diff --git a/examples/nullify.yaml b/examples/nullify.yaml index 6840d80..c3f78ed 100644 --- a/examples/nullify.yaml +++ b/examples/nullify.yaml @@ -110,6 +110,12 @@ integrations: assignee: id: 123456:abcd1234-abcd-1234-abcd-abcde12345666 name: John Smith + aws: + enable: true + primary_account_id: 123456789012 + primary_region: ap-southeast-2 + target_regions: [ap-southeast-2, us-east-2] + target_accounts: [123456789012, 123456789013] attack_surface: enable: true enable_dns_enumeration: true @@ -119,12 +125,6 @@ attack_surface: http: methods: [GET, POST] paths: [/main, /api/**/create] - aws_integration: - enable: true - primary_account_id: 123456789012 - primary_region: ap-southeast-2 - target_regions: [ap-southeast-2, us-east-2] - target_accounts: [123456789012, 123456789013] ignore: - http: methods: [DELETE] diff --git a/pkg/merger/merger.go b/pkg/merger/merger.go index 83df5f8..fa88740 100644 --- a/pkg/merger/merger.go +++ b/pkg/merger/merger.go @@ -79,6 +79,28 @@ func MergeConfigFiles( } } + if extraConfig.Integrations.AWS != nil { + if config.Integrations.AWS == nil { + config.Integrations.AWS = extraConfig.Integrations.AWS + } else { + config.Integrations.AWS.Enable = extraConfig.Integrations.AWS.Enable + + config.Integrations.AWS.RoleNameToAssume = extraConfig.Integrations.AWS.RoleNameToAssume + config.Integrations.AWS.PrimaryAccountID = extraConfig.Integrations.AWS.PrimaryAccountID + config.Integrations.AWS.PrimaryRegion = extraConfig.Integrations.AWS.PrimaryRegion + + if extraConfig.Integrations.AWS.PrimaryRegion != "" { + config.Integrations.AWS.PrimaryRegion = extraConfig.Integrations.AWS.PrimaryRegion + } + if extraConfig.Integrations.AWS.TargetRegions != nil { + config.Integrations.AWS.TargetRegions = extraConfig.Integrations.AWS.TargetRegions + } + if extraConfig.Integrations.AWS.TargetAccounts != nil { + config.Integrations.AWS.TargetAccounts = extraConfig.Integrations.AWS.TargetAccounts + } + } + } + if len(extraConfig.IgnoreDirs) > 0 { config.IgnoreDirs = extraConfig.IgnoreDirs } diff --git a/pkg/merger/merger_test.go b/pkg/merger/merger_test.go index d88edc4..db89e74 100644 --- a/pkg/merger/merger_test.go +++ b/pkg/merger/merger_test.go @@ -82,6 +82,14 @@ func TestMergeConfigFiles(t *testing.T) { SeverityThreshold: models.SeverityHigh, PriorityThreshold: models.PriorityImportant, }, + AWS: &models.AWS{ + Enable: true, + RoleNameToAssume: "nullify-role", + PrimaryAccountID: "123456789012", + PrimaryRegion: "ap-southeast-2", + TargetRegions: &[]string{"ap-southeast-2", "us-east-2"}, + TargetAccounts: &[]string{"123456789012", "123456789013"}, + }, }, }, expected: &models.Configuration{ @@ -140,6 +148,14 @@ func TestMergeConfigFiles(t *testing.T) { SeverityThreshold: models.SeverityHigh, PriorityThreshold: models.PriorityImportant, }, + AWS: &models.AWS{ + Enable: true, + RoleNameToAssume: "nullify-role", + PrimaryAccountID: "123456789012", + PrimaryRegion: "ap-southeast-2", + TargetRegions: &[]string{"ap-southeast-2", "us-east-2"}, + TargetAccounts: &[]string{"123456789012", "123456789013"}, + }, }, }, }, @@ -204,6 +220,14 @@ func TestMergeConfigFiles(t *testing.T) { Low: "low", }, }, + AWS: &models.AWS{ + Enable: true, + RoleNameToAssume: "nullify-role", + PrimaryAccountID: "123456789012", + PrimaryRegion: "ap-southeast-2", + TargetRegions: &[]string{"ap-southeast-2", "us-east-2"}, + TargetAccounts: &[]string{"123456789012", "123456789013"}, + }, }, }, repoConfig: nil, @@ -269,6 +293,14 @@ func TestMergeConfigFiles(t *testing.T) { Low: "low", }, }, + AWS: &models.AWS{ + Enable: true, + RoleNameToAssume: "nullify-role", + PrimaryAccountID: "123456789012", + PrimaryRegion: "ap-southeast-2", + TargetRegions: &[]string{"ap-southeast-2", "us-east-2"}, + TargetAccounts: &[]string{"123456789012", "123456789013"}, + }, }, }, }, @@ -423,13 +455,6 @@ func TestMergeConfigFiles(t *testing.T) { globalConfig: &models.Configuration{ AttackSurface: &models.AttackSurface{ Enable: true, - AWSIntegration: &models.AWSIntegration{ - Enable: true, - PrimaryAccountID: "111111111111", - PrimaryRegion: "ap-southeast-2", - TargetRegions: &[]string{"ap-southeast-1", "us-east-2"}, - TargetAccounts: &[]string{"222222222222", "333333333333"}, - }, }, }, repoConfig: nil, @@ -440,13 +465,6 @@ func TestMergeConfigFiles(t *testing.T) { PriorityThreshold: parser.DefaultPriorityThreshold, AttackSurface: &models.AttackSurface{ Enable: true, - AWSIntegration: &models.AWSIntegration{ - Enable: true, - PrimaryAccountID: "111111111111", - PrimaryRegion: "ap-southeast-2", - TargetRegions: &[]string{"ap-southeast-1", "us-east-2"}, - TargetAccounts: &[]string{"222222222222", "333333333333"}, - }, }, }, }, diff --git a/pkg/models/attack_surface.go b/pkg/models/attack_surface.go index 410923a..6397215 100644 --- a/pkg/models/attack_surface.go +++ b/pkg/models/attack_surface.go @@ -4,21 +4,11 @@ type AttackSurface struct { // global only Enable bool `yaml:"enable"` EnableDNSEnumeration bool `yaml:"enable_dns_enumeration"` - AWSIntegration *AWSIntegration `yaml:"aws_integration"` Hosts []string `yaml:"hosts,omitempty"` IncludeOnly []AttackSurfaceIncludeOnly `yaml:"include_only,omitempty"` Ignore []AttackSurfaceIgnore `yaml:"ignore,omitempty"` } -type AWSIntegration struct { - Enable bool `yaml:"enable"` - RoleNameToAssume string `yaml:"role_name_to_assume"` - PrimaryAccountID string `yaml:"primary_account_id,omitempty"` - PrimaryRegion string `yaml:"primary_region,omitempty"` - TargetRegions *[]string `yaml:"target_regions,omitempty"` - TargetAccounts *[]string `yaml:"target_accounts,omitempty"` -} - type AttackSurfaceIncludeOnly struct { Hosts []string `yaml:"hosts,omitempty"` HTTP *HTTPAttackSurfaceIncludeOnly `yaml:"http,omitempty"` diff --git a/pkg/models/integrations.go b/pkg/models/integrations.go index 2a3a7c7..0e5c592 100644 --- a/pkg/models/integrations.go +++ b/pkg/models/integrations.go @@ -2,6 +2,7 @@ package models type Integrations struct { Jira *Jira `yaml:"jira,omitempty"` + AWS *AWS `yaml:"aws,omitempty"` } type Jira struct { @@ -31,3 +32,12 @@ type Assignee struct { Name string `yaml:"name,omitempty"` ID string `yaml:"id,omitempty"` } + +type AWS struct { + Enable bool `yaml:"enable"` + RoleNameToAssume string `yaml:"role_name_to_assume"` + PrimaryAccountID string `yaml:"primary_account_id"` + PrimaryRegion string `yaml:"primary_region"` + TargetRegions *[]string `yaml:"target_regions,omitempty"` + TargetAccounts *[]string `yaml:"target_accounts,omitempty"` +} diff --git a/tests/integration_test.go b/tests/integration_test.go index 9856fc4..c6bdaee 100644 --- a/tests/integration_test.go +++ b/tests/integration_test.go @@ -152,6 +152,14 @@ func TestIntegration(t *testing.T) { PriorityThreshold: models.PriorityImportant, OnFixTransition: "Done", }, + AWS: &models.AWS{ + Enable: true, + RoleNameToAssume: "nullify-role", + PrimaryAccountID: "123456789012", + PrimaryRegion: "ap-southeast-2", + TargetRegions: &[]string{"ap-southeast-2", "us-east-2"}, + TargetAccounts: &[]string{"123456789012", "123456789013"}, + }, }, AttackSurface: &models.AttackSurface{ Enable: true, @@ -188,14 +196,6 @@ func TestIntegration(t *testing.T) { }, }, }, - AWSIntegration: &models.AWSIntegration{ - Enable: true, - PrimaryAccountID: "123456789012", - PrimaryRegion: "ap-southeast-2", - TargetRegions: &[]string{"ap-southeast-2", "us-east-2"}, - TargetAccounts: &[]string{"123456789012", "123456789013"}, - RoleNameToAssume: "nullify-role", - }, }, } diff --git a/tests/nullify.yaml b/tests/nullify.yaml index 3286887..e87be14 100644 --- a/tests/nullify.yaml +++ b/tests/nullify.yaml @@ -94,6 +94,13 @@ integrations: severity_threshold: HIGH priority_threshold: IMPORTANT on_fix_transition: Done + aws: + enable: true + role_name_to_assume: nullify-role + primary_account_id: 123456789012 + primary_region: ap-southeast-2 + target_regions: [ap-southeast-2, us-east-2] + target_accounts: [123456789012, 123456789013] attack_surface: enable: true enable_dns_enumeration: true @@ -114,10 +121,4 @@ attack_surface: http: paths: [/auth] methods: [POST] - aws_integration: - enable: true - role_name_to_assume: nullify-role - primary_account_id: 123456789012 - primary_region: ap-southeast-2 - target_regions: [ap-southeast-2, us-east-2] - target_accounts: [123456789012, 123456789013] +