Documentation ¶
Overview ¶
Package monitor check asset compliance
Triggered by ¶
Resource or IAM policies assets feed messages in PubSub topics.
Instances ¶
- one per REGO rule.
- all constraints (yaml settings) related to a REGO rule are evaluated in that REGO rule instance.
Output ¶
- PubSub violation topic.
- PubSub complianceStatus topic.
Cardinality ¶
- When compliant: one-one, only the compliance state, no violations.
- When not compliant: one-few, 1 compliance state + n violations.
Automatic retrying ¶
Yes.
Implementation example
package p import ( "context" "github.com/BrunoReboul/ram/services/monitorcompliance" "github.com/BrunoReboul/ram/utilities/ram" ) var global monitorcompliance.Global var ctx = context.Background() // EntryPoint is the function to be executed for each cloud function occurence func EntryPoint(ctxEvent context.Context, PubSubMessage gps.PubSubMessage) error { return monitorcompliance.EntryPoint(ctxEvent, PubSubMessage, &global) } func init() { monitorcompliance.Initialize(ctx, &global) }
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EntryPoint ¶
EntryPoint is the function to be executed for each cloud function occurence
Types ¶
type ComplianceStatus ¶ added in v0.1.0
type ComplianceStatus struct { AssetName string `json:"assetName"` AssetInventoryTimeStamp time.Time `json:"assetInventoryTimeStamp"` AssetInventoryOrigin string `json:"assetInventoryOrigin"` RuleName string `json:"ruleName"` RuleDeploymentTimeStamp time.Time `json:"ruleDeploymentTimeStamp"` Compliant bool `json:"compliant"` Deleted bool `json:"deleted"` }
ComplianceStatus by asset, by rule, true/false compliance status
type Global ¶
type Global struct { PubSubID string // contains filtered or unexported fields }
Global structure for global variables to optimize the cloud function performances
type InstanceDeployment ¶
type InstanceDeployment struct { DumpTimestamp time.Time `yaml:"dumpTimestamp"` Core *deploy.Core Artifacts struct { SpecificZipFiles map[string]string `yaml:"zipFiles"` } Settings struct { Service struct { GSU gsu.Parameters IAM iamgt.Parameters GCB gcb.Parameters GCF gcf.Parameters AssetsFileName string `yaml:"assetsFileName"` AssetsFolderName string `yaml:"assetsFolderName"` OPAFolderPath string `yaml:"opaFolderPath"` RegoModulesFolderName string `yaml:"regoModulesFolderName"` WritabelOPAFolderPath string `yaml:"writabelOPAFolderPath"` } Instance struct { GCF gcf.Event DeploymentTime time.Time `yaml:"deploymentTime" valid:"-"` // variable of type time.Type MUST discard validater. time.Time is retreived as struct with only unexported field, leading to crash recurusivity of validater } } }
InstanceDeployment settings and artifacts structure
func NewInstanceDeployment ¶
func NewInstanceDeployment() *InstanceDeployment
NewInstanceDeployment create deployment structure with default settings set
func (*InstanceDeployment) Deploy ¶
func (instanceDeployment *InstanceDeployment) Deploy() (err error)
Deploy a service instance
func (*InstanceDeployment) ReadValidate ¶
func (instanceDeployment *InstanceDeployment) ReadValidate() (err error)
ReadValidate reads and validates service and instance settings
func (*InstanceDeployment) Situate ¶
func (instanceDeployment *InstanceDeployment) Situate() (err error)
Situate complement settings taking in account the situation for service and instance settings
Source Files ¶
- core.go
- doc.go
- meth_instancedeployment_deploy.go
- meth_instancedeployment_deploygaeapp.go
- meth_instancedeployment_deploygcffunction.go
- meth_instancedeployment_deploygpstopic.go
- meth_instancedeployment_deploygrmmonitoringorgtbindings.go
- meth_instancedeployment_deploygrmprojectbindings.go
- meth_instancedeployment_deploygsuapi.go
- meth_instancedeployment_deployiammonitoringorgrole.go
- meth_instancedeployment_deployiamprojectroles.go
- meth_instancedeployment_deployiamserviceaccount.go
- meth_instancedeployment_makezipspecifccontent.go
- meth_instancedeployment_readvalidate.go
- meth_instancedeployment_situate.go
- type_instancedeployment.go