c7n_gcp.actions package¶
Submodules¶
c7n_gcp.actions.core module¶
-
class
c7n_gcp.actions.core.Action(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n.actions.core.Action
-
class
c7n_gcp.actions.core.MethodAction(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_gcp.actions.core.ActionInvoke an api call on each resource.
Quite a number of procedural actions are simply invoking an api call on a filtered set of resources. The exact handling is mostly boilerplate at that point following an 80/20 rule. This class is an encapsulation of the 80%.
-
attr_filter= ()¶
-
chunk_size= 20¶
-
ignore_errors_codes= ()¶
-
method_spec= ()¶
-
c7n_gcp.actions.cscc module¶
-
class
c7n_gcp.actions.cscc.PostFinding(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_gcp.actions.core.MethodActionPost finding for matched resources to Cloud Security Command Center.
- Example
policies: - name: gcp-instances-with-label resource: gcp.instance filters: - "tag:name": "bad-instance" actions: - type: post-finding org-domain: example.io category: MEDIUM_INTERNET_SECURITY
The source for custodian can either be specified inline to the policy, or custodian can generate one at runtime if it doesn’t exist given a org-domain or org-id.
Finding updates are not currently supported, due to upstream api issues.
-
CustodianSourceName= 'CloudCustodian'¶
-
DefaultCategory= 'Custodian'¶
-
Service= 'securitycenter'¶
-
ServiceVersion= 'v1beta1'¶
-
ignore_error_codes= (409,)¶
-
method_spec= {'annotation_key': 'c7n:Finding', 'op': 'create', 'result': 'name'}¶
-
schema= {'additionalProperties': False, 'properties': {'category': {'type': 'string'}, 'org-domain': {'type': 'string'}, 'org-id': {'type': 'integer'}, 'source': {'description': 'qualified name of source to post to CSCC as', 'type': 'string'}, 'type': {'enum': ['post-finding']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'post-finding'¶
c7n_gcp.actions.notify module¶
-
class
c7n_gcp.actions.notify.Notify(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n.actions.notify.BaseNotify- Example
policies: - name: bad-instance-get resource: gcp.instance filters: - Name: bad-instance actions: - type: notify to: - email@address # which template for the email should we use template: policy-template transport: type: pubsub topic: projects/yourproject/topics/yourtopic
-
batch_size= 1000¶
-
schema= {'anyOf': [{'required': ['type', 'transport', 'to']}, {'required': ['type', 'transport', 'to_from']}], 'properties': {'cc': {'items': {'type': 'string'}, 'type': 'array'}, 'cc_from': {'additionalProperties': 'False', 'properties': {'expr': {'oneOf': [{'type': 'integer'}, {'type': 'string'}]}, 'format': {'enum': ['csv', 'json', 'txt', 'csv2dict']}, 'url': {'type': 'string'}}, 'required': ['url'], 'type': 'object'}, 'cc_manager': {'type': 'boolean'}, 'from': {'type': 'string'}, 'owner_absent_contact': {'items': {'type': 'string'}, 'type': 'array'}, 'subject': {'type': 'string'}, 'template': {'type': 'string'}, 'to': {'items': {'type': 'string'}, 'type': 'array'}, 'to_from': {'additionalProperties': 'False', 'properties': {'expr': {'oneOf': [{'type': 'integer'}, {'type': 'string'}]}, 'format': {'enum': ['csv', 'json', 'txt', 'csv2dict']}, 'url': {'type': 'string'}}, 'required': ['url'], 'type': 'object'}, 'transport': {'oneOf': [{'type': 'object', 'required': ['type', 'topic'], 'properties': {'topic': {'type': 'string'}, 'type': {'enum': ['pubsub']}}}]}, 'type': {'enum': ['notify']}}, 'type': 'object'}¶
-
type= 'notify'¶