Documentation
¶
Overview ¶
Package config provides utilities to parse and create project and resource configurations.
Index ¶
- Constants
- Variables
- func DumpGeneratedFields(generatedFields *AllGeneratedFields, path string) error
- func NormalizePath(path string) (string, error)
- func ValidateConf(confYAML []byte) error
- type AllGeneratedFields
- type Binding
- type Config
- type Forseti
- type ForsetiProperties
- type ForsetiServiceInfo
- type GCEInstanceInfo
- type GeneratedFields
- type Project
Constants ¶
const ( IAMChangeMetricName = "iam-policy-change-count" BucketPermissionChangeMetricName = "bucket-permission-change-count" BQSettingChangeMetricName = "bigquery-settings-change-count" BucketUnexpectedAccessMetricPrefix = "unexpected-access-" )
Logging Metric names used to create logs-based-metrics and Stackdriver alerts.
Variables ¶
var EnableTerraform = false
EnableTerraform determines whether terraform will be enabled or not. Note: The terraform state bucket does not respect this var as it is required currently for Forseti projects.
Functions ¶
func DumpGeneratedFields ¶
func DumpGeneratedFields(generatedFields *AllGeneratedFields, path string) error
DumpGeneratedFields dumps generated fields to file at path.
func NormalizePath ¶
NormalizePath normalizes paths specified through a local run or Bazel invocation.
func ValidateConf ¶
ValidateConf validates the input project config against the default schema template.
Types ¶
type AllGeneratedFields ¶
type AllGeneratedFields struct {
Projects map[string]*GeneratedFields `json:"projects,omitempty"`
Forseti *ForsetiServiceInfo `json:"forseti,omitempty"`
}
AllGeneratedFields defines the generated_fields block. AllGeneratedFields contains resource information when the resources are deployed. See field_generation_test for examples.
type Binding ¶
type Binding struct {
Role string `json:"role" yaml:"role"`
Members []string `json:"members" yaml:"members"`
}
Binding represents a GCP policy binding.
func MergeBindings ¶
MergeBindings merges bindings together. It is typically used to merge default bindings with user specified bindings. Roles will be de-duplicated and merged into a single binding. Members are de-duplicated by deployment manager.
type Config ¶
type Config struct {
Overall struct {
BillingAccount string `json:"billing_account"`
Domain string `json:"domain"`
OrganizationID string `json:"organization_id"`
FolderID string `json:"folder_id"`
AllowedAPIs []string `json:"allowed_apis"`
} `json:"overall"`
Devops *struct {
Project *Project `json:"project"`
} `json:"devops"`
AuditLogsProject *Project `json:"audit_logs_project"`
Forseti *Forseti `json:"forseti"`
Projects []*Project `json:"projects"`
GeneratedFieldsPath string `json:"generated_fields_path"`
// Set by helper and not directly through user defined config.
AllGeneratedFields *AllGeneratedFields `json:"-"`
}
Config represents a (partial) representation of a projects YAML file. Only the required fields are present. See project_config.yaml.schema for details.
func (*Config) AllFolders ¶
AllFolders returns all folder ids in this config.
func (*Config) AllProjects ¶
AllProjects returns all projects in this config. This includes Audit, Forseti and all data hosting projects.
func (*Config) Init ¶
func (c *Config) Init(genFields *AllGeneratedFields) error
Init initializes the config and all its projects.
func (*Config) ProjectForAuditLogs ¶
ProjectForAuditLogs is a helper function to get the audit logs project for the given project. Return the remote audit logs project if it exists, else return the project itself (to store audit logs locally).
func (*Config) ProjectForDevops ¶
ProjectForDevops is a helper function to get the devops project for the given project. Return the devops project if it exists, else return the project itself (to store devops resources locally).
type Forseti ¶
type Forseti struct {
Project *Project `json:"project"`
Properties *ForsetiProperties `json:"properties"`
}
Forseti wraps the CFT Forseti module.
type ForsetiProperties ¶
type ForsetiProperties struct {
// The following vars should not directly be set by users.
