├── renovate.json
├── Makefile
├── .gitignore
├── Dockerfile
├── .github
├── workflows
│ ├── auto-release.yaml
│ ├── go.yaml
│ └── docker.yaml
└── auto-release.yaml
├── go.mod
├── common
├── slice.go
└── error
│ └── assert_error_nil.go
├── main.go
├── cmd
├── aws_guardduty.go
├── aws_securityhub.go
├── version.go
├── aws.go
├── aws_securityhub_setadministratoraccount.go
├── aws_guardduty_setadministratoraccount.go
├── aws_delete_default_vpcs.go
├── root.go
└── aws_securityhub_disablecontrol.go
├── compare
├── compare.go
└── compare_strings.go
├── aws
├── organizations.go
├── ec2.go
├── sts.go
├── guardduty.go
├── vpc.go
└── securityhub.go
├── README.yaml
├── LICENSE
├── README.md
└── go.sum
/renovate.json:
--------------------------------------------------------------------------------
1 | {
2 | "extends": [
3 | "config:base"
4 | ]
5 | }
6 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | SHELL = /bin/bash
2 |
3 | export DOCKER_ORG ?= cloudposse
4 | export DOCKER_IMAGE ?= $(DOCKER_ORG)/turf
5 | export DOCKER_TAG ?= latest
6 | export DOCKER_IMAGE_NAME ?= $(DOCKER_IMAGE):$(DOCKER_TAG)
7 | export DOCKER_BUILD_FLAGS =
8 |
9 | -include $(shell curl -sSL -o .build-harness "https://cloudposse.tools/build-harness"; echo .build-harness)
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Binaries for programs and plugins
2 | *.exe
3 | *.exe~
4 | *.dll
5 | *.so
6 | *.dylib
7 |
8 | # Test binary, built with `go test -c`
9 | *.test
10 |
11 | # Output of the go coverage tool, specifically when used with LiteIDE
12 | *.out
13 |
14 | # Dependency directories
15 | vendor/
16 | .build-harness
17 | build-harness/
18 |
19 | # Binaries
20 | turf
21 | !turf/
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM golang:1.15-buster as builder
2 | ARG VERSION=development
3 | ENV GO111MODULE=on
4 | ENV CGO_ENABLED=0
5 | WORKDIR /usr/src/
6 | COPY . /usr/src
7 | RUN go build -v -ldflags="-X 'github.com/cloudposse/turf/cmd.Version=${VERSION}'" -o "bin/turf" *.go
8 |
9 | FROM alpine:3.13
10 | RUN apk add --no-cache ca-certificates
11 | COPY --from=builder /usr/src/bin/* /usr/bin/
12 | ENV PATH $PATH:/usr/bin
13 | ENTRYPOINT ["turf"]
--------------------------------------------------------------------------------
/.github/workflows/auto-release.yaml:
--------------------------------------------------------------------------------
1 | name: auto-release
2 |
3 | on:
4 | push:
5 | branches:
6 | - master
7 |
8 | jobs:
9 | semver:
10 | runs-on: ubuntu-latest
11 | steps:
12 | # Drafts your next Release notes as Pull Requests are merged into "master"
13 | - uses: release-drafter/release-drafter@v5
14 | with:
15 | publish: true
16 | prerelease: false
17 | config-name: auto-release.yaml
18 | env:
19 | GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
20 |
--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/cloudposse/turf
2 |
3 | go 1.15
4 |
5 | require (
6 | github.com/aws/aws-sdk-go v1.38.38
7 | github.com/fsnotify/fsnotify v1.4.9 // indirect
8 | github.com/magiconair/properties v1.8.5 // indirect
9 | github.com/mitchellh/go-homedir v1.1.0
10 | github.com/mitchellh/mapstructure v1.4.1 // indirect
11 | github.com/pelletier/go-toml v1.9.1 // indirect
12 | github.com/sirupsen/logrus v1.8.1
13 | github.com/spf13/afero v1.6.0 // indirect
14 | github.com/spf13/cast v1.3.1 // indirect
15 | github.com/spf13/cobra v1.1.3
16 | github.com/spf13/jwalterweatherman v1.1.0
17 | github.com/spf13/viper v1.7.1
18 | golang.org/x/sys v0.0.0-20210511113859-b0526f3d8744 // indirect
19 | golang.org/x/text v0.3.6 // indirect
20 | gopkg.in/ini.v1 v1.62.0 // indirect
21 | )
22 |
--------------------------------------------------------------------------------
/common/slice.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package common
18 |
19 | func contains(s []int, e int) bool {
20 | for _, a := range s {
21 | if a == e {
22 | return true
23 | }
24 | }
25 | return false
26 | }
27 |
--------------------------------------------------------------------------------
/.github/auto-release.yaml:
--------------------------------------------------------------------------------
1 | name-template: "v$RESOLVED_VERSION"
2 | tag-template: "$RESOLVED_VERSION"
3 | version-template: "$MAJOR.$MINOR.$PATCH"
4 | version-resolver:
5 | major:
6 | labels:
7 | - "major"
8 | minor:
9 | labels:
10 | - "minor"
11 | - "enhancement"
12 | patch:
13 | labels:
14 | - "patch"
15 | - "fix"
16 | - "bugfix"
17 | - "bug"
18 | - "hotfix"
19 | default: "minor"
20 |
21 | categories:
22 | - title: "🚀 Enhancements"
23 | labels:
24 | - "enhancement"
25 | - title: "🐛 Bug Fixes"
26 | labels:
27 | - "fix"
28 | - "bugfix"
29 | - "bug"
30 | - "hotfix"
31 |
32 | change-template: |
33 |
34 | $TITLE @$AUTHOR (#$NUMBER)
35 | $BODY
36 |
37 |
38 | template: |
39 | $CHANGES
40 |
--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package main
18 |
19 | import (
20 | "github.com/cloudposse/turf/cmd"
21 | "github.com/sirupsen/logrus"
22 | )
23 |
24 | func main() {
25 | customFormatter := new(logrus.TextFormatter)
26 | customFormatter.FullTimestamp = true
27 | logrus.SetFormatter(customFormatter)
28 |
29 | cmd.Execute()
30 | }
31 |
--------------------------------------------------------------------------------
/cmd/aws_guardduty.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package cmd
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 | )
22 |
23 | var guardDutyCmd = &cobra.Command{
24 | Use: "guardduty",
25 | Short: "AWS GuardDuty automation tasks",
26 | Long: "AWS GuardDuty automation tasks",
27 | }
28 |
29 | func init() {
30 | awsCmd.AddCommand(guardDutyCmd)
31 | }
32 |
--------------------------------------------------------------------------------
/common/error/assert_error_nil.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package common
18 |
19 | import (
20 | "os"
21 |
22 | "github.com/sirupsen/logrus"
23 | )
24 |
25 | // AssertErrorNil asserts that the error is nil and, if not, exits with an error
26 | func AssertErrorNil(err error) {
27 | if err != nil {
28 | logrus.Error(err)
29 | os.Exit(1)
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/cmd/aws_securityhub.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package cmd
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 | )
22 |
23 | var securityhubCmd = &cobra.Command{
24 | Use: "securityhub",
25 | Aliases: []string{"hub", "sh"},
26 | Short: "AWS Security Hub automation tasks",
27 | Long: "AWS Security Hub automation tasks",
28 | }
29 |
30 | func init() {
31 | awsCmd.AddCommand(securityhubCmd)
32 | }
33 |
--------------------------------------------------------------------------------
/cmd/version.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package cmd
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 | jww "github.com/spf13/jwalterweatherman"
22 | )
23 |
24 | // Version is the application's version in SemVer format
25 | var Version = "v0.0.0-development"
26 |
27 | var versionCmd = &cobra.Command{
28 | Use: "version",
29 | Short: "Print the version number of turf",
30 | Long: "Print the version number of turf",
31 | Run: func(cmd *cobra.Command, args []string) {
32 | printTurfVersion()
33 | },
34 | }
35 |
36 | func printTurfVersion() {
37 | jww.FEEDBACK.Println(Version)
38 | }
39 |
40 | func init() {
41 | rootCmd.AddCommand(versionCmd)
42 | }
43 |
--------------------------------------------------------------------------------
/compare/compare.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package compare
18 |
19 | // Eqer can be used to determine if this value is equal to the other.
20 | type Eqer interface {
21 | Eq(other interface{}) bool
22 | }
23 |
24 | // ProbablyEqer is an equal check that may return false positives, but never
25 | // a false negative.
26 | type ProbablyEqer interface {
27 | ProbablyEq(other interface{}) bool
28 | }
29 |
30 | // Comparer can be used to compare two values.
31 | // This will be used when using the le, ge etc. operators in the templates.
32 | // Compare returns -1 if the given version is less than, 0 if equal and 1 if greater than
33 | // the running version.
34 | type Comparer interface {
35 | Compare(other interface{}) int
36 | }
37 |
--------------------------------------------------------------------------------
/cmd/aws.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package cmd
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 | )
22 |
23 | var region string
24 | var profile string
25 | var role string
26 |
27 | // These flags are used in the AWS sub-commands
28 | const roleFlag string = "role"
29 | const isPrivilegedFlag string = "privileged"
30 | const adminAccountRoleFlag string = "administrator-account-role"
31 | const rootRoleFlag string = "root-role"
32 |
33 | var administratorAccountRole string
34 | var rootRole string
35 |
36 | var awsCmd = &cobra.Command{
37 | Use: "aws",
38 | Short: "Commands related to automating AWS",
39 | Long: "Commands related to automating AWS",
40 | }
41 |
42 | func init() {
43 | rootCmd.AddCommand(awsCmd)
44 |
45 | // Persistent flags for all AWS subcommands
46 | awsCmd.PersistentFlags().StringVar(®ion, "region", "us-east-1", "The AWS region to operate on")
47 | awsCmd.PersistentFlags().StringVar(&profile, "profile", "default", "The AWS profile to assume to run commands")
48 | }
49 |
--------------------------------------------------------------------------------
/cmd/aws_securityhub_setadministratoraccount.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package cmd
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 |
22 | "github.com/cloudposse/turf/aws"
23 | )
24 |
25 | var securityHubAddMembersCmd = &cobra.Command{
26 | Use: "set-administrator-account",
27 | Aliases: []string{"admin-account"},
28 | Short: "Set Security Hub administrator account and member accounts",
29 | Long: "Designate the AWS Organization's AWS Security Hub Admininstrator Account, then enabled all the AWS Organization accounts as members",
30 | RunE: func(cmd *cobra.Command, args []string) error {
31 | return aws.EnableSecurityHubAdministratorAccount(region, administratorAccountRole, rootRole)
32 | },
33 | }
34 |
35 | func init() {
36 | securityhubCmd.AddCommand(securityHubAddMembersCmd)
37 |
38 | securityHubAddMembersCmd.Flags().StringVarP(&administratorAccountRole, adminAccountRoleFlag, "a", "", "The ARN of a role to assume with access to the organization's Security Hub Administrator Account")
39 | securityHubAddMembersCmd.Flags().StringVarP(&rootRole, rootRoleFlag, "r", "", "The ARN of a role to assume with access to AWS Management Account")
40 | }
41 |
--------------------------------------------------------------------------------
/.github/workflows/go.yaml:
--------------------------------------------------------------------------------
1 | name: "go"
2 |
3 | on:
4 | release:
5 | types: [published]
6 |
7 | pull_request:
8 | types: [opened, synchronize, reopened]
9 |
10 | jobs:
11 | build:
12 | runs-on: ubuntu-latest
13 | steps:
14 | - name: "Checkout"
15 | uses: actions/checkout@v2
16 |
17 | - name: Get the version
18 | id: get_version
19 | run: |
20 | if [[ $GITHUB_REF == refs/tags/* ]]; then
21 | echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
22 | else
23 | echo "VERSION=${GITHUB_SHA}" >> $GITHUB_OUTPUT
24 | fi
25 |
26 | - name: "Build Go binaries"
27 | uses: cloudposse/actions/go/build@0.28.0
28 | env:
29 | GO111MODULE: on
30 | # Architectures to build for
31 | GOX_OSARCH: >-
32 | windows/386 windows/amd64 freebsd/arm netbsd/386 netbsd/amd64 netbsd/arm linux/s390x linux/arm darwin/amd64
33 | linux/386 linux/amd64 freebsd/amd64 freebsd/386 openbsd/386 openbsd/amd64
34 | OUTPUT_PATH: ${{ github.workspace }}/release/turf_
35 | LDFLAGS: "-X 'github.com/cloudposse/turf/cmd.Version=${{ steps.get_version.outputs.VERSION }}'"
36 |
37 | - name: "Upload artifacts to GitHub"
38 | uses: actions/upload-artifact@v2
39 | with:
40 | name: ${{ github.event.repository.name }}
41 | path: ${{ github.workspace }}/release/*
42 |
43 | - name: "Attach artifacts to GitHub Release"
44 | if: ${{ github.event_name == 'release' }}
45 | uses: cloudposse/actions/github/release-assets@0.28.0
46 | env:
47 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
48 | INPUT_PATH: ${{ github.workspace }}/release/turf_*
49 |
--------------------------------------------------------------------------------
/cmd/aws_guardduty_setadministratoraccount.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package cmd
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 |
22 | "github.com/cloudposse/turf/aws"
23 | )
24 |
25 | var autoEnableS3 bool
26 |
27 | const autoEnableS3Flag string = "auto-enable-s3-protection"
28 |
29 | var guardDutyAddMembersCmd = &cobra.Command{
30 | Use: "set-administrator-account",
31 | Aliases: []string{"admin-account"},
32 | Short: "Set GuardDuty administrator account and member accounts",
33 | Long: "Designate the AWS Organization's AWS GuardDuty Admininstrator Account, then enable all the AWS Organization accounts as members",
34 | RunE: func(cmd *cobra.Command, args []string) error {
35 | return aws.EnableGuardDutyAdministratorAccount(region, administratorAccountRole, rootRole, autoEnableS3)
36 | },
37 | }
38 |
39 | func init() {
40 | guardDutyCmd.AddCommand(guardDutyAddMembersCmd)
41 |
42 | guardDutyAddMembersCmd.Flags().StringVarP(&administratorAccountRole, adminAccountRoleFlag, "a", "", "The ARN of a role to assume with access to the organization's GuardDuty Administrator Account")
43 | guardDutyAddMembersCmd.Flags().StringVarP(&rootRole, rootRoleFlag, "r", "", "The ARN of a role to assume with access to AWS Management Account")
44 | guardDutyAddMembersCmd.Flags().BoolVarP(&autoEnableS3, autoEnableS3Flag, "", false, "Auto-enable S3 protection")
45 | }
46 |
--------------------------------------------------------------------------------
/cmd/aws_delete_default_vpcs.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package cmd
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 |
22 | "github.com/cloudposse/turf/aws"
23 | )
24 |
25 | var shouldDelete bool
26 | var isPrivileged bool
27 |
28 | const shouldDeleteFlag string = "delete"
29 |
30 |
31 | var deleteDefaultVPCsCmd = &cobra.Command{
32 | Use: "delete-default-vpcs",
33 | Short: "Delete the default VPCs in each region of the account",
34 | Long: `Best-practices call for not using the default VPC, but rather, creating a new set of VPCs as necessary.
35 | AWS Security Hub will flag the default VPCs as non-compliant if they aren't configured with best-practices. Rather
36 | than jumping through hoops, it's easier to delete to default VPCs. This task cannot be accomplished with terraform,
37 | so this command is necessary.`,
38 | RunE: func(cmd *cobra.Command, args []string) error {
39 | return aws.DeleteDefaultVPCs(region, role, shouldDelete, isPrivileged)
40 | },
41 | }
42 |
43 | func init() {
44 | awsCmd.AddCommand(deleteDefaultVPCsCmd)
45 |
46 | deleteDefaultVPCsCmd.Flags().StringVar(&role, roleFlag, "", "The ARN of a role to assume")
47 | deleteDefaultVPCsCmd.Flags().BoolVarP(&isPrivileged, isPrivilegedFlag, "", false, "Flag to indicate if the session already has rights to perform the actions in AWS")
48 | deleteDefaultVPCsCmd.Flags().BoolVarP(&shouldDelete, shouldDeleteFlag, "", false, "Flag to indicate if the delete should be run")
49 | }
50 |
--------------------------------------------------------------------------------
/aws/organizations.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package aws
18 |
19 | import (
20 | "github.com/aws/aws-sdk-go/aws"
21 | "github.com/aws/aws-sdk-go/service/organizations"
22 | common "github.com/cloudposse/turf/common/error"
23 | )
24 |
25 | func getOrgClient(role string) *organizations.Organizations {
26 | sess := GetSession()
27 | creds := GetCreds(sess, role)
28 | return organizations.New(sess, &aws.Config{Credentials: creds})
29 | }
30 |
31 | // AccountWithEmail contains AccountID and Email
32 | type AccountWithEmail struct {
33 | AccountID string
34 | Email string
35 | }
36 |
37 | // ListMemberAccountIDs provides a list of AWS Accounts that are members of the AWS Organization
38 | func ListMemberAccountIDs(role string) []string {
39 | client := getOrgClient(role)
40 | accounts, err := client.ListAccounts(&organizations.ListAccountsInput{})
41 | common.AssertErrorNil(err)
42 |
43 | accountIDs := make([]string, 0)
44 | for i := range accounts.Accounts {
45 | accountIDs = append(accountIDs, *accounts.Accounts[i].Id)
46 | }
47 |
48 | return accountIDs
49 | }
50 |
51 | // ListMemberAccountIDsWithEmails provides a list of AWS Accounts that are members of the AWS Organization along with
52 | // their email addresses
53 | func ListMemberAccountIDsWithEmails(role string) []AccountWithEmail {
54 | client := getOrgClient(role)
55 | accounts, err := client.ListAccounts(&organizations.ListAccountsInput{})
56 | common.AssertErrorNil(err)
57 |
58 | accountsList := make([]AccountWithEmail, 0)
59 | for i := range accounts.Accounts {
60 | accountsList = append(accountsList, AccountWithEmail{AccountID: *accounts.Accounts[i].Id, Email: *accounts.Accounts[i].Email})
61 | }
62 |
63 | return accountsList
64 | }
65 |
--------------------------------------------------------------------------------
/aws/ec2.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package aws
18 |
19 | import (
20 | "github.com/aws/aws-sdk-go/aws"
21 | "github.com/aws/aws-sdk-go/service/ec2"
22 | common "github.com/cloudposse/turf/common/error"
23 | "github.com/sirupsen/logrus"
24 | )
25 |
26 | func getEC2Client(region string) *ec2.EC2 {
27 | sess := GetSession()
28 | return ec2.New(sess, &aws.Config{Region: ®ion})
29 | }
30 |
31 | func getEC2ClientWithRole(region string, role string) *ec2.EC2 {
32 | sess := GetSession()
33 | creds := GetCreds(sess, role)
34 | return ec2.New(sess, &aws.Config{Credentials: creds, Region: ®ion})
35 | }
36 |
37 | func getDefaultVPC(client *ec2.EC2) string {
38 | filters := []*ec2.Filter{
39 | {
40 | Name: aws.String("isDefault"),
41 | Values: []*string{aws.String("true")},
42 | },
43 | }
44 | describeInput := &ec2.DescribeVpcsInput{Filters: filters}
45 | defaultVpc, err := client.DescribeVpcs(describeInput)
46 | common.AssertErrorNil(err)
47 |
48 | if len(defaultVpc.Vpcs) == 0 {
49 | logrus.Info(" no default VPC found")
50 | return ""
51 | }
52 | return *defaultVpc.Vpcs[0].VpcId
53 | }
54 |
55 | // GetEnabledRegions provides a list of AWS Regions that are enabled
56 | func GetEnabledRegions(region string, role string, isPrivileged bool) []string {
57 | client := getEC2Client(region)
58 | if !isPrivileged {
59 | client = getEC2ClientWithRole(region, role)
60 | }
61 |
62 | regions, err := client.DescribeRegions(&ec2.DescribeRegionsInput{AllRegions: aws.Bool(false)})
63 | common.AssertErrorNil(err)
64 |
65 | regionsList := make([]string, 0)
66 | for i := range regions.Regions {
67 | regionsList = append(regionsList, *regions.Regions[i].RegionName)
68 | }
69 |
70 | return regionsList
71 | }
72 |
--------------------------------------------------------------------------------
/aws/sts.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package aws
18 |
19 | import (
20 | "github.com/aws/aws-sdk-go/aws"
21 | "github.com/aws/aws-sdk-go/aws/credentials"
22 | "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
23 | "github.com/aws/aws-sdk-go/aws/session"
24 | "github.com/aws/aws-sdk-go/service/sts"
25 | common "github.com/cloudposse/turf/common/error"
26 | )
27 |
28 | func getStsClient(sess *session.Session) *sts.STS {
29 | return sts.New(sess)
30 | }
31 |
32 | func getStsClientWithCreds(sess *session.Session, creds *credentials.Credentials) *sts.STS {
33 | return sts.New(sess, &aws.Config{Credentials: creds})
34 | }
35 |
36 | // GetSession return a new AWS Session
37 | func GetSession() *session.Session {
38 | session := session.Must(session.NewSession())
39 | return session
40 | }
41 |
42 | // GetCreds return credentials that can be used on a session
43 | func GetCreds(sess *session.Session, role string) *credentials.Credentials {
44 | creds := stscreds.NewCredentials(sess, role)
45 | return creds
46 | }
47 |
48 | // GetAccountID returns the AWS Account ID of the session
49 | func GetAccountID(sess *session.Session) string {
50 | client := getStsClient(sess)
51 |
52 | input := sts.GetCallerIdentityInput{}
53 | ident, err := client.GetCallerIdentity(&input)
54 |
55 | common.AssertErrorNil(err)
56 | return *ident.Account
57 | }
58 |
59 | // GetAccountIDWithRole returns the AWS Account ID of the session after assuming a role
60 | func GetAccountIDWithRole(sess *session.Session, role string) string {
61 | creds := GetCreds(sess, role)
62 | client := getStsClientWithCreds(sess, creds)
63 |
64 | input := sts.GetCallerIdentityInput{}
65 | ident, err := client.GetCallerIdentity(&input)
66 |
67 | common.AssertErrorNil(err)
68 | return *ident.Account
69 | }
70 |
--------------------------------------------------------------------------------
/cmd/root.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package cmd
18 |
19 | import (
20 | "fmt"
21 | "os"
22 |
23 | "github.com/spf13/cobra"
24 |
25 | homedir "github.com/mitchellh/go-homedir"
26 | "github.com/spf13/viper"
27 | )
28 |
29 | var cfgFile string
30 |
31 | // rootCmd represents the base command when called without any subcommands
32 | var rootCmd = &cobra.Command{
33 | Use: "turf",
34 | Short: "A cli automation helper by cloudposse",
35 | }
36 |
37 | // Execute adds all child commands to the root command and sets flags appropriately.
38 | // This is called by main.main(). It only needs to happen once to the rootCmd.
39 | func Execute() {
40 | if err := rootCmd.Execute(); err != nil {
41 | fmt.Println(err)
42 | os.Exit(1)
43 | }
44 | }
45 |
46 | func init() {
47 | cobra.OnInitialize(initConfig)
48 |
49 | // Here you will define your flags and configuration settings.
50 | // Cobra supports persistent flags, which, if defined here,
51 | // will be global for your application.
52 |
53 | rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.turf.yaml)")
54 |
55 | // Cobra also supports local flags, which will only run
56 | // when this action is called directly.
57 | rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
58 | }
59 |
60 | // initConfig reads in config file and ENV variables if set.
61 | func initConfig() {
62 | if cfgFile != "" {
63 | // Use config file from the flag.
64 | viper.SetConfigFile(cfgFile)
65 | } else {
66 | // Find home directory.
67 | home, err := homedir.Dir()
68 | if err != nil {
69 | fmt.Println(err)
70 | os.Exit(1)
71 | }
72 |
73 | // Search config in home directory with name ".turf" (without extension).
74 | viper.AddConfigPath(home)
75 | viper.SetConfigName(".turf")
76 | }
77 |
78 | viper.AutomaticEnv() // read in environment variables that match
79 |
80 | // If a config file is found, read it in.
81 | if err := viper.ReadInConfig(); err == nil {
82 | fmt.Println("Using config file:", viper.ConfigFileUsed())
83 | }
84 | }
85 |
--------------------------------------------------------------------------------
/.github/workflows/docker.yaml:
--------------------------------------------------------------------------------
1 | name: "docker"
2 | on:
3 | pull_request:
4 | types: [opened, synchronize, reopened]
5 | release:
6 | types:
7 | - created
8 | jobs:
9 | build-and-push:
10 | runs-on: ubuntu-latest
11 | steps:
12 | - name: "Checkout source code at current commit"
13 | uses: actions/checkout@v2
14 |
15 | - name: Get the build version
16 | id: get_build_version
17 | run: |
18 | if [[ $GITHUB_REF == refs/tags/* ]]; then
19 | echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
20 | elif [[ $GITHUB_REF == refs/pull/* ]]; then
21 | echo "VERSION=pr-${{ github.event.pull_request.number }}-merge" >> $GITHUB_OUTPUT
22 | else
23 | echo "VERSION=${GITHUB_SHA}" >> $GITHUB_OUTPUT
24 | fi
25 |
26 | - name: Prepare tags for Docker image
27 | if:
28 | (github.event_name == 'release' && github.event.action == 'created') ||
29 | github.event.pull_request.head.repo.full_name == github.repository
30 | id: prepare
31 | run: |
32 | TAGS=${{ github.repository }}:sha-${GITHUB_SHA:0:7}
33 | if [[ $GITHUB_REF == refs/tags/* ]]; then
34 | VERSION=${GITHUB_REF#refs/tags/}
35 | elif [[ $GITHUB_REF == refs/pull/* ]]; then
36 | VERSION=pr-${{ github.event.pull_request.number }}-merge
37 | fi
38 | if [[ -n $VERSION ]]; then
39 | TAGS="$TAGS,${{ github.repository }}:${VERSION}"
40 | fi
41 | if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
42 | TAGS="$TAGS,${{ github.repository }}:latest"
43 | fi
44 | echo ::set-output name=tags::${TAGS}
45 | - name: Set up Docker Buildx
46 | uses: docker/setup-buildx-action@v1
47 |
48 | - name: Login to DockerHub
49 | if:
50 | (github.event_name == 'release' && github.event.action == 'created') ||
51 | github.event.pull_request.head.repo.full_name == github.repository
52 | uses: docker/login-action@v1
53 | with:
54 | username: ${{ secrets.DOCKERHUB_USERNAME }}
55 | password: ${{ secrets.DOCKERHUB_PASSWORD }}
56 |
57 | - name: "Build and push docker image to DockerHub"
58 | id: docker_build
59 | uses: docker/build-push-action@v2
60 | with:
61 | push:
62 | ${{ (github.event_name == 'release' && github.event.action == 'created') ||
63 | github.event.pull_request.head.repo.full_name == github.repository }}
64 | tags: ${{ steps.prepare.outputs.tags }}
65 | build-args: |
66 | VERSION=${{ steps.get_build_version.outputs.VERSION }}
67 |
--------------------------------------------------------------------------------
/cmd/aws_securityhub_disablecontrol.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package cmd
18 |
19 | import (
20 | "github.com/cloudposse/turf/aws"
21 | "github.com/spf13/cobra"
22 | )
23 |
24 | const cloudTrailAccountFlag string = "cloud-trail-account"
25 | const globalCollectionRegionFlag string = "global-collector-region"
26 |
27 | var isCloudTrailAccount bool
28 | var globalCollectionRegion string
29 |
30 | var securityHubDisableGlobalControlsCmd = &cobra.Command{
31 | Use: "disable-global-controls",
32 | Short: "Disables Security Hub Global Resources controls in regions that aren't collecting Global Resources",
33 | Long: `
34 | Disables Security Hub Global Resources controls in regions that aren't collecting Global Resources and disables
35 | CloudTrail related controls in accounts that are not the central CloudTrail account.
36 |
37 | See the following AWS documentation for additional information:
38 |
39 | https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-to-disable.html
40 | https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis-to-disable.html
41 | `,
42 | RunE: func(cmd *cobra.Command, args []string) error {
43 | return aws.DisableSecurityHubGlobalResourceControls(globalCollectionRegion, role, isPrivileged, isCloudTrailAccount)
44 | },
45 | }
46 |
47 | func init() {
48 | securityHubDisableGlobalControlsCmd.Flags().StringVarP(&globalCollectionRegion, globalCollectionRegionFlag, "g", region, "The AWS Region that contains the global resource collector")
49 | securityHubDisableGlobalControlsCmd.Flags().StringVar(&role, roleFlag, "", "The ARN of a role to assume")
50 | securityHubDisableGlobalControlsCmd.Flags().BoolVarP(&isPrivileged, isPrivilegedFlag, "", false, "Flag to indicate if the session already has rights to perform the actions in AWS")
51 | securityHubDisableGlobalControlsCmd.Flags().BoolVar(&isCloudTrailAccount, cloudTrailAccountFlag, false, "A flag to indicate if this account is the central CloudTrail account")
52 |
53 | securityHubDisableGlobalControlsCmd.MarkFlagRequired(globalCollectionRegionFlag)
54 |
55 | securityhubCmd.AddCommand(securityHubDisableGlobalControlsCmd)
56 | }
57 |
--------------------------------------------------------------------------------
/compare/compare_strings.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package compare
18 |
19 | import (
20 | "strings"
21 | "unicode"
22 | "unicode/utf8"
23 | )
24 |
25 | // Strings returns an integer comparing two strings lexicographically.
26 | func Strings(s, t string) int {
27 | c := compareFold(s, t)
28 |
29 | if c == 0 {
30 | // "B" and "b" would be the same so we need a tiebreaker.
31 | return strings.Compare(s, t)
32 | }
33 |
34 | return c
35 | }
36 |
37 | // This function is derived from strings.EqualFold in Go's stdlib.
38 | // https://github.com/golang/go/blob/ad4a58e31501bce5de2aad90a620eaecdc1eecb8/src/strings/strings.go#L893
39 | func compareFold(s, t string) int {
40 | for s != "" && t != "" {
41 | var sr, tr rune
42 | if s[0] < utf8.RuneSelf {
43 | sr, s = rune(s[0]), s[1:]
44 | } else {
45 | r, size := utf8.DecodeRuneInString(s)
46 | sr, s = r, s[size:]
47 | }
48 | if t[0] < utf8.RuneSelf {
49 | tr, t = rune(t[0]), t[1:]
50 | } else {
51 | r, size := utf8.DecodeRuneInString(t)
52 | tr, t = r, t[size:]
53 | }
54 |
55 | if tr == sr {
56 | continue
57 | }
58 |
59 | c := 1
60 | if tr < sr {
61 | tr, sr = sr, tr
62 | c = -c
63 | }
64 |
65 | // ASCII only.
66 | if tr < utf8.RuneSelf {
67 | if sr >= 'A' && sr <= 'Z' {
68 | if tr <= 'Z' {
69 | // Same case.
70 | return -c
71 | }
72 |
73 | diff := tr - (sr + 'a' - 'A')
74 |
75 | if diff == 0 {
76 | continue
77 | }
78 |
79 | if diff < 0 {
80 | return c
81 | }
82 |
83 | if diff > 0 {
84 | return -c
85 | }
86 | }
87 | }
88 |
89 | // Unicode.
90 | r := unicode.SimpleFold(sr)
91 | for r != sr && r < tr {
92 | r = unicode.SimpleFold(r)
93 | }
94 |
95 | if r == tr {
96 | continue
97 | }
98 |
99 | return -c
100 | }
101 |
102 | if s == "" && t == "" {
103 | return 0
104 | }
105 |
106 | if s == "" {
107 | return -1
108 | }
109 |
110 | return 1
111 | }
112 |
113 | // LessStrings returns whether s is less than t lexicographically.
114 | func LessStrings(s, t string) bool {
115 | return Strings(s, t) < 0
116 | }
117 |
--------------------------------------------------------------------------------
/README.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | #
3 | # This is the canonical configuration for the `README.md`
4 | # Run `make readme` to rebuild the `README.md`
5 | #
6 |
7 | # Name of this project
8 | name: turf
9 |
10 | # Logo for this project
11 | #logo: docs/logo.png
12 |
13 | # License of this project
14 | license: "APACHE2"
15 |
16 | # Canonical GitHub repo
17 | github_repo: cloudposse/turf
18 |
19 | # Badges to display
20 | badges:
21 | - name: "Build Status"
22 |
23 | image: "https://github.com/cloudposse/turf/workflows/go/badge.svg"
24 | url: "https://github.com/cloudposse/turf/actions"
25 | - name: "Docker Status"
26 | image: "https://github.com/cloudposse/turf/workflows/docker/badge.svg"
27 | url: "https://github.com/cloudposse/turf/actions"
28 | - name: "Latest Release"
29 | image: "https://img.shields.io/github/release/cloudposse/turf.svg"
30 | url: "https://github.com/cloudposse/turf/releases/latest"
31 | - name: "Slack Community"
32 | image: "https://slack.cloudposse.com/badge.svg"
33 | url: "https://slack.cloudposse.com"
34 |
35 | # Short description of this project
36 | description: |-
37 | Command line utility for assisting with various automation tasks that are difficult with Terraform or other tools.
38 |
39 | The utility provides the following functions:
40 |
41 | * Enable AWS Security Hub in for the AWS Organization and associate all member accounts
42 | * Delete all of the default VPCs in an AWS account
43 |
44 | See `turf --help` for more details
45 |
46 | related:
47 | - name: "terraform-aws-security-hub"
48 | description: "Terraform module to provision AWS Security Hub"
49 | url: "https://github.com/cloudposse/terraform-aws-security-hub"
50 |
51 | # How to use this project
52 | usage: |-
53 |
54 | ```sh
55 | turf --help for help
56 | ```
57 |
58 | The utility can be called directly or as a Docker container.
59 |
60 | ### Build the Go program locally
61 | ```sh
62 | go get
63 |
64 | CGO_ENABLED=0 go build -v -o "./dist/bin/turf" *.go
65 | ```
66 |
67 | ### Build the Docker image
68 | __NOTE__: it will download all `Go` dependencies and then build the program inside the container (see [`Dockerfile`](Dockerfile))
69 |
70 | ```sh
71 | docker build --tag turf --no-cache=true .
72 | ```
73 |
74 | ### Run with Docker
75 | Run `turf` in a Docker container with local ENV vars propagated into the container's environment.
76 | [run_docker_with_local_env_vars.sh](examples/run_docker_with_local_env_vars.sh)
77 |
78 | ```sh
79 | docker run -i --rm \
80 | turf
81 | ```
82 |
83 | examples: |-
84 |
85 | ### Delete all the VPCs in an AWS Account
86 | Best-practices call for not using the default VPC, but rather, creating a new set of VPCs as necessary. AWS Security
87 | Hub will flag the default VPCs as non-compliant if they aren't configured with best-practices. Rather than jumping
88 | through hoops, it's easier to delete to default VPCs. This task cannot be accomplished with terraform, so this command
89 | is necessary. Please note that this command will also delete all of the children resources of the VPC, including
90 | Subnets, Route Tables, NACLs and Internet Gateways.
91 |
92 | ```sh
93 | turf aws \
94 | delete-default-vpcs \
95 | --role arn:aws:iam::111111111111:role/acme-gbl-root-admin \
96 | --delete
97 | ```
98 |
99 | You can also run using the current AWS credentials (rather than assuming a role):
100 |
101 | ```sh
102 | turf aws \
103 | delete-default-vpcs \
104 | --privileged \
105 | --delete
106 | ```
107 |
108 | ### Deploy Security Hub to AWS Organization
109 | The AWS Security Hub administrator account manages Security Hub membership for an organization. The organization
110 | management account designates the Security Hub administrator account for the organization. The organization management
111 | account can designate any account in the organization, including itself.
