Skip to content

Latest commit

 

History

History
52 lines (40 loc) · 1.53 KB

README.md

File metadata and controls

52 lines (40 loc) · 1.53 KB

GC Cloud Guardrails

Source Links

Cloud Foundation Scorcard

Cloud Inventory Assets

Permissions

  • Cloud Asset Viewer
  • Service Usage Consumer

Process

Generate Inventory

  1. Enable Cloud Asset Inventory API
gcloud services enable cloudasset.googleapis.com
  1. Create a storage bucket for storing the asset inventory output
gsutil mb gs://<your_bucket_name>
  1. Run inventory report
gcloud asset export ---output-path=gs://<your_bucket_name>/resource_inventory.json \
	--content-type=resource \ # content types can be the following: resource, iam-policy, access-policy, org-policy
	--project=<your_project_id> \ # --folder or --organization can also be used
  1. Download Conftest
# Linux
$ wget https://github.com/open-policy-agent/conftest/releases/download/v0.17.1/conftest_0.17.1_Linux_x86_64.tar.gz
$ tar xzf conftest_0.17.1_Linux_x86_64.tar.gz
$ sudo mv conftest /usr/local/bin

Installation process for other OSes

  1. Clone this repo

  2. Copy files from google storage to your location disk

gsutil cp gs://<your_bucket_name>/resource_inventory.json ./cai-dir
  1. Run the conftest
conftest test -p guardrails cai-dir