validator

package
v0.0.0-...-0da46e6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 24, 2023 License: Apache-2.0 Imports: 14 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_validator_proto protoreflect.FileDescriptor

Functions

func RegisterValidatorServer 

func RegisterValidatorServer(s *grpc.Server, srv ValidatorServer)

Types

type AddDataRequest 

type AddDataRequest struct {
	Assets []*Asset `protobuf:"bytes,1,rep,name=assets,proto3" json:"assets,omitempty"`
	// contains filtered or unexported fields
}

func (*AddDataRequest) Descriptor deprecated 

func (*AddDataRequest) Descriptor() ([]byte, []int)

Deprecated: Use AddDataRequest.ProtoReflect.Descriptor instead.

func (*AddDataRequest) GetAssets 

func (x *AddDataRequest) GetAssets() []*Asset

func (*AddDataRequest) ProtoMessage 

func (*AddDataRequest) ProtoMessage()

func (*AddDataRequest) ProtoReflect 

func (x *AddDataRequest) ProtoReflect() protoreflect.Message

func (*AddDataRequest) Reset 

func (x *AddDataRequest) Reset()

func (*AddDataRequest) String 

func (x *AddDataRequest) String() string

type AddDataResponse 

type AddDataResponse struct {
	// contains filtered or unexported fields
}

func (*AddDataResponse) Descriptor deprecated 

func (*AddDataResponse) Descriptor() ([]byte, []int)

Deprecated: Use AddDataResponse.ProtoReflect.Descriptor instead.

func (*AddDataResponse) ProtoMessage 

func (*AddDataResponse) ProtoMessage()

func (*AddDataResponse) ProtoReflect 

func (x *AddDataResponse) ProtoReflect() protoreflect.Message

func (*AddDataResponse) Reset 

func (x *AddDataResponse) Reset()

func (*AddDataResponse) String 

func (x *AddDataResponse) String() string

type Asset 

type Asset struct {

	// GCP resource name as defined by Cloud Asset Inventory.
	// See https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/resource-name-format for the format.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Cloud Asset Inventory type (CAI API v1 format). Example: "sqladmin.googleapis.com/Instance" is the type of Cloud SQL instance.
	// This field has a redundant "asset" prefix to be consistent with Cloud Asset Inventory output.
	// See https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview#supported_resource_types for the list of types.
	AssetType string `protobuf:"bytes,2,opt,name=asset_type,json=assetType,proto3" json:"asset_type,omitempty"`
	// Ancestral project/folder/org information in a path-like format.
	// For example, a GCP project that is nested under a folder may have the following path:
	// organization/9999/folder/8888/project/7777
	AncestryPath string `protobuf:"bytes,3,opt,name=ancestry_path,json=ancestryPath,proto3" json:"ancestry_path,omitempty"`
	// GCP resource metadata.
	Resource *assetpb.Resource `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"`
	// IAM policy associated with the resource.
	IamPolicy *iampb.Policy `protobuf:"bytes,5,opt,name=iam_policy,json=iamPolicy,proto3" json:"iam_policy,omitempty"`
	// Ancestor list as returned by CAI (added sometime around Oct 2019)
	Ancestors []string `protobuf:"bytes,6,rep,name=ancestors,proto3" json:"ancestors,omitempty"`
	// Representation of the Cloud Organization Policy set on an asset. For each
	// asset, there could be multiple Organization policies with different
	// constraints.
	OrgPolicy []*orgpolicypb.Policy `protobuf:"bytes,7,rep,name=org_policy,json=orgPolicy,proto3" json:"org_policy,omitempty"`
	// Representation of the Cloud Organization access policy.
	//
	// Types that are assignable to AccessContextPolicy:
	//
	//	*Asset_AccessPolicy
	//	*Asset_AccessLevel
	//	*Asset_ServicePerimeter
	AccessContextPolicy isAsset_AccessContextPolicy `protobuf_oneof:"access_context_policy"`
	// Representation of the Cloud Organization Policy V2 set on an asset.
	// There can be multiple V2 Organization Policies for an asset.
	V2OrgPolicies []*orgpolicypb1.Policy `protobuf:"bytes,11,rep,name=v2_org_policies,json=v2OrgPolicies,proto3" json:"v2_org_policies,omitempty"`
	// contains filtered or unexported fields
}

Asset contains GCP resource metadata and additional metadata set on a resource, such as Cloud IAM policy. WARNING: these field names are directly used to structure data passed to templates. Changes in field names will result in changes to the data provided to the templates.

func (*Asset) Descriptor deprecated 

func (*Asset) Descriptor() ([]byte, []int)

Deprecated: Use Asset.ProtoReflect.Descriptor instead.

func (*Asset) GetAccessContextPolicy 

func (m *Asset) GetAccessContextPolicy() isAsset_AccessContextPolicy

func (*Asset) GetAccessLevel 

func (x *Asset) GetAccessLevel() *accesscontextmanagerpb.AccessLevel

func (*Asset) GetAccessPolicy 

func (x *Asset) GetAccessPolicy() *accesscontextmanagerpb.AccessPolicy

func (*Asset) GetAncestors 

func (x *Asset) GetAncestors() []string

func (*Asset) GetAncestryPath 

func (x *Asset) GetAncestryPath() string

func (*Asset) GetAssetType 

func (x *Asset) GetAssetType() string

func (*Asset) GetIamPolicy 

func (x *Asset) GetIamPolicy() *iampb.Policy

func (*Asset) GetName 

func (x *Asset) GetName() string

func (*Asset) GetOrgPolicy 

func (x *Asset) GetOrgPolicy() []*orgpolicypb.Policy

func (*Asset) GetResource 

func (x *Asset) GetResource() *assetpb.Resource

func (*Asset) GetServicePerimeter 

func (x *Asset) GetServicePerimeter() *accesscontextmanagerpb.ServicePerimeter

func (*Asset) GetV2OrgPolicies 

func (x *Asset) GetV2OrgPolicies() []*orgpolicypb1.Policy

func (*Asset) ProtoMessage 

func (*Asset) ProtoMessage()

func (*Asset) ProtoReflect 

func (x *Asset) ProtoReflect() protoreflect.Message

func (*Asset) Reset 

func (x *Asset) Reset()

func (*Asset) String 

func (x *Asset) String() string

type Asset_AccessLevel 

type Asset_AccessLevel struct {
	AccessLevel *accesscontextmanagerpb.AccessLevel `protobuf:"bytes,9,opt,name=access_level,json=accessLevel,proto3,oneof"`
}

type Asset_AccessPolicy 

type Asset_AccessPolicy struct {
	AccessPolicy *accesscontextmanagerpb.AccessPolicy `protobuf:"bytes,8,opt,name=access_policy,json=accessPolicy,proto3,oneof"`
}

type Asset_ServicePerimeter 

type Asset_ServicePerimeter struct {
	ServicePerimeter *accesscontextmanagerpb.ServicePerimeter `protobuf:"bytes,10,opt,name=service_perimeter,json=servicePerimeter,proto3,oneof"`
}

type AuditRequest 

type AuditRequest struct {
	// contains filtered or unexported fields
}

func (*AuditRequest) Descriptor deprecated 

func (*AuditRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuditRequest.ProtoReflect.Descriptor instead.

func (*AuditRequest) ProtoMessage 

func (*AuditRequest) ProtoMessage()

func (*AuditRequest) ProtoReflect 

func (x *AuditRequest) ProtoReflect() protoreflect.Message

func (*AuditRequest) Reset 

func (x *AuditRequest) Reset()

func (*AuditRequest) String 

func (x *AuditRequest) String() string

type AuditResponse 

type AuditResponse struct {
	Violations []*Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
	// contains filtered or unexported fields
}

func (*AuditResponse) Descriptor deprecated 

func (*AuditResponse) Descriptor() ([]byte, []int)

Deprecated: Use AuditResponse.ProtoReflect.Descriptor instead.

func (*AuditResponse) GetViolations 

func (x *AuditResponse) GetViolations() []*Violation

func (*AuditResponse) ProtoMessage 

func (*AuditResponse) ProtoMessage()

func (*AuditResponse) ProtoReflect 

func (x *AuditResponse) ProtoReflect() protoreflect.Message

func (*AuditResponse) Reset 

func (x *AuditResponse) Reset()

func (*AuditResponse) String 

func (x *AuditResponse) String() string

type Constraint 

type Constraint struct {

	// ApiVersion is the version of the API.
	ApiVersion string `protobuf:"bytes,1,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"`
	// Kind is the kind of object.
	Kind string `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"`
	// Metadata contains the user-provided constraint metadata.
	Metadata *structpb.Value `protobuf:"bytes,5,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// Spec is the object spec.
	Spec *structpb.Value `protobuf:"bytes,6,opt,name=spec,proto3" json:"spec,omitempty"`
	// contains filtered or unexported fields
}

Constraint contains the configuration for a constraint.

func (*Constraint) Descriptor deprecated 

func (*Constraint) Descriptor() ([]byte, []int)

Deprecated: Use Constraint.ProtoReflect.Descriptor instead.

func (*Constraint) GetApiVersion 

func (x *Constraint) GetApiVersion() string

func (*Constraint) GetKind 

func (x *Constraint) GetKind() string

func (*Constraint) GetMetadata 

func (x *Constraint) GetMetadata() *structpb.Value

func (*Constraint) GetSpec 

func (x *Constraint) GetSpec() *structpb.Value

func (*Constraint) ProtoMessage 

func (*Constraint) ProtoMessage()

func (*Constraint) ProtoReflect 

func (x *Constraint) ProtoReflect() protoreflect.Message

func (*Constraint) Reset 

func (x *Constraint) Reset()

func (*Constraint) String 

func (x *Constraint) String() string

type ResetRequest 

type ResetRequest struct {
	// contains filtered or unexported fields
}

func (*ResetRequest) Descriptor deprecated 

func (*ResetRequest) Descriptor() ([]byte, []int)

Deprecated: Use ResetRequest.ProtoReflect.Descriptor instead.

func (*ResetRequest) ProtoMessage 

func (*ResetRequest) ProtoMessage()

func (*ResetRequest) ProtoReflect 

func (x *ResetRequest) ProtoReflect() protoreflect.Message

func (*ResetRequest) Reset 

func (x *ResetRequest) Reset()

func (*ResetRequest) String 

func (x *ResetRequest) String() string

type ResetResponse 

type ResetResponse struct {
	// contains filtered or unexported fields
}

func (*ResetResponse) Descriptor deprecated 

func (*ResetResponse) Descriptor() ([]byte, []int)

Deprecated: Use ResetResponse.ProtoReflect.Descriptor instead.

func (*ResetResponse) ProtoMessage 

func (*ResetResponse) ProtoMessage()

func (*ResetResponse) ProtoReflect 

func (x *ResetResponse) ProtoReflect() protoreflect.Message

func (*ResetResponse) Reset 

func (x *ResetResponse) Reset()

func (*ResetResponse) String 

func (x *ResetResponse) String() string

type ReviewRequest 

type ReviewRequest struct {
	Assets []*Asset `protobuf:"bytes,1,rep,name=assets,proto3" json:"assets,omitempty"`
	// contains filtered or unexported fields
}

func (*ReviewRequest) Descriptor deprecated 

func (*ReviewRequest) Descriptor() ([]byte, []int)

Deprecated: Use ReviewRequest.ProtoReflect.Descriptor instead.

func (*ReviewRequest) GetAssets 

func (x *ReviewRequest) GetAssets() []*Asset

func (*ReviewRequest) ProtoMessage 

func (*ReviewRequest) ProtoMessage()

func (*ReviewRequest) ProtoReflect 

func (x *ReviewRequest) ProtoReflect() protoreflect.Message

func (*ReviewRequest) Reset 

func (x *ReviewRequest) Reset()

func (*ReviewRequest) String 

func (x *ReviewRequest) String() string

type ReviewResponse 

type ReviewResponse struct {
	Violations []*Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
	// contains filtered or unexported fields
}

func (*ReviewResponse) Descriptor deprecated 

func (*ReviewResponse) Descriptor() ([]byte, []int)

Deprecated: Use ReviewResponse.ProtoReflect.Descriptor instead.

func (*ReviewResponse) GetViolations 

func (x *ReviewResponse) GetViolations() []*Violation

func (*ReviewResponse) ProtoMessage 

func (*ReviewResponse) ProtoMessage()

func (*ReviewResponse) ProtoReflect 

func (x *ReviewResponse) ProtoReflect() protoreflect.Message

func (*ReviewResponse) Reset 

func (x *ReviewResponse) Reset()

func (*ReviewResponse) String 

func (x *ReviewResponse) String() string

type UnimplementedValidatorServer 

type UnimplementedValidatorServer struct {
}

UnimplementedValidatorServer can be embedded to have forward compatible implementations.