112 |
113 | ```sh
114 | turf aws \
115 | securityhub \
116 | set-administrator-account \
117 | --administrator-account-role arn:aws:iam::111111111111:role/acme-gbl-security-admin \
118 | --root-role arn:aws:iam::222222222222:role/acme-gbl-root-admin \
119 | --region us-west-2
120 | ```
121 |
122 | ### Disable Security Hub Controls
123 | DisableSecurityHubGlobalResourceControls disables Security Hub controls related to Global Resources in regions that
124 | aren't collecting Global Resources. It also disables CloudTrail related controls in accounts that aren't the central
125 | CloudTrail account.
126 |
127 | https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis-to-disable.html
128 | https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-to-disable.html
129 |
130 | ```sh
131 | turf aws \
132 | securityhub \
133 | disable-global-controls \
134 | --role arn:aws:iam::111111111111:role/acme-gbl-security-admin \
135 | --global-collector-region us-west-2
136 | ```
137 |
138 | ```sh
139 | turf aws \
140 | securityhub \
141 | disable-global-controls \
142 | --role arn:aws:iam::111111111111:role/acme-gbl-audit-admin \
143 | --global-collector-region us-west-2 \
144 | --cloud-trail-account
145 | ```
146 |
147 | You can also run using the current AWS credentials (rather than assuming a role):
148 |
149 | ```sh
150 | turf aws \
151 | securityhub \
152 | disable-global-controls \
153 | --privileged \
154 | --global-collector-region us-west-2
155 | ```
156 |
157 | ```sh
158 | turf aws \
159 | securityhub \
160 | disable-global-controls \
161 | --privileged \
162 | --global-collector-region us-west-2 \
163 | --cloud-trail-account
164 | ```
165 |
166 | ### Deploy GuardDuty to AWS Organization
167 | When you use GuardDuty with an AWS Organizations organization, you can designate any account within the organization
168 | to be the GuardDuty delegated administrator. Only the organization management account can designate GuardDuty
169 | delegated administrators.
170 |
171 | ```sh
172 | turf aws \
173 | guardduty \
174 | set-administrator-account \
175 | -administrator-account-role arn:aws:iam::111111111111:role/acme-gbl-security-admin \
176 | -root-role arn:aws:iam::222222222222:role/acme-gbl-root-admin \
177 | --region us-west-2
178 | ```
179 |
180 | # Contributors to this project
181 | contributors:
182 | - name: "Matt Calhoun"
183 | homepage: "https://github.com/mcalhoun"
184 | github: "mcalhoun"
185 |
--------------------------------------------------------------------------------
/aws/guardduty.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package aws
18 |
19 | import (
20 | "github.com/aws/aws-sdk-go/aws"
21 | "github.com/aws/aws-sdk-go/service/guardduty"
22 | common "github.com/cloudposse/turf/common/error"
23 | "github.com/sirupsen/logrus"
24 | )
25 |
26 | func getGuardDutyClient(region string, role string) *guardduty.GuardDuty {
27 | sess := GetSession()
28 | creds := GetCreds(sess, role)
29 | guardDutyClient := guardduty.New(sess, &aws.Config{Credentials: creds, Region: ®ion})
30 |
31 | return guardDutyClient
32 | }
33 |
34 | func enableGuardDutyAdminAccount(client *guardduty.GuardDuty, accountID string) {
35 | updateInput := guardduty.EnableOrganizationAdminAccountInput{AdminAccountId: &accountID}
36 | client.EnableOrganizationAdminAccount(&updateInput)
37 | }
38 |
39 | // We need to enable GuardDuty in the AWS Organizations Management Account so that it can be added as a member
40 | // account in AWS GuardDuty's Administrator account. Accounts other than the Management Account don't need to be
41 | // excplicitly enabled, but the MA does.
42 | func enableGuardDutyInManagementAccount(client *guardduty.GuardDuty) {
43 | _, err := client.CreateDetector(&guardduty.CreateDetectorInput{Enable: aws.Bool(true)})
44 | if err != nil {
45 | logrus.Error(err)
46 | }
47 | }
48 |
49 | func containsGuardDutyAdminAccount(s []*guardduty.AdminAccount, e string) bool {
50 | for _, a := range s {
51 | if *a.AdminAccountId == e {
52 | return true
53 | }
54 | }
55 | return false
56 | }
57 |
58 | func guardDutyAdminAccountAlreadyEnabled(client *guardduty.GuardDuty, accountID string) bool {
59 | listInput := guardduty.ListOrganizationAdminAccountsInput{}
60 | orgConfig, err := client.ListOrganizationAdminAccounts(&listInput)
61 | common.AssertErrorNil(err)
62 | if containsGuardDutyAdminAccount(orgConfig.AdminAccounts, accountID) {
63 | return true
64 | }
65 | return false
66 | }
67 |
68 | func logGuardDutyMemberAccounts(memberAccounts []AccountWithEmail) {
69 | logrus.Info(" AWS GuardDuty Member accounts:")
70 |
71 | for i := range memberAccounts {
72 | logrus.Infof(" %s (%s)", memberAccounts[i].AccountID, memberAccounts[i].Email)
73 | }
74 | }
75 |
76 | // addMemberAccount adds an account in the AWS Organization as a member of the GuardDuty Administrator Account
77 | func addGuardDutyMemberAccounts(client *guardduty.GuardDuty, detectorID string, memberAccounts []AccountWithEmail, administratorAcctID string) {
78 | accountDetails := make([]*guardduty.AccountDetail, 0)
79 | for i := range memberAccounts {
80 | currentAccountID := memberAccounts[i].AccountID
81 | currentEmailAddress := memberAccounts[i].Email
82 | if currentAccountID != administratorAcctID {
83 | accountDetails = append(accountDetails, &guardduty.AccountDetail{AccountId: ¤tAccountID, Email: aws.String(currentEmailAddress)})
84 | }
85 | }
86 | input := guardduty.CreateMembersInput{AccountDetails: accountDetails, DetectorId: aws.String(detectorID)}
87 | result, err := client.CreateMembers(&input)
88 | if err != nil {
89 | logrus.Error(err)
90 | } else {
91 | if len(result.UnprocessedAccounts) > 0 {
92 | logrus.Error(result)
93 | }
94 | }
95 | }
96 |
97 | func getDetectorIDForRegion(client *guardduty.GuardDuty) string {
98 | detectors, err := client.ListDetectors(&guardduty.ListDetectorsInput{})
99 | if err != nil {
100 | logrus.Error(err)
101 | return ""
102 | }
103 |
104 | if len(detectors.DetectorIds) == 0 {
105 | logrus.Error(" No GuardDuty Detectors Found!")
106 | return ""
107 | }
108 |
109 | return *detectors.DetectorIds[0]
110 | }
111 |
112 | func enableGuardDutyAutoEnable(client *guardduty.GuardDuty, autoEnableS3Protection bool) {
113 | logrus.Info(" Enabling GuardDuty Auto-Enable for new AWS Organization Member Accounts")
114 | detector := getDetectorIDForRegion(client)
115 |
116 | updateInput := guardduty.UpdateOrganizationConfigurationInput{
117 | AutoEnable: aws.Bool(true),
118 | DetectorId: aws.String(detector),
119 | DataSources: &guardduty.OrganizationDataSourceConfigurations{
120 | S3Logs: &guardduty.OrganizationS3LogsConfiguration{
121 | AutoEnable: aws.Bool(autoEnableS3Protection),
122 | },
123 | },
124 | }
125 |
126 | client.UpdateOrganizationConfiguration(&updateInput)
127 | }
128 |
129 | // EnableGuardDutyAdministratorAccount enables the GuardDuty Administrator account within the AWS Organization
130 | func EnableGuardDutyAdministratorAccount(region string, administratorAccountRole string, rootRole string, autoEnableS3Protection bool) error {
131 | rootSession := GetSession()
132 | rootAccountID := GetAccountIDWithRole(rootSession, rootRole)
133 |
134 | adminAcctSession := GetSession()
135 | adminAccountID := GetAccountIDWithRole(adminAcctSession, administratorAccountRole)
136 |
137 | enabledRegions := GetEnabledRegions(region, rootRole, false)
138 |
139 | logrus.Info("Enabling organization-wide AWS GuardDuty with the following config:")
140 | logrus.Infof(" AWS Management Account %s", rootAccountID)
141 | logrus.Infof(" AWS GuardDuty Administrator Account %s", adminAccountID)
142 |
143 | memberAccounts := ListMemberAccountIDsWithEmails(rootRole)
144 | logGuardDutyMemberAccounts(memberAccounts)
145 |
146 | for r := range enabledRegions {
147 | currentRegion := enabledRegions[r]
148 | logrus.Infof(" Processing region %s", currentRegion)
149 |
150 | rootAccountClient := getGuardDutyClient(currentRegion, rootRole)
151 | adminAccountClient := getGuardDutyClient(currentRegion, administratorAccountRole)
152 |
153 | detectorID := getDetectorIDForRegion(adminAccountClient)
154 |
155 | if !guardDutyAdminAccountAlreadyEnabled(rootAccountClient, adminAccountID) {
156 | enableGuardDutyAdminAccount(rootAccountClient, adminAccountID)
157 | detectorID = getDetectorIDForRegion(adminAccountClient)
158 |
159 | enableGuardDutyInManagementAccount(rootAccountClient)
160 |
161 | } else {
162 | logrus.Infof(" Account %s is already set as AWS GuardDuty Administrator Account, skipping configuration", adminAccountID)
163 | }
164 | enableGuardDutyAutoEnable(adminAccountClient, autoEnableS3Protection)
165 | addGuardDutyMemberAccounts(adminAccountClient, detectorID, memberAccounts, adminAccountID)
166 | }
167 | logrus.Infof("Organization-wide AWS GuardDuty complete")
168 |
169 | return nil
170 | }
171 |
--------------------------------------------------------------------------------
/aws/vpc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package aws
18 |
19 | import (
20 | "github.com/aws/aws-sdk-go/aws"
21 | "github.com/aws/aws-sdk-go/service/ec2"
22 | "github.com/sirupsen/logrus"
23 | )
24 |
25 | // Vpc is a struct that represents an AWS VPC and attaches methods to delete subordanate resources
26 | type Vpc struct {
27 | VpcID string
28 | client ec2.EC2
29 | }
30 |
31 | func (vpc Vpc) deleteInternetGateways() {
32 | gws, err := vpc.client.DescribeInternetGateways(&ec2.DescribeInternetGatewaysInput{
33 | Filters: []*ec2.Filter{
34 | {
35 | Name: aws.String("attachment.vpc-id"),
36 | Values: []*string{aws.String(vpc.VpcID)},
37 | },
38 | },
39 | })
40 | if err != nil {
41 | logrus.Error(err)
42 | return
43 | }
44 |
45 | if len(gws.InternetGateways) == 1 {
46 | logrus.Infof(" deleting internet gateways for %s", vpc.VpcID)
47 | for _, gw := range gws.InternetGateways {
48 | _, err := vpc.client.DetachInternetGateway(&ec2.DetachInternetGatewayInput{InternetGatewayId: gw.InternetGatewayId, VpcId: &vpc.VpcID})
49 | if err != nil {
50 | logrus.Error(err)
51 | } else {
52 | _, err := vpc.client.DeleteInternetGateway(&ec2.DeleteInternetGatewayInput{InternetGatewayId: gw.InternetGatewayId})
53 | if err != nil {
54 | logrus.Error(err)
55 | }
56 | }
57 | }
58 | } else {
59 | logrus.Infof(" no internet gateways found for %s", vpc.VpcID)
60 | }
61 | }
62 |
63 | func (vpc Vpc) deleteSubnets() {
64 | subnets, err := vpc.client.DescribeSubnets(&ec2.DescribeSubnetsInput{
65 | Filters: []*ec2.Filter{
66 | {
67 | Name: aws.String("vpc-id"),
68 | Values: []*string{aws.String(vpc.VpcID)},
69 | },
70 | },
71 | })
72 | if err != nil {
73 | logrus.Error(err)
74 | return
75 | }
76 |
77 | if len(subnets.Subnets) > 0 {
78 | logrus.Infof(" deleting subnets for %s", vpc.VpcID)
79 | for _, subnet := range subnets.Subnets {
80 | _, err := vpc.client.DeleteSubnet(&ec2.DeleteSubnetInput{SubnetId: subnet.SubnetId})
81 | if err != nil {
82 | logrus.Error(err)
83 | }
84 | }
85 | } else {
86 | logrus.Infof(" no subnets found for %s", vpc.VpcID)
87 | }
88 | }
89 |
90 | func (vpc Vpc) deleteRouteTables() {
91 | routeTables, err := vpc.client.DescribeRouteTables(&ec2.DescribeRouteTablesInput{
92 | Filters: []*ec2.Filter{
93 | {
94 | Name: aws.String("vpc-id"),
95 | Values: []*string{aws.String(vpc.VpcID)},
