feat(new-yatas): update imports and function calls from YATAS

padok-team · Apr 7, 2023 · 926aebc · 926aebc
1 parent 8687aab
commit 926aebc
Show file tree

Hide file tree

Showing 24 changed files with 55 additions and 42 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,6 @@
 bin/
 package-lock.json
 node_modules/*
+
+.yatas.yml
+results.yaml
diff --git a/Makefile b/Makefile
@@ -7,7 +7,7 @@ build:
 	go build -o bin/yatas-aws
 
 update:
-	go get -u 
+	go get -u
 	go mod tidy
 
 install: build
@@ -16,4 +16,4 @@ install: build
 
 release: test
 	npm run release
-	git push --follow-tags origin main 
+	git push --follow-tags origin main
diff --git a/aws/acm/acm.go b/aws/acm/acm.go
@@ -10,7 +10,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := acm.NewFromConfig(s)
 	certificates := GetCertificates(svc)

diff --git a/aws/apigateway/apigateway.go b/aws/apigateway/apigateway.go
@@ -10,7 +10,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := apigateway.NewFromConfig(s)
 	apis := GetApiGateways(svc)

diff --git a/aws/autoscaling/autoscaling.go b/aws/autoscaling/autoscaling.go
@@ -10,7 +10,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := autoscaling.NewFromConfig(s)
 	groups := GetAutoscalingGroups(svc)

diff --git a/aws/cloudfront/cloudfront.go b/aws/cloudfront/cloudfront.go
@@ -11,7 +11,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := cloudfront.NewFromConfig(s)
 	d := GetAllCloudfront(svc)

diff --git a/aws/cloudtrail/cloudtrail.go b/aws/cloudtrail/cloudtrail.go
@@ -9,7 +9,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	cloudtrails := GetCloudtrails(s)
 

diff --git a/aws/cognito/cognito.go b/aws/cognito/cognito.go
@@ -9,7 +9,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	cognitoPools := GetCognitoPools(s)
 	cognitoPoolsDetailed := GetDetailedCognitoPool(s, cognitoPools)

diff --git a/aws/dynamodb/dynamodb.go b/aws/dynamodb/dynamodb.go
@@ -10,7 +10,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	dynamodbs := GetDynamodbs(s)
 	gt := GetTables(s, dynamodbs)

diff --git a/aws/ec2/ec2.go b/aws/ec2/ec2.go
@@ -11,7 +11,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 
 	svc := ec2.NewFromConfig(s)

diff --git a/aws/ecr/ecr.go b/aws/ecr/ecr.go
@@ -10,7 +10,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	ecr := GetECRs(s)
 	go commons.CheckTest(checkConfig.Wg, c, "AWS_ECR_001", CheckIfImageScanningEnabled)(checkConfig, ecr, "AWS_ECR_001")

diff --git a/aws/eks/eks.go b/aws/eks/eks.go
@@ -10,7 +10,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := eks.NewFromConfig(s)
 	clusters := GetClusters(svc)

diff --git a/aws/guardduty/guardduty.go b/aws/guardduty/guardduty.go
@@ -10,9 +10,9 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
-	guardyDetectors := GetDetectors(checkConfig.ConfigAWS)
+	guardyDetectors := GetDetectors(s)
 	go commons.CheckTest(checkConfig.Wg, c, "AWS_GDT_001", CheckIfGuarddutyEnabled)(checkConfig, "AWS_GDT_001", guardyDetectors)
 	go func() {
 		for t := range checkConfig.Queue {

diff --git a/aws/iam/iam.go b/aws/iam/iam.go
@@ -10,7 +10,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	users := GetAllUsers(s)
 	mfaForUsers := GetMfaForUsers(s, users)

diff --git a/aws/lambda/lambda.go b/aws/lambda/lambda.go
@@ -10,7 +10,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	lambdas := GetLambdas(s)
 

diff --git a/aws/loadbalancers/elasticloadbalancers.go b/aws/loadbalancers/elasticloadbalancers.go
@@ -10,7 +10,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	loadBalancers := GetElasticLoadBalancers(s)
 	la := GetLoadBalancersAttributes(s, loadBalancers)

diff --git a/aws/rds/rds.go b/aws/rds/rds.go
@@ -11,7 +11,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := rds.NewFromConfig(s)
 

diff --git a/aws/s3/s3.go b/aws/s3/s3.go
@@ -44,7 +44,7 @@ type BucketAndNotInRegion struct {
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	buckets := GetListS3(s)
 	bucketsNotInRegion := GetListS3NotInRegion(s, s.Region)

diff --git a/aws/volumes/volumes.go b/aws/volumes/volumes.go
@@ -11,7 +11,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 
 	volumes := GetVolumes(s)

diff --git a/aws/vpc/vpc.go b/aws/vpc/vpc.go
@@ -10,7 +10,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	vpcs := GetListVPC(s)
 	subnetsforvpcs := GetSubnetForVPCS(s, vpcs)

diff --git a/go.mod b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/hashicorp/go-hclog v1.4.0
 	github.com/hashicorp/go-plugin v1.4.9
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/padok-team/yatas v1.3.3
+	github.com/padok-team/yatas v1.3.4-0.20230407155929-4e310d04944d
 	github.com/rs/zerolog v1.29.0
 	golang.org/x/exp v0.0.0-20230206171751-46f607a40771
 )

diff --git a/go.sum b/go.sum
@@ -128,8 +128,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
-github.com/padok-team/yatas v1.3.3 h1:/q6I4wUh57+jSklOEvxqVRSXQXJG9tN8yPwTqPm4vCs=
-github.com/padok-team/yatas v1.3.3/go.mod h1:ESVHn1tqFGZuyxu+JaFnWrsJJ/zZtIsryG5ezaKWWr0=
+github.com/padok-team/yatas v1.3.4-0.20230407155929-4e310d04944d h1:kJJfWLdDkcZLCd19Q3bOOaXmM9wUHa+L8qlwj92tTH0=
+github.com/padok-team/yatas v1.3.4-0.20230407155929-4e310d04944d/go.mod h1:bialjrQy80TYRWCce4rzwJCq07cFCJAKHOSKnTFMKnM=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

diff --git a/internal/aws_account.go b/internal/aws_account.go
@@ -0,0 +1,9 @@
+package internal
+
+// AWS Account struct
+type AWS_Account struct {
+	Name    string `yaml:"name"`    // Name of the account in the reports
+	Profile string `yaml:"profile"` // Profile to use
+	SSO     bool   `yaml:"sso"`     // Use SSO
+	Region  string `yaml:"region"`  // Region to use
+}
diff --git a/main.go b/main.go
@@ -29,13 +29,13 @@ import (
 	"github.com/padok-team/yatas-aws/aws/s3"
 	"github.com/padok-team/yatas-aws/aws/volumes"
 	"github.com/padok-team/yatas-aws/aws/vpc"
-
+	"github.com/padok-team/yatas-aws/internal"
 	"github.com/padok-team/yatas/plugins/commons"
 )
 
 // Create a new session that the SDK will use to load
 // credentials from. With either SSO or credentials
-func initAuth(a commons.AWS_Account) aws.Config {
+func initAuth(a internal.AWS_Account) aws.Config {
 
 	s := initSession(a)
 	return s
@@ -44,7 +44,7 @@ func initAuth(a commons.AWS_Account) aws.Config {
 
 // Create a new session that the SDK will use to load
 // credentials from credentials
-func createSessionWithCredentials(c commons.AWS_Account) aws.Config {
+func createSessionWithCredentials(c internal.AWS_Account) aws.Config {
 
 	if c.Profile == "" {
 		s, err := config.LoadDefaultConfig(context.TODO(),
@@ -78,7 +78,7 @@ func createSessionWithCredentials(c commons.AWS_Account) aws.Config {
 // Create a new session that the SDK will use to load
 // credentials from the shared credentials file.
 // Usefull for SSO
-func createSessionWithSSO(c commons.AWS_Account) aws.Config {
+func createSessionWithSSO(c internal.AWS_Account) aws.Config {
 
 	if c.Profile == "" {
 		s, err := config.LoadDefaultConfig(context.Background(),
@@ -112,7 +112,7 @@ func createSessionWithSSO(c commons.AWS_Account) aws.Config {
 
