rulegen

package
v0.0.0-...-c8b7f0f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package rulegen provides Forseti rule generation utilities. Note: rules in this package implement Forseti scanner rules (https://forsetisecurity.org/docs/latest/configure/scanner/descriptions.html). Examples rules can be found at https://github.com/forseti-security/forseti-security/tree/master/rules.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Run

func Run(conf *config.Config, outputPath string, rn runner.Runner) (err error)

Run runs the rule generator to generate forseti rules. outputPath should be empty or a path to either a local directory or a GCS bucket (starting with gs://). If the outputPath is empty, then the rules will be written to the forseti server bucket.

Types

type AuditLoggingRule

type AuditLoggingRule struct {
	Name      string     `yaml:"name"`
	Resources []resource `yaml:"resource"`
	Service   string     `yaml:"service"`
	LogTypes  []string   `yaml:"log_types"`
}

AuditLoggingRule represents a forseti audit logging rule.

func AuditLoggingRules

func AuditLoggingRules(conf *config.Config) ([]AuditLoggingRule, error)

AuditLoggingRules builds audit logging scanner rules for the given config.

type BigqueryRule

type BigqueryRule struct {
	Name       string            `yaml:"name"`
	Mode       string            `yaml:"mode"`
	DatasetIDs []string          `yaml:"dataset_ids"`
	Resources  []resource        `yaml:"resource"`
	Bindings   []bigqueryBinding `yaml:"bindings"`
}

BigqueryRule represents a forseti bigquery rule.

func BigqueryRules

func BigqueryRules(conf *config.Config) ([]BigqueryRule, error)

BigqueryRules builds bigquery scanner rules for the given config.

type BucketRule

type BucketRule struct {
	Name      string     `yaml:"name"`
	Bucket    string     `yaml:"bucket"`
	Entity    string     `yaml:"entity"`
	Email     string     `yaml:"email"`
	Domain    string     `yaml:"domain"`
	Role      string     `yaml:"role"`
	Resources []resource `yaml:"resource"`
}

BucketRule represents a forseti GCS bucket ACL rule.

func BucketRules

func BucketRules(conf *config.Config) ([]BucketRule, error)

BucketRules builds bucket scanner rules for the given config.

type CloudSQLRule

type CloudSQLRule struct {
	Name               string     `yaml:"name"`
	Resources          []resource `yaml:"resource"`
	InstanceName       string     `yaml:"instance_name"`
	AuthorizedNetworks string     `yaml:"authorized_networks"`
	SSLEnabled         string     `yaml:"ssl_enabled"`
}

CloudSQLRule represents a forseti cloud SQL rule.

func CloudSQLRules

func CloudSQLRules(conf *config.Config) ([]CloudSQLRule, error)

CloudSQLRules builds cloud SQL scanner rules for the given config.

type EnabledAPIsRule

type EnabledAPIsRule struct {
	Name      string     `yaml:"name"`
	Mode      string     `yaml:"mode"`
	Resources []resource `yaml:"resource"`
	Services  []string   `yaml:"services"`
}

EnabledAPIsRule represents a forseti enabled APIs rule.

func EnabledAPIsRules

func EnabledAPIsRules(conf *config.Config) ([]EnabledAPIsRule, error)

EnabledAPIsRules builds enabled APIs scanner rules for the given config.

type IAMRule

type IAMRule struct {
	Name               string           `yaml:"name"`
	Mode               string           `yaml:"mode"`
	Resources          []resource       `yaml:"resource"`
	InheritFromParents bool             `yaml:"inherit_from_parents"`
	Bindings           []config.Binding `yaml:"bindings"`
}

IAMRule represents a forseti iam rule.

func IAMRules

func IAMRules(conf *config.Config) ([]IAMRule, error)

IAMRules builds IAM scanner rules for the given config.

type LienRule

type LienRule struct {
	Name         string     `yaml:"name"`
	Mode         string     `yaml:"mode"`
	Resources    []resource `yaml:"resource"`
	Restrictions []string   `yaml:"restrictions"`
}

LienRule represents a forseti lien rule.

func LienRules

func LienRules(conf *config.Config) ([]LienRule, error)

LienRules builds lien scanner rules for the given config.

type LocationRule

type LocationRule struct {
	Name      string      `yaml:"name"`
	Mode      string      `yaml:"mode"`
	Resources []resource  `yaml:"resource"`
	AppliesTo []appliesTo `yaml:"applies_to"`
	Locations []string    `yaml:"locations"`
}

LocationRule represents a forseti location rule.

func LocationRules

func LocationRules(conf *config.Config) ([]LocationRule, error)

LocationRules builds location scanner rules for the given config.

type LogSinkRule

type LogSinkRule struct {
	Name      string     `yaml:"name"`
	Mode      string     `yaml:"mode"`
	Resources []resource `yaml:"resource"`
	Sink      sink       `yaml:"sink"`
}

LogSinkRule represents a forseti log sink rule.

func LogSinkRules

func LogSinkRules(conf *config.Config) ([]LogSinkRule, error)

LogSinkRules builds log sink scanner rules for the given config.

type ResourceRule

type ResourceRule struct {
	Name          string         `yaml:"name"`
	Mode          string         `yaml:"mode"`
	ResourceTypes []string       `yaml:"resource_types"`
	ResourceTrees []resourceTree `yaml:"resource_trees"`
}

ResourceRule represents a forseti resource scanner rule.

func ResourceRules

func ResourceRules(conf *config.Config) ([]ResourceRule, error)

ResourceRules builds resource scanner rules for the given config.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL