devtools: add script for Cloud Armor

Add a script that displays our Cloud Armor policies and explains how to change them. Change-Id: I1e662bd91f886ae25288d114de120917c92ec40b Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/659896 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> kokoro-CI: kokoro <noreply+kokoro@google.com> Reviewed-by: Robert Findley <rfindley@google.com>
author: Jonathan Amsterdam <jba@google.com> 2025-03-21 10:21:21 -0400
committer: Jonathan Amsterdam <jba@google.com> 2025-03-21 13:50:54 -0700
commit: d037ac96d503b32fcdcb5f5efeefef10447c394e (patch)
tree: 376f4f4330ad790c41d684b72d005637c5a5f449
parent: 9685cd9cccb49c53773c2b8ab8f2a5e6de3a1c12 (diff)
download: go-x-pkgsite-d037ac96d503b32fcdcb5f5efeefef10447c394e.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/devtools/describe_cloud_armor.sh b/devtools/describe_cloud_armor.sh
new file mode 100755
index 00000000..fe85edb2
--- /dev/null
+++ b/devtools/describe_cloud_armor.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+# Display the state of the Cloud Armor rules for the prod frontend.
+
+echo 'Cloud Armor rule for prod. Note rateLimitOptions.'
+
+gcloud compute security-policies describe prod-frontend
+
+echo
+echo 'To modify:'
+echo '- Obtain the necessary permissions.'
+echo '- Visit https://console.google.com/net-security/securitypolicies/details/prod-frontend?project=$PROJECT&hl=en&tab=rules'
+echo '- Click Edit'
author	Jonathan Amsterdam <jba@google.com>	2025-03-21 10:21:21 -0400
committer	Jonathan Amsterdam <jba@google.com>	2025-03-21 13:50:54 -0700
commit	d037ac96d503b32fcdcb5f5efeefef10447c394e (patch)
tree	376f4f4330ad790c41d684b72d005637c5a5f449
parent	9685cd9cccb49c53773c2b8ab8f2a5e6de3a1c12 (diff)
download	go-x-pkgsite-d037ac96d503b32fcdcb5f5efeefef10447c394e.tar.xz