 // Create a new session that the SDK will use to load
 // credentials from. With either SSO or credentials
-func initSession(c commons.AWS_Account) aws.Config {
+func initSession(c internal.AWS_Account) aws.Config {
 
 	if c.SSO {
 		return createSessionWithSSO(c)
@@ -122,13 +122,13 @@ func initSession(c commons.AWS_Account) aws.Config {
 }
 
 // Public Functin used to run the AWS tests
-func Run(c *commons.Config) ([]commons.Tests, error) {
+func Run(c *commons.Config, accounts []internal.AWS_Account) ([]commons.Tests, error) {
 
 	var wg sync.WaitGroup
 	var queue = make(chan commons.Tests, 10)
 	var checks []commons.Tests
-	wg.Add(len(c.AWS))
-	for _, account := range c.AWS {
+	wg.Add(len(accounts))
+	for _, account := range accounts {
 		go runTestsForAccount(account, c, queue)
 	}
 	go func() {
@@ -144,14 +144,14 @@ func Run(c *commons.Config) ([]commons.Tests, error) {
 }
 
 // For each account we run the tests. We use a queue to store the results and a waitgroup to wait for all the tests to be done. This allows to run all tests asynchronously.
-func runTestsForAccount(account commons.AWS_Account, c *commons.Config, queue chan commons.Tests) {
+func runTestsForAccount(account internal.AWS_Account, c *commons.Config, queue chan commons.Tests) {
 	s := initAuth(account)
 	checks := initTest(s, c, account)
 	queue <- checks
 }
 
 // Main function that launched all the test for a given account. If a new category is added, it needs to be added here.
-func initTest(s aws.Config, c *commons.Config, a commons.AWS_Account) commons.Tests {
+func initTest(s aws.Config, c *commons.Config, a internal.AWS_Account) commons.Tests {
 
 	var checks commons.Tests
 	checks.Account = a.Name
@@ -194,11 +194,11 @@ type YatasPlugin struct {
 	logger hclog.Logger
 }
 
-func UnmarshalAWS(g *YatasPlugin, c *commons.Config) ([]commons.AWS_Account, error) {
-	var accounts []commons.AWS_Account
+func UnmarshalAWS(g *YatasPlugin, c *commons.Config) ([]internal.AWS_Account, error) {
+	var accounts []internal.AWS_Account
 
 	for _, r := range c.PluginConfig {
-		var tmpAccounts []commons.AWS_Account
+		var tmpAccounts []internal.AWS_Account
 		awsFound := false
 		for key, value := range r {
 
@@ -211,7 +211,7 @@ func UnmarshalAWS(g *YatasPlugin, c *commons.Config) ([]commons.AWS_Account, err
 			case "accounts":
 
 				for _, v := range value.([]interface{}) {
-					var account commons.AWS_Account
+					var account internal.AWS_Account
 					g.logger.Debug("🔎")
 					g.logger.Debug("%v", v)
 					for keyaccounts, valueaccounts := range v.(map[string]interface{}) {
@@ -246,13 +246,14 @@ func UnmarshalAWS(g *YatasPlugin, c *commons.Config) ([]commons.AWS_Account, err
 func (g *YatasPlugin) Run(c *commons.Config) []commons.Tests {
 	g.logger.Debug("message from YatasPlugin.Run")
 	var err error
-	c.AWS, err = UnmarshalAWS(g, c)
+	var accounts []internal.AWS_Account
+	accounts, err = UnmarshalAWS(g, c)
 	if err != nil {
 		panic(err)
 	}
 	var checksAll []commons.Tests
 
-	checks, err := runPlugins(c, "aws")
+	checks, err := runPlugins(c, "aws", accounts)
 	if err != nil {
 		g.logger.Error("Error running plugins", "error", err)
 	}
@@ -296,10 +297,10 @@ func main() {
 }
 
 // Run the plugins that are enabled in the config with a switch based on the name of the plugin
-func runPlugins(c *commons.Config, plugin string) ([]commons.Tests, error) {
+func runPlugins(c *commons.Config, plugin string, accounts []internal.AWS_Account) ([]commons.Tests, error) {
 	var checksAll []commons.Tests
 
-	checksAll, err := Run(c)
+	checksAll, err := Run(c, accounts)
 	if err != nil {
 		return nil, err
 	}