config

package
v0.0.0-...-491fdb2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package config provides utilities to parse and create project and resource configurations.

Index

Constants

View Source
const (
	IAMChangeMetricName                = "iam-policy-change-count"
	BucketPermissionChangeMetricName   = "bucket-permission-change-count"
	BQSettingChangeMetricName          = "bigquery-settings-change-count"
	BucketUnexpectedAccessMetricPrefix = "unexpected-access-"
)

Logging Metric names used to create logs-based-metrics and Stackdriver alerts.

Variables

View Source
var EnableTerraform = false

EnableTerraform determines whether terraform will be enabled or not. Note: The terraform state bucket does not respect this var as it is required currently for Forseti projects.

Functions

func DumpGeneratedFields

func DumpGeneratedFields(generatedFields *AllGeneratedFields, path string) error

DumpGeneratedFields dumps generated fields to file at path.

func NormalizePath

func NormalizePath(path string) (string, error)

NormalizePath normalizes paths specified through a local run or Bazel invocation.

func ValidateConf

func ValidateConf(confYAML []byte) error

ValidateConf validates the input project config against the default schema template.

Types

type AllGeneratedFields

type AllGeneratedFields struct {
	Projects map[string]*GeneratedFields `json:"projects,omitempty"`
	Forseti  *ForsetiServiceInfo         `json:"forseti,omitempty"`
}

AllGeneratedFields defines the generated_fields block. AllGeneratedFields contains resource information when the resources are deployed. See field_generation_test for examples.

type Binding

type Binding struct {
	Role    string   `json:"role" yaml:"role"`
	Members []string `json:"members" yaml:"members"`
}

Binding represents a GCP policy binding.

func MergeBindings

func MergeBindings(bs ...Binding) []Binding

MergeBindings merges bindings together. It is typically used to merge default bindings with user specified bindings. Roles will be de-duplicated and merged into a single binding. Members are de-duplicated by deployment manager.

type Config

type Config struct {
	Overall struct {
		BillingAccount string   `json:"billing_account"`
		Domain         string   `json:"domain"`
		OrganizationID string   `json:"organization_id"`
		FolderID       string   `json:"folder_id"`
		AllowedAPIs    []string `json:"allowed_apis"`
	} `json:"overall"`

	Devops *struct {
		Project *Project `json:"project"`
	} `json:"devops"`
	AuditLogsProject    *Project   `json:"audit_logs_project"`
	Forseti             *Forseti   `json:"forseti"`
	Projects            []*Project `json:"projects"`
	GeneratedFieldsPath string     `json:"generated_fields_path"`

	// Set by helper and not directly through user defined config.
	AllGeneratedFields *AllGeneratedFields `json:"-"`
}

Config represents a (partial) representation of a projects YAML file. Only the required fields are present. See project_config.yaml.schema for details.

func Load

func Load(path string) (*Config, error)

Load loads a config from the given path.

func (*Config) AllFolders

func (c *Config) AllFolders() []string

AllFolders returns all folder ids in this config.

func (*Config) AllProjects

func (c *Config) AllProjects() []*Project

AllProjects returns all projects in this config. This includes Audit, Forseti and all data hosting projects.

func (*Config) Init

func (c *Config) Init(genFields *AllGeneratedFields) error

Init initializes the config and all its projects.

func (*Config) ProjectForAuditLogs

func (c *Config) ProjectForAuditLogs(p *Project) *Project

ProjectForAuditLogs is a helper function to get the audit logs project for the given project. Return the remote audit logs project if it exists, else return the project itself (to store audit logs locally).

func (*Config) ProjectForDevops

func (c *Config) ProjectForDevops(p *Project) *Project

ProjectForDevops is a helper function to get the devops project for the given project. Return the devops project if it exists, else return the project itself (to store devops resources locally).

type Forseti

type Forseti struct {
	Project    *Project           `json:"project"`
	Properties *ForsetiProperties `json:"properties"`
}

Forseti wraps the CFT Forseti module.

type ForsetiProperties

type ForsetiProperties struct {
	// The following vars should not directly be set by users.
	ProjectID              string   `json:"project_id"`
	Domain                 string   `json:"domain"`
	CompositeRootResources []string `json:"composite_root_resources"`
	// contains filtered or unexported fields
}

ForsetiProperties represents a partial CFT Forseti implementation.

func (*ForsetiProperties) Init

func (p *ForsetiProperties) Init() error

Init initializes Forseti properties.

func (*ForsetiProperties) MarshalJSON

func (p *ForsetiProperties) MarshalJSON() ([]byte, error)

MarshalJSON provides a custom JSON marshaller. It is used to merge the original (raw) user JSON definition with the struct.

func (*ForsetiProperties) UnmarshalJSON

func (p *ForsetiProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON provides a custom JSON unmarshaller. It is used to store the original (raw) user JSON definition, which can have more fields than what is defined in this struct.

type ForsetiServiceInfo

type ForsetiServiceInfo struct {
	ServiceAccount string `json:"service_account,omitempty"`
	ServiceBucket  string `json:"server_bucket,omitempty"`
}

ForsetiServiceInfo defines the generated_fields of the forseti service.

type GCEInstanceInfo

type GCEInstanceInfo struct {
	Name string `json:"name,omitempty"`
	ID   string `json:"id,omitempty"`
}

GCEInstanceInfo defines the generated fields for instances in a project.

type GeneratedFields

type GeneratedFields struct {
	ProjectNumber         string `json:"project_number,omitempty"`
	LogSinkServiceAccount string `json:"log_sink_service_account,omitempty"`

	// NOTE: This field is deprecated and no longer used. It is retained for backwards compatibility to avoid breaking existing configs.
	GCEInstanceInfoList []GCEInstanceInfo `json:"gce_instance_info,omitempty"`
}

GeneratedFields defines the generated_fields of a single project.

type Project

type Project struct {
	ID                  string            `json:"project_id"`
	BillingAccount      string            `json:"billing_account"`
	FolderID            string            `json:"folder_id"`
	OwnersGroup         string            `json:"owners_group"`
	AuditorsGroup       string            `json:"auditors_group"`
	DataReadWriteGroups []string          `json:"data_readwrite_groups"`
	DataReadOnlyGroups  []string          `json:"data_readonly_groups"`
	Labels              map[string]string `json:"labels"`

	DevopsConfig struct {
		StateBucket *tfconfig.StorageBucket `json:"state_storage_bucket"`
	} `json:"devops"`

	CreateDeletionLien    bool                `json:"create_deletion_lien"`
	EnabledAPIs           []string            `json:"enabled_apis"`
	ViolationExceptions   map[string][]string `json:"violation_exceptions"`
	StackdriverAlertEmail string              `json:"stackdriver_alert_email"`

	// Terraform resources
	BigqueryDatasets     []*tfconfig.BigqueryDataset               `json:"bigquery_datasets"`
	CloudBuildTriggers   []*tfconfig.CloudBuildTrigger             `json:"cloudbuild_triggers"`
	ComputeFirewalls     []*tfconfig.ComputeFirewall               `json:"compute_firewalls"`
	ComputeImages        []*tfconfig.ComputeImage                  `json:"compute_images"`
	ComputeInstances     []*tfconfig.ComputeInstance               `json:"compute_instances"`
	DataFusionInstances  []*tfconfig.DataFusionInstance            `json:"data_fusion_instances"`
	HealthcareDatasets   []*tfconfig.HealthcareDataset             `json:"healthcare_datasets"`
	IAMCustomRoles       []*tfconfig.ProjectIAMCustomRole          `json:"project_iam_custom_roles"`
	IAMMembers           *tfconfig.ProjectIAMMembers               `json:"project_iam_members"`
	NotificationChannels []*tfconfig.MonitoringNotificationChannel `json:"monitoring_notification_channels"`
	PubsubTopics         []*tfconfig.PubsubTopic                   `json:"pubsub_topics"`
	Services             *tfconfig.ProjectServices                 `json:"project_services"`
	ResourceManagerLiens []*tfconfig.ResourceManagerLien           `json:"resource_manager_liens"`
	ServiceAccounts      []*tfconfig.ServiceAccount                `json:"service_accounts"`
	SpannerInstances     []*tfconfig.SpannerInstance               `json:"spanner_instances"`
	StorageBuckets       []*tfconfig.StorageBucket                 `json:"storage_buckets"`

	Audit struct {
		LogsBigqueryDataset *tfconfig.BigqueryDataset `json:"logs_bigquery_dataset"`
		LogsStorageBucket   *tfconfig.StorageBucket   `json:"logs_storage_bucket"`
	} `json:"audit"`

	TerraformDeployments struct {
		Resources struct {
			Config map[string]interface{} `json:"config"`
		} `json:"resources"`
	} `json:"terraform_deployments"`

	// The following vars are set through helpers and not directly through the user defined config.
	GeneratedFields *GeneratedFields      `json:"-"`
	BQLogSinkTF     *tfconfig.LoggingSink `json:"-"`

	IAMAuditConfig        *tfconfig.ProjectIAMAuditConfig   `json:"-"`
	DefaultAlertPolicies  []*tfconfig.MonitoringAlertPolicy `json:"-"`
	DefaultLoggingMetrics []*tfconfig.LoggingMetric         `json:"-"`
}

Project defines a single project's configuration.

func (*Project) Init

func (p *Project) Init(devopsProject, auditLogsProject *Project) error

Init initializes a project and all its resources. Audit Logs Project should either be a remote project or nil.

func (*Project) TerraformResources

func (p *Project) TerraformResources() []tfconfig.Resource

TerraformResources gets all terraform resources in this project.

Directories

Path Synopsis
Package tfconfig provides utilities to parse terraform resource configurations.
Package tfconfig provides utilities to parse terraform resource configurations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL