updated readme use var for bucketname

canada-ca · Jul 23, 2020 · 92a1691 · 92a1691
1 parent 1c7deb6
commit 92a1691
Showing 1 changed file with 28 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -1,10 +1,14 @@
 # GC Cloud Guardrails
 
 ## Source Links
-[Cloud Foundation Scorcard](https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/cli/docs/scorecard.mdhttps://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/cli/docs/scorecard.md)
+[Government of Canada Guardrails](https://github.com/canada-ca/cloud-guardrails)
 
 [Cloud Inventory Assets](https://cloud.google.com/asset-inventory/docs/overviewhttps://cloud.google.com/asset-inventory/docs/overview)
 
+[Open Policy Agent](https://www.openpolicyagent.org/)
+
+[conftest](https://www.conftest.dev/)
+
 ## Permissions
 - Cloud Asset Viewer
 - Service Usage Consumer
@@ -19,12 +23,13 @@ gcloud services enable cloudasset.googleapis.com
 
 2. Create a storage bucket for storing the asset inventory output
 ```
-gsutil mb gs://<your_bucket_name>
+export MY_BUCKET_NAME=<bucket-name>
+gsutil mb gs://$MY_BUCKET_NAME
 ```
 
 3. Run inventory report
 ```
-gcloud asset export ---output-path=gs://<your_bucket_name>/resource_inventory.json \
+gcloud asset export --output-path=gs://$MY_BUCKET_NAME/resource_inventory.json \
 	--content-type=resource \ # content types can be the following: resource, iam-policy, access-policy, org-policy
 	--project=<your_project_id> \ # --folder or --organization can also be used
 ```
@@ -53,4 +58,23 @@ gsutil cp gs://<your_bucket_name>/resource_inventory.json ./cai-dir
 
 This will format the output from the inventory dump and run the tests. Results will be placed in the report.txt folder in the current directory.
 
-example output
+example output
+
+```
+./cai-dir/access_policy_inventory.json
+--------------------------------------------------------------------------------
+PASS: 1/1
+WARN: 0/1
+FAIL: 0/1
+
+./cai-dir/iam_inventory.json
+--------------------------------------------------------------------------------
+PASS: 10/10
+WARN: 0/10
+FAIL: 0/10
+
+./cai-dir/inventory.json
+[31mFAIL[0m - //compute.googleapis.com/projects/gke-test-project/regions/asia-east2/subnetworks/default not located in Canada 'asia-east2'
+[31mFAIL[0m - //compute.googleapis.com/projects/gke-test-project/regions/asia-south1/subnetworks/default not located in Canada 'asia-south1'
+[31mFAIL[0m - //compute.googleapis.com/projects/gke-test-project/regions/asia-southeast1/subnetworks/default not located in Canada 'asia-southeast1'
+```