aws/vpc/vpcOneGateway.go deleted file mode 100644 index 6adc9cf..0000000 --- a/plugins/aws/vpc/vpcOneGateway.go +++ /dev/null @@ -1,26 +0,0 @@ -package vpc - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfOnlyOneGateway(checkConfig yatas.CheckConfig, vpcInternetGateways []VpcToInternetGateway, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("VPC only have one Gateway", "Check if VPC has only one gateway", testName) - for _, vpcInternetGateway := range vpcInternetGateways { - if len(vpcInternetGateway.InternetGateways) > 1 { - Message := "VPC has more than one gateway on " + vpcInternetGateway.VpcID - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: vpcInternetGateway.VpcID} - check.AddResult(result) - } else { - Message := "VPC has only one gateway on " + vpcInternetGateway.VpcID - result := yatas.Result{Status: "OK", Message: Message, ResourceID: vpcInternetGateway.VpcID} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/vpc/vpcOneGateway_test.go b/plugins/aws/vpc/vpcOneGateway_test.go deleted file mode 100644 index 0672c5e..0000000 --- a/plugins/aws/vpc/vpcOneGateway_test.go +++ /dev/null @@ -1,109 +0,0 @@ -package vpc - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfOnlyOneGateway(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcInternetGateways []VpcToInternetGateway - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfOnlyOneGateway", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - vpcInternetGateways: []VpcToInternetGateway{ - { - VpcID: "vpc-12345678", - InternetGateways: []types.InternetGateway{ - { - InternetGatewayId: aws.String("igw-12345678"), - }, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfOnlyOneGateway(tt.args.checkConfig, tt.args.vpcInternetGateways, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("checkIfOnlyOneGateway() = %v, want %v", check.Status, "OK") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - - }) - } -} - -func Test_checkIfOnlyOneGatewayFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcInternetGateways []VpcToInternetGateway - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfOnlyOneGateway", - args: args{ - checkConfig: yatas.CheckConfig{ - Queue: make(chan yatas.Check, 1), - Wg: &sync.WaitGroup{}, - }, - vpcInternetGateways: []VpcToInternetGateway{ - { - VpcID: "vpc-12345678", - InternetGateways: []types.InternetGateway{ - { - InternetGatewayId: aws.String("igw-12345678"), - }, - { - InternetGatewayId: aws.String("igw-12345678"), - }, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfOnlyOneGateway(tt.args.checkConfig, tt.args.vpcInternetGateways, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("checkIfOnlyOneGateway() = %v, want %v", check.Status, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - }() - tt.args.checkConfig.Wg.Wait() - - }) - } -} diff --git a/plugins/aws/vpc/vpcOnlyOne.go b/plugins/aws/vpc/vpcOnlyOne.go deleted file mode 100644 index b83e435..0000000 --- a/plugins/aws/vpc/vpcOnlyOne.go +++ /dev/null @@ -1,28 +0,0 @@ -package vpc - -import ( - "fmt" - - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func checkIfOnlyOneVPC(checkConfig yatas.CheckConfig, vpcs []types.Vpc, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("VPC can't be in the same account", "Check if VPC has only one VPC", testName) - for _, vpc := range vpcs { - if len(vpcs) > 1 { - Message := "VPC Id:" + *vpc.VpcId - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *vpc.VpcId} - check.AddResult(result) - } else { - Message := "VPC Id:" + *vpc.VpcId - result := yatas.Result{Status: "OK", Message: Message, ResourceID: *vpc.VpcId} - check.AddResult(result) - } - } - - checkConfig.Queue <- check -} diff --git a/plugins/aws/vpc/vpcOnlyOne_test.go b/plugins/aws/vpc/vpcOnlyOne_test.go deleted file mode 100644 index 4a44df7..0000000 --- a/plugins/aws/vpc/vpcOnlyOne_test.go +++ /dev/null @@ -1,98 +0,0 @@ -package vpc - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func Test_checkIfOnlyOneVPC(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcs []types.Vpc - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfOnlyOneVPC", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - vpcs: []types.Vpc{ - { - CidrBlock: aws.String("32.32.32.0/20"), - VpcId: aws.String("test"), - }, - }, - testName: "AWS_VPC_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfOnlyOneVPC(tt.args.checkConfig, tt.args.vpcs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("checkIfOnlyOneVPC() = %v, expected %s", t, "OK") - } - tt.args.checkConfig.Wg.Done() - } - - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func Test_checkIfOnlyOneVPCFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcs []types.Vpc - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "Test_checkIfOnlyOneVPC", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - vpcs: []types.Vpc{ - { - CidrBlock: aws.String("32.32.32.0/20"), - VpcId: aws.String("test"), - }, - { - CidrBlock: aws.String("32.32.32.0/20"), - VpcId: aws.String("test"), - }, - }, - testName: "AWS_VPC_001", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - checkIfOnlyOneVPC(tt.args.checkConfig, tt.args.vpcs, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("checkIfOnlyOneVPC() = %v, expected %s", t, "FAIL") - } - tt.args.checkConfig.Wg.Done() - } - - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/aws/vpc/vpcSubnetsDiffZone.go b/plugins/aws/vpc/vpcSubnetsDiffZone.go deleted file mode 100644 index eef2fd7..0000000 --- a/plugins/aws/vpc/vpcSubnetsDiffZone.go +++ /dev/null @@ -1,30 +0,0 @@ -package vpc - -import ( - "fmt" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" -) - -func CheckIfSubnetInDifferentZone(checkConfig yatas.CheckConfig, vpcToSubnets []VPCToSubnet, testName string) { - logger.Info(fmt.Sprint("Running ", testName)) - var check yatas.Check - check.InitCheck("VPC's Subnets are in different zones", "Check if Subnet are in different zone", testName) - for _, vpcToSubnet := range vpcToSubnets { - subnetsAZ := make(map[string]int) - for _, subnet := range vpcToSubnet.Subnets { - subnetsAZ[*subnet.AvailabilityZone]++ - } - if len(subnetsAZ) > 1 { - Message := "Subnets are in different zone on " + vpcToSubnet.VpcID - result := yatas.Result{Status: "OK", Message: Message, ResourceID: vpcToSubnet.VpcID} - check.AddResult(result) - } else { - Message := "Subnets are in same zone on " + vpcToSubnet.VpcID - result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: vpcToSubnet.VpcID} - check.AddResult(result) - } - } - checkConfig.Queue <- check -} diff --git a/plugins/aws/vpc/vpcSubnetsDiffZone_test.go b/plugins/aws/vpc/vpcSubnetsDiffZone_test.go deleted file mode 100644 index 8643865..0000000 --- a/plugins/aws/vpc/vpcSubnetsDiffZone_test.go +++ /dev/null @@ -1,110 +0,0 @@ -package vpc - -import ( - "sync" - "testing" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ec2/types" - "github.com/stangirard/yatas/internal/yatas" -) - -func TestCheckIfSubnetInDifferentZone(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcToSubnets []VPCToSubnet - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfSubnetInDifferentZone", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - vpcToSubnets: []VPCToSubnet{ - { - VpcID: "test", - Subnets: []types.Subnet{ - { - SubnetId: aws.String("test"), - AvailabilityZone: aws.String("test"), - }, - { - SubnetId: aws.String("test"), - AvailabilityZone: aws.String("test2"), - }, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfSubnetInDifferentZone(tt.args.checkConfig, tt.args.vpcToSubnets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "OK" { - t.Errorf("CheckIfSubnetInDifferentZone() = %v", t) - } - tt.args.checkConfig.Wg.Done() - } - - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} - -func