storage

Sample rules

A few rules that use objects from this package:

non_car_storage_bucket_ensure_logging_enabled

from typing import List, Dict

from cloudrail.knowledge.context.gcp.gcp_environment_context import GcpEnvironmentContext
from cloudrail.knowledge.rules.base_rule import Issue
from cloudrail.knowledge.rules.gcp.gcp_base_rule import GcpBaseRule
from cloudrail.knowledge.rules.rule_parameters.base_paramerter import ParameterType


class StorageBucketLoggingEnabledRule(GcpBaseRule):

    def get_id(self) -> str:
        return 'non_car_storage_bucket_ensure_logging_enabled'

    def execute(self, env_context: GcpEnvironmentContext, parameters: Dict[ParameterType, any]) -> List[Issue]:
        issues: List[Issue] = []
        for bucket in env_context.storage_buckets:
            if not bucket.logging_enable:
                issues.append(Issue(f'The Google {bucket.get_type()} `{bucket.get_friendly_name()}` logging is not enabled.',
                              bucket,
                              bucket))
        return issues

    def should_run_rule(self, environment_context: GcpEnvironmentContext) -> bool:
        return bool(environment_context.storage_buckets)

GcpStorageBucket (GcpResource)

Attributes:

Name	Type	Description
name	str	The name of the bucket.
storage_class	GcpStorageBucketStorageClass	(Optional, Default = 'STANDARD') The Storage Class of the new bucket. Supported values are STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.
uniform_bucket_level_access	bool	(Optional, Default = false) Enables Uniform bucket-level access access to a bucket.
region	str	bucket region (geographic location)
logging_enable	bool	enable storage bucket daily logs

custom_invalidation(self) inherited

A list of manual reasons why this resource should be invalidated

exclude_from_invalidation(self) inherited

A list of attributes that should be excluded from the invalidation process

GcpStorageBucketStorageClass (Enum)

An enumeration.