96 | },
97 | },
98 | })
99 | if err != nil {
100 | logrus.Error(err)
101 | return
102 | }
103 |
104 | if len(routeTables.RouteTables) > 0 {
105 | logrus.Infof(" deleting route tables for %s", vpc.VpcID)
106 |
107 | for _, routeTable := range routeTables.RouteTables {
108 | if len(routeTable.Associations) > 0 && *routeTable.Associations[0].Main {
109 | continue
110 | }
111 |
112 | _, err := vpc.client.DeleteRouteTable(&ec2.DeleteRouteTableInput{RouteTableId: routeTable.RouteTableId})
113 | if err != nil {
114 | logrus.Error(err)
115 | }
116 | }
117 | } else {
118 | logrus.Infof(" no route tables found for %s", vpc.VpcID)
119 | }
120 | }
121 |
122 | func (vpc Vpc) deleteNACLs() {
123 | nacls, err := vpc.client.DescribeNetworkAcls(&ec2.DescribeNetworkAclsInput{
124 | Filters: []*ec2.Filter{
125 | {
126 | Name: aws.String("vpc-id"),
127 | Values: []*string{aws.String(vpc.VpcID)},
128 | },
129 | },
130 | })
131 | if err != nil {
132 | logrus.Error(err)
133 | return
134 | }
135 |
136 | if len(nacls.NetworkAcls) > 0 {
137 | logrus.Infof(" deleting nacls for %s", vpc.VpcID)
138 | for _, nacl := range nacls.NetworkAcls {
139 | if !*nacl.IsDefault {
140 | _, err := vpc.client.DeleteNetworkAcl(&ec2.DeleteNetworkAclInput{NetworkAclId: nacl.NetworkAclId})
141 | if err != nil {
142 | logrus.Error(err)
143 | }
144 | }
145 | }
146 | } else {
147 | logrus.Infof(" no subnets found for %s", vpc.VpcID)
148 | }
149 | }
150 |
151 | func (vpc Vpc) deleteSecurityGroups() {
152 | sgs, err := vpc.client.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{
153 | Filters: []*ec2.Filter{
154 | {
155 | Name: aws.String("vpc-id"),
156 | Values: []*string{aws.String(vpc.VpcID)},
157 | },
158 | },
159 | })
160 | if err != nil {
161 | logrus.Error(err)
162 | return
163 | }
164 |
165 | if len(sgs.SecurityGroups) > 0 {
166 | logrus.Infof(" deleting security groups for %s", vpc.VpcID)
167 | for _, sg := range sgs.SecurityGroups {
168 | if *sg.GroupName != "default" {
169 | _, err := vpc.client.DeleteSecurityGroup(&ec2.DeleteSecurityGroupInput{GroupId: sg.GroupId})
170 | if err != nil {
171 | logrus.Error(err)
172 | }
173 | }
174 | }
175 | } else {
176 | logrus.Infof(" no security groups found for %s", vpc.VpcID)
177 | }
178 | }
179 |
180 | func (vpc Vpc) deleteVpc() {
181 | logrus.Infof(" deleting %s", vpc.VpcID)
182 | _, err := vpc.client.DeleteVpc(&ec2.DeleteVpcInput{VpcId: &vpc.VpcID})
183 | if err != nil {
184 | logrus.Error(err)
185 | }
186 | }
187 |
188 | func (vpc Vpc) delete() {
189 | vpc.deleteInternetGateways()
190 | vpc.deleteSubnets()
191 | vpc.deleteRouteTables()
192 | vpc.deleteNACLs()
193 | vpc.deleteSecurityGroups()
194 | vpc.deleteVpc()
195 | }
196 |
197 | // DeleteDefaultVPCs deletes all of the default VPCs in all regions of an account
198 | func DeleteDefaultVPCs(region string, role string, deleteFlag bool, isPrivileged bool) error {
199 | enabledRegions := GetEnabledRegions(region, role, isPrivileged)
200 |
201 | logrus.Infof("Deleting default VPCs")
202 |
203 | if !deleteFlag {
204 | logrus.Infof("Dry-run mode is active. Run again with %s flag to delete VPCs", "--delete")
205 | }
206 |
207 | logrus.Info("Identifying VPCs to delete:")
208 |
209 | for r := range enabledRegions {
210 | currentRegion := enabledRegions[r]
211 | logrus.Infof(" Processing region %s", currentRegion)
212 |
213 | client := getEC2Client(currentRegion)
214 | if !isPrivileged {
215 | client = getEC2ClientWithRole(currentRegion, role)
216 | }
217 |
218 | vpc := getDefaultVPC(client)
219 | if vpc != "" {
220 | logrus.Infof(" found %s", vpc)
221 |
222 | if deleteFlag {
223 | vpcInfo := Vpc{
224 | VpcID: vpc,
225 | client: *client,
226 | }
227 |
228 | vpcInfo.delete()
229 | }
230 | }
231 | }
232 |
233 | logrus.Infof("Deleting default VPCs complete")
234 |
235 | return nil
236 | }
237 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 |
2 | Apache License
3 | Version 2.0, January 2004
4 | http://www.apache.org/licenses/
5 |
6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7 |
8 | 1. Definitions.
9 |
10 | "License" shall mean the terms and conditions for use, reproduction,
11 | and distribution as defined by Sections 1 through 9 of this document.
12 |
13 | "Licensor" shall mean the copyright owner or entity authorized by
14 | the copyright owner that is granting the License.
15 |
16 | "Legal Entity" shall mean the union of the acting entity and all
17 | other entities that control, are controlled by, or are under common
18 | control with that entity. For the purposes of this definition,
19 | "control" means (i) the power, direct or indirect, to cause the
20 | direction or management of such entity, whether by contract or
21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
22 | outstanding shares, or (iii) beneficial ownership of such entity.
23 |
24 | "You" (or "Your") shall mean an individual or Legal Entity
25 | exercising permissions granted by this License.
26 |
27 | "Source" form shall mean the preferred form for making modifications,
28 | including but not limited to software source code, documentation
29 | source, and configuration files.
30 |
31 | "Object" form shall mean any form resulting from mechanical
32 | transformation or translation of a Source form, including but
33 | not limited to compiled object code, generated documentation,
34 | and conversions to other media types.
35 |
36 | "Work" shall mean the work of authorship, whether in Source or
37 | Object form, made available under the License, as indicated by a
38 | copyright notice that is included in or attached to the work
39 | (an example is provided in the Appendix below).
40 |
41 | "Derivative Works" shall mean any work, whether in Source or Object
42 | form, that is based on (or derived from) the Work and for which the
43 | editorial revisions, annotations, elaborations, or other modifications
44 | represent, as a whole, an original work of authorship. For the purposes
45 | of this License, Derivative Works shall not include works that remain
46 | separable from, or merely link (or bind by name) to the interfaces of,
47 | the Work and Derivative Works thereof.
48 |
49 | "Contribution" shall mean any work of authorship, including
50 | the original version of the Work and any modifications or additions
51 | to that Work or Derivative Works thereof, that is intentionally
52 | submitted to Licensor for inclusion in the Work by the copyright owner
53 | or by an individual or Legal Entity authorized to submit on behalf of
54 | the copyright owner. For the purposes of this definition, "submitted"
55 | means any form of electronic, verbal, or written communication sent
56 | to the Licensor or its representatives, including but not limited to
57 | communication on electronic mailing lists, source code control systems,
58 | and issue tracking systems that are managed by, or on behalf of, the
59 | Licensor for the purpose of discussing and improving the Work, but
60 | excluding communication that is conspicuously marked or otherwise
61 | designated in writing by the copyright owner as "Not a Contribution."
62 |
63 | "Contributor" shall mean Licensor and any individual or Legal Entity
64 | on behalf of whom a Contribution has been received by Licensor and
65 | subsequently incorporated within the Work.
66 |
67 | 2. Grant of Copyright License. Subject to the terms and conditions of
68 | this License, each Contributor hereby grants to You a perpetual,
69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70 | copyright license to reproduce, prepare Derivative Works of,
71 | publicly display, publicly perform, sublicense, and distribute the
72 | Work and such Derivative Works in Source or Object form.
73 |
74 | 3. Grant of Patent License. Subject to the terms and conditions of
75 | this License, each Contributor hereby grants to You a perpetual,
76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77 | (except as stated in this section) patent license to make, have made,
78 | use, offer to sell, sell, import, and otherwise transfer the Work,
79 | where such license applies only to those patent claims licensable
80 | by such Contributor that are necessarily infringed by their
81 | Contribution(s) alone or by combination of their Contribution(s)
82 | with the Work to which such Contribution(s) was submitted. If You
83 | institute patent litigation against any entity (including a
84 | cross-claim or counterclaim in a lawsuit) alleging that the Work
85 | or a Contribution incorporated within the Work constitutes direct
86 | or contributory patent infringement, then any patent licenses
87 | granted to You under this License for that Work shall terminate
88 | as of the date such litigation is filed.
89 |
90 | 4. Redistribution. You may reproduce and distribute copies of the
91 | Work or Derivative Works thereof in any medium, with or without
92 | modifications, and in Source or Object form, provided that You
93 | meet the following conditions:
94 |
95 | (a) You must give any other recipients of the Work or
96 | Derivative Works a copy of this License; and
97 |
98 | (b) You must cause any modified files to carry prominent notices
99 | stating that You changed the files; and
100 |
101 | (c) You must retain, in the Source form of any Derivative Works
102 | that You distribute, all copyright, patent, trademark, and
103 | attribution notices from the Source form of the Work,
104 | excluding those notices that do not pertain to any part of
105 | the Derivative Works; and
106 |
107 | (d) If the Work includes a "NOTICE" text file as part of its
108 | distribution, then any Derivative Works that You distribute must
109 | include a readable copy of the attribution notices contained
110 | within such NOTICE file, excluding those notices that do not
111 | pertain to any part of the Derivative Works, in at least one
112 | of the following places: within a NOTICE text file distributed
113 | as part of the Derivative Works; within the Source form or
114 | documentation, if provided along with the Derivative Works; or,
115 | within a display generated by the Derivative Works, if and
116 | wherever such third-party notices normally appear. The contents
117 | of the NOTICE file are for informational purposes only and
118 | do not modify the License. You may add Your own attribution
119 | notices within Derivative Works that You distribute, alongside
120 | or as an addendum to the NOTICE text from the Work, provided
121 | that such additional attribution notices cannot be construed
122 | as modifying the License.
123 |
124 | You may add Your own copyright statement to Your modifications and
125 | may provide additional or different license terms and conditions
126 | for use, reproduction, or distribution of Your modifications, or
127 | for any such Derivative Works as a whole, provided Your use,
128 | reproduction, and distribution of the Work otherwise complies with
129 | the conditions stated in this License.
130 |
131 | 5. Submission of Contributions. Unless You explicitly state otherwise,
132 | any Contribution intentionally submitted for inclusion in the Work
133 | by You to the Licensor shall be under the terms and conditions of
134 | this License, without any additional terms or conditions.
135 | Notwithstanding the above, nothing herein shall supersede or modify
136 | the terms of any separate license agreement you may have executed
137 | with Licensor regarding such Contributions.
138 |
139 | 6. Trademarks. This License does not grant permission to use the trade
140 | names, trademarks, service marks, or product names of the Licensor,
141 | except as required for reasonable and customary use in describing the
142 | origin of the Work and reproducing the content of the NOTICE file.
143 |
144 | 7. Disclaimer of Warranty. Unless required by applicable law or
145 | agreed to in writing, Licensor provides the Work (and each
146 | Contributor provides its Contributions) on an "AS IS" BASIS,
147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 | implied, including, without limitation, any warranties or conditions
149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 | PARTICULAR PURPOSE. You are solely responsible for determining the
151 | appropriateness of using or redistributing the Work and assume any
152 | risks associated with Your exercise of permissions under this License.
153 |
154 | 8. Limitation of Liability. In no event and under no legal theory,
155 | whether in tort (including negligence), contract, or otherwise,
156 | unless required by applicable law (such as deliberate and grossly
157 | negligent acts) or agreed to in writing, shall any Contributor be
158 | liable to You for damages, including any direct, indirect, special,
159 | incidental, or consequential damages of any character arising as a
160 | result of this License or out of the use or inability to use the
161 | Work (including but not limited to damages for loss of goodwill,
162 | work stoppage, computer failure or malfunction, or any and all
163 | other commercial damages or losses), even if such Contributor
164 | has been advised of the possibility of such damages.
165 |
166 | 9. Accepting Warranty or Additional Liability. While redistributing
167 | the Work or Derivative Works thereof, You may choose to offer,
168 | and charge a fee for, acceptance of support, warranty, indemnity,
169 | or other liability obligations and/or rights consistent with this
170 | License. However, in accepting such obligations, You may act only
171 | on Your own behalf and on Your sole responsibility, not on behalf
172 | of any other Contributor, and only if You agree to indemnify,
173 | defend, and hold each Contributor harmless for any liability
174 | incurred by, or claims asserted against, such Contributor by reason
175 | of your accepting any such warranty or additional liability.
176 |
177 | END OF TERMS AND CONDITIONS
178 |
179 | APPENDIX: How to apply the Apache License to your work.
180 |
181 | To apply the Apache License to your work, attach the following
182 | boilerplate notice, with the fields enclosed by brackets "[]"
183 | replaced with your own identifying information. (Don't include
184 | the brackets!) The text should be enclosed in the appropriate
185 | comment syntax for the file format. We also recommend that a
186 | file or class name and description of purpose be included on the
187 | same "printed page" as the copyright notice for easier
188 | identification within third-party archives.
189 |
190 | Copyright 2016-2018 Cloud Posse, LLC
191 |
192 | Licensed under the Apache License, Version 2.0 (the "License");
193 | you may not use this file except in compliance with the License.
194 | You may obtain a copy of the License at
195 |
196 | http://www.apache.org/licenses/LICENSE-2.0
197 |
198 | Unless required by applicable law or agreed to in writing, software
199 | distributed under the License is distributed on an "AS IS" BASIS,
200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201 | See the License for the specific language governing permissions and
202 | limitations under the License.
203 |
--------------------------------------------------------------------------------
/aws/securityhub.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright © 2021 Cloud Posse, LLC
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package aws
18 |
19 | import (
20 | "errors"
21 | "fmt"
22 | "time"
23 |
24 | "github.com/aws/aws-sdk-go/aws"
25 | "github.com/aws/aws-sdk-go/aws/awserr"
26 | "github.com/aws/aws-sdk-go/service/securityhub"
27 | common "github.com/cloudposse/turf/common/error"
28 | "github.com/sirupsen/logrus"
29 | )
30 |
31 | // SecurityHub is a struct that represents an AWS Security Hub and attaches methods to perform various operations against
32 | // it
33 | type SecurityHub struct {
34 | adminAccountClient *securityhub.SecurityHub
35 | currentAccountClient *securityhub.SecurityHub
36 | managementAccountClient *securityhub.SecurityHub
37 | }
38 |
39 | func (hub SecurityHub) securityHubAdminAccountAlreadyEnabled(accountID string) bool {
40 | listInput := securityhub.ListOrganizationAdminAccountsInput{}
41 | orgConfig, err := hub.managementAccountClient.ListOrganizationAdminAccounts(&listInput)
42 | common.AssertErrorNil(err)
43 | if containsSecurityHubAdminAccount(orgConfig.AdminAccounts, accountID) {
44 | return true
45 | }
46 | return false
47 | }
48 |
49 | func (hub SecurityHub) enableSecurityHubAdminAccount(accountID string) {
50 | updateInput := securityhub.EnableOrganizationAdminAccountInput{AdminAccountId: &accountID}
51 | hub.managementAccountClient.EnableOrganizationAdminAccount(&updateInput)
52 | }
53 |
54 | func (hub SecurityHub) enableSecurityHubAutoEnable() {
55 | logrus.Info(" Setting Security Hub Auto-Enable for new AWS Organization Member Accounts")
56 | updateInput := securityhub.UpdateOrganizationConfigurationInput{AutoEnable: aws.Bool(true)}
57 | hub.adminAccountClient.UpdateOrganizationConfiguration(&updateInput)
58 | }
59 |
60 | // We need to enable Security Hub in the AWS Organizations Management Account so that it can be added as a member
61 | // account in AWS Security Hub's Administrator account. Accounts other than the Management Account don't need to be
62 | // excplicitly enabled, but the MA does.
63 | func (hub SecurityHub) enableSecurityHubInManagementAccount() {
64 | _, err := hub.managementAccountClient.EnableSecurityHub(&securityhub.EnableSecurityHubInput{})
65 | if err != nil {
66 | logrus.Error(err)
67 | }
68 | }
69 |
70 | // addMemberAccount adds an account in the AWS Organization as a member of the Security Hub Administrator Account
71 | func (hub SecurityHub) addSecurityHubMemberAccounts(memberAccounts []string, administratorAcctID string) {
72 | accountDetails := make([]*securityhub.AccountDetails, 0)
73 | for i := range memberAccounts {
74 | currentAccountID := memberAccounts[i]
75 | if currentAccountID != administratorAcctID {
76 | accountDetails = append(accountDetails, &securityhub.AccountDetails{AccountId: ¤tAccountID})
77 | }
78 | }
79 | input := securityhub.CreateMembersInput{AccountDetails: accountDetails}
80 | result, err := hub.adminAccountClient.CreateMembers(&input)
81 | if err != nil {
82 | logrus.Error(err)
83 | }
84 |
85 | if len(result.UnprocessedAccounts) > 0 {
86 | logrus.Error(result)
87 | }
88 | }
89 |
90 | func (hub SecurityHub) disableControl(currentControl string) error {
91 | _, err := hub.currentAccountClient.UpdateStandardsControl(&securityhub.UpdateStandardsControlInput{
92 | ControlStatus: aws.String("DISABLED"),
93 | DisabledReason: aws.String("Global Resources are not collected in this region"),
94 | StandardsControlArn: aws.String(currentControl),
95 | })
96 |
97 | if err != nil {
98 | if aerr, ok := err.(awserr.Error); ok {
99 | if aerr.Code() == "TooManyRequestsException" {
100 | logrus.Warnf(" received too many requests error. Sleeping then trying again while disabling control %s", currentControl)
101 |
102 | time.Sleep(2 * time.Second)
103 | return hub.disableControl(currentControl)
104 | }
105 | }
106 | }
107 |
108 | return err
109 | }
110 |
111 | func (hub SecurityHub) disableControls(region string, accountID string, controls []string) {
112 | for i := range controls {
113 | currentControl := fmt.Sprintf(controls[i], region, accountID)
114 |
115 | logrus.Infof(" disabling control %s", currentControl)
116 | err := hub.disableControl(currentControl)
117 |
118 | if err != nil {
119 | logrus.Error(err)
120 | }
121 | }
122 | }
123 |
124 | // Controls for AWS Foundational Security Best Practices v1.0.0
125 | func getFoundations100Controls(isGlobalCollectionRegion bool) []string {
126 | controls := []string{}
127 |
128 | if !isGlobalCollectionRegion {
129 | controls = append(controls, []string{
130 | "arn:aws:securityhub:%s:%s:control/aws-foundational-security-best-practices/v/1.0.0/Config.1",
131 | "arn:aws:securityhub:%s:%s:control/aws-foundational-security-best-practices/v/1.0.0/IAM.1",
132 | "arn:aws:securityhub:%s:%s:control/aws-foundational-security-best-practices/v/1.0.0/IAM.2",
133 | "arn:aws:securityhub:%s:%s:control/aws-foundational-security-best-practices/v/1.0.0/IAM.3",
134 | "arn:aws:securityhub:%s:%s:control/aws-foundational-security-best-practices/v/1.0.0/IAM.4",
135 | "arn:aws:securityhub:%s:%s:control/aws-foundational-security-best-practices/v/1.0.0/IAM.5",
136 | "arn:aws:securityhub:%s:%s:control/aws-foundational-security-best-practices/v/1.0.0/IAM.6",
137 | "arn:aws:securityhub:%s:%s:control/aws-foundational-security-best-practices/v/1.0.0/IAM.7",
138 | }...)
139 | }
140 |
141 | return controls
142 | }
143 |
144 | // Controls for CIS AWS Foundations Benchmark v1.2.0
145 | func getCIS120Controls(isGlobalCollectionRegion bool, isCloudTrailAccount bool) []string {
146 | controls := []string{}
147 |
148 | if !isGlobalCollectionRegion {
149 | controls = append(controls, []string{
150 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.2",
151 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.3",
152 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.4",
153 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.5",
154 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.6",
155 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.7",
156 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.8",
157 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.9",
158 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
159 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.11",
160 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.12",
161 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.13",
162 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.14",
163 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.16",
164 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.20",
165 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.22",
166 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/2.5",
167 | }...)
168 | }
169 |
170 | if !isCloudTrailAccount || (isCloudTrailAccount && !isGlobalCollectionRegion) {
171 | controls = append(controls, []string{
172 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/1.1",
173 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/2.7",
174 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.1",
175 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.2",
176 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.3",
177 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.4",
178 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.5",
179 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.6",
180 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.7",
181 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.8",
182 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.9",
183 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.10",
184 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.11",
185 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.12",
186 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.13",
187 | "arn:aws:securityhub:%s:%s:control/cis-aws-foundations-benchmark/v/1.2.0/3.14",
188 | }...)
