github.com/commercetools/gcp-ssl-policy-asserter

	This project is no longer used.

⚠️ Deprecation and Archive Notice

This project is deprecated and it is not longer used, please consider using GCP FrontenConfig to enforce SSL policies on your GCP loadbalancers.

The information on the deprection can be found in this issue

This program asserts SSLPolicies for all HTTPSProxies in a Google load balancer project.

Configuration

Environment Variable	Function
SSL_POLICY_NAME	Given a name will assert a Policy with that name exists
GOOGLE_PROJECT	Google Project ID to manage HTTPSProxies for
GOOGLE_APPLICATION_CREDENTIALS	Path to Google Auth file. More info here
MIN_TLS_VERSION	Minimum TLS version (default TLS_1_2). Only supports the higher than TLS 1.1 version
SSL_PROFILE	SSL Profile type (default MODERN). Only supports the COMPATIBLE/MODERN/RESTRICTED

YAML Property	Function
ignoreProxies[]	If an HTTPSProxy uses a URLMap within this list the SSLPolicy will not be asserted

Build and Deploy

Refer to the Makefile. It has all the commands detailed and variables set.

To publish a new version you should only have to do:

make publish

Deployed via k8s-manifest. Chart is located here.

IAM Permissions

# sslPolicy permissions
compute.sslPolicies.create
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.use

#  httpsProxies
compute.targetHttpsProxies.list
compute.targetHttpsProxies.setSslPolicy

# operations (to view long running operation status)
# SSLPolicy creation is one of these, but it creates quickly.
# Could be useful for errors though.
compute.globalOperations.get
compute.globalOperations.list

# project permissions
resourcemanager.projects.get