Skip to content
This repository has been archived by the owner on Oct 20, 2023. It is now read-only.

Add option to pull Forseti policy bundle #571

Open
gkowalski-google opened this issue Feb 27, 2020 · 1 comment
Open

Add option to pull Forseti policy bundle #571

gkowalski-google opened this issue Feb 27, 2020 · 1 comment
Assignees
@gkowalski-google
Labels
priority: p3 Desirable enhancement or minor bug fix, not yet prioritized triaged: yes
Milestone
Forseti Release v...

Comments

@gkowalski-google
Copy link
Contributor

gkowalski-google commented Feb 27, 2020
edited
Loading

Story

To support enabling CV by default and migrating some Forseti scanner functionality to CV, provide a default set of policies to match the default rules deployed with Forseti:

  • BigQuery
  • CloudSQL
  • Firewall
  • IAM
  • KMS
  • Service Account Key

Proposed Solution

  • Add a new variable to enable/disable the policy bundle
  • Add a new variable to control the policy bundle (e.g. default to forseti bundle)
  • Add a new variable to control the policy bundle gcs sync (default to enabled)
  • Update install_simple example to use the bundle

Acceptance Criteria

  • Add test to ensure the bundle is pulled and there are constraints
@gkowalski-google gkowalski-google self-assigned this Feb 27, 2020
@forseti-security forseti-security deleted a comment from auto-comment bot Feb 27, 2020
@gkowalski-google gkowalski-google changed the title Design a solution for Forseti to pull in a default set of CV policy Implement default policy bundle Apr 1, 2020
@gkowalski-google gkowalski-google transferred this issue from forseti-security/forseti-security Apr 14, 2020
@gkowalski-google gkowalski-google changed the title Implement default policy bundle Add option to pull Forseti policy bundle Apr 14, 2020
@gkowalski-google gkowalski-google added priority: p3 Desirable enhancement or minor bug fix, not yet prioritized triaged: yes labels Apr 14, 2020
@gkowalski-google
Copy link
Contributor Author

Changes have been pushed to feature branch where this change is almost complete, along with tests. Just need to wait for kpt release and then uncomment the lines to run the kpt setters.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@gkowalski-google gkowalski-google

Labels
priority: p3 Desirable enhancement or minor bug fix, not yet prioritized triaged: yes
Projects
None yet
Milestone
Forseti Release v2.26.0
Development

No branches or pull requests
1 participant
@gkowalski-google