Skip to content
Snippets Groups Projects
Commit f96bcdb0 authored by Kunz, Immanuel's avatar Kunz, Immanuel
Browse files

first integrated version of the MEDINA Orchestrator

parent 624e6dc2
No related branches found
No related tags found
No related merge requests found
Expand all Show whitespace changes
Inline Side-by-side
Showing
with 58174 additions and 81 deletions
Dockerfile 0 → 100644
+ 19
0
View file @ f96bcdb0
FROM golang:1.18 AS builder
WORKDIR /build
ADD go.mod .
ADD go.sum .
ADD . .
RUN CGO_ENABLED=0 go build cmd/orchestrator/orchestrator.go
FROM alpine
RUN apk --no-cache add ca-certificates
COPY --from=builder /build/orchestrator ./
ADD policies policies/
CMD ["./orchestrator"]
LICENSE 0 → 100644
+ 206
0
View file @ f96bcdb0
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
<<<<<<< HEAD
limitations under the License.
=======
limitations under the License.
>>>>>>> e1a202f (Updated)
README.md
+ 14
81
View file @ f96bcdb0
# Orchestrator
# MEDINA Orchestrator
Orchestrator (by: FhG)
This is the reference implementation of the MEDINA orchestrator, based on the [Clouditor](http://github.com/clouditor/clouditor) framework.
## Getting started
## Interfaces
To make it easy for you to get started with GitLab, here's a list of recommended next steps.
In order to interact with the orchestrator, one can either use the gRPC or the REST-based API. gRPC is preferred for streaming evidences. The default gRPC port is `9090`, the default HTTP port is `8080`.
Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
### OpenAPI
## Add your files
Up-to-date API definitions can be found at https://github.com/clouditor/clouditor/blob/main/openapi/orchestrator/openapi.yaml
- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
### Protobuf
```
cd existing_repo
git remote add origin https://git.code.tecnalia.com/medina/public/orchestrator.git
git branch -M main
git push -uf origin main
```
## Integrate with your tools
- [ ] [Set up project integrations](https://git.code.tecnalia.com/medina/public/orchestrator/-/settings/integrations)
## Collaborate with your team
- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
- [ ] [Automatically merge when pipeline succeeds](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
## Test and Deploy
Use the built-in continuous integration in GitLab.
- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
***
# Editing this README
When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thank you to [makeareadme.com](https://www.makeareadme.com/) for this template.
## Suggestions for a good README
Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
The necessary protobuf files to interact with the MEDINA orchestrator using gRPC can be found at https://github.com/clouditor/clouditor/blob/main/proto/orchestrator.proto. A pre-built Orchestrator client is part of the Clouditor framework and can be used with the Go struct [`OrchestratorClient`](https://pkg.go.dev/clouditor.io/clouditor@v1.3.6/api/orchestrator#OrchestratorClient) in the package `clouditor.io/clouditor/api/orchestrator`.
## Name
Choose a self-explaining name for your project.
### Command Line
## Description
Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
The `cl` command line tool from the Clouditor project can also be used. First, you need to log in.
## Badges
On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
## Visuals
Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
## Installation
Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
## Usage
Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
## Support
Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
## Roadmap
If you have ideas for releases in the future, it is a good idea to list them in the README.
## Contributing
State if you are open to contributions and what your requirements are for accepting them.
For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
## Authors and acknowledgment
Show your appreciation to those who have contributed to the project.
## License
For open source projects, say how it is licensed.
```
cl login --oauth2-client-id clouditor-cli --oauth2-auth-url oauth-url --oauth2-token-url oauth-token-url orchestrator-url
```
## Project status
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.
Afterwards, the `cl` binary can be used to query the orchestrator, e.g., by using `cl cloud list`.
