Documentation ¶
Index ¶
- Variables
- func RegisterValidatorServer(s *grpc.Server, srv ValidatorServer)
- type AddDataRequest
- type AddDataResponse
- type Asset
- func (*Asset) Descriptor() ([]byte, []int)deprecated
- func (m *Asset) GetAccessContextPolicy() isAsset_AccessContextPolicy
- func (x *Asset) GetAccessLevel() *accesscontextmanagerpb.AccessLevel
- func (x *Asset) GetAccessPolicy() *accesscontextmanagerpb.AccessPolicy
- func (x *Asset) GetAncestors() []string
- func (x *Asset) GetAncestryPath() string
- func (x *Asset) GetAssetType() string
- func (x *Asset) GetIamPolicy() *iampb.Policy
- func (x *Asset) GetName() string
- func (x *Asset) GetOrgPolicy() []*orgpolicypb.Policy
- func (x *Asset) GetResource() *assetpb.Resource
- func (x *Asset) GetServicePerimeter() *accesscontextmanagerpb.ServicePerimeter
- func (x *Asset) GetV2OrgPolicies() []*orgpolicypb1.Policy
- func (*Asset) ProtoMessage()
- func (x *Asset) ProtoReflect() protoreflect.Message
- func (x *Asset) Reset()
- func (x *Asset) String() string
- type Asset_AccessLevel
- type Asset_AccessPolicy
- type Asset_ServicePerimeter
- type AuditRequest
- type AuditResponse
- type Constraint
- func (*Constraint) Descriptor() ([]byte, []int)deprecated
- func (x *Constraint) GetApiVersion() string
- func (x *Constraint) GetKind() string
- func (x *Constraint) GetMetadata() *structpb.Value
- func (x *Constraint) GetSpec() *structpb.Value
- func (*Constraint) ProtoMessage()
- func (x *Constraint) ProtoReflect() protoreflect.Message
- func (x *Constraint) Reset()
- func (x *Constraint) String() string
- type ResetRequest
- type ResetResponse
- type ReviewRequest
- type ReviewResponse
- type UnimplementedValidatorServer
- func (*UnimplementedValidatorServer) AddData(context.Context, *AddDataRequest) (*AddDataResponse, error)
- func (*UnimplementedValidatorServer) Audit(context.Context, *AuditRequest) (*AuditResponse, error)
- func (*UnimplementedValidatorServer) Reset(context.Context, *ResetRequest) (*ResetResponse, error)
- func (*UnimplementedValidatorServer) Review(context.Context, *ReviewRequest) (*ReviewResponse, error)
- type ValidatorClient
- type ValidatorServer
- type Violation
- func (*Violation) Descriptor() ([]byte, []int)deprecated
- func (x *Violation) GetConstraint() string
- func (x *Violation) GetConstraintConfig() *Constraint
- func (x *Violation) GetMessage() string
- func (x *Violation) GetMetadata() *structpb.Value
- func (x *Violation) GetResource() string
- func (x *Violation) GetSeverity() string
- func (*Violation) ProtoMessage()
- func (x *Violation) ProtoReflect() protoreflect.Message
- func (x *Violation) Reset()
- func (x *Violation) String() string
Constants ¶
This section is empty.
Variables ¶
var File_validator_proto protoreflect.FileDescriptor
Functions ¶
func RegisterValidatorServer ¶
func RegisterValidatorServer(s *grpc.Server, srv ValidatorServer)
Types ¶
type AddDataRequest ¶
type AddDataRequest struct { Assets []*Asset `protobuf:"bytes,1,rep,name=assets,proto3" json:"assets,omitempty"` // contains filtered or unexported fields }
func (*AddDataRequest) Descriptor
deprecated
func (*AddDataRequest) Descriptor() ([]byte, []int)
Deprecated: Use AddDataRequest.ProtoReflect.Descriptor instead.