TestCheckIfSubnetInDifferentZoneFail(t *testing.T) { - type args struct { - checkConfig yatas.CheckConfig - vpcToSubnets []VPCToSubnet - testName string - } - tests := []struct { - name string - args args - }{ - { - name: "TestCheckIfSubnetInDifferentZone", - args: args{ - checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}}, - vpcToSubnets: []VPCToSubnet{ - { - VpcID: "test", - Subnets: []types.Subnet{ - { - SubnetId: aws.String("test"), - AvailabilityZone: aws.String("test"), - }, - { - SubnetId: aws.String("test"), - AvailabilityZone: aws.String("test"), - }, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - CheckIfSubnetInDifferentZone(tt.args.checkConfig, tt.args.vpcToSubnets, tt.args.testName) - tt.args.checkConfig.Wg.Add(1) - go func() { - for check := range tt.args.checkConfig.Queue { - if check.Status != "FAIL" { - t.Errorf("CheckIfSubnetInDifferentZone() = %v", t) - } - tt.args.checkConfig.Wg.Done() - } - - }() - tt.args.checkConfig.Wg.Wait() - }) - } -} diff --git a/plugins/commons/commons.go b/plugins/commons/commons.go new file mode 100644 index 0000000..86796b3 --- /dev/null +++ b/plugins/commons/commons.go @@ -0,0 +1,63 @@ +package commons + +import ( + "net/rpc" + + "github.com/hashicorp/go-plugin" + "github.com/stangirard/yatas/internal/yatas" +) + +// Yatas is the interface that we're exposing as a plugin. +type Yatas interface { + Run(c *yatas.Config) []yatas.Tests +} + +// Here is an implementation that talks over RPC +type YatasRPC struct{ client *rpc.Client } + +func (g *YatasRPC) Run(c *yatas.Config) []yatas.Tests { + var resp []yatas.Tests + err := g.client.Call("Plugin.Run", c, &resp) + if err != nil { + // You usually want your interfaces to return errors. If they don't, + // there isn't much other choice here. + panic(err) + } + + return resp +} + +// Here is the RPC server that YatasRPC talks to, conforming to +// the requirements of net/rpc +type YatasRPCServer struct { + // This is the real implementation + Impl Yatas +} + +func (s *YatasRPCServer) Run(c *yatas.Config, resp *[]yatas.Tests) error { + *resp = s.Impl.Run(c) + return nil +} + +// This is the implementation of plugin.Plugin so we can serve/consume this +// +// This has two methods: Server must return an RPC server for this plugin +// type. We construct a YatasRPCServer for this. +// +// Client must return an implementation of our interface that communicates +// over an RPC client. We return YatasRPC for this. +// +// Ignore MuxBroker. That is used to create more multiplexed streams on our +// plugin connection and is a more advanced use case. +type YatasPlugin struct { + // Impl Injection + Impl Yatas +} + +func (p *YatasPlugin) Server(*plugin.MuxBroker) (interface{}, error) { + return &YatasRPCServer{Impl: p.Impl}, nil +} + +func (YatasPlugin) Client(b *plugin.MuxBroker, c *rpc.Client) (interface{}, error) { + return &YatasRPC{client: c}, nil +} diff --git a/plugins/manager/manager.go b/plugins/manager/manager.go new file mode 100644 index 0000000..135bf32 --- /dev/null +++ b/plugins/manager/manager.go @@ -0,0 +1,63 @@ +package manager + +import ( + "log" + "os" + "os/exec" + + hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-plugin" + "github.com/stangirard/yatas/internal/yatas" + "github.com/stangirard/yatas/plugins/commons" +) + +func RunPlugin(name string, c *yatas.Config) []yatas.Tests { + // Create an hclog.Logger + logger := hclog.New(&hclog.LoggerOptions{ + Name: "plugin", + Output: os.Stdout, + Level: hclog.Off, + }) + + // We're a host! Start by launching the plugin process. + client := plugin.NewClient(&plugin.ClientConfig{ + HandshakeConfig: handshakeConfig, + Plugins: pluginMap, + Cmd: exec.Command("./plugins/" + name + "Plugins"), + Logger: logger, + }) + defer client.Kill() + + // Connect via RPC + rpcClient, err := client.Client() + if err != nil { + log.Fatal(err) + } + + // Request the plugin + raw, err := rpcClient.Dispense(name) + if err != nil { + log.Fatal(err) + } + + // We should have a Greeter now! This feels like a normal interface + // implementation but is in fact over an RPC connection. + yatasPlugin := raw.