cai

package
v0.0.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 20, 2023 License: Apache-2.0 Imports: 6 Imported by: 2

Documentation

Overview

Package cai helps with Cloud Asset Inventory

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Asset

type Asset struct {
	Ancestors               []string        `json:"ancestors"`
	AncestorsDisplayName    []string        `json:"ancestorsDisplayName"`
	AncestryPath            string          `json:"ancestryPath"`
	AncestryPathDisplayName string          `json:"ancestryPathDisplayName"`
	AncestryPathLegacy      string          `json:"ancestry_path"`
	AssetType               string          `json:"assetType"`
	AssetTypeLegacy         string          `json:"asset_type"`
	IamPolicy               json.RawMessage `json:"iamPolicy"`
	IamPolicyLegacy         json.RawMessage `json:"iam_policy"`
	Name                    string          `json:"name"`
	Owner                   string          `json:"owner"`
	ProjectID               string          `json:"projectID"`
	Resource                json.RawMessage `json:"resource"`
	UpdateTime              time.Time       `json:"update_time"`
	ViolationResolver       string          `json:"violationResolver"`
}

Asset Asset Metadata Duplicate "iamPolicy" and "assetType en ensure compatibility beetween format in CAI feed, aka real time, and CAI Export aka batch

type AssetFS

type AssetFS struct {
	Ancestors         []string               `json:"ancestors" firestore:"ancestors"`
	AncestryPath      string                 `json:"ancestryPath" firestore:"ancestryPath"`
	AssetType         string                 `json:"assetType" firestore:"assetType"`
	IamPolicy         map[string]interface{} `json:"iamPolicy" firestore:"iamPolicy,omitempty"`
	Name              string                 `json:"name" firestore:"name"`
	Owner             string                 `json:"owner" firestore:"owner"`
	ProjectID         string                 `json:"projectID" firestore:"projectID"`
	Resource          map[string]interface{} `json:"resource" firestore:"resource"`
	ViolationResolver string                 `json:"violationResolver" firestore:"violationResolver"`
}

AssetFS Cloud Asset Metadata for firestore

type AssetGroup

type AssetGroup struct {
	Ancestors    []string        `json:"ancestors"`
	AncestryPath string          `json:"ancestryPath"`
	AssetType    string          `json:"assetType"`
	IamPolicy    json.RawMessage `json:"iamPolicy"`
	Name         string          `json:"name"`
	Resource     *admin.Group    `json:"resource"`
}

AssetGroup CAI like format

type AssetGroupSettings

type AssetGroupSettings struct {
	Ancestors    []string               `json:"ancestors"`
	AncestryPath string                 `json:"ancestryPath"`
	AssetType    string                 `json:"assetType"`
	IamPolicy    json.RawMessage        `json:"iamPolicy"`
	Name         string                 `json:"name"`
	Resource     *groupssettings.Groups `json:"resource"`
}

AssetGroupSettings CAI like format

type AssetMember

type AssetMember struct {
	Ancestors    []string        `json:"ancestors"`
	AncestryPath string          `json:"ancestryPath"`
	AssetType    string          `json:"assetType"`
	IamPolicy    json.RawMessage `json:"iamPolicy"`
	Name         string          `json:"name"`
	Resource     Member          `json:"resource"`
}

AssetMember CAI like format

type AssetRule

type AssetRule struct {
	FeedMessage FeedMessage `json:"feedMessage"`
	Rule        Rule        `json:"rule"`
	StepStack   glo.Steps   `json:"step_stack,omitempty"`
}

AssetRule combine the asset data to be analyzed with the rule code to analyze

type ComplianceStatus

type ComplianceStatus struct {
	AssetInventoryOrigin    string    `json:"assetInventoryOrigin"`
	AssetInventoryTimeStamp time.Time `json:"assetInventoryTimeStamp"`
	AssetName               string    `json:"assetName"`
	AssetType               string    `json:"assetType,omitempty"`
	Compliant               bool      `json:"compliant"`
	Deleted                 bool      `json:"deleted"`
	EvaluationTimeStamp     time.Time `json:"evaluationTimeStamp"`
	RuleDeploymentTimeStamp time.Time `json:"ruleDeploymentTimeStamp"`
	RuleName                string    `json:"ruleName"`
	StepStack               glo.Steps `json:"step_stack,omitempty"`
}

ComplianceStatus by asset, by rule, true/false compliance status

type ConstraintConfig

type ConstraintConfig struct {
	APIVersion string `json:"apiVersion" yaml:"apiVersion"`
	Kind       string `json:"kind"`
	Metadata   struct {
		Annotations map[string]interface{} `json:"annotations"`
		Name        string                 `json:"name"`
	} `json:"metadata"`
	Spec struct {
		Match      map[string]interface{} `json:"match"`
		Parameters map[string]interface{} `json:"parameters"`
		Severity   string                 `json:"severity"`
	} `json:"spec"`
}

ConstraintConfig content of the constraint yaml file

type FeedMessage

type FeedMessage struct {
	Asset     Asset     `json:"asset"`
	Deleted   bool      `json:"deleted"`
	Origin    string    `json:"origin"`
	StepStack glo.Steps `json:"step_stack,omitempty"`
	Window    Window    `json:"window"`
}

FeedMessage describe and asset configuration state

type FeedMessageFS

type FeedMessageFS struct {
	Asset     AssetFS   `json:"asset" firestore:"asset"`
	Deleted   bool      `json:"deleted" firestore:"deleted"`
	Origin    string    `json:"origin" firestore:"origin"`
	StepStack glo.Steps `json:"step_stack,omitempty" firestore:"step_stack,omitempty"`
	Window    Window    `json:"window" firestore:"window"`
}

FeedMessageFS Cloud Asset Inventory feed message for firestore

type FeedMessageGroup

type FeedMessageGroup struct {
	Asset     AssetGroup `json:"asset"`
	Deleted   bool       `json:"deleted"`
	Origin    string     `json:"origin"`
	StepStack glo.Steps  `json:"step_stack,omitempty"`
	Window    Window     `json:"window"`
}

FeedMessageGroup CAI like format

type FeedMessageGroupSettings

type FeedMessageGroupSettings struct {
	Asset     AssetGroupSettings `json:"asset"`
	Deleted   bool               `json:"deleted"`
	Origin    string             `json:"origin"`
	StepStack glo.Steps          `json:"step_stack,omitempty"`
	Window    Window             `json:"window"`
}

FeedMessageGroupSettings CAI like format

type FeedMessageMember

type FeedMessageMember struct {
	Asset     AssetMember `json:"asset"`
	Deleted   bool        `json:"deleted"`
	Origin    string      `json:"origin"`
	StepStack glo.Steps   `json:"step_stack,omitempty"`
	Window    Window      `json:"window"`
}

FeedMessageMember CAI like format

type Member

type Member struct {
	GroupEmail  string `json:"groupEmail"`
	ID          string `json:"id"`
	Kind        string `json:"kind"`
	MemberEmail string `json:"memberEmail"`
	Role        string `json:"role"`
	Type        string `json:"type"`
}

Member is sligthly different from admim.Member to have both group email and member email

type Rule

type Rule struct {
	Constraints    []ConstraintConfig `json:"constraints"`
	DeploymentTime time.Time          `json:"deploymentTime"`
	Name           string             `json:"name"`
	RegoModules    map[string]string  `json:"regoModules"`
}

Rule associates rego modules code and a list of constraints

type Violation

type Violation struct {
	ConstraintConfig ConstraintConfig  `json:"constraintConfig"`
	FeedMessage      FeedMessage       `json:"feedMessage"`
	FunctionConfig   functionConfig    `json:"functionConfig"`
	NonCompliance    nonCompliance     `json:"nonCompliance"`
	RegoModules      map[string]string `json:"regoModules"`
	StepStack        glo.Steps         `json:"step_stack,omitempty"`
}

Violation from the "audit" rego policy in "audit.rego" module

type Window

type Window struct {
	StartTime time.Time `json:"startTime" firestore:"startTime"`
}

Window Cloud Asset Inventory feed message time window

type WrappedPubSub

type WrappedPubSub struct {
	Message      pubsub.Message `json:"message"`
	Subscription string         `json:"subscription"`
}

WrappedPubSub structure to carry PubSub messages in Cloud Event

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL