Categorygithub.com/commercetools/gcp-ssl-policy-asserter
modulepackage
0.0.0-20230414144024-9920aa2a14b8
Repository: https://github.com/commercetools/gcp-ssl-policy-asserter.git
Documentation: pkg.go.dev

# README

This project is no longer used.

⚠️ Deprecation and Archive Notice

This project is deprecated and it is not longer used, please consider using GCP FrontenConfig to enforce SSL policies on your GCP loadbalancers.

The information on the deprection can be found in this issue

This program asserts SSLPolicies for all HTTPSProxies in a Google load balancer project.

Configuration

Environment VariableFunction
SSL_POLICY_NAMEGiven a name will assert a Policy with that name exists
GOOGLE_PROJECTGoogle Project ID to manage HTTPSProxies for
GOOGLE_APPLICATION_CREDENTIALSPath to Google Auth file. More info here
MIN_TLS_VERSIONMinimum TLS version (default TLS_1_2). Only supports the higher than TLS 1.1 version
SSL_PROFILESSL Profile type (default MODERN). Only supports the COMPATIBLE/MODERN/RESTRICTED
YAML PropertyFunction
ignoreProxies[]If an HTTPSProxy uses a URLMap within this list the SSLPolicy will not be asserted

Build and Deploy

Refer to the Makefile. It has all the commands detailed and variables set.

To publish a new version you should only have to do:

make publish

Deployed via k8s-manifest. Chart is located here.

IAM Permissions

# sslPolicy permissions
compute.sslPolicies.create
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.use

#  httpsProxies
compute.targetHttpsProxies.list
compute.targetHttpsProxies.setSslPolicy

# operations (to view long running operation status)
# SSLPolicy creation is one of these, but it creates quickly.
# Could be useful for errors though.
compute.globalOperations.get
compute.globalOperations.list

# project permissions
resourcemanager.projects.get

# Packages

No description provided by the author