Documentation
¶
Overview ¶
Package cai helps with Cloud Asset Inventory
Index ¶
- type Asset
- type AssetFS
- type AssetGroup
- type AssetGroupSettings
- type AssetMember
- type AssetRule
- type ComplianceStatus
- type ConstraintConfig
- type FeedMessage
- type FeedMessageFS
- type FeedMessageGroup
- type FeedMessageGroupSettings
- type FeedMessageMember
- type Member
- type Rule
- type Violation
- type Window
- type WrappedPubSub
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Asset ¶
type Asset struct {
Ancestors []string `json:"ancestors"`
AncestorsDisplayName []string `json:"ancestorsDisplayName"`
AncestryPath string `json:"ancestryPath"`
AncestryPathDisplayName string `json:"ancestryPathDisplayName"`
AncestryPathLegacy string `json:"ancestry_path"`
AssetType string `json:"assetType"`
AssetTypeLegacy string `json:"asset_type"`
IamPolicy json.RawMessage `json:"iamPolicy"`
IamPolicyLegacy json.RawMessage `json:"iam_policy"`
Name string `json:"name"`
Owner string `json:"owner"`
ProjectID string `json:"projectID"`
Resource json.RawMessage `json:"resource"`
UpdateTime time.Time `json:"update_time"`
ViolationResolver string `json:"violationResolver"`
}
Asset Asset Metadata Duplicate "iamPolicy" and "assetType en ensure compatibility beetween format in CAI feed, aka real time, and CAI Export aka batch
type AssetFS ¶
type AssetFS struct {
Ancestors []string `json:"ancestors" firestore:"ancestors"`
AncestryPath string `json:"ancestryPath" firestore:"ancestryPath"`
AssetType string `json:"assetType" firestore:"assetType"`
IamPolicy map[string]interface{} `json:"iamPolicy" firestore:"iamPolicy,omitempty"`
Name string `json:"name" firestore:"name"`
Owner string `json:"owner" firestore:"owner"`
ProjectID string `json:"projectID" firestore:"projectID"`
Resource map[string]interface{} `json:"resource" firestore:"resource"`
ViolationResolver string `json:"violationResolver" firestore:"violationResolver"`
}
AssetFS Cloud Asset Metadata for firestore
type AssetGroup ¶
type AssetGroup struct {
Ancestors []string `json:"ancestors"`
AncestryPath string `json:"ancestryPath"`
AssetType string `json:"assetType"`
IamPolicy json.RawMessage `json:"iamPolicy"`
Name string `json:"name"`
Resource *admin.Group `json:"resource"`
}
AssetGroup CAI like format
type AssetGroupSettings ¶
type AssetGroupSettings struct {
Ancestors []string `json:"ancestors"`
AncestryPath string `json:"ancestryPath"`
AssetType string `json:"assetType"`
IamPolicy json.RawMessage `json:"iamPolicy"`
Name string `json:"name"`
Resource *groupssettings.Groups `json:"resource"`
}
AssetGroupSettings CAI like format
type AssetMember ¶
type AssetMember struct {
Ancestors []string `json:"ancestors"`
AncestryPath string `json:"ancestryPath"`
AssetType string `json:"assetType"`
IamPolicy json.RawMessage `json:"iamPolicy"`
Name string `json:"name"`
Resource Member `json:"resource"`
}
AssetMember CAI like format
type AssetRule ¶
type AssetRule struct {
FeedMessage FeedMessage `json:"feedMessage"`
Rule Rule `json:"rule"`
StepStack glo.Steps `json:"step_stack,omitempty"`
}
AssetRule combine the asset data to be analyzed with the rule code to analyze
type ComplianceStatus ¶
type ComplianceStatus struct {
AssetInventoryOrigin string `json:"assetInventoryOrigin"`
AssetInventoryTimeStamp time.Time `json:"assetInventoryTimeStamp"`
AssetName string `json:"assetName"`
AssetType string `json:"assetType,omitempty"`
Compliant bool `json:"compliant"`
Deleted bool `json:"deleted"`
EvaluationTimeStamp time.Time `json:"evaluationTimeStamp"`
RuleDeploymentTimeStamp time.Time `json:"ruleDeploymentTimeStamp"`
RuleName string `json:"ruleName"`
StepStack glo.Steps `json:"step_stack,omitempty"`
}
ComplianceStatus by asset, by rule, true/false compliance status
type ConstraintConfig ¶
type ConstraintConfig struct {
APIVersion string `json:"apiVersion" yaml:"apiVersion"`
Kind string `json:"kind"`
Metadata struct {
Annotations map[string]interface{} `json:"annotations"`
Name string `json:"name"`
} `json:"metadata"`
Spec struct {
Match map[string]interface{} `json:"match"`
Parameters map[string]interface{} `json:"parameters"`
Severity string `json:"severity"`
} `json:"spec"`
}
ConstraintConfig content of the constraint yaml file
type FeedMessage ¶
type FeedMessage struct {
Asset Asset `json:"asset"`
Deleted bool `json:"deleted"`
Origin string `json:"origin"`
StepStack glo.Steps `json:"step_stack,omitempty"`
Window Window `json:"window"`
}
FeedMessage describe and asset configuration state
type FeedMessageFS ¶
type FeedMessageFS struct {
Asset AssetFS `json:"asset" firestore:"asset"`
Deleted bool `json:"deleted" firestore:"deleted"`
Origin string `json:"origin" firestore:"origin"`
StepStack glo.Steps `json:"step_stack,omitempty" firestore:"step_stack,omitempty"`
Window Window `json:"window" firestore:"window"`
}
FeedMessageFS Cloud Asset Inventory feed message for firestore
type FeedMessageGroup ¶
type FeedMessageGroup struct {
Asset AssetGroup `json:"asset"`
Deleted bool `json:"deleted"`
Origin string `json:"origin"`
StepStack glo.Steps `json:"step_stack,omitempty"`
Window Window `json:"window"`
}
FeedMessageGroup CAI like format
type FeedMessageGroupSettings ¶
type FeedMessageGroupSettings struct {
Asset AssetGroupSettings `json:"asset"`
Deleted bool `json:"deleted"`
Origin string `json:"origin"`
StepStack glo.Steps `json:"step_stack,omitempty"`
Window Window `json:"window"`
}
FeedMessageGroupSettings CAI like format
type FeedMessageMember ¶
type FeedMessageMember struct {
Asset AssetMember `json:"asset"`
Deleted bool `json:"deleted"`
Origin string `json:"origin"`
StepStack glo.Steps `json:"step_stack,omitempty"`
Window Window `json:"window"`
}
FeedMessageMember CAI like format
type Member ¶
type Member struct {
GroupEmail string `json:"groupEmail"`
ID string `json:"id"`
Kind string `json:"kind"`
MemberEmail string `json:"memberEmail"`
Role string `json:"role"`
Type string `json:"type"`
}
Member is sligthly different from admim.Member to have both group email and member email
type Rule ¶
type Rule struct {
Constraints []ConstraintConfig `json:"constraints"`
DeploymentTime time.Time `json:"deploymentTime"`
Name string `json:"name"`
RegoModules map[string]string `json:"regoModules"`
}
Rule associates rego modules code and a list of constraints
type Violation ¶
type Violation struct {
ConstraintConfig ConstraintConfig `json:"constraintConfig"`
FeedMessage FeedMessage `json:"feedMessage"`
FunctionConfig functionConfig `json:"functionConfig"`
NonCompliance nonCompliance `json:"nonCompliance"`
RegoModules map[string]string `json:"regoModules"`
StepStack glo.Steps `json:"step_stack,omitempty"`
}
Violation from the "audit" rego policy in "audit.rego" module
type WrappedPubSub ¶
type WrappedPubSub struct {
Message pubsub.Message `json:"message"`
Subscription string `json:"subscription"`
}
WrappedPubSub structure to carry PubSub messages in Cloud Event
Source Files
Click to show internal directories.
Click to hide internal directories.