gcp

package
v1.50.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

A package that generates Lacework deployment code for Google cloud.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ValidateSaCredFileContent added in v0.43.0 

func ValidateSaCredFileContent(credFileContent map[string]interface{}) (map[string]interface{}, bool)

func ValidateServiceAccountCredentials added in v0.43.0 

func ValidateServiceAccountCredentials(val interface{}) error

func ValidateServiceAccountCredentialsFile added in v0.43.0 

func ValidateServiceAccountCredentialsFile(credFile string) error

func ValidateStringIsBase64 added in v0.43.0 

func ValidateStringIsBase64(val interface{}) error

Types

type ExistingServiceAccountDetails 

type ExistingServiceAccountDetails struct {
	// Existing Service Account Name
	Name string

	// Existing Service Account private key in JSON format, base64 encoded
	PrivateKey string
}

func NewExistingServiceAccountDetails 

func NewExistingServiceAccountDetails(name string, privateKey string) *ExistingServiceAccountDetails

NewExistingServiceAccountDetails Create new existing Service Account details

func (*ExistingServiceAccountDetails) IsPartial added in v0.28.0 

func (e *ExistingServiceAccountDetails) IsPartial() bool

type GcpTerraformModifier 

type GcpTerraformModifier func(c *GenerateGcpTfConfigurationArgs)

func WithAuditLogIntegrationName 

func WithAuditLogIntegrationName(name string) GcpTerraformModifier

WithAuditLogIntegrationName Set the Config Integration name to be displayed on the Lacework UI

func WithAuditLogLabels 

func WithAuditLogLabels(labels map[string]string) GcpTerraformModifier

WithAuditLogLabels set labels to be applied to ALL newly created Audit Log resources

func WithBucketLabels 

func WithBucketLabels(labels map[string]string) GcpTerraformModifier

WithBucketLabels set labels to be applied to the newly created Audit Log Bucket

func WithBucketRegion 

func WithBucketRegion(region string) GcpTerraformModifier

WithBucketRegion Set the Region in which the Bucket should be created

func WithConfigurationIntegrationName added in v0.28.0 

func WithConfigurationIntegrationName(name string) GcpTerraformModifier

WithConfigurationIntegrationName Set the Config Integration name to be displayed on the Lacework UI

func WithCustomBucketName added in v0.43.0 

func WithCustomBucketName(name string) GcpTerraformModifier

func WithCustomFilter added in v0.43.0 

func WithCustomFilter(filter string) GcpTerraformModifier

func WithEnableUBLA 

func WithEnableUBLA(enable bool) GcpTerraformModifier

WithEnableUBLA Enable force destroy of the bucket if it has stuff in it

func WithExistingLogBucketName 

func WithExistingLogBucketName(name string) GcpTerraformModifier

WithExistingLogBucketName Set the bucket Name of an existing Audit Log Bucket setup

func WithExistingLogSinkName 

func WithExistingLogSinkName(name string) GcpTerraformModifier

WithExistingLogSinkName Set the Topic ARN of an existing Audit Log setup

func WithExistingServiceAccount 

func WithExistingServiceAccount(serviceAccountDetails *ExistingServiceAccountDetails) GcpTerraformModifier

WithExistingServiceAccount Set an existing Service Account to be used by the Lacework Integration

func WithFoldersToExclude added in v0.43.0 

func WithFoldersToExclude(folders []string) GcpTerraformModifier

func WithFoldersToInclude added in v0.43.0 

func WithFoldersToInclude(folders []string) GcpTerraformModifier

func WithGcpServiceAccountCredentials 

func WithGcpServiceAccountCredentials(path string) GcpTerraformModifier

WithGcpServiceAccountCredentials Set the path for the GCP Service Account to be utilized by the GCP provider

func WithGoogleWorkspaceFilter added in v0.43.0 

func WithGoogleWorkspaceFilter(filter bool) GcpTerraformModifier

func WithIncludeRootProjects added in v0.43.0 

func WithIncludeRootProjects(include bool) GcpTerraformModifier

func WithK8sFilter added in v0.43.0 

func WithK8sFilter(filter bool) GcpTerraformModifier

func WithLaceworkProfile 

func WithLaceworkProfile(name string) GcpTerraformModifier

WithLaceworkProfile Set the Lacework Profile to utilize when integrating

func WithLogBucketLifecycleRuleAge 

func WithLogBucketLifecycleRuleAge(ruleAge int) GcpTerraformModifier

WithLogBucketLifecycleRuleAge Set the number of days to keep audit logs in Lacework GCS bucket before deleting Defaults to -1. Leave default to keep indefinitely.

func WithMultipleProject added in v1.18.0 

func WithMultipleProject(projects []string) GcpTerraformModifier

func WithOrganizationId 

func WithOrganizationId(id string) GcpTerraformModifier

WithOrganizationId Set the Lacework organization ID to integrate with for an organization integration

func WithOrganizationIntegration 

func WithOrganizationIntegration(enabled bool) GcpTerraformModifier

WithOrganizationIntegration Set whether we configure as an Organization wide integration

func WithPrefix added in v0.43.0 

func WithPrefix(prefix string) GcpTerraformModifier

func WithProjectFilterList added in v1.44.0 

func WithProjectFilterList(projectFilterList []string) GcpTerraformModifier

func WithProjectId 

func WithProjectId(id string) GcpTerraformModifier

WithProjectId Set the Lacework project ID that new resources should be created in (required for both project & org integration)

func WithPubSubSubscriptionLabels 

func WithPubSubSubscriptionLabels(labels map[string]string) GcpTerraformModifier

WithPubSubSubscriptionLabels set labels to be applied to the newly created Audit Log PubSub

func WithPubSubTopicLabels 

func WithPubSubTopicLabels(labels map[string]string) GcpTerraformModifier

WithPubSubTopicLabels set labels to be applied to the newly created Audit Log PubSub Topic

func WithRegions added in v1.44.0 

func WithRegions(regions []string) GcpTerraformModifier

func WithUsePubSubAudit added in v1.15.0 

func WithUsePubSubAudit(usePubSub bool) GcpTerraformModifier

WithUsePubSubAudit Set wether we use pub sub with the audit log rather than bucket based

func WithWaitTime added in v0.43.0 

func WithWaitTime(waitTime string) GcpTerraformModifier

type GenerateGcpTfConfigurationArgs 

type GenerateGcpTfConfigurationArgs struct {
	// Should we configure Agentless integration in LW?
	Agentless bool

	// Should we configure AuditLog integration in LW?
	AuditLog bool

	// Should we use the Pub Sub Audit Log or use the Bucket based one
	UsePubSubAudit bool

	// Should we configure CSPM integration in LW?
	Configuration bool

	// A list of GCP project IDs to monitor for Agentless integration
	ProjectFilterList []string

	// A list of regions to deploy for Agentless integration
	Regions []string

	// Path to service account credentials to be used by Terraform
	ServiceAccountCredentials string

	// Should we configure an Organization wide integration?
	OrganizationIntegration bool

	// Supply a GCP Organization ID, only asked if OrganizationIntegration is True
	GcpOrganizationId string

	// Supply a GCP Project ID, to host the new resources
	GcpProjectId string

	// Optionally supply existing Service Account Details
	ExistingServiceAccount *ExistingServiceAccountDetails

	// If Configuration is true, give the user the opportunity to name their integration. Defaults to "TF Config"
	ConfigurationIntegrationName string

	// Set of labels which will be added to the resources managed by the module
	AuditLogLabels map[string]string

	// Set of labels which will be added to the audit log bucket
	BucketLabels map[string]string

	// Set of labels which will be added to the subscription
	PubSubSubscriptionLabels map[string]string

	// Set of labels which will be added to the topic
	PubSubTopicLabels map[string]string

	CustomBucketName string

	// Supply a GCP region for the new bucket. EU/US/ASIA
	BucketRegion string

	// Existing Bucket Name
	ExistingLogBucketName string

	// Existing Sink Name
	ExistingLogSinkName string

	// Should we force destroy the bucket if it has stuff in it? (only relevant on new Audit Log creation)
	// DEPRECATED
	EnableForceDestroyBucket bool

	// Boolean for enabling Uniform Bucket Level Access on the audit log bucket. Defaults to False
	EnableUBLA bool

	// Number of days to keep audit logs in Lacework GCS bucket before deleting.
	// If left empty the TF will default to -1
	LogBucketLifecycleRuleAge int

	// If AuditLog is true, give the user the opportunity to name their integration. Defaults to "TF audit_log"
	AuditLogIntegrationName string

	// Lacework Profile to use
	LaceworkProfile string

	FoldersToInclude []string

	FoldersToExclude []string

	IncludeRootProjects bool

	CustomFilter string

	GoogleWorkspaceFilter bool

	K8sFilter bool

	Prefix string

	WaitTime string

	Projects []string
}

func NewTerraform 

func NewTerraform(
	enableAgentless, enableConfig bool, enableAuditLog bool, enablePubSubAudit bool, mods ...GcpTerraformModifier,
) *GenerateGcpTfConfigurationArgs

NewTerraform returns an instance of the GenerateGcpTfConfigurationArgs struct with the provided enabled settings (configuration/audit log).

Note: Additional configuration details may be set using modifiers of the GcpTerraformModifier type

Basic usage: Initialize a new GcpTerraformModifier struct, with GCP service account credentials. Then use generate to 

           create a string output of the required HCL.

hcl, err := gcp.NewTerraform(true, true, true, true,
  gcp.WithGcpServiceAccountCredentials("/path/to/sa/credentials.json")).Generate()

func (*GenerateGcpTfConfigurationArgs) Generate 

func (args *GenerateGcpTfConfigurationArgs) Generate() (string, error)

Generate new Terraform code based on the supplied args.

type GenerateGkeTfConfigurationArgs added in v0.43.0 

type GenerateGkeTfConfigurationArgs struct {
	UseExistingRequiredProviders bool
	GcpProviderAlias             string
	ExistingServiceAccount       *ServiceAccount
	ExistingSinkName             string
	IntegrationName              string
	Labels                       map[string]string
	LaceworkProfile              string
	OrganizationId               string
	OrganizationIntegration      bool
	Prefix                       string
	ProjectId                    string
	PubSubSubscriptionLabels     map[string]string
	PubSubTopicLabels            map[string]string
	ServiceAccountCredentials    string
	WaitTime                     string
}

func NewGkeTerraform added in v0.43.0 

func NewGkeTerraform(mods ...Modifier) *GenerateGkeTfConfigurationArgs

func (*GenerateGkeTfConfigurationArgs) Generate added in v0.43.0 

func (args *GenerateGkeTfConfigurationArgs) Generate() (string, error)

type Modifier added in v0.43.0 

type Modifier func(c *GenerateGkeTfConfigurationArgs)

func WithGkeExistingRequiredProviders added in v1.44.2 

func WithGkeExistingRequiredProviders() Modifier

func WithGkeExistingServiceAccount added in v0.43.0 

func WithGkeExistingServiceAccount(serviceAccount *ServiceAccount) Modifier

func WithGkeExistingSinkName added in v0.43.0 

func WithGkeExistingSinkName(name string) Modifier

func WithGkeGcpProviderAlias added in v1.44.2 

func WithGkeGcpProviderAlias(alias string) Modifier

func WithGkeIntegrationName added in v0.43.0 

func WithGkeIntegrationName(name string) Modifier

func WithGkeLabels added in v0.43.0 

func WithGkeLabels(labels map[string]string) Modifier

func WithGkeLaceworkProfile added in v0.43.0 

func WithGkeLaceworkProfile(name string) Modifier

func WithGkeOrganizationId added in v0.43.0 

func WithGkeOrganizationId(id string) Modifier

func WithGkeOrganizationIntegration added in v0.43.0 

func WithGkeOrganizationIntegration(enabled bool) Modifier

func WithGkePrefix added in v0.43.0 

func WithGkePrefix(prefix string) Modifier

func WithGkeProjectId added in v0.43.0 

func WithGkeProjectId(id string) Modifier

func WithGkePubSubSubscriptionLabels added in v0.43.0 

func WithGkePubSubSubscriptionLabels(labels map[string]string) Modifier

func WithGkePubSubTopicLabels added in v0.43.0 

func WithGkePubSubTopicLabels(labels map[string]string) Modifier

func WithGkeServiceAccountCredentials added in v0.43.0 

func WithGkeServiceAccountCredentials(path string) Modifier

func WithGkeWaitTime added in v0.43.0 

func WithGkeWaitTime(waitTime string) Modifier

type ServiceAccount added in v0.43.0 

type ServiceAccount struct {
	Name       string
	PrivateKey string
}

func NewServiceAccount added in v0.43.0 

func NewServiceAccount(name string, privateKey string) *ServiceAccount

func (*ServiceAccount) IsPartial added in v0.43.0 

func (s *ServiceAccount) IsPartial() bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.