\ No newline at end of file
api/catalogue/catalogue.gen.go 0 → 100644
+ 41716
0
View file @ f96bcdb0
This diff is collapsed.
api/catalogue/openapi_catalogue.yaml 0 → 100644
+ 12942
0
View file @ f96bcdb0
This diff is collapsed.
api/evaluation/assessment_result.pb.go 0 → 100644
+ 259
0
View file @ f96bcdb0
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.28.0
// protoc v3.19.4
// source: assessment_result.proto
package evaluation
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
emptypb "google.golang.org/protobuf/types/known/emptypb"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
type AssessmentResult struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Timestamp *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
MetricId string `protobuf:"bytes,3,opt,name=metric_id,json=metricId,proto3" json:"metric_id,omitempty"`
MetricConfiguration *MetricConfiguration `protobuf:"bytes,4,opt,name=metric_configuration,json=metricConfiguration,proto3" json:"metric_configuration,omitempty"`
Compliant bool `protobuf:"varint,5,opt,name=compliant,proto3" json:"compliant,omitempty"`
TargetValue string `protobuf:"bytes,6,opt,name=target_value,json=targetValue,proto3" json:"target_value,omitempty"`
ResourceId string `protobuf:"bytes,7,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
EvidenceId string `protobuf:"bytes,8,opt,name=evidence_id,json=evidenceId,proto3" json:"evidence_id,omitempty"`
NonComplianceComments string `protobuf:"bytes,9,opt,name=non_compliance_comments,json=nonComplianceComments,proto3" json:"non_compliance_comments,omitempty"`
ResourceTypes []string `protobuf:"bytes,10,rep,name=resource_types,json=resourceTypes,proto3" json:"resource_types,omitempty"`
}
func (x *AssessmentResult) Reset() {
*x = AssessmentResult{}
if protoimpl.UnsafeEnabled {
mi := &file_assessment_result_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *AssessmentResult) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*AssessmentResult) ProtoMessage() {}
func (x *AssessmentResult) ProtoReflect() protoreflect.Message {
mi := &file_assessment_result_proto_msgTypes[0]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use AssessmentResult.ProtoReflect.Descriptor instead.
func (*AssessmentResult) Descriptor() ([]byte, []int) {
return file_assessment_result_proto_rawDescGZIP(), []int{0}
}
func (x *AssessmentResult) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *AssessmentResult) GetTimestamp() *timestamppb.Timestamp {
if x != nil {
return x.Timestamp
}
return nil
}
func (x *AssessmentResult) GetMetricId() string {
if x != nil {
return x.MetricId
}
return ""
}
func (x *AssessmentResult) GetMetricConfiguration() *MetricConfiguration {
if x != nil {
return x.MetricConfiguration
}
return nil
}
func (x *AssessmentResult) GetCompliant() bool {
if x != nil {
return x.Compliant
}
return false
}
func (x *AssessmentResult) GetTargetValue() string {
if x != nil {
return x.TargetValue
}
return ""
}
func (x *AssessmentResult) GetResourceId() string {
if x != nil {
return x.ResourceId
}
return ""
}
func (x *AssessmentResult) GetEvidenceId() string {
if x != nil {
return x.EvidenceId
}
return ""
}
func (x *AssessmentResult) GetNonComplianceComments() string {
if x != nil {
return x.NonComplianceComments
}
return ""
}
func (x *AssessmentResult) GetResourceTypes() []string {
if x != nil {
return x.ResourceTypes
}
return nil
}
var File_assessment_result_proto protoreflect.FileDescriptor
var file_assessment_result_proto_rawDesc = []byte{
0x0a, 0x17, 0x61, 0x73, 0x73, 0x65, 0x73, 0x73, 0x6d, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x73,
0x75, 0x6c, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x63, 0x63, 0x65, 0x1a, 0x1b,
0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f,
0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f,
0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d,
0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x6d, 0x65,
0x74, 0x72, 0x69, 0x63, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22,
0xa8, 0x03, 0x0a, 0x10, 0x41, 0x73, 0x73, 0x65, 0x73, 0x73, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x65,
0x73, 0x75, 0x6c, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x02, 0x69, 0x64, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74,
0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x1b,
0x0a, 0x09, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28,
0x09, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x49, 0x64, 0x12, 0x4b, 0x0a, 0x14, 0x6d,
0x65, 0x74, 0x72, 0x69, 0x63, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x63, 0x65, 0x2e,
0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x52, 0x13, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69,
0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6d, 0x70,
0x6c, 0x69, 0x61, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6d,
0x70, 0x6c, 0x69, 0x61, 0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74,
0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x74, 0x61,
0x72, 0x67, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x65, 0x73,
0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x76,
0x69, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0a, 0x65, 0x76, 0x69, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x12, 0x36, 0x0a, 0x17, 0x6e,
0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x63, 0x6f,
0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x6e, 0x6f,
0x6e, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6d, 0x6d, 0x65,
0x6e, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f,
0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, 0x73,
0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, 0x32, 0x52, 0x0a, 0x0a, 0x45, 0x76,
0x61, 0x6c, 0x75, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x44, 0x0a, 0x13, 0x41, 0x64, 0x64, 0x41,
0x73, 0x73, 0x65, 0x73, 0x73, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12,
0x15, 0x2e, 0x63, 0x63, 0x65, 0x2e, 0x41, 0x73, 0x73, 0x65, 0x73, 0x73, 0x6d, 0x65, 0x6e, 0x74,
0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x10,
0x5a, 0x0e, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x76, 0x61, 0x6c, 0x75, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
file_assessment_result_proto_rawDescOnce sync.Once
file_assessment_result_proto_rawDescData = file_assessment_result_proto_rawDesc
)
func file_assessment_result_proto_rawDescGZIP() []byte {
file_assessment_result_proto_rawDescOnce.Do(func() {
file_assessment_result_proto_rawDescData = protoimpl.X.CompressGZIP(file_assessment_result_proto_rawDescData)
})
return file_assessment_result_proto_rawDescData
}
var file_assessment_result_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
var file_assessment_result_proto_goTypes = []interface{}{
(*AssessmentResult)(nil), // 0: cce.AssessmentResult
(*timestamppb.Timestamp)(nil), // 1: google.protobuf.Timestamp
(*MetricConfiguration)(nil), // 2: cce.MetricConfiguration
(*emptypb.Empty)(nil), // 3: google.protobuf.Empty
}
var file_assessment_result_proto_depIdxs = []int32{
1, // 0: cce.AssessmentResult.timestamp:type_name -> google.protobuf.Timestamp
2, // 1: cce.AssessmentResult.metric_configuration:type_name -> cce.MetricConfiguration
0, // 2: cce.Evaluation.AddAssessmentResult:input_type -> cce.AssessmentResult
3, // 3: cce.Evaluation.AddAssessmentResult:output_type -> google.protobuf.Empty
3, // [3:4] is the sub-list for method output_type
2, // [2:3] is the sub-list for method input_type
2, // [2:2] is the sub-list for extension type_name
2, // [2:2] is the sub-list for extension extendee
0, // [0:2] is the sub-list for field type_name
}
func init() { file_assessment_result_proto_init() }
func file_assessment_result_proto_init() {
if File_assessment_result_proto != nil {
return
}
file_metric_conf_proto_init()
if !protoimpl.UnsafeEnabled {
file_assessment_result_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*AssessmentResult); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_assessment_result_proto_rawDesc,
NumEnums: 0,
NumMessages: 1,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_assessment_result_proto_goTypes,
DependencyIndexes: file_assessment_result_proto_depIdxs,
MessageInfos: file_assessment_result_proto_msgTypes,
}.Build()
File_assessment_result_proto = out.File
file_assessment_result_proto_rawDesc = nil
file_assessment_result_proto_goTypes = nil
file_assessment_result_proto_depIdxs = nil
}
api/evaluation/assessment_result_grpc.pb.go 0 → 100644
+ 106
0
View file @ f96bcdb0
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.2.0
// - protoc v3.19.4
// source: assessment_result.proto
package evaluation
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
emptypb "google.golang.org/protobuf/types/known/emptypb"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.32.0 or later.
const _ = grpc.SupportPackageIsVersion7
// EvaluationClient is the client API for Evaluation service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
type EvaluationClient interface {
AddAssessmentResult(ctx context.Context, in *AssessmentResult, opts ...grpc.CallOption) (*emptypb.Empty, error)
}
type evaluationClient struct {
cc grpc.ClientConnInterface
}
func NewEvaluationClient(cc grpc.ClientConnInterface) EvaluationClient {
return &evaluationClient{cc}
}
func (c *evaluationClient) AddAssessmentResult(ctx context.Context, in *AssessmentResult, opts ...grpc.CallOption) (*emptypb.Empty, error) {
out := new(emptypb.Empty)
err := c.cc.Invoke(ctx, "/cce.Evaluation/AddAssessmentResult", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// EvaluationServer is the server API for Evaluation service.
// All implementations must embed UnimplementedEvaluationServer
// for forward compatibility
type EvaluationServer interface {
AddAssessmentResult(context.Context, *AssessmentResult) (*emptypb.Empty, error)
mustEmbedUnimplementedEvaluationServer()
}
// UnimplementedEvaluationServer must be embedded to have forward compatible implementations.
type UnimplementedEvaluationServer struct {
}
func (UnimplementedEvaluationServer) AddAssessmentResult(context.Context, *AssessmentResult) (*emptypb.Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method AddAssessmentResult not implemented")
}
func (UnimplementedEvaluationServer) mustEmbedUnimplementedEvaluationServer() {}
// UnsafeEvaluationServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to EvaluationServer will
// result in compilation errors.
type UnsafeEvaluationServer interface {
mustEmbedUnimplementedEvaluationServer()
}
func RegisterEvaluationServer(s grpc.ServiceRegistrar, srv EvaluationServer) {
s.RegisterService(&Evaluation_ServiceDesc, srv)
}
func _Evaluation_AddAssessmentResult_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(AssessmentResult)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(EvaluationServer).AddAssessmentResult(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/cce.Evaluation/AddAssessmentResult",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(EvaluationServer).AddAssessmentResult(ctx, req.(*AssessmentResult))
}
return interceptor(ctx, in, info, handler)
}
// Evaluation_ServiceDesc is the grpc.ServiceDesc for Evaluation service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var Evaluation_ServiceDesc = grpc.ServiceDesc{
ServiceName: "cce.Evaluation",
HandlerType: (*EvaluationServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "AddAssessmentResult",
Handler: _Evaluation_AddAssessmentResult_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "assessment_result.proto",
}
api/evaluation/metric_conf.pb.go 0 → 100644
+ 173
0
View file @ f96bcdb0
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.28.0
// protoc v3.19.4
// source: metric_conf.proto
package evaluation
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
structpb "google.golang.org/protobuf/types/known/structpb"
reflect "reflect"
sync "sync"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// Defines the operator and a target value for an individual metric
type MetricConfiguration struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
// The operator to compare the metric, such as == or >
Operator string `protobuf:"bytes,1,opt,name=operator,proto3" json:"operator,omitempty"`
// The target value
TargetValue *structpb.Value `protobuf:"bytes,2,opt,name=target_value,json=targetValue,proto3" json:"target_value,omitempty"`
// Whether this configuration is a default configuration
IsDefault bool `protobuf:"varint,3,opt,name=is_default,json=isDefault,proto3" json:"is_default,omitempty"`
}
func (x *MetricConfiguration) Reset() {
*x = MetricConfiguration{}
if protoimpl.UnsafeEnabled {
mi := &file_metric_conf_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *MetricConfiguration) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MetricConfiguration) ProtoMessage() {}
func (x *MetricConfiguration) ProtoReflect() protoreflect.Message {
mi := &file_metric_conf_proto_msgTypes[0]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MetricConfiguration.ProtoReflect.Descriptor instead.
func (*MetricConfiguration) Descriptor() ([]byte, []int) {
return file_metric_conf_proto_rawDescGZIP(), []int{0}
}
func (x *MetricConfiguration) GetOperator() string {
if x != nil {
return x.Operator
}
return ""
}
func (x *MetricConfiguration) GetTargetValue() *structpb.Value {
if x != nil {
return x.TargetValue
}
return nil
}
func (x *MetricConfiguration) GetIsDefault() bool {
if x != nil {
return x.IsDefault
}
return false
}
var File_metric_conf_proto protoreflect.FileDescriptor
var file_metric_conf_proto_rawDesc = []byte{
0x0a, 0x11, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x12, 0x03, 0x63, 0x63, 0x65, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74,
0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8b, 0x01, 0x0a, 0x13, 0x4d, 0x65, 0x74, 0x72, 0x69,
0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a,
0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x39, 0x0a, 0x0c, 0x74, 0x61,
0x72, 0x67, 0x65, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74,
0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x73, 0x5f, 0x64, 0x65, 0x66, 0x61,
0x75, 0x6c, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x44, 0x65, 0x66,
0x61, 0x75, 0x6c, 0x74, 0x42, 0x10, 0x5a, 0x0e, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x76, 0x61, 0x6c,
0x75, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
file_metric_conf_proto_rawDescOnce sync.Once
file_metric_conf_proto_rawDescData = file_metric_conf_proto_rawDesc
)
func file_metric_conf_proto_rawDescGZIP() []byte {
file_metric_conf_proto_rawDescOnce.Do(func() {
file_metric_conf_proto_rawDescData = protoimpl.X.CompressGZIP(file_metric_conf_proto_rawDescData)
})
return file_metric_conf_proto_rawDescData
}
var file_metric_conf_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
var file_metric_conf_proto_goTypes = []interface{}{
(*MetricConfiguration)(nil), // 0: cce.MetricConfiguration
(*structpb.Value)(nil), // 1: google.protobuf.Value
}
var file_metric_conf_proto_depIdxs = []int32{
1, // 0: cce.MetricConfiguration.target_value:type_name -> google.protobuf.Value
1, // [1:1] is the sub-list for method output_type
1, // [1:1] is the sub-list for method input_type
1, // [1:1] is the sub-list for extension type_name
1, // [1:1] is the sub-list for extension extendee
0, // [0:1] is the sub-list for field type_name
}
func init() { file_metric_conf_proto_init() }
func file_metric_conf_proto_init() {
if File_metric_conf_proto != nil {
return
}
if !protoimpl.UnsafeEnabled {
file_metric_conf_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*MetricConfiguration); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_metric_conf_proto_rawDesc,
NumEnums: 0,
NumMessages: 1,
NumExtensions: 0,
NumServices: 0,
},
GoTypes: file_metric_conf_proto_goTypes,
DependencyIndexes: file_metric_conf_proto_depIdxs,
MessageInfos: file_metric_conf_proto_msgTypes,
}.Build()
File_metric_conf_proto = out.File
file_metric_conf_proto_rawDesc = nil
file_metric_conf_proto_goTypes = nil
file_metric_conf_proto_depIdxs = nil
}
cmd/orchestrator/metrics.json 0 → 100644
+ 156
0
View file @ f96bcdb0
[
{
"id": "ActivityLoggingEnabled",
"name": "Activity Logging: Enabled",
"description": "This metric is used to assess if activity logs are enabled for the cloud service/asset."
},
{
"id": "AnomalyDetectionEnabled",
"name": "Anomaly Detection: Enabled",
"description": "This metric describes whether Anomaly Detection is enabled"
},
{
"id": "ApplicationLoggingEnabled",
"name": "Application Logging: Enabled",
"description": "This metric is used to assess if Application logs are enabled for the cloud service/asset."
},
{
"id": "AtRestEncryptionEnabled",
"name": "Storage Encryption: Enabled",
"description": "This metric is used to assess if encryption at rest has been enabled on a cloud service / asset",
"scale": 1,
"allowedValues": {
"values": [
false,
true
]
}
},
{
"id": "AutomaticUpdatesEnabled",
"name": "Automatic Updates: Enabled",
"description": "This metric is used to assess if automatic updates are enabled for the cloud service/asset"
},
{
"id": "AutomaticUpdatesInterval",
"name": "Automatic Updates: Interval",
"description": "This metric is used to assess the update interval of automatic updates for the cloud service/asset"
},
{
"id": "BackupEnabled",
"name": "Backup: Enabled",
"description": "This metric is used to assess if backups are enabled for a cloud service/asset"
},
{
"id": "BackupEncryptionEnabled",
"name": "Backup Encryption: Enabled",
"description": "Check if data is backed up in encrypted, state-of-the-art form."
},
{
"id": "BackupRetentionSet",
"name": "Backup Retention",
"description": "This metric is used to assess the configured backup retention (days) on a cloud service/asset"
},
{
"id": "BootLoggingEnabled",
"name": "Boot Logging: Enabled",
"description": "This metric is used to assess if Boot logs are enabled for the cloud service/asset."
},
{
"id": "BootLoggingRetention",
"name": "Boot Logging: Retention",
"description": "This metric is used to assess the configured log retention (days) for Boot logs on a cloud service/asset"
},
{
"id": "JavaVersion",
"name": "Java Version",
"description": "This metric is used to assess the Java Runtime version used by the cloud service/asset"
},
{
"id": "L3FirewallEnabled",
"name": "L3 Firewall: Enabled",
"description": "This metric is used to assess if a service-level ACL has been enabled on a cloud service/asset"
},
{
"id": "MalwareProtectionEnabled",
"name": "Malware Protection: Enabled",
"description": "This metric is used to assess if the antimalware solution is enabled on the respective resource."
},
{
"id": "MalwareProtectionOutput",
"name": "Malware Protection Output",
"description": "This metric states whether automatic notifications are enabled (e.g. e-mail) about malware threats. This relates to EUCS’ definition of “continuous monitoring”."
},
{
"id": "NumberOfThreatsFound",
"name": "Number of threats found",
"description": "This metric is used to assess if the antimalware solution reports no irregularities."
},
{
"id": "OSLoggingEnabled",
"name": "OS Logging: Enabled",
"description": "This metric is used to assess if OS logs are enabled for the cloud service/asset."
},
{
"id": "OSLoggingRetention",
"name": "OS Logging: Retention",
"description": "This metric is used to assess the configured log retention (days) for OS logs on a cloud service/asset"
},
{
"id": "PHPVersion",
"name": "PHP Version",
"description": "This metric is used to assess the PHP version used by the cloud service/asset"
},
{
"id": "PythonVersion",
"name": "Python Version",
"description": "This metric is used to assess the Python version used by the cloud service/asset"
},
{
"id": "TLSVersion",
"name": "TLS Version",
"description": "This metric is used to assess if state-of-the-art encryption protocols are used for traffic served from public networks."
},
{
"id": "TransportEncryptionEnabled",
"name": "Transport Encryption: Enabled",
"description": "This metric is used to assess if the cloud service/asset accepts encrypted connections",
"scale": 1,
"range": {
"allowedValues": {
"values": [
false,
true
]
}
},
"requirements_id": [
"CKM-02.2"
]
},
{
"id": "TransportEncryptionEnforced",
"name": "Transport Encryption: Enforced",
"description": "This metric is used to assess if the cloud service/asset enforces encrypted connections"
},
{
"id": "WebApplicationFirewallEnabled",
"name": "Web Application Firewall: Enabled",
"description": "This metric is used to assess if a cloud service/asset has enabled WAF functionalities"
},
{
"id": "TlsCipherSuites",
"name": "TLS Cipher Suites",
"description": "This metric is used to assess if state-of-the-art encryption protocols are used for traffic served from public networks."
},
{
"id": "TlsDHGroups",
"name": "TLS DH Groups",
"description": "This metric is used to assess if state-of-the-art encryption protocols are used for traffic served from public networks."
},
{
"id": "TlsSignatureAlgorithms",
"name": "TLS Signature Algorithms",
"description": "This metric is used to assess if state-of-the-art encryption protocols are used for traffic served from public networks."
}
]
cmd/orchestrator/orchestrator.go 0 → 100644
+ 1209
0
View file @ f96bcdb0
This diff is collapsed.
go.mod 0 → 100644
+ 59
0
View file @ f96bcdb0
module orchestrator
go 1.18
require (
clouditor.io/clouditor v1.4.15
github.com/deepmap/oapi-codegen v1.11.0
github.com/getkin/kin-openapi v0.94.0
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
github.com/labstack/echo/v4 v4.7.2
github.com/oxisto/oauth2go v0.5.12
github.com/sirupsen/logrus v1.8.1
golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
google.golang.org/grpc v1.46.2
google.golang.org/protobuf v1.28.0
)
require (
cloud.google.com/go/compute v1.6.1 // indirect
github.com/MicahParks/keyfunc v1.1.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/swag v0.21.1 // indirect
github.com/golang-jwt/jwt/v4 v4.4.1 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.10.2 // indirect
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
github.com/jackc/pgconn v1.12.1 // indirect
github.com/jackc/pgio v1.0.0 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgproto3/v2 v2.3.0 // indirect
github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
github.com/jackc/pgtype v1.11.0 // indirect
github.com/jackc/pgx/v4 v4.16.1 // indirect
github.com/jinzhu/inflection v1.0.0 // indirect
github.com/jinzhu/now v1.1.5 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/labstack/gommon v0.3.1 // indirect
github.com/logrusorgru/aurora/v3 v3.0.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mattn/go-sqlite3 v1.14.12 // indirect
github.com/srikrsna/protoc-gen-gotag v0.6.2 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/valyala/fasttemplate v1.2.1 // indirect
golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9 // indirect
golang.org/x/exp v0.0.0-20220428152302-39d4317da171 // indirect
golang.org/x/net v0.0.0-20220513224357-95641704303c // indirect
golang.org/x/sys v0.0.0-20220513210249-45d2b4557a2a // indirect
golang.org/x/text v0.3.7 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gorm.io/driver/postgres v1.3.5 // indirect
gorm.io/driver/sqlite v1.3.2 // indirect
gorm.io/gorm v1.23.5 // indirect
)
go.sum 0 → 100644
+ 921
0
View file @ f96bcdb0
This diff is collapsed.
metrics.json 0 → 100644
+ 327
0
View file @ f96bcdb0
{
"metrics": [
{
"id": "ActivityLoggingEnabled",
"name": "ActivityLoggingEnabled",
"description": "This metric is used to assess if activity logs are enabled for the cloud service/asset.",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "AnomalyDetectionEnabled",
"name": "AnomalyDetectionEnabled",
"description": "This metric is used to assess if Anomaly Detection is enabled for the cloud service/asset",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "ApplicationLoggingEnabled",
"name": "ApplicationLoggingEnabled",
"description": "This metric is used to assess if Application logs are enabled for the cloud service/asset.",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "AutomaticUpdatesEnabled",
"name": "AutomaticUpdatesEnabled",
"description": "This metric is used to assess if automatic updates are enabled for the cloud service/asset",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "AutomaticUpdatesInterval",
"name": "AutomaticUpdatesInterval",
"description": "This metric is used to assess the update interval of automatic updates for the cloud service/asset",
"category": "Operational Security",
"scale": "METRIC",
"range": {
"minMax": {
"min": "1",
"max": "365"
}
}
},
{
"id": "BackupEnabled",
"name": "BackupEnabled",
"description": "This metric is used to assess if backups are enabled for a cloud service/asset",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "BackupRetentionSet",
"name": "BackupRetentionSet",
"description": "This metric is used to assess the configured backup retention (days) on a cloud service/asset",
"category": "Operational Security",
"scale": "METRIC",
"range": {
"minMax": {
"min": "0",
"max": "99999999"
}
}
},
{
"id": "BootLoggingEnabled",
"name": "BootLoggingEnabled",
"description": "This metric is used to assess if Boot logs are enabled for the cloud service/asset.",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "BootLoggingRetention",
"name": "BootLoggingRetention",
"description": "This metric is used to assess the configured log retention (days) on a cloud service/asset",
"category": "Operational Security",
"scale": "METRIC",
"range": {
"minMax": {
"min": "0",
"max": "99"
}
}
},
{
"id": "JavaVersion",
"name": "JavaVersion",
"description": "This metric is used to assess the Java Runtime version used by the cloud service/asset",
"category": "Operational Security",
"scale": "NOMINAL",
"range": {
"order": {
"values": [
"< 11",
"11"
]
}
}
},
{
"id": "L3FirewallEnabled",
"name": "L3FirewallEnabled",
"description": "This metric is used to assess if a service-level ACL has been enabled on a cloud service/asset",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "MalwareProtectionEnabled",
"name": "MalwareProtectionEnabled",
"description": "This metric is used to assess if the antimalware solution is enabled on the respective resource.",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "MalwareProtectionOutput",
"name": "MalwareProtectionOutput",
"description": "This metric states whether automatic notifications are enabled (e.g. e-mail) about malware threats. This relates to EUCS’ definition of “continuous monitoring”.",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "NumberOfThreatsFound",
"name": "NumberOfThreatsFound",
"description": "This metric is used to assess if the antimalware solution reports no irregularities.",
"category": "Operational Security",
"scale": "METRIC",
"range": {
"minMax": {
"min": "0",
"max": "99999999"
}
}
},
{
"id": "OSLoggingEnabled",
"name": "OSLoggingEnabled",
"description": "This metric is used to assess if OS logs are enabled for the cloud service/asset.",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "OSLoggingRetention",
"name": "OSLoggingRetention",
"description": "This metric is used to assess the configured log retention (days) on a cloud service/asset",
"category": "Operational Security",
"scale": "METRIC",
"range": {
"minMax": {
"min": "0",
"max": "99"
}
}
},
{
"id": "PHPVersion",
"name": "PHPVersion",
"description": "This metric is used to assess the PHP version used by the cloud service/asset",
"category": "Operational Security",
"scale": "NOMINAL",
"range": {
"order": {
"values": [
"< 7.4",
"7.4"
]
}
}
},
{
"id": "PythonVersion",
"name": "PythonVersion",
"description": "This metric is used to assess the Python version used by the cloud service/asset",
"category": "Operational Security",
"scale": "NOMINAL",
"range": {
"order": {
"values": [
"< 3.8",
"3.8"
]
}
}
},
{
"id": "TLSVersion",
"name": "TLSVersion",
"description": "This metric is used to assess if state-of-the-art encryption protocols are used for traffic served from public networks.",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
"1.0",
"1.1",
"1.2",
"1.3"
]
}
}
},
{
"id": "TransportEncryptionEnabled",
"name": "TransportEncryptionEnabled",
"description": "This metric is used to assess if the cloud service/asset accepts encrypted connections",
"category": "Cryptography and key management",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "TransportEncryptionEnforced",
"name": "TransportEncryptionEnforced",
"description": "This metric is used to assess if the cloud service/asset enforces encrypted connections ",
"category": "Cryptography and key management",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
},
{
"id": "WebApplicationFirewallEnabled",
"name": "WebApplicationFirewallEnabled",
"description": "This metric is used to assess if a cloud service/asset has enabled WAF functionalities",
"category": "Operational Security",
"scale": "ORDINAL",
"range": {
"order": {
"values": [
false,
true
]
}
}
}
],
"nextPageToken": ""
}
policies/bundles/ActivityLoggingEnabled/data.json 0 → 100644
+ 4
0
View file @ f96bcdb0
{
"operator" : "==",
"target_value" : true
}
\ No newline at end of file
policies/bundles/ActivityLoggingEnabled/metric.rego 0 → 100644
+ 17
0
View file @ f96bcdb0
package clouditor.metrics.activity_logging_enabled
import data.clouditor.compare
default applicable = false
default compliant = false
enabled := input.activityLogging.enabled
applicable {
enabled != null
}
compliant {
compare(data.operator, data.target_value, enabled)
}
policies/bundles/AnomalyDetectionEnabled/data.json 0 → 100644
+ 4
0
View file @ f96bcdb0
{
"operator" : "==",
"target_value" : true
}
\ No newline at end of file
policies/bundles/AnomalyDetectionEnabled/metric.rego 0 → 100644
+ 17
0
View file @ f96bcdb0
package clouditor.metrics.anomaly_detection_enabled
import data.clouditor.compare
default applicable = false
default compliant = false
enabled := input.anomalyDetection.enabled
applicable {
enabled != null
}
compliant {
compare(data.operator, data.target_value, enabled)
}
policies/bundles/ApplicationLoggingEnabled/data.json 0 → 100644
+ 4
0
View file @ f96bcdb0
{
"operator" : "==",
"target_value" : true
}
\ No newline at end of file
policies/bundles/ApplicationLoggingEnabled/metric.rego 0 → 100644
+ 17
0
View file @ f96bcdb0
package clouditor.metrics.application_logging_enabled
import data.clouditor.compare
default applicable = false
default compliant = false
enabled := input.applicationLogging.enabled
applicable {
enabled != null
}
compliant {
compare(data.operator, data.target_value, enabled)
}
policies/bundles/AtRestEncryptionEnabled/data.json 0 → 100644
+ 4
0
View file @ f96bcdb0
{
"operator" : "==",
"target_value" : true
}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment