Skip to content

Commit e90c63c

Browse files
PengyuanZhaoPengyuanZhao
authored
feat(preflight): build preflight package for AWS (#1716)
* feat(preflight): build preflight package for AWS * chore: add AWS key envs in nightly-build.yml * chore: add example arns for ParseResourceName
1 parent 17062e5 commit e90c63c

File tree

1,534 files changed

+387163
-92373
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,534 files changed

+387163
-92373
lines changed

.github/workflows/nightly-build.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,8 @@ jobs:
8989
9090
- name: Run integration tests
9191
env:
92+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
93+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
9294
CI_ACCOUNT: ${{ secrets.CI_ACCOUNT }}
9395
CI_SUBACCOUNT: ${{ secrets.CI_SUBACCOUNT }}
9496
CI_API_KEY: ${{ secrets.CI_API_KEY }}

.github/workflows/test-build.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,8 @@ jobs:
9292
9393
- name: Run integration tests
9494
env:
95+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
96+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
9597
CI_ACCOUNT: ${{ secrets.CI_ACCOUNT }}
9698
CI_SUBACCOUNT: ${{ secrets.CI_SUBACCOUNT }}
9799
CI_API_KEY: ${{ secrets.CI_API_KEY }}

go.mod

Lines changed: 20 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,10 @@ require (
1313
github.com/Masterminds/semver v1.5.0
1414
github.com/Netflix/go-expect v0.0.0-20200312175327-da48e75238e2
1515
github.com/abiosoft/colima v0.5.4
16-
github.com/aws/aws-sdk-go-v2 v1.17.3
17-
github.com/aws/aws-sdk-go-v2/config v1.18.8
18-
github.com/aws/aws-sdk-go-v2/service/ec2 v1.77.0
19-
github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect v1.14.11
16+
github.com/aws/aws-sdk-go-v2 v1.36.3
17+
github.com/aws/aws-sdk-go-v2/config v1.29.14
18+
github.com/aws/aws-sdk-go-v2/service/ec2 v1.222.0
19+
github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect v1.28.2
2020
github.com/briandowns/spinner v1.17.0
2121
github.com/cenkalti/backoff/v4 v4.2.0
2222
github.com/fatih/color v1.13.0
@@ -53,9 +53,14 @@ require (
5353
)
5454

5555
require (
56-
github.com/aws/aws-sdk-go-v2/service/iam v1.18.23
57-
github.com/aws/aws-sdk-go-v2/service/ssm v1.33.1
58-
github.com/aws/smithy-go v1.13.5
56+
github.com/aws/aws-sdk-go-v2/credentials v1.17.67
57+
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.48.4
58+
github.com/aws/aws-sdk-go-v2/service/eks v1.64.0
59+
github.com/aws/aws-sdk-go-v2/service/iam v1.42.0
60+
github.com/aws/aws-sdk-go-v2/service/organizations v1.38.3
61+
github.com/aws/aws-sdk-go-v2/service/ssm v1.59.0
62+
github.com/aws/aws-sdk-go-v2/service/sts v1.33.19
63+
github.com/aws/smithy-go v1.22.3
5964
github.com/gabriel-vasile/mimetype v1.4.8
6065
github.com/go-git/go-git/v5 v5.13.0
6166
github.com/go-resty/resty/v2 v2.11.0
@@ -82,15 +87,14 @@ require (
8287
github.com/ProtonMail/go-crypto v1.1.3 // indirect
8388
github.com/agext/levenshtein v1.2.1 // indirect
8489
github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
85-
github.com/aws/aws-sdk-go-v2/credentials v1.13.8 // indirect
86-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 // indirect
87-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect
88-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect
89-
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 // indirect
90-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect
91-
github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 // indirect
92-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 // indirect
93-
github.com/aws/aws-sdk-go-v2/service/sts v1.18.0 // indirect
90+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
91+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
92+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
93+
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
94+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
95+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
96+
github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect
97+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect
9498
github.com/cloudflare/circl v1.3.7 // indirect
9599
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
96100
github.com/cyphar/filepath-securejoin v0.2.5 // indirect
@@ -116,7 +120,6 @@ require (
116120
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
117121
github.com/inconshreveable/mousetrap v1.1.0 // indirect
118122
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
119-
github.com/jmespath/go-jmespath v0.4.0 // indirect
120123
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
121124
github.com/kevinburke/ssh_config v1.2.0 // indirect
122125
github.com/klauspost/compress v1.16.6 // indirect

go.sum

Lines changed: 40 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -52,42 +52,46 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
5252
github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
5353
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
5454
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
55-
github.com/aws/aws-sdk-go-v2 v1.17.1/go.mod h1:JLnGeGONAyi2lWXI1p0PCIOIy333JMVK1U7Hf0aRFLw=
56-
github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY=
57-
github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
58-
github.com/aws/aws-sdk-go-v2/config v1.18.8 h1:lDpy0WM8AHsywOnVrOHaSMfpaiV2igOw8D7svkFkXVA=
59-
github.com/aws/aws-sdk-go-v2/config v1.18.8/go.mod h1:5XCmmyutmzzgkpk/6NYTjeWb6lgo9N170m1j6pQkIBs=
60-
github.com/aws/aws-sdk-go-v2/credentials v1.13.8 h1:vTrwTvv5qAwjWIGhZDSBH/oQHuIQjGmD232k01FUh6A=
61-
github.com/aws/aws-sdk-go-v2/credentials v1.13.8/go.mod h1:lVa4OHbvgjVot4gmh1uouF1ubgexSCN92P6CJQpT0t8=
62-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 h1:j9wi1kQ8b+e0FBVHxCqCGo4kxDU175hoDHcWAi0sauU=
63-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21/go.mod h1:ugwW57Z5Z48bpvUyZuaPy4Kv+vEfJWnIrky7RmkBvJg=
64-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25/go.mod h1:Zb29PYkf42vVYQY6pvSyJCJcFHlPIiY+YKdPtwnvMkY=
65-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 h1:I3cakv2Uy1vNmmhRQmFptYDxOvBnwCdNwyw63N0RaRU=
66-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI=
67-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.19/go.mod h1:6Q0546uHDp421okhmmGfbxzq2hBqbXFNpi4k+Q1JnQA=
68-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 h1:5NbbMrIzmUn/TXFqAle6mgrH5m9cOvMLRGL7pnG8tRE=
69-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE=
70-
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 h1:KeTxcGdNnQudb46oOl4d90f2I33DF/c6q3RnZAmvQdQ=
71-
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28/go.mod h1:yRZVr/iT0AqyHeep00SZ4YfBAKojXz08w3XMBscdi0c=
72-
github.com/aws/aws-sdk-go-v2/service/ec2 v1.77.0 h1:m6HYlpZlTWb9vHuuRHpWRieqPHWlS0mvQ90OJNrG/Nk=
73-
github.com/aws/aws-sdk-go-v2/service/ec2 v1.77.0/go.mod h1:mV0E7631M1eXdB+tlGFIw6JxfsC7Pz7+7Aw15oLVhZw=
74-
github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect v1.14.11 h1:Sg5HvAGmEijVNjJYQZ/gIB2jOAHGPDE2XprWx05nGbA=
75-
github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect v1.14.11/go.mod h1:E29Z9YWBhILsNzaxWab92P6Wni6pdd4NVN8D4FCyNUU=
76-
github.com/aws/aws-sdk-go-v2/service/iam v1.18.23 h1:HOtW30EkfQevdv++mKguMyn8/agh1z2VuBGR4Hou/u8=
77-
github.com/aws/aws-sdk-go-v2/service/iam v1.18.23/go.mod h1:yQ92mKfw/Gg5AvgxGmfdufKEyVoa9RNBsdnB9j5Gzkk=
78-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViSb0bunmU57b3CT+MhxULqHH2721FVA+/kDM=
79-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k=
80-
github.com/aws/aws-sdk-go-v2/service/ssm v1.33.1 h1:N4aPQGoAgdUr+3F1UcuW8/WE3aM7sxzOpzDP0hWkJCg=
81-
github.com/aws/aws-sdk-go-v2/service/ssm v1.33.1/go.mod h1:rEsqsZrOp9YvSGPOrcL3pR9+i/QJaWRkAYbuxMa7yCU=
82-
github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 h1:/2gzjhQowRLarkkBOGPXSRnb8sQ2RVsjdG1C/UliK/c=
83-
github.com/aws/aws-sdk-go-v2/service/sso v1.12.0/go.mod h1:wo/B7uUm/7zw/dWhBJ4FXuw1sySU5lyIhVg1Bu2yL9A=
84-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 h1:Jfly6mRxk2ZOSlbCvZfKNS7TukSx1mIzhSsqZ/IGSZI=
85-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0/go.mod h1:TZSH7xLO7+phDtViY/KUp9WGCJMQkLJ/VpgkTFd5gh8=
86-
github.com/aws/aws-sdk-go-v2/service/sts v1.18.0 h1:kOO++CYo50RcTFISESluhWEi5Prhg+gaSs4whWabiZU=
87-
github.com/aws/aws-sdk-go-v2/service/sts v1.18.0/go.mod h1:+lGbb3+1ugwKrNTWcf2RT05Xmp543B06zDFTwiTLp7I=
88-
github.com/aws/smithy-go v1.13.4/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
89-
github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
90-
github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
55+
github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
56+
github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
57+
github.com/aws/aws-sdk-go-v2/config v1.29.14 h1:f+eEi/2cKCg9pqKBoAIwRGzVb70MRKqWX4dg1BDcSJM=
58+
github.com/aws/aws-sdk-go-v2/config v1.29.14/go.mod h1:wVPHWcIFv3WO89w0rE10gzf17ZYy+UVS1Geq8Iei34g=
59+
github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM=
60+
