gcp

package
v0.0.0-...-d0f2575 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 16, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

A package that generates Lacework deployment code for Google cloud.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ValidateSaCredFileContent 

func ValidateSaCredFileContent(credFileContent map[string]interface{}) (map[string]interface{}, bool)

func ValidateServiceAccountCredentials 

func ValidateServiceAccountCredentials(val interface{}) error

func ValidateServiceAccountCredentialsFile 

func ValidateServiceAccountCredentialsFile(credFile string) error

func ValidateStringIsBase64 

func ValidateStringIsBase64(val interface{}) error

Types

type ExistingServiceAccountDetails 

type ExistingServiceAccountDetails struct {
	// Existing Service Account Name
	Name string

	// Existing Service Account private key in JSON format, base64 encoded
	PrivateKey string
}

func NewExistingServiceAccountDetails 

func NewExistingServiceAccountDetails(name string, privateKey string) *ExistingServiceAccountDetails

NewExistingServiceAccountDetails Create new existing Service Account details

func (*ExistingServiceAccountDetails) IsPartial 

func (e *ExistingServiceAccountDetails) IsPartial() bool

type GcpTerraformModifier 

type GcpTerraformModifier func(c *GenerateGcpTfConfigurationArgs)

func WithAuditLogIntegrationName 

func WithAuditLogIntegrationName(name string) GcpTerraformModifier

WithAuditLogIntegrationName Set the Config Integration name to be displayed on the Lacework UI

func WithAuditLogLabels 

func WithAuditLogLabels(labels map[string]string) GcpTerraformModifier

WithAuditLogLabels set labels to be applied to ALL newly created Audit Log resources

func WithBucketLabels 

func WithBucketLabels(labels map[string]string) GcpTerraformModifier

WithBucketLabels set labels to be applied to the newly created Audit Log Bucket

func WithBucketRegion 

func WithBucketRegion(region string) GcpTerraformModifier

WithBucketRegion Set the Region in which the Bucket should be created

func WithConfigurationIntegrationName 

func WithConfigurationIntegrationName(name string) GcpTerraformModifier

WithConfigurationIntegrationName Set the Config Integration name to be displayed on the Lacework UI

func WithCustomBucketName 

func WithCustomBucketName(name string) GcpTerraformModifier

func WithCustomFilter 

func WithCustomFilter(filter string) GcpTerraformModifier

func WithCustomOutputs 

func WithCustomOutputs(outputs []lwgenerate.HclOutput) GcpTerraformModifier

WithConfigOutputs Set Custom Terraform Outputs

func WithEnableUBLA 

func WithEnableUBLA(enable bool) GcpTerraformModifier

WithEnableUBLA Enable force destroy of the bucket if it has stuff in it

func WithExistingLogBucketName 

func WithExistingLogBucketName(name string) GcpTerraformModifier

WithExistingLogBucketName Set the bucket Name of an existing Audit Log Bucket setup

func WithExistingLogSinkName 

func WithExistingLogSinkName(name string) GcpTerraformModifier

WithExistingLogSinkName Set the Topic ARN of an existing Audit Log setup

func WithExistingServiceAccount 

func WithExistingServiceAccount(serviceAccountDetails *ExistingServiceAccountDetails) GcpTerraformModifier

WithExistingServiceAccount Set an existing Service Account to be used by the Lacework Integration

func WithExtraBlocks 

func WithExtraBlocks(blocks []*hclwrite.Block) GcpTerraformModifier

WithExtraBlocks enables adding additional arbitrary blocks to the root hcl document

func WithExtraProviderArguments 

func WithExtraProviderArguments(arguments map[string]interface{}) GcpTerraformModifier

WithExtraProviderArguments enables adding additional arguments into the `gcp` provider block this enables custom use cases

func WithExtraRootBlocks 

func WithExtraRootBlocks(blocks []*hclwrite.Block) GcpTerraformModifier

WithExtraRootBlocks allows adding generic hcl blocks to the root `terraform{}` block this enables custom use cases

func WithFoldersToExclude 

func WithFoldersToExclude(folders []string) GcpTerraformModifier

func WithFoldersToInclude 

func WithFoldersToInclude(folders []string) GcpTerraformModifier

func WithGcpServiceAccountCredentials 

func WithGcpServiceAccountCredentials(path string) GcpTerraformModifier

WithGcpServiceAccountCredentials Set the path for the GCP Service Account to be utilized by the GCP provider

func WithGoogleWorkspaceFilter 

func WithGoogleWorkspaceFilter(filter bool) GcpTerraformModifier

func WithIncludeRootProjects 

func WithIncludeRootProjects(include bool) GcpTerraformModifier

func WithK8sFilter 

func WithK8sFilter(filter bool) GcpTerraformModifier

func WithLaceworkProfile 

func WithLaceworkProfile(name string) GcpTerraformModifier

WithLaceworkProfile Set the Lacework Profile to utilize when integrating

func WithLogBucketLifecycleRuleAge 

func WithLogBucketLifecycleRuleAge(ruleAge int) GcpTerraformModifier

WithLogBucketLifecycleRuleAge Set the number of days to keep audit logs in Lacework GCS bucket before deleting Defaults to -1. Leave default to keep indefinitely.

