validator

package
v0.0.0-...-08e4202 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2021 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterValidatorServer 

func RegisterValidatorServer(s *grpc.Server, srv ValidatorServer)

Types

type AddDataRequest 

type AddDataRequest struct {
	Assets               []*Asset `protobuf:"bytes,1,rep,name=assets,proto3" json:"assets,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*AddDataRequest) Descriptor 

func (*AddDataRequest) Descriptor() ([]byte, []int)

func (*AddDataRequest) GetAssets 

func (m *AddDataRequest) GetAssets() []*Asset

func (*AddDataRequest) ProtoMessage 

func (*AddDataRequest) ProtoMessage()

func (*AddDataRequest) Reset 

func (m *AddDataRequest) Reset()

func (*AddDataRequest) String 

func (m *AddDataRequest) String() string

func (*AddDataRequest) XXX_DiscardUnknown 

func (m *AddDataRequest) XXX_DiscardUnknown()

func (*AddDataRequest) XXX_Marshal 

func (m *AddDataRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AddDataRequest) XXX_Merge 

func (m *AddDataRequest) XXX_Merge(src proto.Message)

func (*AddDataRequest) XXX_Size 

func (m *AddDataRequest) XXX_Size() int

func (*AddDataRequest) XXX_Unmarshal 

func (m *AddDataRequest) XXX_Unmarshal(b []byte) error

type AddDataResponse 

type AddDataResponse struct {
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*AddDataResponse) Descriptor 

func (*AddDataResponse) Descriptor() ([]byte, []int)

func (*AddDataResponse) ProtoMessage 

func (*AddDataResponse) ProtoMessage()

func (*AddDataResponse) Reset 

func (m *AddDataResponse) Reset()

func (*AddDataResponse) String 

func (m *AddDataResponse) String() string

func (*AddDataResponse) XXX_DiscardUnknown 

func (m *AddDataResponse) XXX_DiscardUnknown()

func (*AddDataResponse) XXX_Marshal 

func (m *AddDataResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AddDataResponse) XXX_Merge 

func (m *AddDataResponse) XXX_Merge(src proto.Message)

func (*AddDataResponse) XXX_Size 

func (m *AddDataResponse) XXX_Size() int

func (*AddDataResponse) XXX_Unmarshal 

func (m *AddDataResponse) XXX_Unmarshal(b []byte) error

type Asset 

type Asset struct {
	// GCP resource name as defined by Cloud Asset Inventory.
	// See https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/resource-name-format for the format.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Cloud Asset Inventory type (CAI API v1 format). Example: "sqladmin.googleapis.com/Instance" is the type of Cloud SQL instance.
	// This field has a redundant "asset" prefix to be consistent with Cloud Asset Inventory output.
	// See https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview#supported_resource_types for the list of types.
	AssetType string `protobuf:"bytes,2,opt,name=asset_type,json=assetType,proto3" json:"asset_type,omitempty"`
	// Ancestral project/folder/org information in a path-like format.
	// For example, a GCP project that is nested under a folder may have the following path:
	// organization/9999/folder/8888/project/7777
	AncestryPath string `protobuf:"bytes,3,opt,name=ancestry_path,json=ancestryPath,proto3" json:"ancestry_path,omitempty"`
	// GCP resource metadata.
	Resource *v1.Resource `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"`
	// IAM policy associated with the resource.
	IamPolicy *v11.Policy `protobuf:"bytes,5,opt,name=iam_policy,json=iamPolicy,proto3" json:"iam_policy,omitempty"`
	// Ancestor list as returned by CAI (added sometime around Oct 2019)
	Ancestors []string `protobuf:"bytes,6,rep,name=ancestors,proto3" json:"ancestors,omitempty"`
	// Representation of the Cloud Organization Policy set on an asset. For each
	// asset, there could be multiple Organization policies with different
	// constraints.
	OrgPolicy []*v12.Policy `protobuf:"bytes,7,rep,name=org_policy,json=orgPolicy,proto3" json:"org_policy,omitempty"`
	// Representation of the Cloud Organization access policy.
	//
	// Types that are valid to be assigned to AccessContextPolicy:
	//	*Asset_AccessPolicy
	//	*Asset_AccessLevel
	//	*Asset_ServicePerimeter
	AccessContextPolicy  isAsset_AccessContextPolicy `protobuf_oneof:"access_context_policy"`
	XXX_NoUnkeyedLiteral struct{}                    `json:"-"`
	XXX_unrecognized     []byte                      `json:"-"`
	XXX_sizecache        int32                       `json:"-"`
}

