Documentation ¶
Overview ¶
A package that generates Lacework deployment code for Google cloud.
Index ¶
- func ValidateSaCredFileContent(credFileContent map[string]interface{}) (map[string]interface{}, bool)
- func ValidateServiceAccountCredentials(val interface{}) error
- func ValidateServiceAccountCredentialsFile(credFile string) error
- func ValidateStringIsBase64(val interface{}) error
- type ExistingServiceAccountDetails
- type GcpTerraformModifier
- func WithAuditLogIntegrationName(name string) GcpTerraformModifier
- func WithAuditLogLabels(labels map[string]string) GcpTerraformModifier
- func WithBucketLabels(labels map[string]string) GcpTerraformModifier
- func WithBucketRegion(region string) GcpTerraformModifier
- func WithConfigurationIntegrationName(name string) GcpTerraformModifier
- func WithCustomBucketName(name string) GcpTerraformModifier
- func WithCustomFilter(filter string) GcpTerraformModifier
- func WithCustomOutputs(outputs []lwgenerate.HclOutput) GcpTerraformModifier
- func WithEnableUBLA(enable bool) GcpTerraformModifier
- func WithExistingLogBucketName(name string) GcpTerraformModifier
- func WithExistingLogSinkName(name string) GcpTerraformModifier
- func WithExistingServiceAccount(serviceAccountDetails *ExistingServiceAccountDetails) GcpTerraformModifier
- func WithExtraBlocks(blocks []*hclwrite.Block) GcpTerraformModifier
- func WithExtraProviderArguments(arguments map[string]interface{}) GcpTerraformModifier
- func WithExtraRootBlocks(blocks []*hclwrite.Block) GcpTerraformModifier
- func WithFoldersToExclude(folders []string) GcpTerraformModifier
- func WithFoldersToInclude(folders []string) GcpTerraformModifier
- func WithGcpServiceAccountCredentials(path string) GcpTerraformModifier
- func WithGoogleWorkspaceFilter(filter bool) GcpTerraformModifier
- func WithIncludeRootProjects(include bool) GcpTerraformModifier
- func WithK8sFilter(filter bool) GcpTerraformModifier
- func WithLaceworkProfile(name string) GcpTerraformModifier
- func WithLogBucketLifecycleRuleAge(ruleAge int) GcpTerraformModifier
- func WithMultipleProject(projects []string) GcpTerraformModifier
- func WithOrganizationId(id string) GcpTerraformModifier
- func WithOrganizationIntegration(enabled bool) GcpTerraformModifier
- func WithPrefix(prefix string) GcpTerraformModifier
- func WithProjectFilterList(projectFilterList []string) GcpTerraformModifier
- func WithProjectId(id string) GcpTerraformModifier
- func WithProviderDefaultLabels(labels map[string]interface{}) GcpTerraformModifier
- func WithPubSubSubscriptionLabels(labels map[string]string) GcpTerraformModifier
- func WithPubSubTopicLabels(labels map[string]string) GcpTerraformModifier
- func WithRegions(regions []string) GcpTerraformModifier
- func WithUsePubSubAudit(usePubSub bool) GcpTerraformModifier
- func WithWaitTime(waitTime string) GcpTerraformModifier
- type GenerateGcpTfConfigurationArgs
- type GenerateGkeTfConfigurationArgs
- type Modifier
- func WithGkeExistingRequiredProviders() Modifier
- func WithGkeExistingServiceAccount(serviceAccount *ServiceAccount) Modifier
- func WithGkeExistingSinkName(name string) Modifier
- func WithGkeGcpProviderAlias(alias string) Modifier
- func WithGkeIntegrationName(name string) Modifier
- func WithGkeLabels(labels map[string]string) Modifier
- func WithGkeLaceworkProfile(name string) Modifier
- func WithGkeOrganizationId(id string) Modifier
- func WithGkeOrganizationIntegration(enabled bool) Modifier
- func WithGkePrefix(prefix string) Modifier
- func WithGkeProjectId(id string) Modifier
- func WithGkePubSubSubscriptionLabels(labels map[string]string) Modifier
- func WithGkePubSubTopicLabels(labels map[string]string) Modifier
- func WithGkeServiceAccountCredentials(path string) Modifier
- func WithGkeWaitTime(waitTime string) Modifier
- type ServiceAccount
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ValidateSaCredFileContent ¶ added in v0.43.0
func ValidateServiceAccountCredentials ¶ added in v0.43.0
func ValidateServiceAccountCredentials(val interface{}) error
func ValidateServiceAccountCredentialsFile ¶ added in v0.43.0
func ValidateStringIsBase64 ¶ added in v0.43.0
func ValidateStringIsBase64(val interface{}) error
Types ¶
type ExistingServiceAccountDetails ¶
type ExistingServiceAccountDetails struct { // Existing Service Account Name Name string // Existing Service Account private key in JSON format, base64 encoded PrivateKey string }
func NewExistingServiceAccountDetails ¶
func NewExistingServiceAccountDetails(name string, privateKey string) *ExistingServiceAccountDetails
NewExistingServiceAccountDetails Create new existing Service Account details
func (*ExistingServiceAccountDetails) IsPartial ¶ added in v0.28.0
func (e *ExistingServiceAccountDetails) IsPartial() bool
type GcpTerraformModifier ¶
type GcpTerraformModifier func(c *GenerateGcpTfConfigurationArgs)
func WithAuditLogIntegrationName ¶
func WithAuditLogIntegrationName(name string) GcpTerraformModifier
WithAuditLogIntegrationName Set the Config Integration name to be displayed on the Lacework UI
func WithAuditLogLabels ¶
func WithAuditLogLabels(labels map[string]string) GcpTerraformModifier
WithAuditLogLabels set labels to be applied to ALL newly created Audit Log resources
func WithBucketLabels ¶
func WithBucketLabels(labels map[string]string) GcpTerraformModifier
WithBucketLabels set labels to be applied to the newly created Audit Log Bucket
func WithBucketRegion ¶
func WithBucketRegion(region string) GcpTerraformModifier
WithBucketRegion Set the Region in which the Bucket should be created
func WithConfigurationIntegrationName ¶ added in v0.28.0
func WithConfigurationIntegrationName(name string) GcpTerraformModifier
WithConfigurationIntegrationName Set the Config Integration name to be displayed on the Lacework UI
func WithCustomBucketName ¶ added in v0.43.0
func WithCustomBucketName(name string) GcpTerraformModifier
func WithCustomFilter ¶ added in v0.43.0
func WithCustomFilter(filter string) GcpTerraformModifier
func WithCustomOutputs ¶ added in v1.51.0
func WithCustomOutputs(outputs []lwgenerate.HclOutput) GcpTerraformModifier
WithConfigOutputs Set Custom Terraform Outputs
func WithEnableUBLA ¶
func WithEnableUBLA(enable bool) GcpTerraformModifier
WithEnableUBLA Enable force destroy of the bucket if it has stuff in it
func WithExistingLogBucketName ¶
func WithExistingLogBucketName(name string) GcpTerraformModifier
WithExistingLogBucketName Set the bucket Name of an existing Audit Log Bucket setup
func WithExistingLogSinkName ¶
func WithExistingLogSinkName(name string) GcpTerraformModifier
WithExistingLogSinkName Set the Topic ARN of an existing Audit Log setup
func WithExistingServiceAccount ¶
func WithExistingServiceAccount(serviceAccountDetails *ExistingServiceAccountDetails) GcpTerraformModifier
WithExistingServiceAccount Set an existing Service Account to be used by the Lacework Integration
func WithExtraBlocks ¶ added in v1.51.0
func WithExtraBlocks(blocks []*hclwrite.Block) GcpTerraformModifier
WithExtraBlocks enables adding additional arbitrary blocks to the root hcl document
func WithExtraProviderArguments ¶ added in v1.51.0
func WithExtraProviderArguments(arguments map[string]interface{}) GcpTerraformModifier
WithExtraProviderArguments enables adding additional arguments into the `gcp` provider block this enables custom use cases
func WithExtraRootBlocks ¶ added in v1.51.0
func WithExtraRootBlocks(blocks []*hclwrite.Block) GcpTerraformModifier
WithExtraRootBlocks allows adding generic hcl blocks to the root `terraform{}` block this enables custom use cases
func WithFoldersToExclude ¶ added in v0.43.0
func WithFoldersToExclude(folders []string) GcpTerraformModifier
func WithFoldersToInclude ¶ added in v0.43.0
func WithFoldersToInclude(folders []string) GcpTerraformModifier
func WithGcpServiceAccountCredentials ¶
func WithGcpServiceAccountCredentials(path string) GcpTerraformModifier
WithGcpServiceAccountCredentials Set the path for the GCP Service Account to be utilized by the GCP provider
func WithGoogleWorkspaceFilter ¶ added in v0.43.0
func WithGoogleWorkspaceFilter(filter bool) GcpTerraformModifier
func WithIncludeRootProjects ¶ added in v0.43.0
func WithIncludeRootProjects(include bool) GcpTerraformModifier
func WithK8sFilter ¶ added in v0.43.0
func WithK8sFilter(filter bool) GcpTerraformModifier
func WithLaceworkProfile ¶
func WithLaceworkProfile(name string) GcpTerraformModifier
WithLaceworkProfile Set the Lacework Profile to utilize when integrating
func WithLogBucketLifecycleRuleAge ¶
func WithLogBucketLifecycleRuleAge(ruleAge int) GcpTerraformModifier
WithLogBucketLifecycleRuleAge Set the number of days to keep audit logs in Lacework GCS bucket before deleting Defaults to -1. Leave default to keep indefinitely.
