-
Notifications
You must be signed in to change notification settings - Fork 72
/
Copy pathmm-attributes.yml
547 lines (465 loc) · 13 KB
/
mm-attributes.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
ssl_policy:
name: 'inspec-gcp-ssl-policy'
min_tls_version: 'TLS_1_2'
profile: 'CUSTOM'
custom_feature: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384'
custom_feature2: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'
topic:
name: 'inspec-gcp-topic'
subscription:
name: 'inspec-gcp-subscription'
ack_deadline_seconds: 20
managed_zone:
name: 'inspec-gcp-managed-zone'
dns_name: 'my.domain.com.'
description: 'A test DNS zone'
label_key: key
label_value: 'value'
record_set:
name: 'backend.my.domain.com.'
type: 'A'
ttl: 300
rrdatas1: '8.8.8.8'
rrdatas2: '8.8.4.4'
instance_group_manager:
name: 'inspec-gcp-igm'
base_instance_name: 'igm'
named_port_name: 'port'
named_port_port: 80
autoscaler:
name: 'inspec-gcp-autoscaler'
max_replicas: 5
min_replicas: 1
cooldown_period: 60
cpu_utilization_target: 0.5
target_pool:
name: 'inspec-gcp-target-pool'
session_affinity: CLIENT_IP
trigger:
trigger_template_project: trigger-project
trigger_template_branch: trigger-branch
trigger_template_repo: trigger-repo
filename: cloudbuild.yaml
health_check:
name: inspec-gcp-health-check
timeout_sec: 10
check_interval_sec: 10
tcp_health_check_port: 80
backend_service:
name: inspec-gcp-backend-service
description: A description
port_name: http
protocol: HTTP
timeout_sec: 10
enable_cdn: true
region_backend_service_health_check:
name: inspec-gcp-region-health-check
timeout_sec: 15
check_interval_sec: 15
tcp_health_check_port: 81
region_backend_service:
name: inspec-gcp-region-backend-service
description: A regional description
protocol: TCP
timeout_sec: 15
http_health_check:
name: inspec-gcp-http-health-check
request_path: /health_check
timeout_sec: 20
check_interval_sec: 20
https_health_check:
name: inspec-gcp-https-health-check
request_path: /https_health_check
timeout_sec: 15
check_interval_sec: 15
unhealthy_threshold: 3
instance_template:
name: inspec-gcp-instance-template
description: A description of the instance template
instance_description: A description of the instance itself
machine_type: f1-micro
tag: foo
can_ip_forward: false
scheduling_automatic_restart: true
scheduling_on_host_maintenance: MIGRATE
disk_source_image: debian-cloud/debian-9
disk_auto_delete: true
disk_boot: true
network_interface_network: default
service_account_scope: storage-ro
global_address:
name: inspec-gcp-global-address
ip_version: IPV6
url_map:
name: inspec-gcp-url-map
description: URL map description
host_rule_host: site.com
path_matcher_name: allpaths
path_rule_path: /home
test_host: test.com
test_path: /home
http_proxy:
name: inspec-gcp-http-proxy
description: A HTTP proxy
global_forwarding_rule:
name: inspec-gcp-global-forwarding-rule
port_range: 80-80
target_tcp_proxy:
name: inspec-gcp-target-tcp-proxy
proxy_header: NONE
tcp_backend_service_name: gcp-inspec-tcp-backend-service
route:
name: inspec-gcp-route
dest_range: 15.0.0.0/24
next_hop_ip: 10.2.0.1
priority: 100
router:
name: inspec-gcp-router
bgp_asn: 64514
bgp_advertise_mode: CUSTOM
bgp_advertised_group: "ALL_SUBNETS"
bgp_advertised_ip_range1: "1.2.3.4"
bgp_advertised_ip_range2: "6.7.0.0/16"
snapshot:
name: inspec-gcp-disk-snapshot
disk_name: inspec-snapshot-disk
disk_type: pd-standard
disk_image: debian-cloud/debian-10-buster-v20191014
https_proxy:
name: inspec-gcp-https-proxy
description: A HTTPS target proxy
ssl_certificate:
name: inspec-gcp-ssl-certificate
description: A fake ssl certificate (DO NOT USE)
certificate: |
-----BEGIN CERTIFICATE-----
MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT
BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm
b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN
AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2
MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP
BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM
FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z
aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH
KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ
4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O
BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn
0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O
M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ
zqGNhIPGq2ULqXKK8BY=
-----END CERTIFICATE-----
private_key: |
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49
AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f
OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ==
-----END EC PRIVATE KEY-----
dataset:
dataset_id: inspec_gcp_dataset
friendly_name: A BigQuery dataset test
description: Test BigQuery dataset description
location: EU
default_table_expiration_ms: 3600000
access_writer_role: WRITER
access_writer_special_group: projectWriters
bigquery_table:
table_id: inspec_gcp_bigquery_table
description: A BigQuery table
expiration_time: 1738882264000
time_partitioning_type: DAY
repository:
name: inspec-gcp-repository
folder:
display_name: inspec-gcp-folder
cloudfunction:
name: inspec-gcp-function
description: A description of the function
available_memory_mb: 128
trigger_http: true
timeout: 60
entry_point: hello
env_var_value: val1
backend_bucket:
name: inspec-gcp-backend-bucket
description: Backend bucket example
enable_cdn: true
regional_node_pool:
name: inspec-gcp-regional-node-pool
cluster_name: inspec-gcp-regional-node-pool-cluster
node_count: 1
initial_node_count: 1
org_sink:
name: inspec-gcp-org-sink
filter: resource.type = gce_instance
standardappversion:
version_id: v2
service: default
runtime: nodejs10
entrypoint: "node ./app.js"
port: "8080"
ml_model:
name: ml_model
region: us-central1
description: My awesome ML model
online_prediction_logging: true
online_prediction_console_logging: true
dataproc_cluster:
name: inspec-dataproc-cluster
label_key: label
label_value: value
config:
master_config:
num_instances: 1
machine_type: n1-standard-1
boot_disk_type: pd-ssd
boot_disk_size_gb: 30
worker_config:
num_instances: 2
machine_type: n1-standard-1
boot_disk_size_gb: 40
num_local_ssds: 1
preemptible_worker_config:
num_instances: 0
software_config:
prop_key: "dataproc:dataproc.allow.zero.workers"
prop_value: "true"
gce_cluster_config:
tag: foo
folder_exclusion:
name: inspec-folder-exclusion
description: My folder exclusion description
filter: "resource.type = gce_instance AND severity <= DEBUG"
filestore_instance:
name: inspecgcp
zone: us-central1-b
tier: PREMIUM
fileshare_capacity_gb: 2660
fileshare_name: inspecgcp
network_name: default
network_mode: MODE_IPV4
folder_sink:
name: inspec-gcp-folder-sink
filter: resource.type = gce_instance AND severity >= ERROR
runtimeconfig_config:
name: inspec-gcp-runtime-config
description: My runtime configurations
runtimeconfig_variable:
name: prod-variables/hostname
text: example.com
redis:
name: my-redis-cache
tier: STANDARD_HA
memory_size_gb: 1
region: us-central1
location_id: us-central1-a
alternative_location_id: us-central1-f
redis_version: REDIS_3_2
display_name: InSpec test instance
reserved_ip_range: "192.168.0.0/29"
label_key: key
label_value: value
network_endpoint_group:
name: inspec-gcp-endpoint-group
default_port: 90
node_template:
name: inspec-node-template
label_key: key
label_value: value
node_group:
name: inspec-node-group
description: A description of the node group
size: 0
router_nat:
name: inspec-router-nat
nat_ip_allocate_option: AUTO_ONLY
source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
min_ports_per_vm: 2
log_config_enable: true
log_config_filter: ERRORS_ONLY
service:
name: maps-android-backend.googleapis.com
spannerinstance:
config: regional-us-east1
name: spinstance
display_name: inspectest
num_nodes: 1
label_key: env
label_value: test
spannerdatabase:
name: spdatabase
instance: spinstance
ddl: "CREATE TABLE test (test STRING(MAX),) PRIMARY KEY (test)"
scheduler_job:
# region must match where the appengine instance is deployed
region: us-central1
name: job-name
description: A description
schedule: "*/8 * * * *"
time_zone: America/New_York
http_method: POST
http_target_uri: https://example.com/ping
service_perimeter:
name: restrict_all
title: restrict_all
restricted_service: storage.googleapis.com
policy_title: policytitle
firewall:
name: inspec-gcp-firewall
source_tag: some-tag
address:
name: inspec-gcp-global-address
address_type: INTERNAL
address: "10.2.0.3"
instance_group:
name: inspec-instance-group
description: My instance group for testing
named_port_name: https
named_port_port: 8080
instance:
name: inspec-instance
machine_type: n1-standard-1
tag_1: foo
tag_2: bar
metadata_key: '123'
metadata_value: asdf
sa_scope: https://www.googleapis.com/auth/compute.readonly
startup_script: "echo hi > /test.txt"
network:
name: inspec-network
routing_mode: REGIONAL
subnetwork:
name: inspec-subnet
ip_cidr_range: "10.2.0.0/16"
log_interval: INTERVAL_10_MIN
log_sampling: .5
log_metadata: INCLUDE_ALL_METADATA
rigm:
name: inspec-rigm
base_instance_name: rigm1
target_size: 1
named_port_name: https
named_port_port: 8888
healing_delay: 300
vpn_tunnel:
name: inspec-vpn-tunnel
peer_ip: "15.0.0.120"
shared_secret: super secret
project_sink:
name: inspec-gcp-org-sink
filter: resource.type = gce_instance AND severity = DEBUG
project_exclusion:
name: inspec-project-exclusion
description: My project exclusion description
filter: resource.type = gce_instance AND severity <= DEBUG
alert_policy:
display_name: Display
combiner: OR
condition_display_name: condition
condition_filter: "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\""
condition_duration: 60s
condition_comparison: COMPARISON_GT
dns_managed_zone:
# managed zone dns_name must be randomly generated, so it happens in the other script
name: example-zone
description: example description
dnssec_config_state: 'on'
logging_metric:
name: some/metric
filter: 'resource.type=gae_app AND severity>=ERROR'
metric_kind: DELTA
value_type: INT64
compute_image:
name: inspec-image
source: https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-97.98-google-kvm-ubuntu-xenial-go_agent-raw-1557960142.tar.gz
security_policy:
name: sec-policy
action: deny(403)
priority: "1000"
ip_range: "9.9.9.0/24"
description: my description
memcache_instance:
name: mem-instance
accelerator_type:
name: accelerator_id
global_operation:
name: operation-1635274037755-5cf45e8217d56-c081cd9a-c3ea7346
operationType: "compute.externalVpnGateways.insert"
interconnect_location:
name: akl-zone1-1353
facility_provider_facility_id: 'Auckland - Albany'
facility_provider: Vocus
image_family_views:
zone: us-central1-c
name: image-1
source_type: RAW
status: READY
archive_size_bytes: 539099200
disk_size_gb: 3
family: test
license_code:
name: akl-zone1-1353
region_instance_group:
name: instance-group-2
region: us-central1
size: 1
named_port_name: 'port'
named_port_port: 80
region_operation:
name: operation-1641188435323-5d4a6f5b26934-9281422c-dce238f5
region: us-central1
operation_type: "compute.instanceGroupManagers.insert"
status: DONE
progress: 100
sql_database_flag:
name : audit_log
type : STRING
applies_to: MYSQL_5_6
allowed_string_values: ON
requires_restart: true
sql_connect:
region: us-central1
database_version: POSTGRES_13
backend_type: SECOND_GEN
cert_serial_number: 0
common_name: "test_gcp_1"
sha1_fingerprint: "80c5c611c0a591db967c7dda3467e23127288fed"
instance: test-pg
sql_operation:
name: e5c522f1-8391-4830-a8ff-ff1cc4a7b2a5
status: DONE
operation_type: CREATE
public_delegated_prefix:
name: test
region_health_check:
name: inspec-gcp-region-health-check
region: us-central1
timeout_sec: 10
check_interval_sec: 10
tcp_health_check_port: 80
dlp:
name: "i-inspec-gcp-dlp"
location: "us-east-2"
type: "INSPECT_JOB"
state: "ACTIVE"
inspectDetails:
requestedOptions:
snapshotInspectTemplate: ""
jobConfig:
storageConfig:
hybridOptions:
description: "test"
tableOptions: ""
description: "Description"
display_name: "Displayname"
job_attribute_name: "job_attribute-1"
job_trigger_status: "HEALTHY"
job_trigger_name: "name1"
job_trigger_display_name: "dp"
job_trigger_description: "description"
deidentify_templates:
name: "dlp-template-inspec"
location: "europe-west2"
type: "Infotype"
region_security_policy:
securitypolicy : "value_securitypolicy"