189 | }
190 |
191 | return controls
192 | }
193 |
194 | func getSecurityHubClient(region string) *securityhub.SecurityHub {
195 | sess := GetSession()
196 | securityHubClient := securityhub.New(sess, &aws.Config{Region: ®ion})
197 |
198 | return securityHubClient
199 | }
200 |
201 | func getSecurityHubClientWithRole(region string, role string) *securityhub.SecurityHub {
202 | sess := GetSession()
203 | creds := GetCreds(sess, role)
204 | securityHubClient := securityhub.New(sess, &aws.Config{Credentials: creds, Region: ®ion})
205 |
206 | return securityHubClient
207 | }
208 |
209 | func containsSecurityHubAdminAccount(s []*securityhub.AdminAccount, e string) bool {
210 | for _, a := range s {
211 | if *a.AccountId == e {
212 | return true
213 | }
214 | }
215 | return false
216 | }
217 |
218 | func logSecurityHubMemberAccounts(memberAccounts []string) {
219 | logrus.Info(" AWS Security Hub Member accounts:")
220 |
221 | for i := range memberAccounts {
222 | logrus.Infof(" %s", memberAccounts[i])
223 | }
224 | }
225 |
226 | // EnableSecurityHubAdministratorAccount enables the Security Hub Administrator account within the AWS Organization
227 | func EnableSecurityHubAdministratorAccount(region string, administratorAccountRole string, rootRole string) error {
228 | rootSession := GetSession()
229 | rootAccountID := GetAccountIDWithRole(rootSession, rootRole)
230 |
231 | adminAcctSession := GetSession()
232 | adminAccountID := GetAccountIDWithRole(adminAcctSession, administratorAccountRole)
233 |
234 | enabledRegions := GetEnabledRegions(region, rootRole, false)
235 |
236 | logrus.Info("Enabling organization-wide AWS Security Hub with the following config:")
237 | logrus.Infof(" AWS Management Account %s", rootAccountID)
238 | logrus.Infof(" AWS Security Hub Administrator Account %s", adminAccountID)
239 |
240 | memberAccounts := ListMemberAccountIDs(rootRole)
241 | logSecurityHubMemberAccounts(memberAccounts)
242 |
243 | for r := range enabledRegions {
244 | currentRegion := enabledRegions[r]
245 | logrus.Infof(" Processing region %s", currentRegion)
246 |
247 | managementAccountClient := getSecurityHubClientWithRole(currentRegion, rootRole)
248 | adminAccountClient := getSecurityHubClientWithRole(currentRegion, administratorAccountRole)
249 |
250 | hub := SecurityHub{
251 | adminAccountClient: adminAccountClient,
252 | managementAccountClient: managementAccountClient,
253 | }
254 |
255 | if !hub.securityHubAdminAccountAlreadyEnabled(adminAccountID) {
256 | hub.enableSecurityHubAdminAccount(adminAccountID)
257 | hub.enableSecurityHubAutoEnable()
258 | hub.enableSecurityHubInManagementAccount()
259 | } else {
260 | logrus.Infof(" Account %s is already set as AWS Security Hub Administrator Account, skipping configuration", adminAccountID)
261 | }
262 |
263 | hub.addSecurityHubMemberAccounts(memberAccounts, adminAccountID)
264 | }
265 | logrus.Infof("Organization-wide AWS Security Hub complete")
266 |
267 | return nil
268 | }
269 |
270 | func validateRegion(enabledRegions []string, region string) bool {
271 | for i := range enabledRegions {
272 | if enabledRegions[i] == region {
273 | return true
274 | }
275 | }
276 | return false
277 | }
278 |
279 | // DisableSecurityHubGlobalResourceControls disables Security Hub controls related to Global Resources in regions that
280 | // aren't collecting Global Resources. It also disables CloudTrail related controls in accounts that aren't the central
281 | // CloudTrail account.
282 | //
283 | // https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis-to-disable.html
284 | // https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-to-disable.html
285 | func DisableSecurityHubGlobalResourceControls(globalCollectionRegion string, role string, isPrivileged bool, isCloudTrailAccount bool) error {
286 | if role == "" && !isPrivileged {
287 | return errors.New("Either role must be provided or the privileged flag must be set")
288 | }
289 |
290 | session := GetSession()
291 | var accountID string
292 |
293 | if isPrivileged {
294 | accountID = GetAccountID(session)
295 | } else {
296 | accountID = GetAccountIDWithRole(session, role)
297 | }
298 |
299 | enabledRegions := GetEnabledRegions("us-east-1", role, isPrivileged)
300 |
301 | if !validateRegion(enabledRegions, globalCollectionRegion) {
302 | return fmt.Errorf("%s is not a valid enabled region in this account", globalCollectionRegion)
303 | }
304 |
305 | logrus.Infof("Disabling Global Resource controls for all regions excluding %s for account %s", globalCollectionRegion, accountID)
306 |
307 | for r := range enabledRegions {
308 | currentRegion := enabledRegions[r]
309 |
310 | var currentAccountClient *securityhub.SecurityHub
311 |
312 | if isPrivileged {
313 | currentAccountClient = getSecurityHubClient(currentRegion)
314 | } else {
315 | currentAccountClient = getSecurityHubClientWithRole(currentRegion, role)
316 | }
317 |
318 | hub := SecurityHub{
319 | currentAccountClient: currentAccountClient,
320 | }
321 |
322 | isGlobalCollectionRegion := currentRegion == globalCollectionRegion
323 |
324 | if isGlobalCollectionRegion {
325 | logrus.Infof(" processing global collection region %s", currentRegion)
326 | } else {
327 | logrus.Infof(" processing region %s", currentRegion)
328 | }
329 |
330 | foundations100Controls := getFoundations100Controls(isGlobalCollectionRegion)
331 | cis120Controls := getCIS120Controls(isGlobalCollectionRegion, isCloudTrailAccount)
332 |
333 | hub.disableControls(currentRegion, accountID, foundations100Controls)
334 | hub.disableControls(currentRegion, accountID, cis120Controls)
335 | }
336 |
337 | return nil
338 | }
339 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 | # turf [](https://github.com/cloudposse/turf/actions) [](https://github.com/cloudposse/turf/actions) [](https://github.com/cloudposse/turf/releases/latest) [](https://slack.cloudposse.com)
3 |
4 |
5 | [![README Header][readme_header_img]][readme_header_link]
6 |
7 | [![Cloud Posse][logo]](https://cpco.io/homepage)
8 |
9 |
29 |
30 | Command line utility for assisting with various automation tasks that are difficult with Terraform or other tools.
31 |
32 | The utility provides the following functions:
33 |
34 | * Enable AWS Security Hub in for the AWS Organization and associate all member accounts
35 | * Delete all of the default VPCs in an AWS account
36 |
37 | See `turf --help` for more details
38 |
39 |
40 | ---
41 |
42 | This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
43 | [
][share_email]
44 | [
][share_googleplus]
45 | [
][share_facebook]
46 | [
][share_reddit]
47 | [
][share_linkedin]
48 | [
][share_twitter]
49 |
50 |
51 |
52 |
53 | It's 100% Open Source and licensed under the [APACHE2](LICENSE).
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 | ## Usage
68 |
69 |
70 |
71 |
72 | ```sh
73 | turf --help for help
74 | ```
75 |
76 | The utility can be called directly or as a Docker container.
77 |
78 | ### Build the Go program locally
79 | ```sh
80 | go get
81 |
82 | CGO_ENABLED=0 go build -v -o "./dist/bin/turf" *.go
83 | ```
84 |
85 | ### Build the Docker image
86 | __NOTE__: it will download all `Go` dependencies and then build the program inside the container (see [`Dockerfile`](Dockerfile))
87 |
88 | ```sh
89 | docker build --tag turf --no-cache=true .
90 | ```
91 |
92 | ### Run with Docker
93 | Run `turf` in a Docker container with local ENV vars propagated into the container's environment.
94 | [run_docker_with_local_env_vars.sh](examples/run_docker_with_local_env_vars.sh)
95 |
96 | ```sh
97 | docker run -i --rm \
98 | turf
99 | ```
100 |
101 |
102 |
103 |
104 | ## Examples
105 |
106 |
107 | ### Delete all the VPCs in an AWS Account
108 | Best-practices call for not using the default VPC, but rather, creating a new set of VPCs as necessary. AWS Security
109 | Hub will flag the default VPCs as non-compliant if they aren't configured with best-practices. Rather than jumping
110 | through hoops, it's easier to delete to default VPCs. This task cannot be accomplished with terraform, so this command
111 | is necessary. Please note that this command will also delete all of the children resources of the VPC, including
112 | Subnets, Route Tables, NACLs and Internet Gateways.
113 |
114 | ```sh
115 | turf aws \
116 | delete-default-vpcs \
117 | --role arn:aws:iam::111111111111:role/acme-gbl-root-admin \
118 | --delete
119 | ```
120 |
121 | You can also run using the current AWS credentials (rather than assuming a role):
122 |
123 | ```sh
124 | turf aws \
125 | delete-default-vpcs \
126 | --privileged \
127 | --delete
128 | ```
129 |
130 | ### Deploy Security Hub to AWS Organization
131 | The AWS Security Hub administrator account manages Security Hub membership for an organization. The organization
132 | management account designates the Security Hub administrator account for the organization. The organization management
133 | account can designate any account in the organization, including itself.
134 |
135 | ```sh
136 | turf aws \
137 | securityhub \
138 | set-administrator-account \
139 | --administrator-account-role arn:aws:iam::111111111111:role/acme-gbl-security-admin \
140 | --root-role arn:aws:iam::222222222222:role/acme-gbl-root-admin \
141 | --region us-west-2
142 | ```
143 |
144 | ### Disable Security Hub Controls
145 | DisableSecurityHubGlobalResourceControls disables Security Hub controls related to Global Resources in regions that
146 | aren't collecting Global Resources. It also disables CloudTrail related controls in accounts that aren't the central
147 | CloudTrail account.
148 |
149 | https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis-to-disable.html
150 | https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-to-disable.html
151 |
152 | ```sh
153 | turf aws \
154 | securityhub \
155 | disable-global-controls \
156 | --role arn:aws:iam::111111111111:role/acme-gbl-security-admin \
157 | --global-collector-region us-west-2
158 | ```
159 |
160 | ```sh
161 | turf aws \
162 | securityhub \
163 | disable-global-controls \
164 | --role arn:aws:iam::111111111111:role/acme-gbl-audit-admin \
165 | --global-collector-region us-west-2 \
166 | --cloud-trail-account
167 | ```
168 |
169 | You can also run using the current AWS credentials (rather than assuming a role):
170 |
171 | ```sh
172 | turf aws \
173 | securityhub \
174 | disable-global-controls \
175 | --privileged \
176 | --global-collector-region us-west-2
177 | ```
178 |
179 | ```sh
180 | turf aws \
181 | securityhub \
182 | disable-global-controls \
183 | --privileged \
184 | --global-collector-region us-west-2 \
185 | --cloud-trail-account
186 | ```
187 |
188 | ### Deploy GuardDuty to AWS Organization
189 | When you use GuardDuty with an AWS Organizations organization, you can designate any account within the organization
190 | to be the GuardDuty delegated administrator. Only the organization management account can designate GuardDuty
191 | delegated administrators.
192 |
193 | ```sh
194 | turf aws \
195 | guardduty \
196 | set-administrator-account \
197 | -administrator-account-role arn:aws:iam::111111111111:role/acme-gbl-security-admin \
198 | -root-role arn:aws:iam::222222222222:role/acme-gbl-root-admin \
199 | --region us-west-2
200 | ```
201 |
202 |
203 |
204 |
205 |
206 | ## Share the Love
207 |
208 | Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/turf)! (it helps us **a lot**)
209 |
210 | Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =)
211 |
212 |
213 | ## Related Projects
214 |
215 | Check out these related projects.
216 |
217 | - [terraform-aws-security-hub](https://github.com/cloudposse/terraform-aws-security-hub) - Terraform module to provision AWS Security Hub
218 |
219 |
220 |
221 | ## Help
222 |
223 | **Got a question?** We got answers.
224 |
225 | File a GitHub [issue](https://github.com/cloudposse/turf/issues), send us an [email][email] or join our [Slack Community][slack].
226 |
227 | [![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link]
228 |
229 | ## DevOps Accelerator for Startups
230 |
231 |
232 | We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us.
233 |
234 | [][commercial_support]
235 |
236 | Work directly with our team of DevOps experts via email, slack, and video conferencing.
237 |
238 | We deliver 10x the value for a fraction of the cost of a full-time engineer. Our track record is not even funny. If you want things done right and you need it done FAST, then we're your best bet.
239 |
240 | - **Reference Architecture.** You'll get everything you need from the ground up built using 100% infrastructure as code.
241 | - **Release Engineering.** You'll have end-to-end CI/CD with unlimited staging environments.
242 | - **Site Reliability Engineering.** You'll have total visibility into your apps and microservices.
243 | - **Security Baseline.** You'll have built-in governance with accountability and audit logs for all changes.
244 | - **GitOps.** You'll be able to operate your infrastructure via Pull Requests.
245 | - **Training.** You'll receive hands-on training so your team can operate what we build.
246 | - **Questions.** You'll have a direct line of communication between our teams via a Shared Slack channel.
247 | - **Troubleshooting.** You'll get help to triage when things aren't working.
248 | - **Code Reviews.** You'll receive constructive feedback on Pull Requests.
249 | - **Bug Fixes.** We'll rapidly work with you to fix any bugs in our projects.
250 |
251 | ## Slack Community
252 |
253 | Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure.
