monitor

package
v0.3.2-rc09 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 10, 2020 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Overview

Package monitor check asset compliance

Triggered by

Resource or IAM policies assets feed messages in PubSub topics.

Instances

- one per REGO rule.

- all constraints (yaml settings) related to a REGO rule are evaluated in that REGO rule instance.

Output

- PubSub violation topic.

- PubSub complianceStatus topic.

Cardinality

- When compliant: one-one, only the compliance state, no violations.

- When not compliant: one-few, 1 compliance state + n violations.

Automatic retrying

Yes.

Implementation example

package p
import (
    "context"

    "github.com/BrunoReboul/ram/services/monitorcompliance"
    "github.com/BrunoReboul/ram/utilities/ram"
)
var global monitorcompliance.Global
var ctx = context.Background()

// EntryPoint is the function to be executed for each cloud function occurence
func EntryPoint(ctxEvent context.Context, PubSubMessage gps.PubSubMessage) error {
    return monitorcompliance.EntryPoint(ctxEvent, PubSubMessage, &global)
}

func init() {
    monitorcompliance.Initialize(ctx, &global)
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EntryPoint

func EntryPoint(ctxEvent context.Context, PubSubMessage gps.PubSubMessage, global *Global) error

EntryPoint is the function to be executed for each cloud function occurence

func Initialize

func Initialize(ctx context.Context, global *Global) (err error)

Initialize is to be executed in the init() function of the cloud function to optimize the cold start

Types

type ComplianceStatus added in v0.1.0

type ComplianceStatus struct {
	AssetName               string    `json:"assetName"`
	AssetInventoryTimeStamp time.Time `json:"assetInventoryTimeStamp"`
	AssetInventoryOrigin    string    `json:"assetInventoryOrigin"`
	RuleName                string    `json:"ruleName"`
	RuleDeploymentTimeStamp time.Time `json:"ruleDeploymentTimeStamp"`
	Compliant               bool      `json:"compliant"`
	Deleted                 bool      `json:"deleted"`
}

ComplianceStatus by asset, by rule, true/false compliance status

type Global

type Global struct {
	PubSubID string
	// contains filtered or unexported fields
}

Global structure for global variables to optimize the cloud function performances

type InstanceDeployment

type InstanceDeployment struct {
	DumpTimestamp time.Time `yaml:"dumpTimestamp"`
	Core          *deploy.Core
	Artifacts     struct {
		SpecificZipFiles map[string]string `yaml:"zipFiles"`
	}
	Settings struct {
		Service struct {
			GSU                   gsu.Parameters
			IAM                   iamgt.Parameters
			GCB                   gcb.Parameters
			GCF                   gcf.Parameters
			AssetsFileName        string `yaml:"assetsFileName"`
			AssetsFolderName      string `yaml:"assetsFolderName"`
			OPAFolderPath         string `yaml:"opaFolderPath"`
			RegoModulesFolderName string `yaml:"regoModulesFolderName"`
			WritabelOPAFolderPath string `yaml:"writabelOPAFolderPath"`
		}
		Instance struct {
			GCF            gcf.Event
			DeploymentTime time.Time `yaml:"deploymentTime" valid:"-"` // variable of type time.Type MUST discard validater. time.Time is retreived as struct with only unexported field, leading to crash recurusivity of validater
		}
	}
}

InstanceDeployment settings and artifacts structure

func NewInstanceDeployment

func NewInstanceDeployment() *InstanceDeployment

NewInstanceDeployment create deployment structure with default settings set

func (*InstanceDeployment) Deploy

func (instanceDeployment *InstanceDeployment) Deploy() (err error)

Deploy a service instance

func (*InstanceDeployment) ReadValidate

func (instanceDeployment *InstanceDeployment) ReadValidate() (err error)

ReadValidate reads and validates service and instance settings

func (*InstanceDeployment) Situate

func (instanceDeployment *InstanceDeployment) Situate() (err error)

Situate complement settings taking in account the situation for service and instance settings

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL