entities

package

v0.0.0-...-f733b5b Latest Latest Go to latest Published: Sep 19, 2019 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/security-response-automation

Documentation ¶

Overview ¶

Package entities holds commonly used methods used in security automation.

Index ¶

Variables
type ComputeClient
type Finding
- func NewFinding() *Finding
type Firewall
- func NewFirewall(cs FirewallClient) *Firewall
- func (f *Firewall) DisableFirewallRule(projectID, name string) (*compute.Operation, error)
- func (f *Firewall) EnableFirewallRule(projectID, name string) (*compute.Operation, error)
type FirewallClient
type Host
- func NewHost(cs ComputeClient) *Host
type Resource
- func NewResource(crm crmClient, s storageClient) *Resource

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrUnmarshal thrown when unable to unmarshal.
	ErrUnmarshal = errors.New("failed to unmarshal")
	// ErrParsing thrown when unable to parse.
	ErrParsing = errors.New("not a valid log")
	// ErrValueNotFound thrown when a value is requested but not found.
	ErrValueNotFound = errors.New("value not found")
)

Functions ¶

This section is empty.

Types ¶

type ComputeClient ¶

type ComputeClient interface {
	CreateSnapshot(context.Context, string, string, string, *compute.Snapshot) (*compute.Operation, error)
	ListProjectSnapshots(context.Context, string) (*compute.SnapshotList, error)
	ListDisks(context.Context, string, string) (*compute.DiskList, error)
	SetLabels(context.Context, string, string, *compute.GlobalSetLabelsRequest) (*compute.Operation, error)
	DeleteDiskSnapshot(string, string) (*compute.Operation, error)
	WaitZone(string, string, *compute.Operation) []error
	WaitGlobal(string, *compute.Operation) []error
}

ComputeClient contains minimum interface required by the host entity.

type Finding ¶

type Finding struct {
	// contains filtered or unexported fields
}

Finding struct setting.

func NewFinding ¶

func NewFinding() *Finding

NewFinding returns a new finding.

func (*Finding) BadIPs ¶

func (f *Finding) BadIPs() []string

BadIPs returns a slice of bad IPs from an ETD bad IP finding.

func (*Finding) ExternalMembers ¶

func (f *Finding) ExternalMembers() []string

ExternalMembers returns a slice of external members.

func (*Finding) ExternalUsers ¶

func (f *Finding) ExternalUsers() []string

ExternalUsers returns the external members found from an anomalous IAM grant.

func (*Finding) Instance ¶

func (f *Finding) Instance() string

Instance returns the instance name of affected project.

func (*Finding) ProjectID ¶

func (f *Finding) ProjectID() string

ProjectID returns the projectID of the affected project.

func (*Finding) ProjectNumber ¶

func (f *Finding) ProjectNumber() string

ProjectNumber returns the project number of the affected resource, or an empty string if it can't find one.

func (*Finding) ReadFinding ¶

func (f *Finding) ReadFinding(m *pubsub.Message) error

ReadFinding unmarshals a finding from PubSub.

func (*Finding) Resource ¶

func (f *Finding) Resource() string

Resource returns the resource of affected project.

func (*Finding) RuleName ¶

func (f *Finding) RuleName() string

RuleName returns the rule name.

func (*Finding) Zone ¶

func (f *Finding) Zone() string

Zone returns the zone of affected project.

type Firewall ¶

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall entity.

func NewFirewall ¶

func NewFirewall(cs FirewallClient) *Firewall

NewFirewall returns a new firewall entity.

func (*Firewall) DisableFirewallRule ¶

func (f *Firewall) DisableFirewallRule(projectID, name string) (*compute.Operation, error)

DisableFirewallRule sets the firewall rule to disabled.

func (*Firewall) EnableFirewallRule ¶

func (f *Firewall) EnableFirewallRule(projectID, name string) (*compute.Operation, error)

EnableFirewallRule sets the firewall rule to enabled.

type FirewallClient ¶

type FirewallClient interface {
	PatchFirewallRule(string, string, *compute.Firewall) (*compute.Operation, error)
}

FirewallClient holds the minimum interface required by the firewall entity.

type Host ¶

type Host struct {
	// contains filtered or unexported fields
}

Host entity.

func NewHost ¶

func NewHost(cs ComputeClient) *Host

NewHost returns a host entity.

func (*Host) CreateDiskSnapshot ¶

func (h *Host) CreateDiskSnapshot(ctx context.Context, projectID, zone, disk, name string) (*compute.Operation, error)

CreateDiskSnapshot creates a snapshot.

func (*Host) DeleteDiskSnapshot ¶

func (h *Host) DeleteDiskSnapshot(project, snapshot string) (*compute.Operation, error)

DeleteDiskSnapshot deletes the given snapshot from the project.

func (*Host) ListInstanceDisks ¶

func (h *Host) ListInstanceDisks(ctx context.Context, projectID, zone, instance string) ([]*compute.Disk, error)

ListInstanceDisks returns a list of disk names for a given instance.

func (*Host) ListProjectSnapshots ¶

func (h *Host) ListProjectSnapshots(ctx context.Context, projectID string) (*compute.SnapshotList, error)

ListProjectSnapshots returns a list of snapshots.

func (*Host) SetSnapshotLabels ¶

func (h *Host) SetSnapshotLabels(ctx context.Context, projectID, name string, m map[string]string) error

SetSnapshotLabels sets the labels on a snapshot.

func (*Host) WaitGlobal ¶

func (h *Host) WaitGlobal(project string, op *compute.Operation) []error

WaitGlobal will wait for the global operation to complete.

func (*Host) WaitZone ¶

func (h *Host) WaitZone(project, zone string, op *compute.Operation) []error

WaitZone will wait for the zonal operation to complete.

type Resource ¶

type Resource struct {
	// contains filtered or unexported fields
}

Resource entity.

func NewResource ¶

func NewResource(crm crmClient, s storageClient) *Resource

NewResource returns a new resource entity.

func (*Resource) GetProjectAncestry ¶

func (u *Resource) GetProjectAncestry(ctx context.Context, projectID string) ([]string, error)

GetProjectAncestry returns a slice of the project's ancestry.

func (*Resource) RemoveDomainsProject ¶

func (u *Resource) RemoveDomainsProject(ctx context.Context, projectID string, disallowedDomains []string) (*crm.Policy, error)

RemoveDomainsProject removes all members from the given project that end with the disallowed domains.

func (*Resource) RemoveEntityFromBucket ¶

func (u *Resource) RemoveEntityFromBucket(ctx context.Context, bucketName string, entity storage.ACLEntity) error

RemoveEntityFromBucket removes ACL Entity in the bucket.

func (*Resource) RemoveMembersProject ¶

func (u *Resource) RemoveMembersProject(ctx context.Context, projectID string, remove []string) (*crm.Policy, error)

RemoveMembersProject removes the given members from the project.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL