gcp

package
v0.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 11, 2022 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ExistingServiceAccountDetails

type ExistingServiceAccountDetails struct {
	// Existing Service Account Name
	Name string

	// Existing Service Account private key in JSON format, base64 encoded
	PrivateKey string
}

func NewExistingServiceAccountDetails

func NewExistingServiceAccountDetails(name string, privateKey string) *ExistingServiceAccountDetails

NewExistingServiceAccountDetails Create new existing Service Account details

type GcpTerraformModifier

type GcpTerraformModifier func(c *GenerateGcpTfConfigurationArgs)

func WithAuditLogIntegrationName

func WithAuditLogIntegrationName(name string) GcpTerraformModifier

WithAuditLogIntegrationName Set the Config Integration name to be displayed on the Lacework UI

func WithAuditLogLabels

func WithAuditLogLabels(labels map[string]string) GcpTerraformModifier

WithAuditLogLabels set labels to be applied to ALL newly created AuditLog resources

func WithBucketLabels

func WithBucketLabels(labels map[string]string) GcpTerraformModifier

WithBucketLabels set labels to be applied to the newly created AuditLog Bucket

func WithBucketLocation

func WithBucketLocation(location string) GcpTerraformModifier

WithBucketLocation Set the name of the bucket that will receive log objects

func WithBucketName

func WithBucketName(name string) GcpTerraformModifier

WithBucketName Set the Location in which the Bucket should be created

func WithBucketRegion

func WithBucketRegion(region string) GcpTerraformModifier

WithBucketRegion Set the Region in which the Bucket should be created

func WithConfigIntegrationName

func WithConfigIntegrationName(name string) GcpTerraformModifier

WithConfigIntegrationName Set the Config Integration name to be displayed on the Lacework UI

func WithEnableForceDestroyBucket

func WithEnableForceDestroyBucket() GcpTerraformModifier

WithEnableForceDestroyBucket Enable force destroy of the bucket if it has stuff in it

func WithEnableUBLA

func WithEnableUBLA() GcpTerraformModifier

WithEnableUBLA Enable force destroy of the bucket if it has stuff in it

func WithExistingLogBucketName

func WithExistingLogBucketName(name string) GcpTerraformModifier

WithExistingLogBucketName Set the bucket Name of an existing AuditLog Bucket setup

func WithExistingLogSinkName

func WithExistingLogSinkName(name string) GcpTerraformModifier

WithExistingLogSinkName Set the Topic ARN of an existing AuditLog setup

func WithExistingServiceAccount

func WithExistingServiceAccount(serviceAccountDetails *ExistingServiceAccountDetails) GcpTerraformModifier

WithExistingServiceAccount Set an existing Service Account to be used by the Lacework Integration

func WithGcpServiceAccountCredentials

func WithGcpServiceAccountCredentials(path string) GcpTerraformModifier

WithGcpServiceAccountCredentials Set the path for the GCP Service Account to be utilized by the GCP provider

func WithLaceworkProfile

func WithLaceworkProfile(name string) GcpTerraformModifier

WithLaceworkProfile Set the Lacework Profile to utilize when integrating

func WithLogBucketLifecycleRuleAge

func WithLogBucketLifecycleRuleAge(ruleAge int) GcpTerraformModifier

WithLogBucketLifecycleRuleAge Set the number of days to keep audit logs in Lacework GCS bucket before deleting Defaults to -1. Leave default to keep indefinitely.

func WithLogBucketRetentionDays

func WithLogBucketRetentionDays(days int) GcpTerraformModifier

WithLogBucketRetentionDays Set the number of days to keep logs before deleting. Default is 30

func WithOrganizationId

func WithOrganizationId(id string) GcpTerraformModifier

WithOrganizationId Set the Lacework organization ID to integrate with for an organization integration

func WithOrganizationIntegration

func WithOrganizationIntegration(enabled bool) GcpTerraformModifier

WithOrganizationIntegration Set whether we configure as an Organization wide integration

func WithProjectId

func WithProjectId(id string) GcpTerraformModifier

WithProjectId Set the Lacework project ID that new resources should be created in (required for both project & org integration)

func WithPubSubSubscriptionLabels

func WithPubSubSubscriptionLabels(labels map[string]string) GcpTerraformModifier

WithPubSubSubscriptionLabels set labels to be applied to the newly created AuditLog PubSub

func WithPubSubTopicLabels

func WithPubSubTopicLabels(labels map[string]string) GcpTerraformModifier

WithPubSubTopicLabels set labels to be applied to the newly created AuditLog PubSub Topic

type GenerateGcpTfConfigurationArgs

type GenerateGcpTfConfigurationArgs struct {
	// Should we configure AuditLog integration in LW?
	AuditLog bool

	// Should we configure CSPM integration in LW?
	Config bool

	// Path to service account credentials to be used by Terraform
	ServiceAccountCredentials string

	// Should we configure an Organization wide integration?
	OrganizationIntegration bool

	// Supply a GCP Organization ID, only asked if OrganizationIntegration is True
	GcpOrganizationId string

	// Supply a GCP Project ID, to host the new resources
	GcpProjectId string

	// Optionally supply existing Service Account Details
	ExistingServiceAccount *ExistingServiceAccountDetails

	// If Config is true, give the user the opportunity to name their integration. Defaults to "TF Config"
	ConfigIntegrationName string

	// Set of labels which will be added to the resources managed by the module
	AuditLogLabels map[string]string

	// Set of labels which will be added to the audit log bucket
	BucketLabels map[string]string

	// Set of labels which will be added to the subscription
	PubSubSubscriptionLabels map[string]string

	// Set of labels which will be added to the topic
	PubSubTopicLabels map[string]string

	// Supply a GCP region for the new bucket. EU/US/ASIA
	BucketRegion string

	// Supply a GCP location for the new bucket. Defaults to global
	BucketLocation string

	// Supply a name for the new bucket
	BucketName string

	// Existing Bucket Name
	ExistingLogBucketName string

	// Existing Sink Name
	ExistingLogSinkName string

	// Should we force destroy the bucket if it has stuff in it? (only relevant on new AuditLog creation)
	EnableForceDestroyBucket bool

	// Boolean for enabling Uniform Bucket Level Access on the audit log bucket. Defaults to False
	EnableUBLA bool

	// Number of days to keep audit logs in Lacework GCS bucket before deleting.
	// If left empty the TF will default to -1
	// Use pointer *int, so we can verify if the value has been set by the end user
	LogBucketLifecycleRuleAge *int

	// The number of days to keep logs before deleting.
	// If left as 0 the TF will default to 30.
	LogBucketRetentionDays int

	// If AuditLog is true, give the user the opportunity to name their integration. Defaults to "TF audit_log"
	AuditLogIntegrationName string

	// Lacework Profile to use
	LaceworkProfile string
}

func NewTerraform

func NewTerraform(enableConfig bool, enableAuditLog bool, mods ...GcpTerraformModifier) *GenerateGcpTfConfigurationArgs

NewTerraform returns an instance of the GenerateGcpTfConfigurationArgs struct with the provided enabled settings (config/audit log).

Note: Additional configuration details may be set using modifiers of the GcpTerraformModifier type

Basic usage: Initialize a new GcpTerraformModifier struct, with GCP service account credentials. Then use generate to

           create a string output of the required HCL.

hcl, err := gcp.NewTerraform(true, true,
  gcp.WithGcpServiceAccountCredentials("/path/to/sa/credentials.json")).Generate()

func (*GenerateGcpTfConfigurationArgs) Generate

func (args *GenerateGcpTfConfigurationArgs) Generate() (string, error)

Generate new Terraform code based on the supplied args.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL