Documentation
¶
Index ¶
- Variables
- func BuildTerraform()
- func Execute(versionFromMain, commitFromMain, dateFromMain string)
- func GeneratePolicyMappings()
- func NewPosture(out io.Writer, name string, description string, parent string, target string) error
- type Constraint
- type CustomOrgPolicyConstraint
- type CustomSHAModule
- type Metadata
- type OrgPolicyConstraint
- type Policy
- type PolicyJson
- type PostureData
- type SHAModule
- type TemplateData
Constants ¶
This section is empty.
Variables ¶
var MockFs afero.Fs
MockFs is an in-memory filesystem for testing.
var Name, Description, Parent, Target string
Global variables to hold the flag values. Cobra populates these.
Functions ¶
func BuildTerraform ¶
func BuildTerraform()
func Execute ¶
func Execute(versionFromMain, commitFromMain, dateFromMain string)
Execute is the primary entry point for running the CLI from the main package. It accepts version, commit, and date strings (sourced from ldflags in main.go), stores them for use by the version command, and then executes the root command.
func GeneratePolicyMappings ¶
func GeneratePolicyMappings()
Types ¶
type Constraint ¶
type Constraint struct {
SHAModule *SHAModule `yaml:"securityHealthAnalyticsModule,omitempty"`
CustomSHAModule *CustomSHAModule `yaml:"securityHealthAnalyticsCustomModule,omitempty"`
OrgPolicyConstraint *OrgPolicyConstraint `yaml:"orgPolicyConstraint,omitempty"`
CustomOrgPolicyConstraint *CustomOrgPolicyConstraint `yaml:"orgPolicyConstraintCustom,omitempty"`
}
Constraint represents the different types of constraints.
type CustomOrgPolicyConstraint ¶
type CustomOrgPolicyConstraint struct {
CustomConstraint struct {
Name string `yaml:"name"`
DisplayName string `yaml:"displayName"`
Description string `yaml:"description"`
ActionType string `yaml:"actionType"`
Condition string `yaml:"condition"`
MethodTypes []string `yaml:"methodTypes"`
ResourceTypes []string `yaml:"resourceTypes"`
} `yaml:"customConstraint"`
PolicyRules []struct {
Enforce bool `yaml:"enforce"`
Condition *struct {
Description string `yaml:"description"`
Expression string `yaml:"expression"`
Title string `yaml:"title"`
} `yaml:"condition,omitempty"`
} `yaml:"policyRules"`
}
CustomOrgPolicyConstraint represents the structure of a custom org policy constraint.
type CustomSHAModule ¶
type CustomSHAModule struct {
DisplayName string `yaml:"displayName"`
Config struct {
Predicate struct {
Expression string `yaml:"expression"`
} `yaml:"predicate"`
// Corrected (Matches API doc)
CustomOutput *struct {
Properties []struct {
Name string `yaml:"name"`
ValueExpression struct {
Expression string `yaml:"expression"`
} `yaml:"valueExpression"`
} `yaml:"properties"` // Note: YAML tag remains the same
} `yaml:"customOutput,omitempty"`
ResourceSelector *struct {
ResourceTypes []string `yaml:"resourceTypes"`
} `yaml:"resourceSelector"`
Severity string `yaml:"severity"`
Description string `yaml:"description"`
Recommendation string `yaml:"recommendation,omitempty"`
} `yaml:"config"`
ModuleEnablementState string `yaml:"moduleEnablementState"`
}
CustomSHAModule represents the structure of a custom SHA module.
type Metadata ¶
type Metadata struct {
PolicyID string `yaml:"policyId"`
PolicyFileName string `yaml:"-"`
Description string `yaml:"description"`
Postures []string `yaml:"postures"`
Location string `yaml:"location"`
Author string `yaml:"author"`
PolicyType string `yaml:"policyType"`
Implements string `yaml:"implements"`
ComplianceStandards []struct {
Standard string `yaml:"standard"`
Control string `yaml:"control"`
} `yaml:"complianceStandards"`
}
Metadata represents the policy metadata extracted from a YAML file. This is type-agnostic (works for any detector policy type)
type OrgPolicyConstraint ¶
type OrgPolicyConstraint struct {
CannedConstraintID string `yaml:"cannedConstraintId"`
PolicyRules []struct {
DenyAll bool `yaml:"denyAll"`
AllowAll bool `yaml:"allowAll"`
ListPolicy *struct {
AllowedValues []string `yaml:"allowedValues"`
DeniedValues []string `yaml:"deniedValues"`
InheritFromParent bool `yaml:"inheritFromParent"`
SuggestedValue string `yaml:"suggestedValue"`
} `yaml:"listPolicy,omitempty"`
Condition *struct {
Description string `yaml:"description"`
Expression string `yaml:"expression"`
Title string `yaml:"title"`
} `yaml:"condition,omitempty"`
Parameters *struct {
Fields []struct {
Key string `yaml:"key"`
Value *struct {
BoolValue bool `yaml:"bool_value,omitempty"`
NullValue string `yaml:"null_value,omitempty"`
StringValue string `yaml:"string_value,omitempty"`
} `yaml:"value,omitempty"`
} `yaml:"fields,omitempty"`
} `yaml:"parameters,omitempty"`
ResourceTypes *struct {
Included string `yaml:"included"`
} `yaml:"resource_types,omitempty"`
} `yaml:"policyRules"`
}
OrgPolicyConstraint represents the structure of an org policy constraint.
type Policy ¶
type Policy struct {
PolicyID string `yaml:"policy_id"`
MetadataName string `yaml:"-"` // Ignore during YAML parsing
Constraint *Constraint `yaml:"constraint"`
}
Policy represents the generic structure for all policy types. For up-to-date information about the schema for any of these policies, please consult with the documentation available at https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/securityposture_posture
type PolicyJson ¶
type PolicyJson struct {
PolicyID string `json:"policy_id"`
Description string `json:"description"`
}
Policy represents a single policy with its ID and description
type PostureData ¶
type PostureData struct {
Name string `json:"name"`
Policies []PolicyJson `json:"policies"`
Posture string `json:"posture"`
}
PostureData represents the posture data extracted from Terraform
Source Files