/
inspector.go
88 lines (75 loc) · 2.91 KB
/
inspector.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package aws
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/inspector"
)
// InspectorSVC is a wrapper for Inspector API calls
type InspectorSVC interface {
GenerateReport(assessmentRunArn string, reportFormat string, reportType string) (string, error)
GetResourceGroupTags(assessmentTargetArn string) (map[string]string, error)
GetMostRecentAssessmentRunInfo() ([]map[string]string, error)
}
// GenerateReport generates an inspector report for a given assessment run ARN in either PDF or HTML and returns the URL
func (client *Client) GenerateReport(assessmentRunArn string, reportFormat string, reportType string) (string, error) {
input := &inspector.GetAssessmentReportInput{
AssessmentRunArn: aws.String(assessmentRunArn),
ReportFileFormat: aws.String(reportFormat),
ReportType: aws.String(reportType),
}
report, err := client.Inspector.GetAssessmentReport(input)
if err != nil {
return "", err
}
return aws.StringValue(report.Url), nil
}
// GetResourceGroupTags returns the resource group tags for a given assessment target ARN
func (client *Client) GetResourceGroupTags(assessmentTargetArn string) (map[string]string, error) {
targetInfo, err := client.Inspector.DescribeAssessmentTargets(
&inspector.DescribeAssessmentTargetsInput{
AssessmentTargetArns: []*string{aws.String(assessmentTargetArn)},
},
)
if err != nil {
return nil, err
}
resourceGroupInfo, err := client.Inspector.DescribeResourceGroups(
&inspector.DescribeResourceGroupsInput{
ResourceGroupArns: []*string{targetInfo.AssessmentTargets[0].ResourceGroupArn},
},
)
if err != nil {
return nil, err
}
tags := make(map[string]string, len(resourceGroupInfo.ResourceGroups[0].Tags))
for _, tag := range resourceGroupInfo.ResourceGroups[0].Tags {
tags[aws.StringValue(tag.Key)] = aws.StringValue(tag.Value)
}
return tags, nil
}
// GetMostRecentAssessmentRunInfo returns the most recent assessment run and target group ARNs for each template
func (client *Client) GetMostRecentAssessmentRunInfo() ([]map[string]string, error) {
templates, err := client.Inspector.ListAssessmentTemplates(&inspector.ListAssessmentTemplatesInput{})
if err != nil {
return nil, err
}
templateInfo, err := client.Inspector.DescribeAssessmentTemplates(
&inspector.DescribeAssessmentTemplatesInput{
AssessmentTemplateArns: templates.AssessmentTemplateArns,
},
)
if err != nil {
return nil, err
}
assessmentRunInfo := make([]map[string]string, 0)
for _, template := range templateInfo.AssessmentTemplates {
// Only return information on assessment templates that have been run
if *template.LastAssessmentRunArn != "" {
assessmentRunInfo = append(assessmentRunInfo, map[string]string{
"templateName": aws.StringValue(template.Name),
"targetArn": aws.StringValue(template.AssessmentTargetArn),
"arn": aws.StringValue(template.LastAssessmentRunArn),
})
}
}
return assessmentRunInfo, nil
}