func WithMultipleProject ¶ added in v1.18.0
func WithMultipleProject(projects []string) GcpTerraformModifier
func WithOrganizationId ¶
func WithOrganizationId(id string) GcpTerraformModifier
WithOrganizationId Set the Lacework organization ID to integrate with for an organization integration
func WithOrganizationIntegration ¶
func WithOrganizationIntegration(enabled bool) GcpTerraformModifier
WithOrganizationIntegration Set whether we configure as an Organization wide integration
func WithPrefix ¶ added in v0.43.0
func WithPrefix(prefix string) GcpTerraformModifier
func WithProjectFilterList ¶ added in v1.44.0
func WithProjectFilterList(projectFilterList []string) GcpTerraformModifier
func WithProjectId ¶
func WithProjectId(id string) GcpTerraformModifier
WithProjectId Set the Lacework project ID that new resources should be created in (required for both project & org integration)
func WithProviderDefaultLabels ¶ added in v1.51.0
func WithProviderDefaultLabels(labels map[string]interface{}) GcpTerraformModifier
WithProviderDefaultLabels adds default_labels to the provider configuration for GCP (if labels are present)
func WithPubSubSubscriptionLabels ¶
func WithPubSubSubscriptionLabels(labels map[string]string) GcpTerraformModifier
WithPubSubSubscriptionLabels set labels to be applied to the newly created Audit Log PubSub
func WithPubSubTopicLabels ¶
func WithPubSubTopicLabels(labels map[string]string) GcpTerraformModifier
WithPubSubTopicLabels set labels to be applied to the newly created Audit Log PubSub Topic
func WithRegions ¶ added in v1.44.0
func WithRegions(regions []string) GcpTerraformModifier
func WithUsePubSubAudit ¶ added in v1.15.0
func WithUsePubSubAudit(usePubSub bool) GcpTerraformModifier
WithUsePubSubAudit Set wether we use pub sub with the audit log rather than bucket based
func WithWaitTime ¶ added in v0.43.0
func WithWaitTime(waitTime string) GcpTerraformModifier
type GenerateGcpTfConfigurationArgs ¶
type GenerateGcpTfConfigurationArgs struct { // Should we configure Agentless integration in LW? Agentless bool // Should we configure AuditLog integration in LW? AuditLog bool // Should we use the Pub Sub Audit Log or use the Bucket based one UsePubSubAudit bool // Should we configure CSPM integration in LW? Configuration bool // A list of GCP project IDs to monitor for Agentless integration ProjectFilterList []string // A list of regions to deploy for Agentless integration Regions []string // Path to service account credentials to be used by Terraform ServiceAccountCredentials string // Should we configure an Organization wide integration? OrganizationIntegration bool // Supply a GCP Organization ID, only asked if OrganizationIntegration is True GcpOrganizationId string // Supply a GCP Project ID, to host the new resources GcpProjectId string // Optionally supply existing Service Account Details ExistingServiceAccount *ExistingServiceAccountDetails // If Configuration is true, give the user the opportunity to name their integration. Defaults to "TF Config" ConfigurationIntegrationName string // Set of labels which will be added to the resources managed by the module AuditLogLabels map[string]string // Set of labels which will be added to the audit log bucket BucketLabels map[string]string // Set of labels which will be added to the subscription PubSubSubscriptionLabels map[string]string // Set of labels which will be added to the topic PubSubTopicLabels map[string]string CustomBucketName string // Supply a GCP region for the new bucket. EU/US/ASIA BucketRegion string // Existing Bucket Name ExistingLogBucketName string // Existing Sink Name ExistingLogSinkName string // Should we force destroy the bucket if it has stuff in it? (only relevant on new Audit Log creation) // DEPRECATED EnableForceDestroyBucket bool // Boolean for enabling Uniform Bucket Level Access on the audit log bucket. Defaults to False EnableUBLA bool // Number of days to keep audit logs in Lacework GCS bucket before deleting. // If left empty the TF will default to -1 LogBucketLifecycleRuleAge int // If AuditLog is true, give the user the opportunity to name their integration. Defaults to "TF audit_log" AuditLogIntegrationName string // Lacework Profile to use LaceworkProfile string FoldersToInclude []string FoldersToExclude []string IncludeRootProjects bool CustomFilter string GoogleWorkspaceFilter bool K8sFilter bool Prefix string WaitTime string Projects []string // Default GCP Provider labels ProviderDefaultLabels map[string]interface{} // Add custom blocks to the root `terraform{}` block. Can be used for advanced configuration. Things like backend, etc ExtraBlocksRootTerraform []*hclwrite.Block // ExtraProviderArguments allows adding more arguments to the provider block as needed (custom use cases) ExtraProviderArguments map[string]interface{} // ExtraBlocks allows adding more hclwrite.Block to the root terraform document (advanced use cases) ExtraBlocks []*hclwrite.Block // Custom outputs CustomOutputs []lwgenerate.HclOutput }
func NewTerraform ¶
func NewTerraform( enableAgentless, enableConfig bool, enableAuditLog bool, enablePubSubAudit bool, mods ...GcpTerraformModifier, ) *GenerateGcpTfConfigurationArgs
NewTerraform returns an instance of the GenerateGcpTfConfigurationArgs struct with the provided enabled settings (configuration/audit log).