func (*AddDataRequest) GetAssets ¶
func (x *AddDataRequest) GetAssets() []*Asset
func (*AddDataRequest) ProtoMessage ¶
func (*AddDataRequest) ProtoMessage()
func (*AddDataRequest) ProtoReflect ¶
func (x *AddDataRequest) ProtoReflect() protoreflect.Message
func (*AddDataRequest) Reset ¶
func (x *AddDataRequest) Reset()
func (*AddDataRequest) String ¶
func (x *AddDataRequest) String() string
type AddDataResponse ¶
type AddDataResponse struct {
// contains filtered or unexported fields
}
func (*AddDataResponse) Descriptor
deprecated
func (*AddDataResponse) Descriptor() ([]byte, []int)
Deprecated: Use AddDataResponse.ProtoReflect.Descriptor instead.
func (*AddDataResponse) ProtoMessage ¶
func (*AddDataResponse) ProtoMessage()
func (*AddDataResponse) ProtoReflect ¶
func (x *AddDataResponse) ProtoReflect() protoreflect.Message
func (*AddDataResponse) Reset ¶
func (x *AddDataResponse) Reset()
func (*AddDataResponse) String ¶
func (x *AddDataResponse) String() string
type Asset ¶
type Asset struct { // GCP resource name as defined by Cloud Asset Inventory. // See https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/resource-name-format for the format. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Cloud Asset Inventory type (CAI API v1 format). Example: "sqladmin.googleapis.com/Instance" is the type of Cloud SQL instance. // This field has a redundant "asset" prefix to be consistent with Cloud Asset Inventory output. // See https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview#supported_resource_types for the list of types. AssetType string `protobuf:"bytes,2,opt,name=asset_type,json=assetType,proto3" json:"asset_type,omitempty"` // Ancestral project/folder/org information in a path-like format. // For example, a GCP project that is nested under a folder may have the following path: // organization/9999/folder/8888/project/7777 AncestryPath string `protobuf:"bytes,3,opt,name=ancestry_path,json=ancestryPath,proto3" json:"ancestry_path,omitempty"` // GCP resource metadata. Resource *assetpb.Resource `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"` // IAM policy associated with the resource. IamPolicy *iampb.Policy `protobuf:"bytes,5,opt,name=iam_policy,json=iamPolicy,proto3" json:"iam_policy,omitempty"` // Ancestor list as returned by CAI (added sometime around Oct 2019) Ancestors []string `protobuf:"bytes,6,rep,name=ancestors,proto3" json:"ancestors,omitempty"` // Representation of the Cloud Organization Policy set on an asset. For each // asset, there could be multiple Organization policies with different // constraints. OrgPolicy []*orgpolicypb.Policy `protobuf:"bytes,7,rep,name=org_policy,json=orgPolicy,proto3" json:"org_policy,omitempty"` // Representation of the Cloud Organization access policy. // // Types that are assignable to AccessContextPolicy: // // *Asset_AccessPolicy // *Asset_AccessLevel // *Asset_ServicePerimeter AccessContextPolicy isAsset_AccessContextPolicy `protobuf_oneof:"access_context_policy"` // Representation of the Cloud Organization Policy V2 set on an asset. // There can be multiple V2 Organization Policies for an asset. V2OrgPolicies []*orgpolicypb1.Policy `protobuf:"bytes,11,rep,name=v2_org_policies,json=v2OrgPolicies,proto3" json:"v2_org_policies,omitempty"` // contains filtered or unexported fields }
Asset contains GCP resource metadata and additional metadata set on a resource, such as Cloud IAM policy. WARNING: these field names are directly used to structure data passed to templates. Changes in field names will result in changes to the data provided to the templates.
func (*Asset) Descriptor
deprecated
func (*Asset) GetAccessContextPolicy ¶
func (m *Asset) GetAccessContextPolicy() isAsset_AccessContextPolicy
func (*Asset) GetAccessLevel ¶
func (x *Asset) GetAccessLevel() *accesscontextmanagerpb.AccessLevel
func (*Asset) GetAccessPolicy ¶
func (x *Asset) GetAccessPolicy() *accesscontextmanagerpb.AccessPolicy
func (*Asset) GetAncestors ¶
func (*Asset) GetAncestryPath ¶
func (*Asset) GetAssetType ¶
func (*Asset) GetIamPolicy ¶
func (*Asset) GetOrgPolicy ¶
func (x *Asset) GetOrgPolicy() []*orgpolicypb.Policy
func (*Asset) GetResource ¶
func (*Asset) GetServicePerimeter ¶
func (x *Asset) GetServicePerimeter() *accesscontextmanagerpb.ServicePerimeter
func (*Asset) GetV2OrgPolicies ¶
func (x *Asset) GetV2OrgPolicies() []*orgpolicypb1.Policy
func (*Asset) ProtoMessage ¶
func (*Asset) ProtoMessage()
func (*Asset) ProtoReflect ¶
func (x *Asset) ProtoReflect() protoreflect.Message
type Asset_AccessLevel ¶
type Asset_AccessLevel struct {
AccessLevel *accesscontextmanagerpb.AccessLevel `protobuf:"bytes,9,opt,name=access_level,json=accessLevel,proto3,oneof"`
}
type Asset_AccessPolicy ¶
type Asset_AccessPolicy struct {
AccessPolicy *accesscontextmanagerpb.AccessPolicy `protobuf:"bytes,8,opt,name=access_policy,json=accessPolicy,proto3,oneof"`
}
type Asset_ServicePerimeter ¶
type Asset_ServicePerimeter struct {
ServicePerimeter *accesscontextmanagerpb.ServicePerimeter `protobuf:"bytes,10,opt,name=service_perimeter,json=servicePerimeter,proto3,oneof"`
}
type AuditRequest ¶
type AuditRequest struct {
// contains filtered or unexported fields
}
func (*AuditRequest) Descriptor
deprecated
func (*AuditRequest) Descriptor() ([]byte, []int)
Deprecated: Use AuditRequest.ProtoReflect.Descriptor instead.
func (*AuditRequest) ProtoMessage ¶
func (*AuditRequest) ProtoMessage()
func (*AuditRequest) ProtoReflect ¶
func (x *AuditRequest) ProtoReflect() protoreflect.Message
func (*AuditRequest) Reset ¶
func (x *AuditRequest) Reset()
func (*AuditRequest) String ¶
func (x *AuditRequest) String() string
type AuditResponse ¶
type AuditResponse struct { Violations []*Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"` // contains filtered or unexported fields }
func (*AuditResponse) Descriptor
deprecated
func (*AuditResponse) Descriptor() ([]byte, []int)
Deprecated: Use AuditResponse.ProtoReflect.Descriptor instead.
func (*AuditResponse) GetViolations ¶
func (x *AuditResponse) GetViolations() []*Violation
func (*AuditResponse) ProtoMessage ¶
func (*AuditResponse) ProtoMessage()
func (*AuditResponse) ProtoReflect ¶
func (x *AuditResponse) ProtoReflect() protoreflect.Message
func (*AuditResponse) Reset ¶
func (x *AuditResponse) Reset()
func (*AuditResponse) String ¶
func (x *AuditResponse) String() string
type Constraint ¶
type Constraint struct { // ApiVersion is the version of the API. ApiVersion string `protobuf:"bytes,1,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"` // Kind is the kind of object. Kind string `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"` // Metadata contains the user-provided constraint metadata. Metadata *structpb.Value `protobuf:"bytes,5,opt,name=metadata,proto3" json:"metadata,omitempty"` // Spec is the object spec. Spec *structpb.Value `protobuf:"bytes,6,opt,name=spec,proto3" json:"spec,omitempty"` // contains filtered or unexported fields }
Constraint contains the configuration for a constraint.
func (*Constraint) Descriptor
deprecated
func (*Constraint) Descriptor() ([]byte, []int)
Deprecated: Use Constraint.ProtoReflect.Descriptor instead.
func (*Constraint) GetApiVersion ¶
func (x *Constraint) GetApiVersion() string
func (*Constraint) GetKind ¶
func (x *Constraint) GetKind() string
func (*Constraint) GetMetadata ¶
func (x *Constraint) GetMetadata() *structpb.Value
func (*Constraint) GetSpec ¶
func (x *Constraint) GetSpec() *structpb.Value
func (*Constraint) ProtoMessage ¶
func (*Constraint) ProtoMessage()
func (*Constraint) ProtoReflect ¶
func (x *Constraint) ProtoReflect() protoreflect.Message
func (*Constraint) Reset ¶
func (x *Constraint) Reset()
func (*Constraint) String ¶
func (x *Constraint) String() string
type ResetRequest ¶
type ResetRequest struct {
// contains filtered or unexported fields
}
func (*ResetRequest) Descriptor
deprecated
func (*ResetRequest) Descriptor() ([]byte, []int)
Deprecated: Use ResetRequest.ProtoReflect.Descriptor instead.
func (*ResetRequest) ProtoMessage ¶
func (*ResetRequest) ProtoMessage()
func (*ResetRequest) ProtoReflect ¶
func (x *ResetRequest) ProtoReflect() protoreflect.Message
func (*ResetRequest) Reset ¶
func (x *ResetRequest) Reset()
func (*ResetRequest) String ¶
func (x *ResetRequest) String() string
type ResetResponse ¶
type ResetResponse struct {
// contains filtered or unexported fields
}
func (*ResetResponse) Descriptor
deprecated
func (*ResetResponse) Descriptor() ([]byte, []int)
Deprecated: Use ResetResponse.ProtoReflect.Descriptor instead.
func (*ResetResponse) ProtoMessage ¶
func (*ResetResponse) ProtoMessage()
func (*ResetResponse) ProtoReflect ¶
func (x *ResetResponse) ProtoReflect() protoreflect.Message
func (*ResetResponse) Reset ¶
func (x *ResetResponse) Reset()
func (*ResetResponse) String ¶
func (x *ResetResponse) String() string
type ReviewRequest ¶
type ReviewRequest struct { Assets []*Asset `protobuf:"bytes,1,rep,name=assets,proto3" json:"assets,omitempty"` // contains filtered or unexported fields }
func (*ReviewRequest) Descriptor
deprecated
func (*ReviewRequest) Descriptor() ([]byte, []int)
Deprecated: Use ReviewRequest.ProtoReflect.Descriptor instead.
func (*ReviewRequest) GetAssets ¶
func (x *ReviewRequest) GetAssets() []*Asset
func (*ReviewRequest) ProtoMessage ¶
func (*ReviewRequest) ProtoMessage()
func (*ReviewRequest) ProtoReflect ¶
func (x *ReviewRequest) ProtoReflect() protoreflect.Message
func (*ReviewRequest) Reset ¶
func (x *ReviewRequest) Reset()
func (*ReviewRequest) String ¶
func (x *ReviewRequest) String() string
type ReviewResponse ¶
type ReviewResponse struct { Violations []*Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"` // contains filtered or unexported fields }
func (*ReviewResponse) Descriptor
deprecated
func (*ReviewResponse) Descriptor() ([]byte, []int)
Deprecated: Use ReviewResponse.ProtoReflect.Descriptor instead.
func (*ReviewResponse) GetViolations ¶
func (x *ReviewResponse) GetViolations() []*Violation
func (*ReviewResponse) ProtoMessage ¶
func (*ReviewResponse) ProtoMessage()
func (*ReviewResponse) ProtoReflect ¶
func (x *ReviewResponse) ProtoReflect() protoreflect.Message
func (*ReviewResponse) Reset ¶
func (x *ReviewResponse) Reset()
func (*ReviewResponse) String ¶
func (x *ReviewResponse) String() string
type UnimplementedValidatorServer ¶
type UnimplementedValidatorServer struct { }
UnimplementedValidatorServer can be embedded to have forward compatible implementations.
func (*UnimplementedValidatorServer) AddData ¶
func (*UnimplementedValidatorServer) AddData(context.Context, *AddDataRequest) (*AddDataResponse, error)
func (*UnimplementedValidatorServer) Audit ¶
func (*UnimplementedValidatorServer) Audit(context.Context, *AuditRequest) (*AuditResponse, error)
func (*UnimplementedValidatorServer) Reset ¶
func (*UnimplementedValidatorServer) Reset(context.Context, *ResetRequest) (*ResetResponse, error)
func (*UnimplementedValidatorServer) Review ¶
func (*UnimplementedValidatorServer) Review(context.Context, *ReviewRequest) (*ReviewResponse, error)
type ValidatorClient ¶
type ValidatorClient interface { // AddData adds GCP resource metadata to be audited later. AddData(ctx context.Context, in *AddDataRequest, opts ...grpc.CallOption) (*AddDataResponse, error) // Audit checks the GCP resource metadata that has been added via AddData to determine if any of the constraint is violated. Audit(ctx context.Context, in *AuditRequest, opts ...grpc.CallOption) (*AuditResponse, error) // Reset clears previously added data from the underlying query evaluation engine. Reset(ctx context.Context, in *ResetRequest, opts ...grpc.CallOption) (*ResetResponse, error) // Review checks the GCP resources and returns any constraint violations. Note that referential checks are not supported // with this mode. Review(ctx context.Context, in *ReviewRequest, opts ...grpc.CallOption) (*ReviewResponse, error) }
ValidatorClient is the client API for Validator service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewValidatorClient ¶
func NewValidatorClient(cc grpc.ClientConnInterface) ValidatorClient
type ValidatorServer ¶
type ValidatorServer interface { // AddData adds GCP resource metadata to be audited later. AddData(context.Context, *AddDataRequest) (*AddDataResponse, error) // Audit checks the GCP resource metadata that has been added via AddData to determine if any of the constraint is violated. Audit(context.Context, *AuditRequest) (*AuditResponse, error) // Reset clears previously added data from the underlying query evaluation engine. Reset(context.Context, *ResetRequest) (*ResetResponse, error) // Review checks the GCP resources and returns any constraint violations. Note that referential checks are not supported // with this mode. Review(context.Context, *ReviewRequest) (*ReviewResponse, error) }
ValidatorServer is the server API for Validator service.
type Violation ¶
type Violation struct { // The name of the constraint that's violated. Constraint string `protobuf:"bytes,1,opt,name=constraint,proto3" json:"constraint,omitempty"` // GCP resource name. This is the same name in Asset. Resource string `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"` // Human readable error message. Message string `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"` // Metadata is optional. It contains the constraint-specific information that can potentially be used for remediation. // Example: In a firewall rule constraint violation, Metadata can contain the open port number. Metadata *structpb.Value `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"` // The full constraint configuration. ConstraintConfig *Constraint `protobuf:"bytes,5,opt,name=constraint_config,json=constraintConfig,proto3" json:"constraint_config,omitempty"` // The constraint severity Severity string `protobuf:"bytes,6,opt,name=severity,proto3" json:"severity,omitempty"` // contains filtered or unexported fields }
Violation contains the relevant information to explain how a constraint is violated.
func (*Violation) Descriptor
deprecated
func (*Violation) GetConstraint ¶
func (*Violation) GetConstraintConfig ¶
func (x *Violation) GetConstraintConfig() *Constraint
func (*Violation) GetMessage ¶
func (*Violation) GetMetadata ¶
func (*Violation) GetResource ¶
func (*Violation) GetSeverity ¶
func (*Violation) ProtoMessage ¶
func (*Violation) ProtoMessage()
func (*Violation) ProtoReflect ¶
func (x *Violation) ProtoReflect() protoreflect.Message