Documentation ¶
Index ¶
- type ExistingServiceAccountDetails
- type GcpTerraformModifier
- func WithAuditLogIntegrationName(name string) GcpTerraformModifier
- func WithAuditLogLabels(labels map[string]string) GcpTerraformModifier
- func WithBucketLabels(labels map[string]string) GcpTerraformModifier
- func WithBucketLocation(location string) GcpTerraformModifier
- func WithBucketName(name string) GcpTerraformModifier
- func WithBucketRegion(region string) GcpTerraformModifier
- func WithConfigIntegrationName(name string) GcpTerraformModifier
- func WithEnableForceDestroyBucket() GcpTerraformModifier
- func WithEnableUBLA() GcpTerraformModifier
- func WithExistingLogBucketName(name string) GcpTerraformModifier
- func WithExistingLogSinkName(name string) GcpTerraformModifier
- func WithExistingServiceAccount(serviceAccountDetails *ExistingServiceAccountDetails) GcpTerraformModifier
- func WithGcpServiceAccountCredentials(path string) GcpTerraformModifier
- func WithLaceworkProfile(name string) GcpTerraformModifier
- func WithLogBucketLifecycleRuleAge(ruleAge int) GcpTerraformModifier
- func WithLogBucketRetentionDays(days int) GcpTerraformModifier
- func WithOrganizationId(id string) GcpTerraformModifier
- func WithOrganizationIntegration(enabled bool) GcpTerraformModifier
- func WithProjectId(id string) GcpTerraformModifier
- func WithPubSubSubscriptionLabels(labels map[string]string) GcpTerraformModifier
- func WithPubSubTopicLabels(labels map[string]string) GcpTerraformModifier
- type GenerateGcpTfConfigurationArgs
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ExistingServiceAccountDetails ¶
type ExistingServiceAccountDetails struct { // Existing Service Account Name Name string // Existing Service Account private key in JSON format, base64 encoded PrivateKey string }
func NewExistingServiceAccountDetails ¶
func NewExistingServiceAccountDetails(name string, privateKey string) *ExistingServiceAccountDetails
NewExistingServiceAccountDetails Create new existing Service Account details
type GcpTerraformModifier ¶
type GcpTerraformModifier func(c *GenerateGcpTfConfigurationArgs)
func WithAuditLogIntegrationName ¶
func WithAuditLogIntegrationName(name string) GcpTerraformModifier
WithAuditLogIntegrationName Set the Config Integration name to be displayed on the Lacework UI
func WithAuditLogLabels ¶
func WithAuditLogLabels(labels map[string]string) GcpTerraformModifier
WithAuditLogLabels set labels to be applied to ALL newly created AuditLog resources
func WithBucketLabels ¶
func WithBucketLabels(labels map[string]string) GcpTerraformModifier
WithBucketLabels set labels to be applied to the newly created AuditLog Bucket
func WithBucketLocation ¶
func WithBucketLocation(location string) GcpTerraformModifier
WithBucketLocation Set the name of the bucket that will receive log objects
func WithBucketName ¶
func WithBucketName(name string) GcpTerraformModifier
WithBucketName Set the Location in which the Bucket should be created
func WithBucketRegion ¶
func WithBucketRegion(region string) GcpTerraformModifier
WithBucketRegion Set the Region in which the Bucket should be created
func WithConfigIntegrationName ¶
func WithConfigIntegrationName(name string) GcpTerraformModifier
WithConfigIntegrationName Set the Config Integration name to be displayed on the Lacework UI
func WithEnableForceDestroyBucket ¶
func WithEnableForceDestroyBucket() GcpTerraformModifier
WithEnableForceDestroyBucket Enable force destroy of the bucket if it has stuff in it
func WithEnableUBLA ¶
func WithEnableUBLA() GcpTerraformModifier
WithEnableUBLA Enable force destroy of the bucket if it has stuff in it
func WithExistingLogBucketName ¶
func WithExistingLogBucketName(name string) GcpTerraformModifier
WithExistingLogBucketName Set the bucket Name of an existing AuditLog Bucket setup
func WithExistingLogSinkName ¶
func WithExistingLogSinkName(name string) GcpTerraformModifier
WithExistingLogSinkName Set the Topic ARN of an existing AuditLog setup
func WithExistingServiceAccount ¶
func WithExistingServiceAccount(serviceAccountDetails *ExistingServiceAccountDetails) GcpTerraformModifier
WithExistingServiceAccount Set an existing Service Account to be used by the Lacework Integration
func WithGcpServiceAccountCredentials ¶
func WithGcpServiceAccountCredentials(path string) GcpTerraformModifier
WithGcpServiceAccountCredentials Set the path for the GCP Service Account to be utilized by the GCP provider
func WithLaceworkProfile ¶
func WithLaceworkProfile(name string) GcpTerraformModifier
WithLaceworkProfile Set the Lacework Profile to utilize when integrating
func WithLogBucketLifecycleRuleAge ¶
func WithLogBucketLifecycleRuleAge(ruleAge int) GcpTerraformModifier
WithLogBucketLifecycleRuleAge Set the number of days to keep audit logs in Lacework GCS bucket before deleting Defaults to -1. Leave default to keep indefinitely.