ProjectID string `json:"project_id"`
Domain string `json:"domain"`
CompositeRootResources []string `json:"composite_root_resources"`
// contains filtered or unexported fields
}
ForsetiProperties represents a partial CFT Forseti implementation.
func (*ForsetiProperties) Init ¶
func (p *ForsetiProperties) Init() error
Init initializes Forseti properties.
func (*ForsetiProperties) MarshalJSON ¶
func (p *ForsetiProperties) MarshalJSON() ([]byte, error)
MarshalJSON provides a custom JSON marshaller. It is used to merge the original (raw) user JSON definition with the struct.
func (*ForsetiProperties) UnmarshalJSON ¶
func (p *ForsetiProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON provides a custom JSON unmarshaller. It is used to store the original (raw) user JSON definition, which can have more fields than what is defined in this struct.
type ForsetiServiceInfo ¶
type ForsetiServiceInfo struct {
ServiceAccount string `json:"service_account,omitempty"`
ServiceBucket string `json:"server_bucket,omitempty"`
}
ForsetiServiceInfo defines the generated_fields of the forseti service.
type GCEInstanceInfo ¶
GCEInstanceInfo defines the generated fields for instances in a project.
type GeneratedFields ¶
type GeneratedFields struct {
ProjectNumber string `json:"project_number,omitempty"`
LogSinkServiceAccount string `json:"log_sink_service_account,omitempty"`
// NOTE: This field is deprecated and no longer used. It is retained for backwards compatibility to avoid breaking existing configs.
GCEInstanceInfoList []GCEInstanceInfo `json:"gce_instance_info,omitempty"`
}
GeneratedFields defines the generated_fields of a single project.
type Project ¶
type Project struct {
ID string `json:"project_id"`
BillingAccount string `json:"billing_account"`
FolderID string `json:"folder_id"`
OwnersGroup string `json:"owners_group"`
AuditorsGroup string `json:"auditors_group"`
DataReadWriteGroups []string `json:"data_readwrite_groups"`
DataReadOnlyGroups []string `json:"data_readonly_groups"`
Labels map[string]string `json:"labels"`
DevopsConfig struct {
StateBucket *tfconfig.StorageBucket `json:"state_storage_bucket"`
} `json:"devops"`
CreateDeletionLien bool `json:"create_deletion_lien"`
EnabledAPIs []string `json:"enabled_apis"`
ViolationExceptions map[string][]string `json:"violation_exceptions"`
StackdriverAlertEmail string `json:"stackdriver_alert_email"`
// Terraform resources
BigqueryDatasets []*tfconfig.BigqueryDataset `json:"bigquery_datasets"`
CloudBuildTriggers []*tfconfig.CloudBuildTrigger `json:"cloudbuild_triggers"`
ComputeFirewalls []*tfconfig.ComputeFirewall `json:"compute_firewalls"`
ComputeImages []*tfconfig.ComputeImage `json:"compute_images"`
ComputeInstances []*tfconfig.ComputeInstance `json:"compute_instances"`
DataFusionInstances []*tfconfig.DataFusionInstance `json:"data_fusion_instances"`
HealthcareDatasets []*tfconfig.HealthcareDataset `json:"healthcare_datasets"`
IAMCustomRoles []*tfconfig.ProjectIAMCustomRole `json:"project_iam_custom_roles"`
IAMMembers *tfconfig.ProjectIAMMembers `json:"project_iam_members"`
NotificationChannels []*tfconfig.MonitoringNotificationChannel `json:"monitoring_notification_channels"`
PubsubTopics []*tfconfig.PubsubTopic `json:"pubsub_topics"`
Services *tfconfig.ProjectServices `json:"project_services"`
ResourceManagerLiens []*tfconfig.ResourceManagerLien `json:"resource_manager_liens"`
ServiceAccounts []*tfconfig.ServiceAccount `json:"service_accounts"`
SpannerInstances []*tfconfig.SpannerInstance `json:"spanner_instances"`
StorageBuckets []*tfconfig.StorageBucket `json:"storage_buckets"`
Audit struct {
LogsBigqueryDataset *tfconfig.BigqueryDataset `json:"logs_bigquery_dataset"`
LogsStorageBucket *tfconfig.StorageBucket `json:"logs_storage_bucket"`
} `json:"audit"`
TerraformDeployments struct {
Resources struct {
Config map[string]interface{} `json:"config"`
} `json:"resources"`
} `json:"terraform_deployments"`
// The following vars are set through helpers and not directly through the user defined config.
GeneratedFields *GeneratedFields `json:"-"`
BQLogSinkTF *tfconfig.LoggingSink `json:"-"`
IAMAuditConfig *tfconfig.ProjectIAMAuditConfig `json:"-"`
DefaultAlertPolicies []*tfconfig.MonitoringAlertPolicy `json:"-"`
DefaultLoggingMetrics []*tfconfig.LoggingMetric `json:"-"`
}
Project defines a single project's configuration.
func (*Project) Init ¶
Init initializes a project and all its resources. Audit Logs Project should either be a remote project or nil.
func (*Project) TerraformResources ¶
TerraformResources gets all terraform resources in this project.
Source Files
Directories