Sample Code
Sample Code
This code uses Google Cloud APIs to illustrate how you can ensure labeling on every persistent disk created for your project, applying principles from Chapter 11.
import googleapiclient.discovery import logging import base64 import json def set_datatype_label_as_pii(client, labels, fingerprint, project, zone, resource): # update current label set to include our specific key/value pair labels["datatype"] = "pii" # build request body for setLabels API label={ "labels": labels, "labelFingerprint": fingerprint } logging.warn("Adding datatype label to disk: "+resource) request = client.disks().setLabels(project=project, zone=zone, resource=resource, body=label) response = request.execute() def check_disk_label(event, context): """ On receipt of an GCE Disk audit log fragment (received via log sink + pub/sub), this function applies continuous compliance by confirming a "datatype" label has been applied with the value of "pii" or "no_pii". """ body = json.loads(base64.b64decode(event['data']).decode('utf-8')) if "resource" in body: disk_id = body["resource"]["labels"]["disk_id"] zone = body["resource"]["labels"]["zone"] project = body["resource"]["labels"]["project_id"] # build API to communicate with GCE service = googleapiclient.discovery.build('compute', 'v1') # request full disk information, including labels disk = service.disks().get(project=project, zone=zone, disk=disk_id).execute() # save labelFingerprint as we will need to provide them it to the API ...
Get A Practical Guide to Cloud Migration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.