Asset contains GCP resource metadata and additional metadata set on a resource, such as Cloud IAM policy. WARNING: these field names are directly used to structure data passed to templates. Changes in field names will result in changes to the data provided to the templates.

func (*Asset) Descriptor 

func (*Asset) Descriptor() ([]byte, []int)

func (*Asset) GetAccessContextPolicy 

func (m *Asset) GetAccessContextPolicy() isAsset_AccessContextPolicy

func (*Asset) GetAccessLevel 

func (m *Asset) GetAccessLevel() *v13.AccessLevel

func (*Asset) GetAccessPolicy 

func (m *Asset) GetAccessPolicy() *v13.AccessPolicy

func (*Asset) GetAncestors 

func (m *Asset) GetAncestors() []string

func (*Asset) GetAncestryPath 

func (m *Asset) GetAncestryPath() string

func (*Asset) GetAssetType 

func (m *Asset) GetAssetType() string

func (*Asset) GetIamPolicy 

func (m *Asset) GetIamPolicy() *v11.Policy

func (*Asset) GetName 

func (m *Asset) GetName() string

func (*Asset) GetOrgPolicy 

func (m *Asset) GetOrgPolicy() []*v12.Policy

func (*Asset) GetResource 

func (m *Asset) GetResource() *v1.Resource

func (*Asset) GetServicePerimeter 

func (m *Asset) GetServicePerimeter() *v13.ServicePerimeter

func (*Asset) ProtoMessage 

func (*Asset) ProtoMessage()

func (*Asset) Reset 

func (m *Asset) Reset()

func (*Asset) String 

func (m *Asset) String() string

func (*Asset) XXX_DiscardUnknown 

func (m *Asset) XXX_DiscardUnknown()

func (*Asset) XXX_Marshal 

func (m *Asset) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Asset) XXX_Merge 

func (m *Asset) XXX_Merge(src proto.Message)

func (*Asset) XXX_OneofWrappers 

func (*Asset) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*Asset) XXX_Size 

func (m *Asset) XXX_Size() int

func (*Asset) XXX_Unmarshal 

func (m *Asset) XXX_Unmarshal(b []byte) error

type Asset_AccessLevel 

type Asset_AccessLevel struct {
	AccessLevel *v13.AccessLevel `protobuf:"bytes,9,opt,name=access_level,json=accessLevel,proto3,oneof"`
}

type Asset_AccessPolicy 

type Asset_AccessPolicy struct {
	AccessPolicy *v13.AccessPolicy `protobuf:"bytes,8,opt,name=access_policy,json=accessPolicy,proto3,oneof"`
}

type Asset_ServicePerimeter 

type Asset_ServicePerimeter struct {
	ServicePerimeter *v13.ServicePerimeter `protobuf:"bytes,10,opt,name=service_perimeter,json=servicePerimeter,proto3,oneof"`
}

type AuditRequest 

type AuditRequest struct {
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*AuditRequest) Descriptor 

func (*AuditRequest) Descriptor() ([]byte, []int)

func (*AuditRequest) ProtoMessage 

func (*AuditRequest) ProtoMessage()

func (*AuditRequest) Reset 

func (m *AuditRequest) Reset()

func (*AuditRequest) String 

func (m *AuditRequest) String() string

func (*AuditRequest) XXX_DiscardUnknown 

func (m *AuditRequest) XXX_DiscardUnknown()

func (*AuditRequest) XXX_Marshal 

func (m *AuditRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuditRequest) XXX_Merge 

func (m *AuditRequest) XXX_Merge(src proto.Message)

func (*AuditRequest) XXX_Size 

func (m *AuditRequest) XXX_Size() int

func (*AuditRequest) XXX_Unmarshal 

func (m *AuditRequest) XXX_Unmarshal(b []byte) error

type AuditResponse 

type AuditResponse struct {
	Violations           []*Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

func (*AuditResponse) Descriptor 

func (*AuditResponse) Descriptor() ([]byte, []int)

func (*AuditResponse) GetViolations 

func (m *AuditResponse) GetViolations() []*Violation

func (*AuditResponse) ProtoMessage 

func (*AuditResponse) ProtoMessage()

func (*AuditResponse) Reset 

func (m *AuditResponse) Reset()

func (*AuditResponse) String 

func (m *AuditResponse) String() string

func (*AuditResponse) XXX_DiscardUnknown 

func (m *AuditResponse) XXX_DiscardUnknown()

func (*AuditResponse) XXX_Marshal 

func (m *AuditResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuditResponse) XXX_Merge 

func (m *AuditResponse) XXX_Merge(src proto.Message)

func (*AuditResponse) XXX_Size 

func (m *AuditResponse) XXX_Size() int

func (*AuditResponse) XXX_Unmarshal 

func (m *AuditResponse) XXX_Unmarshal(b []byte) error

type Constraint 

type Constraint struct {
	// ApiVersion is the version of the API.
	ApiVersion string `protobuf:"bytes,1,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"`
	// Kind is the kind of object.
	Kind string `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"`
	// Metadata contains the user-provided constraint metadata.
	Metadata *_struct.Value `protobuf:"bytes,5,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// Spec is the object spec.
	Spec                 *_struct.Value `protobuf:"bytes,6,opt,name=spec,proto3" json:"spec,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

Constraint contains the configuration for a constraint.

func (*Constraint) Descriptor 

func (*Constraint) Descriptor() ([]byte, []int)

func (*Constraint) GetApiVersion 

func (m *Constraint) GetApiVersion() string

func (*Constraint) GetKind 

func (m *Constraint) GetKind() string

func (*Constraint) GetMetadata 

func (m *Constraint) GetMetadata() *_struct.Value

func (*Constraint) GetSpec 

func (m *Constraint) GetSpec() *_struct.Value

func (*Constraint) ProtoMessage 

func (*Constraint) ProtoMessage()

func (*Constraint) Reset 

func (m *Constraint) Reset()

func (*Constraint) String 

func (m *Constraint) String() string

func (*Constraint) XXX_DiscardUnknown 

func (m *Constraint) XXX_DiscardUnknown()

func (*Constraint) XXX_Marshal 

func (m *Constraint) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Constraint) XXX_Merge 

func (m *Constraint) XXX_Merge(src proto.Message)

func (*Constraint) XXX_Size 

func (m *Constraint) XXX_Size() int

func (*Constraint) XXX_Unmarshal 

func (m *Constraint) XXX_Unmarshal(b []byte) error

type ResetRequest 

type ResetRequest struct {
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ResetRequest) Descriptor 

func (*ResetRequest) Descriptor() ([]byte, []int)

func (*ResetRequest) ProtoMessage 

func (*ResetRequest) ProtoMessage()

func (*ResetRequest) Reset 

func (m *ResetRequest) Reset()

func (*ResetRequest) String 

func (m *ResetRequest) String() string

func (*ResetRequest) XXX_DiscardUnknown 

func (m *ResetRequest) XXX_DiscardUnknown()

func (*ResetRequest) XXX_Marshal 

func (m *ResetRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResetRequest) XXX_Merge 

func (m *ResetRequest) XXX_Merge(src proto.Message)

func (*ResetRequest) XXX_Size 

func (m *ResetRequest) XXX_Size() int

func (*ResetRequest) XXX_Unmarshal 

func (m *ResetRequest) XXX_Unmarshal(b []byte) error

type ResetResponse 

type ResetResponse struct {
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ResetResponse) Descriptor 