func WithLogBucketRetentionDays ¶
func WithLogBucketRetentionDays(days int) GcpTerraformModifier
WithLogBucketRetentionDays Set the number of days to keep logs before deleting. Default is 30
func WithOrganizationId ¶
func WithOrganizationId(id string) GcpTerraformModifier
WithOrganizationId Set the Lacework organization ID to integrate with for an organization integration
func WithOrganizationIntegration ¶
func WithOrganizationIntegration(enabled bool) GcpTerraformModifier
WithOrganizationIntegration Set whether we configure as an Organization wide integration
func WithProjectId ¶
func WithProjectId(id string) GcpTerraformModifier
WithProjectId Set the Lacework project ID that new resources should be created in (required for both project & org integration)
func WithPubSubSubscriptionLabels ¶
func WithPubSubSubscriptionLabels(labels map[string]string) GcpTerraformModifier
WithPubSubSubscriptionLabels set labels to be applied to the newly created AuditLog PubSub
func WithPubSubTopicLabels ¶
func WithPubSubTopicLabels(labels map[string]string) GcpTerraformModifier
WithPubSubTopicLabels set labels to be applied to the newly created AuditLog PubSub Topic
type GenerateGcpTfConfigurationArgs ¶
type GenerateGcpTfConfigurationArgs struct { // Should we configure AuditLog integration in LW? AuditLog bool // Should we configure CSPM integration in LW? Config bool // Path to service account credentials to be used by Terraform ServiceAccountCredentials string // Should we configure an Organization wide integration? OrganizationIntegration bool // Supply a GCP Organization ID, only asked if OrganizationIntegration is True GcpOrganizationId string // Supply a GCP Project ID, to host the new resources GcpProjectId string // Optionally supply existing Service Account Details ExistingServiceAccount *ExistingServiceAccountDetails // If Config is true, give the user the opportunity to name their integration. Defaults to "TF Config" ConfigIntegrationName string // Set of labels which will be added to the resources managed by the module AuditLogLabels map[string]string // Set of labels which will be added to the audit log bucket BucketLabels map[string]string // Set of labels which will be added to the subscription PubSubSubscriptionLabels map[string]string // Set of labels which will be added to the topic PubSubTopicLabels map[string]string // Supply a GCP region for the new bucket. EU/US/ASIA BucketRegion string // Supply a GCP location for the new bucket. Defaults to global BucketLocation string // Supply a name for the new bucket BucketName string // Existing Bucket Name ExistingLogBucketName string // Existing Sink Name ExistingLogSinkName string // Should we force destroy the bucket if it has stuff in it? (only relevant on new AuditLog creation) EnableForceDestroyBucket bool // Boolean for enabling Uniform Bucket Level Access on the audit log bucket. Defaults to False EnableUBLA bool // Number of days to keep audit logs in Lacework GCS bucket before deleting. // If left empty the TF will default to -1 // Use pointer *int, so we can verify if the value has been set by the end user LogBucketLifecycleRuleAge *int // The number of days to keep logs before deleting. // If left as 0 the TF will default to 30. LogBucketRetentionDays int // If AuditLog is true, give the user the opportunity to name their integration. Defaults to "TF audit_log" AuditLogIntegrationName string // Lacework Profile to use LaceworkProfile string }
func NewTerraform ¶
func NewTerraform(enableConfig bool, enableAuditLog bool, mods ...GcpTerraformModifier) *GenerateGcpTfConfigurationArgs
NewTerraform returns an instance of the GenerateGcpTfConfigurationArgs struct with the provided enabled settings (config/audit log).
Note: Additional configuration details may be set using modifiers of the GcpTerraformModifier type
Basic usage: Initialize a new GcpTerraformModifier struct, with GCP service account credentials. Then use generate to
create a string output of the required HCL. hcl, err := gcp.NewTerraform(true, true, gcp.WithGcpServiceAccountCredentials("/path/to/sa/credentials.json")).Generate()
func (*GenerateGcpTfConfigurationArgs) Generate ¶
func (args *GenerateGcpTfConfigurationArgs) Generate() (string, error)
Generate new Terraform code based on the supplied args.