rulegen

package
v0.0.0-...-c8b7f0f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package rulegen provides Forseti rule generation utilities. Note: rules in this package implement Forseti scanner rules (https://forsetisecurity.org/docs/latest/configure/scanner/descriptions.html). Examples rules can be found at https://github.com/forseti-security/forseti-security/tree/master/rules.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Run 

func Run(conf *config.Config, outputPath string, rn runner.Runner) (err error)

Run runs the rule generator to generate forseti rules. outputPath should be empty or a path to either a local directory or a GCS bucket (starting with gs://). If the outputPath is empty, then the rules will be written to the forseti server bucket.

Types

type AuditLoggingRule 

type AuditLoggingRule struct {
	Name      string     `yaml:"name"`
	Resources []resource `yaml:"resource"`
	Service   string     `yaml:"service"`
	LogTypes  []string   `yaml:"log_types"`
}

AuditLoggingRule represents a forseti audit logging rule.

func AuditLoggingRules 

func AuditLoggingRules(conf *config.Config) ([]AuditLoggingRule, error)

AuditLoggingRules builds audit logging scanner rules for the given config.

type BigqueryRule 

type BigqueryRule struct {
	Name       string            `yaml:"name"`
	Mode       string            `yaml:"mode"`
	DatasetIDs []string          `yaml:"dataset_ids"`
	Resources  []resource        `yaml:"resource"`
	Bindings   []bigqueryBinding `yaml:"bindings"`
}

BigqueryRule represents a forseti bigquery rule.

func BigqueryRules 

func BigqueryRules(conf *config.Config) ([]BigqueryRule, error)

BigqueryRules builds bigquery scanner rules for the given config.

type BucketRule 

type BucketRule struct {
	Name      string     `yaml:"name"`
	Bucket    string     `yaml:"bucket"`
	Entity    string     `yaml:"entity"`
	Email     string     `yaml:"email"`
	Domain    string     `yaml:"domain"`
	Role      string     `yaml:"role"`
	Resources []resource `yaml:"resource"`
}

BucketRule represents a forseti GCS bucket ACL rule.

func BucketRules 

func BucketRules(conf *config.Config) ([]BucketRule, error)

BucketRules builds bucket scanner rules for the given config.

type CloudSQLRule 

type CloudSQLRule struct {
	Name               string     `yaml:"name"`
	Resources          []resource `yaml:"resource"`
	InstanceName       string     `yaml:"instance_name"`
	AuthorizedNetworks string     `yaml:"authorized_networks"`
	SSLEnabled         string     `yaml:"ssl_enabled"`
}

CloudSQLRule represents a forseti cloud SQL rule.

func CloudSQLRules 

func CloudSQLRules(conf *config.Config) ([]CloudSQLRule, error)

CloudSQLRules builds cloud SQL scanner rules for the given config.

type EnabledAPIsRule 

type EnabledAPIsRule struct {
	Name      string     `yaml:"name"`
	Mode      string     `yaml:"mode"`
	Resources []resource `yaml:"resource"`
	Services  []string   `yaml:"services"`
}

EnabledAPIsRule represents a forseti enabled APIs rule.

func EnabledAPIsRules 

func EnabledAPIsRules(conf *config.Config) ([]EnabledAPIsRule, error)

EnabledAPIsRules builds enabled APIs scanner rules for the given config.

type IAMRule 

type IAMRule struct {
	Name               string           `yaml:"name"`
	Mode               string           `yaml:"mode"`
	Resources          []resource       `yaml:"resource"`
	InheritFromParents bool             `yaml:"inherit_from_parents"`
	Bindings           []config.Binding `yaml:"bindings"`
}

IAMRule represents a forseti iam rule.

func IAMRules 

func IAMRules(conf *config.Config) ([]IAMRule, error)

IAMRules builds IAM scanner rules for the given config.

type LienRule 

type LienRule struct {
	Name         string     `yaml:"name"`
	Mode         string     `yaml:"mode"`
	Resources    []resource `yaml:"resource"`
	Restrictions []string   `yaml:"restrictions"`
}

LienRule represents a forseti lien rule.

func LienRules 

func LienRules(conf *config.Config) ([]LienRule, error)

LienRules builds lien scanner rules for the given config.

type LocationRule 

type LocationRule struct {
	Name      string      `yaml:"name"`
	Mode      string      `yaml:"mode"`
	Resources []resource  `yaml:"resource"`
	AppliesTo []appliesTo `yaml:"applies_to"`
	Locations []string    `yaml:"locations"`
}

LocationRule represents a forseti location rule.

func LocationRules 

func LocationRules(conf *config.Config) ([]LocationRule, error)

LocationRules builds location scanner rules for the given config.

type LogSinkRule 

type LogSinkRule struct {
	Name      string     `yaml:"name"`
	Mode      string     `yaml:"mode"`
	Resources []resource `yaml:"resource"`
	Sink      sink       `yaml:"sink"`
}

LogSinkRule represents a forseti log sink rule.

func LogSinkRules 

func LogSinkRules(conf *config.Config) ([]LogSinkRule, error)

LogSinkRules builds log sink scanner rules for the given config.

type ResourceRule 

type ResourceRule struct {
	Name          string         `yaml:"name"`
	Mode          string         `yaml:"mode"`
	ResourceTypes []string       `yaml:"resource_types"`
	ResourceTrees []resourceTree `yaml:"resource_trees"`
}

ResourceRule represents a forseti resource scanner rule.

func ResourceRules 

func ResourceRules(conf *config.Config) ([]ResourceRule, error)

ResourceRules builds resource scanner rules for the given config.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.