func (*ResetResponse) Descriptor() ([]byte, []int)

func (*ResetResponse) ProtoMessage 

func (*ResetResponse) ProtoMessage()

func (*ResetResponse) Reset 

func (m *ResetResponse) Reset()

func (*ResetResponse) String 

func (m *ResetResponse) String() string

func (*ResetResponse) XXX_DiscardUnknown 

func (m *ResetResponse) XXX_DiscardUnknown()

func (*ResetResponse) XXX_Marshal 

func (m *ResetResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResetResponse) XXX_Merge 

func (m *ResetResponse) XXX_Merge(src proto.Message)

func (*ResetResponse) XXX_Size 

func (m *ResetResponse) XXX_Size() int

func (*ResetResponse) XXX_Unmarshal 

func (m *ResetResponse) XXX_Unmarshal(b []byte) error

type ReviewRequest 

type ReviewRequest struct {
	Assets               []*Asset `protobuf:"bytes,1,rep,name=assets,proto3" json:"assets,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ReviewRequest) Descriptor 

func (*ReviewRequest) Descriptor() ([]byte, []int)

func (*ReviewRequest) GetAssets 

func (m *ReviewRequest) GetAssets() []*Asset

func (*ReviewRequest) ProtoMessage 

func (*ReviewRequest) ProtoMessage()

func (*ReviewRequest) Reset 

func (m *ReviewRequest) Reset()

func (*ReviewRequest) String 

func (m *ReviewRequest) String() string

func (*ReviewRequest) XXX_DiscardUnknown 

func (m *ReviewRequest) XXX_DiscardUnknown()

func (*ReviewRequest) XXX_Marshal 

func (m *ReviewRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ReviewRequest) XXX_Merge 

func (m *ReviewRequest) XXX_Merge(src proto.Message)

func (*ReviewRequest) XXX_Size 

func (m *ReviewRequest) XXX_Size() int

func (*ReviewRequest) XXX_Unmarshal 

func (m *ReviewRequest) XXX_Unmarshal(b []byte) error

type ReviewResponse 

type ReviewResponse struct {
	Violations           []*Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

func (*ReviewResponse) Descriptor 

func (*ReviewResponse) Descriptor() ([]byte, []int)

func (*ReviewResponse) GetViolations 

func (m *ReviewResponse) GetViolations() []*Violation

func (*ReviewResponse) ProtoMessage 

func (*ReviewResponse) ProtoMessage()

func (*ReviewResponse) Reset 

func (m *ReviewResponse) Reset()

func (*ReviewResponse) String 

func (m *ReviewResponse) String() string

func (*ReviewResponse) XXX_DiscardUnknown 

func (m *ReviewResponse) XXX_DiscardUnknown()

func (*ReviewResponse) XXX_Marshal 

func (m *ReviewResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ReviewResponse) XXX_Merge 

func (m *ReviewResponse) XXX_Merge(src proto.Message)

func (*ReviewResponse) XXX_Size 

func (m *ReviewResponse) XXX_Size() int

func (*ReviewResponse) XXX_Unmarshal 

func (m *ReviewResponse) XXX_Unmarshal(b []byte) error

type UnimplementedValidatorServer 

type UnimplementedValidatorServer struct {
}

UnimplementedValidatorServer can be embedded to have forward compatible implementations.

func (*UnimplementedValidatorServer) AddData 

func (*UnimplementedValidatorServer) AddData(ctx context.Context, req *AddDataRequest) (*AddDataResponse, error)

func (*UnimplementedValidatorServer) Audit 

func (*UnimplementedValidatorServer) Audit(ctx context.Context, req *AuditRequest) (*AuditResponse, error)

func (*UnimplementedValidatorServer) Reset 

func (*UnimplementedValidatorServer) Reset(ctx context.Context, req *ResetRequest) (*ResetResponse, error)

func (*UnimplementedValidatorServer) Review 

func (*UnimplementedValidatorServer) Review(ctx context.Context, req *ReviewRequest) (*ReviewResponse, error)

type ValidatorClient 

type ValidatorClient interface {
	// AddData adds GCP resource metadata to be audited later.
	AddData(ctx context.Context, in *AddDataRequest, opts ...grpc.CallOption) (*AddDataResponse, error)
	// Audit checks the GCP resource metadata that has been added via AddData to determine if any of the constraint is violated.
	Audit(ctx context.Context, in *AuditRequest, opts ...grpc.CallOption) (*AuditResponse, error)
	// Reset clears previously added data from the underlying query evaluation engine.
	Reset(ctx context.Context, in *ResetRequest, opts ...grpc.CallOption) (*ResetResponse, error)
	// Review checks the GCP resources and returns any constraint violations.  Note that referential checks are not supported
	// with this mode.
	Review(ctx context.Context, in *ReviewRequest, opts ...grpc.CallOption) (*ReviewResponse, error)
}

ValidatorClient is the client API for Validator service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewValidatorClient 

func NewValidatorClient(cc grpc.ClientConnInterface) ValidatorClient

type ValidatorServer 

type ValidatorServer interface {
	// AddData adds GCP resource metadata to be audited later.
	AddData(context.Context, *AddDataRequest) (*AddDataResponse, error)
	// Audit checks the GCP resource metadata that has been added via AddData to determine if any of the constraint is violated.
	Audit(context.Context, *AuditRequest) (*AuditResponse, error)
	// Reset clears previously added data from the underlying query evaluation engine.
	Reset(context.Context, *ResetRequest) (*ResetResponse, error)
	// Review checks the GCP resources and returns any constraint violations.  Note that referential checks are not supported
	// with this mode.
	Review(context.Context, *ReviewRequest) (*ReviewResponse, error)
}

ValidatorServer is the server API for Validator service.

type Violation 

type Violation struct {
	// The name of the constraint that's violated.
	Constraint string `protobuf:"bytes,1,opt,name=constraint,proto3" json:"constraint,omitempty"`
	// GCP resource name. This is the same name in Asset.
	Resource string `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
	// Human readable error message.
	Message string `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"`
	// Metadata is optional. It contains the constraint-specific information that can potentially be used for remediation.
	// Example: In a firewall rule constraint violation, Metadata can contain the open port number.
	Metadata *_struct.Value `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// The full constraint configuration.
	ConstraintConfig *Constraint `protobuf:"bytes,5,opt,name=constraint_config,json=constraintConfig,proto3" json:"constraint_config,omitempty"`
	// The constraint severity
	Severity             string   `protobuf:"bytes,6,opt,name=severity,proto3" json:"severity,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Violation contains the relevant information to explain how a constraint is violated.

func (*Violation) Descriptor 

func (*Violation) Descriptor() ([]byte, []int)

func (*Violation) GetConstraint 

func (m *Violation) GetConstraint() string

func (*Violation) GetConstraintConfig 

func (m *Violation) GetConstraintConfig() *Constraint

func (*Violation) GetMessage 

func (m *Violation) GetMessage() string

func (*Violation) GetMetadata 

func (m *Violation) GetMetadata() *_struct.Value

func (*Violation) GetResource 

func (m *Violation) GetResource() string

func (*Violation) GetSeverity 

func (m *Violation) GetSeverity() string

func (*Violation) ProtoMessage 

func (*Violation) ProtoMessage()

func (*Violation) Reset 

func (m *Violation) Reset()

func (*Violation) String 

func (m *Violation) String() string

func (*Violation) XXX_DiscardUnknown 

func (m *Violation) XXX_DiscardUnknown()

func (*Violation) XXX_Marshal 

func (m *Violation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Violation) XXX_Merge 

func (m *Violation) XXX_Merge(src proto.Message)

func (*Violation) XXX_Size 

func (m *Violation) XXX_Size() int

func (*Violation) XXX_Unmarshal 

func (m *Violation) XXX_Unmarshal(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.