Note: Additional configuration details may be set using modifiers of the GcpTerraformModifier type
Basic usage: Initialize a new GcpTerraformModifier struct, with GCP service account credentials. Then use generate to
create a string output of the required HCL. hcl, err := gcp.NewTerraform(true, true, true, true, gcp.WithGcpServiceAccountCredentials("/path/to/sa/credentials.json")).Generate()
func (*GenerateGcpTfConfigurationArgs) Generate ¶
func (args *GenerateGcpTfConfigurationArgs) Generate() (string, error)
Generate new Terraform code based on the supplied args.
type GenerateGkeTfConfigurationArgs ¶ added in v0.43.0
type GenerateGkeTfConfigurationArgs struct { UseExistingRequiredProviders bool GcpProviderAlias string ExistingServiceAccount *ServiceAccount ExistingSinkName string IntegrationName string Labels map[string]string LaceworkProfile string OrganizationId string OrganizationIntegration bool Prefix string ProjectId string PubSubSubscriptionLabels map[string]string PubSubTopicLabels map[string]string ServiceAccountCredentials string WaitTime string // Default GCP Provider labels ProviderDefaultLabels map[string]interface{} // Add custom blocks to the root `terraform{}` block. Can be used for advanced configuration. Things like backend, etc ExtraBlocksRootTerraform []*hclwrite.Block // ExtraProviderArguments allows adding more arguments to the provider block as needed (custom use cases) ExtraProviderArguments map[string]interface{} }
func NewGkeTerraform ¶ added in v0.43.0
func NewGkeTerraform(mods ...Modifier) *GenerateGkeTfConfigurationArgs
func (*GenerateGkeTfConfigurationArgs) Generate ¶ added in v0.43.0
func (args *GenerateGkeTfConfigurationArgs) Generate() (string, error)
type Modifier ¶ added in v0.43.0
type Modifier func(c *GenerateGkeTfConfigurationArgs)
func WithGkeExistingRequiredProviders ¶ added in v1.44.2
func WithGkeExistingRequiredProviders() Modifier
func WithGkeExistingServiceAccount ¶ added in v0.43.0
func WithGkeExistingServiceAccount(serviceAccount *ServiceAccount) Modifier
func WithGkeExistingSinkName ¶ added in v0.43.0
func WithGkeGcpProviderAlias ¶ added in v1.44.2
func WithGkeIntegrationName ¶ added in v0.43.0
func WithGkeLabels ¶ added in v0.43.0
func WithGkeLaceworkProfile ¶ added in v0.43.0
func WithGkeOrganizationId ¶ added in v0.43.0
func WithGkeOrganizationIntegration ¶ added in v0.43.0
func WithGkePrefix ¶ added in v0.43.0
func WithGkeProjectId ¶ added in v0.43.0
func WithGkePubSubSubscriptionLabels ¶ added in v0.43.0
func WithGkePubSubTopicLabels ¶ added in v0.43.0
func WithGkeServiceAccountCredentials ¶ added in v0.43.0
func WithGkeWaitTime ¶ added in v0.43.0
type ServiceAccount ¶ added in v0.43.0
func NewServiceAccount ¶ added in v0.43.0
func NewServiceAccount(name string, privateKey string) *ServiceAccount
func (*ServiceAccount) IsPartial ¶ added in v0.43.0
func (s *ServiceAccount) IsPartial() bool