func (*UnimplementedValidatorServer) AddData 

func (*UnimplementedValidatorServer) AddData(context.Context, *AddDataRequest) (*AddDataResponse, error)

func (*UnimplementedValidatorServer) Audit 

func (*UnimplementedValidatorServer) Audit(context.Context, *AuditRequest) (*AuditResponse, error)

func (*UnimplementedValidatorServer) Reset 

func (*UnimplementedValidatorServer) Reset(context.Context, *ResetRequest) (*ResetResponse, error)

func (*UnimplementedValidatorServer) Review 

func (*UnimplementedValidatorServer) Review(context.Context, *ReviewRequest) (*ReviewResponse, error)

type ValidatorClient 

type ValidatorClient interface {
	// AddData adds GCP resource metadata to be audited later.
	AddData(ctx context.Context, in *AddDataRequest, opts ...grpc.CallOption) (*AddDataResponse, error)
	// Audit checks the GCP resource metadata that has been added via AddData to determine if any of the constraint is violated.
	Audit(ctx context.Context, in *AuditRequest, opts ...grpc.CallOption) (*AuditResponse, error)
	// Reset clears previously added data from the underlying query evaluation engine.
	Reset(ctx context.Context, in *ResetRequest, opts ...grpc.CallOption) (*ResetResponse, error)
	// Review checks the GCP resources and returns any constraint violations.  Note that referential checks are not supported
	// with this mode.
	Review(ctx context.Context, in *ReviewRequest, opts ...grpc.CallOption) (*ReviewResponse, error)
}

ValidatorClient is the client API for Validator service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewValidatorClient 

func NewValidatorClient(cc grpc.ClientConnInterface) ValidatorClient

type ValidatorServer 

type ValidatorServer interface {
	// AddData adds GCP resource metadata to be audited later.
	AddData(context.Context, *AddDataRequest) (*AddDataResponse, error)
	// Audit checks the GCP resource metadata that has been added via AddData to determine if any of the constraint is violated.
	Audit(context.Context, *AuditRequest) (*AuditResponse, error)
	// Reset clears previously added data from the underlying query evaluation engine.
	Reset(context.Context, *ResetRequest) (*ResetResponse, error)
	// Review checks the GCP resources and returns any constraint violations.  Note that referential checks are not supported
	// with this mode.
	Review(context.Context, *ReviewRequest) (*ReviewResponse, error)
}

ValidatorServer is the server API for Validator service.

type Violation 

type Violation struct {

	// The name of the constraint that's violated.
	Constraint string `protobuf:"bytes,1,opt,name=constraint,proto3" json:"constraint,omitempty"`
	// GCP resource name. This is the same name in Asset.
	Resource string `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
	// Human readable error message.
	Message string `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"`
	// Metadata is optional. It contains the constraint-specific information that can potentially be used for remediation.
	// Example: In a firewall rule constraint violation, Metadata can contain the open port number.
	Metadata *structpb.Value `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// The full constraint configuration.
	ConstraintConfig *Constraint `protobuf:"bytes,5,opt,name=constraint_config,json=constraintConfig,proto3" json:"constraint_config,omitempty"`
	// The constraint severity
	Severity string `protobuf:"bytes,6,opt,name=severity,proto3" json:"severity,omitempty"`
	// contains filtered or unexported fields
}

Violation contains the relevant information to explain how a constraint is violated.

func (*Violation) Descriptor deprecated 

func (*Violation) Descriptor() ([]byte, []int)

Deprecated: Use Violation.ProtoReflect.Descriptor instead.

func (*Violation) GetConstraint 

func (x *Violation) GetConstraint() string

func (*Violation) GetConstraintConfig 

func (x *Violation) GetConstraintConfig() *Constraint

func (*Violation) GetMessage 

func (x *Violation) GetMessage() string

func (*Violation) GetMetadata 

func (x *Violation) GetMetadata() *structpb.Value

func (*Violation) GetResource 

func (x *Violation) GetResource() string

func (*Violation) GetSeverity 

func (x *Violation) GetSeverity() string

func (*Violation) ProtoMessage 

func (*Violation) ProtoMessage()

func (*Violation) ProtoReflect 

func (x *Violation) ProtoReflect() protoreflect.Message

func (*Violation) Reset 

func (x *Violation) Reset()

func (*Violation) String 

func (x *Violation) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.