added licencing header

canada-ca · Jan 28, 2021 · a250585 · a250585
1 parent cdb1c0e
commit a250585
Show file tree

Hide file tree

Showing 16 changed files with 248 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 FROM debian:bullseye-slim
 
 WORKDIR /app

diff --git a/README.md b/README.md
@@ -29,7 +29,6 @@
 
 [CFT Terraform templates](https://github.com/terraform-google-modules/terraform-example-foundation)
 
-[Example Forsetti Policies](https://github.com/forseti-security/policy-library)
 
 ## Permissions
 - Cloud Asset Viewer

diff --git a/guardrails/04-monitoring-account/04-monitoring-account.rego b/guardrails/04-monitoring-account/04-monitoring-account.rego
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 package main
 
 #This check is to ensure that SSC has the right role and permissions to monitor tenant environement
@@ -14,8 +30,8 @@ asset_type="iam.googleapis.com/Role"
   asset_type = asset[_].asset_type
   asset_type == "iam.googleapis.com/Role"
 
-  not evaluateRole(asset)
-  message :=sprintf("Guardrail # 4: The role '%s' does not exist", [required_role])
+  evaluateRole(asset)
+  message := sprintf("Guardrail # 4: The role '%s' does not exist", [required_role])
 }
 
 evaluateRole(asset){

diff --git a/guardrails/04-monitoring-account/04-monitoring-account_test.rego b/guardrails/04-monitoring-account/04-monitoring-account_test.rego
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 package main
 
 test_broker_w_perms_exists {

diff --git a/guardrails/05-data-location/data-location.rego b/guardrails/05-data-location/data-location.rego
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 package main
 
 has_location(obj, field){
@@ -22,6 +38,9 @@ allowedresources = [
    "cloudkms.googleapis.com/CryptoKeyVersion"
 ]
 
+
+
+
 deny[{"msg": message}] {
 
    asset := input.data[_]
@@ -35,6 +54,8 @@ deny[{"msg": message}] {
    message := sprintf("Guardrail # 5: Resource %v ('%v') is located in '%v' when it is required to be in '%v'", [asset.asset_type, asset.name, asset.resource.location, allowedregions])
 }
 
+
+
 allowedResource(resource) {
    resource == allowedresources[_]
 }

diff --git a/guardrails/05-data-location/data-location_test.rego b/guardrails/05-data-location/data-location_test.rego
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 package main
 
 test_correct_location {

diff --git a/guardrails/09_Limit_egress_traffic/09_Limit_egress_traffic.rego b/guardrails/09_Limit_egress_traffic/09_Limit_egress_traffic.rego
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 package main
 
 has_egress(obj, field){

diff --git a/guardrails/11-logging-and-monitoring/11-Logging-and-Monitoring.rego b/guardrails/11-logging-and-monitoring/11-Logging-and-Monitoring.rego
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 package main
 
 # This will check that log sink exists to save the logs auditing and monitoring

diff --git a/guardrails/11-logging-and-monitoring/11-Logging-and-Monitoring_test.rego b/guardrails/11-logging-and-monitoring/11-Logging-and-Monitoring_test.rego
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 package main
 
 # This will check that log sink exists to save the logs auditing and monitoring

diff --git a/guardrails/12-market-place/marketplace.rego b/guardrails/12-market-place/marketplace.rego
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 package main
 
 # Dissallow Private Catalog Admin to prevent it being used by unauthorized users

diff --git a/guardrails/12-market-place/marketplace_test.rego b/guardrails/12-market-place/marketplace_test.rego
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 package main
 
 test_monitoring_account_exists {

diff --git a/install.sh b/install.sh
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 #!/bin/bash
 
 export CONFTEST_VERSION=0.21.0

diff --git a/run-all.sh b/run-all.sh
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 #This script will run through all the checks
 
 #First step is to enable Cloud Asset Inventory API
@@ -6,7 +22,7 @@ gcloud services enable cloudasset.googleapis.com
 #Create a storage bucket for storing the asset inventory output. Replace bucket name with your bucket
 #export MY_BUCKET_NAME=<bucket-name>
 
-export MY_BUCKET_NAME=guardrails-bucket-anthos-test
+export MY_BUCKET_NAME=guardrails-bucket-anthos-gcp
 export PROJECT=$(gcloud config get-value project)
 gsutil mb gs://$MY_BUCKET_NAME
 

diff --git a/run-checks.sh b/run-checks.sh
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 #!/bin/bash
 
 if test -f "report.txt"; then

diff --git a/run.sh b/run.sh
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 #!/bin/bash
 
 if test -f "report.txt"; then

diff --git a/tests.sh b/tests.sh
@@ -1,3 +1,19 @@
+################
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################
+
 #!/bin/bash
 
 # Download conftest if not installed