func WithMultipleProject 

func WithMultipleProject(projects []string) GcpTerraformModifier

func WithOrganizationId 

func WithOrganizationId(id string) GcpTerraformModifier

WithOrganizationId Set the Lacework organization ID to integrate with for an organization integration

func WithOrganizationIntegration 

func WithOrganizationIntegration(enabled bool) GcpTerraformModifier

WithOrganizationIntegration Set whether we configure as an Organization wide integration

func WithPrefix 

func WithPrefix(prefix string) GcpTerraformModifier

func WithProjectFilterList 

func WithProjectFilterList(projectFilterList []string) GcpTerraformModifier

func WithProjectId 

func WithProjectId(id string) GcpTerraformModifier

WithProjectId Set the Lacework project ID that new resources should be created in (required for both project & org integration)

func WithProviderDefaultLabels 

func WithProviderDefaultLabels(labels map[string]interface{}) GcpTerraformModifier

WithProviderDefaultLabels adds default_labels to the provider configuration for GCP (if labels are present)

func WithPubSubSubscriptionLabels 

func WithPubSubSubscriptionLabels(labels map[string]string) GcpTerraformModifier

WithPubSubSubscriptionLabels set labels to be applied to the newly created Audit Log PubSub

func WithPubSubTopicLabels 

func WithPubSubTopicLabels(labels map[string]string) GcpTerraformModifier

WithPubSubTopicLabels set labels to be applied to the newly created Audit Log PubSub Topic

func WithRegions 

func WithRegions(regions []string) GcpTerraformModifier

func WithUsePubSubAudit 

func WithUsePubSubAudit(usePubSub bool) GcpTerraformModifier

WithUsePubSubAudit Set wether we use pub sub with the audit log rather than bucket based

func WithWaitTime 

func WithWaitTime(waitTime string) GcpTerraformModifier

type GenerateGcpTfConfigurationArgs 

type GenerateGcpTfConfigurationArgs struct {
	// Should we configure Agentless integration in LW?
	Agentless bool

	// Should we configure AuditLog integration in LW?
	AuditLog bool

	// Should we use the Pub Sub Audit Log or use the Bucket based one
	UsePubSubAudit bool

	// Should we configure CSPM integration in LW?
	Configuration bool

	// A list of GCP project IDs to monitor for Agentless integration
	ProjectFilterList []string

	// A list of regions to deploy for Agentless integration
	Regions []string

	// Path to service account credentials to be used by Terraform
	ServiceAccountCredentials string

	// Should we configure an Organization wide integration?
	OrganizationIntegration bool

	// Supply a GCP Organization ID, only asked if OrganizationIntegration is True
	GcpOrganizationId string

	// Supply a GCP Project ID, to host the new resources
	GcpProjectId string

	// Optionally supply existing Service Account Details
	ExistingServiceAccount *ExistingServiceAccountDetails

	// If Configuration is true, give the user the opportunity to name their integration. Defaults to "TF Config"
	ConfigurationIntegrationName string

	// Set of labels which will be added to the resources managed by the module
	AuditLogLabels map[string]string

	// Set of labels which will be added to the audit log bucket
	BucketLabels map[string]string

	// Set of labels which will be added to the subscription
	PubSubSubscriptionLabels map[string]string

	// Set of labels which will be added to the topic
	PubSubTopicLabels map[string]string

	CustomBucketName string

	// Supply a GCP region for the new bucket. EU/US/ASIA
	BucketRegion string

	// Existing Bucket Name
	ExistingLogBucketName string

	// Existing Sink Name
	ExistingLogSinkName string

	// Should we force destroy the bucket if it has stuff in it? (only relevant on new Audit Log creation)
	// DEPRECATED
	EnableForceDestroyBucket bool

	// Boolean for enabling Uniform Bucket Level Access on the audit log bucket. Defaults to False
	EnableUBLA bool

	// Number of days to keep audit logs in Lacework GCS bucket before deleting.
	// If left empty the TF will default to -1
	LogBucketLifecycleRuleAge int

	// If AuditLog is true, give the user the opportunity to name their integration. Defaults to "TF audit_log"
	AuditLogIntegrationName string

	// Lacework Profile to use
	LaceworkProfile string

	FoldersToInclude []string

	FoldersToExclude []string

	IncludeRootProjects bool

	CustomFilter string

	GoogleWorkspaceFilter bool

	K8sFilter bool

	Prefix string

	WaitTime string

	Projects []string

	// Default GCP Provider labels
	ProviderDefaultLabels map[string]interface{}

	// Add custom blocks to the root `terraform{}` block. Can be used for advanced configuration. Things like backend, etc
	ExtraBlocksRootTerraform []*hclwrite.Block

	// ExtraProviderArguments allows adding more arguments to the provider block as needed (custom use cases)
	ExtraProviderArguments map[string]interface{}

	// ExtraBlocks allows adding more hclwrite.Block to the root terraform document (advanced use cases)
	ExtraBlocks []*hclwrite.Block

	// Custom outputs
	CustomOutputs []lwgenerate.HclOutput
}

func NewTerraform 

func NewTerraform(
	enableAgentless, enableConfig bool, enableAuditLog bool, enablePubSubAudit bool, mods ...GcpTerraformModifier,
) *GenerateGcpTfConfigurationArgs

NewTerraform returns an instance of the GenerateGcpTfConfigurationArgs struct with the provided enabled settings (configuration/audit log).

Note: Additional configuration details may be set using modifiers of the GcpTerraformModifier type

Basic usage: Initialize a new GcpTerraformModifier struct, with GCP service account credentials. Then use generate to 

           create a string output of the required HCL.

hcl, err := gcp.NewTerraform(true, true, true, true,
  gcp.WithGcpServiceAccountCredentials("/path/to/sa/credentials.json")).Generate()

func (*GenerateGcpTfConfigurationArgs) Generate 

func (args *GenerateGcpTfConfigurationArgs) Generate() (string, error)

Generate new Terraform code based on the supplied args.

type GenerateGkeTfConfigurationArgs 

type GenerateGkeTfConfigurationArgs struct {
	UseExistingRequiredProviders bool
	GcpProviderAlias             string
	ExistingServiceAccount       *ServiceAccount
	ExistingSinkName             string
	IntegrationName              string
	Labels                       map[string]string
	LaceworkProfile              string
	OrganizationId               string
	OrganizationIntegration      bool
	Prefix                       string
	ProjectId                    string
	PubSubSubscriptionLabels     map[string]string
	PubSubTopicLabels            map[string]string
	ServiceAccountCredentials    string
	WaitTime                     string
	// Default GCP Provider labels
	ProviderDefaultLabels map[string]interface{}
	// Add custom blocks to the root `terraform{}` block. Can be used for advanced configuration. Things like backend, etc
	ExtraBlocksRootTerraform []*hclwrite.Block
	// ExtraProviderArguments allows adding more arguments to the provider block as needed (custom use cases)
	ExtraProviderArguments map[string]interface{}
}

func NewGkeTerraform 

func NewGkeTerraform(mods ...Modifier) *GenerateGkeTfConfigurationArgs

func (*GenerateGkeTfConfigurationArgs) Generate 

func (args *GenerateGkeTfConfigurationArgs) Generate() (string, error)

type Modifier 

type Modifier func(c *GenerateGkeTfConfigurationArgs)

func WithGkeExistingRequiredProviders 

func WithGkeExistingRequiredProviders() Modifier

func WithGkeExistingServiceAccount 

func WithGkeExistingServiceAccount(serviceAccount *ServiceAccount) Modifier

func WithGkeExistingSinkName 

func WithGkeExistingSinkName(name string) Modifier

func WithGkeGcpProviderAlias 

func WithGkeGcpProviderAlias(alias string) Modifier

func WithGkeIntegrationName 

func WithGkeIntegrationName(name string) Modifier

func WithGkeLabels 

func WithGkeLabels(labels map[string]string) Modifier

func WithGkeLaceworkProfile 

func WithGkeLaceworkProfile(name string) Modifier

func WithGkeOrganizationId 

func WithGkeOrganizationId(id string) Modifier

func WithGkeOrganizationIntegration 

func WithGkeOrganizationIntegration(enabled bool) Modifier

func WithGkePrefix 

func WithGkePrefix(prefix string) Modifier

func WithGkeProjectId 

func WithGkeProjectId(id string) Modifier

func WithGkePubSubSubscriptionLabels 

func WithGkePubSubSubscriptionLabels(labels map[string]string) Modifier

func WithGkePubSubTopicLabels 

func WithGkePubSubTopicLabels(labels map[string]string) Modifier

func WithGkeServiceAccountCredentials 

func WithGkeServiceAccountCredentials(path string) Modifier

func WithGkeWaitTime 

func WithGkeWaitTime(waitTime string) Modifier

type ServiceAccount 

type ServiceAccount struct {
	Name       string
	PrivateKey string
}

func NewServiceAccount 

func NewServiceAccount(name string, privateKey string) *ServiceAccount

func (*ServiceAccount) IsPartial 

func (s *ServiceAccount) IsPartial() bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.