Skip to content

Releases: BrunoReboul/ram-config-template

v0.0.4

14 Oct 16:47
@BrunoReboul BrunoReboul
v0.0.4
80ae438
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.4 Latest
Latest

v0.0.4

How to upgrade ?

  • Compare solution.yaml from this repo vs your, pick or preserve settings
  • Compare monitor/instances folders content from this repo vs your. pick or preserve settings
  • git add / commit / push
  • deploy as ussual README.md, or ram v0.4.2 upgrade

feat

  • Documentation fixes
  • Updated go.sum
Assets 2
Loading

v0.0.3

07 Oct 10:57
@BrunoReboul BrunoReboul
v0.0.3
275efc4
Compare
Choose a tag to compare
v0.0.3

v0.0.3

How to upgrade ?

  • Compare solution.yaml from this repo vs your, pick or preserve settings
  • Compare monitor/instances folders content from this repo vs your. pick or preserve settings
  • git add / commit / push
  • deploy as ussual README.md, or ram v0.4.2 upgrade

feat

  • Update SLO real-time freshness
  • Update GCF runtime rule

build

  • build: uses ram v0.4.2
Loading

v0.0.2

23 Mar 16:28
@BrunoReboul BrunoReboul
v0.0.2
ea9dbd0
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.2

v0.0.2

How to upgrade ?

  • Compare solution.yaml from this repo vs your, pick or preserve settings
  • Compare monitor/instances folders content from this repo vs your. pick or preserve settings
  • Create the instances config for new assets in setfeeds, dumpinventory, stream2bq and uploadtogcs
    • ./ram -config
  • git add / commit / push
  • For each of the following new assetType, create the new microservice instance cloud build triggers:
    • appengine.googleapis.com/Version
    • cloudfunctions.googleapis.com/CloudFunction
    • compute.googleapis.com/Router
    • compute.googleapis.com/TargetHttpsProxy
    • compute.googleapis.com/TargetSslProxy
    • DO:
      • ./ram -pipe -environment=dev -ramclisa=ramcli@<your-project-id>.iam.gserviceaccount.com -asset=<assetType>
      • same command plus the -check argument to control all triggers have been well deployed
      • git tag -a <assetName>-v0.0.1-dev -m "initial deployent" e.g.git -a tag compute_Router-v0.0.1-dev -m "initial deployment"
      • git push --tags
  • For each new rule (Instance in monitor microservice), do:
    • `./ram -pipe -environment=dev -ramclisa=ramcli@.iam.gserviceaccount.com -service=monitor -instance=monitor_<instance_name>

build

  • build: uses ram v0.4.1

features

  • feat: new settings solution.yaml: bigquery/views/intervalDays: 7
  • feat: new settings solution.yaml: hosting/freshnessSLODefinitions
  • feat: NEW RULE monitor_gce_instance_service_account, fixes #64
  • feat: NEW RULE monitor_gci_group_members, fixes #62
  • feat: NEW RULE monitor_gci_group_settings, fixes #67 #89
  • feat: NEW RULE monitor_gce_network_name, fixes #65
  • feat: NEW RULE monitor_gce_ip_forwarding #79
  • feat: NEW RULE monitor_gae_env_secrets / no_secrets_in_env_vars #63
  • feat: NEW RULE monitor_gcf_env_secrets / no _secrets_in_env_vars #66
  • feat: NEW RULE monitor_gcf_location #84
  • feat: NEW RULE monitor_gcf_runtime #85
  • feat: NEW RULE monitor_gcf_service_account #
  • feat: NEW RULE monitor_gke_pod_env_secrets #68
  • feat: NEW RULE monitor_gce_shielded_instances #81
  • feat: NEW RULE monitor_gce_router_nat_log #80
  • feat: NEW RULE monitor_gce_target_ssl_proxy_ssl_policy #96
  • feat: NEW RULE monitor_gce_target_https_proxy_ssl_policy #97
Loading

v0.0.1

09 Oct 10:33
@BrunoReboul BrunoReboul
v0.0.1
d45f39f
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.1

v0.0.1

bq 1 rules 1 constraints
clouddns 2 rules 2 constraints
cloudsql 5 rules 6 constraints
gae 3 rules 3 constraints
gce 5 rules 5 constraints
gcs 1 rules 1 constraints
gke 12 rules 12 constraints
iam 3 rules 8 constraints
kms 1 rules 1 constraints
9 services 33 rules 39 constraints

Features

  • feat: add 38 readme.md, one for each rule constraint. fixes #29 As violation owner, I want guidance to fix configurations so that compliance is improved
  • feat: move constraint examples into monitor/instances using 'to_be_adapted' marker string
  • feat: add category filed in each constraint.yaml
  • fest: table of content of all rules, with links to how to remediate
  • fest: export to CSV of all rules

Bug fixes

  • fix: clean up rules names k8s engine logging and monitoring
  • fix: rego rule cloudsql_maintenance, check compliance on day not hours #39
  • fix: rego rule clouddns_dnssed misses some non compliances #46
  • fix: typo in constraint name: have to_be_adapted__no_users wants to_be_adapted_no_users
  • fix: gce_compute_zone misses non compliances, replaced by 2 rules #53
  • fix: gcs_storage_location typo in constraint.yaml
  • fix: gke_cluster_location #58
  • gke_k8s_engine_logging and gke_k8s_engine_monitoring wrng kind #60

refactor

  • refactor: solution.yaml indentation
  • refactor: rename gce_firewallrule_traffic #56
  • refactor: rename gce_instance_externalip

tests

  • test: check every GO, REGO, YMAL file has a disclaimer
  • test: check every constraint has a readme.md

docs

  • docs: how to setup local rego rule test and troubleshooting, fixes #49
Loading