Documentation
¶
Overview ¶
Package monitorcompliance check asset compliance
Triggered by ¶
Resource or IAM policies assets feed messages in PubSub topics.
Instances ¶
- one per REGO rule.
- all constraints (yaml settings) related to a REGO rule are evaluated in that REGO rule instance.
Output ¶
- PubSub violation topic.
- PubSub complianceStatus topic.
Cardinality ¶
- When compliant: one-one, only the compliance state, no violations.
- When not compliant: one-few, 1 compliance state + n violations.
Automatic retrying ¶
Yes.
Required environment variables ¶
- ASSETSCOLLECTIONID the name of the FireStore collection grouping all assets documents.
- ENVIRONMENT the execution environment for RAM, eg, dev.
- OWNERLABELKEYNAME key name for the label identifying the asset owner.
- STATUS_TOPIC name of the PubSub topic used to output evaluated compliance states.
- VIOLATIONRESOLVERLABELKEYNAMEkey name for the label identifying the asset violation resolver.
- VIOLATION_TOPIC name of the PubSub topic used to output found violations.
Implementation example
package p
import (
"context"
"github.com/BrunoReboul/ram/services/monitorcompliance"
"github.com/BrunoReboul/ram/utilities/ram"
)
var global monitorcompliance.Global
var ctx = context.Background()
// EntryPoint is the function to be executed for each cloud function occurence
func EntryPoint(ctxEvent context.Context, PubSubMessage ram.PubSubMessage) error {
return monitorcompliance.EntryPoint(ctxEvent, PubSubMessage, &global)
}
func init() {
monitorcompliance.Initialize(ctx, &global)
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EntryPoint ¶
EntryPoint is the function to be executed for each cloud function occurence
func Initialize ¶
Initialize is to be executed in the init() function of the cloud function to optimize the cold start
Source Files