项目作者: inspec

项目描述 :
Resource pack containing helper functions for Google CIS PCI benchmarks.
高级语言: Ruby
项目地址: git://github.com/inspec/inspec-gcp-cis-pci.git
创建时间: 2020-04-17T08:35:28Z
项目社区:https://github.com/inspec/inspec-gcp-cis-pci

开源协议:Other

下载


InSpec GCP CIS PCI Helper Resource Pack

Resource pack containing helper functions for profiles using https://github.com/GoogleCloudPlatform/inspec-gcp-cis-benchmark.

Sample usage

Create a profile

For example, using InSpec e.g.

  1. inspec init profile myprofile --platform gcp

Update the inspec.yml file

This should be updated to point here instead of directly to the InSpec GCP resource pack:

  1. depends:
  2. - name: inspec-gcp-cis-pci
  3. url: https://github.com/inspec/inspec-gcp-cis-pci/archive/master.tar.gz

Use the helper functions

Now we could edit the controls to include lines such as:

  1. gcp_project_id = attribute('gcp_project_id')
  2. gke_cache = GKECache(project: gcp_project_id, gke_locations: ['us-central1-a'])
  3. p gke_cache.gke_clusters_cache
  4. gce_cache = GCECache(project: gcp_project_id, gce_zones: ['us-central1-a'])
  5. p gce_cache.gce_instances_cache

and directly use these methods in downstream profiles.

Other notes

This approach and much of the code in the helper resource originated because of the PR here: https://github.com/inspec/inspec-gcp/pull/245/files and the issue of helper modules with InSpec discussed https://github.com/inspec/inspec/issues/4948.