github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ=
61+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw=
62+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M=
63+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q=
64+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY=
65+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0=
66+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q=
67+
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
68+
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
69+
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.48.4 h1:pQpinmWv9jEisDR6/DccOf2cXdAf/CAwQ39nfJfJDlE=
70+
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.48.4/go.mod h1:/BibEr5ksr34abqBTQN213GrNG6GCKCB6WG7CH4zH2w=
71+
github.com/aws/aws-sdk-go-v2/service/ec2 v1.222.0 h1:qPVuEWzRvc/Z8UA0CKG4QczxORbgYTbWwlviUAmVmgs=
72+
github.com/aws/aws-sdk-go-v2/service/ec2 v1.222.0/go.mod h1:ouvGEfHbLaIlWwpDpOVWPWR+YwO0HDv3vm5tYLq8ImY=
73+
github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect v1.28.2 h1:se3+XU16LNr8JoHdJBrBNJKvn1dnJcnW3qRlo5g2vKI=
74+
github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect v1.28.2/go.mod h1:OCIzmvYHkq7q6zRwmTyBjWSsE4EfLRtbEoAEgY+iFD4=
75+
github.com/aws/aws-sdk-go-v2/service/eks v1.64.0 h1:EYeOThTRysemFtC6J6h6b7dNg3jN03QuO5cg92ojIQE=
76+
github.com/aws/aws-sdk-go-v2/service/eks v1.64.0/go.mod h1:v1xXy6ea0PHtWkjFUvAUh6B/5wv7UF909Nru0dOIJDk=
77+
github.com/aws/aws-sdk-go-v2/service/iam v1.42.0 h1:G6+UzGvubaet9QOh0664E9JeT+b6Zvop3AChozRqkrA=
78+
github.com/aws/aws-sdk-go-v2/service/iam v1.42.0/go.mod h1:mPJkGQzeCoPs82ElNILor2JzZgYENr4UaSKUT8K27+c=
79+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
80+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
81+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM=
82+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY=
83+
github.com/aws/aws-sdk-go-v2/service/organizations v1.38.3 h1:rAUHsUFmux71j/4wQ5nUHsXyJxSMRgMlDnmFfahDhSk=
84+
github.com/aws/aws-sdk-go-v2/service/organizations v1.38.3/go.mod h1:iYC/SPpI4WveHr4ZzPFWTmXRODyJub5Aif75W7Ll+yM=
85+
github.com/aws/aws-sdk-go-v2/service/ssm v1.59.0 h1:KWArCwA/WkuHWKfygkNz0B6YS6OvdgoJUaJHX0Qby1s=
86+
github.com/aws/aws-sdk-go-v2/service/ssm v1.59.0/go.mod h1:PUWUl5MDiYNQkUHN9Pyd9kgtA/YhbxnSnHP+yQqzrM8=
87+
github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8=
88+
github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
89+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako=
90+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs=
91+
github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY=
92+
github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
93+
github.com/aws/smithy-go v1.22.3 h1:Z//5NuZCSW6R4PhQ93hShNbyBbn8BWCmCVCt+Q8Io5k=
94+
github.com/aws/smithy-go v1.22.3/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
9195
github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
9296
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
9397
github.com/briandowns/spinner v1.17.0 h1:7HjHI07APcVZBT71J2UvJl3CAvYCnqqCrxW5gXSDOVA=
@@ -226,10 +230,6 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
226230
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
227231
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
228232
github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
229-
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
230-
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
231-
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
232-
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
233233
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
234234
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
235235
github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
@@ -501,7 +501,6 @@ gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
501501
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
502502
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
503503
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
504-
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
505504
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
506505
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
507506
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=

integration/preflight_aws_test.go

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
package integration
2+
3+
import (
4+
"os"
5+
"testing"
6+
7+
"github.com/lacework/go-sdk/v2/lwpreflight/aws"
8+
"github.com/stretchr/testify/assert"
9+
)
10+
11+
const (
12+
accountID = "441565585060"
13+
arn = "arn:aws:iam::441565585060:user/preflight-test"
14+
userID = "AIDAWNT24D2SO25OXHPQE"
15+
name = "preflight-test"
16+
)
17+
18+
func TestPreflightAWS(t *testing.T) {
19+
accessKeyID := os.Getenv("AWS_ACCESS_KEY_ID")
20+
secretAccessKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
21+
22+
preflight, err := aws.New(aws.Params{
23+
Agentless: true,
24+
Config: true,
25+
CloudTrail: true,
26+
Region: "us-west-2",
27+
AccessKeyID: accessKeyID,
28+
SecretAccessKey: secretAccessKey,
29+
})
30+
31+
assert.NoError(t, err)
32+
33+
result, err := preflight.Run()
34+
35+
assert.NoError(t, err)
36+
assert.Equal(t, result.Caller.AccountID, accountID)
37+
assert.Equal(t, result.Caller.ARN, arn)
38+
assert.Equal(t, result.Caller.UserID, userID)
39+
assert.Equal(t, result.Caller.Name, name)
40+
assert.Equal(t, len(result.Details.Regions), 18)
41+
assert.Contains(t, result.Errors["aws_agentless"], "Required permission missing: ec2:AssociateRouteTable")
42+
assert.Contains(t, result.Errors["aws_config"], "Required permission missing: cloudformation:CreateStack")
43+
assert.Contains(t, result.Errors["aws_cloudtrail"], "Required permission missing: cloudtrail:AddTags")
44+
}

lwpreflight/aws/aws.go

Lines changed: 111 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,111 @@
1+
package aws
2+
3+
import (
4+
"context"
5+
6+
"github.com/aws/aws-sdk-go-v2/aws"
7+
"github.com/aws/aws-sdk-go-v2/config"
8+
"github.com/aws/aws-sdk-go-v2/credentials"
9+
)
10+
11+
type Preflight struct {
12+
awsConfig aws.Config
13+
isOrg bool
14+
integrationTypes []IntegrationType
15+
permissions map[string]bool
16+
permissionsWithWildcard []string
17+
tasks []func(p *Preflight) error
18+
19+
caller Caller
20+
details Details
21+
errors map[IntegrationType][]string
22+
}
23+
24+
type Result struct {
25+
Caller Caller
26+
Details Details
27+
Errors map[IntegrationType][]string
28+
}
29+
30+
type Params struct {
31+
Agentless bool
32+
Config bool
33+
CloudTrail bool
34+
IsOrg bool // If it's org-level integration
35+
Region string
36+
Profile string
37+
AccessKeyID string
38+
SecretAccessKey string
39+
SessionToken string // Optional for temporary credentials
40+
}
41+
42+
func New(params Params) (*Preflight, error) {
43+
opts := []func(*config.LoadOptions) error{}
44+
45+
if params.Region != "" {
46+
opts = append(opts, config.WithRegion(params.Region))
47+
}
48+
if params.Profile != "" {
49+
opts = append(opts, config.WithSharedConfigProfile(params.Profile))
50+
}
51+
if params.AccessKeyID != "" && params.SecretAccessKey != "" {
52+
opts = append(opts, config.WithCredentialsProvider(
53+
credentials.NewStaticCredentialsProvider(
54+
params.AccessKeyID,
55+
params.SecretAccessKey,
56+
params.SessionToken,
57+
),
58+
))
59+
}
60+
61+
cfg, err := config.LoadDefaultConfig(context.Background(), opts...)
62+
if err != nil {
63+
return nil, err
64+
}
65+
66+
integrationTypes := []IntegrationType{}
67+
tasks := []func(p *Preflight) error{
68+
FetchCaller,
69+
FetchPolicies,
70+
CheckPermissions,
71+
FetchDetails,
72+
}
73+
74+
if params.Agentless {
75+
integrationTypes = append(integrationTypes, Agentless)
76+
}
77+
if params.Config {
78+
integrationTypes = append(integrationTypes, Config)
79+
}
80+
if params.CloudTrail {
81+
integrationTypes = append(integrationTypes, CloudTrail)
82+
}
83+
84+
preflight := &Preflight{
85+
awsConfig: cfg,
86+
isOrg: params.IsOrg,
87+
integrationTypes: integrationTypes,
88+
permissions: map[string]bool{},
89+
permissionsWithWildcard: []string{},
90+
tasks: tasks,
91+
details: Details{},
92+
errors: map[IntegrationType][]string{},
93+
}
94+
95+
return preflight, nil
96+
}
97+
98+
func (p *Preflight) Run() (*Result, error) {
99+
for _, task := range p.tasks {
100+
err := task(p)
101+
if err != nil {
102+
return nil, err
103+
}
104+
}
105+
result := &Result{
106+
Caller: p.caller,
107+
Details: p.details,
108+
Errors: p.errors,
109+
}
110+
return result, nil
111+
}

lwpreflight/aws/caller.go

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
package aws
2+
3+
import (
4+
"context"
5+
"strings"
6+
7+
"github.com/aws/aws-sdk-go-v2/service/sts"
8+
)
9+
10+
type Caller struct {
11+
AccountID string
12+
ARN string
13+
UserID string
14+
Name string // user name or role name
15+
IsRoot bool
16+
IsAdmin bool // true if the caller is root user or policies contain the action '*'
17+
}
18+
19+
func (c *Caller) IsAssumedRole() bool {
20+
return strings.Contains(c.ARN, "assumed-role")
21+
}
22+
23+
func FetchCaller(p *Preflight) error {
24+
stsSvc := sts.NewFromConfig(p.awsConfig)
25+
26+
caller, err := stsSvc.GetCallerIdentity(context.Background(), nil)
27+
if err != nil {
28+
return err
29+
}
30+
31+
resourceName, err := ParseResourceName(*caller.Arn)
32+
if err != nil {
33+
return err
34+
}
35+
36+
isRoot := resourceName == "root"
37+
p.caller = Caller{
38+
AccountID: *caller.Account,
39+
ARN: *caller.Arn,
40+
UserID: *caller.UserId,
41+
Name: resourceName,
42+
IsRoot: isRoot,
43+
IsAdmin: isRoot,
44+
}
45+
46+
return nil
47+
}

0 commit comments

Comments
 (0)