254 |
255 | ## Discourse Forums
256 |
257 | Participate in our [Discourse Forums][discourse]. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account.
258 |
259 | ## Newsletter
260 |
261 | Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover.
262 |
263 | ## Office Hours
264 |
265 | [Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone!
266 |
267 | [![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours]
268 |
269 | ## Contributing
270 |
271 | ### Bug Reports & Feature Requests
272 |
273 | Please use the [issue tracker](https://github.com/cloudposse/turf/issues) to report any bugs or file feature requests.
274 |
275 | ### Developing
276 |
277 | If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with our other projects, we would love to hear from you! Shoot us an [email][email].
278 |
279 | In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
280 |
281 | 1. **Fork** the repo on GitHub
282 | 2. **Clone** the project to your own machine
283 | 3. **Commit** changes to your own branch
284 | 4. **Push** your work back up to your fork
285 | 5. Submit a **Pull Request** so that we can review your changes
286 |
287 | **NOTE:** Be sure to merge the latest changes from "upstream" before making a pull request!
288 |
289 |
290 | ## Copyright
291 |
292 | Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright)
293 |
294 |
295 |
296 | ## License
297 |
298 | [](https://opensource.org/licenses/Apache-2.0)
299 |
300 | See [LICENSE](LICENSE) for full details.
301 |
302 | ```text
303 | Licensed to the Apache Software Foundation (ASF) under one
304 | or more contributor license agreements. See the NOTICE file
305 | distributed with this work for additional information
306 | regarding copyright ownership. The ASF licenses this file
307 | to you under the Apache License, Version 2.0 (the
308 | "License"); you may not use this file except in compliance
309 | with the License. You may obtain a copy of the License at
310 |
311 | https://www.apache.org/licenses/LICENSE-2.0
312 |
313 | Unless required by applicable law or agreed to in writing,
314 | software distributed under the License is distributed on an
315 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
316 | KIND, either express or implied. See the License for the
317 | specific language governing permissions and limitations
318 | under the License.
319 | ```
320 |
321 |
322 |
323 |
324 |
325 |
326 |
327 |
328 |
329 | ## Trademarks
330 |
331 | All other trademarks referenced herein are the property of their respective owners.
332 |
333 | ## About
334 |
335 | This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know by [leaving a testimonial][testimonial]!
336 |
337 | [![Cloud Posse][logo]][website]
338 |
339 | We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️ [Open Source Software][we_love_open_source].
340 |
341 | We offer [paid support][commercial_support] on all of our projects.
342 |
343 | Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation.
344 |
345 |
346 |
347 | ### Contributors
348 |
349 |
350 | | [![Matt Calhoun][mcalhoun_avatar]][mcalhoun_homepage]
[Matt Calhoun][mcalhoun_homepage] |
351 | |---|
352 |
353 |
354 |
355 | [mcalhoun_homepage]: https://github.com/mcalhoun
356 | [mcalhoun_avatar]: https://img.cloudposse.com/150x150/https://github.com/mcalhoun.png
357 |
358 | [![README Footer][readme_footer_img]][readme_footer_link]
359 | [![Beacon][beacon]][website]
360 |
361 | [logo]: https://cloudposse.com/logo-300x69.svg
362 | [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=docs
363 | [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=website
364 | [github]: https://cpco.io/github?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=github
365 | [jobs]: https://cpco.io/jobs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=jobs
366 | [hire]: https://cpco.io/hire?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=hire
367 | [slack]: https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=slack
368 | [linkedin]: https://cpco.io/linkedin?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=linkedin
369 | [twitter]: https://cpco.io/twitter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=twitter
370 | [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=testimonial
371 | [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=office_hours
372 | [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=newsletter
373 | [discourse]: https://ask.sweetops.com/?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=discourse
374 | [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=email
375 | [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=commercial_support
376 | [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=we_love_open_source
377 | [terraform_modules]: https://cpco.io/terraform-modules?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=terraform_modules
378 | [readme_header_img]: https://cloudposse.com/readme/header/img
379 | [readme_header_link]: https://cloudposse.com/readme/header/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=readme_header_link
380 | [readme_footer_img]: https://cloudposse.com/readme/footer/img
381 | [readme_footer_link]: https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=readme_footer_link
382 | [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img
383 | [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/turf&utm_content=readme_commercial_support_link
384 | [share_twitter]: https://twitter.com/intent/tweet/?text=turf&url=https://github.com/cloudposse/turf
385 | [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=turf&url=https://github.com/cloudposse/turf
386 | [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/turf
387 | [share_facebook]: https://facebook.com/sharer/sharer.php?u=https://github.com/cloudposse/turf
388 | [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/turf
389 | [share_email]: mailto:?subject=turf&body=https://github.com/cloudposse/turf
390 | [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/turf?pixel&cs=github&cm=readme&an=turf
391 |
--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
2 | cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
3 | cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
4 | cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
5 | cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
6 | cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
7 | cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
8 | cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
9 | cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
10 | cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
11 | cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
12 | cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
13 | dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
14 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
15 | github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
16 | github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
17 | github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
18 | github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
19 | github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
20 | github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
21 | github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
22 | github.com/aws/aws-sdk-go v1.38.21 h1:D08DXWI4QRaawLaW+OtsIEClOI90I6eheJs1GwXTQVI=
23 | github.com/aws/aws-sdk-go v1.38.21/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
24 | github.com/aws/aws-sdk-go v1.38.38 h1:onWHniFItFra8Wb2vTX2M6nNX3ESW2b/haVdjDlVIeA=
25 | github.com/aws/aws-sdk-go v1.38.38/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
26 | github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
27 | github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
28 | github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
29 | github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
30 | github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
31 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
32 | github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
33 | github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
34 | github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
35 | github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
36 | github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
37 | github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
38 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
39 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
40 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
41 | github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
42 | github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
43 | github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
44 | github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
45 | github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
46 | github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
47 | github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
48 | github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
49 | github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
50 | github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
51 | github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
52 | github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
53 | github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
54 | github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
55 | github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
56 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
57 | github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
58 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
59 | github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
60 | github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
61 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
62 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
63 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
64 | github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
65 | github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
66 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
67 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
68 | github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
69 | github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
70 | github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
71 | github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
72 | github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
73 | github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
74 | github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
75 | github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
76 | github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
77 | github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
78 | github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
79 | github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
80 | github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
81 | github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
82 | github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
83 | github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
84 | github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
85 | github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
86 | github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
87 | github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
88 | github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
89 | github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
90 | github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
91 | github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
92 | github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
93 | github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
94 | github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
95 | github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
96 | github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
97 | github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
98 | github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
99 | github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
100 | github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
101 | github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
102 | github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
103 | github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
104 | github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
105 | github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
106 | github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
107 | github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
108 | github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
109 | github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
110 | github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
111 | github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
112 | github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
113 | github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
114 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
115 | github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
116 | github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
117 | github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
118 | github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
119 | github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
120 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
121 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
122 | github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
123 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
124 | github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
125 | github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
126 | github.com/magiconair/properties v1.8.4 h1:8KGKTcQQGm0Kv7vEbKFErAoAOFyyacLStRtQSeYtvkY=
127 | github.com/magiconair/properties v1.8.4/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
128 | github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
129 | github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
130 | github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
131 | github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
132 | github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
133 | github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
134 | github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
135 | github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
136 | github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
137 | github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
138 | github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
139 | github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
140 | github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
141 | github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
142 | github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
143 | github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
144 | github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
145 | github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
146 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
147 | github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
148 | github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
149 | github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
150 | github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
151 | github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
152 | github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
153 | github.com/pelletier/go-toml v1.8.1 h1:1Nf83orprkJyknT6h7zbuEGUEjcyVlCxSUGTENmNCRM=
154 | github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
155 | github.com/pelletier/go-toml v1.9.1 h1:a6qW1EVNZWH9WGI6CsYdD8WAylkoXBS5yv0XHlh17Tc=
156 | github.com/pelletier/go-toml v1.9.1/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
157 | github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
158 | github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
159 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
160 | github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
161 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
162 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
163 | github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
164 | github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
165 | github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
166 | github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
167 | github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
168 | github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
169 | github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
170 | github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
171 | github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
172 | github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
173 | github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
174 | github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
175 | github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
176 | github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
177 | github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
178 | github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
179 | github.com/sirupsen/logrus v1.2.0 h1:juTguoYk5qI21pwyTXY3B3Y5cOTH3ZUyZCg1v/mihuo=
180 | github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
181 | github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
182 | github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
183 | github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
184 | github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
185 | github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
186 | github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
187 | github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
188 | github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
189 | github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
190 | github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
191 | github.com/spf13/afero v1.5.1 h1:VHu76Lk0LSP1x254maIu2bplkWpfBWI+B+6fdoZprcg=
192 | github.com/spf13/afero v1.5.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
193 | github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY=
194 | github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
195 | github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
196 | github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
197 | github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
198 | github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
199 | github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M=
200 | github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
201 | github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
202 | github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
203 | github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
204 | github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
205 | github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
206 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
207 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
208 | github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
209 | github.com/spf13/viper v1.7.1 h1:pM5oEahlgWv/WnHXpgbKz7iLIxRf65tye2Ci+XFK5sk=
210 | github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
211 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
212 | github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
213 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
214 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
215 | github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
216 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
217 | github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
218 | github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
219 | github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
220 | github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
221 | go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
222 | go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
223 | go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
224 | go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
225 | go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
226 | go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
227 | golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
228 | golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
229 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
230 | golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
231 | golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
232 | golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
233 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
234 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
235 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
236 | golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
237 | golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
238 | golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
239 | golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
240 | golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
241 | golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
242 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
243 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
244 | golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
245 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
246 | golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
247 | golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
248 | golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
249 | golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
250 | golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
251 | golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
252 | golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
253 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
254 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
255 | golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
256 | golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
257 | golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
258 | golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
259 | golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
260 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
261 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
262 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
263 | golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
264 | golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
265 | golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
266 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
267 | golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
268 | golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
269 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
270 | golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
271 | golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
272 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
273 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
274 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
275 | golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
276 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
277 | golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
278 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
279 | golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
280 | golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
281 | golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
282 | golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
283 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
284 | golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
285 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
286 | golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
287 | golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
288 | golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
289 | golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
290 | golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
291 | golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
292 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
293 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
294 | golang.org/x/sys v0.0.0-20210304152209-afaa3650a925 h1:Ee/Y8w57dY5pI4wYh0ZdFQn++NMCNRNIOKXCZ/82iUM=
295 | golang.org/x/sys v0.0.0-20210304152209-afaa3650a925/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
296 | golang.org/x/sys v0.0.0-20210511113859-b0526f3d8744 h1:yhBbb4IRs2HS9PPlAg6DMC6mUOKexJBNsLf4Z+6En1Q=
297 | golang.org/x/sys v0.0.0-20210511113859-b0526f3d8744/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
298 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
299 | golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
300 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
301 | golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
302 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
303 | golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
304 | golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
305 | golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
306 | golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
307 | golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
308 | golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
309 | golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
310 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
311 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
312 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
313 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
314 | golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
315 | golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
316 | golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
317 | golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
318 | golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
319 | golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
320 | golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
321 | golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
322 | golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
323 | golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
324 | golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
325 | golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
326 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
327 | google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
328 | google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
329 | google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
330 | google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
331 | google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
332 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
333 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
334 | google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
335 | google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
336 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
337 | google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
338 | google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
339 | google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
340 | google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
341 | google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
342 | google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
343 | google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
344 | google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
345 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
346 | google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
347 | google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
348 | gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
349 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
350 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
351 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
352 | gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
353 | gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
354 | gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
355 | gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
356 | gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
357 | gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
358 | gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
359 | gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
360 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
361 | gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
362 | gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
363 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
364 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
365 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
366 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
367 | honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
368 | honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
369 | honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
370 | rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
371 |
--------------------------------------------------------------------------------