This repository has been archived by the owner on Jun 8, 2023. It is now read-only.
Releases: forseti-security/resource-policy-evaluation-library
Releases · forseti-security/resource-policy-evaluation-library
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
This release includes a number of breaking changes. It includes a redesign of the OPA Policy Engine policy format, and the GoogleAPIResource classes.
Policy Engine changes
- A dataclass has been added for evaluations
rpe.policy.Evaluations, which includes references to the poilcy engine and the resource. - Policy engines now have an
evaluate(resource)function which returns a list ofrpe.policy.Evaluations - Each evaluation has its own
remediate()function - An ABC was created for engines
rpe.engines.Engine
Open Policy Agent policy file changes
- The
validrule has been renamedcomplaint - The
valid/compliantno longer passes for exclusions - The
excludedrule has been added so we can now determine whether something is compliant separately from whether or not its excluded - All remediations use the remediation_spec instead of the older
updatesolution - All policies are in a single namespace, and define an
applies_tolist of resource types, checked against input.type for evaluations - A single entrypoint handles evaluations of applicable policies, by type
/v1/data/rpe/evaluate
Python policy engine changes
- It works now, I think
- It uses the new engine structure mentioned above
GoogleAPIResource changes
- A single class now retrieves both the resource metadata and the IAM policy where applicable
- The
GoogleAPIResource.factorymethod was replaced withGoogleAPIResource.from_resource_data - All resource types have been updated to use the format that Cloud Asset Inventory uses (our early custom resource types have been removed)