(commons.Yatas) + + return yatasPlugin.Run(c) +} + +// handshakeConfigs are used to just do a basic handshake between +// a plugin and host. If the handshake fails, a user friendly error is shown. +// This prevents users from executing bad plugins or executing a plugin +// directory. It is a UX feature, not a security feature. +var handshakeConfig = plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "BASIC_PLUGIN", + MagicCookieValue: "hello", +} + +// pluginMap is the map of plugins we can dispense. +var pluginMap = map[string]plugin.Plugin{ + "aws": &commons.YatasPlugin{}, +} diff --git a/plugins/plugins.go b/plugins/plugins.go deleted file mode 100644 index 8d7a33e..0000000 --- a/plugins/plugins.go +++ /dev/null @@ -1,71 +0,0 @@ -package plugins - -import ( - "fmt" - "regexp" - - "github.com/stangirard/yatas/internal/logger" - "github.com/stangirard/yatas/internal/yatas" - "github.com/stangirard/yatas/plugins/aws" - "github.com/stangirard/yatas/plugins/custom" -) - -// Runs all the plugins that are enabled in the config -func Execute(c *yatas.Config) ([]yatas.Tests, error) { - - plugins := findPlugins(c) - - checks, err := runPlugins(c, plugins) - if err != nil { - return nil, err - } - - return checks, nil -} - -// Run the plugins that are enabled in the config with a switch based on the name of the plugin -func runPlugins(c *yatas.Config, plugins []string) ([]yatas.Tests, error) { - var checksAll []yatas.Tests - if c.Progress != nil { - c.AddBar("Plugins : ", "Plugins", len(plugins), 1, c.Progress) - } - - for _, plugin := range plugins { - logger.Debug(fmt.Sprint("Running plugin: ", plugin)) - var commandPat = regexp.MustCompile(`custom.*`) - switch cmd := plugin; { - case cmd == "aws": - checks, err := aws.Run(c) - checksAll = append(checksAll, checks...) - if err != nil { - return nil, err - } - case commandPat.MatchString(plugin): - checks, err := custom.Run(c, cmd) - checksAll = append(checksAll, checks) - if err != nil { - return nil, err - } - - default: - logger.Error(fmt.Sprint("Plugin not found: ", plugin)) - } - if c.Progress != nil { - c.PluginsProgress["Plugins"].Bar.Increment() - } - } - return checksAll, nil -} - -// Returns a list of plugins that are enabled in the config -func findPlugins(c *yatas.Config) []string { - var plugins []string - for _, plugin := range c.Plugins { - if plugin.Enabled { - plugins = append(plugins, plugin.Name) - } - } - logger.Debug(fmt.Sprint("Plugins Found in config: ", plugins)) - - return plugins -} diff --git a/plugins/plugins_test.go b/plugins/plugins_test.go deleted file mode 100644 index bab8b10..0000000 --- a/plugins/plugins_test.go +++ /dev/null @@ -1,49 +0,0 @@ -package plugins - -import ( - "testing" - - "github.com/stangirard/yatas/internal/yatas" -) - -var config = yatas.Config{ - Plugins: []yatas.Plugin{ - { - Name: "aws", - Enabled: true, - Description: "AWS Plugin", - Exclude: []string{}, - Include: []string{}, - }, - }, -} - -func TestFindPlugins(t *testing.T) { - plugins := findPlugins(&config) - if len(plugins) != 1 { - t.Error("Expected 1 plugin, got", len(plugins)) - } -} - -// Test the RunPlugins function -func TestRunPlugins(t *testing.T) { - plugins := findPlugins(&config) - checks, err := runPlugins(&config, plugins) - if err != nil { - t.Error(err) - } - if len(checks) != 0 { - t.Error("Expected 0 check, got", len(checks)) - } -} - -// Test the Execute function -func TestExecute(t *testing.T) { - checks, err := Execute(&config) - if err != nil { - t.Error(err) - } - if len(checks) != 0 { - t.Error("Expected 0 check, got", len(checks)) - } -}