├── .github
    ├── chainguard
    │   └── self.release.create-pr.sts.yaml
    └── workflows
    │   ├── release.yml
    │   ├── static-analysis.yml
    │   └── test.yml
├── .gitignore
├── .goreleaser.yaml
├── Formula
    └── managed-kubernetes-auditing-toolkit.rb
├── LICENSE
├── LICENSE-3rdparty.csv
├── Makefile
├── NOTICE
├── README.md
├── cmd
    └── managed-kubernetes-auditing-toolkit
    │   ├── eks
    │       ├── find_secrets.go
    │       ├── imds.go
    │       ├── main.go
    │       └── role_relationships.go
    │   └── main.go
├── examples
    ├── demo-cluster
    │   ├── README.md
    │   └── terraform
    │   │   ├── .gitignore
    │   │   ├── .terraform.lock.hcl
    │   │   ├── main.tf
    │   │   ├── objects.yaml
    │   │   ├── pods.tf
    │   │   ├── roles.tf
    │   │   ├── secrets.tf
    │   │   ├── serviceaccounts.tf
    │   │   ├── variables.tf
    │   │   └── versions.tf
    └── irsa.png
├── go.mod
├── go.sum
├── internal
    ├── aws
    │   └── iam_evaluation
    │   │   ├── authorization.go
    │   │   ├── condition.go
    │   │   ├── condition_test.go
    │   │   ├── policy.go
    │   │   ├── policy_parser.go
    │   │   ├── policy_parser_test.go
    │   │   ├── policy_test.go
    │   │   ├── statement.go
    │   │   ├── statement_test.go
    │   │   └── test_policies
    │   │       ├── allow_assume_by_ec2.json
    │   │       ├── allow_oidc_with_condition.json
    │   │       ├── eks_irsa.json
    │   │       └── eks_irsa_stringlike.json
    └── utils
    │   ├── aws.go
    │   ├── case_insensitive_map.go
    │   ├── file.go
    │   └── kubernetes.go
├── permissions.md
└── pkg
    └── managed-kubernetes-auditing-toolkit
        └── eks
            ├── imds
                └── imds_tester.go
            ├── role_relationships
                └── roles_resolver.go
            ├── secrets
                ├── aws_secrets.go
                ├── aws_secrets_detector.go
                ├── aws_secrets_test.go
                ├── configmap.go
                ├── configmap_test.go
                ├── pod.go
                ├── pod_test.go
                ├── secret.go
                └── secret_test.go
            ├── types.go
            └── utils.go


/.github/chainguard/self.release.create-pr.sts.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/.github/chainguard/self.release.create-pr.sts.yaml


--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/.github/workflows/release.yml


--------------------------------------------------------------------------------
/.github/workflows/static-analysis.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/.github/workflows/static-analysis.yml


--------------------------------------------------------------------------------
/.github/workflows/test.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/.github/workflows/test.yml


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | ./mkat
3 | bin
4 | 


--------------------------------------------------------------------------------
/.goreleaser.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/.goreleaser.yaml


--------------------------------------------------------------------------------
/Formula/managed-kubernetes-auditing-toolkit.rb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/Formula/managed-kubernetes-auditing-toolkit.rb


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/LICENSE


--------------------------------------------------------------------------------
/LICENSE-3rdparty.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/LICENSE-3rdparty.csv


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/Makefile


--------------------------------------------------------------------------------
/NOTICE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/NOTICE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/README.md


--------------------------------------------------------------------------------
/cmd/managed-kubernetes-auditing-toolkit/eks/find_secrets.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/cmd/managed-kubernetes-auditing-toolkit/eks/find_secrets.go


--------------------------------------------------------------------------------
/cmd/managed-kubernetes-auditing-toolkit/eks/imds.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/cmd/managed-kubernetes-auditing-toolkit/eks/imds.go


--------------------------------------------------------------------------------
/cmd/managed-kubernetes-auditing-toolkit/eks/main.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/cmd/managed-kubernetes-auditing-toolkit/eks/main.go


--------------------------------------------------------------------------------
/cmd/managed-kubernetes-auditing-toolkit/eks/role_relationships.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/cmd/managed-kubernetes-auditing-toolkit/eks/role_relationships.go


--------------------------------------------------------------------------------
/cmd/managed-kubernetes-auditing-toolkit/main.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/cmd/managed-kubernetes-auditing-toolkit/main.go


--------------------------------------------------------------------------------
/examples/demo-cluster/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/README.md


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/.gitignore


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/.terraform.lock.hcl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/.terraform.lock.hcl


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/main.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/main.tf


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/objects.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/objects.yaml


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/pods.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/pods.tf


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/roles.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/roles.tf


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/secrets.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/secrets.tf


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/serviceaccounts.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/serviceaccounts.tf


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/variables.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/variables.tf


--------------------------------------------------------------------------------
/examples/demo-cluster/terraform/versions.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/demo-cluster/terraform/versions.tf


--------------------------------------------------------------------------------
/examples/irsa.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/examples/irsa.png


--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/go.mod


--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/go.sum


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/authorization.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/authorization.go


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/condition.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/condition.go


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/condition_test.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/condition_test.go


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/policy.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/policy.go


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/policy_parser.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/policy_parser.go


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/policy_parser_test.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/policy_parser_test.go


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/policy_test.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/policy_test.go


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/statement.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/statement.go


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/statement_test.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/statement_test.go


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/test_policies/allow_assume_by_ec2.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/test_policies/allow_assume_by_ec2.json


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/test_policies/allow_oidc_with_condition.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/test_policies/allow_oidc_with_condition.json


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/test_policies/eks_irsa.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/test_policies/eks_irsa.json


--------------------------------------------------------------------------------
/internal/aws/iam_evaluation/test_policies/eks_irsa_stringlike.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/aws/iam_evaluation/test_policies/eks_irsa_stringlike.json


--------------------------------------------------------------------------------
/internal/utils/aws.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/utils/aws.go


--------------------------------------------------------------------------------
/internal/utils/case_insensitive_map.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/utils/case_insensitive_map.go


--------------------------------------------------------------------------------
/internal/utils/file.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/utils/file.go


--------------------------------------------------------------------------------
/internal/utils/kubernetes.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/internal/utils/kubernetes.go


--------------------------------------------------------------------------------
/permissions.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/permissions.md


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/imds/imds_tester.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/imds/imds_tester.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/role_relationships/roles_resolver.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/role_relationships/roles_resolver.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/aws_secrets.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/aws_secrets.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/aws_secrets_detector.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/aws_secrets_detector.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/aws_secrets_test.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/aws_secrets_test.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/configmap.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/configmap.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/configmap_test.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/configmap_test.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/pod.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/pod.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/pod_test.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/pod_test.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/secret.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/secret.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/secret_test.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DataDog/managed-kubernetes-auditing-toolkit/HEAD/pkg/managed-kubernetes-auditing-toolkit/eks/secrets/secret_test.go


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/types.go:
--------------------------------------------------------------------------------
1 | package eks
2 | 


--------------------------------------------------------------------------------
/pkg/managed-kubernetes-auditing-toolkit/eks/utils.go:
--------------------------------------------------------------------------------
1 | package eks
2 | 


--------------------------------------------------------------------------------