ram

module
v0.0.21-rc00 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 14, 2020 License: Apache-2.0

README

RAM Real-time Asset Monitor

What

Audit Google Cloud resources (the assets) compliance against a set of rules when the resource is updated. The stream of detected non compliances could then be consumed to alert, report or even fix on the fly.

Use cases
  1. Security compliance, usually 80% of the rules
  2. Operational compliance
    • E.g. each Cloud SQL MySQL instance should have a defined maintenance window to avoid downtime
  3. Financial Operations (finOps) compliance
    • E.g. Do not provision anymore N1 virtual machines instances, instead provision N2: the price performance ratio is better

Why

  • It is all easier to fix when it is detected early
  • Value is delivered only when a detected non compliance is fixed

Documentation

Directories

Path Synopsis
services
dumpinventory
Package dumpinventory request CAI to perform an export Triggered by Cloud Scheduler Job, through PubSub messages.
Package dumpinventory request CAI to perform an export Triggered by Cloud Scheduler Job, through PubSub messages.
getgroupsettings
Package getgroupsettings retreives the settings of one group from `Groups Settings API` Triggered by PubSub messages from the GCI groups topic.
Package getgroupsettings retreives the settings of one group from `Groups Settings API` Triggered by PubSub messages from the GCI groups topic.
listgroupmembers
Package listgroupmembers extract all members from a group in GCI directory using the Admin SDK API Triggered by PubSub messages from the GCI groups topic.
Package listgroupmembers extract all members from a group in GCI directory using the Admin SDK API Triggered by PubSub messages from the GCI groups topic.
listgroups
Package listgroups extract all groups from a GCI directory using the Admin SDK API Triggered by Cloud Scheduler Job, through PubSub messages.
Package listgroups extract all groups from a GCI directory using the Admin SDK API Triggered by Cloud Scheduler Job, through PubSub messages.
monitor
Package monitor check asset compliance Triggered by Resource or IAM policies assets feed messages in PubSub topics.
Package monitor check asset compliance Triggered by Resource or IAM policies assets feed messages in PubSub topics.
publish2fs
Package publish2fs publish assets resource feeds as FireStore documents It manages creation, updates and delete.
Package publish2fs publish assets resource feeds as FireStore documents It manages creation, updates and delete.
setfeeds
Package setfeeds set Cloud Asset Inventory feeds at organization level Instances per targeted GCP organization, per environment - one feed for all iam policies - one feed per asset type for resource metadata.
Package setfeeds set Cloud Asset Inventory feeds at organization level Instances per targeted GCP organization, per environment - one feed for all iam policies - one feed per asset type for resource metadata.
splitdump
Package splitdump nibble large CAI dumps into PubSub asset feed messages One dump line = one PubSub message.
Package splitdump nibble large CAI dumps into PubSub asset feed messages One dump line = one PubSub message.
stream2bq
Package stream2bq streams PubSub message into BigQuery tables It can stream into 3 RAM tables: 1) assets 2) compliance states 3) violations.
Package stream2bq streams PubSub message into BigQuery tables It can stream into 3 RAM tables: 1) assets 2) compliance states 3) violations.
upload2gcs
Package upload2gcs stores feeds as JSON files in a GCS bucket Manage file creation (with override) and deletion.
Package upload2gcs stores feeds as JSON files in a GCS bucket Manage file creation (with override) and deletion.
utilities
bil
Package bil helps with billing management
Package bil helps with billing management
cai
Package cai helps with Cloud Asset Inventory
Package cai helps with Cloud Asset Inventory
gae
Package gae helps with Google Application Engine
Package gae helps with Google Application Engine
gcb
Package gcb helps with Google cloud build
Package gcb helps with Google cloud build
gcf
gcs
Package gcs helps with Google Cloud Scheduler
Package gcs helps with Google Cloud Scheduler
gps
Package gps helps with Google Pubsub
Package gps helps with Google Pubsub
grm
Package grm helps with Google Resource Manager, aka Organizations, Folders, Projects and their role bindings
Package grm helps with Google Resource Manager, aka Organizations, Folders, Projects and their role bindings
gsr
Package gsr helps with Google Source Repositories
Package gsr helps with Google Source Repositories
gsu
Package gsu helps with Google Service Usage, aka APIs activation
Package gsu helps with Google Service Usage, aka APIs activation
iamgt
Package iamgt helps with Google Identity Access Management, aka Service Accounts and their roles bindings
Package iamgt helps with Google Identity Access Management, aka Service Accounts and their roles bindings
ram
Package ram avoid code redundancy by grouping types and functions used by other ram packages
Package ram avoid code redundancy by grouping types and functions used by other ram packages
ramcli
Package ramcli Real-time Asset Monitor command line cli
Package ramcli Real-time Asset Monitor command line cli
sch
Package sch helps with Google Cloud Storage
Package sch helps with Google Cloud Storage
validater
Package validater helps to validate struct fields
Package validater helps to validate struct fields

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL