{ "info": { "author": "Joe Ceresini", "author_email": "", "bugtrack_url": null, "classifiers": [], "description": "# resource-policy-evaluation-library\n\nThe resource-policy-evaluation-library (rpe-lib) evaluates whether or not a given resource adheres to defined policies. It also attempts to remediate any policy violations.\n\n[![Build Status](https://api.travis-ci.org/forseti-security/resource-policy-evaluation-library.svg?branch=master)](https://travis-ci.org/forseti-security/resource-policy-evaluation-library/)\n[![PyPI version](https://badge.fury.io/py/rpe-lib.svg)](https://badge.fury.io/py/rpe-lib)\n\n---\n\n## Resources\n\nThe library works on `resources` and expects a fairly simple interface to any resource you wish to evaluate policy on. It expects an object with the following functions defined:\n\n```\nclass MyResource:\n\n # Returns the body of a given resource as a dictionary\n def get(self):\n pass\n\n # Takes a remediation spec and attempts to remediate a resource\n def remediate(self, remediation):\n pass\n\n # Returns the resource type as a string\n # Note: This should be a dotted-string that the engines will use to determine what policies are relevant\n type(self):\n pass\n```\n\nSome resources are provided with rpe-lib, and hopefully that will continue to grow, but it's not required that you use the provided resource classes.\n\n## Engines\n\nPolicy evaluation/enforcement is handled by the _policy engines_:\n\n### Open Policy Agent Engine\n\nThe OPA engine evaluates policy against resources using an [Open Policy Agent](https://www.openpolicyagent.org/) server. Policies need to be namespaced properly for the OPA Engine to locate them, and evaluate policy properly. Note: This won't work in cases where policy enforcement is more complicated that minor edits to the body of the resource. All remediation is implemented in OPA's policy language `Rego`.\n\nThe policies should be namespaced as `.policy.`. For example, the `micromanager.resources.gcp.GcpSqlInstance` resource has a type of `gcp.sqladmin.instances`, so a policy requiring backups to be enabled might be namespaced `gcp.sqladmin.instances.policy.backups`. The policy should implement the following rules:\n\n* `valid`: . Returns true if the provided resource adheres to the policy\n* `remediate`: . Returns the `input` resource altered to adhere to policy\n\nFor each resource.type() you also need to define a `policies` rule and a `violations` rule. This allows the OPA engine to query all violations for a given resource type in a single API call. These probably wont need to change, other than the package name, and look like this (again with the `micromanager.resources.gcp.GcpSqlInstance` example):\n\n```\npackage gcp.sqladmin.instances\n\npolicies [policy_name] {\n policy := data.gcp.sqladmin.instances.policy[policy_name]\n}\n\nviolations [policy_name] {\n policy := data.gcp.sqladmin.instances.policy[policy_name]\n policy.valid != true\n}\n```\n\n## Examples\n\n#### Using the OPA engine\n\nThis assumes you have the `opa` binary in your path\n\n```\n# First, start opa with our policies\nopa run --server ./policy/\n```\n\nNow we need to create an RPE instance with the opa engine configured to use the local OPA server:\n\n```\nfrom rpe import RPE\n\nconfig = {\n 'policy_engines': [\n {\n 'type': 'opa',\n 'url': 'http://localhost:8181/v1/data'\n }\n ]\n}\n\n# Create a resource object with details about the resource we want to evaluate\nres = Resource.factory(\n 'gcp',\n {\n 'resource_name':'my-sql-instance-name',\n 'project_id':'my-gcp-project',\n 'resource_type':'sqladmin.instances'\n },\n credentials=\n)\n\nrpe = RPE(config)\nviolations = rpe.violations(res)\n\nfor (engine, violation) in violations:\n print(engine, violation)\n engine.remediate(res, violation)\n```\n\n\n\n# Uses\n\n* [Forseti Real-time Enforcer](https://github.com/forseti-security/real-time-enforcer) - The Forseti Real-time enforcer uses rpe-lib for the evaluation and enforcement of policy for Google Cloud resources. It uses a Stackdriver log export to a Pub/Sub topic to trigger enforcement.", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/forseti-security/resource-policy-evaluation-library", "keywords": "gcp policy enforcement", "license": "Apache 2.0", "maintainer": "", "maintainer_email": "", "name": "rpe-lib", "package_url": "https://pypi.org/project/rpe-lib/", "platform": "", "project_url": "https://pypi.org/project/rpe-lib/", "project_urls": { "Homepage": "https://github.com/forseti-security/resource-policy-evaluation-library" }, "release_url": "https://pypi.org/project/rpe-lib/0.1.30/", "requires_dist": null, "requires_python": "", "summary": "A resource policy evaluation library", "version": "0.1.30" }, "last_serial": 5924731, "releases": { "0.0.0": [ { "comment_text": "", "digests": { "md5": "2bc7f103907c3c2c4f5ed5aa5c3ce6a9", "sha256": "b2f849f667d8852d61f4ab341ce27724a77f32e596f3d17c7aa6972496602a83" }, "downloads": -1, "filename": "rpe-lib-0.0.0.tar.gz", "has_sig": false, "md5_digest": "2bc7f103907c3c2c4f5ed5aa5c3ce6a9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6776, "upload_time": "2019-04-11T21:27:07", "url": "https://files.pythonhosted.org/packages/bc/71/d0f8206df7a53d2ec457615987e0bf75ffcdc88040280ade72861c05cd77/rpe-lib-0.0.0.tar.gz" } ], "0.1.14": [ { "comment_text": "", "digests": { "md5": "0eaec23a57f263756afced6dd100f2e1", "sha256": "92ed10bee86932b35caa2e3c9ee8d34b29db3e8eae16b5324702068d6f3a2fe5" }, "downloads": -1, "filename": "rpe-lib-0.1.14.tar.gz", "has_sig": false, "md5_digest": "0eaec23a57f263756afced6dd100f2e1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18329, "upload_time": "2019-04-23T17:01:10", "url": "https://files.pythonhosted.org/packages/1e/2e/cf927ee233d9bc074707800e50d43749799aecfdae0f8b4ff8c09e314f2d/rpe-lib-0.1.14.tar.gz" } ], "0.1.15": [ { "comment_text": "", "digests": { "md5": "694497830629c8a32824042c403b0d50", "sha256": "a1bf482146dde662b2e4c8798d7a935b26a1f00e02f3910ecad27bea94d1f6f0" }, "downloads": -1, "filename": "rpe-lib-0.1.15.tar.gz", "has_sig": false, "md5_digest": "694497830629c8a32824042c403b0d50", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19649, "upload_time": "2019-04-23T22:14:55", "url": "https://files.pythonhosted.org/packages/14/1e/7d124cbc9da340b9667a08627e8818557976ccbdb49bc93143e905676765/rpe-lib-0.1.15.tar.gz" } ], "0.1.16": [ { "comment_text": "", "digests": { "md5": "2ab2712332bc4fc230d8c98b3742cb4c", "sha256": "91770394e97eebf5b8c6f995424b4a515ae4e9ebda584f4de3bddcf3e94fab09" }, "downloads": -1, "filename": "rpe-lib-0.1.16.tar.gz", "has_sig": false, "md5_digest": "2ab2712332bc4fc230d8c98b3742cb4c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19147, "upload_time": "2019-05-07T15:17:57", "url": "https://files.pythonhosted.org/packages/ff/6b/2302c931bf5ef8450fd6a3b7d11942ca38d2648905a424e7d1b3de468567/rpe-lib-0.1.16.tar.gz" } ], "0.1.17": [ { "comment_text": "", "digests": { "md5": "bac12d315ab9356f121b15d7b700ff84", "sha256": "aa0cef44077bbaf0073fcf4d969234a178142c132a782cf7a4302364aa6d3c05" }, "downloads": -1, "filename": "rpe-lib-0.1.17.tar.gz", "has_sig": false, "md5_digest": "bac12d315ab9356f121b15d7b700ff84", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20057, "upload_time": "2019-05-21T16:05:35", "url": "https://files.pythonhosted.org/packages/76/91/7d2cb97b9c2621b1c1f3fa4ab19ffc31fc1a9ae330021b35b946d3688570/rpe-lib-0.1.17.tar.gz" } ], "0.1.18": [ { "comment_text": "", "digests": { "md5": "8b2c8a10f3d66a9906de19016d7d63ce", "sha256": "07aa1209e902b0c7e861d3f78eb3f25d05b2c5ce2ae8bf7992130a37cb4dac9a" }, "downloads": -1, "filename": "rpe-lib-0.1.18.tar.gz", "has_sig": false, "md5_digest": "8b2c8a10f3d66a9906de19016d7d63ce", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20733, "upload_time": "2019-05-23T16:52:32", "url": "https://files.pythonhosted.org/packages/76/40/4cd7abeee1eea2156cb7e44aeb7478e165bd3c7ff5ce5c3675dda78ebb45/rpe-lib-0.1.18.tar.gz" } ], "0.1.19": [ { "comment_text": "", "digests": { "md5": "70a9da40bf339db6f2e751f9313bc005", "sha256": "66960314739f41390d3832713c5ae51f866bb611dff1d68cd56d39ba77432b26" }, "downloads": -1, "filename": "rpe-lib-0.1.19.tar.gz", "has_sig": false, "md5_digest": "70a9da40bf339db6f2e751f9313bc005", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22568, "upload_time": "2019-07-15T18:31:26", "url": "https://files.pythonhosted.org/packages/af/82/949cd100d6589a984e153186eb3b7c8dd2a4871e9aea7a7d6c55dea5ca60/rpe-lib-0.1.19.tar.gz" } ], "0.1.20": [ { "comment_text": "", "digests": { "md5": "6e2f646f38c5a7d21609bbf94994146e", "sha256": "846ee12d192e91b9980c0293c17dc98e5166ca88547c3470548ba37a7c36e9f0" }, "downloads": -1, "filename": "rpe-lib-0.1.20.tar.gz", "has_sig": false, "md5_digest": "6e2f646f38c5a7d21609bbf94994146e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 29988, "upload_time": "2019-08-21T17:10:42", "url": "https://files.pythonhosted.org/packages/ac/7c/856ab047085bd41af1d4b0dad543f819db6a0647c46ce0f0e8f676efaa3f/rpe-lib-0.1.20.tar.gz" } ], "0.1.21": [ { "comment_text": "", "digests": { "md5": "4a594e85c3cbfcf8af96bdbc093a2be4", "sha256": "8b3dcc9e1c16558904a334a815a0aeeaf6d6fb7ea1e059b0a137f86697744c9e" }, "downloads": -1, "filename": "rpe-lib-0.1.21.tar.gz", "has_sig": false, "md5_digest": "4a594e85c3cbfcf8af96bdbc093a2be4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 31014, "upload_time": "2019-08-28T04:43:32", "url": "https://files.pythonhosted.org/packages/d2/f0/e49f8bfe689e917b8038891f101a9b8b372bf3dd686bd1b33b77a646f796/rpe-lib-0.1.21.tar.gz" } ], "0.1.22": [ { "comment_text": "", "digests": { "md5": "9da7b150f442c096e592831d0d881eb3", "sha256": "4135e6b29f8aec7e776e328a88cfb7234eb93048031036e26aa768c81583304a" }, "downloads": -1, "filename": "rpe-lib-0.1.22.tar.gz", "has_sig": false, "md5_digest": "9da7b150f442c096e592831d0d881eb3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 31975, "upload_time": "2019-09-11T17:14:29", "url": "https://files.pythonhosted.org/packages/65/07/b4c67feb497beeeeaa0cce3b14ef385947f311dc3143be6ef673661b2ebf/rpe-lib-0.1.22.tar.gz" } ], "0.1.23": [ { "comment_text": "", "digests": { "md5": "d0dc65c4db140a37af1f30fe9f52036f", "sha256": "e08eeb6448b38769172fd54c9210a0b92b2a691fe9bd0a8b8a9d2cea3f8a65d0" }, "downloads": -1, "filename": "rpe-lib-0.1.23.tar.gz", "has_sig": false, "md5_digest": "d0dc65c4db140a37af1f30fe9f52036f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 31976, "upload_time": "2019-09-11T17:19:20", "url": "https://files.pythonhosted.org/packages/d5/13/7744dbf93f7ab8bae085019bf76c2c67ea199dc331687ef4a67adc7a5751/rpe-lib-0.1.23.tar.gz" } ], "0.1.24": [ { "comment_text": "", "digests": { "md5": "b1c54392574b811742bc484c7ef2ce74", "sha256": "e9b70cf51f32dba95b51fe56525b61db831f9ff959ed3b3d61318c859c0d243e" }, "downloads": -1, "filename": "rpe-lib-0.1.24.tar.gz", "has_sig": false, "md5_digest": "b1c54392574b811742bc484c7ef2ce74", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 31979, "upload_time": "2019-09-11T18:01:57", "url": "https://files.pythonhosted.org/packages/8e/cc/657a6763913d9454fd8184060e81facf31376ed2cb0f61b66f13663f661b/rpe-lib-0.1.24.tar.gz" } ], "0.1.25": [ { "comment_text": "", "digests": { "md5": "0c0ad06c9d659588284381c3fc840021", "sha256": "252fe965ee9e61606645fe1023d5d0d7aefc5b2ef12fa83a02fc228a0fb077c8" }, "downloads": -1, "filename": "rpe-lib-0.1.25.tar.gz", "has_sig": false, "md5_digest": "0c0ad06c9d659588284381c3fc840021", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 32137, "upload_time": "2019-09-12T21:29:47", "url": "https://files.pythonhosted.org/packages/09/94/10176ce3bbf51c3e29d67785d3b26a377695a4cc39e7342f100c71c54f67/rpe-lib-0.1.25.tar.gz" } ], "0.1.26": [ { "comment_text": "", "digests": { "md5": "fd2329031fc1297b2e7e90b99bbe5e6e", "sha256": "3af1edd59d64a970aaa0a555229d9e3a64b9a22165b18054dcc01934b658aa99" }, "downloads": -1, "filename": "rpe-lib-0.1.26.tar.gz", "has_sig": false, "md5_digest": "fd2329031fc1297b2e7e90b99bbe5e6e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 32278, "upload_time": "2019-09-12T21:33:12", "url": "https://files.pythonhosted.org/packages/dc/c9/a1a27277d70b26c9e37bf50a173fbe6ab25ff42df050f1326705742ad87f/rpe-lib-0.1.26.tar.gz" } ], "0.1.27": [ { "comment_text": "", "digests": { "md5": "d68ab9bec72ddc45cf84af7c4655f80a", "sha256": "b5252eef3c2e2bc81eeabf9f9f8ae29a778fb33a3fa18e03465249fffac111b3" }, "downloads": -1, "filename": "rpe-lib-0.1.27.tar.gz", "has_sig": false, "md5_digest": "d68ab9bec72ddc45cf84af7c4655f80a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 32358, "upload_time": "2019-09-24T22:32:12", "url": "https://files.pythonhosted.org/packages/ee/00/502dcc549bbd8e4f91b5387fae995597546cf09d6cc7e62cc6c6017fd063/rpe-lib-0.1.27.tar.gz" } ], "0.1.28": [ { "comment_text": "", "digests": { "md5": "97639a510386b6feeb7ae3e0c0082e99", "sha256": "c61bcc29bdd5afac3ce73d55b286a75f593ad4de9eaa1269f4016e12ed843a00" }, "downloads": -1, "filename": "rpe-lib-0.1.28.tar.gz", "has_sig": false, "md5_digest": "97639a510386b6feeb7ae3e0c0082e99", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 31484, "upload_time": "2019-09-27T17:24:17", "url": "https://files.pythonhosted.org/packages/47/4c/b576590d3f803c52bb242c57a027de88afb160c51bb6e31e03c784496b40/rpe-lib-0.1.28.tar.gz" } ], "0.1.29": [ { "comment_text": "", "digests": { "md5": "7a663bbdd971785244041a261cfb19d4", "sha256": "7c6d040d3d1f1e9ebc54fd7d3f881576181b8e8d7052fdd91c18638ec267d0b8" }, "downloads": -1, "filename": "rpe-lib-0.1.29.tar.gz", "has_sig": false, "md5_digest": "7a663bbdd971785244041a261cfb19d4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 31477, "upload_time": "2019-09-27T19:29:17", "url": "https://files.pythonhosted.org/packages/c0/ca/2be1a8454d3dfe6ad76f4982776bde672e94ad62be8b4bcbf39693959014/rpe-lib-0.1.29.tar.gz" } ], "0.1.30": [ { "comment_text": "", "digests": { "md5": "5729c768781cc2e929604b95f7cc4d7f", "sha256": "eb803523a00bf8c8856a7ff668c5ebf490cffd74a8699182a1293596c666d247" }, "downloads": -1, "filename": "rpe-lib-0.1.30.tar.gz", "has_sig": false, "md5_digest": "5729c768781cc2e929604b95f7cc4d7f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 32469, "upload_time": "2019-10-03T18:36:22", "url": "https://files.pythonhosted.org/packages/5b/fe/3cc8899d0e7d26cf4ea10f039915fe75c357276c1234b9c5ecc94dec656a/rpe-lib-0.1.30.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "5729c768781cc2e929604b95f7cc4d7f", "sha256": "eb803523a00bf8c8856a7ff668c5ebf490cffd74a8699182a1293596c666d247" }, "downloads": -1, "filename": "rpe-lib-0.1.30.tar.gz", "has_sig": false, "md5_digest": "5729c768781cc2e929604b95f7cc4d7f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 32469, "upload_time": "2019-10-03T18:36:22", "url": "https://files.pythonhosted.org/packages/5b/fe/3cc8899d0e7d26cf4ea10f039915fe75c357276c1234b9c5ecc94dec656a/rpe-lib-0.1.30.tar.gz" } ] }