This page describes how to sync policies from the GCS to the Forseti Server.
The default behavior of Forseti is to sync the Policy Library from the Forseti Server GCS bucket.
To sync policies from GCS to the Forseti server, you will need to create the GCS folder.
Open the Forseti project in the Google Cloud Console
and go to Storage in the menu. The Forseti Server bucket will be named
forseti-server-{SUFFIX}
where {SUFFIX}
is a random 8 character suffix setup
at the time Forseti is deployed. Create a folder with the name policy-library
inside the Forseti Server bucket and make note of the suffix.
Assuming you have a local copy of your policy library repository, you can follow
these steps to copy them to GCS (replace {SUFFIX}
with the suffix noted above):
export FORSETI_BUCKET=forseti-server-{SUFFIX}
export POLICY_LIBRARY_PATH=path/to/local/policy-library
gsutil -m rsync -d -r ${POLICY_LIBRARY_PATH}/policies gs://${FORSETI_BUCKET}/policy-library/policies
gsutil -m rsync -d -r ${POLICY_LIBRARY_PATH}/lib gs://${FORSETI_BUCKET}/policy-library/lib
After this is done, Forseti will pick up the new policy library content in the next scanner run.