Documentation ¶
Overview ¶
Package rulegen provides Forseti rule generation utilities. Note: rules in this package implement Forseti scanner rules (https://forsetisecurity.org/docs/latest/configure/scanner/descriptions.html). Examples rules can be found at https://github.com/forseti-security/forseti-security/tree/master/rules.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AuditLoggingRule ¶
type AuditLoggingRule struct { Name string `yaml:"name"` Resources []resource `yaml:"resource"` Service string `yaml:"service"` LogTypes []string `yaml:"log_types"` }
AuditLoggingRule represents a forseti audit logging rule.
func AuditLoggingRules ¶
func AuditLoggingRules(conf *config.Config) ([]AuditLoggingRule, error)
AuditLoggingRules builds audit logging scanner rules for the given config.
type BigqueryRule ¶
type BigqueryRule struct { Name string `yaml:"name"` Mode string `yaml:"mode"` DatasetIDs []string `yaml:"dataset_ids"` Resources []resource `yaml:"resource"` Bindings []bigqueryBinding `yaml:"bindings"` }
BigqueryRule represents a forseti bigquery rule.
func BigqueryRules ¶
func BigqueryRules(conf *config.Config) ([]BigqueryRule, error)
BigqueryRules builds bigquery scanner rules for the given config.
type BucketRule ¶
type BucketRule struct { Name string `yaml:"name"` Bucket string `yaml:"bucket"` Entity string `yaml:"entity"` Email string `yaml:"email"` Domain string `yaml:"domain"` Role string `yaml:"role"` Resources []resource `yaml:"resource"` }
BucketRule represents a forseti GCS bucket ACL rule.
func BucketRules ¶
func BucketRules(conf *config.Config) ([]BucketRule, error)
BucketRules builds bucket scanner rules for the given config.
type CloudSQLRule ¶
type CloudSQLRule struct { Name string `yaml:"name"` Resources []resource `yaml:"resource"` InstanceName string `yaml:"instance_name"` AuthorizedNetworks string `yaml:"authorized_networks"` SSLEnabled string `yaml:"ssl_enabled"` }
CloudSQLRule represents a forseti cloud SQL rule.
func CloudSQLRules ¶
func CloudSQLRules(conf *config.Config) ([]CloudSQLRule, error)
CloudSQLRules builds cloud SQL scanner rules for the given config.
type EnabledAPIsRule ¶
type EnabledAPIsRule struct { Name string `yaml:"name"` Mode string `yaml:"mode"` Resources []resource `yaml:"resource"` Services []string `yaml:"services"` }
EnabledAPIsRule represents a forseti enabled APIs rule.
func EnabledAPIsRules ¶
func EnabledAPIsRules(conf *config.Config) ([]EnabledAPIsRule, error)
EnabledAPIsRules builds enabled APIs scanner rules for the given config.
type IAMRule ¶
type IAMRule struct { Name string `yaml:"name"` Mode string `yaml:"mode"` Resources []resource `yaml:"resource"` InheritFromParents bool `yaml:"inherit_from_parents"` Bindings []config.Binding `yaml:"bindings"` }
IAMRule represents a forseti iam rule.
type LienRule ¶
type LienRule struct { Name string `yaml:"name"` Mode string `yaml:"mode"` Resources []resource `yaml:"resource"` Restrictions []string `yaml:"restrictions"` }
LienRule represents a forseti lien rule.
type LocationRule ¶
type LocationRule struct { Name string `yaml:"name"` Mode string `yaml:"mode"` Resources []resource `yaml:"resource"` AppliesTo []appliesTo `yaml:"applies_to"` Locations []string `yaml:"locations"` }
LocationRule represents a forseti location rule.
func LocationRules ¶
func LocationRules(conf *config.Config) ([]LocationRule, error)
LocationRules builds location scanner rules for the given config.
type LogSinkRule ¶
type LogSinkRule struct { Name string `yaml:"name"` Mode string `yaml:"mode"` Resources []resource `yaml:"resource"` Sink sink `yaml:"sink"` }
LogSinkRule represents a forseti log sink rule.
func LogSinkRules ¶
func LogSinkRules(conf *config.Config) ([]LogSinkRule, error)
LogSinkRules builds log sink scanner rules for the given config.
type ResourceRule ¶
type ResourceRule struct { Name string `yaml:"name"` Mode string `yaml:"mode"` ResourceTypes []string `yaml:"resource_types"` ResourceTrees []resourceTree `yaml:"resource_trees"` }
ResourceRule represents a forseti resource scanner rule.
func ResourceRules ¶
func ResourceRules(conf *config.Config) ([]ResourceRule, error)
ResourceRules builds resource scanner rules for the given config.